--- loncom/auth/lonroles.pm	2021/12/12 18:17:11	1.269.2.39
+++ loncom/auth/lonroles.pm	2025/02/23 05:16:01	1.376
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # User Roles Screen
 #
-# $Id: lonroles.pm,v 1.269.2.39 2021/12/12 18:17:11 raeburn Exp $
+# $Id: lonroles.pm,v 1.376 2025/02/23 05:16:01 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -140,24 +140,32 @@ use Apache::lonnavdisplay();
 use Apache::loncoursequeueadmin;
 use Apache::longroup;
 use Apache::lonrss;
+use Apache::lonplacementtest;
 use GDBM_File;
 use LONCAPA qw(:DEFAULT :match);
 use HTML::Entities;
- 
+
+my $registered_cleanup;
+my $rosterupdates;
+
 sub start_loading_course {
-    my ($r,$title) = @_;
+    my ($r,$title,$only_body) = @_;
     &Apache::loncommon::content_type($r,'text/html');
     &Apache::loncommon::no_cache($r);
     $r->send_http_header;
-    my $swinfo=&Apache::lonmenu::rawconfig();
-    # Breadcrumbs
-    my $brcrum = [{'href' => '',
-                   'text' => $title},];
-    my $start_page = &Apache::loncommon::start_page($title,undef,
-                                                    {'bread_crumbs' => $brcrum,
-                                                     'bread_crumbs_nomenu' => 1,
-                                                     'links_disabled' => 1});
-    $r->print(<<ENDREDIR);
+    if ($only_body) {
+        $r->print(&Apache::loncommon::start_page($title,undef,{'only_body' => 1,
+                                                               'add_progressbar' => 1}));
+    } else {
+        my $swinfo=&Apache::lonmenu::rawconfig();
+        # Breadcrumbs
+        my $brcrum = [{'href' => '',
+                       'text' => $title},];
+        my $start_page = &Apache::loncommon::start_page($title,undef,
+                                                        {'bread_crumbs' => $brcrum,
+                                                         'bread_crumbs_nomenu' => 1,
+                                                         'links_disabled' => 1});
+        $r->print(<<ENDREDIR);
 $start_page
 <script type="text/javascript">
 // <![CDATA[
@@ -172,27 +180,38 @@ document.body.addEventListener('click',
 // ]]>
 </script>
 ENDREDIR
+    }
+    $r->print('<div class="LC_landmark" role="main">'."\n");
     return;
 }
 
 sub finish_loading_course {
-    my ($r,$msg,$url) = @_;
-    my $link = '<div id="LC_course_loaded" style="display:none"><a href="'.$url.'">'.&mt('Continue').'</a></div>';
+    my ($r,$msg,$url,$only_body) = @_;
+    my $link = '<div id="LC_course_loaded" style="display:none"><a href="'.
+               &HTML::Entities::encode($url,'"<>&').'">'.&mt('Continue').'</a></div>';
     my $end_page = &Apache::loncommon::end_page();
     my $js_url = &js_escape($url);
+    my $reenable;
+    unless ($only_body) {
+        $reenable = <<REENABLE;
+    \$('.isDisabled > a').removeAttr("aria-disabled");
+    \$('.isDisabled').removeClass("isDisabled");
+REENABLE
+    }
     $r->print(<<END);
 $msg
 <script type="text/javascript">
 // <![CDATA[
 \$(document).ready(function() {
     \$("#LC_course_loaded").css("display","block");
-    \$('.isDisabled > a').removeAttr("aria-disabled");
-    \$('.isDisabled').removeClass("isDisabled");
+    $reenable
     var url = "$js_url";
     \$(location).attr('href',url);
 });
+// ]]>
 </script>
 $link
+</div>
 $end_page
 END
     return;
@@ -204,27 +223,27 @@ sub redirect_user {
     &Apache::loncommon::content_type($r,'text/html');
     &Apache::loncommon::no_cache($r);
     $r->send_http_header;
-    my $swinfo=&Apache::lonmenu::rawconfig();
 
-    # Breadcrumbs
-    my $brcrum = [{'href' => $url,
-                   'text' => 'Switching Role'},];
-    my $start_page = &Apache::loncommon::start_page('Switching Role',undef,
-                                                    {'redirect' => [1,$url],
-                                                     'bread_crumbs' => $brcrum,});
-    my $end_page   = &Apache::loncommon::end_page();
+    my $start_page;
+    if ($env{'request.lti.login'}) {
+        $start_page = &Apache::loncommon::start_page(undef,undef,
+                                                     {'redirect' => [0,$url],}).$msg;
+    } else {
+        # Breadcrumbs
+        my $brcrum = [{'href' => $url,
+                       'text' => 'Switching Role'},];
+        $start_page = &Apache::loncommon::start_page('Switching Role',undef,
+                                                     {'redirect' => [1,$url],
+                                                      'bread_crumbs' => $brcrum,}).
+                      "\n<p>$msg</p>";
+    }
+    my $end_page = &Apache::loncommon::end_page();
 
 # Note to style police: 
 # This must only replace the spaces, nothing else, or it bombs elsewhere.
     $url=~s/ /\%20/g;
     $r->print(<<ENDREDIR);
 $start_page
-<script type="text/javascript">
-// <![CDATA[
-$swinfo
-// ]]>
-</script>
-<p>$msg</p>
 $end_page
 ENDREDIR
     return;
@@ -255,7 +274,7 @@ sub handler {
     my $r = shift;
 
     # Check for critical messages and redirect if present.
-    my ($redirect,$url) = &Apache::loncommon::critical_redirect(300);
+    my ($redirect,$url) = &Apache::loncommon::critical_redirect(300,'roles');
     if ($redirect) {
         &Apache::loncommon::content_type($r,'text/html');
         $r->header_out(Location => $url);
@@ -273,8 +292,43 @@ sub handler {
         $update = $then;
     }
 
-    my ($blocked_by_ip,$blocked_type,$clientip);
+    my ($norolelist,$blocked_by_ip,$blocked_type,$clientip);
     $clientip = &Apache::lonnet::get_requestor_ip($r);
+    if (($env{'request.course.id'}) && ($env{'request.deeplink.login'})) {
+        my $cnum = $env{'course.'.$env{'request.course.id'}.'.num'};
+        my $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'};
+        my $crstype = $env{'course.'.$env{'request.course.id'}.'.type'};
+        my $deeplink_symb = &Apache::loncommon::deeplink_login_symb($cnum,$cdom);
+        if ($deeplink_symb) {
+            my ($menucoll,$deeplinkmenu,$menuref) = &Apache::loncommon::menucoll_in_effect();
+            if (ref($menuref) eq 'HASH') {
+                unless (($menuref->{'role'}) || ($env{'request.role.adv'})) {
+                    foreach my $envkey (keys(%env)) {
+                        next unless ($envkey =~ /^form\./);
+                        if ($envkey =~ m{\./($match_domain)/($match_courseid)(?:/(\w+)|$)}) {
+                            unless (($1 eq $cdom) && ($2 eq $cnum)) {
+                                delete($env{$envkey});
+                            }
+                        }
+                    }
+                    if ($env{'form.selectrole'}) {
+                        if ($env{'form.switchrole'} =~ m{\./($match_domain)/($match_courseid)(?:/(\w+)|$)}) {
+                            unless (($1 eq $cdom) && ($2 eq $cnum)) {
+                                delete($env{'form.selectrole'});
+                                delete($env{'form.switchrole'});
+                            }
+                        } elsif ($env{'form.newrole'} =~ m{\./($match_domain)/($match_courseid)(?:/(\w+)|$)}) {
+                            unless (($1 eq $cdom) && ($2 eq $cnum)) {
+                                delete($env{'form.selectrole'});
+                                delete($env{'form.newrole'});
+                            }
+                        }
+                    }
+                    $norolelist = 1;
+                }
+            }
+        }
+    }
 
     if ($env{'form.selectrole'}) {
         my ($role,$cdom,$cnum,$rest);
@@ -359,6 +413,8 @@ sub handler {
         }
     }
 
