--- loncom/auth/lonacc.pm	2009/10/20 01:57:38	1.129
+++ loncom/auth/lonacc.pm	2010/03/29 13:31:01	1.134
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Cookie Based Access Handler
 #
-# $Id: lonacc.pm,v 1.129 2009/10/20 01:57:38 raeburn Exp $
+# $Id: lonacc.pm,v 1.134 2010/03/29 13:31:01 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -417,7 +417,7 @@ sub handler {
                 my $preserved;
                 foreach my $pair (split(/&/,$query)) {
                     my ($name, $value) = split(/=/,$pair);
-                    unless (($name eq 'symb') || ($name eq 'wrapperdisplay')) {
+                    unless ($name eq 'symb') {
                         $preserved .= $pair.'&';
                     }
                 }
@@ -449,8 +449,24 @@ sub handler {
                 return OK;
             }
 	    if (($access ne '2') && ($access ne 'F')) {
-		$env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
-		return HTTP_NOT_ACCEPTABLE; 
+                if ($requrl =~ m{^/res/}) {
+                    $access = &Apache::lonnet::allowed('bro',$requrl);
+                    if ($access ne 'F') {
+                        if ($requrl eq '/res/lib/templates/simpleproblem.problem/smpedit') {
+                            $access = &Apache::lonnet::allowed('bre','/res/lib/templates/simpleproblem.problem');
+                            if ($access ne 'F') {
+                                $env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
+                                return HTTP_NOT_ACCEPTABLE;
+                            }
+                        } else {
+                            $env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
+                            return HTTP_NOT_ACCEPTABLE;
+                        }
+                    }
+                } else {
+		    $env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
+		    return HTTP_NOT_ACCEPTABLE;
+                }
 	    }
 	}
 	if ($requrl =~ m|^/prtspool/|) {
@@ -485,11 +501,13 @@ sub handler {
 	    $requrl=~/\.(\w+)$/;
             my $query=$r->args;
 	    if ((&Apache::loncommon::fileembstyle($1) eq 'ssi') ||
-		($requrl=~/^\/adm\/.*\/(aboutme|navmaps|smppg|bulletinboard)(\?|$ )/x) ||
+		($requrl=~/^\/adm\/.*\/(aboutme|smppg|bulletinboard)(\?|$ )/x) ||
 		($requrl=~/^\/adm\/wrapper\//) ||
 		($requrl=~m|^/adm/coursedocs/showdoc/|) ||
 		($requrl=~m|\.problem/smpedit$|) ||
-		($requrl=~/^\/public\/.*\/syllabus$/)) {
+		($requrl=~/^\/public\/.*\/syllabus$/) ||
+                ($requrl=~/^\/adm\/(viewclasslist|navmaps)$/) ||
+                ($requrl=~/^\/adm\/.*\/aboutme\/portfolio(\?|$)/)) {
 # ------------------------------------- This is serious stuff, get symb and log
 		my $symb;
 		if ($query) {
@@ -504,7 +522,9 @@ sub handler {
 						  'last_known' =>[$murl,$mid]);
 		    } elsif ((&Apache::lonnet::symbverify($symb,$requrl)) ||
 			     (($requrl=~m|(.*)/smpedit$|) &&
-			      &Apache::lonnet::symbverify($symb,$1))) {
+			      &Apache::lonnet::symbverify($symb,$1)) ||
+                             (($requrl=~m|(.*/aboutme)/portfolio$|) &&
+                              &Apache::lonnet::symbverify($symb,$1))) {
 			my ($map,$mid,$murl)=&Apache::lonnet::decode_symb($symb);
 			&Apache::lonnet::symblist($map,$murl => [$murl,$mid],
 						  'last_known' =>[$murl,$mid]);
@@ -516,6 +536,9 @@ sub handler {
 			return HTTP_NOT_ACCEPTABLE; 
 		    }
 		} else {
+                    if ($requrl=~m{^(/adm/.*/aboutme)/portfolio$}) {
+                        $requrl = $1;
+                    }
 		    $symb=&Apache::lonnet::symbread($requrl);
 		    if (&Apache::lonnet::is_on_map($requrl) && $symb &&
 			!&Apache::lonnet::symbverify($symb,$requrl)) {