--- loncom/lonnet/perl/lonnet.pm	2006/07/20 01:18:46	1.763
+++ loncom/lonnet/perl/lonnet.pm	2006/08/30 16:49:36	1.774
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # TCP networking package
 #
-# $Id: lonnet.pm,v 1.763 2006/07/20 01:18:46 www Exp $
+# $Id: lonnet.pm,v 1.774 2006/08/30 16:49:36 banghart Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -2845,7 +2845,7 @@ sub set_userprivs {
     if (keys(%{$allgroups}) > 0) {
         foreach my $role (keys %{$allroles}) {
             my ($trole,$area,$sec,$extendedarea);
-            if ($role =~ m|^(\w+)\.(/\w+/\w+)(/?\w*)|) {
+            if ($role =~ m-^(\w+|cr/\w+/\w+/\w+)\.(/\w+/\w+)(/?\w*)-) {
                 $trole = $1;
                 $area = $2;
                 $sec = $3;
@@ -3217,6 +3217,218 @@ sub tmpdel {
     return &reply("tmpdel:$token",$server);
 }
 
+# -------------------------------------------------- portfolio access checking
+
+sub portfolio_access {
+    my ($requrl) = @_;
+    my (undef,$udom,$unum,$file_name,$group) = &parse_portfolio_url($requrl);
+    my $result = &get_portfolio_access($udom,$unum,$file_name,$group);
+    if ($result eq 'ok') {
+       return 'F';
+    } elsif ($result =~ /^[^:]+:guest_/) {
+       return 'A';
+    }
+    return '';
+}
+
+sub get_portfolio_access {
+    my ($udom,$unum,$file_name,$group,$access_hash) = @_;
+
+    if (!ref($access_hash)) {
+	my $current_perms = &get_portfile_permissions($udom,$unum);
+	my %access_controls = &get_access_controls($current_perms,$group,
+						   $file_name);
+	$access_hash = $access_controls{$file_name};
+    }
+
+    my ($public,$guest,@domains,@users,@courses,@groups);
+    my $now = time;
+    if (ref($access_hash) eq 'HASH') {
+        foreach my $key (keys(%{$access_hash})) {
+            my ($num,$scope,$end,$start) = ($key =~ /^([^:]+):([a-z]+)_(\d*)_?(\d*)$/);
+            if ($start > $now) {
+                next;
+            }
+            if ($end && $end<$now) {
+                next;
+            }
+            if ($scope eq 'public') {
+                $public = $key;
+                last;
+            } elsif ($scope eq 'guest') {
+                $guest = $key;
+            } elsif ($scope eq 'domains') {
+                push(@domains,$key);
+            } elsif ($scope eq 'users') {
+                push(@users,$key);
+            } elsif ($scope eq 'course') {
+                push(@courses,$key);
+            } elsif ($scope eq 'group') {
+                push(@groups,$key);
+            }
+        }
+        if ($public) {
+            return 'ok';
+        }
+        if ($env{'user.name'} eq 'public' && $env{'user.domain'} eq 'public') {
+            if ($guest) {
+                return $guest;
+            }
+        } else {
+            if (@domains > 0) {
+                foreach my $domkey (@domains) {
+                    if (ref($access_hash->{$domkey}{'dom'}) eq 'ARRAY') {
+                        if (grep(/^\Q$env{'user.domain'}\E$/,@{$access_hash->{$domkey}{'dom'}})) {
+                            return 'ok';
+                        }
+                    }
+                }
+            }
+            if (@users > 0) {
+                foreach my $userkey (@users) {
+                    if (exists($access_hash->{$userkey}{'users'}{$env{'user.name'}.':'.$env{'user.domain'}})) {
+                        return 'ok';
+                    }
+                }
+            }
+            my %roleshash;
+            my @courses_and_groups = @courses;
+            push(@courses_and_groups,@groups); 
+            if (@courses_and_groups > 0) {
+                my (%allgroups,%allroles); 
+                my ($start,$end,$role,$sec,$group);
+                foreach my $envkey (%env) {
+                    if ($envkey =~ m-^user\.role\.(gr|cc|in|ta|ep|st)\./([^/]+)/([^/]+)/?([^/]*)$-) {
+                        my $cid = $2.'_'.$3; 
+                        if ($1 eq 'gr') {
+                            $group = $4;
+                            $allgroups{$cid}{$group} = $env{$envkey};
+                        } else {
+                            if ($4 eq '') {
+                                $sec = 'none';
+                            } else {
+                                $sec = $4;
+                            }
+                            $allroles{$cid}{$1}{$sec} = $env{$envkey};
+                        }
