--- loncom/auth/lonroles.pm	2001/10/31 17:47:55	1.30
+++ loncom/auth/lonroles.pm	2003/06/18 15:05:32	1.61
@@ -1,15 +1,45 @@
 # The LearningOnline Network with CAPA
 # User Roles Screen
+#
+# $Id: lonroles.pm,v 1.61 2003/06/18 15:05:32 www Exp $
+#
+# Copyright Michigan State University Board of Trustees
+#
+# This file is part of the LearningOnline Network with CAPA (LON-CAPA).
+#
+# LON-CAPA is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# LON-CAPA is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with LON-CAPA; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+# /home/httpd/html/adm/gpl.txt
+#
+# http://www.lon-capa.org/
+#
 # (Directory Indexer
 # (Login Screen
+# YEAR=1999
 # 5/21/99,5/22,5/25,5/26,5/31,6/2,6/10,7/12,7/14 Gerd Kortemeyer)
 # 11/23 Gerd Kortemeyer)
+# YEAR=2000
 # 1/14,03/06,06/01,07/22,07/24,07/25,
 # 09/04,09/06,09/28,09/29,09/30,10/2,10/5,10/26,10/28,
 # 12/08,12/28,
+# YEAR=2001
 # 01/15/01 Gerd Kortemeyer
-# 02/27/01 Scott Harrison
 # 03/02,05/03,05/25,05/30,06/01,07/06,08/06 Gerd Kortemeyer
+# 12/29 Gerd Kortemeyer
+#
+###
 
 package Apache::lonroles;
 
@@ -20,6 +50,7 @@ use Apache::Constants qw(:common);
 use Apache::File();
 use Apache::lonmenu;
 use Apache::loncommon;
+use Apache::lonannounce;
 
 sub handler {
 
@@ -33,75 +64,137 @@ sub handler {
 # ================================================================== Roles Init
 
