version 1.8, 2011/10/17 17:23:25
|
version 1.14, 2015/05/04 15:43:57
|
Line 225 sub check_domain_ip {
|
Line 225 sub check_domain_ip {
|
|
|
Inputs: $page, the identifier of the page to be viewed, |
Inputs: $page, the identifier of the page to be viewed, |
can be one of the keys in the hash from &serverstatus_titles() |
can be one of the keys in the hash from &serverstatus_titles() |
|
$domain (optional), a specific domain for which the page is needed. |
|
|
Returns: 1 if access to the page is permitted. |
Returns: 1 if access to the page is permitted, or &-separated list of domains |
|
for which access is allowed, if $page is domconf, and not superuser. |
Access allowed if one of the following is true: |
Access allowed if one of the following is true: |
(a) Requestor has LON-CAPA superuser role |
(a) Requestor has LON-CAPA superuser role |
(b) Requestor's role is Domain Coordinator in one of the domains |
(b) Requestor's role is Domain Coordinator in requested domain |
|
(if specified) or (if unspecified) in one of the domains |
hosted on this server |
hosted on this server |
(c) Domain configurations for domains hosted on this server include |
(c) The domain configuration for the particular domain (if specified), |
the requestor as one of the named users (username:domain) with access |
or domain configurations for domains hosted on this server (if |
to the page. |
specific domain not specified), include the requestor as one of |
|
the named users (username:domain) with access to the page. |
|
|
In the case of requests for the 'showenv' page (/adm/test), the domains tested |
In the case of requests for the 'showenv' page (/adm/test), the domains tested |
are not the domains hosted on the server, but instead are a single domain - |
are not the domains hosted on the server, but instead are a single domain - |
Line 246 Returns: 1 if access to the page is perm
|
Line 250 Returns: 1 if access to the page is perm
|
############################################# |
############################################# |
############################################# |
############################################# |
sub can_view { |
sub can_view { |
my ($page) = @_; |
my ($page,$domain) = @_; |
my $allowed; |
my $allowed; |
if ($Apache::lonnet::env{'request.role'} =~ m{^su\./}) { |
if ($Apache::lonnet::env{'request.role'} =~ m{^su\./}) { |
$allowed = 1; |
$allowed = 1; |
Line 267 sub can_view {
|
Line 271 sub can_view {
|
} |
} |
} else { |
} else { |
@poss_domains = &Apache::lonnet::current_machine_domains(); |
@poss_domains = &Apache::lonnet::current_machine_domains(); |
|
if ($domain ne '') { |
|
if (grep(/^\Q$domain\E$/,@poss_domains)) { |
|
@poss_domains = ($domain); |
|
} else { |
|
undef(@poss_domains); |
|
} |
|
} |
} |
} |
unless ($allowed) { |
unless ($allowed) { |
|
my %alloweddoms; |
foreach my $dom (@poss_domains) { |
foreach my $dom (@poss_domains) { |
my %domconfig = &Apache::lonnet::get_dom('configuration',['serverstatuses'], |
my %domconfig = &Apache::lonnet::get_dom('configuration',['serverstatuses'], |
$dom); |
$dom); |
if ($Apache::lonnet::env{'request.role'} eq "dc./$dom/") { |
if ($Apache::lonnet::env{'request.role'} eq "dc./$dom/") { |
$allowed = 1; |
if ($page eq 'domconf') { |
|
$alloweddoms{$dom} = 1; |
|
} else { |
|
$allowed = 1; |
|
} |
} elsif (ref($domconfig{'serverstatuses'}) eq 'HASH') { |
} elsif (ref($domconfig{'serverstatuses'}) eq 'HASH') { |
if (ref($domconfig{'serverstatuses'}{$page}) eq 'HASH') { |
if (ref($domconfig{'serverstatuses'}{$page}) eq 'HASH') { |
if ($domconfig{'serverstatuses'}{$page}{'namedusers'} ne '') { |
if ($domconfig{'serverstatuses'}{$page}{'namedusers'} ne '') { |
my @okusers = split(/,/,$domconfig{'serverstatuses'}{$page}{'namedusers'}); |
my @okusers = split(/,/,$domconfig{'serverstatuses'}{$page}{'namedusers'}); |
if (grep(/^\Q$Apache::lonnet::env{'user.name'}:$Apache::lonnet::env{'user.domain'}\E$/,@okusers)) { |
if (grep(/^\Q$Apache::lonnet::env{'user.name'}:$Apache::lonnet::env{'user.domain'}\E$/,@okusers)) { |
$allowed = 1; |
if ($page eq 'domconf') { |
|
$alloweddoms{$dom} = 1; |
|
} else { |
|
$allowed = 1; |
|
} |
|
} |
|
unless ($page eq 'domconf') { |
|
last if ($allowed); |
} |
} |
} |
} |
} |
} |
} |
} |
last if $allowed; |
} |
|
if (($page eq 'domconf') && (!$allowed)) { |
|
$allowed = join('&',sort(keys(%alloweddoms))); |
} |
} |
} |
} |
} |
} |
Line 355 sub serverstatus_titles {
|
Line 380 sub serverstatus_titles {
|
'loncron' => 'Generate Detailed Report', |
'loncron' => 'Generate Detailed Report', |
'server-status' => 'Apache Status Page', |
'server-status' => 'Apache Status Page', |
'codeversions' => 'LON-CAPA Module Versions', |
'codeversions' => 'LON-CAPA Module Versions', |
|
'checksums' => 'LON-CAPA Module Checking', |
|
'diskusage' => 'Course/Community Disk Usage', |
'clusterstatus' => 'Domain status', |
'clusterstatus' => 'Domain status', |
'metadata_keywords' => 'Display Metadata Keywords', |
'metadata_keywords' => 'Display Metadata Keywords', |
'metadata_harvest' => 'Harvest Metadata Searches', |
'metadata_harvest' => 'Harvest Metadata Searches', |
Line 362 sub serverstatus_titles {
|
Line 389 sub serverstatus_titles {
|
'takeonline' => 'Online - restore Log-in page', |
'takeonline' => 'Online - restore Log-in page', |
'showenv' => 'Show user environment', |
'showenv' => 'Show user environment', |
'toggledebug' => 'Toggle debug messages', |
'toggledebug' => 'Toggle debug messages', |
|
'ping' => 'Cause server to ping another server', |
|
'domconf' => 'Text Display of Domain Configuration', |
|
'uniquecodes' => 'Six-character Course Codes', |
|
'coursecatalog' => 'Course/Community Catalog with enrollment data', |
); |
); |
return \%titles; |
return \%titles; |
} |
} |