+    $registered_cleanup=0;
+    @{$rosterupdates}=();
     &Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'});
 
 # -------------------------------------------------- Check if setting hot list
@@ -390,15 +446,27 @@ sub handler {
        $reqauthor = &Apache::loncoursequeueadmin::process_reqauthor(\$update);
     }
 
+# ------------------------------------------------- Check for approval results
+    my $approvalresult;
+    if (($env{'form.approvals'} eq 'show') && ($env{'form.state'} eq 'done')) {
+        $approvalresult = &Apache::loncoursequeueadmin::update_request_queue('othdombyuser',  
+                                                                             $env{'user.domain'});
+    }
     my $envkey;
     my %dcroles = ();
-    my %helpdeskroles = (); 
-    my ($numdc,$numhelpdesk,$numadhoc) =
+    my %helpdeskroles = ();
+    my ($numdc,$numhelpdesk,$numadhoc) = 
         &check_for_adhoc(\%dcroles,\%helpdeskroles,$update,$then);
     my $loncaparev = $r->dir_config('lonVersion');
 
 # ================================================================== Roles Init
     if ($env{'form.selectrole'}) {
+        if (($env{'request.lti.login'}) && ($env{'request.lti.target'} eq '')) {
+            if ($env{'form.ltitarget'} eq 'iframe') {
+                &Apache::lonnet::appenv({'request.lti.target' => 'iframe'});
+                delete($env{'form.ltitarget'});
+            }
+        }
 