     if ($ENV{'form.selectrole'}) {
-       &Apache::lonnet::appenv("request.course.id"  => '',
-                               "request.course.fn"  => '',
-                               "request.course.uri" => '',
-                               "request.course.sec" => '',
-                               "request.role" => 'cm'); 
+	if ($ENV{'request.course.id'}) {
+	    my %temp=('logout_'.$ENV{'request.course.id'} => time);
+	    &Apache::lonnet::put('email_status',\%temp);
+        }
+	&Apache::lonnet::appenv("request.course.id"   => '',
+				"request.course.fn"   => '',
+				"request.course.uri"  => '',
+				"request.course.sec"  => '',
+				"request.role"        => 'cm',
+                                "request.role.adv"    => $ENV{'user.adv'},
+				"request.role.domain" => $ENV{'user.domain'});
         foreach $envkey (keys %ENV) {
-         if ($envkey=~/^user\.role\./) {
-	    my ($dum1,$dum2,$role,@pwhere)=split(/\./,$envkey);
+            next if ($envkey!~/^user\.role\./);
+	    my (undef,undef,$role,@pwhere)=split(/\./,$envkey);
             my $where=join('.',@pwhere);
             my $trolecode=$role.'.'.$where;
             if ($ENV{'form.'.$trolecode}) {
-               my ($tstart,$tend)=split(/\./,$ENV{$envkey});
-               my $tstatus='is';
-               if ($tstart) {
-      		  if ($tstart>$then) { 
-                     $tstatus='future';
-                  }
-               }
-               if ($tend) {
-                  if ($tend<$then) { $tstatus='expired'; }
-                  if ($tend<$now) { $tstatus='will_not'; }
-               }
-               if ($tstatus eq 'is') {
-                   $where=~s/^\///;
-                   my ($cdom,$cnum,$csec)=split(/\//,$where);
-                   &Apache::lonnet::appenv('request.role' => $trolecode,
-                                           'request.course.sec' => $csec);
-                   my $msg='Entering course ...';
-                   if (($cnum) && ($role ne 'ca')) {
-		      my ($furl,$ferr)=
-			  &Apache::lonuserstate::readmap($cdom.'/'.$cnum);
-                      if (($ENV{'form.orgurl'}) && 
-                          ($ENV{'form.orgurl'}!~/^\/adm\/flip/)) {
-                         $r->internal_redirect($ENV{'form.orgurl'});
-                         return OK;
-		     } else {
-                         unless ($ENV{'request.course.id'}) {
-                             &Apache::lonnet::appenv(
-				 "request.course.id"  => $cdom.'_'.$cnum);
-                             $furl='/adm/notfound.html';
-                             $msg=
-	 '<h1><font color=red>Could not initialize top-level map.</font></h1>';
-                          }
-	                 $r->content_type('text/html');
-                         &Apache::loncommon::no_cache($r);
-                         $r->send_http_header;
-                         my $swinfo=&Apache::lonmenu::rawconfig;
-                         print (<<ENDREDIR);
+		my ($tstart,$tend)=split(/\./,$ENV{$envkey});
+		my $tstatus='is';
+		if ($tstart) {
+		    if ($tstart>$then) { 
+			$tstatus='future';
+		    }
+		}
+		if ($tend) {
+		    if ($tend<$then) { $tstatus='expired'; }
+		    if ($tend<$now) { $tstatus='will_not'; }
+		}
+		if ($tstatus eq 'is') {
+		    $where=~s/^\///;
+		    my ($cdom,$cnum,$csec)=split(/\//,$where);
+# check for keyed access
+		    if (($role eq 'st') && 
+                       ($ENV{'course.'.$cdom.'_'.$cnum.'.keyaccess'} eq 'yes')) {
+		         unless (&Apache::lonnet::validate_access_key(
+				     $ENV{'environment.key.'.$cdom.'_'.$cnum},
+					     $cdom,$cnum)) {
+# there is no valid key
+			     if ($ENV{'form.newkey'}) {
+# student attempts to register a new key
+			     } else {
+# print form to enter a new key
+				 $r->content_type('text/html');
+				 &Apache::loncommon::no_cache($r);
+				 $r->send_http_header;
+				 my $swinfo=&Apache::lonmenu::rawconfig();
+				 my $bodytag=&Apache::loncommon::bodytag
+				    ('Enter Access Key to Unlock this Course');
+				 $r->print(<<ENDENTERKEY);
+<head><title>Entering Course Access Key</title>
+</head>
+<html>
+$bodytag
+<script>
+$swinfo
+</script>
+<form method="post">
+<input type="hidden" name="selectrole" value="$ENV{'form.selectrole'}" />
+<input type="text" size="20" name="newkey" value="$ENV{'form.newkey'}" />
+<input type="submit" value="Enter key" />
+</form>
+</body></html>
+ENDENTERKEY
+				 return OK;
+			     }
+			 }
+		     }
+                    my $tadv=0;
+                    if (($trolecode!~/^st/) && 
+                        ($trolecode!~/^ta/) && 
+                        ($trolecode!~/^cm/)) { $tadv=1; }
+		    &Apache::lonnet::appenv(
+                                           'request.role'        => $trolecode,
+					   'request.role.adv'    => $tadv,
+					   'request.role.domain' => $cdom,
+					   'request.course.sec'  => $csec);
+		    my $msg='Entering course ...';
+		    if (($cnum) && ($role ne 'ca')) {
+			my ($furl,$ferr)=
+			    &Apache::lonuserstate::readmap($cdom.'/'.$cnum);
+			if (($ENV{'form.orgurl'}) && 
+			    ($ENV{'form.orgurl'}!~/^\/adm\/flip/)) {
+			    $r->internal_redirect($ENV{'form.orgurl'});
+			    return OK;
+			} else {
+			    unless ($ENV{'request.course.id'}) {
+				&Apache::lonnet::appenv(
+				      "request.course.id"  => $cdom.'_'.$cnum);
+				$furl='/adm/roles?tryagain=1';
+				$msg=
+	 '<h1><font color=red>Could not initialize course at this time.</font></h1><h3>Please try again.</h3>';
+			    }
+
+			    # Check to see if the user is a CC entering a course 
+			    # for the first time
+			    my (undef, undef, $role, $courseid) = split(/\./, $envkey);
+			    if (substr($courseid, 0, 1) eq '/') {
+				$courseid = substr($courseid, 1);
+			    }
+			    $courseid =~ s/\//_/;
+			    if ($role eq 'cc' && $ENV{'course.' . $courseid . 
+							  '.course.helper.not.run'}) {
+				$furl = "/adm/helper/course.initialization.helper";
+			    }
+
+			    $r->content_type('text/html');
+			    &Apache::loncommon::no_cache($r);
+			    $r->send_http_header;
+			    my $swinfo=&Apache::lonmenu::rawconfig();
+			    my $bodytag=&Apache::loncommon::bodytag('Switching Role');
+			    print (<<ENDREDIR);
 <head><title>Entering Course</title>
 <meta HTTP-EQUIV="Refresh" CONTENT="1; url=$furl">
 </head>
 <html>
-<body bgcolor="#FFFFFF">
+$bodytag
 <script>
 $swinfo
 </script>
-$msg
+<h1>$msg</h1>
 </body>
 </html>
 ENDREDIR
                             return OK;
-                     }
-                   }
-               }
-            } 
-	  }
+			}
+		    }
+		}
+            }
         }
-   }
-        
+    }
+
 
