--- loncom/homework/daxeopen.pm 2015/12/03 20:40:27 1.1
+++ loncom/homework/daxeopen.pm 2023/11/19 21:28:17 1.14
@@ -1,7 +1,7 @@
# The LearningOnline Network
# Opening converted problems and directory listings for Daxe
#
-# $Id: daxeopen.pm,v 1.1 2015/12/03 20:40:27 damieng Exp $
+# $Id: daxeopen.pm,v 1.14 2023/11/19 21:28:17 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -28,96 +28,356 @@
###
package Apache::daxeopen;
+use strict;
-use Apache::Constants;
+use Apache::Constants qw(:common);
use DateTime;
use Try::Tiny;
use File::stat;
use Fcntl ':mode';
+use LONCAPA qw(:match);
use Apache::loncommon;
use Apache::lonnet;
use Apache::pre_xml;
use Apache::html_to_xml;
use Apache::post_xml;
-
+use Apache::lonlocal;
sub handler {
my $request = shift;
my $uri = $request->uri;
- $uri =~ s/^\/daxeopen//;
+ $uri =~ s{^/daxeopen}{};
&Apache::loncommon::no_cache($request);
- if ($uri =~ /\/$/) {
+ my %editors = &Apache::loncommon::permitted_editors();
+ unless ($editors{'daxe'}) {
+ $request->content_type('text/plain');
+ $request->print(&mt('Daxe editor is not enabled for this Authoring Space.'));
+ $request->status(403);
+ return OK;
+ }
+ if ($uri =~ m{/$}) {
return directory_listing($uri, $request);
- } elsif ($uri =~ /\.(task|problem|exam|quiz|assess|survey|library)$/) {
+ } elsif ($uri =~ m{^/priv/.*\.(task|problem|exam|quiz|assess|survey|library|xml|html|htm|xhtml|xhtm)$}) {
return convert_problem($uri, $request);
+ } elsif ($uri =~ m{^/uploaded/$match_domain/$match_courseid/(docs|supplemental)/(default|\d+)/\d+/.*\.(html|htm|xhtml|xhtm)$}) {
+ return convert_problem($uri, $request);
} else {
# Apache should send other files directly
- return HTTP_NOT_ACCEPTABLE;
+ $request->status(406);
+ return OK;
}
}
sub convert_problem {
my ($uri, $request) = @_;
-
+ if ($uri =~ m{^/priv/$match_domain/$match_username/}) {
+ unless (&has_priv_access($uri)) {
+ $request->content_type('text/plain');
+ $request->print(&mt('Forbidden URI: [_1]',$uri));
+ $request->status(403);
+ return OK;
+ }
+ } elsif ($uri =~ m{^/uploaded/($match_domain)/($match_courseid)/}) {
+ my ($posscdom,$posscnum) = ($1,$2);
+ my $allowed;
+ if ($env{'request.course.id'}) {
+ my $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'};
+ my $cnum = $env{'course.'.$env{'request.course.id'}.'.num'};
+ if (($posscdom eq $cdom) && ($posscnum eq $cnum)) {
+ if (&Apache::lonnet::allowed('mdc',$env{'request.course.id'})) {
+ $allowed = 1;
+ }
+ }
+ }
+ unless ($allowed) {
+ $request->content_type('text/plain');
+ $request->print(&mt('Forbidden URI: [_1]',$uri));
+ $request->status(403);
+ return OK;
+ }
+ }
my $file = &Apache::lonnet::filelocation('', $uri);
- &Apache::lonnet::repcopy($file);
- if (! -e $file) {
- return HTTP_NOT_FOUND;
+ if (&Apache::lonnet::repcopy($file) eq 'ok') {
+ if (! -e $file) {
+ $request->print(&mt('Not found: [_1]',$uri));
+ $request->status(404);
+ return OK;
+ }
+ } else {
+ $request->print(&mt('Forbidden URI: [_1]',$uri));
