--- loncom/auth/lonacc.pm	2006/04/13 20:47:39	1.77
+++ loncom/auth/lonacc.pm	2006/07/21 18:52:32	1.89
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Cookie Based Access Handler
 #
-# $Id: lonacc.pm,v 1.77 2006/04/13 20:47:39 albertel Exp $
+# $Id: lonacc.pm,v 1.89 2006/07/21 18:52:32 albertel Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -35,8 +35,10 @@ use Apache::File;
 use Apache::lonnet;
 use Apache::loncommon();
 use Apache::lonlocal;
+use Apache::restrictedaccess();
 use CGI::Cookie();
 use Fcntl qw(:flock);
+use LONCAPA;
 
 sub cleanup {
     my ($r)=@_;
@@ -135,6 +137,22 @@ sub get_posted_cgi {
     $r->headers_in->unset('Content-length');
 }
 
+sub passphrase_access_checker {
+    my ($r,$guestkey,$requrl) = @_;
+    my ($num,$scope,$end,$start) = ($guestkey =~ /^([^:]+):([a-z]+)_(\d*)_?(\d*)$/);
+    if ($scope eq 'guest') {
+        if (exists($env{'user.passphrase_access_'.$requrl})) {
+            if (($env{'user.passphrase_access_'.$requrl} == 0) || 
+                ($env{'user.passphrase_access_'.$requrl} > time)) {
+                $env{'request.publicaccess'} = 1;
+                return 'ok'; 
+            }
+        }
+    }
+    $r->set_handlers('PerlHandler'=> \&Apache::restrictedaccess::handler);
+    $r->content_type('perl-script');
+    return;
+}
 
 sub handler {
     my $r = shift;
@@ -150,8 +168,10 @@ sub handler {
         $handle=~s/\W//g;
     }
       
+    my ($sso_login);
     if ($r->user 
 	&& (!$lonid || !-e "$lonidsdir/$handle.id" || $handle eq '') ) {
+	$sso_login = 1;
 	my $domain = $r->dir_config('lonDefDomain');
 	my $home=&Apache::lonnet::homeserver($r->user,$domain);
 	if ($home !~ /(con_lost|no_such_host)/) {
@@ -161,6 +181,10 @@ sub handler {
 	}
     }
 
+    if ($sso_login) {
+	&Apache::lonnet::appenv('request.sso.login' => 1);
+    }
+
     if ($r->dir_config("lonBalancer") eq 'yes') {
 	$r->set_handlers('PerlResponseHandler'=>
 			 [\&Apache::switchserver::handler]);
@@ -191,7 +215,11 @@ sub handler {
 	    &Apache::lonacc::get_posted_cgi($r);
 
 # ---------------------------------------------------------------- Check access
-
+            my $now = time;
+	    if (&Apache::lonnet::is_portfolio_url($requrl)) {
+		my $result = &Apache::lonnet::portfolio_access($r,$requrl);
+		if ($result eq 'ok') { return OK; }
+	    }
             if ($requrl!~/^\/adm|public|prtspool\//) {
 		my $access=&Apache::lonnet::allowed('bre',$requrl);
                 if ($access eq '1') {
@@ -214,7 +242,7 @@ sub handler {
 	    if ($env{'user.name'} eq 'public' && 
 		$env{'user.domain'} eq 'public' &&
 		$requrl !~ m{^/+(res|public)/} &&
-		$requrl !~ m{^/+adm/(help|logout|randomlabel\.png)}) {
+		$requrl !~ m{^/+adm/(help|logout|restrictedaccess|randomlabel\.png)}) {
 		$env{'request.querystring'}=$r->args;
 		$env{'request.firsturl'}=$requrl;
 		return FORBIDDEN;
@@ -282,7 +310,7 @@ sub handler {
         } else { 
             $r->log_reason("Cookie $handle not valid", $r->filename); 
         }
-    }
+	}
 
 # -------------------------------------------- See if this is a public resource
     if ($requrl=~m|^/public/|
@@ -302,8 +330,14 @@ sub handler {
         return OK;
     }
     if ($requrl=~m|^/+adm/+help/+|) {
-	return OK;
+ 	return OK;
+    }
+# ------------------------------------- See if this is a viewable portfolio file
+    if (&Apache::lonnet::is_portfolio_url($requrl)) {
+	my $result = &Apache::lonnet::portfolio_access($r,$requrl);
+	if ($result eq 'ok' ) { return OK; }
     }
+
 # -------------------------------------------------------------- Not authorized
     $requrl=~/\.(\w+)$/;
 #    if ((&Apache::loncommon::fileembstyle($1) eq 'ssi') ||