--- loncom/auth/loncacc.pm	2008/11/12 20:01:09	1.47
+++ loncom/auth/loncacc.pm	2009/04/11 21:42:58	1.49
@@ -2,7 +2,7 @@
 # Cookie Based Access Handler for Construction Area
 # (lonacc: 5/21/99,5/22,5/29,5/31 Gerd Kortemeyer)
 #
-# $Id: loncacc.pm,v 1.47 2008/11/12 20:01:09 jms Exp $
+# $Id: loncacc.pm,v 1.49 2009/04/11 21:42:58 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -73,11 +73,11 @@ store where they wanted to go (first url
 
 =head1 OTHERSUBROUTINES
 
-=over 4
+=over
 
-=item *
+=item constructaccess($url,$ownerdomain)
 
-constructaccess($url,$ownerdomain) : See if the owner domain and name
+See if the owner domain and name
 in the URL match those in the expected environment.  If so, return 
 two element list ($ownername,$ownerdomain).  Else, return null string.
 
@@ -97,7 +97,7 @@ use Apache::lonacc;
 use LONCAPA qw(:DEFAULT :match);
 
 sub constructaccess {
-    my ($url,$ownerdomain)=@_;
+    my ($url,$ownerdomain,$setpriv)=@_;
     my ($ownername)=($url=~/\/(?:\~|priv\/|home\/)($match_username)\//);
     unless (($ownername) && ($ownerdomain)) { return ''; }
     # We do not allow editing of previous versions of files.
@@ -117,9 +117,42 @@ sub constructaccess {
 	    return ($ownername,$domain);
 	}
     }
+
+    my $then=$env{'user.login.time'};
+    my %dcroles = ();
+    if (&is_active_dc($ownerdomain,$then)) {
+        my %blocked=&Apache::lonnet::get('environment',['domcoord.author'],
+                                         $ownerdomain,$ownername);
+        unless ($blocked{'domcoord.author'} eq 'blocked') {
+            if (grep(/^$ownerdomain$/,@possibledomains)) {
+                if ($setpriv) {
+                    my $now = time;
+                    &Apache::lonnet::check_adhoc_privs($ownerdomain,$ownername,
+                                                       $then,$now,'ca');
+                }
+                return($ownername,$ownerdomain);
+            }
+        }
+    }
     return '';
 }
 
+sub is_active_dc {
+    my ($ownerdomain,$then) = @_;
+    my $livedc;
+    if ($env{'user.adv'}) {
+        my $domrole = $env{'user.role.dc./'.$ownerdomain.'/'};
+        if ($domrole) {
+            my ($tstart,$tend)=split(/\./,$domrole);
+            $livedc = 1;
+            if ($tstart && $tstart>$then) { undef($livedc); }
+            if ($tend   && $tend  <$then) { undef($livedc); }
+        }
+    }
+    return $livedc;
+}
+
+
 sub handler {
     my $r = shift;
     my $requrl=$r->uri;
@@ -141,7 +174,7 @@ sub handler {
 	$env{'request.state'}    = "construct";
 	$env{'request.filename'} = $r->filename;
 
-	unless (&constructaccess($requrl,$r->dir_config('lonDefDomain'))) {
+	unless (&constructaccess($requrl,$r->dir_config('lonDefDomain')),'setpriv') {
 	    $r->log_reason("Unauthorized $requrl", $r->filename); 
 	    return HTTP_NOT_ACCEPTABLE;
 	}