--- d:\devel\src\TWikiBeijingRelease\bin\rdiff	Sat Feb 01 15:57:32 2003
+++ bin/rdiff	Sat Jul 05 21:42:22 2003
@@ -93,7 +93,7 @@
     return $text;
 }
 
-
+# =========================
 sub getRevInfo
 {
     my( $web, $rev, $topic, $short ) = @_;
@@ -114,6 +114,32 @@
     return $revInfo;
 }
 
+# =========================
+sub tryEnterAuthMode
+{
+    my ( $theQuery, $theWeb, $theTopic ) = @_;
+
+    my $myRdiffauthFile = $ENV{'SCRIPT_FILENAME'};
+    my $substdone = ( $myRdiffauthFile =~ 
+            s|/rdiff\Q$TWiki::scriptSuffix\E$|/rdiffauth$TWiki::scriptSuffix| );
+    my $remoteuser = $theQuery->remote_user();
+    if( $substdone && ( ! $remoteuser ) && (-e $myRdiffauthFile ) ) {
+        # try again with authenticated rdiffauth script
+        # instead of non authenticated rdiff script
+        my $url = $ENV{"REQUEST_URI"};
+        if( $url ) {
+            # $url i.e. is "/twiki/bin/rdiff.cgi/Web/Topic?cms1=val1&cmd2=val2"
+            $url =~ s|\Q$TWiki::scriptUrlPath\E/rdiff|$TWiki::scriptUrlPath/rdiffauth|;
+            $url = "$TWiki::urlHost$url";
+        } else {
+            $url = "$TWiki::urlHost$TWiki::scriptUrlPath/$myRdiffauthFile/$theWeb/$theTopic";
+        }
+        TWiki::redirect( $theQuery, $url );
+        return 1;
+    }
+
+    return 0;
+}
 
 sub main
 {
@@ -125,7 +151,7 @@
     ( $topic, $webName, $scriptUrlPath, $userName ) = 
 	&TWiki::initialize( $thePathInfo, $theRemoteUser, $theTopic, $theUrl, $query );
 
-    my $tmpl = "", $text = "", $diff = "";
+    my $tmpl = "", $text = "", $diff = "", $alldiffs = "";
     my $rev1 = $query->param( "rev1" );
     my $rev2 = $query->param( "rev2" );
     my $maxrev= 1;
@@ -140,6 +166,22 @@
         return;
     }
 
+    # topic access check
+    my $myWikiUserName = &TWiki::userToWikiName( $userName );
+    if( ! &TWiki::Access::checkAccessPermission( 
+            "view", $myWikiUserName, "", $topic, $webName ) ) {
+        # topic read access denied, maybe the user is still not authenticated?
+        if( tryEnterAuthMode( $query, $webName, $topic ) ) {
+            # redirect done
+            return;
+        } else {
+            # no chance to authenticate, so report "access denied"
+            my $url = &TWiki::getOopsUrl( $webName, $topic, "oopsaccessview" );
+            TWiki::redirect( $query, $url );
+            return;
+        }
+    }
+
     # get view template, standard view or a view with a different skin
     my $skin = $query->param( "skin" ) || &TWiki::Prefs::getPreferencesValue( "SKIN" );
     $tmpl = &TWiki::Store::readTemplate( "rdiff", $skin );
@@ -170,23 +212,12 @@
 	$rev2 = 1;
     }
 
-    # check access permission
-    my $wikiUserName = &TWiki::userToWikiName( $userName );
-    my $viewAccessOK = &TWiki::Access::checkAccessPermission( "view", $wikiUserName, "", $topic, $webName );
-    if( ( $TWiki::readTopicPermissionFailed ) || ( ! $viewAccessOK ) ) {
-        my $url = &TWiki::getOopsUrl( $webName, $topic, "oopsaccessview" );
-        TWiki::redirect( $query, $url );
-        return;
-    }
-
     # format "before" part
     $before =~ s/%REVTITLE1%/$revTitle1/go;
     $before =~ s/%REVTITLE2%/$revTitle2/go;
     $before = &TWiki::handleCommonTags( $before, $topic );
     $before = &TWiki::getRenderedVersion( $before );
     $before =~ s|( ?) *</*nop/*>\n?|$1|gois;   # remove <nop> tags (PTh 06 Nov 2000)
-    &TWiki::writeHeader( $query );
-    print $before;
 
     # do one or more diffs
     $difftmpl = &TWiki::handleCommonTags( $difftmpl, $topic );
@@ -205,7 +236,8 @@
             $text = renderRevisionDiff( $text, $topic );
             $diff =~ s/%TEXT%/$text/go;
             $diff =~ s|( ?) *</*nop/*>\n?|$1|gois;   # remove <nop> tags (PTh 06 Nov 2000)
-            print $diff;
+            $alldiffs .= $diff;
+
             $r1 = $r1 - 1;
             $r2 = $r2 - 1;
             if( $r2 < 1 ) { $r2 = 1; }
@@ -217,7 +249,7 @@
         $diff =~ s/%REVTITLE2%/$revTitle2/go;
         $diff =~ s/%TEXT%//go;
         $diff =~ s|( ?) *</*nop/*>\n?|$1|gois;   # remove <nop> tags (PTh 06 Nov 2000)
-        print $diff;
+        $alldiffs .= $diff;
     }
 
     if( $TWiki::doLogTopicRdiff ) {
@@ -265,5 +297,19 @@
     $after = &TWiki::getRenderedVersion( $after );
     $after =~ s|( ?) *</*nop/*>\n?|$1|gois;   # remove <nop> tags (PTh 06 Nov 2000)
 
+    # included topics access check
+    if( $TWiki::readTopicPermissionFailed ) {
+        # can't some accessed topic, maybe the user is still not authenticated?
+        if( tryEnterAuthMode( $query, $webName, $topic ) ) {
+            # redirect done
+            return;
+        }
+
+        # no chance to authenticate, so continue with those unreadable topics
+    }
+
+    &TWiki::writeHeader( $query );
+    print $before;
+    print $alldiffs;
     print $after;
 }