--- loncom/auth/lonroles.pm	2014/02/24 02:24:16	1.269.2.16
+++ loncom/auth/lonroles.pm	2014/04/05 12:25:19	1.269.2.17
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # User Roles Screen
 #
-# $Id: lonroles.pm,v 1.269.2.16 2014/02/24 02:24:16 raeburn Exp $
+# $Id: lonroles.pm,v 1.269.2.17 2014/04/05 12:25:19 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -670,11 +670,22 @@ ENDENTERKEY
 					}
 				    }
 				}
-# Are we allowed to look at the first resource?
-				if ($furl !~ m|^/adm/|) {
-# Guess not ...
-				    $furl=&Apache::lonpageflip::first_accessible_resource();
-				}
+                                # Are we allowed to look at the first resource?
+                                if ($furl =~ m{^(/adm/wrapper|)/ext/}) {
+                                    # If it's an external resource,
+                                    # strip off the symb argument and possible query
+                                    my ($exturl,$symb) = ($furl =~ m{^(.+)(?:\?|\&)symb=(.+)$});
+                                    # Unencode $symb
+                                    $symb = &unescape($symb);
+                                    # Then check for permission
+                                    if (!&Apache::lonnet::allowed('bre',$exturl,$symb)) {
+                                        $furl = &Apache::lonpageflip::first_accessible_resource();
+                                    }
+                                # For other resources just check for permission
+                                } elsif (!&Apache::lonnet::allowed('bre',$furl)) {
+                                    $furl = &Apache::lonpageflip::first_accessible_resource();
+                                }
+
                                 $msg = &mt('Entering [_1] ...',
 					   $env{'course.'.$cdom.'_'.$cnum.'.description'});
 				&redirect_user($r, &mt('Entering [_1]',
@@ -1143,7 +1154,7 @@ sub gather_roles {
                 if ($role =~ /^cr\//) {
                     my ($rdummy,$rdomain,$rauthor,$rrole)=split(/\//,$role);
                     if ($tremark) { $tremark.='<br />'; }
-                    $tremark.=&mt('Customrole defined by [_1].',$rauthor.':'.$rdomain);
+                    $tremark.=&mt('Custom role defined by [_1].',$rauthor.':'.$rdomain);
                 }
                 $trole=Apache::lonnet::plaintext($role);
                 my $ttype;
@@ -1745,7 +1756,7 @@ sub check_release_required {
             my $otherserver;
             if (($major eq '' && $minor eq '') || 
                 (($reqdmajor > $major) || (($reqdmajor == $major) && ($reqdminor > $minor)))) {
-                my ($userdomserver) = &Apache::lonnet::choose_server($env{'user.domain'});
+                my ($userdomserver) = &Apache::lonnet::choose_server($env{'user.domain'},undef,$required);
                 my $switchlcrev = 
                     &Apache::lonnet::get_server_loncaparev($env{'user.domain'},
                                                            $userdomserver);
@@ -2587,7 +2598,7 @@ sub role_desc {
     return unless ($role);
     if ($role =~ /^cr\//) {
         my ($rdummy,$rdomain,$rauthor,$rrole)=split(/\//,$role);
-        $tremark = &mt('Customrole defined by [_1].',$rauthor.':'.$rdomain);
+        $tremark = &mt('Custom role defined by [_1].',$rauthor.':'.$rdomain);
     }
     $trole=Apache::lonnet::plaintext($role);
     my ($tdom,$trest,$tsection)=