--- loncom/auth/lonacc.pm	2006/06/02 19:38:21	1.78
+++ loncom/auth/lonacc.pm	2006/06/16 22:37:29	1.79
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Cookie Based Access Handler
 #
-# $Id: lonacc.pm,v 1.78 2006/06/02 19:38:21 albertel Exp $
+# $Id: lonacc.pm,v 1.79 2006/06/16 22:37:29 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -135,6 +135,34 @@ sub get_posted_cgi {
     $r->headers_in->unset('Content-length');
 }
 
+sub portfolio_access {
+    my ($udom,$unum,$file_name,$group) = @_;
+    my $current_perms = &Apache::lonnet::get_portfile_permissions($udom,$unum);
+    my %access_controls = &Apache::lonnet::get_access_controls(
+                                             $current_perms,$group,$file_name);
+    my ($public);
+    my $now = time;
+    my $access_hash = $access_controls{$file_name};
+    if (ref($access_hash) eq 'HASH') {
+        foreach my $key (keys(%{$access_hash})) {
+            my ($num,$scope,$end,$start) = ($key =~ /^([^:]+):([a-z]+)_(\d*)_?(\d*)$/);
+            if ($start > $now) {
+                next;
+            }
+            if ($end && $end<$now) {
+                next;
+            }
+            if ($scope eq 'public') {
+                $public = $key;
+                last;
+            }
+        }
+        if ($public) {
+            return 'ok';
+        }
+    }
+    return;
+}
 
 sub handler {
     my $r = shift;
@@ -197,7 +225,18 @@ sub handler {
 	    &Apache::lonacc::get_posted_cgi($r);
 
 # ---------------------------------------------------------------- Check access
-
+            my $now = time;
+            if ($requrl =~ m#/+uploaded/([^/]+)/([^/]+)/portfolio(/.+)$#) {
+                my $result = &portfolio_access($1,$2,$3);
+                if ($result eq 'ok') {
+                    return OK;
+                }
+            } elsif ($requrl =~ m#/+uploaded/([^/]+)/([^/]+)/groups/([^/]+)/portfolio/(.+)$#) {
+                my $result = &portfolio_access($1,$2,$4.'/'.$3,$3);
+                if ($result eq 'ok') {
+                    return OK;
+                }
+            }
             if ($requrl!~/^\/adm|public|prtspool\//) {
 		my $access=&Apache::lonnet::allowed('bre',$requrl);
                 if ($access eq '1') {
@@ -310,6 +349,18 @@ sub handler {
     if ($requrl=~m|^/+adm/+help/+|) {
 	return OK;
     }
+# ------------------------------------- See if this is a viewable portfolio file
+    if ($requrl =~ m#/+uploaded/([^/]+)/([^/]+)/portfolio(/.+)$#) {
+        my $result = &portfolio_access($1,$2,$3);
+        if ($result eq 'ok') {
+            return OK;
+        }
+    } elsif ($requrl =~ m#/+uploaded/([^/]+)/([^/]+)/groups/([^/]+)/portfolio/(.+)$#) {
+        my $result = &portfolio_access($1,$2,$4.'/'.$3,$3);
+        if ($result eq 'ok') {
+            return OK;
+        }
+    }
 # -------------------------------------------------------------- Not authorized
     $requrl=~/\.(\w+)$/;
 #    if ((&Apache::loncommon::fileembstyle($1) eq 'ssi') ||