--- loncom/lonnet/perl/lonnet.pm 2005/07/13 20:30:20 1.645
+++ loncom/lonnet/perl/lonnet.pm 2005/11/15 22:02:58 1.679
@@ -1,7 +1,7 @@
# The LearningOnline Network
# TCP networking package
#
-# $Id: lonnet.pm,v 1.645 2005/07/13 20:30:20 raeburn Exp $
+# $Id: lonnet.pm,v 1.679 2005/11/15 22:02:58 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -37,7 +37,7 @@ use HTTP::Date;
use vars
qw(%perlvar %hostname %badServerCache %iphost %spareid %hostdom
%libserv %pr %prp $memcache %packagetab
- %courselogs %accesshash %userrolehash $processmarker $dumpcount
+ %courselogs %accesshash %userrolehash %domainrolehash $processmarker $dumpcount
%coursedombuf %coursenumbuf %coursehombuf %coursedescrbuf %courseinstcodebuf %courseownerbuf
%domaindescription %domain_auth_def %domain_auth_arg_def
%domain_lang_def %domain_city %domain_longi %domain_lati $tmpdir $_64bit
@@ -49,10 +49,11 @@ use Apache::Constants qw(:common :http);
use HTML::LCParser;
use HTML::Parser;
use Fcntl qw(:flock);
-use Apache::lonlocal;
use Storable qw(lock_store lock_nstore lock_retrieve freeze thaw nfreeze);
use Time::HiRes qw( gettimeofday tv_interval );
use Cache::Memcached;
+use Digest::MD5;
+
my $readit;
my $max_connection_retries = 10; # Or some such value.
@@ -166,7 +167,7 @@ sub reply {
unless (defined($hostname{$server})) { return 'no_such_host'; }
my $answer=subreply($cmd,$server);
if (($answer=~/^refused/) || ($answer=~/^rejected/)) {
- &logthis("<font color=blue>WARNING:".
+ &logthis("<font color=\"blue\">WARNING:".
" $cmd to $server returned $answer</font>");
}
return $answer;
@@ -190,14 +191,14 @@ sub reconlonc {
sleep 5;
if (-e "$peerfile") { return; }
&logthis(
- "<font color=blue>WARNING: $peerfile still not there, giving up</font>");
+ "<font color=\"blue\">WARNING: $peerfile still not there, giving up</font>");
} else {
&logthis(
- "<font color=blue>WARNING:".
+ "<font color=\"blue\">WARNING:".
" lonc at pid $loncpid not responding, giving up</font>");
}
} else {
- &logthis('<font color=blue>WARNING: lonc not running, giving up</font>');
+ &logthis('<font color="blue">WARNING: lonc not running, giving up</font>');
}
}
@@ -206,7 +207,7 @@ sub reconlonc {
sub critical {
my ($cmd,$server)=@_;
unless ($hostname{$server}) {
- &logthis("<font color=blue>WARNING:".
+ &logthis("<font color=\"blue\">WARNING:".
" Critical message to unknown server ($server)</font>");
return 'no_such_host';
}
@@ -240,12 +241,12 @@ sub critical {
}
chomp($wcmd);
if ($wcmd eq $cmd) {
- &logthis("<font color=blue>WARNING: ".
+ &logthis("<font color=\"blue\">WARNING: ".
"Connection buffer $dfilename: $cmd</font>");
&logperm("D:$server:$cmd");
return 'con_delayed';
} else {
- &logthis("<font color=red>CRITICAL:"
+ &logthis("<font color=\"red\">CRITICAL:"
." Critical connection failed: $server $cmd</font>");
&logperm("F:$server:$cmd");
return 'con_failed';
@@ -290,7 +291,7 @@ sub appenv {
my %newenv=@_;
foreach (keys %newenv) {
if (($newenv{$_}=~/^user\.role/) || ($newenv{$_}=~/^user\.priv/)) {
- &logthis("<font color=blue>WARNING: ".
+ &logthis("<font color=\"blue\">WARNING: ".
"Attempt to modify environment ".$_." to ".$newenv{$_}
.'</font>');
delete($newenv{$_});
@@ -304,7 +305,7 @@ sub appenv {
return 'error: '.$!;
}
unless (flock($lockfh,LOCK_EX)) {
- &logthis("<font color=blue>WARNING: ".
+ &logthis("<font color=\"blue\">WARNING: ".
'Could not obtain exclusive lock in appenv: '.$!);
close($lockfh);
return 'error: '.$!;
@@ -349,7 +350,7 @@ sub delenv {
my $delthis=shift;
my %newenv=();
if (($delthis=~/user\.role/) || ($delthis=~/user\.priv/)) {
- &logthis("<font color=blue>WARNING: ".
+ &logthis("<font color=\"blue\">WARNING: ".
"Attempt to delete from environment ".$delthis);
return 'error';
}
@@ -360,7 +361,7 @@ sub delenv {
return 'error';
}
unless (flock($fh,LOCK_SH)) {
- &logthis("<font color=blue>WARNING: ".
+ &logthis("<font color=\"blue\">WARNING: ".
