[LON-CAPA-cvs] cvs: loncom / Lond.pm /auth publiccheck.pm /interface portfolio.pm /lonnet/perl lonnet.pm
raeburn
raeburn at source.lon-capa.org
Thu Dec 28 13:14:09 EST 2023
raeburn Thu Dec 28 18:14:09 2023 EDT
Modified files:
/loncom/interface portfolio.pm
/loncom/auth publiccheck.pm
/loncom Lond.pm
/loncom/lonnet/perl lonnet.pm
Log:
- Internal name for conditional portfolio sharing for specific IP addresses
ranges when set by a user is now userip, to distinguish from those set
for externalresponse (inrenal name: ip).
- Portfolio shareability setting in domain defaults (by affiliation), with
possible override for an individual user will apply to portfolio file
requests to a LON-CAPA node running 2.11, when the file owner's homeserver
is 2.12 (or later).
-------------- next part --------------
Index: loncom/interface/portfolio.pm
diff -u loncom/interface/portfolio.pm:1.267 loncom/interface/portfolio.pm:1.268
--- loncom/interface/portfolio.pm:1.267 Thu Dec 28 15:57:27 2023
+++ loncom/interface/portfolio.pm Thu Dec 28 18:14:07 2023
@@ -1,7 +1,7 @@
# The LearningOnline Network
# portfolio browser
#
-# $Id: portfolio.pm,v 1.267 2023/12/28 15:57:27 raeburn Exp $
+# $Id: portfolio.pm,v 1.268 2023/12/28 18:14:07 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -490,6 +490,7 @@
my $cond_access = 0;
foreach my $key (sort(keys(%{$access_controls{$fullpath}}))) {
my ($num,$scope,$end,$start) = &unpack_acc_key($key);
+ next if ($scope eq 'ip');
if (($now > $start) && (!$end || $end > $now)) {
if ($scope eq 'public') {
$pub_access = 1;
@@ -1005,9 +1006,9 @@
domains => 'Conditional: domain-based',
users => 'Conditional: user-based',
course => 'Conditional: course/community-based',
- ip => 'Conditional: IP-based',
+ userip => 'Conditional: IP-based',
);
- my @allscopes = ('public','guest','domains','users','course','ip');
+ my @allscopes = ('public','guest','domains','users','course','userip');
foreach my $scope (@allscopes) {
if ((!(exists($todisplay{$scope}))) || (ref($todisplay{$scope}) ne 'HASH')) {
next;
@@ -1084,8 +1085,8 @@
} elsif ($scope eq 'users') {
my $curr_user_list = &sort_users($content->{'users'});
$r->print(&mt('Users: ').$curr_user_list);
- } elsif ($scope eq 'ip') {
- my $curr_ips_list = &sort_ips($content->{'ip'});
+ } elsif ($scope eq 'userip') {
+ my $curr_ips_list = &sort_ips($content->{'userip'});
$r->print(&mt('IP(s):').' '.$curr_ips_list);
} else {
$r->print(' ');
@@ -1195,7 +1196,7 @@
my $totalnew = 0;
my $status = 'new';
my ($firstitem,$lastitem);
- my @types = ('course','domains','users','ip');
+ my @types = ('course','domains','users','userip');
foreach my $newitem (@types) {
$allnew += $env{'form.new'.$newitem};
}
@@ -1207,7 +1208,7 @@
course => 'course/community',
domains => 'domain',
users => 'user',
- ip => 'IP',
+ userip => 'IP',
);
foreach my $newitem (@types) {
next if ($env{'form.new'.$newitem} <= 0);
@@ -1311,7 +1312,7 @@
'udom' => $udom
});
}
- } elsif ($scope eq 'ip') {
+ } elsif ($scope eq 'userip') {
my $ipslist = $env{'form.ips_'.$num};
$ipslist =~ s/\s+//sg;
my %ipshash = map { ($_,1) } (split(/,/,$ipslist));
@@ -1382,7 +1383,7 @@
push(@domains,$key);
} elsif ($scope eq 'users') {
push(@users,$key);
- } elsif ($scope eq 'ip') {
+ } elsif ($scope eq 'userip') {
push(@ips,$key);
}
}
@@ -1444,7 +1445,7 @@
my $numconditionals = 0;
my $conditionstext;
my %cond_status;
- foreach my $scope ('domains','users','course','ip') {
+ foreach my $scope ('domains','users','course','userip') {
$numconditionals += $acl_count->{$scope};
if ($acl_count->{$scope} > 0) {
if ($conditionstext ne 'Active') {
@@ -1491,7 +1492,7 @@
