' + .&mt('Archiving of Authoring Spaces is only permitted by Author') + .'
' + ); + } } elsif ($env{'form.action'} eq 'copy') { if ($newfilename) { &Copy1($r, $uname, $udom, $fn, $newfilename); @@ -1679,7 +1686,13 @@ sub phasetwo { } $dest = $dir."/."; } elsif ($env{'form.action'} eq 'archive') { - &Archive2($r,$uname,$udom,$fn,$identifier); + if (($env{'environment.canarchive'}) && + ($env{'user.name'} eq $uname) && + ($env{'user.domain'} eq $udom)) { + &Archive2($r,$uname,$udom,$fn,$identifier); + } else { + $r->print(&mt('You do not have permission to export to an archive file in this Authoring Space')); + } return; } elsif ($env{'form.action'} eq 'rename' || $env{'form.action'} eq 'move') { @@ -1778,9 +1791,11 @@ sub handler { } elsif($ENV{'QUERY_STRING'} && $env{'form.phase'} ne 'two') { #Just hijack the script only the first time around to inject the #correct information for further processing - $fn=&unescape($env{'form.decompress'}); - $fn=&URLToPath($fn); - $env{'form.action'}="decompress"; + if ($env{'form.decompress'} ne '') { + $fn=&unescape($env{'form.decompress'}); + $fn=&URLToPath($fn); + $env{'form.action'}="decompress"; + } } elsif ($env{'form.qualifiedfilename'}) { $fn=$env{'form.qualifiedfilename'}; } else { @@ -1813,7 +1828,12 @@ sub handler { ($env{'environment.canarchive'})) { &Apache::loncommon::content_type($r,'text/plain'); $r->send_http_header; - $r->print(&Archive3($archiveref)); + if (($env{'user.name'} eq $uname) && + ($env{'user.domain'} eq $udom)) { + $r->print(&Archive3($archiveref)); + } else { + $r->print(&mt('You do not have permission to export to an archive file in this Authoring Space')); + } return OK; } @@ -2027,9 +2047,19 @@ ENDJS $trailfile =~ s{^/(priv/)}{$londocroot/$1}; # Breadcrumbs + my $crsauthor; my $text = 'Authoring Space'; my $title = 'Authoring Space File Operation', my $href = &Apache::loncommon::authorspace(&url($fn)); + if ($env{'request.course.id'}) { + my $cnum = $env{'course.'.$env{'request.course.id'}.'.num'}; + my $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'}; + if ($href eq "/priv/$cdom/$cnum/") { + $text = 'Course Authoring Space'; + $title = 'Course Authoring Space File Operation', + $crsauthor = 1; + } + } &Apache::lonhtmlcommon::clear_breadcrumbs(); &Apache::lonhtmlcommon::add_breadcrumb({ 'text' => $text, @@ -2052,10 +2082,12 @@ ENDJS } if (($uname ne $env{'user.name'}) || ($udom ne $env{'user.domain'})) { - $r->print('' - .&mt('Co-Author [_1]',$uname.':'.$udom) - .'
' - ); + unless ($crsauthor) { + $r->print('' + .&mt('Co-Author [_1]',$uname.':'.$udom) + .'
' + ); + } } @@ -2080,7 +2112,33 @@ ENDJS 'Select Action' => 'New Resource', ); if ($action{$env{'form.action'}}) { - if ($env{'form.action'} eq 'archive') { + if ($crsauthor) { + my @disallowed = qw(page sequence rights library); + my $newtype; + if ($env{'form.action'} =~ /^new(\w+)file$/) { + $newtype = $1; + } elsif ($env{'form.action'} eq 'newfile') { + ($newtype) = ($env{'form.newfilename'} =~ m{\.([^/.]+)$}); + $newtype = lc($newtype); + } + if (($newtype ne '') && + (grep(/^\Q$newtype\E$/,@disallowed))) { + $r->print('' + .&mt('Creation of a new file of type: [_1] is not permitted in Course Authoring Space',$newtype) + .'
' + .&Apache::loncommon::end_page() + ); + return OK; + } + if ($env{'form.action'} eq 'archive') { + $r->print(''.&mt('Location').': '.&display($fn).'
'."\n". + ''. + &mt('Export to an archive file is not permitted in Course Authoring Space'). + '
'."\n". + &Apache::loncommon::end_page()); + return OK; + } + } elsif ($env{'form.action'} eq 'archive') { if ($env{'environment.canarchive'}) { if ($archive_earlyout) { my $fname = &url($fn);