+                    } elsif ($envkey =~ m-^user\.role\./cr/(\w+/\w+/\w*)./([^/]+)/([^/]+)/?([^/]*)$-) {
+                        my $cid = $2.'_'.$3;
+                        if ($4 eq '') {
+                            $sec = 'none';
+                        } else {
+                            $sec = $4;
+                        }
+                        $allroles{$cid}{$1}{$sec} = $env{$envkey};
+                    }
+                }
+                if (keys(%allroles) == 0) {
+                    return;
+                }
+                foreach my $key (@courses_and_groups) {
+                    my %content = %{$$access_hash{$key}};
+                    my $cnum = $content{'number'};
+                    my $cdom = $content{'domain'};
+                    my $cid = $cdom.'_'.$cnum;
+                    if (!exists($allroles{$cid})) {
+                        next;
+                    }    
+                    foreach my $role_id (keys(%{$content{'roles'}})) {
+                        my @sections = @{$content{'roles'}{$role_id}{'section'}};
+                        my @groups = @{$content{'roles'}{$role_id}{'group'}};
+                        my @status = @{$content{'roles'}{$role_id}{'access'}};
+                        my @roles = @{$content{'roles'}{$role_id}{'role'}};
+                        foreach my $role (keys(%{$allroles{$cid}})) {
+                            if ((grep/^all$/,@roles) || (grep/^\Q$role\E$/,@roles)) {
+                                foreach my $sec (keys(%{$allroles{$cid}{$role}})) {
+                                    if (&course_group_datechecker($allroles{$cid}{$role}{$sec},$now,\@status) eq 'ok') {
+                                        if (grep/^all$/,@sections) {
+                                            return 'ok';
+                                        } else {
+                                            if (grep/^$sec$/,@sections) {
+                                                return 'ok';
+                                            }
+                                        }
+                                    }
+                                }
+                                if (keys(%{$allgroups{$cid}}) == 0) {
+                                    if (grep/^none$/,@groups) {
+                                        return 'ok';
+                                    }
+                                } else {
+                                    if (grep/^all$/,@groups) {
+                                        return 'ok';
+                                    } 
+                                    foreach my $group (keys(%{$allgroups{$cid}})) {
+                                        if (grep/^$group$/,@groups) {
+                                            return 'ok';
+                                        }
+                                    }
+                                } 
+                            }
+                        }
+                    }
+                }
+            }
+            if ($guest) {
+                return $guest;
+            }
+        }
+    }
+    return;
+}
+
+sub course_group_datechecker {
+    my ($dates,$now,$status) = @_;
+    my ($start,$end) = split(/\./,$dates);
+    if (!$start && !$end) {
+        return 'ok';
+    }
+    if (grep/^active$/,@{$status}) {
+        if (((!$start) || ($start && $start <= $now)) && ((!$end) || ($end && $end >= $now))) {
+            return 'ok';
+        }
+    }
+    if (grep/^previous$/,@{$status}) {
+        if ($end > $now ) {
+            return 'ok';
+        }
+    }
+    if (grep/^future$/,@{$status}) {
+        if ($start > $now) {
+            return 'ok';
+        }
+    }
+    return; 
+}
+
+sub parse_portfolio_url {
+    my ($url) = @_;
+
+    my ($type,$udom,$unum,$group,$file_name);
+    
+    if ($url =~  m-^/*uploaded/([^/]+)/([^/]+)/portfolio(/.+)$-) {
+	$type = 1;
+        $udom = $1;
+        $unum = $2;
+        $file_name = $3;
+    } elsif ($url =~ m-^/*uploaded/([^/]+)/([^/]+)/groups/([^/]+)/portfolio/(.+)$-) {
+	$type = 2;
+        $udom = $1;
+        $unum = $2;
+        $group = $3;
+        $file_name = $3.'/'.$4;
+    }
+    if (wantarray) {
+	return ($type,$udom,$unum,$file_name,$group);
+    }
+    return $type;
+}
+
+sub is_portfolio_url {
+    my ($url) = @_;
+    return scalar(&parse_portfolio_url($url));
+}
+
 # ---------------------------------------------- Custom access rule evaluation
 
