--- loncom/auth/lonacc.pm	2009/09/25 13:51:44	1.128
+++ loncom/auth/lonacc.pm	2010/03/03 21:33:10	1.131
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Cookie Based Access Handler
 #
-# $Id: lonacc.pm,v 1.128 2009/09/25 13:51:44 droeschl Exp $
+# $Id: lonacc.pm,v 1.131 2010/03/03 21:33:10 droeschl Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -411,6 +411,22 @@ sub handler {
 	}
 	$env{'request.filename'} = $r->filename;
 	$env{'request.noversionuri'} = &Apache::lonnet::deversion($requrl);
+        if ($requrl =~ m{^/adm/wrapper/ext/}) {
+            my $query = $r->args;
+            if ($query) {
+                my $preserved;
+                foreach my $pair (split(/&/,$query)) {
+                    my ($name, $value) = split(/=/,$pair);
+                    unless ($name eq 'symb') {
+                        $preserved .= $pair.'&';
+                    }
+                }
+                $preserved =~ s/\&$//;
+                if ($preserved) {
+                    $env{'request.external.querystring'} = $preserved;
+                }
+            }
+        }
 # -------------------------------------------------------- Load POST parameters
 
 	&Apache::lonacc::get_posted_cgi($r);
@@ -433,8 +449,16 @@ sub handler {
                 return OK;
             }
 	    if (($access ne '2') && ($access ne 'F')) {
-		$env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
-		return HTTP_NOT_ACCEPTABLE; 
+                if ($requrl =~ m{^/res/}) {
+                    $access = &Apache::lonnet::allowed('bro',$requrl);
+                    if ($access ne 'F') {
+                        $env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
+                        return HTTP_NOT_ACCEPTABLE;
+                    }
+                } else {
+		    $env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
+		    return HTTP_NOT_ACCEPTABLE;
+                }
 	    }
 	}
 	if ($requrl =~ m|^/prtspool/|) {