--- loncom/homework/grades.pm	2003/04/30 20:16:02	1.88
+++ loncom/homework/grades.pm	2003/06/20 20:13:18	1.103
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # The LON-CAPA Grading handler
 #
-# $Id: grades.pm,v 1.88 2003/04/30 20:16:02 www Exp $
+# $Id: grades.pm,v 1.103 2003/06/20 20:13:18 albertel Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -49,6 +49,7 @@ use Apache::Constants qw(:common);
 use String::Similarity;
 
 my %oldessays=();
+my %perm=();
 
 # ----- These first few routines are general use routines.----
 #
@@ -130,58 +131,66 @@ sub getclasslist {
 	# filter students according to status selected
 	if ($filterlist && $ENV{'form.status'} ne 'Any') {
 	    if ($ENV{'form.status'} ne $status) {
+Apache->request->print("<p>removed</p>");
 		delete ($classlist->{$_});
 		next;
 	    }
 	}
 	$section = ($section ne '' ? $section : 'no');
-	if ($getsec eq 'all' || $getsec eq $section) {
-            $sections{$section}++;
-            $fullnames{$_}=$fullname;
-        } else {
-            delete($classlist->{$_});
-        }
+	if (&canview($section)) {
+	    if ($getsec eq 'all' || $getsec eq $section) {
+		$sections{$section}++;
+		$fullnames{$_}=$fullname;
+	    } else {
+		delete($classlist->{$_});
+	    }
+	} else {
+	    delete($classlist->{$_});
+	}
     }
     my %seen = ();
     my @sections = sort(keys(%sections));
     return ($classlist,\@sections,\%fullnames);
 }
 
-#find user domain
-sub finduser {
-    my ($name) = @_;
-    my $domain = '';
-    if ( $Apache::grades::viewgrades eq 'F' ) {
-	my %classlist=&Apache::lonnet::dump('classlist',
-					    $ENV{'course.'.$ENV{'request.course.id'}.'.domain'},
-					    $ENV{'course.'.$ENV{'request.course.id'}.'.num'});
-	my (@fields) = grep /^$name:/, keys %classlist;
-	($name, $domain) = split(/:/,$fields[0]);
-	return ($name,$domain);
-    } else {
-	return ($ENV{'user.name'},$ENV{'user.domain'});
+sub canmodify {
+    my ($sec)=@_;
+    if ($perm{'mgr'}) {
+	if (!defined($perm{'mgr_section'})) {
+	    # can modify whole class
+	    return 1;
+	} else {
+	    if ($sec eq $perm{'mgr_section'}) {
+		#can modify the requested section
+		return 1;
+	    } else {
+		# can't modify the request section
+		return 0;
+	    }
+	}
     }
+    #can't modify
+    return 0;
 }
 
-#--- Prompts a user to enter a username.
-sub moreinfo {
-    my ($request,$reason) = @_;
-    $request->print("Unable to process request: $reason");
-    if ( $Apache::grades::viewgrades eq 'F' ) {
-	$request->print('<form action="/adm/grades" method="post">'."\n");
-	if ($ENV{'form.url'}) {
-	    $request->print('<input type="hidden" name="url" value="'.$ENV{'form.url'}.'" />'."\n");
-	}
-	if ($ENV{'form.symb'}) {
-	    $request->print('<input type="hidden" name="symb" value="'.$ENV{'form.symb'}.'" />'."\n");
-	}
-	$request->print('<input type="hidden" name="command" value="'.$ENV{'form.command'}.'" />'."\n");
-	$request->print("Student:".'<input type="text" name="student" value="'.$ENV{'form.student'}.'" />'."<br />\n");
-	$request->print("Domain:".'<input type="text" name="domain" value="'.$ENV{'user.domain'}.'" />'."<br />\n");
-	$request->print('<input type="submit" name="submit" value="ReSubmit" />'."<br />\n");
-	$request->print('</form>');
+sub canview {
+    my ($sec)=@_;
+    if ($perm{'vgr'}) {
+	if (!defined($perm{'vgr_section'})) {
+	    # can modify whole class
+	    return 1;
+	} else {
+	    if ($sec eq $perm{'vgr_section'}) {
+		#can modify the requested section
+		return 1;
+	    } else {
+		# can't modify the request section
+		return 0;
+	    }
+	}
     }
-    return '';
+    #can't modify
+    return 0;
 }
 