         my $locknum=&Apache::lonnet::get_locks();
         if ($locknum) { return 409; }
@@ -439,6 +507,7 @@ sub handler {
 				 "request.course.sec"          => '',
                                  "request.course.tied"         => '',
                                  "request.course.timechecked"  => '',
+                                 "request.course.suppupdated"  => '',
 				 "request.role"                => 'cm',
                                  "request.role.adv"            => $env{'user.adv'},
 				 "request.role.domain"         => $env{'user.domain'}});
@@ -451,7 +520,7 @@ sub handler {
             if ($custom_adhoc) {
                 my ($possroles,$description) = &Apache::lonnet::get_my_adhocroles($cdom.'_'.$cnum,1);
                 if (ref($possroles) eq 'ARRAY') {
-                    if (grep(/^\Q$rolename\E$/,@{$possroles})) {
+                    if (grep(/^\Q$rolename\E$/,@{$possroles})) { 
                         if (&Apache::lonnet::check_adhoc_privs($cdom,$cnum,$update,$refresh,$now,
                                                                "cr/$cdom/$cdom".'-domainconfig/'.$rolename,undef,$sec)) {
                             &Apache::lonnet::appenv({"environment.internal.$cdom.$cnum.cr/$cdom/$cdom".'-domainconfig/'."$rolename.adhoc" => time});
@@ -463,8 +532,8 @@ sub handler {
 # Check if user is a DC trying to enter a course or author space and needs privs to be created
 # Check if user is a DH or DA trying to enter a course and needs privs to be created
             foreach my $envkey (keys(%env)) {
-                if ($numdc) {
 # Is this an ad-hoc Coordinator role?
+                if ($numdc) {
                     if (my ($ccrole,$domain,$coursenum) =
 		        ($envkey =~ m-^form\.(cc|co)\./($match_domain)/($match_courseid)$-)) {
                         if ($dcroles{$domain}) {
@@ -555,10 +624,9 @@ sub handler {
                         }
                         last;
                     }
-                } 
+                }
             }
         }
-
         foreach $envkey (keys(%env)) {
             next if ($envkey!~/^user\.role\./);
             my ($where,$trolecode,$role,$tstatus,$tend,$tstart);
@@ -616,17 +684,24 @@ sub handler {
 				     $env{'environment.key.'.$cdom.'_'.$cnum},
 					     $authdom,$authnum)) {
 # there is no valid key
+                             my $swinfo=&Apache::lonmenu::rawconfig();
+                             my $crumbtext = 'User Roles';
+                             my $show_course=&Apache::loncommon::show_course();
+                             if ($show_course) {
+                                 $crumbtext = 'Courses';
+                             }
 			     if ($env{'form.newkey'}) {
 # student attempts to register a new key
 				 &Apache::loncommon::content_type($r,'text/html');
 				 &Apache::loncommon::no_cache($r);
 				 $r->send_http_header;
-				 my $swinfo=&Apache::lonmenu::rawconfig();
+                                 my $pagetitle = 'Verifying Access Key to Unlock this Course';
+                                 my $brcrum =[{href=>"/adm/roles",text=>$crumbtext},
+                                              {href=>"/adm/roles",text=>'Verify Access Key'}];
 				 my $start_page=&Apache::loncommon::start_page
-				    ('Verifying Access Key to Unlock this Course');
+				    ($pagetitle, undef,{bread_crumbs=>$brcrum,});
 				 my $end_page=&Apache::loncommon::end_page();
-				 my $buttontext=&mt('Enter Course');
-				 my $message=&mt('Successfully registered key');
+                                 my ($buttontext,$message,$inputitem,$accessheader);
                                  my $ip = &Apache::lonnet::get_requestor_ip();
 				 my $assignresult=
 				     &Apache::lonnet::assign_access_key(
@@ -637,41 +712,63 @@ sub handler {
 						     $env{'user.name'},
                                                      &mt('Assigned from [_1] at [_2] for [_3]'
                                                         ,$ip
-                                                        ,&Apache::lonlocal::locallocaltime()
+                                                        ,&Apache::lonlocal::locallocaltime($now)
                                                         ,$trolecode)
                                                      );
-				 unless ($assignresult eq 'ok') {
-				     $assignresult=~s/^error\:\s*//;
-				     $message=&mt($assignresult).
-				     '<br /><a href="/adm/logout">'.
-				     &mt('Logout').'</a>';
-				     $buttontext=&mt('Re-Enter Key');
-				 }
-				 $r->print(<<ENDENTEREDKEY);
+				 if ($assignresult eq 'ok') {
+                                     $buttontext=&mt('Enter Course');
+                                     $message=&mt('Successfully registered key');
+                                     $accessheader = &mt('Access key validation complete');
+                                 } else {
+                                     $buttontext=&mt('Submit');
+                                     $assignresult=~s/^error\:\s*//;
+                                     $accessheader = &mt('Access key validation incomplete');
+                                     $message = &mt('Key: [_1]',
+                                                &HTML::Entities::encode($env{'form.newkey'},
+                                                                        '\':<>&"')).' <br />'.
+                                                &mt('Result').': '.&mt($assignresult);
+                                     my $labeltext = &mt('Enter access key');
+                                     $inputitem = '<label>'.$labeltext.':'.
+                                         '<input type="text" size="20" name="newkey" value="'.
+                                         $env{'form.newkey'}.'" /></label>';
+                                 }
+                                 $r->print(<<"ENDREGKEY");
 $start_page
 <script type="text/javascript">
 // <![CDATA[
 $swinfo
 // ]]>
 </script>
-<form action="" method="post">
+<div class="LC_landmark" role="contentinfo">
+<h2 class="LC_heading_2">$accessheader</h2>
+<p>$message</p>
+</div>
+<div class="LC_landmark" role="main">
+<form action="/adm/roles" method="post">
 <input type="hidden" name="selectrole" value="1" />
 <input type="hidden" name="$trolecode" value="1" />
-<span class="LC_fontsize_large">$message</span><br />
+$inputitem
 <input type="submit" value="$buttontext" />
 </form>
+</div>
 $end_page
-ENDENTEREDKEY
+ENDREGKEY
                                  return OK;
 			     } else {
 # print form to enter a new key
 				 &Apache::loncommon::content_type($r,'text/html');
 				 &Apache::loncommon::no_cache($r);
 				 $r->send_http_header;
-				 my $swinfo=&Apache::lonmenu::rawconfig();
+                                 my $pagetitle = 'Enter Access Key to Unlock this Course';
+                                 my $brcrum =[{href=>"/adm/roles",text=>$crumbtext},
+                                              {href=>"/adm/roles",text=>'Enter Access Key'}];
 				 my $start_page=&Apache::loncommon::start_page
-				    ('Enter Access Key to Unlock this Course');
+				    ($pagetitle,undef,{bread_crumbs=>$brcrum,});
 				 my $end_page=&Apache::loncommon::end_page();
+                                 my $accessheader = &mt('Access to this course requires an access key');
+                                 my $preamble = &mt('Once you have successfully entered a valid key, you will no longer be prompted for one when entering the course.');
+                                 my $labeltext = &mt('Enter access key');
+                                 my $submittext = &mt('Submit');
 				 $r->print(<<ENDENTERKEY);
 $start_page
 <script type="text/javascript">
@@ -679,12 +776,17 @@ $start_page
 $swinfo
 // ]]>
 </script>
+<div class="LC_landmark" role="main">
+<h2 class="LC_heading_2">$accessheader</h2>
+<p>$preamble</p>
 <form action="" method="post">
 <input type="hidden" name="selectrole" value="1" />
 <input type="hidden" name="$trolecode" value="1" />
-<input type="text" size="20" name="newkey" value="$env{'form.newkey'}" />
-<input type="submit" value="Enter key" />
+<label>$labeltext:
+<input type="text" size="20" name="newkey" value="$env{'form.newkey'}" /></label>
+<input type="submit" value="$submittext" />
 </form>
+</div>
 $end_page
 ENDENTERKEY
 				 return OK;
@@ -715,9 +817,21 @@ ENDENTERKEY
                         }
                         my $crstype = &Apache::loncommon::course_type($cdom.'_'.$cnum);
                         $crstype = lc($crstype);
+                        my ($msg,$critmsg_check,$title,$loadmsg,$only_body);
+                        $critmsg_check = 1;
+                        $title = &mt("Loading $crstype");
+                        $loadmsg = &mt("Please be patient while your $crstype loads");
+                        if (($env{'request.deeplink.login'}) && ($env{'request.linkprot'})) {
+                            if ($env{'request.linkprot'} =~ /^\d+(c|d):\Q$env{'form.destinationurl'}\E$/) {
+                                $title = &mt('Loading LON-CAPA session');
+                                $loadmsg = &mt('Please be patient while LON-CAPA loads');
+                                $only_body = 1;
+                                $critmsg_check = 0;
+                            }
+                        }
                         my $preamble = '<div id="LC_update_'.$cdom.'_'.$cnum.'" class="LC_info">'.
                                        '<br />'.
-                                       &mt("Please be patient while your $crstype loads").
+                                       $loadmsg.
                                        '<br /></div>'.
                                        '<div style="padding:0;clear:both;margin:0;border:0"></div>';
                         my $closure = <<ENDCLOSE;
@@ -727,13 +841,26 @@ ENDENTERKEY
 // ]]>
 </script>
 ENDCLOSE
-                        my $title = &mt("Loading $crstype");
-                        &start_loading_course($r,$title);
+                        &start_loading_course($r,$title,$only_body);
+                        if ($only_body) {
+                            $r->print('<h1 class="LC_visually_hidden">'.$title.'</h1>');
+                        }
                         my %prog_state = &Apache::lonhtmlcommon::Create_PrgWin($r,undef,$preamble);
                         &Apache::lonhtmlcommon::Update_PrgWin($r,\%prog_state,&mt('Loading ...'));
                         $r->rflush();
-                        my ($msg,$critmsg_check);
-                        $critmsg_check = 1;
+                        if ($critmsg_check) {
+                            my $blockcrit = &Apache::loncommon::blocking_status('alert',$clientip,$cnum,$cdom,undef,1);
+                            if ($blockcrit) {
+                                my $checkrole = "cm./$cdom/$cnum";
+                                if ($csec ne '') {
+                                    $checkrole .= "/$csec";
+                                }
+                                unless ((&Apache::lonnet::allowed('evb',undef,undef,$checkrole)) &&
+                                        ($trolecode !~ m{^st\./$cdom/$cnum})) {
+                                    $critmsg_check = 0;
+                                }
+                            }
+                        }
                         my ($furl,$ferr)=
                             &Apache::lonuserstate::readmap($cdom.'/'.$cnum,$critmsg_check);
                         &Apache::lonhtmlcommon::Update_PrgWin($r,\%prog_state,&mt('Finished!'));
@@ -744,7 +871,7 @@ ENDCLOSE
                             $furl = '/adm/roles?tryagain=1';
                         } else {
                             &Apache::lonnet::appenv({'request.course.timechecked'=>$now});
-                            unless (($env{'form.switchrole'}) ||
+                            unless (($env{'form.switchrole'}) || 
                                     ($env{"environment.internal.$cdom.$cnum.$role.adhoc"})) {
                                 &Apache::lonnet::put('nohist_crslastlogin',
                                     {$env{'user.name'}.':'.$env{'user.domain'}.
@@ -772,7 +899,6 @@ ENDCLOSE
                             my ($feeds,$syllabus_time);
                             &Apache::lonrss::advertisefeeds($cnum,$cdom,undef,\$feeds);
                             &Apache::lonnet::appenv({'request.course.feeds' => $feeds});
-                            &Apache::lonnet::get_numsuppfiles($cnum,$cdom,1);
                             unless ($env{'course.'.$cdom.'_'.$cnum.'.updatedsyllabus'}) {
                                 unless (($env{'course.'.$cdom.'_'.$cnum.'.externalsyllabus'}) ||
                                         ($env{'course.'.$cdom.'_'.$cnum.'.uploadedsyllabus'})) {
@@ -786,7 +912,7 @@ ENDCLOSE
                         }
 			if (($env{'form.orgurl'}) && 
 			    ($env{'form.orgurl'}!~/^\/adm\/flip/) &&
-                            ($env{'form.orgurl'} ne '/adm/roles')) {
+			    ($env{'form.orgurl'} ne '/adm/roles')) {
 			    my $dest=$env{'form.orgurl'};
                             if ($env{'form.symb'}) {
                                 if ($dest =~ /\?/) {
@@ -805,16 +931,18 @@ ENDCLOSE
                                 if ($env{'form.symb'}) {
                                     $furl .= '&symb='.&HTML::Entities::encode($env{'form.symb'},'<>&"');
                                 }
+                            } else {
+                                &set_supplemental_access($cnum,$cdom);
                             }
                             if (($ferr) && ($tadv)) {
-                                &error_page($r,$ferr,$furl);
+				&error_page($r,$ferr,$furl);
 			    } else {
                                 if ($env{'request.course.id'} eq $cdom.'_'.$cnum) {
                                     if (($env{'form.orgurl'} ne '') && ($env{'form.symb'} ne '')) {
                                         unless (&Apache::lonnet::symbverify($env{'form.symb'},$env{'form.orgurl'})) {
                                             $dest=$env{'form.orgurl'};
                                         }
-                                    }
+                                    } 
                                 }
                                 if ($dest =~ m{^/adm/coursedocs\?folderpath}) {
                                     if ($env{'request.course.id'} eq $cdom.'_'.$cnum) { 
@@ -840,10 +968,13 @@ ENDCLOSE
                                         ($env{'request.lti.rosterid'} || $env{'request.lti.passbackid'})) {
                                         &process_lti($r,$cdom,$cnum);
                                     }
+                                    if ($env{'request.deeplink.login'}) {
+                                        &set_deeplink_target($cnum,$cdom);
+                                    }
                                     $msg = '<p>'.&mt('Entering [_1] ...',
                                                      $env{'course.'.$cdom.'_'.$cnum.'.description'}).
                                            '</p>';
-                                    &finish_loading_course($r,$msg,$dest);
+                                    &finish_loading_course($r,$msg,$dest,$only_body);
                                 }
 			    }
                             $r->rflush();
@@ -852,21 +983,30 @@ ENDCLOSE
 			    if (!$env{'request.course.id'}) {
 				&Apache::lonnet::appenv(
 				      {"request.course.id"  => $cdom.'_'.$cnum});
-                            }
+			    }
 			    if (&Apache::lonnet::allowed('adv') eq 'F') { $tadv=1; }
 			    &Apache::lonnet::appenv({'request.role.adv'=>$tadv});
-                            if ($ferr) {
+			    if ($ferr) {
                                 if ($tadv) {
-                                    &error_page($r,$ferr,$furl);
+				    &error_page($r,$ferr,$furl);
                                 } else {
                                     $r->print('<p class="LC_error">'.
                                               &mt('Could not initialize [_1] at this time.',
                                                   $env{'course.'.$cdom.'_'.$cnum.'.description'}).
                                               '</p>'.
                                               '<p><a href="'.$furl.'">'.&mt('Please try again.').'</a></p>'.
+                                              '</div>'.
                                               &Apache::loncommon::end_page());
                                 }
 			    } else {
+                                &set_supplemental_access($cnum,$cdom);
+                                if (($env{'request.lti.login'}) &&
+                                    ($env{'request.lti.rosterid'} || $env{'request.lti.passbackid'})) {
+                                    &process_lti($r,$cdom,$cnum);
+                                }
+                                if ($env{'request.deeplink.login'}) {
+                                    &set_deeplink_target($cnum,$cdom);
+                                }
 				# Check to see if the user is a CC entering a course 
 				# for the first time
 				if ((($role eq 'cc') || ($role eq 'co')) 
@@ -874,6 +1014,19 @@ ENDCLOSE
 				    $furl = "/adm/helper/course.initialization.helper";
 				    # Send the user to the course they selected
 				} elsif ($env{'request.course.id'}) {
+                                    if ((&Apache::loncommon::course_type() eq 'Placement') && 
+                                        (!$env{'request.role.adv'})) {
+                                        my ($score,$incomplete) = 
+                                            &Apache::lonplacementtest::check_completion(undef,undef,1);
+                                        if (($incomplete) && ($incomplete < 100)) {
+                                            $msg = '<p>'.&mt('Entering [_1] ...',
+                                                             $env{'course.'.$cdom.'_'.$cnum.'.description'}).
+                                                   '</p>';
+                                            &finish_loading_course($r,$msg,'/adm/placement',$only_body);
+                                            $r->rflush();
+                                            return OK;
+                                        }
+                                    }
                                     my ($dest,$destsymb,$checkenc);
                                     $dest = $env{'form.destinationurl'};
                                     $destsymb = $env{'form.destsymb'};
@@ -902,7 +1055,7 @@ ENDCLOSE
                                                 if ($env{'request.role.adv'}) {
                                                     $dest = &Apache::lonenc::unencrypted($dest);
                                                     if ($destsymb eq '') {
-                                                        ($destsymb) = ($dest =~ /(?:\?|\&)symb=([^\&]*)/); 
+                                                        ($destsymb) = ($dest =~ /(?:\?|\&)symb=([^\&]*)/);
                                                         $destsymb = &unescape($destsymb);
                                                     }
                                                 }
@@ -927,16 +1080,21 @@ ENDCLOSE
                                                 }
                                             }
                                         }
-                                        unless (($dest =~ m{^/enc/}) || ($dest =~ /(\?|\&)symb=.+___\d+___.+/)) { 
+                                        unless (($dest =~ m{^/enc/}) || ($dest =~ /(\?|\&)symb=.+___\d+___.+/)) {
                                             if (($destsymb ne '') && ($destsymb !~ m{^/enc/})) {
                                                 my $esc_symb = &escape($destsymb);
                                                 $dest .= (($dest =~/\?/)? '&':'?').'symb='.$esc_symb;
                                             }
                                         }
-                                        $msg = '<p>'.&mt('Entering [_1] ...',
-                                                         $env{'course.'.$cdom.'_'.$cnum.'.description'}).
-                                               '</p>';
-                                        &finish_loading_course($r,$msg,$dest);
+                                        if ($env{'form.ttoken'}) {
+                                            $dest .= (($dest =~/\?/)? '&':'?').'ttoken='.$env{'form.ttoken'};
+                                        }
+                                        unless (($env{'request.lti.login'}) || ($env{'request.deeplink.login'})) {
+                                            $msg = '<p>'.&mt('Entering [_1] ...',
+                                                             $env{'course.'.$cdom.'_'.$cnum.'.description'}).
+                                                   '</p>';
+                                        }
+                                        &finish_loading_course($r,$msg,$dest,$only_body);
                                         $r->rflush();
                                         return OK;
                                     }
@@ -951,20 +1109,20 @@ ENDCLOSE
 					    $msg = '<p>'.&mt('Entering [_1] ...',
 						             $env{'course.'.$cdom.'_'.$cnum.'.description'}).
                                                    '</p>';
-                                            &finish_loading_course($r,$msg,'/adm/whatsnew?refpage=start');
+                                            &finish_loading_course($r,$msg,'/adm/whatsnew?refpage=start',$only_body);
                                             $r->rflush();
-                                            return OK;
+					    return OK;
 					}
 				    }
 				}
                                 # Are we allowed to look at the first resource?
                                 #
                                 # $furl returned by lonuserstate::readmap() has format:
-                                # $url?symb=escaped($symb). If the resource has the
+                                # $url?symb=escaped($symb). If the resource has the 
                                 # encrypturl parameter in effect, the entire string
                                 # $url?symb=escaped($symb) is encrypted as a string
                                 # beginning /enc/.
-                                #
+                                # 
                                 my ($access,$unencfurl,$unencsymb);
                                 if ($furl =~ m{^(.+)(?:\?|\&)symb=([^&]+)(?:$|&)}) {
                                     my ($poss_url,$poss_symb) = ($1,$2);
@@ -991,19 +1149,24 @@ ENDCLOSE
                                 } else {
                                     $access = &Apache::lonnet::allowed('bre',$unencfurl);
                                 }
-                                if ((!$access) || ($access eq 'B')) {
+                                if ((!$access) || ($access eq 'B') || ($access eq 'D')) {
                                     $furl = &Apache::lonpageflip::first_accessible_resource();
                                     if ($furl eq '') {
                                         $furl = '/adm/navmaps?showOnlyHomework=1';
                                     }
                                 }
-                                $msg = '<p>'.&mt('Entering [_1] ...',
-					         $env{'course.'.$cdom.'_'.$cnum.'.description'}).
-                                       '</p>';
-                                &finish_loading_course($r,$msg,$furl);
+                                if ($env{'request.lti.login'}) {
+                                    undef($msg);
+                                    &finish_loading_course($r,$msg,$furl,$only_body);
+                                } else {
+                                    $msg = '<p>'.&mt('Entering [_1] ...',
+					              $env{'course.'.$cdom.'_'.$cnum.'.description'}).
+                                           '</p>';
+                                    &finish_loading_course($r,$msg,$furl,$only_body);
+                                }
 			    }
                             $r->rflush();
-                            return OK;
+			    return OK;
 			}
 		    }
                     #
@@ -1016,6 +1179,12 @@ ENDCLOSE
                             $redirect_url .= $where;
                         }
                         $redirect_url .= '/';
+                        if ($env{'form.orgurl'} =~ /^\Q$redirect_url\E/) {
+                            my ($path) = ($env{'form.orgurl'} =~ m{^(.+)/[^/]+$});
+                            if (($path ne '') && (-e $Apache::lonnet::perlvar{'lonDocRoot'}.$path)) {
+                                $redirect_url = $env{'form.orgurl'};
+                            }
+                        }
                         &redirect_user($r,&mt('Entering Authoring Space'),
                                        $redirect_url);
                         return OK;
@@ -1068,6 +1237,10 @@ ENDCLOSE
         $recent = &mt('Recent Courses');
         $standby = &mt('Course selected. Please stand by.');
     }
+    if (($norolelist) && ((split(/:/,$env{'user.error.msg'}))[2])) {
+        $crumbtext = 'Access Denied';
+        $pagetitle = 'Unauthorized';
+    }
     my $brcrum =[{href=>"/adm/roles",text=>$crumbtext}];
 
