[LON-CAPA-cvs] cvs: loncom /interface lonaboutme.pm /lonnet/perl lonnet.pm

albertel lon-capa-cvs@mail.lon-capa.org
Thu, 29 Apr 2004 17:25:11 -0000


albertel		Thu Apr 29 13:25:11 2004 EDT

  Modified files:              
    /loncom/interface	lonaboutme.pm 
    /loncom/lonnet/perl	lonnet.pm 
  Log:
  - removing the tokenwrapper mechanism and shift to using httpref mode
  
  
Index: loncom/interface/lonaboutme.pm
diff -u loncom/interface/lonaboutme.pm:1.19 loncom/interface/lonaboutme.pm:1.20
--- loncom/interface/lonaboutme.pm:1.19	Wed Jan 14 17:08:23 2004
+++ loncom/interface/lonaboutme.pm	Thu Apr 29 13:25:11 2004
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # "About Me" Personal Information
 #
-# $Id: lonaboutme.pm,v 1.19 2004/01/14 22:08:23 www Exp $
+# $Id: lonaboutme.pm,v 1.20 2004/04/29 17:25:11 albertel Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -132,8 +132,10 @@
        $lastmod=($lastmod?&Apache::lonlocal::locallocaltime($lastmod):&mt('never'));
        $r->print(&mt('Last updated').': '.$lastmod);
        if ($syllabus{'uploaded.photourl'}) {
-	   $r->print('<img src="'.
-             &Apache::lonnet::tokenwrapper($syllabus{'uploaded.photourl'}).
+	   
+	   &Apache::lonnet::allowuploaded('/adm/aboutme',
+					  $syllabus{'uploaded.photourl'});
+	   $r->print('<img src="'.$syllabus{'uploaded.photourl'}.
              '" align="right" />');
        }
        if ($allowed) {
Index: loncom/lonnet/perl/lonnet.pm
diff -u loncom/lonnet/perl/lonnet.pm:1.491 loncom/lonnet/perl/lonnet.pm:1.492
--- loncom/lonnet/perl/lonnet.pm:1.491	Thu Apr 29 03:57:47 2004
+++ loncom/lonnet/perl/lonnet.pm	Thu Apr 29 13:25:11 2004
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # TCP networking package
 #
-# $Id: lonnet.pm,v 1.491 2004/04/29 07:57:47 albertel Exp $
+# $Id: lonnet.pm,v 1.492 2004/04/29 17:25:11 albertel Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -1165,23 +1165,21 @@
     return $response->content;
 }
 
-# ------- Add a token to a remote URI's query string to vouch for access rights
+# -------------------------------- Allow a /uploaded/ URI to be vouched for
+
+sub allowuploaded {
+    my ($srcurl,$url)=@_;
+    $url=&clutter(&declutter($url));
+    my $dir=$url;
+    $dir=~s/\/[^\/]+$//;
+    my %httpref=();
+    my $httpurl=&hreflocation('',$url);
+    $httpref{'httpref.'.$httpurl}=$srcurl;
+    &Apache::lonnet::appenv(%httpref);
+}
 
 sub tokenwrapper {
-    my $uri=shift;
-    $uri=~s/^http\:\/\/([^\/]+)//;
-    $uri=~s/^\///;
-    $ENV{'user.environment'}=~/\/([^\/]+)\.id/;
-    my $token=$1;
-#    if ($uri=~/^uploaded\/([^\/]+)\/([^\/]+)\/([^\/]+)(\?\.*)*$/) {
-    if ($uri=~m|^uploaded/([^/]+)/([^/]+)/(.+)(\?\.*)*$|) {
-	&appenv('userfile.'.$1.'/'.$2.'/'.$3 => $ENV{'request.course.id'});
-        return 'http://'.$hostname{ &homeserver($2,$1)}.'/'.$uri.
-               (($uri=~/\?/)?'&':'?').'token='.$token.
-                               '&tokenissued='.$perlvar{'lonHostID'};
-    } else {
-	return '/adm/notfound.html';
-    }
+    &FIXME_blow_up;
 }
 
 # --------- File operations in /home/httpd/html/userfiles/$domain/1/2/3/$course
@@ -2688,10 +2686,15 @@
 
 # URI is an uploaded document for this course
 
-    if (($priv eq 'bre') && 
-        ($uri=~/^uploaded\/$ENV{'course.'.$ENV{'request.course.id'}.'.domain'}\/$ENV{'course.'.$ENV{'request.course.id'}.'.num'}/)) {
-        return 'F';
+    if (($priv eq 'bre') && ($uri=~m|^uploaded/|)) {
+	my $refuri=$ENV{'httpref.'.$orguri};
+	if ($refuri) {
+	    if ($refuri =~ m|^/adm/|) {
+		$thisallowed='F';
+	    }
+	}
     }
+
 # Full access at system, domain or course-wide level? Exit.
 
     if ($thisallowed=~/F/) {