 sub customaccess {
@@ -3263,7 +3475,8 @@ sub allowed {
     if (defined($env{'allowed.'.$priv})) { return $env{'allowed.'.$priv}; }
 # Free bre access to adm and meta resources
     if (((($uri=~/^adm\//) && ($uri !~ m|/bulletinboard$|)) 
-	 || ($uri=~/\.meta$/)) && ($priv eq 'bre')) {
+	 || (($uri=~/\.meta$/) && ($uri!~m|^uploaded/|) )) 
+	&& ($priv eq 'bre')) {
 	return 'F';
     }
 
@@ -3388,6 +3601,13 @@ sub allowed {
         }
     }
 
+    if ($priv eq 'bre'
+	&& $thisallowed ne 'F' 
+	&& $thisallowed ne '2'
+	&& &is_portfolio_url($uri)) {
+	$thisallowed = &portfolio_access($uri);
+    }
+    
 # Full access at system, domain or course-wide level? Exit.
 
     if ($thisallowed=~/F/) {
@@ -3538,7 +3758,11 @@ sub allowed {
 #
 
     unless ($env{'request.course.id'}) {
-       return '1';
+	if ($thisallowed eq 'A') {
+	    return 'A';
+	} else {
+	    return '1';
+	}
     }
 
 #
@@ -3601,6 +3825,9 @@ sub allowed {
       }
    }
 
+    if ($thisallowed eq 'A') {
+	return 'A';
+    }
    return 'F';
 }
 
@@ -3966,33 +4193,49 @@ sub auto_photoupdate {
 sub auto_instcode_format {
     my ($caller,$codedom,$instcodes,$codes,$codetitles,$cat_titles,$cat_order) = @_;
     my $courses = '';
-    my $homeserver;
+    my @homeservers;
     if ($caller eq 'global') {
         foreach my $tryserver (keys %libserv) {
             if ($hostdom{$tryserver} eq $codedom) {
-                $homeserver = $tryserver;
-                last;
+                if (!grep/^\Q$tryserver\E$/,@homeservers) {
+                    push(@homeservers,$tryserver);
+                }
             }
         }
-        if (($env{'user.name'}) && ($env{'user.domain'} eq $codedom)) {
-            $homeserver = &homeserver($env{'user.name'},$codedom);
-        }
     } else {
-        $homeserver = &homeserver($caller,$codedom);
+        push(@homeservers,&homeserver($caller,$codedom));
     }
     foreach (keys %{$instcodes}) {
         $courses .= &escape($_).'='.&escape($$instcodes{$_}).'&';
     }
     chop($courses);
-    my $response=&reply('autoinstcodeformat:'.$codedom.':'.$courses,$homeserver);
-    unless ($response =~ /(con_lost|error|no_such_host|refused)/) {
-        my ($codes_str,$codetitles_str,$cat_titles_str,$cat_order_str) = split/:/,$response;
-        %{$codes} = &str2hash($codes_str);
-        @{$codetitles} = &str2array($codetitles_str);
-        %{$cat_titles} = &str2hash($cat_titles_str);
-        %{$cat_order} = &str2hash($cat_order_str);
+    my $ok_response = 0;
+    my $response;
+    while (@homeservers > 0 && $ok_response == 0) {
+        my $server = shift(@homeservers); 
+        $response=&reply('autoinstcodeformat:'.$codedom.':'.$courses,$server);
+        if ($response !~ /(con_lost|error|no_such_host|refused)/) {
+            my ($codes_str,$codetitles_str,$cat_titles_str,$cat_order_str) = 
+                                                            split/:/,$response;
+            %{$codes} = (%{$codes},&str2hash($codes_str));
+            push(@{$codetitles},&str2array($codetitles_str));
+            %{$cat_titles} = (%{$cat_titles},&str2hash($cat_titles_str));
+            %{$cat_order} = (%{$cat_order},&str2hash($cat_order_str));
+            $ok_response = 1;
+        }
+    }
+    if ($ok_response) {
         return 'ok';
+    } else {
+        return $response;
     }
+}
+
+sub autovalidateclass_sec {
+    my ($cdom,$cnum,$owner,$inst_class) = @_;
+    my $homeserver = &homeserver($cnum,$cdom);
+    my $response=&reply('autovalidateclass_sec:'.$inst_class.':'.
+                        &escape($owner).':'.$cdom,$homeserver);
     return $response;
 }
 
