[LON-CAPA-cvs] cvs: loncom /lonnet/perl lonnet.pm
raeburn
lon-capa-cvs@mail.lon-capa.org
Sat, 29 Oct 2005 02:52:51 -0000
raeburn Fri Oct 28 22:52:51 2005 EDT
Modified files:
/loncom/lonnet/perl lonnet.pm
Log:
lonnet.pm rev 1.665 change denied access to /uploaded files in a course to a CC (has system-wide bre, but not course-specific bre).
Index: loncom/lonnet/perl/lonnet.pm
diff -u loncom/lonnet/perl/lonnet.pm:1.670 loncom/lonnet/perl/lonnet.pm:1.671
--- loncom/lonnet/perl/lonnet.pm:1.670 Fri Oct 28 17:51:50 2005
+++ loncom/lonnet/perl/lonnet.pm Fri Oct 28 22:52:50 2005
@@ -1,7 +1,7 @@
# The LearningOnline Network
# TCP networking package
#
-# $Id: lonnet.pm,v 1.670 2005/10/28 21:51:50 albertel Exp $
+# $Id: lonnet.pm,v 1.671 2005/10/29 02:52:50 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -3106,20 +3106,26 @@
# not allowing 'edit' access (editupload) to uploaded course docs
if (($priv eq 'bre') && ($uri=~m|^uploaded/|)) {
$thisallowed='';
- my $refuri=$env{'httpref.'.$orguri};
- if ($refuri) {
- if ($refuri =~ m|^/adm/|) {
- $thisallowed='F';
- } else {
- $refuri=&declutter($refuri);
- my ($match) = &is_on_map($refuri);
- if ($match) {
+ my ($match)=&is_on_map($uri);
+ if ($match) {
+ if ($env{'user.priv.'.$env{'request.role'}.'./'}
+ =~/\Q$priv\E\&([^\:]*)/) {
+ $thisallowed.=$1;
+ }
+ } else {
+ my $refuri=$env{'httpref.'.$orguri};
+ if ($refuri) {
+ if ($refuri =~ m|^/adm/|) {
$thisallowed='F';
+ } else {
+ $refuri=&declutter($refuri);
+ my ($match) = &is_on_map($refuri);
+ if ($match) {
+ $thisallowed='F';
+ }
}
- }
- } else {
- $thisallowed='';
- }
+ }
+ }
}
# Full access at system, domain or course-wide level? Exit.