--- loncom/auth/lonacc.pm	2006/07/10 03:58:45	1.85
+++ loncom/auth/lonacc.pm	2006/07/17 19:49:14	1.87
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Cookie Based Access Handler
 #
-# $Id: lonacc.pm,v 1.85 2006/07/10 03:58:45 raeburn Exp $
+# $Id: lonacc.pm,v 1.87 2006/07/17 19:49:14 albertel Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -35,6 +35,7 @@ use Apache::File;
 use Apache::lonnet;
 use Apache::loncommon();
 use Apache::lonlocal;
+use Apache::restrictedaccess();
 use CGI::Cookie();
 use Fcntl qw(:flock);
 use LONCAPA;
@@ -137,7 +138,21 @@ sub get_posted_cgi {
 }
 
 sub portfolio_access {
+    my ($r,$requrl) = @_;
+    my (undef,$udom,$unum,$file_name,$group) = &parse_portfolio_url($requrl);
+    my $result = &get_portfolio_access($udom,$unum,$file_name,$group);
+    if ($result eq 'ok') {
+	return OK;
+    } elsif ($result =~ /^[^:]+:guest_/) {
+	&passphrase_access_checker($r,$result,$requrl);
+	return OK;
+    }
+    return FORBIDDEN;
+}
+
+sub get_portfolio_access {
     my ($udom,$unum,$file_name,$group) = @_;
+ 
     my $current_perms = &Apache::lonnet::get_portfile_permissions($udom,$unum);
     my %access_controls = &Apache::lonnet::get_access_controls(
                                              $current_perms,$group,$file_name);
@@ -292,9 +307,8 @@ sub passphrase_access_checker {
             }
         }
     }
-    my $login = $r->dir_config('Login');
-    $login .= '?origurl='.&escape($requrl);
-    $r->custom_response(FORBIDDEN,$login);
+    $r->set_handlers('PerlHandler'=> \&Apache::restrictedaccess::handler);
+    $r->content_type('perl-script');
     return;
 }
 
@@ -322,6 +336,34 @@ sub course_group_datechecker {
     return; 
 }
 
+sub parse_portfolio_url {
+    my ($url) = @_;
+
+    my ($type,$udom,$unum,$group,$file_name);
+    
+    if ($url =~  m-/+uploaded/([^/]+)/([^/]+)/portfolio(/.+)$-) {
+	$type = 1;
+        $udom = $1;
+        $unum = $2;
+        $file_name = $3;
+    } elsif ($url =~ m-/+uploaded/([^/]+)/([^/]+)/groups/([^/]+)/portfolio/(.+)$-) {
+	$type = 2;
+        $udom = $1;
+        $unum = $2;
+        $group = $3;
+        $file_name = $3.'/'.$4;
+    }
+    if (wantarray) {
+	return ($type,$udom,$unum,$file_name,$group);
+    }
+    return $type;
+}
+
+sub is_portfolio_url {
+    my ($url) = @_;
+    return scalar(&parse_portfolio_url($url));
+}
+
 sub handler {
     my $r = shift;
     my $requrl=$r->uri;
@@ -384,29 +426,9 @@ sub handler {
 
 # ---------------------------------------------------------------- Check access
             my $now = time;
-            if ($requrl =~ m|/+uploaded/([^/]+)/([^/]+)/portfolio(/.+)$|) {
-                my $result = &portfolio_access($1,$2,$3);
-                if ($result eq 'ok') {
-                    return OK;
-                } elsif ($result =~ /^[^:]+:guest_/) {
-                    if (&passphrase_access_checker($r,$result,$requrl) eq 'ok') {
-                        return OK;
-                    } else {
-                        return FORBIDDEN;
-                    } 
-                }
-            } elsif ($requrl =~ m|/+uploaded/([^/]+)/([^/]+)/groups/([^/]+)/portfolio/(.+)$|) {
-                my $result = &portfolio_access($1,$2,$3.'/'.$4,$3);
-                if ($result eq 'ok') {
-                    return OK;
-                } elsif ($result =~ /^[^:]+:guest_/) {
-                    if (&passphrase_access_checker($r,$result,$requrl) eq 'ok') {
-                        return OK;
-                    } else {
-                        return FORBIDDEN;
-                    }
-                }
-            }
+	    if (&is_portfolio_url($requrl)) {
+		return &portfolio_access($r,$requrl);
+	    }
             if ($requrl!~/^\/adm|public|prtspool\//) {
 		my $access=&Apache::lonnet::allowed('bre',$requrl);
                 if ($access eq '1') {
@@ -520,29 +542,10 @@ sub handler {
 	return OK;
     }
 # ------------------------------------- See if this is a viewable portfolio file
-    if ($requrl =~ m|/+uploaded/([^/]+)/([^/]+)/portfolio(/.+)$|) {
-        my $result = &portfolio_access($1,$2,$3);
-        if ($result eq 'ok') {
-            return OK;
-        } elsif ($result =~ /^[^:]+:guest_/) {
-            if (&passphrase_access_checker($r,$result,$requrl) eq 'ok') {
-                return OK;
-            } else {
-                return FORBIDDEN;
-            }
-        }
-    } elsif ($requrl =~ m|/+uploaded/([^/]+)/([^/]+)/groups/([^/]+)/portfolio/(.+)$|) {
-        my $result = &portfolio_access($1,$2,$3.'/'.$4,$3);
-        if ($result eq 'ok') {
-            return OK;
-        } elsif ($result =~ /^[^:]+:guest_/) {
-            if (&passphrase_access_checker($r,$result,$requrl) eq 'ok') {
-                return OK;
-            } else {
-                return FORBIDDEN;
-            }
-        }
+    if (&is_portfolio_url($requrl)) {
+	return &portfolio_access($r,$requrl);
     }
+
 # -------------------------------------------------------------- Not authorized
     $requrl=~/\.(\w+)$/;
 #    if ((&Apache::loncommon::fileembstyle($1) eq 'ssi') ||