--- loncom/lonnet/perl/lonnet.pm 2021/12/24 21:13:15 1.1172.2.144
+++ loncom/lonnet/perl/lonnet.pm 2022/02/20 20:40:57 1.1172.2.146.2.4
@@ -1,7 +1,7 @@
# The LearningOnline Network
# TCP networking package
#
-# $Id: lonnet.pm,v 1.1172.2.144 2021/12/24 21:13:15 raeburn Exp $
+# $Id: lonnet.pm,v 1.1172.2.146.2.4 2022/02/20 20:40:57 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -127,7 +127,7 @@ our @EXPORT = qw(%env);
$logid ++;
my $now = time();
my $id=$now.'00000'.$$.'00000'.$logid;
- my $ip = &get_requestor_ip();
+ my $ip = &get_requestor_ip();
my $logentry = {
$id => {
'exe_uname' => $env{'user.name'},
@@ -1882,7 +1882,7 @@ sub dump_dom {
# ------------------------------------------ get items from domain db files
sub get_dom {
- my ($namespace,$storearr,$udom,$uhome)=@_;
+ my ($namespace,$storearr,$udom,$uhome,$encrypt)=@_;
return if ($udom eq 'public');
my $items='';
foreach my $item (@$storearr) {
@@ -1909,8 +1909,12 @@ sub get_dom {
if (grep { $_ eq $uhome } ¤t_machine_ids()) {
# domain information is hosted on this machine
$rep = &LONCAPA::Lond::get_dom("getdom:$udom:$namespace:$items");
- } else {
- $rep=&reply("getdom:$udom:$namespace:$items",$uhome);
+ } else {
+ if ($encrypt) {
+ $rep=&reply("encrypt:egetdom:$udom:$namespace:$items",$uhome);
+ } else {
+ $rep=&reply("getdom:$udom:$namespace:$items",$uhome);
+ }
}
my %returnhash;
if ($rep eq '' || $rep =~ /^error: 2 /) {
@@ -1934,7 +1938,7 @@ sub get_dom {
# -------------------------------------------- put items in domain db files
sub put_dom {
- my ($namespace,$storehash,$udom,$uhome)=@_;
+ my ($namespace,$storehash,$udom,$uhome,$encrypt)=@_;
if (!$udom) {
$udom=$env{'user.domain'};
if (defined(&domain($udom,'primary'))) {
@@ -1955,7 +1959,11 @@ sub put_dom {
$items.=&escape($item).'='.&freeze_escape($$storehash{$item}).'&';
}
$items=~s/\&$//;
- return &reply("putdom:$udom:$namespace:$items",$uhome);
+ if ($encrypt) {
+ return &reply("encrypt:putdom:$udom:$namespace:$items",$uhome);
+ } else {
+ return &reply("putdom:$udom:$namespace:$items",$uhome);
+ }
} else {
&logthis("put_dom failed - no homeserver and/or domain");
}
@@ -1989,6 +1997,57 @@ sub del_dom {
}
}
+sub store_dom {
+ my ($storehash,$id,$namespace,$dom,$home,$encrypt) = @_;
+ $$storehash{'ip'}=&get_requestor_ip();
+ $$storehash{'host'}=$perlvar{'lonHostID'};
+ my $namevalue='';
+ foreach my $key (keys(%{$storehash})) {
+ $namevalue.=&escape($key).'='.&freeze_escape($$storehash{$key}).'&';
+ }
+ $namevalue=~s/\&$//;
+ if (grep { $_ eq $home } current_machine_ids()) {
+ return LONCAPA::Lond::store_dom("storedom:$dom:$namespace:$id:$namevalue");
+ } else {
+ if ($namespace eq 'private') {
+ return 'refused';
+ } elsif ($encrypt) {
+ return reply("encrypt:storedom:$dom:$namespace:$id:$namevalue",$home);
+ } else {
+ return reply("storedom:$dom:$namespace:$id:$namevalue",$home);
+ }
+ }
+}
+
+sub restore_dom {
+ my ($id,$namespace,$dom,$home,$encrypt) = @_;
+ my $answer;
+ if (grep { $_ eq $home } current_machine_ids()) {
+ $answer = LONCAPA::Lond::restore_dom("restoredom:$dom:$namespace:$id");
