--- loncom/auth/lonacc.pm	2009/04/14 23:52:07	1.125
+++ loncom/auth/lonacc.pm	2009/11/03 03:06:07	1.130
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Cookie Based Access Handler
 #
-# $Id: lonacc.pm,v 1.125 2009/04/14 23:52:07 raeburn Exp $
+# $Id: lonacc.pm,v 1.130 2009/11/03 03:06:07 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -278,6 +278,18 @@ sub sso_login {
 
     my ($user) = ($r->user =~ m/([a-zA-Z0-9_\-@.]*)/);
 
+    my $query = $r->args;
+    my %form;
+    if ($query) {
+        my @items = ('role','symb');
+        &Apache::loncommon::get_unprocessed_cgi($query,\@items);
+        foreach my $item (@items) {
+            if (defined($env{'form.'.$item})) {
+                $form{$item} = $env{'form.'.$item};
+            }
+        }
+    }
+
     my $domain = $r->dir_config('lonDefDomain');
     my $home=&Apache::lonnet::homeserver($user,$domain);
     if ($home !~ /(con_lost|no_host|no_such_host)/) {
@@ -302,6 +314,11 @@ sub sso_login {
 		      'server'    => $r->dir_config('lonHostID'),
 		      'sso.login' => 1
 		      );
+            foreach my $item ('role','symb') {
+                if (exists($form{$item})) {
+                    $info{$item} = $form{$item};
+                }
+            }
             if ($r->dir_config("ssodirecturl") == 1) {
                 $info{'origurl'} = $r->uri;
             }
@@ -394,6 +411,22 @@ sub handler {
 	}
 	$env{'request.filename'} = $r->filename;
 	$env{'request.noversionuri'} = &Apache::lonnet::deversion($requrl);
+        if ($requrl =~ m{^/adm/wrapper/ext/}) {
+            my $query = $r->args;
+            if ($query) {
+                my $preserved;
+                foreach my $pair (split(/&/,$query)) {
+                    my ($name, $value) = split(/=/,$pair);
+                    unless (($name eq 'symb') || ($name eq 'wrapperdisplay')) {
+                        $preserved .= $pair.'&';
+                    }
+                }
+                $preserved =~ s/\&$//;
+                if ($preserved) {
+                    $env{'request.external.querystring'} = $preserved;
+                }
+            }
+        }
 # -------------------------------------------------------- Load POST parameters
 
 	&Apache::lonacc::get_posted_cgi($r);
@@ -416,8 +449,16 @@ sub handler {
                 return OK;
             }
 	    if (($access ne '2') && ($access ne 'F')) {
-		$env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
-		return HTTP_NOT_ACCEPTABLE; 
+                if ($requrl =~ m{^/res/}) {
+                    $access = &Apache::lonnet::allowed('bro',$requrl);
+                    if ($access ne 'F') {
+                        $env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
+                        return HTTP_NOT_ACCEPTABLE;
+                    }
+                } else {
+		    $env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
+		    return HTTP_NOT_ACCEPTABLE;
+                }
 	    }
 	}
 	if ($requrl =~ m|^/prtspool/|) {
@@ -440,6 +481,7 @@ sub handler {
 	    $env{'user.domain'} eq 'public' &&
 	    $requrl !~ m{^/+(res|public|uploaded)/} &&
 	    $requrl !~ m{^/adm/[^/]+/[^/]+/aboutme/portfolio$ }x &&
+        $requrl !~ m{^/adm/blockingstatus/.*$} &&
 	    $requrl !~ m{^/+adm/(help|logout|restrictedaccess|randomlabel\.png)}) {
 	    $env{'request.querystring'}=$r->args;
 	    $env{'request.firsturl'}=$requrl;