+ $request->status(403);
+ return OK;
}
try {
my $warnings = 0; # no warning printed
my $textref = &Apache::pre_xml::pre_xml($file, $warnings);
- $textref = &Apache::html_to_xml::html_to_xml($textref, $warnings);
- my $text = &Apache::post_xml::post_xml($textref, $file, $warnings);
+ my $case_sensitive;
+ if ($uri =~ /\.(task)$/) {
+ $case_sensitive = 1;
+ } else {
+ $case_sensitive = 0;
+ }
+ $textref = &Apache::html_to_xml::html_to_xml($textref, $warnings, $case_sensitive);
+ my $text = &Apache::post_xml::post_xml($textref, $file, $Apache::lonnet::perlvar{'lonDocRoot'}, $warnings);
&Apache::loncommon::content_type($request, 'text/xml', 'utf-8');
$request->print($text);
return OK;
} catch {
- die "convert failed for $file: $_";
- #$request->print(''."\n");
- #$request->print("\n");
- #$request->print("convert failed for $file: $_");
- #$request->print("\n");
- #return OK;
+ $request->content_type('text/plain');
+ $request->print(&mt('convert failed for [_1]:',$file)." $_");
+ $request->status(406);
+ return OK;
};
}
sub directory_listing {
my ($uri, $request) = @_;
- my $dirpath = &Apache::lonnet::filelocation('', $uri);
- if (! -e $dirpath) {
- return HTTP_NOT_FOUND;
- }
- $dirpath =~ s/\/$//;
- opendir my $dir, $dirpath or die "Cannot open directory: $dirpath";
- my @files = readdir $dir;
- closedir $dir;
my $res = ''."\n";
- my $dirname = $dirpath;
- $dirname =~ s/^.*\/([^\/]*)$/$1/;
- $res .= "\n";
- foreach my $name (@files) {
- if ($name eq '.' || $name eq '..') {
- next;
- }
- if ($name =~ /\.(bak|log|meta|save)$/) {
- next;
- }
- $sb = stat($dirpath.'/'.$name);
- my $mode = $sb->mode;
- if (S_ISDIR($mode)) {
- $res .= "\n";
+ my $referrer = $request->headers_in->{'Referer'};
+ my ($cdom,$cnum);
+ if ($env{'request.course.id'}) {
+ $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'};
+ $cnum = $env{'course.'.$env{'request.course.id'}.'.num'};
+ }
+ if ($uri eq '/') {
+ $res .= "\n";
+ if (($env{'request.course.id'}) &&
+ ($referrer =~ m{\Qfile=/daxeopen/uploaded/$cdom/$cnum/\E(docs|supplemental)/(default|\d+)/(\d+)/})) {
+ $res .= "\n";
+ } else {
+ # root: let users browse /res
+ $res .= "\n";
+ $res .= "\n";
+ }
+ } elsif ($uri =~ m{^/uploaded/(.*)$}) {
+ my $rem = $1;
+ $rem =~ s{/$}{};
+ if (($env{'request.course.id'}) &&
+ ($referrer =~ m{\Qfile=/daxeopen/uploaded/$cdom/$cnum/\E(docs|supplemental)/(default|\d+)/(\d+)/})) {
+ my ($type,$folder,$rid) = ($1,$2,$3);
+ if ($rem eq '') {
+ $res .= "\n";
+ $res .= "\n";
+ } else {
+ my @expected = ($cdom,$cnum,$type,$folder,$rid);
+ my @rest = split(/\//,$rem);
+ my $valid = 1;
+ for (my $i=0; $i<@rest; $i++) {
+ unless ($rest[$i] eq $expected[$i]) {
+ $valid = 0;
+ last;
+ }
+ }
+ if ($valid) {
+ my $dirname = $rest[-1];
+ $res .= "\n";
+ if (scalar(@rest) == scalar(@expected)) {
+ my $subdir = "/userfiles/$type/$folder/$rid";
+ my ($listref, $listerror) = &Apache::lonnet::dirlist($subdir,$cdom,$cnum,'',1);
+ if ($listerror) {
+ $request->content_type('text/plain');
