[LON-CAPA-cvs] cvs: loncom /cgi archive.pl /interface lonmenu.pm /publisher loncfile.pm

raeburn raeburn at source.lon-capa.org
Tue Sep 3 06:40:04 EDT 2024 

raeburn		Tue Sep  3 10:40:04 2024 EDT

  Modified files:              
    /loncom/publisher	loncfile.pm 
    /loncom/interface	lonmenu.pm 
    /loncom/cgi	archive.pl 
  Log:
  - Only the Author may create/export an archive file from Authoring Space.
  
  
Index: loncom/publisher/loncfile.pm
diff -u loncom/publisher/loncfile.pm:1.129 loncom/publisher/loncfile.pm:1.130
--- loncom/publisher/loncfile.pm:1.129	Tue May 21 02:57:16 2024
+++ loncom/publisher/loncfile.pm	Tue Sep  3 10:40:04 2024
@@ -9,7 +9,7 @@
 #  and displays a page showing the results of the action.
 #
 #
-# $Id: loncfile.pm,v 1.129 2024/05/21 02:57:16 raeburn Exp $
+# $Id: loncfile.pm,v 1.130 2024/09/03 10:40:04 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -1247,7 +1247,14 @@
         } elsif ($env{'form.action'} eq 'decompress') {
 	    &Decompress1($r, $uname, $udom, $fn);
         } elsif ($env{'form.action'} eq 'archive') {
-            &Archive1($r,$fn);
+            if (($uname eq $env{'user.name'}) && ($udom eq $env{'user.domain'})) {
+                &Archive1($r,$fn);
+            } else {
+                $r->print('<p class="LC_error">'
+                         .&mt('Archiving of Authoring Spaces is only permitted by Author')
+                         .'</p></form>'
+                );
+            }
         } elsif ($env{'form.action'} eq 'copy') {
 	    if ($newfilename) {
 	        &Copy1($r, $uname, $udom, $fn, $newfilename);
@@ -1679,7 +1686,13 @@
 	}
 	$dest = $dir."/.";
     } elsif ($env{'form.action'} eq 'archive') {
-        &Archive2($r,$uname,$udom,$fn,$identifier);
+        if (($env{'environment.archive'}) &&
+            ($env{'user.name'} eq $uname) &&
+            ($env{'user.domain'} eq $udom)) {
+            &Archive2($r,$uname,$udom,$fn,$identifier);
+        } else {
+            $r->print(&mt('You do not have permission to export to an archive file in this Authoring Space'));
+        }
         return;
     } elsif ($env{'form.action'} eq 'rename' ||
 	     $env{'form.action'} eq 'move') {
@@ -1778,9 +1791,11 @@
     } elsif($ENV{'QUERY_STRING'} && $env{'form.phase'} ne 'two') {
 	#Just hijack the script only the first time around to inject the
 	#correct information for further processing
-	$fn=&unescape($env{'form.decompress'});
-	$fn=&URLToPath($fn);
-	$env{'form.action'}="decompress";
+        if ($env{'form.decompress'} ne '') {
+	    $fn=&unescape($env{'form.decompress'});
+	    $fn=&URLToPath($fn);
+	    $env{'form.action'}="decompress";
+        }
     } elsif ($env{'form.qualifiedfilename'}) {
 	$fn=$env{'form.qualifiedfilename'};
     } else {
@@ -1813,7 +1828,12 @@
         ($env{'environment.canarchive'})) {
         &Apache::loncommon::content_type($r,'text/plain');
         $r->send_http_header;
-        $r->print(&Archive3($archiveref));
+        if (($env{'user.name'} eq $uname) &&
+            ($env{'user.domain'} eq $udom)) {
+            $r->print(&Archive3($archiveref));
+        } else {
+            $r->print(&mt('You do not have permission to export to an archive file in this Authoring Space'));
+        }
         return OK;
     }
 
Index: loncom/interface/lonmenu.pm
diff -u loncom/interface/lonmenu.pm:1.555 loncom/interface/lonmenu.pm:1.556
--- loncom/interface/lonmenu.pm:1.555	Wed Aug 21 23:55:16 2024
+++ loncom/interface/lonmenu.pm	Tue Sep  3 10:40:04 2024
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Routines to control the menu
 #
-# $Id: lonmenu.pm,v 1.555 2024/08/21 23:55:16 raeburn Exp $
+# $Id: lonmenu.pm,v 1.556 2024/09/03 10:40:04 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -1262,7 +1262,8 @@
 s&7&1&del.png&Delete&dir[_3]&gocstr('/adm/cfile?action=delete','$esc_currdir')&Delete this Directory
 ENDMENUITEMS
                 unless ($crsauthor_cstr) {
-                    if ($env{'environment.canarchive'}) {
+                    if (($env{'environment.canarchive'}) &&
+                        ($uname eq $env{'user.name'}) && ($udom eq $env{'user.domain'})) {
                         $menuitems .= (<<ENDMENUITEMS);
 s&7&7&archive.png&Export&dir[_1]&gocstr('/adm/cfile?action=archive','$esc_currdir')&Export Authoring Space Archive
 ENDMENUITEMS
Index: loncom/cgi/archive.pl
diff -u loncom/cgi/archive.pl:1.2 loncom/cgi/archive.pl:1.3
--- loncom/cgi/archive.pl:1.2	Tue May 21 02:57:17 2024
+++ loncom/cgi/archive.pl	Tue Sep  3 10:40:04 2024
@@ -1,6 +1,6 @@
 #!/usr/bin/perl
 #
-# $Id: archive.pl,v 1.2 2024/05/21 02:57:17 raeburn Exp $
+# $Id: archive.pl,v 1.3 2024/09/03 10:40:04 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -70,10 +70,11 @@
     &Apache::lonlocal::get_language_handle();
     my %lt = &Apache::lonlocal::texthash (
                                             indi => 'Invalid directory name',
+                                            noau => 'Archive creation only available to Author',
                                             outo => 'Output of command:',
                                             comp => 'Archive creation complete.',
                                             erro => 'An error occurred.',
-                                            cctf  => 'Cannot create tar file',
+                                            cctf => 'Cannot create tar file',
                                             dtf  => 'Download tar file',
                                          );
 # Get the identifier and set a lock
@@ -150,6 +151,8 @@
                         if ($hashref->{'extension'}) {
                             $extension = $hashref->{'extension'};
                         }
+                    } else {
+                        $error = 'noau';
                     }
                 }
             } else {

More information about the LON-CAPA-cvs mailing list