[LON-CAPA-cvs] cvs: loncom /auth lonacc.pm publiccheck.pm restrictedaccess.pm /lonnet/perl lonnet.pm
albertel
lon-capa-cvs@mail.lon-capa.org
Fri, 21 Jul 2006 19:42:26 -0000
This is a MIME encoded message
--albertel1153510946
Content-Type: text/plain
albertel Fri Jul 21 15:42:26 2006 EDT
Modified files:
/loncom/auth lonacc.pm publiccheck.pm restrictedaccess.pm
/loncom/lonnet/perl lonnet.pm
Log:
- lonnet::allowed() can now return a 'A' for 'pass phrase authentication needed'
- lonacc redirects to restricted access if A is returned
--albertel1153510946
Content-Type: text/plain
Content-Disposition: attachment; filename="albertel-20060721154226.txt"
Index: loncom/auth/lonacc.pm
diff -u loncom/auth/lonacc.pm:1.89 loncom/auth/lonacc.pm:1.90
--- loncom/auth/lonacc.pm:1.89 Fri Jul 21 14:52:32 2006
+++ loncom/auth/lonacc.pm Fri Jul 21 15:42:12 2006
@@ -1,7 +1,7 @@
# The LearningOnline Network
# Cookie Based Access Handler
#
-# $Id: lonacc.pm,v 1.89 2006/07/21 18:52:32 albertel Exp $
+# $Id: lonacc.pm,v 1.90 2006/07/21 19:42:12 albertel Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -137,23 +137,6 @@
$r->headers_in->unset('Content-length');
}
-sub passphrase_access_checker {
- my ($r,$guestkey,$requrl) = @_;
- my ($num,$scope,$end,$start) = ($guestkey =~ /^([^:]+):([a-z]+)_(\d*)_?(\d*)$/);
- if ($scope eq 'guest') {
- if (exists($env{'user.passphrase_access_'.$requrl})) {
- if (($env{'user.passphrase_access_'.$requrl} == 0) ||
- ($env{'user.passphrase_access_'.$requrl} > time)) {
- $env{'request.publicaccess'} = 1;
- return 'ok';
- }
- }
- }
- $r->set_handlers('PerlHandler'=> \&Apache::restrictedaccess::handler);
- $r->content_type('perl-script');
- return;
-}
-
sub handler {
my $r = shift;
my $requrl=$r->uri;
@@ -216,16 +199,16 @@
# ---------------------------------------------------------------- Check access
my $now = time;
- if (&Apache::lonnet::is_portfolio_url($requrl)) {
- my $result = &Apache::lonnet::portfolio_access($r,$requrl);
- if ($result eq 'ok') { return OK; }
- }
if ($requrl!~/^\/adm|public|prtspool\//) {
my $access=&Apache::lonnet::allowed('bre',$requrl);
if ($access eq '1') {
$env{'user.error.msg'}="$requrl:bre:0:0:Choose Course";
return HTTP_NOT_ACCEPTABLE;
}
+ if ($access eq 'A') {
+ &Apache::restrictedaccess::setup_handler($r);
+ return OK;
+ }
if (($access ne '2') && ($access ne 'F')) {
$env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
return HTTP_NOT_ACCEPTABLE;
@@ -241,7 +224,7 @@
}
if ($env{'user.name'} eq 'public' &&
$env{'user.domain'} eq 'public' &&
- $requrl !~ m{^/+(res|public)/} &&
+ $requrl !~ m{^/+(res|public|uploaded)/} &&
$requrl !~ m{^/+adm/(help|logout|restrictedaccess|randomlabel\.png)}) {
$env{'request.querystring'}=$r->args;
$env{'request.firsturl'}=$requrl;
@@ -332,10 +315,17 @@
if ($requrl=~m|^/+adm/+help/+|) {
return OK;
}
-# ------------------------------------- See if this is a viewable portfolio file
+# ------------------------------------ See if this is a viewable portfolio file
if (&Apache::lonnet::is_portfolio_url($requrl)) {
- my $result = &Apache::lonnet::portfolio_access($r,$requrl);
- if ($result eq 'ok' ) { return OK; }
+ my $access=&Apache::lonnet::allowed('bre',$requrl);
+ if ($access eq 'A') {
+ &Apache::restrictedaccess::setup_handler($r);
+ return OK;
+ }
+ if (($access ne '2') && ($access ne 'F')) {
+ $env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
+ return HTTP_NOT_ACCEPTABLE;
+ }
}
# -------------------------------------------------------------- Not authorized
Index: loncom/auth/publiccheck.pm
diff -u loncom/auth/publiccheck.pm:1.8 loncom/auth/publiccheck.pm:1.9
--- loncom/auth/publiccheck.pm:1.8 Fri Jul 21 14:52:32 2006
+++ loncom/auth/publiccheck.pm Fri Jul 21 15:42:12 2006
@@ -1,7 +1,7 @@
# The LearningOnline Network
# Cookie Based Access Handler
#
-# $Id: publiccheck.pm,v 1.8 2006/07/21 18:52:32 albertel Exp $
+# $Id: publiccheck.pm,v 1.9 2006/07/21 19:42:12 albertel Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -83,7 +83,7 @@
my $cookie=&Apache::lonauth::success($r,'public','public','public');
my $lonidsdir=$r->dir_config('lonIDsDir');
&Apache::lonnet::transfer_profile_to_env($lonidsdir,$cookie);
- $r->header_out('Set-cookie',"lonID=$cookie; path=/");
+ $r->err_header_out('Set-cookie',"lonID=$cookie; path=/");
}
&Apache::lonacc::get_posted_cgi($r);
$env{'request.state'} = "published";
Index: loncom/auth/restrictedaccess.pm