+ } elsif ($namespace ne 'private') {
+ if ($encrypt) {
+ $answer=&reply("encrypt:restoredom:$dom:$namespace:$id",$home);
+ } else {
+ $answer=&reply("restoredom:$dom:$namespace:$id",$home);
+ }
+ }
+ my %returnhash=();
+ unless (($answer eq '') || ($answer eq 'con_lost') || ($answer eq 'refused') ||
+ ($answer eq 'unknown_cmd') || ($answer eq 'rejected')) {
+ foreach my $line (split(/\&/,$answer)) {
+ my ($name,$value)=split(/\=/,$line);
+ $returnhash{&unescape($name)}=&thaw_unescape($value);
+ }
+ my $version;
+ for ($version=1;$version<=$returnhash{'version'};$version++) {
+ foreach my $item (split(/\:/,$returnhash{$version.':keys'})) {
+ $returnhash{$item}=$returnhash{$version.':'.$item};
+ }
+ }
+ }
+ return %returnhash;
+}
+
# ----------------------------------construct domainconfig user for a domain
sub get_domainconfiguser {
my ($udom) = @_;
@@ -2346,7 +2405,7 @@ sub get_domain_defaults {
'coursedefaults','usersessions',
'requestauthor','selfenrollment',
'coursecategories','autoenroll',
- 'helpsettings'],$domain);
+ 'helpsettings','wafproxy','ltisec'],$domain);
my @coursetypes = ('official','unofficial','community','textbook');
if (ref($domconfig{'defaults'}) eq 'HASH') {
$domdefaults{'lang_def'} = $domconfig{'defaults'}{'lang_def'};
@@ -2428,6 +2487,9 @@ sub get_domain_defaults {
if ($domconfig{'coursedefaults'}{'texengine'}) {
$domdefaults{'texengine'} = $domconfig{'coursedefaults'}{'texengine'};
}
+ if (exists($domconfig{'coursedefaults'}{'ltiauth'})) {
+ $domdefaults{'crsltiauth'} = $domconfig{'coursedefaults'}{'ltiauth'};
+ }
}
if (ref($domconfig{'usersessions'}) eq 'HASH') {
if (ref($domconfig{'usersessions'}{'remote'}) eq 'HASH') {
@@ -2483,6 +2545,7 @@ sub get_domain_defaults {
}
if (ref($domconfig{'autoenroll'}) eq 'HASH') {
$domdefaults{'autofailsafe'} = $domconfig{'autoenroll'}{'autofailsafe'};
+ $domdefaults{'failsafe'} = $domconfig{'autoenroll'}{'failsafe'};
}
if (ref($domconfig{'helpsettings'}) eq 'HASH') {
$domdefaults{'submitbugs'} = $domconfig{'helpsettings'}{'submitbugs'};
@@ -2497,6 +2560,18 @@ sub get_domain_defaults {
}
}
}
+ if (ref($domconfig{'ltisec'}) eq 'HASH') {
+ if (ref($domconfig{'ltisec'}{'encrypt'}) eq 'HASH') {
+ $domdefaults{'linkprotenc_crs'} = $domconfig{'ltisec'}{'encrypt'}{'crs'};
+ $domdefaults{'linkprotenc_dom'} = $domconfig{'ltisec'}{'encrypt'}{'dom'};
+ $domdefaults{'ltienc_consumers'} = $domconfig{'ltisec'}{'encrypt'}{'consumers'};
+ }
+ if (ref($domconfig{'ltisec'}{'private'}) eq 'HASH') {
+ if (ref($domconfig{'ltisec'}{'private'}{'keys'}) eq 'ARRAY') {
+ $domdefaults{'privhosts'} = $domconfig{'ltisec'}{'private'}{'keys'};
+ }
+ }
+ }
&do_cache_new('domdefaults',$domain,\%domdefaults,$cachetime);
return %domdefaults;
}
@@ -2583,6 +2658,24 @@ sub get_passwdconf {
return %passwdconf;
}
+sub course_portal_url {
+ my ($cnum,$cdom,$r) = @_;
+ my $chome = &homeserver($cnum,$cdom);
+ my $hostname = &hostname($chome);
+ my $protocol = $protocol{$chome};
+ $protocol = 'http' if ($protocol ne 'https');
+ my %domdefaults = &get_domain_defaults($cdom);
+ my $firsturl;