'Could not obtain shared lock in delenv: '.$!);
close($fh);
return 'error: '.$!;
@@ -374,7 +375,7 @@ sub delenv {
return 'error';
}
unless (flock($fh,LOCK_EX)) {
- &logthis("<font color=blue>WARNING: ".
+ &logthis("<font color=\"blue\">WARNING: ".
'Could not obtain exclusive lock in delenv: '.$!);
close($fh);
return 'error: '.$!;
@@ -443,15 +444,15 @@ sub overloaderror {
# ------------------------------ Find server with least workload from spare.tab
sub spareserver {
- my ($loadpercent,$userloadpercent) = @_;
+ my ($loadpercent,$userloadpercent,$want_server_name) = @_;
my $tryserver;
my $spareserver='';
if ($userloadpercent !~ /\d/) { $userloadpercent=0; }
my $lowestserver=$loadpercent > $userloadpercent?
$loadpercent : $userloadpercent;
- foreach $tryserver (keys %spareid) {
- my $loadans=reply('load',$tryserver);
- my $userloadans=reply('userload',$tryserver);
+ foreach $tryserver (keys(%spareid)) {
+ my $loadans=&reply('load',$tryserver);
+ my $userloadans=&reply('userload',$tryserver);
if ($loadans !~ /\d/ && $userloadans !~ /\d/) {
next; #didn't get a number from the server
}
@@ -468,7 +469,11 @@ sub spareserver {
$answer = $userloadans;
}
if (($answer =~ /\d/) && ($answer<$lowestserver)) {
- $spareserver="http://$hostname{$tryserver}";
+ if ($want_server_name) {
+ $spareserver=$tryserver;
+ } else {
+ $spareserver="http://$hostname{$tryserver}";
+ }
$lowestserver=$answer;
}
}
@@ -767,6 +772,13 @@ sub validate_access_key {
}
# ------------------------------------- Find the section of student in a course
+sub devalidate_getsection_cache {
+ my ($udom,$unam,$courseid)=@_;
+ $courseid=~s/\_/\//g;
+ $courseid=~s/^(\w)/\/$1/;
+ my $hashid="$udom:$unam:$courseid";
+ &devalidate_cache_new('getsection',$hashid);
+}
sub getsection {
my ($udom,$unam,$courseid)=@_;
@@ -1053,7 +1065,7 @@ sub repcopy {
if ($response->is_error()) {
unlink($transname);
my $message=$response->status_line;
- &logthis("<font color=blue>WARNING:"
+ &logthis("<font color=\"blue\">WARNING:"
." LWP get: $message: $filename</font>");
return 'unavailable';
} else {
@@ -1063,7 +1075,7 @@ sub repcopy {
if ($mresponse->is_error()) {
unlink($filename.'.meta');
&logthis(
- "<font color=yellow>INFO: No metadata: $filename</font>");
+ "<font color=\"yellow\">INFO: No metadata: $filename</font>");
}
}
rename($transname,$filename);
@@ -1169,7 +1181,6 @@ sub process_coursefile {
$fetchresult= &reply('fetchuserfile:'.$docudom.'/'.$docuname.'/'.$file,
$home);
} else {
- my $fetchresult = '';
my $fpath = '';
my $fname = $file;
($fpath,$fname) = ($file =~ m|^(.*)/([^/]+)$|);
@@ -1302,7 +1313,7 @@ sub userfileupload {
if ($coursedoc) {
my $docuname=$env{'course.'.$env{'request.course.id'}.'.num'};
my $docudom=$env{'course.'.$env{'request.course.id'}.'.domain'};
- if ($env{'form.folder'} =~ m/^default/) {
+ if ($env{'form.folder'} =~ m/^(default|supplemental)/) {
return &finishuserfileupload($docuname,$docudom,
$formname,$fname,$parser,$allfiles,
$codebase);
@@ -1368,7 +1379,7 @@ sub finishuserfileupload {
}
sub extract_embedded_items {
- my ($filepath,$file,$allfiles,$codebase) = @_;
+ my ($filepath,$file,$allfiles,$codebase,$content) = @_;
my @state = ();
my %javafiles = (
codebase => '',
@@ -1379,11 +1390,19 @@ sub extract_embedded_items {
src => '',
movie => '',
);
- my $p = HTML::LCParser->new($filepath.'/'.$file);
+ my $p;
+ if ($content) {
+ $p = HTML::LCParser->new($content);
+ } else {
+ $p = HTML::LCParser->new($filepath.'/'.$file);
+ }
while (my $t=$p->get_token()) {
if ($t->[0] eq 'S') {
my ($tagname, $attr) = ($t->[1],$t->[2]);
push (@state, $tagname);
+ if (lc($tagname) eq 'allow') {
+ &add_filetype($allfiles,$attr->{'src'},'src');
+ }
if (lc($tagname) eq 'img') {
&add_filetype($allfiles,$attr->{'src'},'src');
}
@@ -1524,7 +1543,7 @@ sub flushcourselogs {
} else {
&logthis('Failed to flush log buffer for '.$crsid);
if (length($courselogs{$crsid})>40000) {
- &logthis("<font color=blue>WARNING: Buffer for ".$crsid.
+ &logthis("<font color=\"blue\">WARNING: Buffer for ".$crsid.
