--- loncom/auth/lonwebdavacc.pm	2015/03/16 12:13:34	1.3
+++ loncom/auth/lonwebdavacc.pm	2015/05/29 18:42:01	1.4
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Authorization Handler for webDAV access to Authoring Space. 
 #
-# $Id: lonwebdavacc.pm,v 1.3 2015/03/16 12:13:34 raeburn Exp $
+# $Id: lonwebdavacc.pm,v 1.4 2015/05/29 18:42:01 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -34,7 +34,7 @@ Apache::lonwebdavacc - webDAV Authorizat
 
 =head1 SYNOPSIS
 
-Invoked for /+webdav/[\w\-]+/[\w\-]+/ by
+Invoked for ^/+webdav/[\w\-.]+/\w[\w.\-\@]+/ by
 /etc/httpd/conf/loncapa_apache.conf:
 
 PerlAccessHandler       Apache::lonwebdavacc
@@ -44,7 +44,7 @@ PerlAccessHandler       Apache::lonwebda
 This module enables authorization for authoring space
 and is used to control access for the following type of URI:
 
- <LocationMatch "^/webdav/[\w\-]+/[\w\-]+>
+ <LocationMatch "^/+webdav/[\w\-.]+/\w[\w.\-\@]+/">
 
 This module is only called following successful authentication. 
 Unless lonOtherAuthen has been set, so Single Sign On can be used,
@@ -133,11 +133,12 @@ sub handler {
     my $now = time;
     my $sessiondir=$r->dir_config('lonDAVsessDir');
 
-    my ($adom,$aname);
+    my ($adom,$aname) = ($r->uri =~ m{^/webdav/($match_domain)/($match_username)/});
+    my $author = "$aname:$adom";
     unless ($env{'user.environment'}) {
         my $handle = &Apache::lonnet::check_for_valid_session($r,'lonDAV');
         if ($handle eq '') {
-            $handle = &sso_login($r,$sessiondir,$now,$timetolive);
+            $handle = &sso_login($r,$sessiondir,$now,$timetolive,$author);
             if ($handle eq '') {
                 return FORBIDDEN;
             }
@@ -150,7 +151,6 @@ sub handler {
         return FORBIDDEN;
     }
 
-    ($adom,$aname) = ($r->uri =~ m{^/webdav/($match_domain)/($match_username)/});
     my $docroot = $r->dir_config('lonDocRoot');
     if ($adom eq '' || $aname eq '') {
         return FORBIDDEN;
@@ -217,7 +217,7 @@ sub handler {
 }
 
 sub sso_login {
-    my ($r,$sessiondir,$now,$timetolive) = @_;
+    my ($r,$sessiondir,$now,$timetolive,$author) = @_;
     my ($uname,$udom);
     my ($uname) = ($r->user =~ m/([a-zA-Z0-9_\-@.]*)/);
     unless ($uname =~ /^$match_username$/) {
@@ -235,12 +235,18 @@ sub sso_login {
         return;
     }
     my $handle = 
-        &Apache::lonwebdavauth::init_webdav_env($sessiondir,$uname,$udom,
-                                                $uhome,$now,$timetolive);
+        &Apache::lonwebdavauth::init_webdav_env($r,$sessiondir,$uname,$udom,
+                                                $uhome,$now,$timetolive,$author);
     if ($handle ne '') {
-        my $cookie = "lonDAV=$handle; path=/webdav/; secure; HttpOnly;";
-        $r->header_out('Set-cookie' => $cookie);
-        $r->send_http_header;
+        if (&Apache::lonnet::usertools_access($uname,$udom,'webdav')) {
+            my ($webdav) =
+                ($r->uri =~ m{^(/webdav/$match_domain/$match_username/)});
+            &Apache::lonnet::log($udom,$uname,$uhome,
+                                 "SSO log-in to $webdav from $ENV{'REMOTE_ADDR'}");
+            my $cookie = "lonDAV=$handle; path=/webdav/; secure; HttpOnly;";
+            $r->header_out('Set-cookie' => $cookie);
+            $r->send_http_header;
+        }
     }
     return ($handle);
 }