 #--- Retrieve the grade status of a student for all the parts
@@ -466,8 +475,13 @@ LISTJAVASCRIPT
 	'onClick="javascript:checkSelect(this.form.stuinfo);" '.
 	'value="'.$viewgrade.'" /></form>'."\n";
     if ($ctr == 0) {
-	$gradeTable='<br />&nbsp;<font color="red">'.
-	    'No submission found for this resource.</font><br />';
+	my $num_students=(scalar(keys(%$fullname)));
+	if ($num_students eq 0) {
+	    $gradeTable='<br />&nbsp;<font color="red">There are no students currently enrolled.</font>';
+	} else {
+	    $gradeTable='<br />&nbsp;<font color="red">'.
+		'No submissions found for this resource for any students. ('.$num_students.' checked for submissions</font><br />';
+	}
     } elsif ($ctr == 1) {
 	$gradeTable =~ s/type=checkbox/type=checkbox checked/;
     }
@@ -1045,7 +1059,7 @@ sub submission {
 
     (my $url=$ENV{'form.url'})=~s-^http://($ENV{'SERVER_NAME'}|$ENV{'HTTP_HOST'})--;
     my ($uname,$udom)     = ($ENV{'form.student'},$ENV{'form.userdom'});
-    ($uname,$udom)        = &finduser($uname) if $udom eq '';
+
     $ENV{'form.fullname'} = &get_fullname ($uname,$udom) if $ENV{'form.fullname'} eq '';
 
     my $symb=($ENV{'form.symb'} ne '' ? $ENV{'form.symb'} : (&Apache::lonnet::symbread($url)));
@@ -1302,7 +1316,7 @@ KEYWORDS
 	my $lastone = pop @col_fullnames;
 	$msgfor .= ', '.(join ', ',@col_fullnames).' and '.$lastone.'.';
     }
-    $msgfor =~ s/\'/\\'/g; #\'
+    $msgfor =~ s/\'/\\'/g; #' stupid emacs
     $result.='<tr><td bgcolor="#ffffff">'."\n".
 	'&nbsp;<a href="javascript:msgCenter(document.SCORE,'.$counter.
 	',\''.$msgfor.'\')"; TARGET=_self>'.
@@ -1913,7 +1927,8 @@ sub viewgrades {
     my (undef,undef,$fullname) = &getclasslist($ENV{'form.section'},'1');
     my $ctr = 0;
     foreach (sort {lc($$fullname{$a}) cmp lc($$fullname{$b}) } keys %$fullname) {
-	my ($uname,$udom) = split(/:/);
+	my $uname = $_;
+	$uname=~s/:/_/;
 	$result.='<input type="hidden" name="ctr'.$ctr.'" value="'.$uname.'" />'."\n";
 	$result.=&viewstudentgrade($url,$symb,$ENV{'request.course.id'},
 				   $_,$$fullname{$_},\@parts,\%weight);
@@ -1923,6 +1938,10 @@ sub viewgrades {
     $result.='<input type="hidden" name="total" value="'.$ctr.'" />'."\n";
     $result.='<input type="button" value="Submit Changes" '.
 	'onClick="javascript:submit();" TARGET=_self /></form>'."\n";
+    if (scalar(%$fullname) eq 0) {
+	my $colspan=3+scalar(@parts);
+	$result='<font color="red">There are no students in section "'.$ENV{'form.section'}.'" with enrollment status "'.$ENV{'form.status'}.'" to modify or grade.</font>';
+    }
     $result.=&show_grading_menu_form($symb,$url);
     return $result;
 }
@@ -1931,6 +1950,7 @@ sub viewgrades {
 sub viewstudentgrade {
     my ($url,$symb,$courseid,$student,$fullname,$parts,$weight) = @_;
     my ($uname,$udom) = split(/:/,$student);
+    $student=~s/:/_/;
     my %record=&Apache::lonnet::restore($symb,$courseid,$udom,$uname);
     my $result='<tr bgcolor="#ffffdd"><td>'.
 	'<a href="javascript:viewOneStudent(\''.$uname.'\',\''.$udom.
@@ -1942,19 +1962,19 @@ sub viewstudentgrade {
 	if ($type eq 'awarded') {
 	    my $pts = $score eq '' ? '' : $score*$$weight{$part};
 	    $result.='<input type="hidden" name="'.
-		'GD_'.$uname.'_'.$part.'_awarded_s" value="'.$pts.'" />'."\n";
+		'GD_'.$student.'_'.$part.'_awarded_s" value="'.$pts.'" />'."\n";
 	    $result.='<td align="middle"><input type="text" name="'.
-		'GD_'.$uname.'_'.$part.'_awarded" '.
-		'onChange="javascript:changeSelect(\''.$part.'\',\''.$uname.
+		'GD_'.$student.'_'.$part.'_awarded" '.
+		'onChange="javascript:changeSelect(\''.$part.'\',\''.$student.
 		'\')" value="'.$pts.'" size="4" /></td>'."\n";
 	} elsif ($type eq 'solved') {
 	    my ($status,$foo)=split(/_/,$score,2);
 	    $status = 'nothing' if ($status eq '');
-	    $result.='<input type="hidden" name="'.'GD_'.$uname.'_'.
+	    $result.='<input type="hidden" name="'.'GD_'.$student.'_'.
 		$part.'_solved_s" value="'.$status.'" />'."\n";
 	    $result.='<td align="middle"><select name="'.
-		'GD_'.$uname.'_'.$part.'_solved" '.
-		'onChange="javascript:changeOneScore(\''.$part.'\',\''.$uname.'\')" >'."\n";
+		'GD_'.$student.'_'.$part.'_solved" '.
+		'onChange="javascript:changeOneScore(\''.$part.'\',\''.$student.'\')" >'."\n";
 	    my $optsel = '<option selected="on"> </option><option>excused</option>'."\n";
 	    $optsel = '<option> </option><option selected="on">excused</option>'."\n"
 		if ($status eq 'excused');
@@ -1962,10 +1982,10 @@ sub viewstudentgrade {
 	    $result.="</select></td>\n";
 	} else {
 	    $result.='<input type="hidden" name="'.
-		'GD_'.$uname.'_'.$part.'_'.$type.'_s" value="'.$score.'" />'.
+		'GD_'.$student.'_'.$part.'_'.$type.'_s" value="'.$score.'" />'.
 		    "\n";
 	    $result.='<td align="middle"><input type="text" name="'.
-		'GD_'.$uname.'_'.$part.'_'.$type.'" '.
+		'GD_'.$student.'_'.$part.'_'.$type.'" '.
 		'value="'.$score.'" size="4" /></td>'."\n";
 	}
     }
@@ -1985,7 +2005,7 @@ sub editgrades {
     $title.='<font size=+1><b>Section: </b>'.$ENV{'form.section'}.'</font>'."\n";
     my $result= '<table border="0"><tr><td bgcolor="#777777">'."\n";
     $result.= '<table border="0"><tr bgcolor="#deffff">'.
-	'<td rowspan=2><b>Username</b></td><td rowspan=2><b>Fullname</b></td>'."\n";
+	'<td rowspan=2><b>Username</b></td><td rowspan=2><b>Domain</b></td><td rowspan=2><b>Fullname</b></td>'."\n";
 