diff -u loncom/auth/restrictedaccess.pm:1.4 loncom/auth/restrictedaccess.pm:1.5
--- loncom/auth/restrictedaccess.pm:1.4 Fri Jul 21 14:52:32 2006
+++ loncom/auth/restrictedaccess.pm Fri Jul 21 15:42:12 2006
@@ -45,32 +45,41 @@
if (!defined($origurl)) {
$origurl = $r->uri;
}
+ my $msg='';
if (exists($env{'form.pass1'})) {
my ($result,$end) = &check_pass($r,$origurl);
if ($result eq 'ok') {
- &Apache::lonnet::appenv(('user.passphrase_access_'.$origurl =>
- $end));
+ &Apache::lonnet::allowuploaded('/adm/restrictedaccess',
+ $origurl);
$env{'request.state'} = "published";
$env{'request.filename'} = $origurl;
$r->header_out(Location => 'http://'.$ENV{'HTTP_HOST'}.$origurl);
return REDIRECT;
} else {
- &print_entryform($r,$origurl,"Invalid passphrase");
- }
- } else {
- &print_entryform($r,$origurl);
+ $msg = 'Invalid passphrase';
+ }
}
- return OK;
-}
-sub print_entryform {
- my ($r,$origurl,$msg) = @_;
- &Apache::lonlocal::get_language_handle($r);
&Apache::loncommon::content_type($r,'text/html');
$r->send_http_header;
return OK if $r->header_only;
$r->print(&Apache::loncommon::start_page('Passphrase protected file'));
+ &print_entryform($r,$origurl,$msg);
+
+ return OK;
+}
+
+sub setup_handler {
+ my ($r) = @_;
+ $r->set_handlers('PerlHandler'=>
+ \&Apache::restrictedaccess::handler);
+ $r->content_type('perl-script');
+}
+
+sub print_entryform {
+ my ($r,$origurl,$msg) = @_;
+
$r->print('<script type="text/javascript">
function verify() {
if (document.passform.pass1.value == "") {
@@ -80,14 +89,16 @@
document.passform.submit();
}
</script>');
- $r->print('<span class="LC_error">'.$msg.'</span>');
+ if ($msg ne '') {
+ $r->print('<span class="LC_error">'.$msg.'</span>');
+ }
$r->print('<div align="center"><form name="passform" method="post" '.
'action="/adm/restrictedaccess">');
$r->print('<br /><br /><br />');
$r->print(&Apache::loncommon::start_data_table());
$r->print(&Apache::loncommon::start_data_table_row());
$r->print('<td><nobr>'.&mt('Passphrase: ').'</nobr></td>'.
- '<td><input type="password" size="20" name="pass1"></td>');
+ '<td><input type="password" size="20" name="pass1" /></td>');
$r->print(&Apache::loncommon::end_data_table_row());
$r->print(&Apache::loncommon::start_data_table_row());
$r->print('<td align="center" colspan="2"><br />'.
Index: loncom/lonnet/perl/lonnet.pm
diff -u loncom/lonnet/perl/lonnet.pm:1.765 loncom/lonnet/perl/lonnet.pm:1.766
--- loncom/lonnet/perl/lonnet.pm:1.765 Fri Jul 21 14:52:35 2006
+++ loncom/lonnet/perl/lonnet.pm Fri Jul 21 15:42:25 2006
@@ -1,7 +1,7 @@
# The LearningOnline Network
# TCP networking package
#
-# $Id: lonnet.pm,v 1.765 2006/07/21 18:52:35 albertel Exp $
+# $Id: lonnet.pm,v 1.766 2006/07/21 19:42:25 albertel Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -3220,20 +3220,15 @@
# -------------------------------------------------- portfolio access checking
sub portfolio_access {
- my ($r,$requrl) = @_;
- my $access=&allowed('bre',$requrl);
- if ($access eq '2' || $access eq 'F') {
- return 'ok';
- }
+ my ($requrl) = @_;
my (undef,$udom,$unum,$file_name,$group) = &parse_portfolio_url($requrl);
my $result = &get_portfolio_access($udom,$unum,$file_name,$group);
if ($result eq 'ok') {
- return 'ok';
+ return 'F';
} elsif ($result =~ /^[^:]+:guest_/) {
- &Apache::lonacc::passphrase_access_checker($r,$result,$requrl);
- return 'ok';
+ return 'A';
}
- return undef;
+ return '';
}
sub get_portfolio_access {
@@ -3602,6 +3597,13 @@
}
}
+ if ($priv eq 'bre'
+ && $thisallowed ne 'F'
+ && $thisallowed ne '2'
+ && &is_portfolio_url($uri)) {
+ $thisallowed = &portfolio_access($uri);
+ }
+
# Full access at system, domain or course-wide level? Exit.
if ($thisallowed=~/F/) {
@@ -3752,7 +3754,11 @@
#
unless ($env{'request.course.id'}) {
- return '1';
+ if ($thisallowed eq 'A') {
+ return 'A';
+ } else {
+ return '1';
+ }
}
#
@@ -3815,6 +3821,9 @@
}
}
+ if ($thisallowed eq 'A') {
+ return 'A';
+ }
return 'F';
}
@@ -7508,6 +7517,7 @@
'': forbidden
1: user needs to choose course
2: browse allowed
+ A: passphrase authentication needed
=item *
@@ -8235,15 +8245,6 @@
Locks on files (resulting from submission of portfolio file to a homework problem stored in array of arrays.
-parse_access_controls():
-
-Parses XML of an access control record
-Args
-1. Text string (XML) of access comtrol record
-
-Returns:
-1. Hash of access control settings.
-
modify_access_controls():
Modifies access controls for a portfolio file
--albertel1153510946--