 # =============================================================== No Roles Init
 
@@ -110,12 +203,17 @@ ENDREDIR
     $r->send_http_header;
     return OK if $r->header_only;
 
-    my $swinfo=&Apache::lonmenu::rawconfig;
+    my $swinfo=&Apache::lonmenu::rawconfig();
+    my $bodytag=&Apache::loncommon::bodytag('User Roles');
+    my $helptag=&Apache::loncommon::help_open_topic
+     ("General_Intro","Click here for help");
     $r->print(<<ENDHEADER);
 <html>
 <head>
 <title>LON-CAPA User Roles</title>
-</head><body bgcolor="#FFFFFF">
+</head>
+$bodytag
+$helptag<br />
 <script>
 $swinfo
 window.focus();
@@ -126,19 +224,15 @@ ENDHEADER
 
     my ($fn,$priv,$nochoose,$error,$msg)=split(/:/,$ENV{'user.error.msg'});
     if ($ENV{'user.error.msg'}) {
-       $r->log_reason(
-     "$msg for $ENV{'user.name'} domain $ENV{'user.domain'} access $priv",$fn);
+	$r->log_reason(
+   "$msg for $ENV{'user.name'} domain $ENV{'user.domain'} access $priv",$fn);
     }
 
-# ---------------------------------------------------------------- Who is this?
+# ------------------------------------------------- Can this user re-init, etc?
 
-    my $advanced=0;
-    foreach $envkey (keys %ENV) {
-        if ($envkey=~/^user\.role\./) {
-	    my ($dum1,$dum2,$role,@pwhere)=split(/\./,$envkey);
-            if ($role ne 'st') { $advanced=1; }
-        }
-    }
+    my $advanced=$ENV{'user.adv'};
+    &Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'},['tryagain']);
+    my $tryagain=$ENV{'form.tryagain'};
 