+ $request->print(&mt('listing error: [_1]',$listerror));
+ $request->status(406);
+ return OK;
+ } elsif (scalar(@{$listref}) == 0) {
+ $request->content_type('text/plain');
+ $request->print(&mt('Not found: [_1]',$uri));
+ $request->status(404);
+ return OK;
+ } else {
+ my @lines = @{$listref};
+ my $dirpath = &LONCAPA::propath($cdom,$cnum).'/userfiles';
+ my $dirname = $uri;
+ $dirname =~ s{^.*/([^/]*)$}{$1};
+ foreach my $line (@lines) {
+ my ($path,$dom,undef,$testdir,undef,undef,undef,undef,$size,undef,$mtime) = split(/\&/,$line,12);
+ my $isdir = ($testdir & 16384);
+ $path =~ s{^$dirpath}{};
+ next if ($path eq '.' || $path eq '..');
+ $path =~ s{/$}{};
+ my $name = $path;
+ if ($isdir) {
+ $res .= "\n";
+ } else {
+ next if ($name =~ /\.bak$/);
+ my $dt = DateTime->from_epoch(epoch => $mtime);
+ my $modified = $dt->iso8601().'Z';
+ $res .= "\n";
+ }
+ }
+ }
+ } else {
+ my $nextidx = scalar(@rest);
+ my $subdir = $expected[$nextidx];
+ $res .= ""."\n";
+ }
+ } else {
+ $request->content_type('text/plain');
+ $request->print(&mt('Forbidden URI: [_1]',$uri));
+ $request->status(403);
+ return OK;
+ }
+ }
+ } else {
+ $request->content_type('text/plain');
+ $request->print(&mt('Forbidden URI: [_1]',$uri));
+ $request->status(403);
+ return OK;
+ }
+ } elsif ($uri !~ m{^/(priv|res)/}) {
+ $request->content_type('text/plain');
+ $request->print(&mt('Not found: [_1]',$uri));
+ $request->status(404);
+ return OK;
+ } elsif ($uri =~ m{^/res/}) {
+ # NOTE: dirlist does not return an error for /res/idontexist/
+ my ($listref, $listerror) = &Apache::lonnet::dirlist($uri);
+ if ($listerror) {
+ $request->content_type('text/plain');
+ $request->print(&mt('listing error: [_1]',$listerror));
+ $request->status(406);
+ return OK;
+ } elsif ($uri =~ m{^/res/[^/]+/$} && scalar(@{$listref}) == 0) {
+ $request->content_type('text/plain');
+ $request->print(&mt('Not found: [_1]',$uri));
+ $request->status(404);
+ return OK;
+ }
+ my $dirname = $uri;
+ $dirname =~ s{^.*/([^/]*)$}{$1};
+ $res .= "\n";
+ my (%is_course,%is_courseauthor);
+ if (ref($listref) eq 'ARRAY') {
+ my @lines = @{$listref};
+ foreach my $line (@lines) {
+ my ($path, $dom, undef, $testdir, undef, undef, undef, undef, $size, undef, $mtime, undef, undef, undef, $obs, undef) = split(/\&/, $line, 16);
+ my $isdir = ($testdir & 16384) || $dom =~ /^(user|domain)$/;
+ $path =~ s{^/home/httpd/html/res/}{};
+ next if $path eq '.' || $path eq '..';
+ next if $path =~ /\.meta$/ || $obs || $path =~ /\.\d+\.[^.]+$/;
+ if ($dom ne 'domain') {
+ my ($udom,$uname);
+ if ($dom eq 'user') {
+ ($udom) = ($uri =~ m{^/res/($match_domain)});
+ $uname = $path;
+ } else {
+ ($udom, $uname) = ($uri =~ m{^/res/($match_domain)/($match_courseid)});
+ }
+ if ($udom ne '' && $uname ne '') {
+ my $key = $udom.':'.$uname;
+ if (exists($is_course{$key})) {
+ if ($is_course{$key}) {
+ next unless ($is_courseauthor{$key});
+ }
+ } else {
+ if (&Apache::lonnet::is_course($udom, $uname)) {