     my %roles_in_env;
@@ -1079,14 +1252,44 @@ ENDCLOSE
     if ($domdefs{'catauth'}) {
         $cattype = $domdefs{'catauth'};
     }
-    my ($funcs,$crumbsright);
-    $funcs = &get_roles_functions($showcount,$cattype);
-    if ($env{'browser.mobile'}) {
-        $crumbsright = $funcs;
-        undef($funcs);
+    my $placementonly;
+    if ($showcount == 1) {
+        if ($env{'request.course.id'}) {
+            if ($env{'course.'.$env{'request.course.id'}.'.type'} eq 'Placement') {
+                $placementonly = 1;
+            }
+        } else {
+            foreach my $rolecode (keys(%roles_in_env)) {
+                my ($cid) = ($rolecode =~ m{^\Quser.role.st./\E($match_domain/$match_courseid)(?:/|$)});
+                if ($cid) {
+                    my %coursedescription =
+                        &Apache::lonnet::coursedescription($cid,{'one_time' => '1'});
+                    if ($coursedescription{'type'} eq 'Placement') {
+                        $placementonly = 1;
+                    }
+                    last;
+                }
+            }
+        }
+    }
+    my ($start_page,$funcs);
+    if ($placementonly) {
+        $start_page=&Apache::loncommon::start_page($pagetitle,undef,
+                                                  {bread_crumbs=>$brcrum,crstype=>'Placement'});
+    } else {
+        my ($crumbsright,$crumbs_style);
+        unless (($norolelist) && ((split(/:/,$env{'user.error.msg'}))[2])) {
+            $funcs = &get_roles_functions($showcount,$cattype,$domdefs{'userapprovals'});
+            if ($env{'browser.mobile'}) {
+                $crumbsright = $funcs;
+                undef($funcs);
+                $crumbs_style = 'overflow: visible;';
+            }
+        }
+        $start_page=&Apache::loncommon::start_page($pagetitle,undef,{bread_crumbs=>$brcrum,
+                                                                     bread_crumbs_component=>$crumbsright,
+                                                                     bread_crumbs_style=>$crumbs_style,});
     }
-    my $start_page=&Apache::loncommon::start_page($pagetitle,undef,{bread_crumbs=>$brcrum,
-                                                                    bread_crumbs_component=>$crumbsright});
     &js_escape(\$standby);
     my $noscript='<br /><span class="LC_error">'.&mt('Use of LON-CAPA requires Javascript to be enabled in your web browser.').'<br />'.&mt('As this is not the case, most functionality in the system will be unavailable.').'</span><br />';
 