 # -------------------------------------------------------- Generate Page Output
 # --------------------------------------------------------------- Error Header?
@@ -149,7 +243,6 @@ ENDHEADER
         $r->print("Resource: $fn\n");
         $r->print("Action  : $msg\n</pre><hr>");
     } else {
-        $r->print("<h1>LON-CAPA User Roles</h1>");
         if ($ENV{'user.error.msg'}) {
 	    $r->print(
  '<h3><font color=red>You need to choose another user role or '.
@@ -159,22 +252,27 @@ ENDHEADER
 # -------------------------------------------------------- Choice or no choice?
     if ($nochoose) {
         if ($advanced) {
-	   $r->print("<h2>Assigned User Roles</h2>\n");
+	    $r->print("<h2>Assigned User Roles</h2>\n");
         } else {
-           $r->print("<h2>Sorry ...</h2>\nThis resource might be part of");
-           if ($ENV{'request.course.id'}) {
-	       $r->print(' another');
-           } else {
-               $r->print(' a certain');
-           } 
-           $r->print(' course.</body></html>');
-           return OK;
+	    $r->print("<h2>Sorry ...</h2>\nThis resource might be part of");
+	    if ($ENV{'request.course.id'}) {
+		$r->print(' another');
+	    } else {
+		$r->print(' a certain');
+	    } 
+	    $r->print(' course.</body></html>');
+	    return OK;
         } 
     } else {
         if ($advanced) {
-           $r->print("<h2>Select a User Role</h2>\n");
+	    $r->print("Your home server is ".
+		      $Apache::lonnet::hostname{&Apache::lonnet::homeserver
+                      ($ENV{'user.name'},$ENV{'user.domain'})}.
+		      "<br />\n");
+	    $r->print("Author and Co-Author roles may not be available on ".
+		      "servers other than your home server.");
         } else {
-	   $r->print("<h2>Enter a Course</h2>\n");
+	    $r->print("<h2>Select a Course to Enter</h2>\n");
         }
         if (($ENV{'REDIRECT_QUERY_STRING'}) && ($fn)) {
     	    $fn.='?'.$ENV{'REDIRECT_QUERY_STRING'};
@@ -189,12 +287,15 @@ ENDHEADER
 # ----------------------------------------------------------------------- Table
     $r->print('<table><tr>');
     unless ($nochoose) { $r->print('<th>&nbsp;</th>'); }
-       $r->print('<th>User Role</th><th colspan=2>Extent</th>'.
-                 '<th>Start</th><th>End</th><th>Remark</th></tr>'."\n");
+    $r->print('<th>User Role</th><th colspan=2>Extent</th>'.
+	      '<th>Start</th><th>End</th><th>Remark</th></tr>'."\n");
 
