--- loncom/publisher/londiff.pm	2010/12/14 16:26:04	1.28
+++ loncom/publisher/londiff.pm	2011/11/07 15:18:13	1.28.2.1
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Handler to show differences between file versions
 #
-# $Id: londiff.pm,v 1.28 2010/12/14 16:26:04 www Exp $
+# $Id: londiff.pm,v 1.28.2.1 2011/11/07 15:18:13 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -77,26 +77,55 @@ sub handler {
     &Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'},
 					    ['filename','versiontwo',
 					     'versionone','filetwo']);
-# Get the files
 
+# Check permissions
+    my $allowed=0;
     my $cuname=$env{'user.name'};
     my $cudom=$env{'user.domain'};
 
-    if ($env{'form.filename'}=~/^\/res\//) {
-	($cudom,$cuname,$env{'form.filename'})=
-	    ($env{'form.filename'}=~m{^/res/($LONCAPA::domain_re)/($LONCAPA::username_re)/(.*)$});
+    if ($env{'form.filename'}=~ m{^/res/}) {
+        if (&Apache::lonnet::allowed('bre',$env{'form.filename'})) {
+            if ($env{'request.course.id'}) {
+                if (&Apache::lonnet::allowed('mdc',$env{'request.course.id'})) {
+                    $allowed = 1;
+                }
+            } else {
+                $allowed = 1;
+            }
+        } elsif (&Apache::lonnet::allowed('bro',$env{'form.filename'})) {
+            $allowed = 1;
+        }
+        if ($allowed) {
+            ($cudom,$cuname,$env{'form.filename'})=
+                ($env{'form.filename'}=~m{^/res/($LONCAPA::domain_re)/($LONCAPA::username_re)(/.*)$});
+
+            if (($env{'form.versionone'} eq 'priv') || ($env{'form.versiontwo'} eq 'priv')) {
+                my ($cstrname,$cstrdom) =
+                    &Apache::loncacc::constructaccess("/priv/$cuname".$env{'form.filename'},$cudom);
+                unless (($cstrname eq $cuname) && ($cstrdom eq $cudom)) {
+                    $allowed = 0;
+                }
+            }
+        }
     } else {
-	unless (($cuname,$cudom)=
-		&Apache::loncacc::constructaccess($env{'form.filename'},
-						  $r->dir_config('lonDefDomain'))) {
-	    $r->log_reason($cuname.':'.$cudom.
-			   ' trying to get diffs file '.$env{'form.filename'}.
-			   '  - not authorized', 
-			   $r->filename); 
-	    return HTTP_NOT_ACCEPTABLE;
-	}
+        ($cuname,$cudom)=
+            &Apache::loncacc::constructaccess($env{'form.filename'},
+                                              $r->dir_config('lonDefDomain'));
+        if ($cuname ne '' && $cudom ne '') {
+            $allowed = 1;
+        } else {
+            $r->log_reason($env{'user.name'}.':'.$env{'user.domain'}.
+                           ' trying to get diffs file '.$env{'form.filename'}.
+                           '  - not authorized',
+                           $r->filename);
+        }
+    }
+    unless ($allowed) {
+        return HTTP_NOT_ACCEPTABLE;
     }
-  
+
+# Get the files
+
     my $efn=$env{'form.filename'};
 
     $efn=~s{/\~($LONCAPA::username_re)}{}g;