     my %scoreptr = (
 		    'correct'  =>'correct_by_override',
@@ -2033,16 +2053,19 @@ sub editgrades {
     $result .= '</tr><tr bgcolor="#deffff">';
     $result .= $header;
     $result .= '</tr>'."\n";
-
+    my $noupdate;
     for ($i=0; $i<$ENV{'form.total'}; $i++) {
+	my $line;
 	my $user = $ENV{'form.ctr'.$i};
+	my $usercolon = $user;
+	$usercolon =~s/_/:/;
+	my ($uname,$udom)=split(/_/,$user);
 	my %newrecord;
 	my $updateflag = 0;
-	my @userdom = grep /^$user:/,keys %$classlist;
-	my (undef,$udom) = split(/:/,$userdom[0]);
 
-	$result .= '<tr bgcolor="#ffffde"><td>'.$user.'&nbsp;</td><td>'.
-	    $$fullname{$userdom[0]}.'&nbsp;</td>';
+	$line .= '<tr bgcolor="#ffffde"><td>'.$uname.'&nbsp;</td><td>'.
+	    $udom.'&nbsp;</td><td>'.
+		$$fullname{$usercolon}.'&nbsp;</td>';
 	foreach (@partid) {
 	    my $old_aw    = $ENV{'form.GD_'.$user.'_'.$_.'_awarded_s'};
 	    my $old_part_pcr = $old_aw/($weight{$_} ne '0' ? $weight{$_}:1);
@@ -2062,7 +2085,7 @@ sub editgrades {
 	    }
 	    $score = 'excused' if (($ENV{'form.GD_'.$user.'_'.$_.'_solved'} eq 'excused') &&
 				   ($score ne 'excused'));
-	    $result .= '<td align="center">'.$old_aw.'&nbsp;</td>'.
+	    $line .= '<td align="center">'.$old_aw.'&nbsp;</td>'.
 		'<td align="center">'.$awarded.
 		($score eq 'excused' ? $score : '').'&nbsp;</td>';
 
