--- loncom/auth/lonacc.pm	2020/12/22 23:53:36	1.159.2.16
+++ loncom/auth/lonacc.pm	2021/01/02 22:11:26	1.159.2.17
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Cookie Based Access Handler
 #
-# $Id: lonacc.pm,v 1.159.2.16 2020/12/22 23:53:36 raeburn Exp $
+# $Id: lonacc.pm,v 1.159.2.17 2021/01/02 22:11:26 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -589,11 +589,19 @@ sub handler {
 
 # ---------------------------------------------------------------- Check access
 	my $now = time;
-        my ($check_symb,$check_access);
+        my ($check_symb,$check_access,$check_block,$access,$poss_symb);
 	if ($requrl !~ m{^/(?:adm|public|(?:prt|zip)spool)/}
 	    || $requrl =~ /^\/adm\/.*\/(smppg|bulletinboard)(\?|$ )/x) {
             $check_access = 1;
         }
+        if ((!$check_access) && ($env{'request.course.id'})) {
+            if (($requrl eq '/adm/viewclasslist') ||
+                ($requrl =~ m{^(/adm/wrapper|)\Q/uploaded/$cdom/$cnum/docs/\E}) ||
+                ($requrl =~ m{^/adm/.*/aboutme$}) ||
+                ($requrl=~m{^/adm/coursedocs/showdoc/})) {
+                $check_block = 1;
+            }
+        }
         if (($env{'request.course.id'}) && (!$suppext)) {
             $requrl=~/\.(\w+)$/;
             if ((&Apache::loncommon::fileembstyle($1) eq 'ssi') ||
@@ -607,8 +615,7 @@ sub handler {
                 $check_symb = 1;
             }
         }
-        if ($check_access) {
-            my ($access,$poss_symb);
+        if (($check_access) || ($check_block)) {
             if ($check_symb) {
                 if ($env{'form.symb'}) {
                     $poss_symb=&Apache::lonnet::symbclean($env{'form.symb'});
@@ -628,7 +635,9 @@ sub handler {
                 if ($poss_symb) {
                     my ($possmap,$resid,$url)=&Apache::lonnet::decode_symb($poss_symb);
                     $url = &Apache::lonnet::clutter($url);
-                    unless (($url eq $requrl) && (&Apache::lonnet::is_on_map($possmap))) {
+                    my $toplevelmap = $env{'course.'.$env{'request.course.id'}.'.url'};
+                    unless (($url eq $requrl) && (($possmap eq $toplevelmap) ||
+                                                  (&Apache::lonnet::is_on_map($possmap)))) {
                         undef($poss_symb);
                     }
                     if ($poss_symb) {
@@ -646,6 +655,18 @@ sub handler {
             } else {
                 $access=&Apache::lonnet::allowed('bre',$requrl);
             }
+        }
+        if ($check_block) {
+            if ($access eq 'B') {
+                if ($poss_symb) {
+                    if (&Apache::lonnet::symbverify($poss_symb,$requrl)) {
+                        $env{'request.symb'} = $poss_symb;
+                    }
+                }
+                &Apache::blockedaccess::setup_handler($r);
+                return OK;
+            }
+        } elsif ($check_access) { 
             if ($handle eq '') {
                 unless ($access eq 'F') {
                     if ($requrl =~ m{^/res/$match_domain/$match_username/}) {
@@ -663,9 +684,6 @@ sub handler {
 	    }
             if ($access eq 'B') {
                 if ($poss_symb) {
-                    if ($requrl=~m{^(/adm/.*/aboutme)/portfolio$}) {
-                        $requrl = $1;
-                    }
                     if (&Apache::lonnet::symbverify($poss_symb,$requrl)) {
                         $env{'request.symb'} = $poss_symb;
                     }