--- loncom/lonnet/perl/lonnet.pm	2012/09/25 19:54:38	1.1191
+++ loncom/lonnet/perl/lonnet.pm	2012/10/29 17:39:02	1.1192
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # TCP networking package
 #
-# $Id: lonnet.pm,v 1.1191 2012/09/25 19:54:38 raeburn Exp $
+# $Id: lonnet.pm,v 1.1192 2012/10/29 17:39:02 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -6511,6 +6511,73 @@ sub allowed {
    return 'F';
 }
 
+# ------------------------------------------- Check construction space access
+
+sub constructaccess {
+    my ($url,$setpriv)=@_;
+
+# We do not allow editing of previous versions of files
+    if ($url=~/\.(\d+)\.(\w+)$/) { return ''; }
+
+# Get username and domain from URL
+    my ($ownername,$ownerdomain,$ownerhome);
+
+    ($ownerdomain,$ownername) =
+        ($url=~ m{^(?:\Q$perlvar{'lonDocRoot'}\E|)/priv/($match_domain)/($match_username)/});
+
+# The URL does not really point to any authorspace, forget it
+    unless (($ownername) && ($ownerdomain)) { return ''; }
+
+# Now we need to see if the user has access to the authorspace of
+# $ownername at $ownerdomain
+
+    if (($ownername eq $env{'user.name'}) && ($ownerdomain eq $env{'user.domain'})) {
+# Real author for this?
+       $ownerhome = $env{'user.home'};
+       if (exists($env{'user.priv.au./'.$ownerdomain.'/./'})) {
+          return ($ownername,$ownerdomain,$ownerhome);
+       }
+    } else {
+# Co-author for this?
+        if (exists($env{'user.priv.ca./'.$ownerdomain.'/'.$ownername.'./'}) ||
+            exists($env{'user.priv.aa./'.$ownerdomain.'/'.$ownername.'./'}) ) {
+            $ownerhome = &homeserver($ownername,$ownerdomain);
+            return ($ownername,$ownerdomain,$ownerhome);
+        }
+    }
+
+# We don't have any access right now. If we are not possibly going to do anything about this,
+# we might as well leave
+   unless ($setpriv) { return ''; }
+
+# Backdoor access?
+    my $allowed=&allowed('eco',$ownerdomain);
+# Nope
+    unless ($allowed) { return ''; }
+# Looks like we may have access, but could be locked by the owner of the construction space
+    if ($allowed eq 'U') {
+        my %blocked=&get('environment',['domcoord.author'],
+                         $ownerdomain,$ownername);
+# Is blocked by owner
+        if ($blocked{'domcoord.author'} eq 'blocked') { return ''; }
+    }
+    if (($allowed eq 'F') || ($allowed eq 'U')) {
+# Grant temporary access
+        my $then=$env{'user.login.time'};
+        my $update==$env{'user.update.time'};
+        if (!$update) { $update = $then; }
+        my $refresh=$env{'user.refresh.time'};
+        if (!$refresh) { $refresh = $update; }
+        my $now = time;
+        &check_adhoc_privs($ownerdomain,$ownername,$update,$refresh,
+                           $now,'ca','constructaccess');
+        $ownerhome = &homeserver($ownername,$ownerdomain);
+        return($ownername,$ownerdomain,$ownerhome);
+    }
+# No business here
+    return '';
+}
+
 sub get_comm_blocks {
     my ($cdom,$cnum) = @_;
     if ($cdom eq '' || $cnum eq '') {
@@ -11942,6 +12009,21 @@ allowed($priv,$uri,$symb,$role) : check
 
 =item *
 
+constructaccess($url,$setpriv) : check for access to construction space URL
+
+See if the owner domain and name in the URL match those in the
+expected environment.  If so, return three element list
+($ownername,$ownerdomain,$ownerhome).
+
+Otherwise return the null string.
+
+If second argument 'setpriv' is true, it assigns the privileges,
+and returns the same three element list, unless the owner has
+blocked "ad hoc" Domain Coordinator access to the Author Space,
+in which case the null string is returned.
+
+=item *
+
 definerole($rolename,$sysrole,$domrole,$courole) : define role; define a custom
 role rolename set privileges in format of lonTabs/roles.tab for system, domain,
 and course level