--- loncom/homework/daxeopen.pm 2017/02/24 17:34:55 1.6 +++ loncom/homework/daxeopen.pm 2023/08/28 18:58:44 1.13 @@ -1,7 +1,7 @@ # The LearningOnline Network # Opening converted problems and directory listings for Daxe # -# $Id: daxeopen.pm,v 1.6 2017/02/24 17:34:55 damieng Exp $ +# $Id: daxeopen.pm,v 1.13 2023/08/28 18:58:44 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -28,8 +28,9 @@ ### package Apache::daxeopen; +use strict; -use Apache::Constants; +use Apache::Constants qw(:common); use DateTime; use Try::Tiny; use File::stat; @@ -41,17 +42,19 @@ use Apache::lonnet; use Apache::pre_xml; use Apache::html_to_xml; use Apache::post_xml; - +use Apache::lonlocal; sub handler { my $request = shift; my $uri = $request->uri; - $uri =~ s/^\/daxeopen//; + $uri =~ s{^/daxeopen}{}; &Apache::loncommon::no_cache($request); - if ($uri =~ /\/$/) { + if ($uri =~ m{/$}) { return directory_listing($uri, $request); - } elsif ($uri =~ /^\/priv\/.*\.(task|problem|exam|quiz|assess|survey|library|xml|html|htm|xhtml|xhtm)$/) { + } elsif ($uri =~ m{^/priv/.*\.(task|problem|exam|quiz|assess|survey|library|xml|html|htm|xhtml|xhtm)$}) { return convert_problem($uri, $request); + } elsif ($uri =~ m{^/uploaded/$match_domain/$match_courseid/(docs|supplemental)/(default|\d+)/\d+/.*\.(html|htm|xhtml|xhtm)$}) { + return convert_problem($uri, $request); } else { # Apache should send other files directly $request->status(406); @@ -61,21 +64,42 @@ sub handler { sub convert_problem { my ($uri, $request) = @_; - - if ($uri =~ /^\/priv\/([^\/]+)\/([^\/]+)\//) { - my ($domain, $user) = ($1, $2); - my ($uname, $udom) = ($env{'user.name'}, $env{'user.domain'}); - if (!defined $uname || !defined $udom || $domain ne $udom || $user ne $uname) { + if ($uri =~ m{^/priv/$match_domain/$match_username/}) { + unless (&has_priv_access($uri)) { + $request->content_type('text/plain'); + $request->print(&mt('Forbidden URI: [_1]',$uri)); + $request->status(403); + return OK; + } + } elsif ($uri =~ m{^/uploaded/($match_domain)/($match_courseid)/}) { + my ($posscdom,$posscnum) = ($1,$2); + my $allowed; + if ($env{'request.course.id'}) { + my $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'}; + my $cnum = $env{'course.'.$env{'request.course.id'}.'.num'}; + if (($posscdom eq $cdom) && ($posscnum eq $cnum)) { + if (&Apache::lonnet::allowed('mdc',$env{'request.course.id'})) { + $allowed = 1; + } + } + } + unless ($allowed) { $request->content_type('text/plain'); - $request->print("Forbidden URI: $uri"); + $request->print(&mt('Forbidden URI: [_1]',$uri)); $request->status(403); return OK; } } my $file = &Apache::lonnet::filelocation('', $uri); - &Apache::lonnet::repcopy($file); - if (! -e $file) { - $request->status(404); + if (&Apache::lonnet::repcopy($file) eq 'ok') { + if (! -e $file) { + $request->print(&mt('Not found: [_1]',$uri)); + $request->status(404); + return OK; + } + } else { + $request->print(&mt('Forbidden URI: [_1]',$uri)); + $request->status(403); return OK; } try { @@ -88,13 +112,13 @@ sub convert_problem { $case_sensitive = 0; } $textref = &Apache::html_to_xml::html_to_xml($textref, $warnings, $case_sensitive); - my $text = &Apache::post_xml::post_xml($textref, $file, $perlvar{'lonDocRoot'}, $warnings); + my $text = &Apache::post_xml::post_xml($textref, $file, $Apache::lonnet::perlvar{'lonDocRoot'}, $warnings); &Apache::loncommon::content_type($request, 'text/xml', 'utf-8'); $request->print($text); return OK; } catch { $request->content_type('text/plain'); - $request->print("convert failed for $file: $_"); + $request->print(&mt('convert failed for [_1]:',$file)." $_"); $request->status(406); return OK; }; @@ -103,39 +127,126 @@ sub convert_problem { sub directory_listing { my ($uri, $request) = @_; my $res = ''."