@@ -2085,17 +2108,23 @@ sub editgrades {
 		    $newrecord{'resource.'.$part.'regrader'}="$ENV{'user.name'}:$ENV{'user.domain'}";
 		    $updateflag=1;
 		}
-		$result .= '<td align="center">'.$old_aw.'&nbsp;</td>'.
+		$line .= '<td align="center">'.$old_aw.'&nbsp;</td>'.
 		    '<td align="center">'.$awarded.'&nbsp;</td>';
 	    }
 	}
-	$result .= '</tr>'."\n";
+	$line.='</tr>'."\n";
 	if ($updateflag) {
 	    $count++;
 	    &Apache::lonnet::cstore(\%newrecord,$symb,$ENV{'request.course.id'},
-				    $udom,$user);
+				    $udom,$uname);
+	    $result.=$line;
+	} else {
+	    $noupdate.=$line;
 	}
     }
+    if ($noupdate) {
+	$result .= '<tr bgcolor="#ffffff"><td align="center" colspan="7">No Changes Occured For the Students Below</td></tr>'.$noupdate;
+    }
     $result .= '</table></td></tr></table>'."\n".
 	&show_grading_menu_form ($symb,$url);
     my $msg = '<b>Number of records updated = '.$rec_update.
@@ -2375,7 +2404,7 @@ sub csvuploadassign {
     }
     $request->print('<h3>Assigning Grades</h3>');
     my $courseid=$ENV{'request.course.id'};
-    my ($classlist) = &getclasslist('all','1');
+    my ($classlist) = &getclasslist('all',0);
     my @skipped;
     my $countdone=0;
     foreach my $grade (@gradedata) {
@@ -2407,7 +2436,6 @@ sub csvuploadassign {
 	$request->print('<br /><font size="+1"><b>Skipped Students</b></font><br />');
 	foreach my $student (@skipped) { $request->print("<br />$student"); }
     }
-    $request->print(&view_edit_entire_class_form($symb,$url));
     $request->print(&show_grading_menu_form($symb,$url));
     return '';
 }
@@ -2504,6 +2532,7 @@ LISTJAVASCRIPT
 	'<input type="radio" name="lastSub" value="all" /> all details'."\n";
 
     $result.='<input type="hidden" name="section"     value="'.$getsec.'" />'."\n".
+	'<input type="hidden" name="status"     value="'.$ENV{'form.status'}.'" />'."\n".
 	'<input type="hidden" name="command" value="displayPage" />'."\n".
 	'<input type="hidden" name="url"     value="'.$url.'" />'."\n".
 	'<input type="hidden" name="symb"    value="'.$symb.'" />'."\n".
@@ -2578,15 +2607,14 @@ sub getSymbMap {
 	    my $countProblems = 0;
 	    $mapiterator->next(); # skip the first BEGIN_MAP
 	    my $mapcurRes = $mapiterator->next(); # for "current resource"
-	    my $ctr=0;
-	    while ($mapdepth > 0 && $ctr < 100) {
+	    while ($mapdepth > 0) {
 		if($mapcurRes == $mapiterator->BEGIN_MAP) { $mapdepth++; }
-		if($mapcurRes == $mapiterator->END_MAP) { $mapdepth++; }
+		if($mapcurRes == $mapiterator->END_MAP) { $mapdepth--; }
 
