--- loncom/auth/lonacc.pm	2008/11/29 10:34:30	1.122
+++ loncom/auth/lonacc.pm	2010/03/19 22:22:34	1.130.4.1
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Cookie Based Access Handler
 #
-# $Id: lonacc.pm,v 1.122 2008/11/29 10:34:30 raeburn Exp $
+# $Id: lonacc.pm,v 1.130.4.1 2010/03/19 22:22:34 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -242,7 +242,7 @@ sub upload_size_allowed {
         &Apache::loncommon::add_to_env("form.$item",$savesize);
         my $maxsize= &Apache::lonnet::EXT("resource.$ident.maxfilesize");
         if (!$maxsize) {
-            $maxsize = 100.0;
+            $maxsize = 10.0; # FIXME This should become a domain configuration.
         }
         if ($size > $maxsize) {
             my $warn = 'HWFILETOOBIG'.$ident;
@@ -278,6 +278,18 @@ sub sso_login {
 
     my ($user) = ($r->user =~ m/([a-zA-Z0-9_\-@.]*)/);
 
+    my $query = $r->args;
+    my %form;
+    if ($query) {
+        my @items = ('role','symb');
+        &Apache::loncommon::get_unprocessed_cgi($query,\@items);
+        foreach my $item (@items) {
+            if (defined($env{'form.'.$item})) {
+                $form{$item} = $env{'form.'.$item};
+            }
+        }
+    }
+
     my $domain = $r->dir_config('lonDefDomain');
     my $home=&Apache::lonnet::homeserver($user,$domain);
     if ($home !~ /(con_lost|no_host|no_such_host)/) {
@@ -302,6 +314,11 @@ sub sso_login {
 		      'server'    => $r->dir_config('lonHostID'),
 		      'sso.login' => 1
 		      );
+            foreach my $item ('role','symb') {
+                if (exists($form{$item})) {
+                    $info{$item} = $form{$item};
+                }
+            }
             if ($r->dir_config("ssodirecturl") == 1) {
                 $info{'origurl'} = $r->uri;
             }
@@ -352,6 +369,10 @@ sub handler {
         return OK;
     }
 
+    if ($requrl =~ m{^/res/adm/pages/[^/]+\.(gif|png)$}) {
+        return OK;
+    }
+
     my $handle = &Apache::lonnet::check_for_valid_session($r);
 
     my $result = &sso_login($r,$handle);
@@ -390,6 +411,22 @@ sub handler {
 	}
 	$env{'request.filename'} = $r->filename;
 	$env{'request.noversionuri'} = &Apache::lonnet::deversion($requrl);
+        if ($requrl =~ m{^/adm/wrapper/ext/}) {
+            my $query = $r->args;
+            if ($query) {
+                my $preserved;
+                foreach my $pair (split(/&/,$query)) {
+                    my ($name, $value) = split(/=/,$pair);
+                    unless (($name eq 'symb') || ($name eq 'wrapperdisplay')) {
+                        $preserved .= $pair.'&';
+                    }
+                }
+                $preserved =~ s/\&$//;
+                if ($preserved) {
+                    $env{'request.external.querystring'} = $preserved;
+                }
+            }
+        }
 # -------------------------------------------------------- Load POST parameters
 
 	&Apache::lonacc::get_posted_cgi($r);
@@ -412,8 +449,24 @@ sub handler {
                 return OK;
             }
 	    if (($access ne '2') && ($access ne 'F')) {
-		$env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
-		return HTTP_NOT_ACCEPTABLE; 
+                if ($requrl =~ m{^/res/}) {
+                    $access = &Apache::lonnet::allowed('bro',$requrl);
+                    if ($access ne 'F') {
+                        if ($requrl eq '/res/lib/templates/simpleproblem.problem/smpedit') {
+                            $access = &Apache::lonnet::allowed('bre','/res/lib/templates/simpleproblem.problem');
+                            if ($access ne 'F') {
+                                $env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
+                                return HTTP_NOT_ACCEPTABLE;
+                            }
+                        } else {
+                            $env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
+                            return HTTP_NOT_ACCEPTABLE;
+                        }
+                    }
+                } else {
+		    $env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
+		    return HTTP_NOT_ACCEPTABLE;
+                }
 	    }
 	}
 	if ($requrl =~ m|^/prtspool/|) {
@@ -436,6 +489,7 @@ sub handler {
 	    $env{'user.domain'} eq 'public' &&
 	    $requrl !~ m{^/+(res|public|uploaded)/} &&
 	    $requrl !~ m{^/adm/[^/]+/[^/]+/aboutme/portfolio$ }x &&
+        $requrl !~ m{^/adm/blockingstatus/.*$} &&
 	    $requrl !~ m{^/+adm/(help|logout|restrictedaccess|randomlabel\.png)}) {
 	    $env{'request.querystring'}=$r->args;
 	    $env{'request.firsturl'}=$requrl;
@@ -445,6 +499,7 @@ sub handler {
 	if ($env{'request.course.id'}) {
 	    &Apache::lonnet::countacc($requrl);
 	    $requrl=~/\.(\w+)$/;
+            my $query=$r->args;
 	    if ((&Apache::loncommon::fileembstyle($1) eq 'ssi') ||
 		($requrl=~/^\/adm\/.*\/(aboutme|navmaps|smppg|bulletinboard)(\?|$ )/x) ||
 		($requrl=~/^\/adm\/wrapper\//) ||
@@ -452,7 +507,6 @@ sub handler {
 		($requrl=~m|\.problem/smpedit$|) ||
 		($requrl=~/^\/public\/.*\/syllabus$/)) {
 # ------------------------------------- This is serious stuff, get symb and log
-		my $query=$r->args;
 		my $symb;
 		if ($query) {
 		    &Apache::loncommon::get_unprocessed_cgi($query,['symb']);
@@ -499,6 +553,18 @@ sub handler {
 # ------------------------------------------------------- This is other content
 		&Apache::lonnet::courseacclog($requrl);    
 	    }
+            my $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'};;
+            my $cnum = $env{'course.'.$env{'request.course.id'}.'.num'};;
+            if ($requrl =~ m{^/+uploaded/\Q$cdom\E/\Q$cnum\E/docs/.+\.html?$}) {
+                if (&Apache::lonnet::allowed('mdc',$env{'request.course.id'})) {
+                    if ($query) {
+                        &Apache::loncommon::get_unprocessed_cgi($query,['forceedit']);
+                        if ($env{'form.forceedit'}) {
+                            $env{'request.state'} = 'edit';
+                        }
+                    }
+                }
+            }
 	}
 	return OK;
     }