--- loncom/publisher/londiff.pm 2008/11/20 14:37:30 1.25 +++ loncom/publisher/londiff.pm 2011/12/23 14:54:26 1.34 @@ -1,7 +1,7 @@ # The LearningOnline Network with CAPA # Handler to show differences between file versions # -# $Id: londiff.pm,v 1.25 2008/11/20 14:37:30 jms Exp $ +# $Id: londiff.pm,v 1.34 2011/12/23 14:54:26 www Exp $ # # Copyright Michigan State University Board of Trustees # @@ -77,29 +77,56 @@ sub handler { &Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'}, ['filename','versiontwo', 'versionone','filetwo']); -# Get the files +# Check permissions + my $allowed=0; my $cuname=$env{'user.name'}; my $cudom=$env{'user.domain'}; - if ($env{'form.filename'}=~/^\/res\//) { - ($cudom,$cuname,$env{'form.filename'})= - ($env{'form.filename'}=~m{^/res/($LONCAPA::domain_re)/($LONCAPA::username_re)/(.*)$}); + if ($env{'form.filename'}=~ m{^/res/}) { + if (&Apache::lonnet::allowed('bre',$env{'form.filename'})) { + if ($env{'request.course.id'}) { + if (&Apache::lonnet::allowed('mdc',$env{'request.course.id'})) { + $allowed = 1; + } + } else { + $allowed = 1; + } + } elsif (&Apache::lonnet::allowed('bro',$env{'form.filename'})) { + $allowed = 1; + } + if ($allowed) { + ($cudom,$cuname,$env{'form.filename'})= + ($env{'form.filename'}=~m{^/res/($LONCAPA::domain_re)/($LONCAPA::username_re)(/.*)$}); + + if (($env{'form.versionone'} eq 'priv') || ($env{'form.versiontwo'} eq 'priv')) { + my ($cstrname,$cstrdom) = + &Apache::loncacc::constructaccess("/priv/$cudom/$cuname".$env{'form.filename'}); + unless (($cstrname eq $cuname) && ($cstrdom eq $cudom)) { + $allowed = 0; + } + } + } } else { - unless (($cuname,$cudom)= - &Apache::loncacc::constructaccess($env{'form.filename'}, - $r->dir_config('lonDefDomain'))) { - $r->log_reason($cuname.':'.$cudom. + ($cuname,$cudom)= + &Apache::loncacc::constructaccess($env{'form.filename'}); + if ($cuname ne '' && $cudom ne '') { + $allowed = 1; + } else { + $r->log_reason($env{'user.name'}.':'.$env{'user.domain'}. ' trying to get diffs file '.$env{'form.filename'}. - ' - not authorized', - $r->filename); - return HTTP_NOT_ACCEPTABLE; + ' - not authorized', + $r->filename); } } - - my $efn=$env{'form.filename'}; + unless ($allowed) { + return HTTP_NOT_ACCEPTABLE; + } - $efn=~s{/\~($LONCAPA::username_re)}{}g; +# Get the files + + my $efn=$env{'form.filename'}; + $efn=~s{^/priv/$LONCAPA::domain_re/$LONCAPA::username_re}{}; my @f1=(); my @f2=(); @@ -107,15 +134,19 @@ sub handler { &Apache::loncommon::content_type($r,'text/html'); $r->send_http_header; - $r->print(&Apache::loncommon::start_page('Resource Differences')); - + $r->print(&Apache::loncommon::start_page('Resource Differences',undef, + {'no_nav_bar' => 1, })); - $r->print('

'.($env{'form.filetwo'}?'':&mt('Compare versions of')). - ' '.$efn.'

'); + $r->print(($env{'form.filetwo'}?'':&mt('Compare versions of')). + ' '.$efn.''); if (($cuname ne $env{'user.name'}) || ($cudom ne $env{'user.domain'})) { - $r->print('

Co-Author: '.$cuname.' at '.$cudom. - '

'); + $r->print('

' + .&mt('Co-Author [_1]' + ,&Apache::loncommon::plainname($cuname,$cudom) + .' ('.$cuname.':'.$cudom.')') + .'

' + ); } @@ -123,12 +154,11 @@ sub handler { || $efn =~ /\.meta$/) { $r->print('

'); if ($env{'form.versionone'} eq 'priv') { - my $fn='/home/'.$cuname.'/public_html/'.$efn; + my $fn=$r->dir_config('lonDocRoot')."/priv/$cudom/$cuname".$efn; @f1=&get_split_file($fn,'local'); $r->print(''.&mt('Construction Space Version').''); } else { - my $fn= - '/home/httpd/html/res/'.$cudom.'/'.$cuname.'/'; + my $fn=$r->dir_config('lonDocRoot')."/res/$cudom/$cuname"; if ($env{'form.versionone'}) { my ($main,$suffix,$is_meta)= &Apache::lonretrieve::get_file_info($efn); @@ -148,17 +178,16 @@ sub handler { if ($env{'form.filetwo'}) { my $efn2=$env{'form.filetwo'}; - $efn2=~s{/\~($LONCAPA::username_re)}{}g; - my $fn='/home/'.$cuname.'/public_html/'.$efn2; + $efn2=~s{^/priv/$LONCAPA::domain_re/$LONCAPA::username_re}{}; + my $fn=$r->dir_config('lonDocRoot')."/priv/$cudom/$cuname".$efn2; @f2=&get_split_file($fn,'local'); $r->print(''.$efn2.''); } elsif ($env{'form.versiontwo'} eq 'priv') { - my $fn='/home/'.$cuname.'/public_html/'.$efn; + my $fn=$r->dir_config('lonDocRoot')."/priv/$cudom/$cuname".$efn; @f2=&get_split_file($fn,'local'); $r->print(''.&mt('Construction Space Version').''); } else { - my $fn= - '/home/httpd/html/res/'.$cudom.'/'.$cuname.'/'; + my $fn=$r->dir_config('lonDocRoot')."/res/$cudom/$cuname/"; if ($env{'form.versiontwo'}) { my ($main,$suffix,$is_meta)= &Apache::lonretrieve::get_file_info($efn); @@ -176,32 +205,30 @@ sub handler { # Run diff my $diffs = diff(\@f1, \@f2); - -# Start page output - my $chunk; - my $line; - - $r->print('

');
-	
-	foreach $chunk (@$diffs) {
-	 
-	    foreach $line (@$chunk) {
-		my ($sign, $lineno, $text) = @$line;
-		$text=&HTML::Entities::encode($text,'<>&"');
-		$lineno=substr($lineno.'        ',0,7);
-		$r->print(''.
-			  $sign.' '.$lineno.' '.$text."\n");
-	    }
-	    $r->print("
\n");
-	}
-	$r->print('
'); - + if (@$diffs) { + # Start page output + my $chunk; + my $line; + $r->print('
');
+            foreach $chunk (@$diffs) {
+                foreach $line (@$chunk) {
+                    my ($sign, $lineno, $text) = @$line;
+                    $text=&HTML::Entities::encode($text,'<>&"');
+                    $lineno=substr($lineno.'        ',0,7);
+                    $r->print(''.
+                              $sign.' '.$lineno.' '.$text."\n");
+                }
+                $r->print("
\n");
+            }
+            $r->print('
'); + } else { + $r->print('

'.&mt('No differences found').'

'); + } } else { $r->print('

'.&mt('Binary File').'

'); } - $r->print('
'.&mt('Close This Window').'
'); $r->print(&Apache::loncommon::end_page()); return OK; }