--- loncom/lonnet/perl/lonnet.pm	2003/03/14 19:35:54	1.340
+++ loncom/lonnet/perl/lonnet.pm	2003/03/22 02:13:08	1.344
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # TCP networking package
 #
-# $Id: lonnet.pm,v 1.340 2003/03/14 19:35:54 albertel Exp $
+# $Id: lonnet.pm,v 1.344 2003/03/22 02:13:08 www Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -588,6 +588,63 @@ sub idput {
     }
 }
 
+# --------------------------------------------------- Assign a key to a student
+
+sub assign_access_key {
+    my ($ckey,$cdom,$cnum,$udom,$uname)=@_;
+    $cdom=
+   $ENV{'course.'.$ENV{'request.course.id'}.'.domain'} unless (defined($cdom));
+    $cnum=
+   $ENV{'course.'.$ENV{'request.course.id'}.'.num'} unless (defined($cnum));
+    $udom=$ENV{'user.name'} unless (defined($udom));
+    $uname=$ENV{'user.domain'} unless (defined($uname));
+}
+
+# ------------------------------------------------------ Generate a set of keys
+
+sub generate_access_keys {
+    my ($number,$cdom,$cnum)=@_;
+    $cdom=
+   $ENV{'course.'.$ENV{'request.course.id'}.'.domain'} unless (defined($cdom));
+    $cnum=
+   $ENV{'course.'.$ENV{'request.course.id'}.'.num'} unless (defined($cnum));
+    unless (($cdom) && ($cnum)) { return 0; }
+    if ($number>10000) { return 0; }
+    sleep(2); # make sure don't get same seed twice
+    srand(time()^($$+($$<<15))); # from "Programming Perl"
+    my $total=0;
+    for (my $i=1;$i<=$number;$i++) {
+       my $newkey=sprintf("%lx",int(100000*rand)).'-'.
+                  sprintf("%lx",int(100000*rand)).'-'.
+                  sprintf("%lx",int(100000*rand));
+       $newkey=~s/1/g/g; # folks mix up 1 and l
+       $newkey=~s/0/h/g; # and also 0 and O
+       my %existing=&get('accesskeys',[$newkey],$cdom,$cnum);
+       if ($existing{$newkey}) {
+           $i--;
+       } else {
+	  if (&put('accesskeys',{ $newkey => time() },$cdom,$cnum) eq 'ok') {
+              $total++;
+	  }
+       }
+    }
+    &log($ENV{'user.domain'},$ENV{'user.name'},$ENV{'user.home'},
+         'Generated '.$total.' keys for '.$cnum.' at '.$cdom);
+    return $total;
+}
+
+# ------------------------------------------------------- Validate an accesskey
+
+sub validate_access_key {
+    my ($ckey,$cdom,$cnum,$udom,$uname)=@_;
+    $cdom=
+   $ENV{'course.'.$ENV{'request.course.id'}.'.domain'} unless (defined($cdom));
+    $cnum=
+   $ENV{'course.'.$ENV{'request.course.id'}.'.num'} unless (defined($cnum));
+    $udom=$ENV{'user.name'} unless (defined($udom));
+    $uname=$ENV{'user.domain'} unless (defined($uname));
+}
+
 # ------------------------------------- Find the section of student in a course
 
 sub getsection {
@@ -1870,6 +1927,37 @@ sub eget {
    return %returnhash;
 }
 
+# ---------------------------------------------- Custom access rule evaluation
+
+sub customaccess {
+    my ($priv,$uri)=@_;
+    my ($urole,$urealm)=split(/\./,$ENV{'request.role'});
+    $urealm=~s/^\W//;
+    my ($udom,$ucrs,$usec)=split(/\//,$urealm);
+    my $access=0;
+    foreach (split(/\s*\,\s*/,&metadata($uri,'rule_rights'))) {
+	my ($effect,$realm,$role)=split(/\:/,$_);
+        if ($role) {
+	   if ($role ne $urole) { next; }
+        }
+        foreach (split(/\s*\,\s*/,$realm)) {
+            my ($tdom,$tcrs,$tsec)=split(/\_/,$_);
+            if ($tdom) {
+		if ($tdom ne $udom) { next; }
+            }
+            if ($tcrs) {
+		if ($tcrs ne $ucrs) { next; }
+            }
+            if ($tsec) {
+		if ($tsec ne $usec) { next; }
+            }
+            $access=($effect eq 'allow');
+            last;
+        }
+    }
+    return $access;
+}
+
 # ------------------------------------------------- Check for a user privilege
 
 sub allowed {
@@ -1908,6 +1996,9 @@ sub allowed {
             # Library role, so allow browsing of resources in this domain.
             return 'F';
         }
+        if ($copyright eq 'custom') {
+	    unless (&customaccess($priv,$uri)) { return ''; }
+        }
     }
     # Domain coordinator is trying to create a course
     if (($priv eq 'ccc') && ($ENV{'request.role'} =~ /^dc\./)) {
@@ -2125,20 +2216,10 @@ sub allowed {
 
    if ($thisallowed=~/R/) {
        my $rolecode=(split(/\./,$ENV{'request.role'}))[0];
-       my $filename=$perlvar{'lonDocRoot'}.'/res/'.$uri.'.meta';
-       if (-e $filename) {
-           my @content;
-           {
-	     my $fh=Apache::File->new($filename);
-             @content=<$fh>;
-	   }
-           if (join('',@content)=~
-                    /\<roledeny[^\>]*\>[^\<]*$rolecode[^\<]*\<\/roledeny\>/) {
-	       &log($ENV{'user.domain'},$ENV{'user.name'},$ENV{'user.host'},
+       if (&metadata($uri,'roledeny')=~/$rolecode/) {
+	  &log($ENV{'user.domain'},$ENV{'user.name'},$ENV{'user.host'},
                     'Denied by role: '.$priv.' for '.$uri.' as '.$rolecode);
-           return '';
-
-           }
+          return '';
        }
    }