$r->print('</td></tr><tr><td colspan="3"></td></tr><tr><td valign="top">');
&access_element($r,'course',$acl_count,$courses,$access_controls,$now,$then);
$r->print('</td><td> </td><td valign="top">');
- &access_element($r,'ip',$acl_count,$ips,$access_controls,$now,$then);
+ &access_element($r,'userip',$acl_count,$ips,$access_controls,$now,$then);
$r->print('</td></tr></table>');
}
@@ -1512,7 +1513,7 @@
domains => 'Domain',
users => 'User',
course => 'Course/Community',
- ip => 'IP',
+ userip => 'IP',
);
$r->print('<h3>'.&mt($typetext{$type}.'-based conditional access:').' ');
if ($$acl_count{$type}) {
@@ -1537,7 +1538,7 @@
} elsif ($type eq 'users') {
$showtype = &mt('Users');
$infotype = 'User';
- } elsif ($type eq 'ip') {
+ } elsif ($type eq 'userip') {
$showtype = &mt('IP-based');
$infotype = 'IP';
}
@@ -1565,7 +1566,7 @@
$then);
} elsif ($type eq 'users') {
&users_row($r,$status,$key,$access_controls,$now,$then);
- } elsif ($type eq 'ip') {
+ } elsif ($type eq 'userip') {
&ips_row($r,$status,$key,$access_controls,$now,$then);
}
$r->print(&Apache::loncommon::end_data_table_row());
@@ -1748,11 +1749,11 @@
sub ips_row {
my ($r,$status,$item,$access_controls,$now,$then) = @_;
my ($num,$scope,$end,$start) = &set_identifiers($status,$item,$now,$then,
- 'ip');
+ 'userip');
my $curr_ips_list;
if ($status eq 'old') {
my $content = $$access_controls{$item};
- $curr_ips_list = &sort_ips($content->{'ip'});
+ $curr_ips_list = &sort_ips($content->{'userip'});
}
$r->print('<td>'.&actionbox($status,$num,$scope).'</td><td>'.&mt('Format for IP controls').'<br />'.
&mt('[_1] or [_2] or [_3] or [_4] or [_5]','<tt>35.8.*</tt>','<tt>35.8.3.[34-56]</tt>',
@@ -1771,7 +1772,7 @@
$showtype = 'domain';
} elsif ($type eq 'users') {
$showtype = 'user';
- } elsif ($type eq 'ip') {
+ } elsif ($type eq 'userip') {
$showtype = 'IP';
}
return
@@ -1785,7 +1786,7 @@
my $output = '<span class="LC_nobreak"><label>';
if ($status eq 'new') {
my $checkstate;
- if ($scope eq 'domains' || $scope eq 'users' || $scope eq 'course' || $scope eq 'ip') {
+ if ($scope eq 'domains' || $scope eq 'users' || $scope eq 'course' || $scope eq 'userip') {
$checkstate = 'checked="checked"';
}
$output .= '<input type="checkbox" name="activate" value="'.$num.'" '.
Index: loncom/auth/publiccheck.pm
diff -u loncom/auth/publiccheck.pm:1.28 loncom/auth/publiccheck.pm:1.29
--- loncom/auth/publiccheck.pm:1.28 Thu Dec 28 15:57:28 2023
+++ loncom/auth/publiccheck.pm Thu Dec 28 18:14:08 2023
@@ -1,7 +1,7 @@
# The LearningOnline Network
# Cookie Based Access Handler
#
-# $Id: publiccheck.pm,v 1.28 2023/12/28 15:57:28 raeburn Exp $
+# $Id: publiccheck.pm,v 1.29 2023/12/28 18:14:08 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -125,7 +125,7 @@
$access = 'public';
last;
}
- if ($scope eq 'ip') {
+ if (($scope eq 'ip') || ($scope eq 'userip')) {
if (ref($access_controls{$file_name}{$key}) eq 'HASH') {
if (ref($access_controls{$file_name}{$key}{'ip'}) eq 'ARRAY') {
if (&Apache::loncommon::check_ip_acc(join(',',@{$access_controls{$file_name}{$key}{'ip'}}),$clientip)) {
Index: loncom/Lond.pm
diff -u loncom/Lond.pm:1.24 loncom/Lond.pm:1.25
--- loncom/Lond.pm:1.24 Tue Jun 20 13:27:42 2023
+++ loncom/Lond.pm Thu Dec 28 18:14:08 2023
@@ -1,6 +1,6 @@
# The LearningOnline Network
#
-# $Id: Lond.pm,v 1.24 2023/06/20 13:27:42 raeburn Exp $
+# $Id: Lond.pm,v 1.25 2023/12/28 18:14:08 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -65,6 +65,30 @@
}
}
+#
+# If dump is for file_permissions.db from a pre-2.12 server and
+# $uname:$udom is not a course, determine if value of portaccess
+# in effect for $uname:$udom allows portfolio files to be shared.