" exceeded maximum size, deleting.</font>");
delete $courselogs{$crsid};
}
@@ -1595,6 +1614,31 @@ sub flushcourselogs {
delete $userrolehash{$entry};
}
}
+#
+# Reverse lookup of domain roles (dc, ad, li, sc, au)
+#
+ my %domrolebuffer = ();
+ foreach my $entry (keys %domainrolehash) {
+ my ($role,$uname,$udom,$runame,$rudom,$rsec)=split/:/,$entry;
+ if ($domrolebuffer{$rudom}) {
+ $domrolebuffer{$rudom}.='&'.&escape($entry).
+ '='.&escape($domainrolehash{$entry});
+ } else {
+ $domrolebuffer{$rudom}.=&escape($entry).
+ '='.&escape($domainrolehash{$entry});
+ }
+ delete $domainrolehash{$entry};
+ }
+ foreach my $dom (keys(%domrolebuffer)) {
+ foreach my $tryserver (keys %libserv) {
+ if ($hostdom{$tryserver} eq $dom) {
+ unless (&reply('domroleput:'.$dom.':'.
+ $domrolebuffer{$dom},$tryserver) eq 'ok') {
+ &logthis('Put of domain roles failed for '.$dom.' and '.$tryserver);
+ }
+ }
+ }
+ }
$dumpcount++;
}
@@ -1628,7 +1672,7 @@ sub courseacclog {
my $fnsymb=shift;
unless ($env{'request.course.id'}) { return ''; }
my $what=$fnsymb.':'.$env{'user.name'}.':'.$env{'user.domain'};
- if ($fnsymb=~/(problem|exam|quiz|assess|survey|form|page)$/) {
+ if ($fnsymb=~/(problem|exam|quiz|assess|survey|form|task|page)$/) {
$what.=':POST';
# FIXME: Probably ought to escape things....
foreach (keys %env) {
@@ -1670,14 +1714,24 @@ sub linklog {
sub userrolelog {
my ($trole,$username,$domain,$area,$tstart,$tend)=@_;
- if (($trole=~/^ca/) || ($trole=~/^in/) ||
- ($trole=~/^cc/) || ($trole=~/^ep/) ||
- ($trole=~/^cr/) || ($trole=~/^ta/)) {
+ if (($trole=~/^ca/) || ($trole=~/^aa/) ||
+ ($trole=~/^in/) || ($trole=~/^cc/) ||
+ ($trole=~/^ep/) || ($trole=~/^cr/) ||
+ ($trole=~/^ta/)) {
my (undef,$rudom,$runame,$rsec)=split(/\//,$area);
$userrolehash
{$trole.':'.$username.':'.$domain.':'.$runame.':'.$rudom.':'.$rsec}
=$tend.':'.$tstart;
- }
+ }
+ if (($trole=~/^dc/) || ($trole=~/^ad/) ||
+ ($trole=~/^li/) || ($trole=~/^li/) ||
+ ($trole=~/^au/) || ($trole=~/^dg/) ||
+ ($trole=~/^sc/)) {
+ my (undef,$rudom,$runame,$rsec)=split(/\//,$area);
+ $domainrolehash
+ {$trole.':'.$username.':'.$domain.':'.$runame.':'.$rudom.':'.$rsec}
+ = $tend.':'.$tstart;
+ }
}
sub get_course_adv_roles {
@@ -1701,7 +1755,11 @@ sub get_course_adv_roles {
if ($username eq '' || $domain eq '') { next; }
if ((&privileged($username,$domain)) &&
(!$nothide{$username.':'.$domain})) { next; }
+ if ($role eq 'cr') { next; }
my $key=&plaintext($role);
+ if ($role =~ /^cr/) {
+ $key=(split('/',$role))[3];
+ }
if ($section) { $key.=' (Sec/Grp '.$section.')'; }
if ($returnhash{$key}) {
$returnhash{$key}.=','.$username.':'.$domain;
@@ -1792,7 +1850,65 @@ sub courseiddump {
return %returnhash;
}
-#
+# ---------------------------------------------------------- DC e-mail
+
+sub dcmailput {
+ my ($domain,$msgid,$contents,$server)=@_;
+ my $status = &Apache::lonnet::critical(
+ 'dcmailput:'.$domain.':'.&Apache::lonnet::escape($msgid).'='.
+ &Apache::lonnet::escape($$contents{$server}),$server);
+ return $status;
+}
+
+sub dcmaildump {
+ my ($dom,$startdate,$enddate,$senders) = @_;
+ my %returnhash=();
+ foreach my $tryserver (keys(%libserv)) {
+ if ($hostdom{$tryserver} eq $dom) {
+ %{$returnhash{$tryserver}}=();
+ my $cmd='dcmaildump:'.$dom.':'.