     foreach $envkey (sort keys %ENV) {
+        my $button = 1;
+        my $switchserver='';
         if ($envkey=~/^user\.role\./) {
-	    my ($dum1,$dum2,$role,@pwhere)=split(/\./,$envkey);
+	    my (undef,undef,$role,@pwhere)=split(/\./,$envkey);
+            next if (!defined($role) || $role eq '');
             my $where=join('.',@pwhere);
             my $trolecode=$role.'.'.$where;
             my ($tstart,$tend)=split(/\./,$ENV{$envkey});
@@ -202,18 +303,19 @@ ENDHEADER
             my $tstatus='is';
             my $tpstart='&nbsp;';
             my $tpend='&nbsp;';
+            my $tfont='#000000';
             if ($tstart) {
 		if ($tstart>$then) { 
-                   $tstatus='future';
-                   if ($tstart<$now) { $tstatus='will'; }
+                    $tstatus='future';
+                    if ($tstart<$now) { $tstatus='will'; }
                 }
                 $tpstart=localtime($tstart);
             }
             if ($tend) {
                 if ($tend<$then) { 
-                   $tstatus='expired'; 
+                    $tstatus='expired'; 
                 } elsif ($tend<$now) { 
-                   $tstatus='will_not'; 
+                    $tstatus='will_not'; 
                 }
                 $tpend=localtime($tend);
             }
@@ -221,161 +323,225 @@ ENDHEADER
 		$tstatus='selected';
             }
             my $tbg;
-           if (($tstatus eq 'is') || ($tstatus eq 'selected') ||
-               ($ENV{'form.showall'})) {
-            if ($tstatus eq 'is') {
-		$tbg='#77FF77';
-            } elsif ($tstatus eq 'future') {
-                $tbg='#FFFF77';
-            } elsif ($tstatus eq 'will') {
-                $tbg='#FFAA77';
-                $tremark.='Active at next login. ';
-            } elsif ($tstatus eq 'expired') {
-                $tbg='#FF7777';
-	    } elsif ($tstatus eq 'will_not') {
-                $tbg='#AAFF77';
-                $tremark.='Expired after logout. ';
-            } elsif ($tstatus eq 'selected') {
-                $tbg='#11CC55';
-                $tremark.='Currently selected. ';
-            }
-            my $trole;
-            if ($role =~ /^cr\//) {
-	       my ($rdummy,$rdomain,$rauthor,$rrole)=split(/\//,$role);
-               $tremark.='<br>Defined by '.$rauthor.' at '.$rdomain.'.';
-               $trole=$rrole;
-	    } else {
-               $trole=Apache::lonnet::plaintext($role);
-            }
-            my $ttype;
-            my $twhere;
-            my ($tdom,$trest,$tsection)=
-               split(/\//,Apache::lonnet::declutter($where));
-            if ($trest) {
-	      if ($role eq 'ca') {
-	        $ttype='Construction Space';
-                $twhere='User: '.$trest.'<br>Domain: '.$tdom;
-                $ENV{'course.'.$tdom.'_'.$trest.'.description'}='ca';
-              } else {
-		$ttype='Course';
-                if ($tsection) {
-                   $ttype.='<br>Section/Group: '.$tsection;
-                }     
-                my $tcourseid=$tdom.'_'.$trest;
-                if ($ENV{'course.'.$tcourseid.'.description'}) {
-		    $twhere=$ENV{'course.'.$tcourseid.'.description'};
+            if (($tstatus eq 'is') || ($tstatus eq 'selected') ||
+                ($ENV{'form.showall'})) {
+                if ($tstatus eq 'is') {
+                    $tbg='#77FF77';
+                    $tfont='#003300';
+                } elsif ($tstatus eq 'future') {
+                    $tbg='#FFFF77';
+                    $button=0;
+                } elsif ($tstatus eq 'will') {
+                    $tbg='#FFAA77';
+                    $tremark.='Active at next login. ';
+                } elsif ($tstatus eq 'expired') {
+                    $tbg='#FF7777';
+                    $tfont='#330000';
+                    $button=0;
+                } elsif ($tstatus eq 'will_not') {
+                    $tbg='#AAFF77';
+                    $tremark.='Expired after logout. ';
+                } elsif ($tstatus eq 'selected') {
+                    $tbg='#11CC55';
+                    $tfont='#002200';
+                    $tremark.='Currently selected. ';
+                }
+                my $trole;
+                if ($role =~ /^cr\//) {
+                    my ($rdummy,$rdomain,$rauthor,$rrole)=split(/\//,$role);
+                    $tremark.='<br>Defined by '.$rauthor.' at '.$rdomain.'.';
+                    $trole=$rrole;
                 } else {
-                    my %newhash=Apache::lonnet::coursedescription($tcourseid);
-                    if (%newhash) {
-			$twhere=$newhash{'description'};
+                    $trole=Apache::lonnet::plaintext($role);
+                }
+                my $ttype;
+                my $twhere;
+                my ($tdom,$trest,$tsection)=
+                    split(/\//,Apache::lonnet::declutter($where));
+                # First, Co-Authorship roles
+                if ($role eq 'ca') {
+                    my $home = &Apache::lonnet::homeserver($trest,$tdom);
+                    if ($home ne $r->dir_config('lonHostID')) {
+			$button=0;
+                        $switchserver=&Apache::lonnet::escape('http://'.
+                         $Apache::lonnet::hostname{$home}.
+                         '/adm/login?domain='.$ENV{'user.domain'}.
+			  '&username='.$ENV{'user.name'}.
+                          '&firsturl=/priv/'.$trest);
+                    }
+                    #next if ($home eq 'no_host');
+                    $home = $Apache::lonnet::hostname{$home};
+                    $ttype='Construction Space';
+                    $twhere='User: '.$trest.'<br />Domain: '.$tdom.'<br />'.
+                        ' Server:&nbsp;'.$home;
+                    $ENV{'course.'.$tdom.'_'.$trest.'.description'}='ca';
+                } elsif ($role eq 'au') {
+                    # Authors
+                    my $home = &Apache::lonnet::homeserver
+                        ($ENV{'user.name'},$ENV{'user.domain'});
+                    if ($home ne $r->dir_config('lonHostID')) {
+			$button=0;
+                        $switchserver=&Apache::lonnet::escape('http://'.
