--- loncom/lonnet/perl/lonnet.pm	2001/02/27 20:44:18	1.103
+++ loncom/lonnet/perl/lonnet.pm	2001/03/02 21:43:54	1.104
@@ -87,6 +87,7 @@
 # 09/01 Guy Albertelli
 # 09/01,10/01,11/01 Gerd Kortemeyer
 # 02/27/01 Scott Harrison
+# 3/2 Gerd Kortemeyer
 
 package Apache::lonnet;
 
@@ -1208,12 +1209,22 @@ sub assignrole {
     my ($udom,$uname,$url,$role,$end,$start)=@_;
     my $mrole;
     if ($role =~ /^cr\//) {
-	unless (&allowed('ccr',$url)) { return 'refused'; }
+	unless (&allowed('ccr',$url)) {
+           &logthis('Refused custom assignrole: '.
+             $udom.' '.$uname.' '.$url.' '.$role.' '.$end.' '.$start.' by '.
+		    $ENV{'user.name'}.' at '.$ENV{'user.domain'});
+           return 'refused'; 
+        }
         $mrole='cr';
     } else {
         my $cwosec=$url;
         $cwosec=~s/^\/(\w+)\/(\w+)\/.*/$1\/$2/;
-        unless (&allowed('c'.$role,$cwosec)) { return 'refused'; }
+        unless (&allowed('c'.$role,$cwosec)) { 
+           &logthis('Refused assignrole: '.
+             $udom.' '.$uname.' '.$url.' '.$role.' '.$end.' '.$start.' by '.
+		    $ENV{'user.name'}.' at '.$ENV{'user.domain'});
+           return 'refused'; 
+        }
         $mrole=$role;
     }
     my $command="encrypt:rolesput:$ENV{'user.domain'}:$ENV{'user.name'}:".