--- loncom/homework/daxesave.pm 2015/12/10 16:26:43 1.2 +++ loncom/homework/daxesave.pm 2016/02/17 00:05:14 1.3 @@ -1,7 +1,7 @@ # The LearningOnline Network # Convert and save a problem from Daxe. # -# $Id: daxesave.pm,v 1.2 2015/12/10 16:26:43 damieng Exp $ +# $Id: daxesave.pm,v 1.3 2016/02/17 00:05:14 damieng Exp $ # # Copyright Michigan State University Board of Trustees # @@ -43,17 +43,31 @@ sub handler { $request->content_type('text/plain'); - my $path = $env{'form.path'}; # should be in the form "/daxeopen/priv/..." + # path should be in the form "/daxeopen/priv/..." + # or ^/daxeopen/uploaded/[^/]+/[^/]+/supplemental/.*html?$ + my $path = $env{'form.path'}; $path =~ s/^\/daxeopen//; - my $allowed; - my ($ownername,$ownerdom,$ownerhome) = - &Apache::lonnet::constructaccess($path, 'setpriv'); - if (($ownername ne '') && ($ownerdom ne '') && ($ownerhome ne '')) { - unless ($ownerhome eq 'no_host') { - my @hosts = &Apache::lonnet::current_machine_ids(); - if (grep(/^\Q$ownerhome\E$/,@hosts)) { - $allowed = 1; + my $allowed = 0; + if ($path =~ /^\/priv/) { + my ($ownername,$ownerdom,$ownerhome) = + &Apache::lonnet::constructaccess($path, 'setpriv'); + if (($ownername ne '') && ($ownerdom ne '') && ($ownerhome ne '')) { + unless ($ownerhome eq 'no_host') { + my @hosts = &Apache::lonnet::current_machine_ids(); + if (grep(/^\Q$ownerhome\E$/,@hosts)) { + $allowed = 1; + } + } + } + } elsif ($path =~ m|^/uploaded/[^/]+/[^/]+/supplemental/|) { + if ($env{'user.name'} ne '' && $env{'user.domain'} ne '' && $env{'request.course.id'}) { + $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'}; + $cnum = $env{'course.'.$env{'request.course.id'}.'.num'}; + if ($path =~ m|^/uploaded/\Q$cdom\E/\Q$cnum\E/supplemental/| && $path !~ /\.\./) { + if (&Apache::lonnet::allowed('mdc', $env{'request.course.id'})) { + $allowed = 1; + } } } }