|
version 1.1189, 2012/09/02 16:18:24
|
version 1.1192, 2012/10/29 17:39:02
|
|
Line 1240 sub get_lonbalancer_config {
|
Line 1240 sub get_lonbalancer_config {
|
| |
|
| sub check_loadbalancing { |
sub check_loadbalancing { |
| my ($uname,$udom) = @_; |
my ($uname,$udom) = @_; |
| my ($is_balancer,$dom_in_use,$homeintdom,$rule_in_effect, |
my ($is_balancer,$currtargets,$currrules,$dom_in_use,$homeintdom, |
| $offloadto,$otherserver); |
$rule_in_effect,$offloadto,$otherserver); |
| my $lonhost = $perlvar{'lonHostID'}; |
my $lonhost = $perlvar{'lonHostID'}; |
| my @hosts = ¤t_machine_ids(); |
my @hosts = ¤t_machine_ids(); |
| my $uprimary_id = &Apache::lonnet::domain($udom,'primary'); |
my $uprimary_id = &Apache::lonnet::domain($udom,'primary'); |
|
Line 1266 sub check_loadbalancing {
|
Line 1266 sub check_loadbalancing {
|
| } |
} |
| } |
} |
| if (ref($result) eq 'HASH') { |
if (ref($result) eq 'HASH') { |
| my $currbalancer = $result->{'lonhost'}; |
($is_balancer,$currtargets,$currrules) = |
| my $currtargets = $result->{'targets'}; |
&check_balancer_result($result,@hosts); |
| my $currrules = $result->{'rules'}; |
|
| if ($currbalancer ne '') { |
|
| if (grep(/^\Q$currbalancer\E$/,@hosts)) { |
|
| $is_balancer = 1; |
|
| } |
|
| } |
|
| if ($is_balancer) { |
if ($is_balancer) { |
| if (ref($currrules) eq 'HASH') { |
if (ref($currrules) eq 'HASH') { |
| if ($homeintdom) { |
if ($homeintdom) { |
|
Line 1331 sub check_loadbalancing {
|
Line 1325 sub check_loadbalancing {
|
| } |
} |
| } |
} |
| if (ref($result) eq 'HASH') { |
if (ref($result) eq 'HASH') { |
| my $currbalancer = $result->{'lonhost'}; |
($is_balancer,$currtargets,$currrules) = |
| my $currtargets = $result->{'targets'}; |
&check_balancer_result($result,@hosts); |
| my $currrules = $result->{'rules'}; |
if ($is_balancer) { |
| |
|
| if ($currbalancer eq $lonhost) { |
|
| $is_balancer = 1; |
|
| if (ref($currrules) eq 'HASH') { |
if (ref($currrules) eq 'HASH') { |
| if ($currrules->{'_LC_internetdom'} ne '') { |
if ($currrules->{'_LC_internetdom'} ne '') { |
| $rule_in_effect = $currrules->{'_LC_internetdom'}; |
$rule_in_effect = $currrules->{'_LC_internetdom'}; |
|
Line 1400 sub check_loadbalancing {
|
Line 1391 sub check_loadbalancing {
|
| return ($is_balancer,$otherserver); |
return ($is_balancer,$otherserver); |
| } |
} |
| |
|
| |
sub check_balancer_result { |
| |
my ($result,@hosts) = @_; |
| |
my ($is_balancer,$currtargets,$currrules); |
| |
if (ref($result) eq 'HASH') { |
| |
if ($result->{'lonhost'} ne '') { |
| |
my $currbalancer = $result->{'lonhost'}; |
| |
if (grep(/^\Q$currbalancer\E$/,@hosts)) { |
| |
$is_balancer = 1; |
| |
$currtargets = $result->{'targets'}; |
| |
$currrules = $result->{'rules'}; |
| |
} |
| |
} else { |
| |
foreach my $key (keys(%{$result})) { |
| |
if (($key ne '') && (grep(/^\Q$key\E$/,@hosts)) && |
| |
(ref($result->{$key}) eq 'HASH')) { |
| |
$is_balancer = 1; |
| |
$currrules = $result->{$key}{'rules'}; |
| |
$currtargets = $result->{$key}{'targets'}; |
| |
last; |
| |
} |
| |
} |
| |
} |
| |
} |
| |
return ($is_balancer,$currtargets,$currrules); |
| |
} |
| |
|
| sub get_loadbalancer_targets { |
sub get_loadbalancer_targets { |
| my ($rule_in_effect,$currtargets,$uname,$udom) = @_; |