@@ -1116,11 +1319,15 @@ function enterrole (thisform,rolecode,bu
 }
 
 function rolesView (caller) {
-    if ((caller == 'showall') || (caller == 'noshowall')) {
+    if (caller == 'approvals') {
+        document.rolechoice.approvals.value = 'show';
+    } else if (caller == 'noapprovals') {
+        document.rolechoice.approvals.value = 'hide';
+    } else if ((caller == 'showall') || (caller == 'noshowall')) {
         document.rolechoice.display.value = caller;
     } else {
         if ((caller == 'doupdate') || (caller == 'requestauthor') ||
-            (caller == 'queued')) {
+            (caller == 'queued')) { 
             document.rolechoice.state.value = caller;
         }
     }
@@ -1189,9 +1396,18 @@ ENDHEADER
         }
     }
     if ($nochoose) {
-	$r->print("<h2>".&mt('Sorry ...')."</h2>\n<span class='LC_error'>".
-		  &mt('This action is currently not authorized.').'</span>'.
-		  &Apache::loncommon::end_page());
+	$r->print("<div class=\"LC_landmark\" role=\"main\">
+                  <h2>".&mt('Sorry ...')."</h2>\n<span class='LC_error'>".
+		  &mt('This action is currently not authorized.').'</span>');
+        if ($error && $norolelist) {
+            $r->print('<br /><br /><h3 class="LC_heading_3"><span class="LC_error">'.
+                      &mt('As your session was launched from a web page external to LON-CAPA some course content may be unavailable, including the resource you were trying to access.').
+                     '</span></h3>'.
+                     '<h3 class="LC_heading_3"><span class="LC_error">'.
+                     &mt('You may need to login to LON-CAPA directly, or re-launch from a different external system.').
+                     '</span></h3>');
+        }
+        $r->print('</div>'.&Apache::loncommon::end_page());
 	return OK;
     } else {
         if ($updateresult || $reqauthor || $hotlist) {
@@ -1209,17 +1425,26 @@ ENDHEADER
             $r->print($showresult);
         } elsif ($env{'form.state'} eq 'queued') {
             $r->print(&get_queued());
+        } elsif ($env{'form.approvals'} eq 'show') {
+            if ($env{'form.state'} eq 'done') {
+                $r->print($approvalresult).'<br />';
+            }
+            $r->print('<div class="LC_left_float"><fieldset><legend>'.&mt('Role assignments queued pending your acceptance').'</legend>'.
+                     &get_approvals().
+                     '</fieldset></div><br clear="all" />');
         }
         if (($ENV{'REDIRECT_QUERY_STRING'}) && ($fn)) {
     	    $fn.='?'.$ENV{'REDIRECT_QUERY_STRING'};
         }
         my $display = ($env{'form.display'} =~ /^(showall)$/);
+        my $approvals = ($env{'form.approvals'} =~ /^(show)$/);
         $r->print('<form method="post" name="rolechoice" action="'.(($fn)?$fn:$r->uri).'">');
         $r->print('<input type="hidden" name="orgurl" value="'.$fn.'" />');
         $r->print('<input type="hidden" name="selectrole" value="1" />');
         $r->print('<input type="hidden" name="newrole" value="" />');
         $r->print('<input type="hidden" name="display" value="'.$display.'" />');
         $r->print('<input type="hidden" name="state" value="" />');
+        $r->print('<input type="hidden" name="approvals" value="'.$approvals.'" />');
         if ($blocked_by_ip) {
             my $blocked_role = 'student';
             if ($blocked_type eq 'Community') {
@@ -1239,7 +1464,21 @@ ENDHEADER
                       \%sortrole,\%roleclass,\%futureroles,\%timezones,$loncaparev);
     $refresh = $now;
     &Apache::lonnet::appenv({'user.refresh.time'  => $refresh});
-    if ((($cattype eq 'std') || ($cattype eq 'domonly')) && (!$env{'user.adv'})) {
+    if ($countactive == 1) {
+        if ($env{'request.course.id'}) {
+            if ($env{'course.'.$env{'request.course.id'}.'.type'} eq 'Placement') {
+                $placementonly = 1;
+            }
+        } elsif ($possiblerole) {
+            if ($possiblerole =~ m{^st\./($match_domain)/($match_courseid)(?:/|$)}) {
+                if ($env{'course.'.$1.'_'.$2.'.type'} eq 'Placement') {
+                    $placementonly = 1;
+                }
+            }
+        }
+    }
+    if ((($cattype eq 'std') || ($cattype eq 'domonly')) && (!$env{'user.adv'}) &&
+          (!$placementonly)) {
         if ($countactive > 0) {
             my $domdesc = &Apache::lonnet::domain($env{'user.domain'},'description');
             my $esc_dom = &HTML::Entities::encode($env{'user.domain'},'"<>&'); 
@@ -1261,6 +1500,26 @@ ENDHEADER
         }
     }
 
