--- loncom/homework/daxeopen.pm 2023/08/23 22:34:48 1.11 +++ loncom/homework/daxeopen.pm 2023/08/23 22:57:39 1.12 @@ -1,7 +1,7 @@ # The LearningOnline Network # Opening converted problems and directory listings for Daxe # -# $Id: daxeopen.pm,v 1.11 2023/08/23 22:34:48 raeburn Exp $ +# $Id: daxeopen.pm,v 1.12 2023/08/23 22:57:39 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -62,10 +62,8 @@ sub handler { sub convert_problem { my ($uri, $request) = @_; - if ($uri =~ m{^/priv/([^/]+)/([^/]+)/}) { - my ($domain, $user) = ($1, $2); - my ($uname, $udom) = ($env{'user.name'}, $env{'user.domain'}); - if (!defined $uname || !defined $udom || $domain ne $udom || $user ne $uname) { + if ($uri =~ m{^/priv/$match_domain/$match_username/}) { + unless (&has_priv_access($uri)) { $request->content_type('text/plain'); $request->print(&mt('Forbidden URI: [_1]',$uri)); $request->status(403); @@ -130,6 +128,7 @@ sub directory_listing { my $dirname = $uri; $dirname =~ s{^.*/([^/]*)$}{$1}; $res .= "\n"; + my (%is_course,%is_courseauthor); if (ref($listref) eq 'ARRAY') { my @lines = @{$listref}; foreach my $line (@lines) { @@ -147,8 +146,29 @@ sub directory_listing { ($udom, $uname) = ($uri =~ m{^/res/($match_domain)/($match_courseid)}); } if ($udom ne '' && $uname ne '') { - # remove courses from the list - next if (&Apache::lonnet::is_course($udom, $uname)); + my $key = $udom.':'.$uname; + if (exists($is_course{$key})) { + if ($is_course{$key}) { + next unless ($is_courseauthor{$key}); + } + } else { + if (&Apache::lonnet::is_course($udom, $uname)) { + $is_course{$key} = 1; + if ($env{'request.course.id'}) { + my $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'}; + my $cnum = $env{'course.'.$env{'request.course.id'}.'.num'}; + if (($cdom eq $udom) && ($cnum eq $uname)) { + if (&Apache::lonnet::allowed('mdc', $env{'request.course.id'})) { + $is_courseauthor{$key} = 1; + } + } + } + # remove courses from the list + next unless ($is_courseauthor{$key}); + } else { + $is_course{$key} = 0; + } + } } } $path =~ s{/$}{}; @@ -163,30 +183,31 @@ sub directory_listing { } } } elsif ($uri eq '/priv/') { - my $udom = $env{'user.domain'}; - if (!defined $udom) { + my $referrer = $request->headers_in->{'Referer'}; + my $defdom = &get_defdom($referrer); + if (!defined $defdom) { $request->content_type('text/plain'); $request->print(&mt('Forbidden URI: [_1]',$uri)); $request->status(403); return OK; } $res .= "\n"; - $res .= "\n"; - } elsif ($uri =~ m{^/priv/([^/]+)/$}) { + $res .= "\n"; + } elsif ($uri =~ m{^/priv/($match_domain)/$}) { my $domain = $1; - my ($uname, $udom) = ($env{'user.name'}, $env{'user.domain'}); - if (!defined $uname || !defined $udom || $domain ne $udom) { + my $referrer = $request->headers_in->{'Referer'}; + my $defdom = &get_defdom($referrer); + if ($domain ne $defdom) { $request->content_type('text/plain'); $request->print(&mt('Forbidden URI: [_1]',$uri)); $request->status(403); return OK; } + my $defname = &get_defname($domain,$referrer); $res .= "\n"; - $res .= "\n"; - } elsif ($uri =~ m{^/priv/([^/]+)/([^/]+)/}) { - my ($domain, $user) = ($1, $2); - my ($uname, $udom) = ($env{'user.name'}, $env{'user.domain'}); - if (!defined $uname || !defined $udom || $domain ne $udom || $user ne $uname) { + $res .= "\n"; + } elsif ($uri =~ m{^/priv/($match_domain)\/($match_username)/}) { + unless (&has_priv_access($uri)) { $request->content_type('text/plain'); $request->print(&mt('Forbidden URI: [_1]',$uri)); $request->status(403); @@ -247,5 +268,85 @@ sub directory_listing { return OK; } +sub has_priv_access { + my ($uri) = @_; + my ($ownername,$ownerdom,$ownerhome) = + &Apache::lonnet::constructaccess($uri); + my $allowed; + if (($ownername ne '') && ($ownerdom ne '') && ($ownerhome ne '')) { + unless ($ownerhome eq 'no_host') { + my @hosts = &Apache::lonnet::current_machine_ids(); + if (grep(/^\Q$ownerhome\E$/,@hosts)) { + $allowed = 1; + } + } + } + return $allowed; +} + +sub get_defdom { + my ($referrer) = @_; + my $defdom; + if ($env{'request.role'} =~ m{^au\./($match_domain)/$}) { + $defdom = $1; + } elsif ($env{'request.role'} =~ m{^(?:ca|aa)\.($match_domain)/($match_username)$}) { + $defdom = $1; + } elsif ($env{'request.course.id'}) { + if ($referrer =~ m{\Qfile=/daxeopen/priv/\E($match_domain)/($match_username)/}) { + my ($possdom,$possuname) = ($1,$2); + if (&Apache::lonnet::is_course($possdom,$possuname)) { + my $crsurl = &Apache::lonnet::courseid_to_courseurl($env{'request.course.id'}); + if ($crsurl eq "/$possdom/$possuname") { + $defdom = $possdom; + } + } else { + if (&Apache::lonnet::domain($possdom) ne '') { + $defdom = $possdom; + } + } + } + } + if ($defdom eq '') { + my ($is_adv,$is_author) = &Apache::lonnet::is_advanced_user($env{'user.domain'},$env{'user.name'}); + if ($is_author) { + $defdom = $env{'user.domain'}; + } + } + return $defdom; +} + +sub get_defname { + my ($domain,$referrer) = @_; + my $defname; + if ($env{'request.role'} eq "au./$domain/") { + $defname = $env{'user.name'}; + } elsif ($env{'request.role'} =~ m{^(?:ca|aa)\./\Q$domain\E/($match_username)$}) { + $defname = $1; + } elsif ($env{'request.course.id'}) { + if ($referrer =~ m{\Qfile=/daxeopen/priv/\E($match_domain)/($match_username)/}) { + my ($possdom,$possuname) = ($1,$2); + if ($domain eq $possdom) { + if (&Apache::lonnet::is_course($possdom,$possuname)) { + my $crsurl = &Apache::lonnet::courseid_to_courseurl($env{'request.course.id'}); + if ($crsurl eq "/$possdom/$possuname") { + $defname = $possuname; + } + } else { + unless (&Apache::lonnet::homeserver($possuname,$possdom) eq 'no_host') { + $defname = $possuname; + } + } + } + } + } + if ($defname eq '') { + my ($is_adv,$is_author) = &Apache::lonnet::is_advanced_user($domain,$env{'user.name'}); + if ($is_author) { + $defname = $env{'user.name'}; + } + } + return $defname; +} + 1; __END__