+ &escape($startdate).':'.&escape($enddate).':';
+ my @esc_senders=map { &escape($_)} @$senders;
+ $cmd.=&escape(join('&',@esc_senders));
+ foreach (split(/\&/,&reply($cmd,$tryserver))) {
+ my ($key,$value) = split(/\=/,$_);
+ if (($key) && ($value)) {
+ $returnhash{$tryserver}{&unescape($key)} = &unescape($value);
+ }
+ }
+ }
+ }
+ return %returnhash;
+}
+# ---------------------------------------------------------- Domain roles
+
+sub get_domain_roles {
+ my ($dom,$roles,$startdate,$enddate)=@_;
+ if (undef($startdate) || $startdate eq '') {
+ $startdate = '.';
+ }
+ if (undef($enddate) || $enddate eq '') {
+ $enddate = '.';
+ }
+ my $rolelist = join(':',@{$roles});
+ my %personnel = ();
+ foreach my $tryserver (keys(%libserv)) {
+ if ($hostdom{$tryserver} eq $dom) {
+ %{$personnel{$tryserver}}=();
+ foreach (
+ split(/\&/,&reply('domrolesdump:'.$dom.':'.
+ &escape($startdate).':'.&escape($enddate).':'.
+ &escape($rolelist), $tryserver))) {
+ my($key,$value) = split(/\=/,$_);
+ if (($key) && ($value)) {
+ $personnel{$tryserver}{&unescape($key)} = &unescape($value);
+ }
+ }
+ }
+ }
+ return %personnel;
+}
+
# ----------------------------------------------------------- Check out an item
sub get_first_access {
@@ -1838,7 +1954,7 @@ sub checkout {
$now.'&'.$ENV{'REMOTE_ADDR'});
my $token=&reply('tmpput:'.$infostr,$lonhost);
if ($token=~/^error\:/) {
- &logthis("<font color=blue>WARNING: ".
+ &logthis("<font color=\"blue\">WARNING: ".
"Checkout tmpput failed ".$tudom.' - '.$tuname.' - '.$symb.
"</font>");
return '';
@@ -1854,7 +1970,7 @@ sub checkout {
unless (&cstore(\%infohash,$symb,$tcrsid,$tudom,$tuname) eq 'ok') {
return '';
} else {
- &logthis("<font color=blue>WARNING: ".
+ &logthis("<font color=\"blue\">WARNING: ".
"Checkout cstore failed ".$tudom.' - '.$tuname.' - '.$symb.
"</font>");
}
@@ -1864,7 +1980,7 @@ sub checkout {
$token)) ne 'ok') {
return '';
} else {
- &logthis("<font color=blue>WARNING: ".
+ &logthis("<font color=\"blue\">WARNING: ".
"Checkout log failed ".$tudom.' - '.$tuname.' - '.$symb.
"</font>");
}
@@ -2459,19 +2575,28 @@ sub rolesinit {
my $rolesdump=reply("dump:$domain:$username:roles",$authhost);
if (($rolesdump eq 'con_lost') || ($rolesdump eq '')) { return ''; }
my %allroles=();
+ my %allgroups=();
my $now=time;
my $userroles="user.login.time=$now\n";
+ my $group_privs;
if ($rolesdump ne '') {
foreach (split(/&/,$rolesdump)) {
if ($_!~/^rolesdef_/) {
my ($area,$role)=split(/=/,$_);
$area=~s/\_\w\w$//;
-
- my ($trole,$tend,$tstart);
+ my ($trole,$tend,$tstart,$group_privs);
if ($role=~/^cr/) {
- ($trole,my $trest)=($role=~m|^(cr/\w+/\w+/[a-zA-Z0-9]+)_(.*)$|);
- ($tend,$tstart)=split('_',$trest);
+ if ($role=~m|^(cr/\w+/\w+/[a-zA-Z0-9]+)_(.*)$|) {
+ ($trole,my $trest)=($role=~m|^(cr/\w+/\w+/[a-zA-Z0-9]+)_(.*)$|);
+ ($tend,$tstart)=split('_',$trest);
+ } else {
+ $trole=$role;
+ }
+ } elsif ($role =~ m|^gr/|) {
+ ($trole,$tend,$tstart) = split(/_/,$role);
+ ($trole,$group_privs) = split(/\//,$trole);
+ $group_privs = &unescape($group_privs);
} else {
($trole,$tend,$tstart)=split(/_/,$role);
}
@@ -2483,13 +2608,15 @@ sub rolesinit {
my ($tdummy,$tdomain,$trest)=split(/\//,$area);
if ($trole =~ /^cr\//) {
&custom_roleprivs(\%allroles,$trole,$tdomain,$trest,$spec,$area);
+ } elsif ($trole eq 'gr') {
+ &group_roleprivs(\%allgroups,$area,$group_privs,$tend,$tstart);
} else {
&standard_roleprivs(\%allroles,$trole,$tdomain,$spec,$trest,$area);
}
}
- }
+ }
}
- my ($author,$adv) = &set_userprivs(\$userroles,\%allroles);
+ my ($author,$adv) = &set_userprivs(\$userroles,\%allroles,\%allgroups);
$userroles.='user.adv='.$adv."\n".
