--- rat/lonuserstate.pm	2021/07/19 15:48:25	1.164
+++ rat/lonuserstate.pm	2021/08/10 15:28:14	1.166
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Construct and maintain state and binary representation of course for user
 #
-# $Id: lonuserstate.pm,v 1.164 2021/07/19 15:48:25 raeburn Exp $
+# $Id: lonuserstate.pm,v 1.166 2021/08/10 15:28:14 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -950,7 +950,6 @@ sub traceroute {
             @deeplink = &Apache::lonnet::EXT('resource.0.deeplink',$symb,'','','','',$cid,\@recurseup);
         }
         unless (@deeplink < 2) {
-            my ($listed,$scope,$access) = split(/,/,$deeplink[0]);
             $hash{'deeplinkonly_'.$rid}=join(':',@deeplink);
         }
 
@@ -1617,48 +1616,64 @@ sub build_tmp_hashes {
                 $deeplink = $hash{'deeplinkonly_'.$loginrid};
             }
             if ($deeplink) {
-                my ($listed,$scope,$access) = split(/,/,$deeplink);
-                my $exclude = 1;
-                if ($exclude) {
-                    my @recfolders;
-                    if ($scope eq 'rec') {
-                        foreach my $key (keys(%hash)) {
-                            if ($key=~/^map_hierarchy_(\d+)$/) {
-                                my $mpc = $1;
-                                my @ids = split(/,/,$hash{$key});
-                                if (grep(/^$deeplink_login_pc$/,@ids)) {
-                                    my $idx;
-                                    foreach my $mapid (@ids) {
-                                        if ($idx) {
-                                            push(@recfolders,$mapid);
-                                        } elsif ($mapid == $deeplink_login_pc) {
-                                            push(@recfolders,$mapid);
-                                            $idx = $mapid;
+                my $disallow;
+                my ($state,$others,$listed,$scope,$protect) = split(/,/,$deeplink);
+                if (($protect ne 'none') && ($protect ne '')) {
+                    my ($acctype,$item) = split(/:/,$protect);
+                    if ($acctype =~ /lti(c|d)$/) {
+                        unless ($env{'request.linkprot'} eq $item.$1.':'.$env{'request.deeplink.login'}) {
+                            $disallow = 1;
+                        }
+                    } elsif ($acctype eq 'key') {
+                        unless ($env{'request.linkkey'} eq $item) {
+                            $disallow = 1;
+                        }
+                    }
+                }
+                if ($disallow) {
+                    &Apache::lonnet::delenv('request.deeplink.login');
+                } else {
+                    if ($others eq 'hide') {
+                        my @recfolders;
+                        if ($scope eq 'rec') {
+                            foreach my $key (keys(%hash)) {
+                                if ($key=~/^map_hierarchy_(\d+)$/) {
+                                    my $mpc = $1;
+                                    my @ids = split(/,/,$hash{$key});
+                                    if (grep(/^$deeplink_login_pc$/,@ids)) {
+                                        my $idx;
+                                        foreach my $mapid (@ids) {
+                                            if ($idx) {
+                                                push(@recfolders,$mapid);
+                                            } elsif ($mapid == $deeplink_login_pc) {
+                                                push(@recfolders,$mapid);
+                                                $idx = $mapid;
+                                            }
                                         }
+                                        push(@recfolders,$mpc);
                                     }
-                                    push(@recfolders,$mpc);
                                 }
                             }
                         }
-                    }
-                    foreach my $key (keys(%hash)) {
-                        if ($key=~/^src_(.+)$/) {
-                            my $rid = $1;
-                            next if ($rid eq '0.0');
-                            next if ($rid eq $loginrid);
-                            if ($scope ne 'res') {
-                                my $mapid = (split(/\./,$rid))[0];
-                                next if ($mapid eq $deeplink_login_pc);
-                                if ($scope eq 'rec') {
-                                    next if (grep(/^$mapid$/,@recfolders));
+                        foreach my $key (keys(%hash)) {
+                            if ($key=~/^src_(.+)$/) {
+                                my $rid = $1;
+                                next if ($rid eq '0.0');
+                                next if ($rid eq $loginrid);
+                                if ($scope ne 'res') {
+                                    my $mapid = (split(/\./,$rid))[0];
+                                    next if ($mapid eq $deeplink_login_pc);
+                                    if ($scope eq 'rec') {
+                                        next if (grep(/^$mapid$/,@recfolders));
+                                    }
                                 }
+                                $deeplinkout{$rid} = 1;
                             }
-                            $deeplinkout{$rid} = 1;
                         }
                     }
                 }
+                &deeplinkouts();
             }
-            &deeplinkouts();
         }
     }
     &mapcrumbs();