[LON-CAPA-cvs] cvs: loncom(version_2_11_X) /auth lonacc.pm

raeburn raeburn at source.lon-capa.org
Sun Aug 7 16:49:38 EDT 2016


raeburn		Sun Aug  7 20:49:38 2016 EDT

  Modified files:              (Branch: version_2_11_X)
    /loncom/auth	lonacc.pm 
  Log:
  - For 2.11
    - Backport 1.160
  
  
Index: loncom/auth/lonacc.pm
diff -u loncom/auth/lonacc.pm:1.159.2.2 loncom/auth/lonacc.pm:1.159.2.3
--- loncom/auth/lonacc.pm:1.159.2.2	Fri Aug  5 20:27:18 2016
+++ loncom/auth/lonacc.pm	Sun Aug  7 20:49:37 2016
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Cookie Based Access Handler
 #
-# $Id: lonacc.pm,v 1.159.2.2 2016/08/05 20:27:18 raeburn Exp $
+# $Id: lonacc.pm,v 1.159.2.3 2016/08/07 20:49:37 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -605,6 +605,12 @@
                             return HTTP_NOT_ACCEPTABLE;
                         }
                     }
+                } elsif (($handle =~ /^publicuser_\d+$/) && (&Apache::lonnet::is_portfolio_url($requrl))) {
+                    my $clientip = $r->get_remote_host();
+                    if (&Apache::lonnet::allowed('bre',$requrl,undef,undef,$clientip) ne 'F') {
+                        $env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
+                        return HTTP_NOT_ACCEPTABLE;
+                    }
                 } else {
 		    $env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
 		    return HTTP_NOT_ACCEPTABLE;
@@ -743,7 +749,8 @@
     }
 # ------------------------------------ See if this is a viewable portfolio file
     if (&Apache::lonnet::is_portfolio_url($requrl)) {
-	my $access=&Apache::lonnet::allowed('bre',$requrl);
+        my $clientip = $r->get_remote_host();
+	my $access=&Apache::lonnet::allowed('bre',$requrl,undef,undef,$clientip);
 	if ($access eq 'A') {
 	    &Apache::restrictedaccess::setup_handler($r);
 	    return OK;




More information about the LON-CAPA-cvs mailing list