--- loncom/lonnet/perl/lonnet.pm	2000/12/28 19:57:30	1.82
+++ loncom/lonnet/perl/lonnet.pm	2000/12/29 19:28:19	1.83
@@ -81,7 +81,7 @@
 # 10/06,10/09,10/10,10/11,10/14,10/20,10/23,10/25,10/26,10/27,10/28,10/29, 
 # 10/30,10/31,
 # 11/2,11/14,11/15,11/16,11/20,11/21,11/22,11/25,11/27,
-# 12/02,12/12,12/13,12/14,12/28 Gerd Kortemeyer
+# 12/02,12/12,12/13,12/14,12/28,12/29 Gerd Kortemeyer
 
 package Apache::lonnet;
 
@@ -901,8 +901,9 @@ sub allowed {
 # Course: uri itself is a course
     my $courseuri=$uri;
     $courseuri=~s/\_(\d)/\/$1/;
+    $courseuri=~s/^([^\/])/\/$1/;
 
-    if ($ENV{'user.priv.'.$ENV{'request.role'}.'./'.$courseuri}
+    if ($ENV{'user.priv.'.$ENV{'request.role'}.'.'.$courseuri}
        =~/$priv\&([^\:]*)/) {
        $thisallowed.=$1;
     }
@@ -944,7 +945,7 @@ sub allowed {
                $checkreferer=0;
            }
        }
-
+       
        if (($ENV{'HTTP_REFERER'}) && ($checkreferer)) {
 	  my $refuri=$ENV{'HTTP_REFERER'};
           $refuri=~s/^http\:\/\/$ENV{'request.host'}//i;
@@ -1165,13 +1166,12 @@ sub filedescription {
 sub assignrole {
     my ($udom,$uname,$url,$role,$end,$start)=@_;
     my $mrole;
-    $url=declutter($url);
     if ($role =~ /^cr\//) {
 	unless (&allowed('ccr',$url)) { return 'refused'; }
         $mrole='cr';
     } else {
         my $cwosec=$url;
-        $cwosec=~s/^(\w+)\/(\w+)\/.*/$1\/$2/;
+        $cwosec=~s/^\/(\w+)\/(\w+)\/.*/$1\/$2/;
         unless (&allowed('c'.$role,$cwosec)) { return 'refused'; }
         $mrole=$role;
     }
@@ -1292,7 +1292,7 @@ sub modifystudent {
 	return 'error: '.$reply;
     }
 # ---------------------------------------------------- Add student role to user
-    my $uurl=$cid;
+    my $uurl='/'.$cid;
     $uurl=~s/\_/\//g;
     if ($usec) {
 	$uurl.='/'.$usec;