--- loncom/cgi/lonauthcgi.pm 2008/12/25 05:10:14 1.2 +++ loncom/cgi/lonauthcgi.pm 2009/10/08 22:37:39 1.5 @@ -1,7 +1,7 @@ # # LON-CAPA authorization for cgi-bin scripts # -# $Id: lonauthcgi.pm,v 1.2 2008/12/25 05:10:14 raeburn Exp $ +# $Id: lonauthcgi.pm,v 1.5 2009/10/08 22:37:39 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -133,9 +133,14 @@ Returns: 1 if access to the page is perm the requestor as one of the named users (username:domain) with access to the page. - In the case of requests for the 'ping' page, and access is also allowed if + In the case of requests for the 'ping' page, access is also allowed if at least one domain hosted on requestor's server is also hosted on this server. + In the case of requests for the 'showenv' page (/adm/test), the domains tested + are not the domains hosted on the server, but instead are a single domain - + the domain of the requestor. In addition, if the requestor has an active + Domain Coordinator role for that domain, access is permitted, regardless of + the requestor's current role. =cut ############################################# @@ -156,22 +161,41 @@ sub can_view { } } } else { - my @poss_domains = &Apache::lonnet::current_machine_domains(); - foreach my $dom (@poss_domains) { - my %domconfig = &Apache::lonnet::get_dom('configuration',['serverstatuses'],$dom); - if ($Apache::lonnet::env{'request.role'} eq "dc./$dom/") { - $allowed = 1; - } elsif (ref($domconfig{'serverstatuses'}) eq 'HASH') { - if (ref($domconfig{'serverstatuses'}{$page}) eq 'HASH') { - if ($domconfig{'serverstatuses'}{$page}{'namedusers'} ne '') { - my @okusers = split(/,/,$domconfig{'serverstatuses'}{$page}{'namedusers'}); - if (grep(/^\Q$Apache::lonnet::env{'user.name'}:$Apache::lonnet::env{'user.domain'}\E$/,@okusers)) { - $allowed = 1; + my @poss_domains; + if ($page eq 'showenv') { + @poss_domains = ($env{'user.domain'}); + my $envkey = 'user.role.dc./'.$poss_domains[0].'/'; + if (exists($Apache::lonnet::env{$envkey})) { + my $livedc = 1; + my $then = $Apache::lonnet::env{'user.login.time'}; + my ($tstart,$tend)=split(/\./,$Apache::lonnet::env{$envkey}); + if ($tstart && $tstart>$then) { $livedc = 0; } + if ($tend && $tend <$then) { $livedc = 0; } + if ($livedc) { + $allowed = 1; + } + } + } else { + @poss_domains = &Apache::lonnet::current_machine_domains(); + } + unless ($allowed) { + foreach my $dom (@poss_domains) { + my %domconfig = &Apache::lonnet::get_dom('configuration',['serverstatuses'], + $dom); + if ($Apache::lonnet::env{'request.role'} eq "dc./$dom/") { + $allowed = 1; + } elsif (ref($domconfig{'serverstatuses'}) eq 'HASH') { + if (ref($domconfig{'serverstatuses'}{$page}) eq 'HASH') { + if ($domconfig{'serverstatuses'}{$page}{'namedusers'} ne '') { + my @okusers = split(/,/,$domconfig{'serverstatuses'}{$page}{'namedusers'}); + if (grep(/^\Q$Apache::lonnet::env{'user.name'}:$Apache::lonnet::env{'user.domain'}\E$/,@okusers)) { + $allowed = 1; + } } } } + last if $allowed; } - last if $allowed; } } return $allowed; @@ -247,6 +271,7 @@ sub serverstatus_titles { 'takeoffline' => 'Offline - replace Log-in page', 'takeonline' => 'Online - restore Log-in page', 'showenv' => "Show user environment", + 'toggledebug' => "Toggle debug messages", ); return \%titles; }