+    if ($norolelist) {
+        if ($env{'request.role'}) {
+            my ($roletext,$role_text_end) = &display_curr_role($env{'request.role'});
+            if ($roletext) {
+                $r->print(&Apache::loncommon::start_data_table('LC_textsize_mobile').
+                          &Apache::loncommon::start_data_table_row().
+                          $roletext.
+                          &Apache::loncommon::end_data_table_row());
+                if ($role_text_end) {
+                    $r->print(&Apache::loncommon::continue_data_table_row().
+                              $role_text_end.
+                              &Apache::loncommon::end_data_table_row());
+                }
+                $r->print(&Apache::loncommon::end_data_table());
+            }
+        }
+        $r->print(&Apache::loncommon::end_page());
+        return OK;
+    }
+
 # No active roles
     if ($countactive==0) {
         my $elapsed = 0;
@@ -1296,6 +1555,16 @@ ENDHEADER
         }
         $r->print(&Apache::loncommon::end_page());
 	return OK;
+    } elsif (($placementonly) && ($env{'request.role'} eq 'cm')) {
+	$r->print('<h3>'.&mt('Please stand by.').'</h3>
+	          <input type="hidden" name="'.$possiblerole.'" value="1" />
+                  <noscript><br />
+                  <input type="submit" name="submit" value="'.&mt('Continue').'" />
+                  </noscript></form>');
+	$r->rflush();
+	$r->print('<script type="text/javascript">document.forms.rolechoice.submit();</script>');
+	$r->print(&Apache::loncommon::end_page());
+	return OK;
     }
 # ----------------------------------------------------------------------- Table
 
@@ -1443,6 +1712,7 @@ sub gather_roles {
     my $advanced = $env{'user.adv'};
     my $tryagain = $env{'form.tryagain'};
     my @ids = &Apache::lonnet::current_machine_ids();
+    my (%willtrust,%trustchecked);
     if (ref($roles_in_env) eq 'HASH') {
         my %adhocdesc;
         foreach my $envkey (sort(keys(%{$roles_in_env}))) {
@@ -1511,10 +1781,23 @@ sub gather_roles {
                 if (($role eq 'ca') || ($role eq 'aa')) {
                     my $home = &Apache::lonnet::homeserver($trest,$tdom);
                     my $allowed=0;
+                    my $prohibited;
                     foreach my $id (@ids) { if ($id eq $home) { $allowed=1; } }
                     if (!$allowed) {
                         $button=0;
-                        $switchserver='otherserver='.$home.'&amp;role='.$trolecode;
+                        unless ($trustchecked{$tdom}) {
+                            if ((&Apache::lonnet::will_trust('othcoau',$env{'user.domain'},$tdom)) &&
+                                (&Apache::lonnet::will_trust('coaurem',$tdom,$env{'user.domain'}))) {
+                                $willtrust{$tdom} = 1;
+                                $trustchecked{$tdom} = 1;
+                            }
+                        } 
+                        if ($willtrust{$tdom}) {
+                            $switchserver='otherserver='.$home.'&amp;role='.$trolecode;
+                        } else {
+                            $prohibited = 1;
+                            $tremark .= &mt('Session switch required but prohibited.');
+                        }
                     }
                     #next if ($home eq 'no_host');
                     $home = &Apache::lonnet::hostname($home);
@@ -1523,7 +1806,9 @@ sub gather_roles {
                         ': '.$tdom.'<br />'.
                         ' '.&mt('Server').':&nbsp;'.$home;
                     $env{'course.'.$tdom.'_'.$trest.'.description'}='ca';
-                    $tremark.=&Apache::lonhtmlcommon::authorbombs('/res/'.$tdom.'/'.$trest.'/');
+                    unless ($prohibited) {
+                        $tremark.=&Apache::lonhtmlcommon::authorbombs('/res/'.$tdom.'/'.$trest.'/');
+                    }
                     $sortkey=$role."$trest:$tdom";
                 } elsif ($role eq 'au') {
                     # Authors
@@ -1559,9 +1844,9 @@ sub gather_roles {
                                 foreach my $rolename (sort(keys(%{$domdef{'adhocroles'}}))) {
                                     if (ref($domdef{'adhocroles'}{$rolename}) eq 'HASH') {
                                         $adhocdesc{$tdom}{$rolename} = $domdef{'adhocroles'}{$rolename}{'desc'};
-                                        $desc = $adhocdesc{$tdom}{$rolename};
                                     }
                                 }
+                                $desc = $adhocdesc{$tdom}{$rolename};
                             }
                         }
                         if ($desc ne '') {
@@ -1622,6 +1907,9 @@ sub gather_roles {
                             $skipcal = 1;
                         }
                     }
+                    if ($ttype eq 'Placement') {
+                        $ttype = 'Placement Test';
+                    }
                     if ($tsection) {
                         $twhere.='<br />'.&mt('Section').': '.$tsection;
                     }
@@ -1714,7 +2002,7 @@ sub roletable_headers {
                  .&Apache::loncommon::start_data_table('LC_textsize_mobile')
                  .&Apache::loncommon::start_data_table_header_row()
         );
-        if (!$nochoose) { $r->print('<th>&nbsp;</th>'); }
+        if (!$nochoose) { $r->print('<th><span class="LC_visually_hidden">'.&mt('Action').'</span></th>'); }
         $r->print('<th>'.&mt('User Role').'</th>'
                  .'<th>'.&mt('Extent').'</th>'
                  .'<th>'.&mt('Start').'</th>'
@@ -1737,7 +2025,7 @@ sub roletable_headers {
 }
 
 sub roletypes {
-    my @types = ('Domain','Authoring Space','Course','Community','Unavailable','System');
+    my @types = ('Domain','Authoring Space','Course','Placement Test','Community','Unavailable','System');
     return @types; 
 }
 
@@ -1799,7 +2087,7 @@ sub findcourse_advice {
  <li>'.&mt('You are in a section of course for which automatic enrollment in the corresponding LON-CAPA course is not active.').'</li>
  <li>'.&mt('The start date for automated enrollment has yet to be reached.').'</li>
  <li>'.&mt('You registered for the course recently and there is a time lag between the time you register, and the time this information becomes available for the update of LON-CAPA course rosters.').'</li>
- <li>'.&mt('Automated enrollment added you to the course in the time since you last logged-in.').' '.&mt('If that is the case you can use the "Check for changes" link in the gray Functions bar to update the list of your available course roles.').'</li>
+ <li>'.&mt('Automated enrollment added you to the course in the time since you last logged-in.').' '.&mt('If that is the case you can use the "Check for changes" link in the gray Functions bar to update the list of your available course roles.').'</li>   
  </ul></p>');
     } else {
         $r->print('<p>'.&mt('If you were expecting to see an active role listed for a particular course, that course may not have been created yet.').'</p>');
@@ -1807,7 +2095,7 @@ sub findcourse_advice {
             $r->print('<p>'.&mt('You may also have been assigned to a course in the time since you last logged-in, or checked for changes.').
                       '<br />'.
                       &mt('If that is the case you can use the "Check for changes" link in the gray Functions bar to update the list of your available course roles.').'</p>');
-        }
+        }  
     }
     if (($cattype eq 'std') || ($cattype eq 'domonly')) {
         $r->print('<h3>'.&mt('Self-Enrollment').'</h3>'.
@@ -2000,7 +2288,7 @@ sub build_roletext {
                         $trolecode."','".$buttonname.'\');" /></td>';
         }
     }
-    if (($trolecode !~ m/^(dc|ca|au|aa)\./) && (!$skipcal)) {
+    if (($trolecode !~ m/^(ca|aa)\./) && ($trest ne '') && (!$skipcal)) {
 	$tremark.=&Apache::lonannounce::showday(time,1,
 			 &Apache::lonannounce::readcalendar($tdom.'_'.$trest));
     }
@@ -2038,7 +2326,7 @@ sub check_for_adhoc {
     my $numdc = 0;
     my $numhelpdesk = 0;
     my $numadhoc = 0;
-    my $num_custom_adhoc = 0;
+    my $num_custom_adhoc = 0; 
     if (($env{'user.adv'}) || ($env{'user.rar'})) {
         foreach my $envkey (sort(keys(%env))) {
             if ($envkey=~/^user\.role\.(dc|dh|da)\.\/($match_domain)\/$/) {
@@ -2257,7 +2545,7 @@ sub display_cc_role {
             } else {
                 $twhere=&mt('Currently not available');
                 $env{'course.'.$tcourseid.'.description'}=$twhere;
-                $skipcal = 1; 
+                $skipcal = 1;
             }
             my $trole = &Apache::lonnet::plaintext($ccrole,$ttype,$tcourseid);
             $twhere.="<br />".&mt('Domain').":".$tdom;
@@ -2267,6 +2555,38 @@ sub display_cc_role {
     return ($roletext,$roletext_end);
 }
 
