--- loncom/publisher/londiff.pm 2011/10/30 00:30:19 1.31 +++ loncom/publisher/londiff.pm 2011/10/30 14:59:57 1.32 @@ -1,7 +1,7 @@ # The LearningOnline Network with CAPA # Handler to show differences between file versions # -# $Id: londiff.pm,v 1.31 2011/10/30 00:30:19 raeburn Exp $ +# $Id: londiff.pm,v 1.32 2011/10/30 14:59:57 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -83,31 +83,40 @@ sub handler { my $cuname=$env{'user.name'}; my $cudom=$env{'user.domain'}; - if ($env{'form.filename'}=~/^\/res\//) { + if ($env{'form.filename'}=~ m{^/res/}) { if (&Apache::lonnet::allowed('bre',$env{'form.filename'})) { if ($env{'request.course.id'}) { if (&Apache::lonnet::allowed('mdc',$env{'request.course.id'})) { $allowed = 1; } + } else { + $allowed = 1; } } elsif (&Apache::lonnet::allowed('bro',$env{'form.filename'})) { - $allowed = 1; + $allowed = 1; } if ($allowed) { ($cudom,$cuname,$env{'form.filename'})= - ($env{'form.filename'}=~m{^/res/($LONCAPA::domain_re)/($LONCAPA::username_re)(/.*)$}); + ($env{'form.filename'}=~m{^/res/($LONCAPA::domain_re)/($LONCAPA::username_re)(/.*)$}); + + if (($env{'form.versionone'} eq 'priv') || ($env{'form.versiontwo'} eq 'priv')) { + my ($cstrname,$cstrdom) = + &Apache::loncacc::constructaccess("/priv/$cudom/$cuname".$env{'form.filename'}); + unless (($cstrname eq $cuname) && ($cstrdom eq $cudom)) { + $allowed = 0; + } + } } } else { ($cuname,$cudom)= - &Apache::loncacc::constructaccess($env{'form.filename'}, - $r->dir_config('lonDefDomain')); + &Apache::loncacc::constructaccess($env{'form.filename'}); if ($cuname ne '' && $cudom ne '') { $allowed = 1; } else { $r->log_reason($env{'user.name'}.':'.$env{'user.domain'}. ' trying to get diffs file '.$env{'form.filename'}. - ' - not authorized', - $r->filename); + ' - not authorized', + $r->filename); } } unless ($allowed) { @@ -115,9 +124,8 @@ sub handler { } # Get the files - - my $efn=$env{'form.filename'}; + my $efn=$env{'form.filename'}; $efn=~s{^/priv/$LONCAPA::domain_re/$LONCAPA::username_re}{}; my @f1=();