--- loncom/auth/lonacc.pm	2006/04/13 20:47:39	1.77
+++ loncom/auth/lonacc.pm	2006/06/16 22:37:29	1.79
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Cookie Based Access Handler
 #
-# $Id: lonacc.pm,v 1.77 2006/04/13 20:47:39 albertel Exp $
+# $Id: lonacc.pm,v 1.79 2006/06/16 22:37:29 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -135,6 +135,34 @@ sub get_posted_cgi {
     $r->headers_in->unset('Content-length');
 }
 
+sub portfolio_access {
+    my ($udom,$unum,$file_name,$group) = @_;
+    my $current_perms = &Apache::lonnet::get_portfile_permissions($udom,$unum);
+    my %access_controls = &Apache::lonnet::get_access_controls(
+                                             $current_perms,$group,$file_name);
+    my ($public);
+    my $now = time;
+    my $access_hash = $access_controls{$file_name};
+    if (ref($access_hash) eq 'HASH') {
+        foreach my $key (keys(%{$access_hash})) {
+            my ($num,$scope,$end,$start) = ($key =~ /^([^:]+):([a-z]+)_(\d*)_?(\d*)$/);
+            if ($start > $now) {
+                next;
+            }
+            if ($end && $end<$now) {
+                next;
+            }
+            if ($scope eq 'public') {
+                $public = $key;
+                last;
+            }
+        }
+        if ($public) {
+            return 'ok';
+        }
+    }
+    return;
+}
 
 sub handler {
     my $r = shift;
@@ -150,8 +178,10 @@ sub handler {
         $handle=~s/\W//g;
     }
       
+    my ($sso_login);
     if ($r->user 
 	&& (!$lonid || !-e "$lonidsdir/$handle.id" || $handle eq '') ) {
+	$sso_login = 1;
 	my $domain = $r->dir_config('lonDefDomain');
 	my $home=&Apache::lonnet::homeserver($r->user,$domain);
 	if ($home !~ /(con_lost|no_such_host)/) {
@@ -161,6 +191,10 @@ sub handler {
 	}
     }
 
+    if ($sso_login) {
+	&Apache::lonnet::appenv('request.sso.login' => 1);
+    }
+
     if ($r->dir_config("lonBalancer") eq 'yes') {
 	$r->set_handlers('PerlResponseHandler'=>
 			 [\&Apache::switchserver::handler]);
@@ -191,7 +225,18 @@ sub handler {
 	    &Apache::lonacc::get_posted_cgi($r);
 
 # ---------------------------------------------------------------- Check access
-
+            my $now = time;
+            if ($requrl =~ m#/+uploaded/([^/]+)/([^/]+)/portfolio(/.+)$#) {
+                my $result = &portfolio_access($1,$2,$3);
+                if ($result eq 'ok') {
+                    return OK;
+                }
+            } elsif ($requrl =~ m#/+uploaded/([^/]+)/([^/]+)/groups/([^/]+)/portfolio/(.+)$#) {
+                my $result = &portfolio_access($1,$2,$4.'/'.$3,$3);
+                if ($result eq 'ok') {
+                    return OK;
+                }
+            }
             if ($requrl!~/^\/adm|public|prtspool\//) {
 		my $access=&Apache::lonnet::allowed('bre',$requrl);
                 if ($access eq '1') {
@@ -304,6 +349,18 @@ sub handler {
     if ($requrl=~m|^/+adm/+help/+|) {
 	return OK;
     }
+# ------------------------------------- See if this is a viewable portfolio file
+    if ($requrl =~ m#/+uploaded/([^/]+)/([^/]+)/portfolio(/.+)$#) {
+        my $result = &portfolio_access($1,$2,$3);
+        if ($result eq 'ok') {
+            return OK;
+        }
+    } elsif ($requrl =~ m#/+uploaded/([^/]+)/([^/]+)/groups/([^/]+)/portfolio/(.+)$#) {
+        my $result = &portfolio_access($1,$2,$4.'/'.$3,$3);
+        if ($result eq 'ok') {
+            return OK;
+        }
+    }
 # -------------------------------------------------------------- Not authorized
     $requrl=~/\.(\w+)$/;
 #    if ((&Apache::loncommon::fileembstyle($1) eq 'ssi') ||