\n"; + my $referrer = $request->headers_in->{'Referer'}; + my ($cdom,$cnum); + if ($env{'request.course.id'}) { + $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'}; + $cnum = $env{'course.'.$env{'request.course.id'}.'.num'}; + } if ($uri eq '/') { - # root: let users browse /res $res .= "\n"; - $res .= "\n"; - $res .= "\n"; - } elsif ($uri !~ /^\/(priv|res)\//) { + if (($env{'request.course.id'}) && + ($referrer =~ m{\Qfile=/daxeopen/uploaded/$cdom/$cnum/\E(docs|supplemental)/(default|\d+)/(\d+)/})) { + $res .= "\n"; + } else { + # root: let users browse /res + $res .= "\n"; + $res .= "\n"; + } + } elsif ($uri =~ m{^/uploaded/(.*)$}) { + my $rem = $1; + $rem =~ s{/$}{}; + if (($env{'request.course.id'}) && + ($referrer =~ m{\Qfile=/daxeopen/uploaded/$cdom/$cnum/\E(docs|supplemental)/(default|\d+)/(\d+)/})) { + my ($type,$folder,$rid) = ($1,$2,$3); + if ($rem eq '') { + $res .= "\n"; + $res .= "\n"; + } else { + my @expected = ($cdom,$cnum,$type,$folder,$rid); + my @rest = split(/\//,$rem); + my $valid = 1; + for (my $i=0; $i<@rest; $i++) { + unless ($rest[$i] eq $expected[$i]) { + $valid = 0; + last; + } + } + if ($valid) { + my $dirname = $rest[-1]; + $res .= "\n"; + if (scalar(@rest) == scalar(@expected)) { + my $subdir = "/userfiles/$type/$folder/$rid"; + my ($listref, $listerror) = &Apache::lonnet::dirlist($subdir,$cdom,$cnum,'',1); + if ($listerror) { + $request->content_type('text/plain'); + $request->print(&mt('listing error: [_1]',$listerror)); + $request->status(406); + return OK; + } elsif (scalar(@{$listref}) == 0) { + $request->content_type('text/plain'); + $request->print(&mt('Not found: [_1]',$uri)); + $request->status(404); + return OK; + } else { + my @lines = @{$listref}; + my $dirpath = &LONCAPA::propath($cdom,$cnum).'/userfiles'; + my $dirname = $uri; + $dirname =~ s{^.*/([^/]*)$}{$1}; + foreach my $line (@lines) { + my ($path,$dom,undef,$testdir,undef,undef,undef,undef,$size,undef,$mtime) = split(/\&/,$line,12); + my $isdir = ($testdir & 16384); + $path =~ s{^$dirpath}{}; + next if ($path eq '.' || $path eq '..'); + $path =~ s{/$}{}; + my $name = $path; + if ($isdir) { + $res .= "\n"; + } else { + next if ($name =~ /\.bak$/); + my $dt = DateTime->from_epoch(epoch => $mtime); + my $modified = $dt->iso8601().'Z'; + $res .= "\n"; + } + } + } + } else { + my $nextidx = scalar(@rest); + my $subdir = $expected[$nextidx]; + $res .= ""."\n"; + } + } else { + $request->content_type('text/plain'); + $request->print(&mt('Forbidden URI: [_1]',$uri)); + $request->status(403); + return OK; + } + } + } else { + $request->content_type('text/plain'); + $request->print(&mt('Forbidden URI: [_1]',$uri)); + $request->status(403); + return OK; + } + } elsif ($uri !~ m{^/(priv|res)/}) { $request->content_type('text/plain'); - $request->print("Not found: $uri"); + $request->print(&mt('Not found: [_1]',$uri)); $request->status(404); return OK; - } elsif ($uri =~ /^\/res\//) { + } elsif ($uri =~ m{^/res/}) { # NOTE: dirlist does not return an error for /res/idontexist/ - (my $listref, $listerror) = &Apache::lonnet::dirlist($uri); + my ($listref, $listerror) = &Apache::lonnet::dirlist($uri); if ($listerror) { $request->content_type('text/plain'); - $request->print("listing error: $listerror"); + $request->print(&mt('listing error: [_1]',$listerror)); $request->status(406); return OK; - } elsif ($uri =~ /^\/res\/[^\/]+\/$/ && scalar(@{$listref}) == 0) { + } elsif ($uri =~ m{^/res/[^/]+/$} && scalar(@{$listref}) == 0) { $request->content_type('text/plain'); - $request->print("Not found: $uri"); + $request->print(&mt('Not found: [_1]',$uri)); $request->status(404); return OK; } my $dirname = $uri; - $dirname =~ s/^.