--- loncom/auth/loncacc.pm	2008/11/12 20:01:09	1.47
+++ loncom/auth/loncacc.pm	2012/10/29 17:39:06	1.60
@@ -2,7 +2,7 @@
 # Cookie Based Access Handler for Construction Area
 # (lonacc: 5/21/99,5/22,5/29,5/31 Gerd Kortemeyer)
 #
-# $Id: loncacc.pm,v 1.47 2008/11/12 20:01:09 jms Exp $
+# $Id: loncacc.pm,v 1.60 2012/10/29 17:39:06 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -42,11 +42,11 @@ Invoked (for various locations) by /etc/
 =head1 INTRODUCTION
 
 This module enables cookie based authentication for construction area
-and is used to control access for three (essentially equivalent) URIs.
+and is used to control access for the following two types of URI 
+(one for files, and one for directories):
 
  <LocationMatch "^/priv.*">
- <LocationMatch "^/\~.*">
- <LocationMatch "^/\~.*/$">
+ <LocationMatch "^/priv.*/$">
 
 Whenever the client sends the cookie back to the server, 
 if the cookie is missing or invalid, the user is re-challenged
@@ -71,18 +71,6 @@ store where they wanted to go (first url
 
 =back
 
-=head1 OTHERSUBROUTINES
-
-=over 4
-
-=item *
-
-constructaccess($url,$ownerdomain) : See if the owner domain and name
-in the URL match those in the expected environment.  If so, return 
-two element list ($ownername,$ownerdomain).  Else, return null string.
-
-=back
-
 =cut
 
 
@@ -96,30 +84,6 @@ use Apache::lonnet;
 use Apache::lonacc;
 use LONCAPA qw(:DEFAULT :match);
 
-sub constructaccess {
-    my ($url,$ownerdomain)=@_;
-    my ($ownername)=($url=~/\/(?:\~|priv\/|home\/)($match_username)\//);
-    unless (($ownername) && ($ownerdomain)) { return ''; }
-    # We do not allow editing of previous versions of files.
-    if ($url=~/\.(\d+)\.(\w+)$/) { return ''; }
-    my @possibledomains = &Apache::lonnet::current_machine_domains();
-    if ($ownername eq $env{'user.name'}) {
-	foreach my $domain (@possibledomains) {
-	    if ($domain eq $env{'user.domain'}) {
-		return ($ownername,$domain);
-	    }
-	}
-    }
-    
-    foreach my $domain (@possibledomains) {
-	if (exists($env{'user.priv.ca./'.$domain.'/'.$ownername.'./'}) ||
-	    exists($env{'user.priv.aa./'.$domain.'/'.$ownername.'./'}) ) {
-	    return ($ownername,$domain);
-	}
-    }
-    return '';
-}
-
 sub handler {
     my $r = shift;
     my $requrl=$r->uri;
@@ -141,7 +105,19 @@ sub handler {
 	$env{'request.state'}    = "construct";
 	$env{'request.filename'} = $r->filename;
 
-	unless (&constructaccess($requrl,$r->dir_config('lonDefDomain'))) {
+	my $allowed;
+	my ($ownername,$ownerdom,$ownerhome) = 
+            &Apache::lonnet::constructaccess($requrl,'setpriv');
+        if (($ownername ne '') && ($ownerdom ne '') && ($ownerhome ne '')) {
+            unless ($ownerhome eq 'no_host') {
+                my @hosts = &Apache::lonnet::current_machine_ids();
+                if (grep(/^\Q$ownerhome\E$/,@hosts)) {
+                    $allowed = 1;
+                }
+            }
+        }
+
+        unless ($allowed) {
 	    $r->log_reason("Unauthorized $requrl", $r->filename); 
 	    return HTTP_NOT_ACCEPTABLE;
 	}
@@ -151,7 +127,7 @@ sub handler {
 	&Apache::lonacc::get_posted_cgi($r);
 
 	return OK; 
-    } else { 
+    } else {
 	$r->log_reason("Cookie $handle not valid", $r->filename) 
     }
 
@@ -164,10 +140,3 @@ sub handler {
 1;
 __END__
 
-
-
-
-
-
-
-