+ if ($domdefaults{'portal_def'}) {
+ $firsturl = $domdefaults{'portal_def'};
+ } else {
+ my $alias = &Apache::lonnet::use_proxy_alias($r,$chome);
+ $hostname = $alias if ($alias ne '');
+ $firsturl = $protocol.'://'.$hostname;
+ }
+ return $firsturl;
+}
+
# --------------------------------------------------- Assign a key to a student
sub assign_access_key {
@@ -3167,11 +3260,29 @@ sub ssi_body {
# --------------------------------------------------------- Server Side Include
sub absolute_url {
- my ($host_name) = @_;
+ my ($host_name,$unalias,$keep_proto) = @_;
my $protocol = ($ENV{'SERVER_PORT'} == 443?'https://':'http://');
if ($host_name eq '') {
$host_name = $ENV{'SERVER_NAME'};
}
+ if ($unalias) {
+ my $alias = &get_proxy_alias();
+ if ($alias eq $host_name) {
+ my $lonhost = $perlvar{'lonHostID'};
+ my $hostname = &hostname($lonhost);
+ my $lcproto;
+ if (($keep_proto) || ($hostname eq '')) {
+ $lcproto = $protocol;
+ } else {
+ $lcproto = $protocol{$lonhost};
+ $lcproto = 'http' if ($lcproto ne 'https');
+ $lcproto .= '://';
+ }
+ unless ($hostname eq '') {
+ return $lcproto.$hostname;
+ }
+ }
+ }
return $protocol.$host_name;
}
@@ -3188,12 +3299,13 @@ sub absolute_url {
sub ssi {
my ($fn,%form)=@_;
- my ($request,$response);
+ my ($host,$request,$response);
+ $host = &absolute_url('',1);
$form{'no_update_last_known'}=1;
&Apache::lonenc::check_encrypt(\$fn);
if (%form) {
- $request=new HTTP::Request('POST',&absolute_url().$fn);
+ $request=new HTTP::Request('POST',$host.$fn);
$request->content(join('&',map {
my $name = escape($_);
"$name=" . ( ref($form{$_}) eq 'ARRAY'
@@ -3201,7 +3313,7 @@ sub ssi {
: &escape($form{$_}) );
} keys(%form)));
} else {
- $request=new HTTP::Request('GET',&absolute_url().$fn);
+ $request=new HTTP::Request('GET',$host.$fn);
}
$request->header(Cookie => $ENV{'HTTP_COOKIE'});
@@ -3470,6 +3582,14 @@ sub can_edit_resource {
$cfile = '/adm/wrapper'.$resurl;
}
}
+ } elsif ($resurl =~ m{^/adm/wrapper/adm/$cdom/$cnum/\d+/ext\.tool$}) {
+ $incourse = 1;
+ if ($env{'form.forceedit'}) {
+ $forceview = 1;
+ } else {
+ $forceedit = 1;
+ }
+ $cfile = $resurl;
} elsif ($resurl =~ m{^/?adm/viewclasslist$}) {
$incourse = 1;
if ($env{'form.forceedit'}) {
@@ -3494,6 +3614,14 @@ sub can_edit_resource {
$forceedit = 1;
}
$cfile = $resurl;
+ } elsif (($resurl =~ m{^/adm/wrapper/adm/$cdom/$cnum/\d+/ext\.tool$}) && ($env{'form.folderpath'} =~ /^supplemental/)) {
+ $incourse = 1;
+ if ($env{'form.forceedit'}) {
+ $forceview = 1;
+ } else {
+ $forceedit = 1;
+ }
+ $cfile = $resurl;
} elsif (($resurl eq '/adm/extresedit') && ($symb || $env{'form.folderpath'})) {
$incourse = 1;
$forceview = 1;
@@ -3503,8 +3631,13 @@ sub can_edit_resource {
$cfile = &clutter($res);
} else {
$cfile = $env{'form.suppurl'};
- $cfile =~ s{^http://}{};
- $cfile = '/adm/wrapper/ext/'.$cfile;
+ my $escfile = &unescape($cfile);
+ if ($escfile =~ m{^/adm/$cdom/$cnum/\d+/ext\.tool$}) {
+ $cfile = '/adm/wrapper'.$escfile;
+ } else {
+ $escfile =~ s{^http://}{};
+ $cfile = &escape("/adm/wrapper/ext/$escfile");
+ }
}
} elsif ($resurl =~ m{^/?adm/viewclasslist$}) {
