[LON-CAPA-cvs] cvs: loncom /auth lonacc.pm
raeburn
raeburn@source.lon-capa.org
Tue, 03 Nov 2009 03:06:08 -0000
raeburn Tue Nov 3 03:06:08 2009 EDT
Modified files:
/loncom/auth lonacc.pm
Log:
- Browsing of /res space by Community Coordinators - 'bro' priv.
- For URLs of items in /res - test if allowed with 'bro' priv, if not allowed for 'bre' priv.
Index: loncom/auth/lonacc.pm
diff -u loncom/auth/lonacc.pm:1.129 loncom/auth/lonacc.pm:1.130
--- loncom/auth/lonacc.pm:1.129 Tue Oct 20 01:57:38 2009
+++ loncom/auth/lonacc.pm Tue Nov 3 03:06:07 2009
@@ -1,7 +1,7 @@
# The LearningOnline Network
# Cookie Based Access Handler
#
-# $Id: lonacc.pm,v 1.129 2009/10/20 01:57:38 raeburn Exp $
+# $Id: lonacc.pm,v 1.130 2009/11/03 03:06:07 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -449,8 +449,16 @@
return OK;
}
if (($access ne '2') && ($access ne 'F')) {
- $env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
- return HTTP_NOT_ACCEPTABLE;
+ if ($requrl =~ m{^/res/}) {
+ $access = &Apache::lonnet::allowed('bro',$requrl);
+ if ($access ne 'F') {
+ $env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
+ return HTTP_NOT_ACCEPTABLE;
+ }
+ } else {
+ $env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
+ return HTTP_NOT_ACCEPTABLE;
+ }
}
}
if ($requrl =~ m|^/prtspool/|) {