'user.author='.$author."\n";
$env{'user.adv'}=$adv;
@@ -2531,6 +2658,17 @@ sub custom_roleprivs {
}
}
+sub group_roleprivs {
+ my ($allgroups,$area,$group_privs,$tend,$tstart) = @_;
+ my $access = 1;
+ my $now = time;
+ if (($tend!=0) && ($tend<$now)) { $access = 0; }
+ if (($tstart!=0) && ($tstart>$now)) { $access=0; }
+ if ($access) {
+ my ($course,$group) = ($area =~ m|(/\w+/\w+)/([^/]+)$|);
+ $$allgroups{$course}{$group} .=':'.$group_privs;
+ }
+}
sub standard_roleprivs {
my ($allroles,$trole,$tdomain,$spec,$trest,$area) = @_;
@@ -2551,9 +2689,33 @@ sub standard_roleprivs {
}
sub set_userprivs {
- my ($userroles,$allroles) = @_;
+ my ($userroles,$allroles,$allgroups) = @_;
my $author=0;
my $adv=0;
+ my %grouproles = ();
+ my %groups_checked = ();
+ if (keys(%{$allgroups}) > 0) {
+ foreach my $role (keys %{$allroles}) {
+ my ($trole,$area);
+ if ($role =~ m|^(\w+)\.(/\w+/\w+)|) {
+ $trole = $1;
+ $area = $2;
+ unless ($groups_checked{$area}) {
+ $groups_checked{$area} = 1;
+ if (exists($$allgroups{$area})) {
+ foreach my $group (keys(%{$$allgroups{$area}})) {
+ my $spec = $trole.'.'.$area;
+ $grouproles{$spec.'.'.$area.'/'.$group} =
+ $$allgroups{$area}{$group};
+ }
+ }
+ }
+ }
+ }
+ }
+ foreach (keys(%grouproles)) {
+ $$allroles{$_} = $grouproles{$_};
+ }
foreach (keys %{$allroles}) {
my %thesepriv=();
if (($_=~/^au/) || ($_=~/^ca/)) { $author=1; }
@@ -2840,6 +3002,29 @@ sub eget {
return %returnhash;
}
+# ------------------------------------------------------------ tmpput interface
+sub tmpput {
+ my ($storehash,$server)=@_;
+ my $items='';
+ foreach (keys(%$storehash)) {
+ $items.=&escape($_).'='.&freeze_escape($$storehash{$_}).'&';
+ }
+ $items=~s/\&$//;
+ return &reply("tmpput:$items",$server);
+}
+
+# ------------------------------------------------------------ tmpget interface
+sub tmpget {
+ my ($token)=@_;
+ my $rep=&reply("tmpget:$token",$perlvar{'lonHostID'});
+ my %returnhash;
+ foreach my $item (split(/\&/,$rep)) {
+ my ($key,$value)=split(/=/,$item);
+ $returnhash{&unescape($key)}=&thaw_unescape($value);
+ }
+ return %returnhash;
+}
+
# ---------------------------------------------- Custom access rule evaluation
sub customaccess {
@@ -2882,8 +3067,6 @@ sub allowed {
my $orguri=$uri;
$uri=&declutter($uri);
-
-
if (defined($env{'allowed.'.$priv})) { return $env{'allowed.'.$priv}; }
# Free bre access to adm and meta resources
if (((($uri=~/^adm\//) && ($uri !~ m|/bulletinboard$|))
@@ -2893,7 +3076,7 @@ sub allowed {
# Free bre access to user's own portfolio contents
my ($space,$domain,$name,$dir)=split('/',$uri);
- if (($space=~/^(uploaded|ediupload)$/) && ($env{'user.name'} eq $name) &&
+ if (($space=~/^(uploaded|editupload)$/) && ($env{'user.name'} eq $name) &&
($env{'user.domain'} eq $domain) && ('portfolio' eq $dir)) {
return 'F';
}
@@ -2930,7 +3113,7 @@ sub allowed {
if (($priv eq 'ccc') && ($env{'request.role'} =~ /^dc\./)) {
# uri is the requested domain in this case.
# comparison to 'request.role.domain' shows if the user has selected
- # a role of dc for the domain in question.
+ # a role of dc for the domain in question.
return 'F' if ($uri eq $env{'request.role.domain'});
}
@@ -2961,15 +3144,38 @@ sub allowed {
$thisallowed.=$1;
}
-# URI is an uploaded document for this course
+# Group: uri itself is a group
+ my $groupuri=$uri;
+ $groupuri=~s/^([^\/])/\/$1/;
+ if ($env{'user.priv.'.$env{'request.role'}.'.'.$groupuri}
+ =~/\Q$priv\E\&([^\:]*)/) {
+ $thisallowed.=$1;
+ }
+
+# URI is an uploaded document for this course, default permissions don't matter
# not allowing 'edit' access (editupload) to uploaded course docs
if (($priv eq 'bre') && ($uri=~m|^uploaded/|)) {
- my $refuri=$env{'httpref.'.$orguri};
- if ($refuri) {
- if ($refuri =~ m|^/adm/|) {
- $thisallowed='F';
- }
- }
+ $thisallowed='';
+ my ($match)=&is_on_map($uri);
+ if ($match) {
+ if ($env{'user.priv.'.$env{'request.role'}.'./'}
+ =~/\Q$priv\E\&([^\:]*)/) {
+ $thisallowed.=$1;
+ }
+ } else {
+ my $refuri=$env{'httpref.'.$orguri};
+ if ($refuri) {
+ if ($refuri =~ m|^/adm/|) {
+ $thisallowed='F';
+ } else {
+ $refuri=&declutter($refuri);
+ my ($match) = &is_on_map($refuri);
+ if ($match) {
+ $thisallowed='F';
