--- loncom/lonnet/perl/lonnet.pm	2007/12/08 00:28:27	1.931
+++ loncom/lonnet/perl/lonnet.pm	2007/12/21 04:14:24	1.932
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # TCP networking package
 #
-# $Id: lonnet.pm,v 1.931 2007/12/08 00:28:27 albertel Exp $
+# $Id: lonnet.pm,v 1.932 2007/12/21 04:14:24 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -5250,11 +5250,21 @@ sub assignrole {
     } else {
         my $cwosec=$url;
         $cwosec=~s/^\/($match_domain)\/($match_courseid)\/.*/$1\/$2/;
-        unless ((&allowed('c'.$role,$cwosec)) || &allowed('c'.$role,$udom)) { 
-           &logthis('Refused assignrole: '.
-             $udom.' '.$uname.' '.$url.' '.$role.' '.$end.' '.$start.' by '.
-		    $env{'user.name'}.' at '.$env{'user.domain'});
-           return 'refused'; 
+        if (!(&allowed('c'.$role,$cwosec)) && !(&allowed('c'.$role,$udom))) {
+            my $refused;
+            if (($env{'request.course.sec'}  ne '') && ($role eq 'st')) {
+                if (!(&allowed('c'.$role,$url))) {
+                    $refused = 1;
+                }
+            } else {
+                $refused = 1;
+            }
+            if ($refused) { 
+                &logthis('Refused assignrole: '.$udom.' '.$uname.' '.$url.
+                         ' '.$role.' '.$end.' '.$start.' by '.
+	  	         $env{'user.name'}.' at '.$env{'user.domain'});
+                return 'refused';
+            }
         }
         $mrole=$role;
     }