[LON-CAPA-cvs] cvs: loncom / loncapa_apache.conf lontrans.pm /auth loncacc.pm roles.tab rolesplain.tab
www
www at source.lon-capa.org
Fri Oct 21 12:03:11 EDT 2011
www Fri Oct 21 16:03:11 2011 EDT
Modified files:
/loncom loncapa_apache.conf lontrans.pm
/loncom/auth loncacc.pm roles.tab rolesplain.tab
Log:
Saving my work on Bug #1320.
-------------- next part --------------
Index: loncom/loncapa_apache.conf
diff -u loncom/loncapa_apache.conf:1.204 loncom/loncapa_apache.conf:1.205
--- loncom/loncapa_apache.conf:1.204 Thu May 26 01:05:47 2011
+++ loncom/loncapa_apache.conf Fri Oct 21 16:03:06 2011
@@ -1,7 +1,7 @@
##
## loncapa_apache.conf -- Apache HTTP LON-CAPA configuration file
##
-## $Id: loncapa_apache.conf,v 1.204 2011/05/26 01:05:47 raeburn Exp $
+## $Id: loncapa_apache.conf,v 1.205 2011/10/21 16:03:06 www Exp $
##
#
@@ -258,12 +258,11 @@
ErrorDocument 500 /adm/errorhandler
</LocationMatch>
-<LocationMatch "^/+priv.*">
+<LocationMatch "^/+priv/.*">
AuthType LONCAPA
Require valid-user
PerlAuthzHandler Apache::loncacc
SetHandler perl-script
-PerlHandler Apache::lonconstruct
ErrorDocument 403 /adm/login
ErrorDocument 404 /adm/notfound.html
ErrorDocument 406 /adm/unauthorized
@@ -274,16 +273,6 @@
PerlAccessHandler Apache::lonracc
</LocationMatch>
-<LocationMatch "^/+\~.*">
-AuthType LONCAPA
-Require valid-user
-PerlAuthzHandler Apache::loncacc
-ErrorDocument 403 /adm/login
-ErrorDocument 404 /adm/notfound.html
-ErrorDocument 406 /adm/unauthorized
-ErrorDocument 500 /adm/errorhandler
-</LocationMatch>
-
<LocationMatch "^/adm/helper/.*\.helper$">
AuthType LONCAPA
Require valid-user
@@ -319,22 +308,22 @@
</LocationMatch>
# ------------------------------------------------------------------------- RAT
-<LocationMatch "^/\~.*\.sequence$">
+<LocationMatch "^/+priv/.*\.sequence$">
SetHandler perl-script
PerlHandler Apache::lonratedt
</LocationMatch>
-<LocationMatch "^/\~.*\.page$">
+<LocationMatch "^/+priv/.*\.page$">
SetHandler perl-script
PerlHandler Apache::lonratedt
</LocationMatch>
-<LocationMatch "^/\~.*\/ratserver$">
+<LocationMatch "^/+priv/.*\/ratserver$">
SetHandler perl-script
PerlHandler Apache::lonratsrv
</LocationMatch>
-<LocationMatch "^/\~.*\/adveditmenu$">
+<LocationMatch "^/+priv/.*\/adveditmenu$">
SetHandler perl-script
PerlHandler Apache::lonratmenu
</LocationMatch>
@@ -373,7 +362,7 @@
PerlHandler Apache::lonsequence
</LocationMatch>
-<LocationMatch "^/+(res|\~|public|uploaded|editupload|adm).*\.meta$">
+<LocationMatch "^/+(res|priv|public|uploaded|editupload|adm)/.*\.meta$">
PerlAccessHandler Apache::publiccheck
SetHandler perl-script
PerlHandler Apache::lonmeta
@@ -390,24 +379,24 @@
-<LocationMatch "^/+(res|\~).*\.rights$">
+<LocationMatch "^/+(res|priv)/.*\.rights$">
SetHandler perl-script
PerlHandler Apache::lonrights
</LocationMatch>
-<LocationMatch "^/+(uploaded|res|\~).*\.(xml|html|htm|xhtml|xhtm|sty)$">
+<LocationMatch "^/+(uploaded|res|priv)/.*\.(xml|html|htm|xhtml|xhtm|sty)$">
SetHandler perl-script
PerlHandler Apache::londatecheck
PerlHandler Apache::lonipcheck
PerlHandler Apache::lonxml
</LocationMatch>
-<LocationMatch "^/+(res|\~).*\.(task|problem|exam|quiz|assess|survey|form|library)$">
+<LocationMatch "^/+(res|priv).*\.(task|problem|exam|quiz|assess|survey|form|library)$">
SetHandler perl-script
PerlHandler Apache::lonhomework
</LocationMatch>
-<LocationMatch "^/+\~.*\.(js|css|txt|tex)$">
+<LocationMatch "^/+priv/.*\.(js|css|txt|tex)$">
SetHandler perl-script
PerlHandler Apache::lonxml
</LocationMatch>
@@ -844,7 +833,7 @@
ErrorDocument 500 /adm/errorhandler
</Location>
-<LocationMatch "^/+\~.*/$">
+<LocationMatch "^/+priv/.*/$">
AuthType LONCAPA
Require valid-user
PerlAuthzHandler Apache::loncacc
Index: loncom/lontrans.pm
diff -u loncom/lontrans.pm:1.13 loncom/lontrans.pm:1.14
--- loncom/lontrans.pm:1.13 Wed Dec 6 22:22:36 2006
+++ loncom/lontrans.pm Fri Oct 21 16:03:06 2011
@@ -1,7 +1,7 @@
# The LearningOnline Network
# URL translation for User Files
#
-# $Id: lontrans.pm,v 1.13 2006/12/06 22:22:36 albertel Exp $
+# $Id: lontrans.pm,v 1.14 2011/10/21 16:03:06 www Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -52,12 +52,6 @@
$r->filename(&propath($udom,$uname).