+ }
+ }
+ }
+ }
}
# Full access at system, domain or course-wide level? Exit.
@@ -3137,7 +3343,7 @@ sub allowed {
my $unamedom=$env{'user.name'}.':'.$env{'user.domain'};
if ($env{'course.'.$env{'request.course.id'}.'.'.$priv.'.roles.denied'}
=~/\Q$rolecode\E/) {
- &log($env{'user.domain'},$env{'user.name'},$env{'user.host'},
+ &logthis($env{'user.domain'}.':'.$env{'user.name'}.':'.$env{'user.home'}.':'.
'Denied by role: '.$priv.' for '.$uri.' as '.$rolecode.' in '.
$env{'request.course.id'});
return '';
@@ -3145,7 +3351,7 @@ sub allowed {
if ($env{'course.'.$env{'request.course.id'}.'.'.$priv.'.users.denied'}
=~/\Q$unamedom\E/) {
- &log($env{'user.domain'},$env{'user.name'},$env{'user.host'},
+ &logthis($env{'user.domain'}.':'.$env{'user.name'}.':'.$env{'user.home'}.
'Denied by user: '.$priv.' for '.$uri.' as '.$unamedom.' in '.
$env{'request.course.id'});
return '';
@@ -3157,8 +3363,8 @@ sub allowed {
if ($thisallowed=~/R/) {
my $rolecode=(split(/\./,$env{'request.role'}))[0];
if (&metadata($uri,'roledeny')=~/\Q$rolecode\E/) {
- &log($env{'user.domain'},$env{'user.name'},$env{'user.host'},
- 'Denied by role: '.$priv.' for '.$uri.' as '.$rolecode);
+ &logthis($env{'user.domain'}.':'.$env{'user.name'}.':'.$env{'user.home'}.':'.
+ 'Denied by role: '.$priv.' for '.$uri.' as '.$rolecode);
return '';
}
}
@@ -3185,8 +3391,7 @@ sub allowed {
# --------------------------------------------------- Is a resource on the map?
sub is_on_map {
- my $uri=&declutter(shift);
- $uri=~s/\.\d+\.(\w+)$/\.$1/;
+ my $uri=&deversion(&declutter(shift));
my @uriparts=split(/\//,$uri);
my $filename=$uriparts[$#uriparts];
my $pathname=$uri;
@@ -3497,11 +3702,54 @@ sub auto_instcode_format {
return $response;
}
+# ------------------------------------------------------- Course Group routines
+
+sub get_coursegroups {
+ my ($cdom,$cnum,$curr_groups,$group) = @_;
+ my $numgroups = 0;
+ %{$curr_groups} = &dump('coursegroups',$cdom,$cnum,$group);
+ my ($tmp)=keys(%{$curr_groups});
+ if ($tmp eq 'error: 2 tie(GDBM) Failed while attempting dump') {
+ my %emptyhash = ();
+ if (&put('coursegroups',\%emptyhash,$cdom,$cnum) eq 'ok') {
+ %{$curr_groups} = &dump('coursegroups',$cdom,$cnum,$group);
+ $tmp=keys(%{$curr_groups});
+ }
+ }
+ if ($tmp=~/^error:/) {
+ &logthis('Error retrieving groups: '.$tmp.' in '.$cnum.':'.$cdom);
+ } else {
+ my @groups = keys(%{$curr_groups});
+ $numgroups = @groups;
+ }
+ return $numgroups;
+}
+
+sub modify_coursegroup {
+ my ($cdom,$cnum,$groupsettings) = @_;
+ return(&put('coursegroups',$groupsettings,$cdom,$cnum));
+}
+
+sub modify_group_roles {
+ my ($cdom,$cnum,$group_id,$user,$end,$start,$userprivs) = @_;
+ my $url = '/'.$cdom.'/'.$cnum.'/'.$group_id;
+ my $role = 'gr/'.&escape($userprivs);
+ my ($uname,$udom) = split(/:/,$user);
+ my $result = &assignrole($udom,$uname,$url,$role,$end,$start);
+ return $result;
+}
+
+sub modify_coursegroup_membership {
+ my ($cdom,$cnum,$membership) = @_;
+ my $result = &put('groupmembership',$membership,$cdom,$cnum);
+ return $result;
+}
+
# ------------------------------------------------------------------ Plain Text
sub plaintext {
my $short=shift;
- return &mt($prp{$short});
+ return &Apache::lonlocal::mt($prp{$short});
}
# ----------------------------------------------------------------- Assign Role
@@ -3519,6 +3767,16 @@ sub assignrole {
return 'refused';
}
$mrole='cr';
+ } elsif ($role =~ /^gr\//) {
+ my $cwogrp=$url;
+ $cwogrp=~s/^\/(\w+)\/(\w+)\/.*/$1\/$2/;
+ unless (&allowed('mdg',$cwogrp)) {
+ &logthis('Refused group assignrole: '.
+ $udom.' '.$uname.' '.$url.' '.$role.' '.$end.' '.$start.' by '.