if ($env{'form.forceedit'}) {
@@ -5508,9 +5641,10 @@ my %cachedtimes=();
my $cachedtime='';
sub load_all_first_access {
- my ($uname,$udom)=@_;
+ my ($uname,$udom,$ignorecache)=@_;
if (($cachedkey eq $uname.':'.$udom) &&
- (abs($cachedtime-time)<5) && (!$env{'form.markaccess'})) {
+ (abs($cachedtime-time)<5) && (!$env{'form.markaccess'}) &&
+ (!$ignorecache)) {
return;
}
$cachedtime=time;
@@ -5519,7 +5653,7 @@ sub load_all_first_access {
}
sub get_first_access {
- my ($type,$argsymb,$argmap)=@_;
+ my ($type,$argsymb,$argmap,$ignorecache)=@_;
my ($symb,$courseid,$udom,$uname)=&whichuser();
if ($argsymb) { $symb=$argsymb; }
my ($map,$id,$res)=&decode_symb($symb);
@@ -5531,7 +5665,7 @@ sub get_first_access {
} else {
$res=$symb;
}
- &load_all_first_access($uname,$udom);
+ &load_all_first_access($uname,$udom,$ignorecache);
return $cachedtimes{"$courseid\0$res"};
}
@@ -6799,7 +6933,8 @@ sub set_adhoc_privileges {
my ($author,$adv,$rar)= &set_userprivs(\%userroles,\%rolehash);
&appenv(\%userroles,[$role,'cm']);
&log($env{'user.domain'},$env{'user.name'},$env{'user.home'},"Role ".$spec);
- unless ($caller eq 'constructaccess' && $env{'request.course.id'}) {
+ unless (($caller eq 'constructaccess' && $env{'request.course.id'}) ||
+ ($caller eq 'tiny')) {
&appenv( {'request.role' => $spec,
'request.role.domain' => $dcdom,
'request.course.sec' => $sec,
@@ -6874,7 +7009,7 @@ sub unserialize {
# see Lond::dump_with_regexp
# if $escapedkeys hash keys won't get unescaped.
sub dump {
- my ($namespace,$udomain,$uname,$regexp,$range,$escapedkeys)=@_;
+ my ($namespace,$udomain,$uname,$regexp,$range,$escapedkeys,$encrypt)=@_;
if (!$udomain) { $udomain=$env{'user.domain'}; }
if (!$uname) { $uname=$env{'user.name'}; }
my $uhome=&homeserver($uname,$udomain);
@@ -6890,7 +7025,12 @@ sub dump {
$uname, $namespace, $regexp, $range)), $perlvar{'lonVersion'});
return %{&unserialize($reply, $escapedkeys)};
}
- my $rep=&reply("dump:$udomain:$uname:$namespace:$regexp:$range",$uhome);
+ my $rep;
+ if ($encrypt) {
+ $rep=&reply("encrypt:edump:$udomain:$uname:$namespace:$regexp:$range",$uhome);
+ } else {
+ $rep=&reply("dump:$udomain:$uname:$namespace:$regexp:$range",$uhome);
+ }
my @pairs=split(/\&/,$rep);
my %returnhash=();
if (!($rep =~ /^error/ )) {
@@ -7036,7 +7176,7 @@ sub inc {
# --------------------------------------------------------------- put interface
sub put {
- my ($namespace,$storehash,$udomain,$uname)=@_;
+ my ($namespace,$storehash,$udomain,$uname,$encrypt)=@_;
if (!$udomain) { $udomain=$env{'user.domain'}; }
if (!$uname) { $uname=$env{'user.name'}; }
my $uhome=&homeserver($uname,$udomain);
@@ -7045,7 +7185,11 @@ sub put {
$items.=&escape($item).'='.&freeze_escape($$storehash{$item}).'&';
}
$items=~s/\&$//;
- return &reply("put:$udomain:$uname:$namespace:$items",$uhome);
+ if ($encrypt) {
+ return &reply("encrypt:put:$udomain:$uname:$namespace:$items",$uhome);
+ } else {
+ return &reply("put:$udomain:$uname:$namespace:$items",$uhome);
+ }
}
# ------------------------------------------------------------ newput interface
@@ -7867,14 +8011,14 @@ sub customaccess {
