[LON-CAPA-cvs] cvs: loncom / loncapa_apache.conf /interface lonsource.pm

www lon-capa-cvs@mail.lon-capa.org
Fri, 18 Jun 2004 15:13:08 -0000 

www		Fri Jun 18 11:13:08 2004 EDT

  Modified files:              
    /loncom	loncapa_apache.conf 
    /loncom/interface	lonsource.pm 
  Log:
  Fixing the permissions for source access.
  
  
Index: loncom/loncapa_apache.conf
diff -u loncom/loncapa_apache.conf:1.84 loncom/loncapa_apache.conf:1.85
--- loncom/loncapa_apache.conf:1.84	Tue Jun 15 12:33:09 2004
+++ loncom/loncapa_apache.conf	Fri Jun 18 11:13:07 2004
@@ -1,7 +1,7 @@
 ##
 ## loncapa_apache.conf -- Apache HTTP LON-CAPA configuration file
 ##
-## $Id: loncapa_apache.conf,v 1.84 2004/06/15 16:33:09 banghart Exp $
+## $Id: loncapa_apache.conf,v 1.85 2004/06/18 15:13:07 www Exp $
 ##
 
 #
@@ -276,6 +276,7 @@
 SetHandler perl-script
 PerlHandler Apache::lonsource
 ErrorDocument     403 /adm/login
+ErrorDocument     406 /adm/roles
 ErrorDocument	  500 /adm/errorhandler
 </LocationMatch>
 
Index: loncom/interface/lonsource.pm
diff -u loncom/interface/lonsource.pm:1.2 loncom/interface/lonsource.pm:1.3
--- loncom/interface/lonsource.pm:1.2	Sat Jun 12 00:44:31 2004
+++ loncom/interface/lonsource.pm	Fri Jun 18 11:13:07 2004
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Souce Code handler
 #
-# $Id: lonsource.pm,v 1.2 2004/06/12 04:44:31 albertel Exp $
+# $Id: lonsource.pm,v 1.3 2004/06/18 15:13:07 www Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -69,16 +69,23 @@
 
 sub handler { 
     my $r=shift;
-    if($ENV{'form.action'} eq 'stage2') { 
+    &Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'},
+					    ['filename']);
+    my $filename = $ENV{'form.filename'};
+    my $source = &Apache::lonnet::metadata($filename,'sourceavail');
+    if ($source ne 'open') {
+	$ENV{'user.error.msg'}="$filename:cre:1:1:Source code not available";
+	return HTTP_NOT_ACCEPTABLE;
+    }
+    if ((!&Apache::lonnet::allowed('cre')) ||
+	(!&Apache::lonnet::allowed('bre',$filename))) {
+	$ENV{'user.error.msg'}="$filename:bre:1:1:Access to resource denied";
+	return HTTP_NOT_ACCEPTABLE;
+    }
+    if ($ENV{'form.action'} eq 'stage2') { 
 	&stage_2($r, $ENV{'form.filename'});
     } else {
-	&Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'},
-						['filename']);
-	if (!&Apache::lonnet::allowed('cre',$ENV{'form.filename'})) {
-	    return FORBIDDEN;
-	}
 	&Apache::loncommon::content_type($r,'text/html');
-	my $filename = $ENV{'form.filename'};
 	$r->send_http_header;
 	$r->print('		    <form name="copy" action="/adm/source/" target="_parent" method="post">
 				<input type="button" value="Close Window" name="close" onClick="window.close()">