my ($rule_in_effect,$currtargets,$uname,$udom) = @_; |
| my $offloadto; |
my $offloadto; |
|
Line 6494 sub allowed {
|
Line 6511 sub allowed {
|
| return 'F'; |
return 'F'; |
| } |
} |
| |
|
| |
# ------------------------------------------- Check construction space access |
| |
|
| |
sub constructaccess { |
| |
my ($url,$setpriv)=@_; |
| |
|
| |
# We do not allow editing of previous versions of files |
| |
if ($url=~/\.(\d+)\.(\w+)$/) { return ''; } |
| |
|
| |
# Get username and domain from URL |
| |
my ($ownername,$ownerdomain,$ownerhome); |
| |
|
| |
($ownerdomain,$ownername) = |
| |
($url=~ m{^(?:\Q$perlvar{'lonDocRoot'}\E|)/priv/($match_domain)/($match_username)/}); |
| |
|
| |
# The URL does not really point to any authorspace, forget it |
| |
unless (($ownername) && ($ownerdomain)) { return ''; } |
| |
|
| |
# Now we need to see if the user has access to the authorspace of |
| |
# $ownername at $ownerdomain |
| |
|
| |
if (($ownername eq $env{'user.name'}) && ($ownerdomain eq $env{'user.domain'})) { |
| |
# Real author for this? |
| |
$ownerhome = $env{'user.home'}; |
| |
if (exists($env{'user.priv.au./'.$ownerdomain.'/./'})) { |
| |
return ($ownername,$ownerdomain,$ownerhome); |
| |
} |
| |
} else { |
| |
# Co-author for this? |
| |
if (exists($env{'user.priv.ca./'.$ownerdomain.'/'.$ownername.'./'}) || |
| |
exists($env{'user.priv.aa./'.$ownerdomain.'/'.$ownername.'./'}) ) { |
| |
$ownerhome = &homeserver($ownername,$ownerdomain); |
| |
return ($ownername,$ownerdomain,$ownerhome); |
| |
} |
| |
} |
| |
|
| |
# We don't have any access right now. If we are not possibly going to do anything about this, |
| |
# we might as well leave |
| |
unless ($setpriv) { return ''; } |
| |
|
| |
# Backdoor access? |
| |
my $allowed=&allowed('eco',$ownerdomain); |
| |
# Nope |
| |
unless ($allowed) { return ''; } |
| |
# Looks like we may have access, but could be locked by the owner of the construction space |
| |
if ($allowed eq 'U') { |
| |
my %blocked=&get('environment',['domcoord.author'], |
| |
$ownerdomain,$ownername); |
| |
# Is blocked by owner |
| |
if ($blocked{'domcoord.author'} eq 'blocked') { return ''; } |
| |
} |
| |
if (($allowed eq 'F') || ($allowed eq 'U')) { |
| |
# Grant temporary access |
| |
my $then=$env{'user.login.time'}; |
| |
my $update==$env{'user.update.time'}; |
| |
if (!$update) { $update = $then; } |
| |
my $refresh=$env{'user.refresh.time'}; |
| |
if (!$refresh) { $refresh = $update; } |
| |
my $now = time; |
| |
&check_adhoc_privs($ownerdomain,$ownername,$update,$refresh, |
| |
$now,'ca','constructaccess'); |
| |
$ownerhome = &homeserver($ownername,$ownerdomain); |
| |
return($ownername,$ownerdomain,$ownerhome); |
| |
} |
| |
# No business here |
| |
return ''; |
| |
} |
| |
|
| sub get_comm_blocks { |
sub get_comm_blocks { |
| my ($cdom,$cnum) = @_; |
my ($cdom,$cnum) = @_; |
| if ($cdom eq '' || $cnum eq '') { |
if ($cdom eq '' || $cnum eq '') { |
|
Line 10018 sub symblist {
|
Line 10102 sub symblist {
|
| # --------------------------------------------------------------- Verify a symb |
# --------------------------------------------------------------- Verify a symb |
| |
|
| sub symbverify { |
sub symbverify { |
| my ($symb,$thisurl)=@_; |
my ($symb,$thisurl,$encstate)=@_; |