# ------------------------------------------------- Check for a user privilege
sub allowed {
- my ($priv,$uri,$symb,$role,$clientip,$noblockcheck,$ignorecache)=@_;
+ my ($priv,$uri,$symb,$role,$clientip,$noblockcheck,$ignorecache,$nodeeplinkcheck,$nodeeplinkout)=@_;
my $ver_orguri=$uri;
$uri=&deversion($uri);
my $orguri=$uri;
$uri=&declutter($uri);
if ($priv eq 'evb') {
-# Evade communication block restrictions for specified role in a course
+# Evade communication block restrictions for specified role in a course or domain
if ($env{'user.priv.'.$role} =~/evb\&([^\:]*)/) {
return $1;
} else {
@@ -7884,7 +8028,7 @@ sub allowed {
if (defined($env{'allowed.'.$priv})) { return $env{'allowed.'.$priv}; }
# Free bre access to adm and meta resources
- if (((($uri=~/^adm\//) && ($uri !~ m{/(?:smppg|bulletinboard|viewclasslist|aboutme)$}))
+ if (((($uri=~/^adm\//) && ($uri !~ m{/(?:smppg|bulletinboard|viewclasslist|aboutme|ext\.tool)$}))
|| (($uri=~/\.meta$/) && ($uri!~m|^uploaded/|) ))
&& ($priv eq 'bre')) {
return 'F';
@@ -7932,7 +8076,10 @@ sub allowed {
# Free bre to public access
if ($priv eq 'bre') {
- my $copyright=&metadata($uri,'copyright');
+ my $copyright;
+ unless ($uri =~ /ext\.tool/) {
+ $copyright=&metadata($uri,'copyright');
+ }
if (($copyright eq 'public') && (!$env{'request.course.id'})) {
return 'F';
}
@@ -8089,7 +8236,13 @@ sub allowed {
if ($env{'user.priv.'.$env{'request.role'}.'./'}
=~/\Q$priv\E\&([^\:]*)/) {
my $value = $1;
- if ($noblockcheck) {
+ my $deeplinkblock;
+ unless ($nodeeplinkcheck) {
+ $deeplinkblock = &deeplink_check($priv,$symb,$uri);
+ }
+ if ($deeplinkblock) {
+ $thisallowed='D';
+ } elsif ($noblockcheck) {
$thisallowed.=$value;
} else {
my @blockers = &has_comm_blocking($priv,$symb,$uri,$ignorecache);
@@ -8109,7 +8262,13 @@ sub allowed {
$refuri=&declutter($refuri);
my ($match) = &is_on_map($refuri);
if ($match) {
- if ($noblockcheck) {
+ my $deeplinkblock;
+ unless ($nodeeplinkcheck) {
+ $deeplinkblock = &deeplink_check($priv,$symb,$refuri);
+ }
+ if ($deeplinkblock) {
+ $thisallowed='D';
+ } elsif ($noblockcheck) {
$thisallowed='F';
} else {
my @blockers = &has_comm_blocking($priv,'',$refuri,'',1);
@@ -8182,7 +8341,13 @@ sub allowed {
=~/\Q$priv\E\&([^\:]*)/) {
my $value = $1;
if ($priv eq 'bre') {
- if ($noblockcheck) {
+ my $deeplinkblock;
+ unless ($nodeeplinkcheck) {
+ $deeplinkblock = &deeplink_check($priv,$symb,$uri);
+ }
+ if ($deeplinkblock) {
+ $thisallowed = 'D';
+ } elsif ($noblockcheck) {
$thisallowed.=$value;
} else {
my @blockers = &has_comm_blocking($priv,$symb,$uri,$ignorecache);
@@ -8224,7 +8389,13 @@ sub allowed {
=~/\Q$priv\E\&([^\:]*)/) {
my $value = $1;
if ($priv eq 'bre') {
- if ($noblockcheck) {
+ my $deeplinkblock;
+ unless ($nodeeplinkcheck) {
+ $deeplinkblock = &deeplink_check($priv,$symb,$refuri);
+ }
+ if ($deeplinkblock) {
+ $thisallowed = 'D';
+ } elsif ($noblockcheck) {
$thisallowed.=$value;
} else {
my @blockers = &has_comm_blocking($priv,'',$refuri,'',1);
@@ -8404,6 +8575,17 @@ sub allowed {
}
}
+# Restricted for deeplinked session?