+                         $Apache::lonnet::hostname{$home}.
+                          '/adm/login?domain='.$ENV{'user.domain'}.
+			   '&username='.$ENV{'user.name'}.
+                           '&firsturl=/priv/'.$ENV{'user.name'});
+                    }
+                    #next if ($home eq 'no_host');
+                    $home = $Apache::lonnet::hostname{$home};
+                    $ttype='Construction Space';
+                    $twhere='Domain: '.$tdom.'<br />Server:&nbsp;'.$home;
+                    $ENV{'course.'.$tdom.'_'.$trest.'.description'}='ca';
+                } elsif ($trest) {
+                    $ttype='Course';
+                    if ($tsection) {
+                        $ttype.='<br>Section/Group: '.$tsection;
+		    }
+                    my $tcourseid=$tdom.'_'.$trest;
+                    if ($ENV{'course.'.$tcourseid.'.description'}) {
+                        $twhere=$ENV{'course.'.$tcourseid.'.description'};
+                        unless ($twhere eq 'Currently not available') {
+			    $twhere.=' <font size="-2">'.
+        &Apache::loncommon::syllabuswrapper('Syllabus',$trest,$tdom,$tfont).
+                                    '</font>';
+			}
                     } else {
-                        $twhere='Currently not available';
-                        $ENV{'course.'.$tcourseid.'.description'}=$twhere;
+                        my %newhash=Apache::lonnet::coursedescription
+                            ($tcourseid);
+                        if (%newhash) {
+                            $twhere=$newhash{'description'}.
+                              ' <font size="-2">'.
+        &Apache::loncommon::syllabuswrapper('Syllabus',$trest,$tdom,$tfont).
+                              '</font>';
+                        } else {
+                            $twhere='Currently not available';
+                            $ENV{'course.'.$tcourseid.'.description'}=$twhere;
+                        }
                     }
-                }
-	      }
-            } elsif ($tdom) {
-                $ttype='Domain';
-                $twhere=$tdom;
-            } else {
-                $ttype='System';
-                $twhere='system wide';
-            }
-               
-            $r->print('<tr bgcolor='.$tbg.'>');
-            unless ($nochoose) {
-		if ($tstatus eq 'is') {
-                    $r->print('<td><input type=submit value=Select name="'.
-                              $trolecode.'"></td>');
-                } elsif ($ENV{'user.adv'}) {
-                    $r->print(
-                        '<td><input type=submit value="Re-Initialize" name="'.
-                              $trolecode.'"></td>');
+		    if ($role ne 'st') { $twhere.="<br />Domain:".$tdom; }
+                } elsif ($tdom) {
+                    $ttype='Domain';
+                    $twhere=$tdom;
                 } else {
-                    $r->print('<td>&nbsp;</td>');
+                    $ttype='System';
+                    $twhere='system wide';
                 }
-            }
-            $r->print('<td>'.$trole.'</td><td>'.
-		      $ttype.'</td><td>'.$twhere.'</td><td>'.$tpstart.
-                      '</td><td>'.$tpend.
-                      '</td><td>'.$tremark.'&nbsp;</td></tr>'."\n");
-	}
+ 
+                $r->print('<tr bgcolor='.$tbg.'>');
+                unless ($nochoose) {
+                    if (!$button) {
+			if ($switchserver) {
+			    $r->print('<td><a href="/adm/logout?handover='.
+                              $switchserver.'">Switch Server</a></td>');
+                        } else {
+                            $r->print('<td>&nbsp;</td>');
+                        }
+                    } elsif ($tstatus eq 'is') {
+                        $r->print('<td><input type=submit value=Select name="'.
+                                  $trolecode.'"></td>');
+                    } elsif ($tryagain) {
+                        $r->print
+                        ('<td><input type=submit value="Try Selecting Again"'.
+                             ' name="'.$trolecode.'"></td>');
+                    } elsif ($advanced) {
+                        $r->print
+                            ('<td><input type=submit value="Re-Initialize"'.
+                             ' name="'.$trolecode.'"></td>');
+                    } else {
+                        $r->print('<td>&nbsp;</td>');
+                    }
+                }
+                $tremark.=&Apache::lonannounce::showday(time,1,
+                         &Apache::lonannounce::readcalendar($tdom.'_'.$trest));
+                
+		$r->print('<td><font color="'.$tfont.'">'.$trole.
+                      '</font></td><td><font color="'.$tfont.'">'.$ttype.
+                      '</font></td><td><font color="'.$tfont.'">'.$twhere.
+                      '</font></td><td><font color="'.$tfont.'">'.$tpstart.
+                      '</font></td><td><font color="'.$tfont.'">'.$tpend.
+                      '</font></td><td><font color="'.$tfont.'">'.$tremark.
+                      '&nbsp;</font></td></tr>'."\n");
+	    }
         }
     }
     my $tremark='';
+    my $tfont='#003300';
     if ($ENV{'request.role'} eq 'cm') {
 	$r->print('<tr bgcolor="#11CC55">');
         $tremark='Currently selected.';
+        $tfont='#002200';
     } else {
         $r->print('<tr bgcolor="#77FF77">');
     }
     unless ($nochoose) {
-       if ($ENV{'request.role'} ne 'cm') {
-          $r->print('<td><input type=submit value=Select name="cm"></td>');
-       } else {
-          $r->print('<td>&nbsp;</td>');
-       }
+	if ($ENV{'request.role'} ne 'cm') {
+	    $r->print('<td><input type=submit value=Select name="cm"></td>');
+	} else {
+	    $r->print('<td>&nbsp;</td>');
+	}
     }
-    $r->print('<td colspan=5>No role specified'.
-                      '</td><td>'.$tremark.'&nbsp;</td></tr>'."\n");
+    $r->print('<td colspan=5><font color="'.$tfont.'">No role specified'.
+      '</font></td><td><font color="'.$tfont.'">'.$tremark.
+      '&nbsp;</font></td></tr>'."\n");
 
