--- loncom/auth/lonstatusacc.pm	2008/11/28 19:38:11	1.1
+++ loncom/auth/lonstatusacc.pm	2009/06/13 20:28:56	1.7
@@ -1,7 +1,7 @@
 #
 # LON-CAPA authorization for pages generated by server-status reports 
 #
-# $Id: lonstatusacc.pm,v 1.1 2008/11/28 19:38:11 raeburn Exp $
+# $Id: lonstatusacc.pm,v 1.7 2009/06/13 20:28:56 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -31,22 +31,34 @@
 package Apache::lonstatusacc;
 
 use strict;
-use Apache::Constants qw(:common :remotehost);
+use Apache::Constants qw(:common :http :remotehost);
 use Apache::lonnet;
 use LONCAPA::loncgi;
+use LONCAPA::lonauthcgi;
 
 sub handler {
     my $r = shift;
     my $reqhost = $r->get_remote_host(REMOTE_NOLOOKUP);
-    my $page = 'serverstatus';
-    if ($r->uri eq '/adm/test') {
-        $page = 'showenv';
-        if (&LONCAPA::loncgi::check_cookie_and_load_env()) {
-            if (&LONCAPA::loncgi::can_view($page)) {
-                return OK; 
-            } elsif (&LONCAPA::loncgi::check_ipbased_access($page,$reqhost)) {
+    my $page = 'server-status';
+    if (($r->uri eq '/adm/domainstatus') ||
+        ($r->uri eq '/adm/test')) {
+        if (&LONCAPA::loncgi::check_cookie_and_load_env($r)) {
+            if ($r->uri eq '/adm/domainstatus') {
                 return OK;
+            } elsif ($r->uri eq '/adm/test') { 
+                $page = 'showenv'; 
+                if (&LONCAPA::lonauthcgi::can_view($page)) {
+                    return OK; 
+                } elsif (&LONCAPA::lonauthcgi::check_ipbased_access($page,$reqhost)) {
+                    return OK;
+                } else {
+                    $Apache::lonnet::env{'user.error.msg'} =
+                        $r->uri.":bre:1:1:Access Denied";
+                    return HTTP_NOT_ACCEPTABLE;
+                }
             }
+        } else {
+            return FORBIDDEN;
         }
     } elsif ($r->uri ne '/server-status') {
         $page = 'lonstatus';
@@ -70,13 +82,13 @@ sub handler {
                 }
             }
         }
-    } elsif (&LONCAPA::loncgi::check_ipbased_access($page,$reqhost)) {
+    }
+    if (&LONCAPA::lonauthcgi::check_ipbased_access($page,$reqhost)) {
         return OK;
-    } else {
-        if (&LONCAPA::loncgi::check_cookie_and_load_env($page)) {
-            if (&LONCAPA::loncgi::can_view($page)) {
-                return OK;
-            }
+    }
+    if (&LONCAPA::loncgi::check_cookie_and_load_env($r)) {
+        if (&LONCAPA::lonauthcgi::can_view($page)) {
+            return OK;
         }
     }
     $r->log_reason("Invalid request for server status from $reqhost",
@@ -149,14 +161,14 @@ The check for whether access is allowed
     Access requires a valid session - checked using 
     LONCAPA::loncgi::check_cookie_and_load_env(). 
     If so, access is allowed if one of the following is true:
-    (i) Requestor has LON-CAPA superuser role, or
-    (ii) Requestor's role is Domain Coordinator in one of the domains
-         hosted on this server
-    (iii) Domain configurations for domains hosted on this server include
+    (i) Requestor's role is LON-CAPA superuser role.
+    (ii) Requestor has a Domain Coordinator role in the domain of the
+         requestor ($env{'user.domain'}), regardless of requestor's role.
+    (iii) Domain configurations for the domain of the current user include
           the requestor as one of the named users (username:domain) with access
           to the page.
     (iv) IP address of requestor is listed in domain configuration list
-         of allowed machines for any of the domains hosted on this server
+         of allowed IPs for the domain of the current user.
 
 =cut