+
+ if ($env{'request.deeplink.login'}) {
+ if ($env{'acc.deeplinkout'} && !$nodeeplinkout) {
+ if (!$symb) { $symb=&symbread($uri,1); }
+ if (($symb) && ($env{'acc.deeplinkout'}=~/\&\Q$symb\E\&/)) {
+ return '';
+ }
+ }
+ }
+
# Restricted by state or randomout?
if ($thisallowed=~/X/) {
@@ -8424,6 +8606,8 @@ sub allowed {
return 'A';
} elsif ($thisallowed eq 'B') {
return 'B';
+ } elsif ($thisallowed eq 'D') {
+ return 'D';
}
return 'F';
}
@@ -8605,7 +8789,8 @@ sub get_commblock_resources {
}
}
}
- if ($interval[0] =~ /^\d+$/) {
+ if ($interval[0] =~ /^(\d+)/) {
+ my $timelimit = $1;
my $first_access;
if ($type eq 'resource') {
$first_access=&get_first_access($interval[1],$item);
@@ -8615,7 +8800,7 @@ sub get_commblock_resources {
$first_access=&get_first_access($interval[1]);
}
if ($first_access) {
- my $timesup = $first_access+$interval[0];
+ my $timesup = $first_access+$timelimit;
if ($timesup > $now) {
my $activeblock;
if ($type eq 'resource') {
@@ -8740,6 +8925,87 @@ sub has_comm_blocking {
}
}
+sub deeplink_check {
+ my ($priv,$symb,$uri) = @_;
+ return unless ($env{'request.course.id'});
+ return unless ($priv eq 'bre');
+ return if ($env{'request.state'} eq 'construct');
+ return if ($env{'request.role.adv'});
+ my $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'};
+ my $cnum = $env{'course.'.$env{'request.course.id'}.'.num'};
+ my (%possibles,@symbs);
+ if (!$symb) {
+ $symb = &symbread($uri,1,1,1,\%possibles);
+ }
+ if ($symb) {
+ @symbs = ($symb);
+ } elsif (keys(%possibles)) {
+ @symbs = keys(%possibles);
+ }
+
+ my ($deeplink_symb,$allow);
+ if ($env{'request.deeplink.login'}) {
+ $deeplink_symb = &Apache::loncommon::deeplink_login_symb($cnum,$cdom);
+ }
+ foreach my $symb (@symbs) {
+ last if ($allow);
+ my $deeplink = &EXT("resource.0.deeplink",$symb);
+ if ($deeplink eq '') {
+ $allow = 1;
+ } else {
+ my ($state,$others,$listed,$scope,$protect) = split(/,/,$deeplink);
+ if ($state ne 'only') {
+ $allow = 1;
+ } else {
+ my $check_deeplink_entry;
+ if ($protect ne 'none') {
+ my ($acctype,$item) = split(/:/,$protect);
+ if (($acctype eq 'ltic') && ($env{'user.linkprotector'})) {
+ if (grep(/^\Q$item\Ec$/,split(/,/,$env{'user.linkprotector'}))) {
+ $check_deeplink_entry = 1
+ }
+ } elsif (($acctype eq 'ltid') && ($env{'user.linkprotector'})) {
+ if (grep(/^\Q$item\Ed$/,split(/,/,$env{'user.linkprotector'}))) {
+ $check_deeplink_entry = 1;
+ }
+ } elsif (($acctype eq 'key') && ($env{'user.deeplinkkey'})) {
+ if (grep(/^\Q$item\E$/,split(/,/,$env{'user.deeplinkkey'}))) {
+ $check_deeplink_entry = 1;
+ }
+ }
+ }
+ if (($protect eq 'none') || ($check_deeplink_entry)) {
+ if ($scope eq 'res') {
+ if ($symb eq $deeplink_symb) {
+ $allow = 1;
+ }
+ } elsif (($scope eq 'map') || ($scope eq 'rec')) {
+ my ($map_from_symb,$map_from_login);
+ $map_from_symb = &deversion((&decode_symb($symb))[0]);
+ if ($deeplink_symb =~ /\.(page|sequence)$/) {
+ $map_from_login = &deversion((&decode_symb($deeplink_symb))[2]);
+ } else {
+ $map_from_login = &deversion((&decode_symb($deeplink_symb))[0]);
+ }
+ if (($map_from_symb) && ($map_from_login)) {
+ if ($map_from_symb eq $map_from_login) {
+ $allow = 1;
+ } elsif ($scope eq 'rec') {
+ my @recurseup = &get_map_hierarchy($map_from_symb,$env{'request.course.id'});
+ if (grep(/^\Q$map_from_login\E$/,@recurseup)) {
+ $allow = 1;
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ return if ($allow);
+ return 1;