*\/([^\/]*)$/$1/; + $dirname =~ s{^.*/([^/]*)$}{$1}; $res .= "\n"; + my (%is_course,%is_courseauthor); if (ref($listref) eq 'ARRAY') { my @lines = @{$listref}; foreach my $line (@lines) { my ($path, $dom, undef, $testdir, undef, undef, undef, undef, $size, undef, $mtime, undef, undef, undef, $obs, undef) = split(/\&/, $line, 16); my $isdir = ($testdir & 16384) || $dom =~ /^(user|domain)$/; - $path =~ s/^\/home\/httpd\/html\/res\///; + $path =~ s{^/home/httpd/html/res/}{}; next if $path eq '.' || $path eq '..'; next if $path =~ /\.meta$/ || $obs || $path =~ /\.\d+\.[^.]+$/; if ($dom ne 'domain') { @@ -147,11 +258,32 @@ sub directory_listing { ($udom, $uname) = ($uri =~ m{^/res/($match_domain)/($match_courseid)}); } if ($udom ne '' && $uname ne '') { - # remove courses from the list - next if (&Apache::lonnet::is_course($udom, $uname)); + my $key = $udom.':'.$uname; + if (exists($is_course{$key})) { + if ($is_course{$key}) { + next unless ($is_courseauthor{$key}); + } + } else { + if (&Apache::lonnet::is_course($udom, $uname)) { + $is_course{$key} = 1; + if ($env{'request.course.id'}) { + my $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'}; + my $cnum = $env{'course.'.$env{'request.course.id'}.'.num'}; + if (($cdom eq $udom) && ($cnum eq $uname)) { + if (&Apache::lonnet::allowed('mdc', $env{'request.course.id'})) { + $is_courseauthor{$key} = 1; + } + } + } + # remove courses from the list + next unless ($is_courseauthor{$key}); + } else { + $is_course{$key} = 0; + } + } } } - $path =~ s/\/$//; + $path =~ s{/$}{}; my $name = $path; if ($isdir) { $res .= "\n"; @@ -163,48 +295,54 @@ sub directory_listing { } } } elsif ($uri eq '/priv/') { - my $udom = $env{'user.domain'}; - if (!defined $udom) { + my $defdom = &get_defdom($referrer); + if (!defined $defdom) { $request->content_type('text/plain'); - $request->print("Forbidden URI: $uri"); + $request->print(&mt('Forbidden URI: [_1]',$uri)); $request->status(403); return OK; } $res .= "\n"; - $res .= "\n"; - } elsif ($uri =~ /^\/priv\/([^\/]+)\/$/) { + $res .= "\n"; + } elsif ($uri =~ m{^/priv/($match_domain)/$}) { my $domain = $1; - my ($uname, $udom) = ($env{'user.name'}, $env{'user.domain'}); - if (!defined $uname || !defined $udom || $domain ne $udom) { + my $defdom = &get_defdom($referrer); + if ($domain ne $defdom) { $request->content_type('text/plain'); - $request->print("Forbidden URI: $uri"); + $request->print(&mt('Forbidden URI: [_1]',$uri)); $request->status(403); return OK; } + my $defname = &get_defname($domain,$referrer); $res .= "\n"; - $res .= "\n"; - } elsif ($uri =~ /^\/priv\/([^\/]+)\/([^\/]+)\//) { - my ($domain, $user) = ($1, $2); - my ($uname, $udom) = ($env{'user.name'}, $env{'user.domain'}); - if (!defined $uname || !defined $udom || $domain ne $udom || $user ne $uname) { + $res .