'/userfiles/'.(join('/', at ufile)));
}
- } elsif ($r->uri=~m|^/~|) {
- #internal authentication, needs fixup.
- my $fn = $r->uri(); # non users do not get the full path request
- # through SCRIPT_FILENAME
- $fn=~s|^/~($LONCAPA::username_re)|/home/$1/public_html|;
- $r->filename($fn);
} else { return DECLINED; }
return OK;
}
Index: loncom/auth/loncacc.pm
diff -u loncom/auth/loncacc.pm:1.53 loncom/auth/loncacc.pm:1.54
--- loncom/auth/loncacc.pm:1.53 Tue Sep 27 20:28:38 2011
+++ loncom/auth/loncacc.pm Fri Oct 21 16:03:11 2011
@@ -2,7 +2,7 @@
# Cookie Based Access Handler for Construction Area
# (lonacc: 5/21/99,5/22,5/29,5/31 Gerd Kortemeyer)
#
-# $Id: loncacc.pm,v 1.53 2011/09/27 20:28:38 raeburn Exp $
+# $Id: loncacc.pm,v 1.54 2011/10/21 16:03:11 www Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -97,71 +97,64 @@
use LONCAPA qw(:DEFAULT :match);
sub constructaccess {
- my ($url,$ownerdomain,$setpriv)=@_;
- my ($ownername)=($url=~/\/(?:\~|priv\/|home\/)($match_username)\//);
- unless (($ownername) && ($ownerdomain)) { return ''; }
- # We do not allow editing of previous versions of files.
+ my ($url,$setpriv)=@_;
+
+# We do not allow editing of previous versions of files
if ($url=~/\.(\d+)\.(\w+)$/) { return ''; }
- my @possibledomains = &Apache::lonnet::current_machine_domains();
- if ($ownername eq $env{'user.name'}) {
- foreach my $domain (@possibledomains) {
- if ($domain eq $env{'user.domain'}) {
- return ($ownername,$domain);
- }
- }
- }
-
- foreach my $domain (@possibledomains) {
- if (exists($env{'user.priv.ca./'.$domain.'/'.$ownername.'./'}) ||
- exists($env{'user.priv.aa./'.$domain.'/'.$ownername.'./'}) ) {
- return ($ownername,$domain);
- }
- }
- my $then=$env{'user.login.time'};
- my $update==$env{'user.update.time'};
- if (!$update) {
- $update = $then;
+# Get username and domain from URL
+ my ($ownerdomain,$ownername)=($url=~/^\/priv\/($match_domain)\/($match_username)\//);
+
+# The URL does not really point to any authorspace, forget it
+ unless (($ownername) && ($ownerdomain)) { return ''; }
+
+# Now we need to see if the user has access to the authorspace of
+# $ownername at $ownerdomain
+
+ if (($ownername eq $env{'user.name'}) && ($ownerdomain eq $env{'user.domain'})) {
+# Real author for this?
+ if (exists($env{'user.priv.au./'.$ownerdomain.'/./'})) {
+ return ($ownername,$ownerdomain);
+ }
+ } else {
+# Co-author for this?
+ if (exists($env{'user.priv.ca./'.$ownerdomain.'/'.$ownername.'./'}) ||
+ exists($env{'user.priv.aa./'.$ownerdomain.'/'.$ownername.'./'}) ) {
+ return ($ownername,$ownerdomain);
+ }
}
- my %dcroles = ();
- if (&is_active_dc($ownerdomain,$update)) {
+# We don't have any access right now. If we are not possibly going to do anything about this,
+# we might as well leave
+ unless ($setpriv) { return ''; }
+
+# Backdoor access?