+}
+
# -------------------------------- Deversion and split uri into path an filename
#
@@ -10444,14 +10710,19 @@ sub writecoursepref {
sub createcourse {
my ($udom,$description,$url,$course_server,$nonstandard,$inst_code,
- $course_owner,$crstype,$cnum,$context,$category)=@_;
+ $course_owner,$crstype,$cnum,$context,$category,$callercontext)=@_;
$url=&declutter($url);
my $cid='';
if ($context eq 'requestcourses') {
my $can_create = 0;
my ($ownername,$ownerdom) = split(':',$course_owner);
if ($udom eq $ownerdom) {
- if (&usertools_access($ownername,$ownerdom,$category,undef,
+ my $reload;
+ if (($callercontext eq 'auto') &&
+ ($ownerdom eq $env{'user.domain'}) && ($ownername eq $env{'user.name'})) {
+ $reload = 'reload';
+ }
+ if (&usertools_access($ownername,$ownerdom,$category,$reload,
$context)) {
$can_create = 1;
}
@@ -11486,6 +11757,125 @@ sub resdata {
return undef;
}
+sub get_domain_lti {
+ my ($cdom,$context) = @_;
+ my ($name,$cachename,%lti);
+ if ($context eq 'consumer') {
+ $name = 'ltitools';
+ } elsif ($context eq 'provider') {
+ $name = 'lti';
+ } elsif ($context eq 'linkprot') {
+ $name = 'ltisec';
+ } else {
+ return %lti;
+ }
+
+ if ($context eq 'linkprot') {
+ $cachename = $context;
+ } else {
+ $cachename = $name;
+ }
+
+ my ($result,$cached)=&is_cached_new($cachename,$cdom);
+ if (defined($cached)) {
+ if (ref($result) eq 'HASH') {
+ %lti = %{$result};
+ }
+ } else {
+ my %domconfig = &get_dom('configuration',[$name],$cdom);
+ if (ref($domconfig{$name}) eq 'HASH') {
+ if ($context eq 'linkprot') {
+ if (ref($domconfig{$name}{'linkprot'}) eq 'HASH') {
+ %lti = %{$domconfig{$name}{'linkprot'}};
+ }
+ } else {
+ %lti = %{$domconfig{$name}};
+ }
+ if (($context eq 'consumer') && (keys(%lti))) {
+ my %encdomconfig = &get_dom('encconfig',[$name],$cdom,undef,1);
+ if (ref($encdomconfig{$name}) eq 'HASH') {
+ foreach my $id (keys(%lti)) {
+ if (ref($encdomconfig{$name}{$id}) eq 'HASH') {
+ foreach my $item ('key','secret') {
+ $lti{$id}{$item} = $encdomconfig{$name}{$id}{$item};
+ }
+ }
+ }
+ }
+ }
+ }
+ my $cachetime = 24*60*60;
+ &do_cache_new($cachename,$cdom,\%lti,$cachetime);
+ }
+ return %lti;
+}
+
+sub get_course_lti {
+ my ($cnum,$cdom) = @_;
+ my $hashid=$cdom.'_'.$cnum;
+ my %courselti;
+ my ($result,$cached)=&is_cached_new('courselti',$hashid);
+ if (defined($cached)) {
+ if (ref($result) eq 'HASH') {
+ %courselti = %{$result};
+ }
+ } else {
+ %courselti = &dump('lti',$cdom,$cnum,undef,undef,undef,1);
+ my $cachetime = 24*60*60;
+ &do_cache_new('courselti',$hashid,\%courselti,$cachetime);
+ }
+ return %courselti;
+}
+
+sub courselti_itemid {
+ my ($cnum,$cdom,$url,$method,$params,$context) = @_;
+ my ($chome,$itemid);
+ $chome = &homeserver($cnum,$cdom);
+ return if ($chome eq 'no_host');
+ if (ref($params) eq 'HASH') {
+ my $items = &freeze_escape($params);
+ my $rep;
+ if (grep { $_ eq $chome } current_machine_ids()) {
+ $rep = LONCAPA::Lond::crslti_itemid($cdom,$cnum,$url,$method,$params,$perlvar{'lonVersion'});
+ } else {
+ my $escurl = &escape($url);
+ my $escmethod = &escape($method);
+ my $items = &freeze_escape($params);
+ $rep = &reply("encrypt:lti:$cdom:$cnum:$context:$escurl:$escmethod:$items",$chome);
+ }
+ unless (($rep=~/^(refused|rejected|error)/) || ($rep eq 'con_lost') ||
+ ($rep eq 'unknown_cmd')) {
+ $itemid = $rep;
+ }
+ }
+ return $itemid;
+}
+
+sub domainlti_itemid {
+ my ($cdom,$url,$method,$params,$context) = @_;
