[LON-CAPA-cvs] cvs: loncom /interface lonwishlistdisplay.pm
raeburn
raeburn at source.lon-capa.org
Tue May 15 10:13:15 EDT 2012
raeburn Tue May 15 14:13:15 2012 EDT
Modified files:
/loncom/interface lonwishlistdisplay.pm
Log:
- Privileges checking.
Index: loncom/interface/lonwishlistdisplay.pm
diff -u loncom/interface/lonwishlistdisplay.pm:1.2 loncom/interface/lonwishlistdisplay.pm:1.3
--- loncom/interface/lonwishlistdisplay.pm:1.2 Tue Feb 15 14:54:51 2011
+++ loncom/interface/lonwishlistdisplay.pm Tue May 15 14:13:14 2012
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# Routines to display the wishlist (handler)
#
-# $Id: lonwishlistdisplay.pm,v 1.2 2011/02/15 14:54:51 wenzelju Exp $
+# $Id: lonwishlistdisplay.pm,v 1.3 2012/05/15 14:13:14 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -29,7 +29,7 @@
package Apache::lonwishlistdisplay;
use strict;
-use Apache::Constants qw(:common);
+use Apache::Constants qw(:common :http);
use Apache::lonnet;
use Apache::loncommon();
use Apache::lonhtmlcommon;
@@ -48,8 +48,22 @@
# ----------------------------------------------------- Main Handler, package lonwishlistdisplay
sub handler {
my ($r) = @_;
- &Apache::loncommon::content_type($r,'text/html');
- $r->send_http_header;
+
+ if ($r->header_only) {
+ &Apache::loncommon::content_type($r,'text/html');
+ $r->send_http_header;
+ return OK;
+ }
+
+ if ((&Apache::lonnet::allowed('bre',"/res/$env{'user.domain'}/")) ||
+ (&Apache::lonnet::allowed('bro',"/res/$env{'user.domain'}/"))) {
+ &Apache::loncommon::content_type($r,'text/html');
+ $r->send_http_header;
+ } else {
+ $env{'user.error.msg'}=
+ "/adm/wishlist:bre:0:0:No rights to access Stored Links";
+ return HTTP_NOT_ACCEPTABLE;
+ }
if (&Apache::lonwishlist::getWishlist() ne 'error') {
# get wishlist entries from user-data db-file and build a tree out of these entries
More information about the LON-CAPA-cvs
mailing list