+ $is_course{$key} = 1;
+ if ($env{'request.course.id'}) {
+ my $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'};
+ my $cnum = $env{'course.'.$env{'request.course.id'}.'.num'};
+ if (($cdom eq $udom) && ($cnum eq $uname)) {
+ if (&Apache::lonnet::allowed('mdc', $env{'request.course.id'})) {
+ $is_courseauthor{$key} = 1;
+ }
+ }
+ }
+ # remove courses from the list
+ next unless ($is_courseauthor{$key});
+ } else {
+ $is_course{$key} = 0;
+ }
+ }
+ }
+ }
+ $path =~ s{/$}{};
+ my $name = $path;
+ if ($isdir) {
+ $res .= "\n";
+ } else {
+ my $dt = DateTime->from_epoch(epoch => $mtime);
+ my $modified = $dt->iso8601().'Z';
+ $res .= "\n";
+ }
+ }
+ }
+ } elsif ($uri eq '/priv/') {
+ my $defdom = &get_defdom($referrer);
+ if (!defined $defdom) {
+ $request->content_type('text/plain');
+ $request->print(&mt('Forbidden URI: [_1]',$uri));
+ $request->status(403);
+ return OK;
+ }
+ $res .= "\n";
+ $res .= "\n";
+ } elsif ($uri =~ m{^/priv/($match_domain)/$}) {
+ my $domain = $1;
+ my $defdom = &get_defdom($referrer);
+ if ($domain ne $defdom) {
+ $request->content_type('text/plain');
+ $request->print(&mt('Forbidden URI: [_1]',$uri));
+ $request->status(403);
+ return OK;
+ }
+ my $defname = &get_defname($domain,$referrer);
+ $res .= "\n";
+ $res .= "\n";
+ } elsif ($uri =~ m{^/priv/($match_domain)\/($match_username)/}) {
+ unless (&has_priv_access($uri)) {
+ $request->content_type('text/plain');
+ $request->print(&mt('Forbidden URI: [_1]',$uri));
+ $request->status(403);
+ return OK;
+ }
+ my $dirpath = &Apache::lonnet::filelocation('', $uri);
+ if (! -e $dirpath) {
+ $request->content_type('text/plain');
+ $request->print(&mt('Not found: [_1]',$uri));
+ $request->status(404);
+ return OK;
+ }
+ $dirpath =~ s{/$}{};
+ my @files;
+ if (opendir(my $dir, $dirpath)) {
+ @files = readdir($dir);
+ closedir($dir);
} else {
- $res .= "size; # total size of file, in bytes
- $res .= " size=\"$size\"";
- my $mtime = $sb->mtime; # last modify time in seconds since the epoch
- my $dt = DateTime->from_epoch(epoch => $mtime);
- my $modified = $dt->iso8601().'Z';
- $res .= " modified=\"$modified\"";
- $res .= "/>\n";
+ $request->content_type('text/plain');
+ $request->print(&mt('Error opening directory: [_1]',$dirpath));
+ $request->status(403);
+ return OK;
}
+ my $dirname = $dirpath;
+ $dirname =~ s{^.*/([^/]*)$}{$1};
+ $res .= "\n";
+ foreach my $name (@files) {
+ if ($name eq '.' || $name eq '..') {
+ next;
+ }
+ if ($name =~ /\.(bak|log|meta|save)$/) {
+ next;
+ }
+ my $sb = stat($dirpath.'/'.$name);
+ my $mode = $sb->mode;
+ if (S_ISDIR($mode)) {
+ $res .= "\n";
+ } else {
+ $res .= "size; # total size of file, in bytes
+ $res .= " size=\"$size\"";
+ my $mtime = $sb->mtime; # last modify time in seconds since the epoch
+ my $dt = DateTime->from_epoch(epoch => $mtime);
+ my $modified = $dt->iso8601().'Z';
+ $res .= " modified=\"$modified\"";
+ $res .= "/>\n";
+ }
+ }
+ } else {
+ $request->content_type('text/plain');
