--- loncom/publisher/londiff.pm 2009/05/14 12:02:14 1.26
+++ loncom/publisher/londiff.pm 2011/11/07 18:28:28 1.33
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# Handler to show differences between file versions
#
-# $Id: londiff.pm,v 1.26 2009/05/14 12:02:14 bisitz Exp $
+# $Id: londiff.pm,v 1.33 2011/11/07 18:28:28 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -77,29 +77,56 @@ sub handler {
&Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'},
['filename','versiontwo',
'versionone','filetwo']);
-# Get the files
+# Check permissions
+ my $allowed=0;
my $cuname=$env{'user.name'};
my $cudom=$env{'user.domain'};
- if ($env{'form.filename'}=~/^\/res\//) {
- ($cudom,$cuname,$env{'form.filename'})=
- ($env{'form.filename'}=~m{^/res/($LONCAPA::domain_re)/($LONCAPA::username_re)/(.*)$});
+ if ($env{'form.filename'}=~ m{^/res/}) {
+ if (&Apache::lonnet::allowed('bre',$env{'form.filename'})) {
+ if ($env{'request.course.id'}) {
+ if (&Apache::lonnet::allowed('mdc',$env{'request.course.id'})) {
+ $allowed = 1;
+ }
+ } else {
+ $allowed = 1;
+ }
+ } elsif (&Apache::lonnet::allowed('bro',$env{'form.filename'})) {
+ $allowed = 1;
+ }
+ if ($allowed) {
+ ($cudom,$cuname,$env{'form.filename'})=
+ ($env{'form.filename'}=~m{^/res/($LONCAPA::domain_re)/($LONCAPA::username_re)(/.*)$});
+
+ if (($env{'form.versionone'} eq 'priv') || ($env{'form.versiontwo'} eq 'priv')) {
+ my ($cstrname,$cstrdom) =
+ &Apache::loncacc::constructaccess("/priv/$cudom/$cuname".$env{'form.filename'});
+ unless (($cstrname eq $cuname) && ($cstrdom eq $cudom)) {
+ $allowed = 0;
+ }
+ }
+ }
} else {
- unless (($cuname,$cudom)=
- &Apache::loncacc::constructaccess($env{'form.filename'},
- $r->dir_config('lonDefDomain'))) {
- $r->log_reason($cuname.':'.$cudom.
+ ($cuname,$cudom)=
+ &Apache::loncacc::constructaccess($env{'form.filename'});
+ if ($cuname ne '' && $cudom ne '') {
+ $allowed = 1;
+ } else {
+ $r->log_reason($env{'user.name'}.':'.$env{'user.domain'}.
' trying to get diffs file '.$env{'form.filename'}.
- ' - not authorized',
- $r->filename);
- return HTTP_NOT_ACCEPTABLE;
+ ' - not authorized',
+ $r->filename);
}
}
-
- my $efn=$env{'form.filename'};
+ unless ($allowed) {
+ return HTTP_NOT_ACCEPTABLE;
+ }
- $efn=~s{/\~($LONCAPA::username_re)}{}g;
+# Get the files
+
+ my $efn=$env{'form.filename'};
+ $efn=~s{^/priv/$LONCAPA::domain_re/$LONCAPA::username_re}{};
my @f1=();
my @f2=();
@@ -114,8 +141,8 @@ sub handler {
' '.$efn.'');
if (($cuname ne $env{'user.name'}) || ($cudom ne $env{'user.domain'})) {
- $r->print(''
- .&mt('Co-Author: [_1]'
+ $r->print(''
+ .&mt('Co-Author [_1]'
,&Apache::loncommon::plainname($cuname,$cudom)
.' ('.$cuname.':'.$cudom.')')
.'
'
@@ -127,12 +154,11 @@ sub handler {
|| $efn =~ /\.meta$/) {
$r->print('');
if ($env{'form.versionone'} eq 'priv') {
- my $fn='/home/'.$cuname.'/public_html/'.$efn;
+ my $fn=$r->dir_config('lonDocRoot')."/priv/$cudom/$cuname".$efn;
@f1=&get_split_file($fn,'local');
$r->print(''.&mt('Construction Space Version').'');
} else {
- my $fn=
- '/home/httpd/html/res/'.$cudom.'/'.$cuname.'/';
+ my $fn=$r->dir_config('lonDocRoot')."/res/$cudom/$cuname";
if ($env{'form.versionone'}) {
my ($main,$suffix,$is_meta)=
&Apache::lonretrieve::get_file_info($efn);
@@ -152,17 +178,16 @@ sub handler {
if ($env{'form.filetwo'}) {
my $efn2=$env{'form.filetwo'};
- $efn2=~s{/\~($LONCAPA::username_re)}{}g;
- my $fn='/home/'.$cuname.'/public_html/'.$efn2;
+ $efn2=~s{^/priv/$LONCAPA::domain_re/$LONCAPA::username_re}{};
+ my $fn=$r->dir_config('lonDocRoot')."/priv/$cudom/$cuname".$efn2;
@f2=&get_split_file($fn,'local');
$r->print(''.$efn2.'');
} elsif ($env{'form.versiontwo'} eq 'priv') {
- my $fn='/home/'.$cuname.'/public_html/'.$efn;
+ my $fn=$r->dir_config('lonDocRoot')."/priv/$cudom/$cuname".$efn;
@f2=&get_split_file($fn,'local');
$r->print(''.&mt('Construction Space Version').'');
} else {
- my $fn=
- '/home/httpd/html/res/'.$cudom.'/'.$cuname.'/';
+ my $fn=$r->dir_config('lonDocRoot')."/res/$cudom/$cuname/";
if ($env{'form.versiontwo'}) {
my ($main,$suffix,$is_meta)=
&Apache::lonretrieve::get_file_info($efn);