+sub display_curr_role {
+    my ($currentrole) = @_;
+    my ($roletext,$roletext_end);
+    my $advanced = $env{'user.adv'};
+    my $tryagain = $env{'form.tryagain'};
+    my ($role,$rest) = split(m{\./},$currentrole,2);
+    unless (!defined($role) || $role eq '') {
+        if ($rest =~ m{^($match_domain)/($match_courseid)(?:/(\w+)|$)}) {
+            my $cdom = $1;
+            my $cnum = $2;
+            my $csec = $3;
+            my $cid = $cdom.'_'.$cnum;
+            my $ttype = $env{'course.'.$cid.'.type'};
+            my $skipcal = 1;
+            my $tbg='LC_roles_is';
+            my $twhere = $env{'course.'.$cid.'.description'}. 
+                        ' <span class="LC_fontsize_small">'.
+                        &Apache::loncommon::syllabuswrapper(&mt('Syllabus'),$cnum,$cdom).
+                        '</span>';
+            my $trole = &Apache::lonnet::plaintext($role,$ttype,$cid);
+            if ($csec) {
+                $twhere.= '&nbsp; '.&mt('Section').':&nbsp;'.$csec;
+            }
+            if ($role ne 'st') {
+                $twhere.= '&nbsp; '.&mt('Domain').':&nbsp;'.$cdom;
+            }
+            ($roletext,$roletext_end) = &build_roletext($currentrole,$cdom,$cnum,'is',$tryagain,$advanced,'',$tbg,$trole,$twhere,'','','',1,'','','',$skipcal);
+        }
+    }
+    return ($roletext,$roletext_end);
+}
+
 sub adhoc_roles_row {
     my ($dcdom,$rowtype) = @_;
     my $output = &Apache::loncommon::continue_data_table_row()
@@ -2296,7 +2616,7 @@ sub adhoc_customroles_row {
     if ($tstart && $tstart>$limit) { $liverole = 0; }
     if ($tend   && $tend  <$limit) { $liverole = 0; }
     return unless ($liverole);
-    my %domdefaults = &Apache::lonnet::get_domain_defaults($dhdom);
+    my %domdefaults = &Apache::lonnet::get_domain_defaults($dhdom); 
     if (ref($domdefaults{'adhocroles'}) eq 'HASH') {
         if (scalar(keys(%{$domdefaults{'adhocroles'}})) > 0) {
             return &Apache::loncommon::continue_data_table_row()
@@ -2427,6 +2747,22 @@ sub update_session_roles {
                         }
                     } else {
                         $newrole{$rolekey} = $status_in_db;
+                        if ($role eq 'au') {
+                            my %userenv =
+                                &Apache::lonnet::userenvironment($env{'user.domain'},
+                                                                 $env{'user.name'},'authoreditors');
+                            if ($userenv{'authoreditors'}) {
+                                $userenv{'editors'} = $userenv{'authoreditors'};
+                            } else {
+                                my %domdef = &Apache::lonnet::get_domain_defaults($env{'user.domain'});
+                                if ($domdef{'editors'} ne '') {
+                                    $userenv{'editors'} = $domdef{'editors'};
+                                } else {
+                                    $userenv{'editors'} = 'edit,xml';
+                                }
+                            }
+                            &Apache::lonnet::appenv(\%userenv);
+                        }
                     }
                 }
             }
@@ -2626,7 +2962,7 @@ sub update_session_roles {
             &curr_role_status($currstart,$currend,$refresh,$update);
         my ($rolekey) = ($envkey =~ /^user\.role\.(.+)$/);
         my ($role,$rest)=split(m{\./},$rolekey,2);
-        $rest = '/'.$rest; 
+        $rest = '/'.$rest;
         if (&Apache::lonnet::delenv($envkey,undef,[$role])) {
             if ($status_in_env eq 'active') {
                 if ($role eq 'gr') {
@@ -2826,15 +3162,15 @@ sub update_session_roles {
                         }
                         my $groupdesc;
                         unless (ref($curr_groups{$cdom.'_'.$cnum}) eq 'HASH') {
-                            %{$curr_groups{$cdom.'_'.$cnum}} =
+                            %{$curr_groups{$cdom.'_'.$cnum}} = 
                                 &Apache::longroup::coursegroups($cdom,$cnum);
                         }
                         unless ((ref($groupdescs{$cdom.'_'.$cnum}) eq 'HASH') &&
                             ($groupdescs{$cdom.'_'.$cnum}{$group})) {
 
-                            my %groupinfo =
+                            my %groupinfo = 
                                 &Apache::longroup::get_group_settings($curr_groups{$cdom.'_'.$cnum}{$group});
-                            $groupdescs{$cdom.'_'.$cnum}{$group} =
+                            $groupdescs{$cdom.'_'.$cnum}{$group} = 
                                 &unescape($groupinfo{'description'});
                         }
                         $groupdesc = $groupdescs{$cdom.'_'.$cnum}{$group};
@@ -2953,7 +3289,7 @@ sub update_session_roles {
                 my $cdom = $env{'course.'.$cid.'.domain'};
                 my $cnum = $env{'course.'.$cid.'.num'};
                 my %curr_groups = &Apache::longroup::coursegroups($cdom,$cnum);
-                my %groupdesc;
+                my %groupdesc; 
                 if (ref($groupchange{$crs}) eq 'HASH') {
                     $groupchgmsg .= '<li>'.&mt('Course/Community: [_1]','<b>'.$crsdesc.'</b><ul>');
                     foreach my $group (sort(keys(%{$groupchange{$crs}}))) {
@@ -3108,7 +3444,7 @@ sub is_active_course {
 }
 