+ my $allowed=&Apache::lonnet::allowed('eco',$ownerdomain);
+# Nope
+ unless ($allowed) { return ''; }
+# Looks like we may have access, but could be locked by the owner of the construction space
+ if ($allowed eq 'U') {
my %blocked=&Apache::lonnet::get('environment',['domcoord.author'],
$ownerdomain,$ownername);
- unless ($blocked{'domcoord.author'} eq 'blocked') {
- if (grep(/^$ownerdomain$/, at possibledomains)) {
- if ($setpriv) {
- my $refresh=$env{'user.refresh.time'};
- if (!$refresh) {
- $refresh = $update;
- }
- my $now = time;
- &Apache::lonnet::check_adhoc_privs($ownerdomain,$ownername,
- $update,$refresh,$now,'ca',
- 'constructaccess');
- }
- return($ownername,$ownerdomain);
- }
- }
+# Is blocked by owner
+ if ($blocked{'domcoord.author'} eq 'blocked') { return ''; }
}
- return '';
-}
-
-sub is_active_dc {
- my ($ownerdomain,$update) = @_;
- my $livedc;
- if ($env{'user.adv'}) {
- my $domrole = $env{'user.role.dc./'.$ownerdomain.'/'};
- if ($domrole) {
- my ($tstart,$tend)=split(/\./,$domrole);
- $livedc = 1;
- if ($tstart && $tstart>$update) { undef($livedc); }
- if ($tend && $tend <$update) { undef($livedc); }
- }
+ if (($allowed eq 'F') || ($allowed eq 'U')) {
+# Grant temporary access
+ my $then=$env{'user.login.time'};
+ my $update==$env{'user.update.time'};
+ if (!$update) { $update = $then; }
+ my $refresh=$env{'user.refresh.time'};
+ if (!$refresh) { $refresh = $update; }
+ my $now = time;
+ &Apache::lonnet::check_adhoc_privs($ownerdomain,$ownername,
+ $update,$refresh,$now,'ca',
+ 'constructaccess');
+ return($ownername,$ownerdomain);
}
- return $livedc;
+# No business here
+ return '';
}
-
sub handler {
my $r = shift;
my $requrl=$r->uri;
@@ -183,7 +176,7 @@
$env{'request.state'} = "construct";
$env{'request.filename'} = $r->filename;
- unless (&constructaccess($requrl,$r->dir_config('lonDefDomain'),'setpriv')) {
+ unless (&constructaccess($requrl,'setpriv')) {
$r->log_reason("Unauthorized $requrl", $r->filename);
return HTTP_NOT_ACCEPTABLE;
}
Index: loncom/auth/roles.tab
diff -u loncom/auth/roles.tab:1.60 loncom/auth/roles.tab:1.61
--- loncom/auth/roles.tab:1.60 Thu Nov 12 15:58:47 2009
+++ loncom/auth/roles.tab Fri Oct 21 16:03:11 2011
@@ -1,6 +1,6 @@
su:s csu&U:sma:mau:cdc&U:dro:psa:adv
dc:s bre:sma:adv:mcr:srm
-dc:d cli&UIK:cau&UIK:cca&UIK:caa&UIK:cdg&UIK:mau:ccc&U:cco&U:cin&UIK:cta&UIK:cep&UIK:ccr&UIK:cst&UIK:cad&UIK:csc&UIK:dro:mky:psa:usc:mpq:mut
+dc:d cli&UIK:cau&UIK:cca&UIK:caa&UIK:cdg&UIK:mau:ccc&U:cco&U:cin&UIK:cta&UIK:cep&UIK:ccr&UIK:cst&UIK:cad&UIK:csc&UIK:dro:mky:psa:usc:mpq:mut:eco&U
cc:s bre:sma:mcr:vsa:adv:vcl
cc:c cin&IK:cta&IK:cep&IK:ccr&IK:cst&IK:are:cre:ere:vgr:gan:dcm:evb:srm:dff:opa:mgr:mqg:mgq:rin:pch:plc:mdc:usc:vsa:vcl:mdg:vcg:pav:pfo:whn:las:pac:dch
co:s bro:sma:mcr:vsa:adv:vcl
Index: loncom/auth/rolesplain.tab
diff -u loncom/auth/rolesplain.tab:1.41 loncom/auth/rolesplain.tab:1.42
--- loncom/auth/rolesplain.tab:1.41 Thu Nov 12 15:58:47 2009
+++ loncom/auth/rolesplain.tab Fri Oct 21 16:03:11 2011
@@ -101,3 +101,4 @@
vmd:View detailed group membership roster
vgh:View group homepage
mgh:Modify group homepage
+eco:Enter other any construction space
More information about the LON-CAPA-cvs
mailing list