@@ -4688,11 +4931,13 @@ sub get_portfile_permissions {
 
 sub get_access_controls {
     my ($current_permissions,$group,$file) = @_;
-    my %access; 
+    my %access;
+    my $real_file = $file;
+    $file =~ s/\.meta$//;
     if (defined($file)) {
         if (ref($$current_permissions{$file."\0".'accesscontrol'}) eq 'HASH') {
             foreach my $control (keys(%{$$current_permissions{$file."\0".'accesscontrol'}})) {
-                $access{$file}{$control} = $$current_permissions{$file."\0".$control};
+                $access{$real_file}{$control} = $$current_permissions{$file."\0".$control};
             }
         }
     } else {
@@ -5155,16 +5400,6 @@ sub devalidatecourseresdata {
     &devalidate_cache_new('courseres',$hashid);
 }
 
-# ------------------------------------------------------ Devalidate title cache
-
-sub devalidate_title_cache {
-    my ($url)=@_;
-    if (!$env{'request.course.id'}) { return; }
-    my $symb=&symbread($url);
-    if (!$symb) { return; }
-    my $key=$env{'request.course.id'}."\0".$symb;
-    &devalidate_cache_new('title',$key);
-}
 
 # --------------------------------------------------- Course Resourcedata Query
 
@@ -5518,6 +5753,9 @@ sub EXT {
 	if (($uname eq $env{'user.name'})&&($udom eq $env{'user.domain'})) {
 	    return $env{'environment.'.$spacequalifierrest};
 	} else {
+	    if ($uname eq 'anonymous' && $udom eq '') {
+		return '';
+	    }
 	    my %returnhash=&userenvironment($udom,$uname,
 					    $spacequalifierrest);
 	    return $returnhash{$spacequalifierrest};
@@ -5668,7 +5906,7 @@ sub metadata {
         my %metathesekeys=();
         unless ($filename=~/\.meta$/) { $filename.='.meta'; }
 	my $metastring;
-	if ($uri !~ m -^(uploaded|editupload)/-) {
+	if ($uri !~ m -^(editupload)/-) {
 	    my $file=&filelocation('',&clutter($filename));
 	    #push(@{$metaentry{$uri.'.file'}},$file);
 	    $metastring=&getfile($file);
@@ -5887,6 +6125,17 @@ sub metadata_generate_part0 {
     }
 }
 
+# ------------------------------------------------------ Devalidate title cache
+
+sub devalidate_title_cache {
+    my ($url)=@_;
+    if (!$env{'request.course.id'}) { return; }
+    my $symb=&symbread($url);
+    if (!$symb) { return; }
+    my $key=$env{'request.course.id'}."\0".$symb;
+    &devalidate_cache_new('title',$key);
+}
+
 # ------------------------------------------------- Get the title of a resource
 
 sub gettitle {
@@ -7293,6 +7542,7 @@ actions
  '': forbidden
  1: user needs to choose course
  2: browse allowed
+ A: passphrase authentication needed
 
 =item *
 
@@ -8020,15 +8270,6 @@ Internal notes:
  
  Locks on files (resulting from submission of portfolio file to a homework problem stored in array of arrays.
 
-parse_access_controls():
-
-Parses XML of an access control record
-Args
-1. Text string (XML) of access comtrol record
-
-Returns:
-1. Hash of access control settings. 
-
 modify_access_controls():
 
 Modifies access controls for a portfolio file