+# If sharing is not allowed, records returned for accesscontrol
+# are restricted to those based on ip (i.e., for externalresponse).
+#
+# Note: for 2.12 or later session-hosting server, determination
+# of portaccess value in effect occurs client-side.
+#
+ my ($check_portaccess,$access,$now,$major,$minor,%by_ip);
+ if ($namespace eq 'file_permissions') {
+ if ($clientversion =~ /^\'?(\d+)\.(\d+)\.[\w.\-]+\'?/) {
+ $major = $1;
+ $minor = $2;
+ }
+ unless ((($major > 2) || (($major == 2) && ($minor > 11))) ||
+ &is_course($udom,$uname)) {
+ $check_portaccess = 1;
+ $access = &portfolio_is_shareable($udom,$uname);
+ }
+ $now = time;
+ }
+
my $hashref = &tie_user_hash($udom, $uname, $namespace, &GDBM_READER()) or
return "error: ".($!+0)." tie(GDBM) Failed while attempting dump";
@@ -78,7 +102,7 @@
#
my $skipcheck;
my @ids = &Apache::lonnet::current_machine_ids();
- my (%homecourses, $major, $minor, $now);
+ my %homecourses;
#
# If dump is for roles.db from a pre-2.10 server, determine the LON-CAPA
# version on the server which requested the data.
@@ -116,6 +140,26 @@
}
}
}
+ if ($namespace eq 'file_permissions') {
+ if ($check_portaccess) {
+ unless ($access) {
+ my $unesckey = &unescape($key);
+ if ($unesckey =~ m{\0((\d+)_\d+_\d+:([a-z]+)_(\d+)_(\d+))$}) {
+ my ($acl,$timestamp,$scope,$end,$start) = ($1,$2,$3,$4);
+ if ($scope eq 'ip') {
+ unless (($start > $now) &&
+ ($end && $end<$now)) {
+ my ($path) = split(/\0/,$unesckey);
+ push(@{$by_ip{$path}},{$acl => $timestamp});
+ }
+ }
+ next;
+ } elsif ($unesckey =~ m{\0accesscontrol$}) {
+ next;
+ }
+ }
+ }
+ }
if ($regexp eq '.') {
$count++;
if (defined($range) && $count >= $end) { last; }
@@ -131,7 +175,29 @@
}
}
}
-
+ if (($namespace eq 'file_permissions') && ($check_portaccess) && (!$access)) {
+ if (keys(%by_ip)) {
+ my %accesscontrol;
+ foreach my $path (keys(%by_ip)) {
+ if (ref($by_ip{$path}) eq 'ARRAY') {
+ foreach my $item (@{$by_ip{$path}}) {
+ if (ref($item) eq 'HASH') {
+ my ($acl,$timestamp) = each(%$item);
+ my $key = &escape("$path\0$acl");
+ my $value = $hashref->{$key};
+ $qresult.= "$key=$value&";
+ $accesscontrol{"$path\0accesscontrol"}{$acl} = $timestamp;
+ }
+ }
+ }
+ }
+ if (keys(%accesscontrol)) {
+ while (my ($key,$value) = each(%accesscontrol)) {
+ $qresult.= &escape($key).'='.&Apache::lonnet::freeze_escape($value).'&';
+ }
+ }
+ }
+ }
&untie_user_hash($hashref) or
return "error: ".($!+0)." untie(GDBM) Failed while attempting dump";
#
@@ -334,6 +400,63 @@
return;
}
+sub portfolio_is_shareable {
+ my ($udom,$uname) = @_;
+ my $check_portaccess = 1;
+ my ($userportaccess,$inststatus,$access);
+ my $hashref = &tie_user_hash($udom, $uname, 'environment', &GDBM_READER());
+ if (ref($hashref) eq 'HASH') {