+ $env{'user.name'}.' at '.$env{'user.domain'});
+ return 'refused';
+ }
+ $mrole='gr';
} else {
my $cwosec=$url;
$cwosec=~s/^\/(\w+)\/(\w+)\/.*/$1\/$2/;
@@ -3556,7 +3814,7 @@ sub assignrole {
my $answer=&reply($command,&homeserver($uname,$udom));
# log new user role if status is ok
if ($answer eq 'ok') {
- &userrolelog($mrole,$uname,$udom,$url,$start,$end);
+ &userrolelog($role,$uname,$udom,$url,$start,$end);
}
return $answer;
}
@@ -3759,6 +4017,8 @@ sub modify_student_enrollment {
$cdom,$cnum);
unless (($reply eq 'ok') || ($reply eq 'delayed')) {
return 'error: '.$reply;
+ } else {
+ &devalidate_getsection_cache($udom,$uname,$cid);
}
# Add student role to user
my $uurl='/'.$cid;
@@ -3817,7 +4077,9 @@ sub createcourse {
return 'refused';
}
# ------------------------------------------------------------------- Create ID
- my $uname=substr($$.time,0,5).unpack("H8",pack("I32",time)).
+ my $uname=int(1+rand(9)).
+ ('a'..'z','A'..'Z','0'..'9')[int(rand(62))].
+ substr($$.time,0,5).unpack("H8",pack("I32",time)).
unpack("H2",pack("I32",int(rand(255)))).$perlvar{'lonHostID'};
# ----------------------------------------------- Make sure that does not exist
my $uhome=&homeserver($uname,$udom,'true');
@@ -4066,28 +4328,25 @@ sub unmark_as_readonly {
my ($tmp)=keys(%current_permissions);
if ($tmp=~/^error:/) { undef(%current_permissions); }
my @readonly_files = &get_marked_as_readonly($domain,$user,$what);
- foreach my $file(@readonly_files){
- my $current_locks = $current_permissions{$file};
+ foreach my $file (@readonly_files) {
+ if (defined($file_name) && ($file_name ne $file)) { next; }
+ my $current_locks = $current_permissions{$file};
my @new_locks;
my @del_keys;
if (ref($current_locks) eq "ARRAY"){
foreach my $locker (@{$current_locks}) {
my $compare=$locker;
if (ref($locker)) { $compare=join('',@{$locker}) };
- if ($compare eq $symb_crs) {
- if (defined($file_name) && ($file_name ne $file)) {
- push(@new_locks, $what);
- }
- } else {
- push(@new_locks, $what);
+ if ($compare ne $symb_crs) {
+ push(@new_locks, $locker);
}
}
- if (@new_locks > 0) {
+ if (scalar(@new_locks) > 0) {
$current_permissions{$file} = \@new_locks;
} else {
push(@del_keys, $file);
&del('file_permissions',\@del_keys, $domain, $user);
- delete $current_permissions{$file};
+ delete($current_permissions{$file});
}
}
}
@@ -4328,7 +4587,7 @@ sub get_userresdata {
}
#error 2 occurs when the .db doesn't exist
if ($tmp!~/error: 2 /) {
- &logthis("<font color=blue>WARNING:".
+ &logthis("<font color=\"blue\">WARNING:".
" Trying to get resource data for ".
$uname." at ".$udom.": ".
$tmp."</font>");
@@ -4415,8 +4674,10 @@ sub EXT {
if ($realm eq 'user') {
# --------------------------------------------------------------- user.resource
if ($space eq 'resource') {
- if (defined($Apache::lonhomework::parsing_a_problem) ||
- defined($Apache::lonhomework::parsing_a_task)) {
+ if ( (defined($Apache::lonhomework::parsing_a_problem)
+ || defined($Apache::lonhomework::parsing_a_task))
+ &&
+ ($symbparm eq &symbread()) ) {
return $Apache::lonhomework::history{$qualifierrest};
} else {
my %restored;
@@ -4480,7 +4741,7 @@ sub EXT {
# ------------------------------------------------------------- request.browser
if ($space eq 'browser') {
if ($qualifier eq 'textremote') {
- if (&mt('textual_remote_display') eq 'on') {
+ if (&Apache::lonlocal::mt('textual_remote_display') eq 'on') {
return 1;
} else {
return 0;
@@ -5221,8 +5482,37 @@ sub numval3 {
return $total;
}
+sub digest {
+ my ($data)=@_;
+ my $digest=&Digest::MD5::md5($data);
+ my ($a,$b,$c,$d)=unpack("iiii",$digest);
+ my ($e,$f);
+ {
+ use integer;
+ $e=($a+$b);
+ $f=($c+$d);
+ if ($_64bit) {
+ $e=(($e<<32)>>32);
+ $f=(($f<<32)>>32);
+ }
+ }
+ if (wantarray) {
+ return ($e,$f);
