--- loncom/lti/ltiauth.pm	2021/11/03 01:04:04	1.24
+++ loncom/lti/ltiauth.pm	2021/11/22 23:41:00	1.26
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Basic LTI Authentication Module
 #
-# $Id: ltiauth.pm,v 1.24 2021/11/03 01:04:04 raeburn Exp $
+# $Id: ltiauth.pm,v 1.26 2021/11/22 23:41:00 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -613,20 +613,26 @@ sub handler {
 
     my $reqcrs;
     if ($cnum eq '') {
-        if ((@ltiroles) && ($lti{$itemid}{'mapcrs'}) &&
-            ($ltiroles[0] eq 'Instructor') && ($lcroles[0] eq 'cc') && ($lti{$itemid}{'makecrs'})) {
-            my (%can_request,%request_domains);
-            &Apache::lonnet::check_can_request($cdom,\%can_request,\%request_domains,$uname,$udom);
-            if ($can_request{'lti'}) {
-                $reqcrs = 1;
-                &lti_session($r,$itemid,$uname,$udom,$uhome,$lonhost,undef,$mapurl,$tail,
-                             $symb,$cdom,$cnum,$params,\@ltiroles,$lti{$itemid},\@lcroles,
-                             $reqcrs,$sourcecrs);
+        if ($lti{$itemid}{'crsinc'}) {
+            if ((@ltiroles) && ($lti{$itemid}{'mapcrs'}) &&
+                ($ltiroles[0] eq 'Instructor') && ($lcroles[0] eq 'cc') && ($lti{$itemid}{'makecrs'})) {
+                my (%can_request,%request_domains);
+                &Apache::lonnet::check_can_request($cdom,\%can_request,\%request_domains,$uname,$udom);
+                if ($can_request{'lti'}) {
+                    $reqcrs = 1;
+                    &lti_session($r,$itemid,$uname,$udom,$uhome,$lonhost,undef,$mapurl,$tail,
+                                 $symb,$cdom,$cnum,$params,\@ltiroles,$lti{$itemid},\@lcroles,
+                                 $reqcrs,$sourcecrs);
+                } else {
+                    &invalid_request($r,27);
+                }
             } else {
-                &invalid_request($r,27);
+                &invalid_request($r,28);
             }
         } else {
-            &invalid_request($r,28);
+            &lti_session($r,$itemid,$uname,$udom,$uhome,$lonhost,undef,$mapurl,$tail,
+                         $symb,$cdom,$cnum,$params,\@ltiroles,$lti{$itemid},\@lcroles,
+                         $reqcrs,$sourcecrs);
         }
         return OK;
     }
@@ -894,7 +900,9 @@ sub lti_session {
                 $env{'request.lti.uri'} = $tail;
             } else {
                 unless ($tail eq '/adm/roles') {
-                    $env{'form.origurl'} = '/adm/navmaps';
+                    if ($cnum) {
+                        $env{'form.origurl'} = '/adm/navmaps';
+                    }
                 }
             }
         }
@@ -930,7 +938,7 @@ sub lti_session {
         if ($params->{'launch_presentation_document_target'}) {
             $env{'request.lti.target'} = $params->{'launch_presentation_document_target'};
         }
-        foreach my $key (%{$params}) {
+        foreach my $key (keys(%{$params})) {
             delete($env{'form.'.$key});
         }
         my $redirecturl = '/adm/switchserver';
@@ -942,7 +950,7 @@ sub lti_session {
     } else {
         # need to login them in, so generate the need data that
         # migrate expects to do login
-        foreach my $key (%{$params}) {
+        foreach my $key (keys(%{$params})) {
             delete($env{'form.'.$key});
         }
         if (($ltihash->{'callback'}) && ($params->{$ltihash->{'callback'}})) {
@@ -1002,7 +1010,9 @@ sub lti_session {
                 $info{'origurl'} = $tail;
             } else {
                 unless ($tail eq '/adm/roles') {
-                    $info{'origurl'} = '/adm/navmaps';
+                    if ($cnum) {
+                        $info{'origurl'} = '/adm/navmaps';
+                    }
                 }
             }
         }