+ $request->print(&mt('Not found: [_1]',$uri));
+ $request->status(404);
+ return OK;
}
$res .= "\n";
&Apache::loncommon::content_type($request, 'text/xml', 'utf-8');
@@ -125,26 +385,85 @@ sub directory_listing {
return OK;
}
-# NOTE: binaries should be sent directly be Apache
-# sub send_binary {
-# my ($request, $filepath) = @_;
-#
-# $buffer = '';
-# if (!open(FILE, "<", $filepath)) {
-# return HTTP_NOT_FOUND;
-# }
-# binmode(FILE);
-#
-# # Read file in 32K blocks
-# while ((read(FILE, $buffer, 32768)) != 0) {
-# $request->print($buffer);
-# }
-#
-# if (!close(FILE)) {
-# &Apache::lonnet::logthis("Error closing the file $filepath");
-# }
-# return OK;
-# }
+sub has_priv_access {
+ my ($uri) = @_;
+ my ($ownername,$ownerdom,$ownerhome) =
+ &Apache::lonnet::constructaccess($uri);
+ my $allowed;
+ if (($ownername ne '') && ($ownerdom ne '') && ($ownerhome ne '')) {
+ unless ($ownerhome eq 'no_host') {
+ my @hosts = &Apache::lonnet::current_machine_ids();
+ if (grep(/^\Q$ownerhome\E$/,@hosts)) {
+ $allowed = 1;
+ }
+ }
+ }
+ return $allowed;
+}
+
+sub get_defdom {
+ my ($referrer) = @_;
+ my $defdom;
+ if ($env{'request.role'} =~ m{^au\./($match_domain)/$}) {
+ $defdom = $1;
+ } elsif ($env{'request.role'} =~ m{^(?:ca|aa)\.($match_domain)/($match_username)$}) {
+ $defdom = $1;
+ } elsif ($env{'request.course.id'}) {
+ if ($referrer =~ m{\Qfile=/daxeopen/priv/\E($match_domain)/($match_username)/}) {
+ my ($possdom,$possuname) = ($1,$2);
+ if (&Apache::lonnet::is_course($possdom,$possuname)) {
+ my $crsurl = &Apache::lonnet::courseid_to_courseurl($env{'request.course.id'});
+ if ($crsurl eq "/$possdom/$possuname") {
+ $defdom = $possdom;
+ }
+ } else {
+ if (&Apache::lonnet::domain($possdom) ne '') {
+ $defdom = $possdom;
+ }
+ }
+ }
+ }
+ if ($defdom eq '') {
+ my ($is_adv,$is_author) = &Apache::lonnet::is_advanced_user($env{'user.domain'},$env{'user.name'});
+ if ($is_author) {
+ $defdom = $env{'user.domain'};
+ }
+ }
+ return $defdom;
+}
+
+sub get_defname {
+ my ($domain,$referrer) = @_;
+ my $defname;
+ if ($env{'request.role'} eq "au./$domain/") {
+ $defname = $env{'user.name'};
+ } elsif ($env{'request.role'} =~ m{^(?:ca|aa)\./\Q$domain\E/($match_username)$}) {
+ $defname = $1;
+ } elsif ($env{'request.course.id'}) {
+ if ($referrer =~ m{\Qfile=/daxeopen/priv/\E($match_domain)/($match_username)/}) {
+ my ($possdom,$possuname) = ($1,$2);
+ if ($domain eq $possdom) {
+ if (&Apache::lonnet::is_course($possdom,$possuname)) {
+ my $crsurl = &Apache::lonnet::courseid_to_courseurl($env{'request.course.id'});
+ if ($crsurl eq "/$possdom/$possuname") {
+ $defname = $possuname;
+ }
+ } else {
+ unless (&Apache::lonnet::homeserver($possuname,$possdom) eq 'no_host') {
+ $defname = $possuname;
+ }
+ }
+ }
+ }
+ }
+ if ($defname eq '') {
+ my ($is_adv,$is_author) = &Apache::lonnet::is_advanced_user($domain,$env{'user.name'});
+ if ($is_author) {
+ $defname = $env{'user.name'};
+ }
+ }
+ return $defname;
+}
1;
__END__