+ } else {
+ my $g;
+ {
+ use integer;
+ $g=($e+$f);
+ if ($_64bit) {
+ $g=(($g<<32)>>32);
+ }
+ }
+ return $g;
+ }
+}
+
sub latest_rnd_algorithm_id {
- return '64bit4';
+ return '64bit5';
}
sub get_rand_alg {
@@ -5262,11 +5552,15 @@ sub rndseed {
if (!$username) { $username=$wusername }
my $which=&get_rand_alg();
if (defined(&getCODE())) {
- if ($which eq '64bit4') {
+ if ($which eq '64bit5') {
+ return &rndseed_CODE_64bit5($symb,$courseid,$domain,$username);
+ } elsif ($which eq '64bit4') {
return &rndseed_CODE_64bit4($symb,$courseid,$domain,$username);
} else {
return &rndseed_CODE_64bit($symb,$courseid,$domain,$username);
}
+ } elsif ($which eq '64bit5') {
+ return &rndseed_64bit5($symb,$courseid,$domain,$username);
} elsif ($which eq '64bit4') {
return &rndseed_64bit4($symb,$courseid,$domain,$username);
} elsif ($which eq '64bit3') {
@@ -5389,6 +5683,12 @@ sub rndseed_64bit4 {
}
}
+sub rndseed_64bit5 {
+ my ($symb,$courseid,$domain,$username)=@_;
+ my ($num1,$num2)=&digest("$symb,$courseid,$domain,$username");
+ return "$num1:$num2";
+}
+
sub rndseed_CODE_64bit {
my ($symb,$courseid,$domain,$username)=@_;
{
@@ -5427,6 +5727,13 @@ sub rndseed_CODE_64bit4 {
}
}
+sub rndseed_CODE_64bit5 {
+ my ($symb,$courseid,$domain,$username)=@_;
+ my $code = &getCODE();
+ my ($num1,$num2)=&digest("$symb,$courseid,$code");
+ return "$num1:$num2";
+}
+
sub setup_random_from_rndseed {
my ($rndseed)=@_;
if ($rndseed =~/([,:])/) {
@@ -5636,6 +5943,9 @@ sub filelocation {
if ($file=~m:^/~:) { # is a contruction space reference
$location = $file;
$location =~ s:/~(.*?)/(.*):/home/$1/public_html/$2:;
+ } elsif ($file=~m:^/home/[^/]*/public_html/:) {
+ # is a correct contruction space reference
+ $location = $file;
} elsif ($file=~/^\/*(uploaded|editupload)/) { # is an uploaded file
my ($udom,$uname,$filename)=
($file=~m -^/+(?:uploaded|editupload)/+([^/]+)/+([^/]+)/+(.*)$-);
@@ -5668,14 +5978,15 @@ sub filelocation {
sub hreflocation {
my ($dir,$file)=@_;
unless (($file=~m-^http://-i) || ($file=~m-^/-)) {
- my $finalpath=filelocation($dir,$file);
- $finalpath=~s-^/home/httpd/html--;
- $finalpath=~s-^/home/(\w+)/public_html/-/~$1/-;
- return $finalpath;
- } elsif ($file=~m-^/home-) {
- $file=~s-^/home/httpd/html--;
+ $file=filelocation($dir,$file);
+ }
+ if ($file=~m-^\Q$perlvar{'lonDocRoot'}\E-) {
+ $file=~s-^\Q$perlvar{'lonDocRoot'}\E--;
+ } elsif ($file=~m-/home/(\w+)/public_html/-) {
$file=~s-^/home/(\w+)/public_html/-/~$1/-;
- return $file;
+ } elsif ($file=~m-^\Q$perlvar{'lonUsersDir'}\E-) {
+ $file=~s-^/home/httpd/lonUsers/([^/]*)/./././([^/]*)/userfiles/
+ -/uploaded/$1/$2/-x;
}
return $file;
}
@@ -5761,13 +6072,6 @@ sub thaw_unescape {
return &unescape($value);
}
-sub mod_perl_version {
- return 1;
- if (defined($perlvar{'MODPERL2'})) {
- return 2;
- }
-}
-
sub correct_line_ends {
my ($result)=@_;
$$result =~s/\r\n/\n/mg;
@@ -5877,14 +6181,21 @@ BEGIN {
sub get_iphost {
if (%iphost) { return %iphost; }
+ my %name_to_ip;
foreach my $id (keys(%hostname)) {
my $name=$hostname{$id};
- my $ip = gethostbyname($name);
- if (!$ip || length($ip) ne 4) {
- &logthis("Skipping host $id name $name no IP found\n");
- next;
+ my $ip;
+ if (!exists($name_to_ip{$name})) {
+ $ip = gethostbyname($name);
+ if (!$ip || length($ip) ne 4) {
+ &logthis("Skipping host $id name $name no IP found\n");
+ next;
+ }
+ $ip=inet_ntoa($ip);
+ $name_to_ip{$name} = $ip;
+ } else {
+ $ip = $name_to_ip{$name};
}
- $ip=inet_ntoa($ip);
push(@{$iphost{$ip}},$id);
}
return %iphost;
@@ -5959,7 +6270,7 @@ $processmarker='_'.time.'_'.$perlvar{'lo
$dumpcount=0;
&logtouch();
-&logthis('<font color=yellow>INFO: Read configuration</font>');
+&logthis('<font color="yellow">INFO: Read configuration</font>');
$readit=1;
{
use integer;