 sub get_roles_functions {
-    my ($rolescount,$cattype) = @_;
+    my ($rolescount,$cattype,$userapprovals) = @_;
     my @links;
     push(@links,["javascript:rolesView('doupdate');",'start-here-22x22',&mt('Check for changes')]);
     if ($env{'environment.canrequest.author'}) {
@@ -3137,6 +3473,13 @@ sub get_roles_functions {
     unless ($cattype eq 'none') {
         push(@links,['/adm/coursecatalog','ccat-22x22',&mt('Course catalog')]);
     }
+    if ($userapprovals) {
+        if ($env{'form.approvals'} eq 'show') {
+            push(@links,["javascript:rolesView('noapprovals');",'list-add-22x22',&mt('Hide pending')]);
+        } else {
+            push(@links,["javascript:rolesView('approvals');",'list-add-22x22',&mt('Show pending')]);
+        }
+    }
     my $funcs;
     if ($env{'browser.mobile'}) {
         my @functions;
@@ -3154,7 +3497,7 @@ sub get_roles_functions {
         foreach my $link (@links) {
             $funcs .= &Apache::lonhtmlcommon::add_item_funclist(
                           '<a href="'.$link->[0].'" class="LC_menubuttons_link">'.
-                          '<img src="/res/adm/pages/'.$link->[1].'.png" class="LC_icon" alt="'.$link->[2].'" />'.
+                          '<img src="/res/adm/pages/'.$link->[1].'.png" class="LC_icon" alt="'.$link->[2].' '.&mt('icon').'" aria-hidden="true" />'.
                           $link->[2].'</a>');
         }
         $funcs .= &Apache::lonhtmlcommon::end_funclist();
@@ -3186,7 +3529,7 @@ sub get_queued {
             if (ref($history{'details'}) eq 'HASH') {
                 $description = $history{details}{'cdescr'};
             }
-            @{$reqcrs{$reqtime}} = ($description,$showtype);
+            @{$reqcrs{$reqtime}} = ($description,$showtype); 
         }
     }
     my @sortedtimes = sort {$a <=> $b} (keys(%reqcrs));
@@ -3240,15 +3583,139 @@ sub get_queued {
     unless ($output) {
         if ($env{'environment.canrequest.author'} || $env{'environment.canrequest.official'} ||
             $env{'environment.canrequest.unofficial'} || $env{'environment.canrequest.community'}) {
-            $output = &mt('No requests for courses, communities or authoring currently queued');
+            $output = '<span class="LC_info">'.
+                      &mt('No requests for courses, communities or authoring currently queued').
+                      '</span>';
         } else {
-            $output = &mt('No enrollment requests currently queued awaiting approval');
+            $output = '<span class="LC_info">'.
+                      &mt('No enrollment requests currently queued awaiting approval').
+                      '</span>';
         }
     }
     return '<div class="LC_left_float"><fieldset><legend>'.&mt('Queued requests').'</legend>'.
            $output.'</fieldset></div><br clear="all" />';
 }
 
+sub get_approvals {
+    return &Apache::loncoursequeueadmin::display_queued_requests('othdomaction',$env{'user.domain'},'','user');
+}
+
+sub process_lti {
+    my ($r,$cdom,$cnum) = @_;
+    my %lti = &Apache::lonnet::get_domain_lti($cdom,'provider');
+    my $uriscope = &LONCAPA::ltiutils::lti_provider_scope($env{'request.lti.uri'},
+                                                          $cdom,$cnum);
+    my $lonhost = $r->dir_config('lonHostID');
+    my $internet_names = &Apache::lonnet::get_internet_names($lonhost);
+    if ($env{'request.lti.rosterid'} &&
+        $env{'request.lti.rosterurl'}) {
+        if (ref($lti{$env{'request.lti.login'}}) eq 'HASH') {
+            if ($lti{$env{'request.lti.login'}}{'roster'}) {
+                my @lcroles = ('in','ta','ep','st');
+                my @possibleroles;
+                foreach my $role (@lcroles) {
+                    if (&Apache::lonnet::allowed('c'.$role,"$cdom/$cnum")) {
+                        push(@possibleroles,$role);
+                    }
+                }
+                my $owner = $env{'course.'.$cdom.'_'.$cnum.'.internal.courseowner'};
+                if ($owner eq $env{'user.name'}.':'.$env{'user.domain'}) {
+                    my $crstype = &Apache::loncommon::course_type($cdom.'_'.$cnum);
+                    if ($crstype eq 'Community') {
+                        unshift(@possibleroles,'co');
+                    } else {
+                        unshift(@possibleroles,'cc');
+                    }
+                }
+                if (@possibleroles) {
+                    push(@{$rosterupdates},{cid        => $cdom.'_'.$cnum,
+                                            lti        => $env{'request.lti.login'},
+                                            ltiref     => $lti{$env{'request.lti.login'}},
+                                            id         => $env{'request.lti.rosterid'},
+                                            url        => $env{'request.lti.rosterurl'},
+                                            sourcecrs  => $env{'request.lti.sourcecrs'},
+                                            uriscope   => $uriscope,
+                                            possroles  => \@possibleroles,
+                                            intdoms    => $internet_names,
+                                           });
+                    unless ($registered_cleanup) {
+                        my $handlers = $r->get_handlers('PerlCleanupHandler');
+                        $r->set_handlers('PerlCleanupHandler' =>
+                                         [\&ltienroll,@{$handlers}]);
+                        $registered_cleanup=1;
+                    }
+                }
+            }
+        }
+    }
+    if ($env{'request.lti.passbackid'} &&
+        $env{'request.lti.passbackurl'}) {
+        if (ref($lti{$env{'request.lti.login'}}) eq 'HASH') {
+            if ($lti{$env{'request.lti.login'}}{'passback'}) {
+                my ($pbnum,$error) =
+                    &LONCAPA::ltiutils::store_passbackurl($env{'request.lti.login'},
+                                                          $env{'request.lti.passbackurl'},
+                                                          $cdom,$cnum);
+                if ($pbnum eq '') {
+                    $pbnum = $env{'request.lti.passbackurl'};
+                }
+                &Apache::lonnet::put('nohist_'.$cdom.'_'.$cnum.'_passback',
+                                     {"$uriscope\0$env{'request.lti.sourcecrs'}\0$env{'request.lti.login'}" =>
+                                     "$pbnum\0$env{'request.lti.passbackid'}"});
+            }
+        }
+    }
+    return;
+}
+
+sub ltienroll {
+    if (ref($rosterupdates) eq 'ARRAY') {
+        foreach my $item (@{$rosterupdates}) {
+            if (ref($item) eq 'HASH') {
+                &LONCAPA::ltiutils::batchaddroster($item);
+            }
+        }
+        $rosterupdates = []; 
+    }
+    return OK;
+}
+
+sub set_deeplink_target {
+    my ($cnum,$cdom) = @_;
+    if (($cnum ne '') && ($cdom ne '')) {
+        my $deeplink_symb = &Apache::loncommon::deeplink_login_symb($cnum,$cdom);
+        if ($deeplink_symb ne '') {
+            my $deeplink;
+            if ($deeplink_symb =~ /\.(page|sequence)$/) {
+                my $mapname = &Apache::lonnet::deversion((&Apache::lonnet::decode_symb($deeplink_symb))[2]);
+                my $navmap = Apache::lonnavmaps::navmap->new();
+                if (ref($navmap)) {
+                    $deeplink = $navmap->get_mapparam(undef,$mapname,'0.deeplink');
+                }
+            } elsif ($deeplink_symb ne '') {
+                $deeplink = &Apache::lonnet::EXT('resource.0.deeplink',$deeplink_symb);
+            }
+            if ($deeplink ne '') {
+                my ($state,$others,$listed,$scope,$protect,$display,$target) = split(/,/,$deeplink);
+                if ($target ne '') {
+                    &Apache::lonnet::appenv({'request.deeplink.target' => $target});
+                } elsif (exists($env{'request.deeplink.target'})) {
+                    &Apache::lonnet::delenv('request.deeplink.target');
+                }
+            }
+        }
+    }
+    return;
+}
+
+sub set_supplemental_access {
+    my ($cnum,$cdom) = @_;
+    my ($supplemental,$refs_updated) = &Apache::loncommon::get_supplemental($cnum,$cdom);
+    unless ($refs_updated) {
+        &Apache::loncommon::set_supp_httprefs($cnum,$cdom,$supplemental);
+    }
+}
+
 1;
 __END__