' + .&mt('Archiving of Authoring Spaces is only permitted by Author') + .'
' + ); + } } elsif ($env{'form.action'} eq 'copy') { if ($newfilename) { &Copy1($r, $uname, $udom, $fn, $newfilename); @@ -1679,7 +1686,13 @@ sub phasetwo { } $dest = $dir."/."; } elsif ($env{'form.action'} eq 'archive') { - &Archive2($r,$uname,$udom,$fn,$identifier); + if (($env{'environment.archive'}) && + ($env{'user.name'} eq $uname) && + ($env{'user.domain'} eq $udom)) { + &Archive2($r,$uname,$udom,$fn,$identifier); + } else { + $r->print(&mt('You do not have permission to export to an archive file in this Authoring Space')); + } return; } elsif ($env{'form.action'} eq 'rename' || $env{'form.action'} eq 'move') { @@ -1778,9 +1791,11 @@ sub handler { } elsif($ENV{'QUERY_STRING'} && $env{'form.phase'} ne 'two') { #Just hijack the script only the first time around to inject the #correct information for further processing - $fn=&unescape($env{'form.decompress'}); - $fn=&URLToPath($fn); - $env{'form.action'}="decompress"; + if ($env{'form.decompress'} ne '') { + $fn=&unescape($env{'form.decompress'}); + $fn=&URLToPath($fn); + $env{'form.action'}="decompress"; + } } elsif ($env{'form.qualifiedfilename'}) { $fn=$env{'form.qualifiedfilename'}; } else { @@ -1813,7 +1828,12 @@ sub handler { ($env{'environment.canarchive'})) { &Apache::loncommon::content_type($r,'text/plain'); $r->send_http_header; - $r->print(&Archive3($archiveref)); + if (($env{'user.name'} eq $uname) && + ($env{'user.domain'} eq $udom)) { + $r->print(&Archive3($archiveref)); + } else { + $r->print(&mt('You do not have permission to export to an archive file in this Authoring Space')); + } return OK; } @@ -2027,19 +2047,9 @@ ENDJS $trailfile =~ s{^/(priv/)}{$londocroot/$1}; # Breadcrumbs - my $crsauthor; my $text = 'Authoring Space'; my $title = 'Authoring Space File Operation', my $href = &Apache::loncommon::authorspace(&url($fn)); - if ($env{'request.course.id'}) { - my $cnum = $env{'course.'.$env{'request.course.id'}.'.num'}; - my $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'}; - if ($href eq "/priv/$cdom/$cnum/") { - $text = 'Course Authoring Space'; - $title = 'Course Authoring Space File Operation', - $crsauthor = 1; - } - } &Apache::lonhtmlcommon::clear_breadcrumbs(); &Apache::lonhtmlcommon::add_breadcrumb({ 'text' => $text, @@ -2062,12 +2072,10 @@ ENDJS } if (($uname ne $env{'user.name'}) || ($udom ne $env{'user.domain'})) { - unless ($crsauthor) { - $r->print('' - .&mt('Co-Author [_1]',$uname.':'.$udom) - .'
' - ); - } + $r->print('' + .&mt('Co-Author [_1]',$uname.':'.$udom) + .'
' + ); } @@ -2092,33 +2100,7 @@ ENDJS 'Select Action' => 'New Resource', ); if ($action{$env{'form.action'}}) { - if ($crsauthor) { - my @disallowed = qw(page sequence rights library); - my $newtype; - if ($env{'form.action'} =~ /^new(\w+)file$/) { - $newtype = $1; - } elsif ($env{'form.action'} eq 'newfile') { - ($newtype) = ($env{'form.newfilename'} =~ m{\.([^/.]+)$}); - $newtype = lc($newtype); - } - if (($newtype ne '') && - (grep(/^\Q$newtype\E$/,@disallowed))) { - $r->print('' - .&mt('Creation of a new file of type: [_1] is not permitted in Course Authoring Space',$newtype) - .'
' - .&Apache::loncommon::end_page() - ); - return OK; - } - if ($env{'form.action'} eq 'archive') { - $r->print(''.&mt('Location').': '.&display($fn).'
'."\n". - ''. - &mt('Export to an archive file is not permitted in Course Authoring Space'). - '
'."\n". - &Apache::loncommon::end_page()); - return OK; - } - } elsif ($env{'form.action'} eq 'archive') { + if ($env{'form.action'} eq 'archive') { if ($env{'environment.canarchive'}) { if ($archive_earlyout) { my $fname = &url($fn);