+ my ($primary_id,$itemid);
+ $primary_id = &domain($cdom,'primary');
+ return if ($primary_id eq '');
+ if (ref($params) eq 'HASH') {
+ my $items = &freeze_escape($params);
+ my $rep;
+ if (grep { $_ eq $primary_id } current_machine_ids()) {
+ $rep = LONCAPA::Lond::domlti_itemid($cdom,$context,$url,$method,$params,$perlvar{'lonVersion'});
+ } else {
+ my $cnum = '';
+ my $escurl = &escape($url);
+ my $escmethod = &escape($method);
+ my $items = &freeze_escape($params);
+ $rep = &reply("encrypt:lti:$cdom:$cnum:$context:$escurl:$escmethod:$items",$primary_id);
+ }
+ unless (($rep=~/^(refused|rejected|error)/) || ($rep eq 'con_lost') ||
+ ($rep eq 'unknown_cmd')) {
+ $itemid = $rep;
+ }
+ }
+ return $itemid;
+}
+
sub get_numsuppfiles {
my ($cnum,$cdom,$ignorecache)=@_;
my $hashid=$cnum.':'.$cdom;
@@ -11510,6 +11900,16 @@ sub get_numsuppfiles {
# EXT resource caching routines
#
+{
+# Cache (5 seconds) of map hierarchy for speedup of navmaps display
+#
+# The course for which we cache
+my $cachedmapkey='';
+# The cached recursive maps for this course
+my %cachedmaps=();
+# When this was last done
+my $cachedmaptime='';
+
sub clear_EXT_cache_status {
&delenv('cache.EXT.');
}
@@ -11823,6 +12223,10 @@ sub EXT {
if ($space eq 'name') {
return $ENV{'SERVER_NAME'};
}
+ } elsif ($realm eq 'client') {
+ if ($space eq 'remote_addr') {
+ return &get_requestor_ip();
+ }
}
return '';
}
@@ -11856,6 +12260,30 @@ sub check_group_parms {
return $coursereply;
}
+sub get_map_hierarchy {
+ my ($mapname,$courseid) = @_;
+ my @recurseup = ();
+ if ($mapname) {
+ if (($cachedmapkey eq $courseid) &&
+ (abs($cachedmaptime-time)<5)) {
+ if (ref($cachedmaps{$mapname}) eq 'ARRAY') {
+ return @{$cachedmaps{$mapname}};
+ }
+ }
+ my $navmap = Apache::lonnavmaps::navmap->new();
+ if (ref($navmap)) {
+ @recurseup = $navmap->recurseup_maps($mapname);
+ undef($navmap);
+ $cachedmaps{$mapname} = \@recurseup;
+ $cachedmaptime=time;
+ $cachedmapkey=$courseid;
+ }
+ }
+ return @recurseup;
+}
+
+}
+
sub sort_course_groups { # Sort groups based on defined rankings. Default is sort().
my ($courseid,@groups) = @_;
@groups = sort(@groups);
@@ -11941,7 +12369,7 @@ sub metadata {
# if it is a non metadata possible uri return quickly
if (($uri eq '') ||
(($uri =~ m|^/*adm/|) &&
- ($uri !~ m|^adm/includes|) && ($uri !~ m{/(smppg|bulletinboard)$})) ||
+ ($uri !~ m|^adm/includes|) && ($uri !~ m{/(smppg|bulletinboard|ext\.tool)$})) ||
($uri =~ m|/$|) || ($uri =~ m|/.meta$|) || ($uri =~ m{^/*uploaded/.+\.sequence$})) {
return undef;
}
@@ -13850,6 +14278,8 @@ sub clutter {
# &logthis("Got a blank emb style");
}
}
+ } elsif ($thisfn =~ m{^/adm/$match_domain/$match_courseid/\d+/ext\.tool$}) {
+ $thisfn='/adm/wrapper'.$thisfn;
}
return $thisfn;
}
@@ -14921,6 +15351,7 @@ prevents recursive calls to &allowed.
2: browse allowed
A: passphrase authentication needed
B: access temporarily blocked because of a blocking event in a course.
+ D: access blocked because access is required via session initiated via deep-link
=item *
500 Internal Server Error
Internal Server Error
The server encountered an internal error or
misconfiguration and was unable to complete
your request.
Please contact the server administrator at
root@localhost to inform them of the time this error occurred,
and the actions you performed just before this error.
More information about this error may be available
in the server error log.