     $r->print('</table>');
     unless ($nochoose) {
 	$r->print("</form>\n");
     }
 # ------------------------------------------------------------ Privileges Info
-  if ($advanced) {
-    $r->print('<hr><h2>Current Privileges</h2>');
+    if (($advanced) && (($ENV{'user.error.msg'}) || ($error))) {
+	$r->print('<hr><h2>Current Privileges</h2>');
 
-    foreach $envkey (sort keys %ENV) {
-        if ($envkey=~/^user\.priv\.$ENV{'request.role'}\./) {
-            my $where=$envkey;
-            $where=~s/^user\.priv\.$ENV{'request.role'}\.//;
-            my $ttype;
-            my $twhere;
-            my ($tdom,$trest,$tsec)=
-               split(/\//,Apache::lonnet::declutter($where));
-            if ($trest) {
-	      if ($ENV{'course.'.$tdom.'_'.$trest.'.description'} eq 'ca') {
-	        $ttype='Construction Space';
-                $twhere='User: '.$trest.', Domain: '.$tdom;
-              } else {
-		$ttype='Course';
-                $twhere=$ENV{'course.'.$tdom.'_'.$trest.'.description'};
-                if ($tsec) {
-		    $twhere.=' (Section/Group: '.$tsec.')';
-                }
-	      }
-            } elsif ($tdom) {
-                $ttype='Domain';
-                $twhere=$tdom;
-            } else {
-                $ttype='System';
-                $twhere='/';
-            }
-            $r->print("\n<h3>".$ttype.': '.$twhere.'</h3><ul>');
-            map {
-              if ($_) {
-		  my ($prv,$restr)=split(/\&/,$_);
-                  my $trestr='';
-                  if ($restr ne 'F') {
-                      my $i;
-                      $trestr.=' (';
-                      for ($i=0;$i<length($restr);$i++) {
-		         $trestr.=
-                           Apache::lonnet::plaintext(substr($restr,$i,1));
-                         if ($i<length($restr)-1) { $trestr.=', '; }
-		      }
-                      $trestr.=')';
-                  }
-                  $r->print('<li>'.Apache::lonnet::plaintext($prv).$trestr.
-                            '</li>');
-	      }
-            } sort split(/:/,$ENV{$envkey});
-            $r->print('</ul>');
-        }
+	foreach $envkey (sort keys %ENV) {
+	    if ($envkey=~/^user\.priv\.$ENV{'request.role'}\./) {
+		my $where=$envkey;
+		$where=~s/^user\.priv\.$ENV{'request.role'}\.//;
+		my $ttype;
+		my $twhere;
+		my ($tdom,$trest,$tsec)=
+		    split(/\//,Apache::lonnet::declutter($where));
+		if ($trest) {
+		    if ($ENV{'course.'.$tdom.'_'.$trest.'.description'} eq 'ca') {
+			$ttype='Construction Space';
+			$twhere='User: '.$trest.', Domain: '.$tdom;
+		    } else {
+			$ttype='Course';
+			$twhere=$ENV{'course.'.$tdom.'_'.$trest.'.description'};
+			if ($tsec) {
+			    $twhere.=' (Section/Group: '.$tsec.')';
+			}
+		    }
+		} elsif ($tdom) {
+		    $ttype='Domain';
+		    $twhere=$tdom;
+		} else {
+		    $ttype='System';
+		    $twhere='/';
+		}
+		$r->print("\n<h3>".$ttype.': '.$twhere.'</h3><ul>');
+		foreach (sort split(/:/,$ENV{$envkey})) {
+		    if ($_) {
+			my ($prv,$restr)=split(/\&/,$_);
+			my $trestr='';
+			if ($restr ne 'F') {
+			    my $i;
+			    $trestr.=' (';
+			    for ($i=0;$i<length($restr);$i++) {
+				$trestr.=
+			       Apache::lonnet::plaintext(substr($restr,$i,1));
+				if ($i<length($restr)-1) { $trestr.=', '; }
+			    }
+			    $trestr.=')';
+			}
+			$r->print('<li>'.
+				  Apache::lonnet::plaintext($prv).$trestr.
+				  '</li>');
+		    }
+		}
+		$r->print('</ul>');
+	    }
+	}
     }
-  }
 