+ my $accesskey = &escape('tools.portaccess');
+ $userportaccess = $hashref->{$accesskey};
+ $inststatus = $hashref->{'inststatus'};
+ &untie_user_hash($hashref);
+ }
+ if ($userportaccess ne '') {
+ $access = $userportaccess;
+ } else {
+ my %domdefs = &Apache::lonnet::get_domain_defaults($udom);
+ if (ref($domdefs{'portaccess'}) eq 'HASH') {
+ if (($domdefs{'portaccess'}{'_LC_adv'} ne '') &&
+ (&Apache::lonnet::is_advanced_user($udom,$uname))) {
+ if ($domdefs{'portaccess'}{'_LC_adv'}) {
+ $access = 1;
+ } else {
+ $access = 0;
+ }
+ } elsif ($inststatus ne '') {
+ my ($hasaccess,$hasnoaccess);
+ foreach my $affiliation (split(/:/,$inststatus)) {
+ if ($domdefs{'portaccess'}{$affiliation} ne '') {
+ if ($domdefs{'portaccess'}{$affiliation}) {
+ $hasaccess = 1;
+ } else {
+ $hasnoaccess = 1;
+ }
+ }
+ }
+ if ($hasaccess || $hasnoaccess) {
+ if ($hasaccess) {
+ $access = 1;
+ } elsif ($hasnoaccess) {
+ $access = 0;
+ }
+ }
+ } else {
+ if ($domdefs{'portaccess'}{'default'} ne '') {
+ if ($domdefs{'portaccess'}{'default'}) {
+ $access = 1;
+ } elsif ($domdefs{'portaccess'}{'default'} == 0) {
+ $access = 0;
+ }
+ }
+ }
+ } else {
+ $access = 1;
+ }
+ }
+ return $access;
+}
+
sub dump_course_id_handler {
my ($tail) = @_;
Index: loncom/lonnet/perl/lonnet.pm
diff -u loncom/lonnet/perl/lonnet.pm:1.1521 loncom/lonnet/perl/lonnet.pm:1.1522
--- loncom/lonnet/perl/lonnet.pm:1.1521 Thu Dec 28 15:57:28 2023
+++ loncom/lonnet/perl/lonnet.pm Thu Dec 28 18:14:09 2023
@@ -1,7 +1,7 @@
# The LearningOnline Network
# TCP networking package
#
-# $Id: lonnet.pm,v 1.1521 2023/12/28 15:57:28 raeburn Exp $
+# $Id: lonnet.pm,v 1.1522 2023/12/28 18:14:09 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -8004,7 +8004,7 @@
$portaccess = &usertools_access($unum,$udom,'portaccess',undef,'tools');
}
- my ($public,$guest, at domains, at users, at courses, at groups, at ips);
+ my ($public,$guest, at domains, at users, at courses, at groups, at ips, at userips);
my $now = time;
if (ref($access_hash) eq 'HASH') {
foreach my $key (keys(%{$access_hash})) {
@@ -8031,6 +8031,8 @@
push(@groups,$key);
} elsif ($scope eq 'ip') {
push(@ips,$key);
+ } elsif ($scope eq 'userip') {
+ push(@userips,$key);
}
}
if ($public) {
@@ -8048,6 +8050,19 @@
if ($allowed) {
return 'ok';
}
+ } elsif (@userips > 0) {
+ my $allowed;
+ foreach my $useripkey (@userips) {
+ if (ref($access_hash->{$useripkey}{'ip'}) eq 'ARRAY') {
+ if (&Apache::loncommon::check_ip_acc(join(',',@{$access_hash->{$useripkey}{'ip'}}),$clientip)) {
+ $allowed = 1;
+ last;
+ }
+ }
+ }
+ if ($allowed) {
+ return 'ok';
+ }
}
if ($env{'user.name'} eq 'public' && $env{'user.domain'} eq 'public') {
if ($guest) {
More information about the LON-CAPA-cvs
mailing list