| my $thisfn=$thisurl; |
my $thisfn=$thisurl; |
| $thisfn=&declutter($thisfn); |
$thisfn=&declutter($thisfn); |
| # direct jump to resource in page or to a sequence - will construct own symbs |
# direct jump to resource in page or to a sequence - will construct own symbs |
|
Line 10054 sub symbverify {
|
Line 10138 sub symbverify {
|
| } |
} |
| if ( |
if ( |
| &symbclean(&declutter($bighash{'map_id_'.$mapid}).'___'.$resid.'___'.$thisfn) |
&symbclean(&declutter($bighash{'map_id_'.$mapid}).'___'.$resid.'___'.$thisfn) |
| eq $symb) { |
eq $symb) { |
| |
if (ref($encstate)) { |
| |
$$encstate = $bighash{'encrypted_'.$id}; |
| |
} |
| if (($env{'request.role.adv'}) || |
if (($env{'request.role.adv'}) || |
| ($bighash{'encrypted_'.$id} eq $env{'request.enc'}) || |
($bighash{'encrypted_'.$id} eq $env{'request.enc'}) || |
| ($thisurl eq '/adm/navmaps')) { |
($thisurl eq '/adm/navmaps')) { |
| $okay=1; |
$okay=1; |
| } |
} |
| } |
} |
| } |
} |
|
Line 11922 allowed($priv,$uri,$symb,$role) : check
|
Line 12009 allowed($priv,$uri,$symb,$role) : check
|
| |
|
| =item * |
=item * |
| |
|
| |
constructaccess($url,$setpriv) : check for access to construction space URL |
| |
|
| |
See if the owner domain and name in the URL match those in the |
| |
expected environment. If so, return three element list |
| |
($ownername,$ownerdomain,$ownerhome). |
| |
|
| |
Otherwise return the null string. |
| |
|
| |
If second argument 'setpriv' is true, it assigns the privileges, |
| |
and returns the same three element list, unless the owner has |
| |
blocked "ad hoc" Domain Coordinator access to the Author Space, |
| |
in which case the null string is returned. |
| |
|
| |
=item * |
| |
|
| definerole($rolename,$sysrole,$domrole,$courole) : define role; define a custom |
definerole($rolename,$sysrole,$domrole,$courole) : define role; define a custom |
| role rolename set privileges in format of lonTabs/roles.tab for system, domain, |
role rolename set privileges in format of lonTabs/roles.tab for system, domain, |
| and course level |
and course level |
|
Line 12255 returns the data handle
|
Line 12357 returns the data handle
|
| |
|
| =item * |
=item * |
| |
|
| symbverify($symb,$thisfn) : verifies that $symb actually exists and is |
symbverify($symb,$thisfn,$encstate) : verifies that $symb actually exists |
| a possible symb for the URL in $thisfn, and if is an encryypted |
and is a possible symb for the URL in $thisfn, and if is an encrypted |
| resource that the user accessed using /enc/ returns a 1 on success, 0 |
resource that the user accessed using /enc/ returns a 1 on success, 0 |
| on failure, user must be in a course, as it assumes the existance of |
on failure, user must be in a course, as it assumes the existence of |
| the course initial hash, and uses $env('request.course.id'} |
the course initial hash, and uses $env('request.course.id'}. The third |
| |
arg is an optional reference to a scalar. If this arg is passed in the |
| |
call to symbverify, it will be set to 1 if the symb has been set to be |
| |
encrypted; otherwise it will be null. |
| |
|
| =item * |
=item * |
| |
|
![[BACK]](/icons/back.gif){kind=icon}
Return to lonnet.pm CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / loncom / lonnet / perl