     $r->print("</body></html>\n");
     return OK;
@@ -383,3 +549,67 @@ ENDHEADER
 
 1;
 __END__
+
+=head1 NAME
+
+Apache::lonroles - User Roles Screen
+
+=head1 SYNOPSIS
+
+Invoked by /etc/httpd/conf/srm.conf:
+
+ <Location /adm/roles>
+ PerlAccessHandler       Apache::lonacc
+ SetHandler perl-script
+ PerlHandler Apache::lonroles
+ ErrorDocument     403 /adm/login
+ ErrorDocument	  500 /adm/errorhandler
+ </Location>
+
+=head1 INTRODUCTION
+
+This module enables a user to select what role he wishes to
+operate under (instructor, student, teaching assistant, course
+coordinator, etc).  These roles are pre-established by the actions
+of upper-level users.
+
+This is part of the LearningOnline Network with CAPA project
+described at http://www.lon-capa.org.
+
+=head1 HANDLER SUBROUTINE
+
+This routine is called by Apache and mod_perl.
+
+=over 4
+
+=item *
+
+Roles Initialization (yes/no)
+
+=item *
+
+Get Error Message from Environment
+
+=item *
+
+Who is this?
+
+=item *
+
+Generate Page Output
+
+=item *
+
+Choice or no choice
+
+=item *
+
+Table
+
+=item *
+
+Privileges
+
+=back
+
+=cut