|
version 1.57, 2011/10/30 20:31:02
|
version 1.58, 2011/11/12 18:48:41
|
|
Line 79 store where they wanted to go (first url
|
Line 79 store where they wanted to go (first url
|
| |
|
| See if the owner domain and name |
See if the owner domain and name |
| in the URL match those in the expected environment. If so, return |
in the URL match those in the expected environment. If so, return |
| two element list ($ownername,$ownerdomain). Else, return null string. |
three element list ($ownername,$ownerdomain,$ownerhome). |
| If 'setpriv' is set to 'setpriv', it actually assigns the privileges. |
|
| |
Otherwise return the null string. |
| |
|
| |
If second argument 'setpriv' is true, it assigns the privileges, |
| |
and returns the same three element list, unless the owner has |
| |
blocked "ad hoc" Domain Coordinator access to the Author Space, |
| |
in which case the null string is returned. |
| |
|
| =back |
=back |
| |
|
| =cut |
=cut |
|
Line 104 sub constructaccess {
|
Line 111 sub constructaccess {
|
| |
|
| # Get username and domain from URL |
# Get username and domain from URL |
| my $londocroot = $Apache::lonnet::perlvar{'lonDocRoot'}; |
my $londocroot = $Apache::lonnet::perlvar{'lonDocRoot'}; |
| my ($ownerdomain,$ownername)=($url=~ m{^(?:\Q$londocroot\E|)/priv/($match_domain)/($match_username)/}); |
my ($ownername,$ownerdomain,$ownerhome); |
| |
|
| |
($ownerdomain,$ownername) = |
| |
($url=~ m{^(?:\Q$londocroot\E|)/priv/($match_domain)/($match_username)/}); |
| |
|
| # The URL does not really point to any authorspace, forget it |
# The URL does not really point to any authorspace, forget it |
| unless (($ownername) && ($ownerdomain)) { return ''; } |
unless (($ownername) && ($ownerdomain)) { return ''; } |
| |
|
| # Now we need to see if the user has access to the authorspace of |
# Now we need to see if the user has access to the authorspace of |
| # $ownername at $ownerdomain |
# $ownername at $ownerdomain |
| |
|
| if (($ownername eq $env{'user.name'}) && ($ownerdomain eq $env{'user.domain'})) { |
if (($ownername eq $env{'user.name'}) && ($ownerdomain eq $env{'user.domain'})) { |
| # Real author for this? |
# Real author for this? |
| |
$ownerhome = $env{'user.home'}; |
| if (exists($env{'user.priv.au./'.$ownerdomain.'/./'})) { |
if (exists($env{'user.priv.au./'.$ownerdomain.'/./'})) { |
| return ($ownername,$ownerdomain); |
return ($ownername,$ownerdomain,$ownerhome); |
| } |
} |
| } else { |
} else { |
| # Co-author for this? |
# Co-author for this? |
| if (exists($env{'user.priv.ca./'.$ownerdomain.'/'.$ownername.'./'}) || |
if (exists($env{'user.priv.ca./'.$ownerdomain.'/'.$ownername.'./'}) || |
| exists($env{'user.priv.aa./'.$ownerdomain.'/'.$ownername.'./'}) ) { |
exists($env{'user.priv.aa./'.$ownerdomain.'/'.$ownername.'./'}) ) { |
| return ($ownername,$ownerdomain); |
$ownerhome = &Apache::lonnet::homeserver($ownername,$ownerdomain); |
| |
return ($ownername,$ownerdomain,$ownerhome); |
| } |
} |
| } |
} |
| # We don't have any access right now. If we are not possibly going to do anything about this, |
# We don't have any access right now. If we are not possibly going to do anything about this, |
|
Line 150 sub constructaccess {
|
Line 162 sub constructaccess {
|
| &Apache::lonnet::check_adhoc_privs($ownerdomain,$ownername, |
&Apache::lonnet::check_adhoc_privs($ownerdomain,$ownername, |
| $update,$refresh,$now,'ca', |
$update,$refresh,$now,'ca', |
| 'constructaccess'); |
'constructaccess'); |
| return($ownername,$ownerdomain); |
$ownerhome = &Apache::lonnet::homeserver($ownername,$ownerdomain); |
| |
return($ownername,$ownerdomain,$ownerhome); |
| } |
} |
| # No business here |
# No business here |
| return ''; |
return ''; |
|
Line 177 sub handler {
|
Line 190 sub handler {
|
| $env{'request.state'} = "construct"; |
$env{'request.state'} = "construct"; |
| $env{'request.filename'} = $r->filename; |
$env{'request.filename'} = $r->filename; |
| |
|
| unless (&constructaccess($requrl,'setpriv')) { |
my $allowed; |
| |
my ($ownername,$ownerdom,$ownerhome) = &constructaccess($requrl,'setpriv'); |
| |
if (($ownername ne '') && ($ownerdom ne '') && ($ownerhome ne '')) { |
| |
unless ($ownerhome eq 'no_host') { |
| |
my @hosts = &Apache::lonnet::current_machine_domains(); |
| |
if (grep(/^\Q$ownerhome\E$/,@hosts)) { |
| |
$allowed = 1; |
| |
} |
| |
} |
| |
} |
| |
|
| |
unless ($allowed) { |
| $r->log_reason("Unauthorized $requrl", $r->filename); |
$r->log_reason("Unauthorized $requrl", $r->filename); |
| return HTTP_NOT_ACCEPTABLE; |
return HTTP_NOT_ACCEPTABLE; |
| } |
} |
|
Line 187 sub handler {
|
Line 211 sub handler {
|
| &Apache::lonacc::get_posted_cgi($r); |
&Apache::lonacc::get_posted_cgi($r); |
| |
|
| return OK; |
return OK; |
| } else { |
} else { |
| $r->log_reason("Cookie $handle not valid", $r->filename) |
$r->log_reason("Cookie $handle not valid", $r->filename) |
| } |
} |
| |
|
|
Line 200 sub handler {
|
Line 224 sub handler {
|
| 1; |
1; |
| __END__ |
__END__ |
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
![[BACK]](/icons/back.gif){kind=icon}
Return to loncacc.pm CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / loncom / auth