= "\n"; + } elsif ($uri =~ m{^/priv/($match_domain)\/($match_username)/}) { + unless (&has_priv_access($uri)) { $request->content_type('text/plain'); - $request->print("Forbidden URI: $uri"); + $request->print(&mt('Forbidden URI: [_1]',$uri)); $request->status(403); return OK; } my $dirpath = &Apache::lonnet::filelocation('', $uri); if (! -e $dirpath) { $request->content_type('text/plain'); - $request->print("Not found: $uri"); + $request->print(&mt('Not found: [_1]',$uri)); $request->status(404); return OK; } - $dirpath =~ s/\/$//; - opendir my $dir, $dirpath or die "Cannot open directory: $dirpath"; - my @files = readdir $dir; - closedir $dir; + $dirpath =~ s{/$}{}; + my @files; + if (opendir(my $dir, $dirpath)) { + @files = readdir($dir); + closedir($dir); + } else { + $request->content_type('text/plain'); + $request->print(&mt('Error opening directory: [_1]',$dirpath)); + $request->status(403); + return OK; + } my $dirname = $dirpath; - $dirname =~ s/^.*\/([^\/]*)$/$1/; + $dirname =~ s{^.*/([^/]*)$}{$1}; $res .= "\n"; foreach my $name (@files) { if ($name eq '.' || $name eq '..') { @@ -213,7 +351,7 @@ sub directory_listing { if ($name =~ /\.(bak|log|meta|save)$/) { next; } - $sb = stat($dirpath.'/'.$name); + my $sb = stat($dirpath.'/'.$name); my $mode = $sb->mode; if (S_ISDIR($mode)) { $res .= "\n"; @@ -230,7 +368,7 @@ sub directory_listing { } } else { $request->content_type('text/plain'); - $request->print("Not found: $uri"); + $request->print(&mt('Not found: [_1]',$uri)); $request->status(404); return OK; } @@ -240,5 +378,85 @@ sub directory_listing { return OK; } +sub has_priv_access { + my ($uri) = @_; + my ($ownername,$ownerdom,$ownerhome) = + &Apache::lonnet::constructaccess($uri); + my $allowed; + if (($ownername ne '') && ($ownerdom ne '') && ($ownerhome ne '')) { + unless ($ownerhome eq 'no_host') { + my @hosts = &Apache::lonnet::current_machine_ids(); + if (grep(/^\Q$ownerhome\E$/,@hosts)) { + $allowed = 1; + } + } + } + return $allowed; +} + +sub get_defdom { + my ($referrer) = @_; + my $defdom; + if ($env{'request.role'} =~ m{^au\./($match_domain)/$}) { + $defdom = $1; + } elsif ($env{'request.role'} =~ m{^(?:ca|aa)\.($match_domain)/($match_username)$}) { + $defdom = $1; + } elsif ($env{'request.course.id'}) { + if ($referrer =~ m{\Qfile=/daxeopen/priv/\E($match_domain)/($match_username)/}) { + my ($possdom,$possuname) = ($1,$2); + if (&Apache::lonnet::is_course($possdom,$possuname)) { + my $crsurl = &Apache::lonnet::courseid_to_courseurl($env{'request.course.id'}); + if ($crsurl eq "/$possdom/$possuname") { + $defdom = $possdom; + } + } else { + if (&Apache::lonnet::domain($possdom) ne '') { + $defdom = $possdom; + } + } + } + } + if ($defdom eq '') { + my ($is_adv,$is_author) = &Apache::lonnet::is_advanced_user($env{'user.domain'},$env{'user.name'}); + if ($is_author) { + $defdom = $env{'user.domain'}; + } + } + return $defdom; +} + +sub get_defname { + my ($domain,$referrer) = @_; + my $defname; + if ($env{'request.role'} eq "au./$domain/") { + $defname = $env{'user.name'}; + } elsif ($env{'request.role'} =~ m{^(?:ca|aa)\./\Q$domain\E/($match_username)$}) { + $defname = $1; + } elsif ($env{'request.course.id'}) { + if ($referrer =~ m{\Qfile=/daxeopen/priv/\E($match_domain)/($match_username)/}) { + my ($possdom,$possuname) = ($1,$2); + if ($domain eq $possdom) { + if (&Apache::lonnet::is_course($possdom,$possuname)) { + my $crsurl = &Apache::lonnet::courseid_to_courseurl($env{'request.course.id'}); + if ($crsurl eq "/$possdom/$possuname") { + $defname = $possuname; + } + } else { + unless (&Apache::lonnet::homeserver($possuname,$possdom) eq 'no_host') { + $defname = $possuname; + } + } + } + } + } + if ($defname eq '') { + my ($is_adv,$is_author) = &Apache::lonnet::is_advanced_user($domain,$env{'user.name'}); + if ($is_author) { + $defname = $env{'user.name'}; + } + } + return $defname; +} + 1; __END__