 		if (ref($mapcurRes) && $mapcurRes->is_problem() && !$mapcurRes->randomout) {
 		    $countProblems++;
 		}
-		$ctr++;
+		$mapcurRes = $mapiterator->next();
 	    }
 	    if ($countProblems > 0) {
 		my $title = $curRes->compTitle();
@@ -2612,9 +2640,14 @@ sub displayPage {
     my $cnum      = $ENV{"course.$ENV{'request.course.id'}.num"};
     my $getsec    = $ENV{'form.section'} eq '' ? 'all' : $ENV{'form.section'};
     my $pageTitle = $ENV{'form.page'};
-    my (undef,undef,$fullname) = &getclasslist($getsec,'1');
+    my ($classlist,undef,$fullname) = &getclasslist($getsec,'1');
     my ($uname,$udom) = split(/:/,$ENV{'form.student'});
-
+    my $usec=$classlist->{$ENV{'form.student'}}[5];
+    if (!&canview($usec)) {
+	$request->print('<font color="red">Unable to view requested student.('.$ENV{'form.student'}.')</font>');
+	$request->print(&show_grading_menu_form($symb,$url));
+	return;
+    }
     my $result='<h3><font color="#339933">&nbsp;'.$ENV{'form.title'}.'</font></h3>';
     $result.='<h3>&nbsp;Student: '.$$fullname{$ENV{'form.student'}}.
 	'<font color="#999999"> ('.$uname.($udom eq $cdom ? '':':'.$udom).')</font></h3>'."\n";
@@ -2649,16 +2682,15 @@ sub displayPage {
 	'<td align="center"><b>&nbsp;No&nbsp;</b></td>'.
 	'<td><b>&nbsp;'.($ENV{'form.vProb'} eq 'no' ? 'Title' : 'Problem View').'/Grade</b></td></tr>';
 
-    my ($depth,$ctr,$question) = (1,0,1);
+    my ($depth,$question) = (1,1);
     $iterator->next(); # skip the first BEGIN_MAP
     my $curRes = $iterator->next(); # for "current resource"
-    while ($depth > 0 && $ctr < 100) { # ctr, just in case it never gets out of loop
+    while ($depth > 0) {
         if($curRes == $iterator->BEGIN_MAP) { $depth++; }
-        if($curRes == $iterator->END_MAP) { $depth++; }
+        if($curRes == $iterator->END_MAP) { $depth--; }
 
         if (ref($curRes) && $curRes->is_problem() && !$curRes->randomout) {
 	    my $parts = $curRes->parts();
-	    $parts = &temp_parts_fix($parts); # remove line when lonnavmap is fixed
             my $title = $curRes->compTitle();
 	    my $symbx = $curRes->symb();
 	    $studentTable.='<tr bgcolor="#ffffe6"><td align="center" valign="top" >'.$question.
@@ -2728,19 +2760,21 @@ sub displayPage {
 									'','.submission');
  
 	    }
-
-	    foreach my $partid (@{$parts}) {
-		$studentTable.=&gradeBox($request,$symbx,$uname,$udom,$question,$partid,\%record);
-		$studentTable.='<input type="hidden" name="q_'.$question.'" value="'.$partid.'" />'."\n";
-		$question++;
+	    if (&canmodify($usec)) {
+		foreach my $partid (@{$parts}) {
+		    $studentTable.=&gradeBox($request,$symbx,$uname,$udom,$question,$partid,\%record);
+		    $studentTable.='<input type="hidden" name="q_'.$question.'" value="'.$partid.'" />'."\n";
+		    $question++;
+		}
 	    }
 	    $studentTable.='</td></tr>';
 
-       }
+	}
         $curRes = $iterator->next();
-	$ctr++;
     }
 
+    $navmap->untieHashes();
+
     $studentTable.='</td></tr></table></td></tr></table>'."\n".
 	'&nbsp;&nbsp;<input type="button" value="Save" '.
 	'onClick="javascript:checkSubmitPage(this.form,'.$question.');" TARGET=_self />'.
@@ -2751,18 +2785,6 @@ sub displayPage {
     return '';
 }
 
-sub temp_parts_fix { #remove sub once lonnavmap is fixed
-    my $parts = shift;
-    my %seen = ();
-    my @correctParts = ();
-    foreach (@{$parts}) {
-	next if ($seen{$_} > 0);
-	$seen{$_}++;
-	push @correctParts,$_;
-    }
-    return \@correctParts;
-}
-
 sub updateGradeByPage {
     my ($request) = shift;
 
@@ -2770,9 +2792,14 @@ sub updateGradeByPage {
     my $cnum      = $ENV{"course.$ENV{'request.course.id'}.num"};
     my $getsec    = $ENV{'form.section'} eq '' ? 'all' : $ENV{'form.section'};
     my $pageTitle = $ENV{'form.page'};
-    my (undef,undef,$fullname) = &getclasslist($getsec,'1');
+    my ($classlist,undef,$fullname) = &getclasslist($getsec,'1');
     my ($uname,$udom) = split(/:/,$ENV{'form.student'});
-
+    my $usec=$classlist->{$ENV{'form.student'}}[5];
+    if (!&canmodify($usec)) {
+	$request->print('<font color="red">Unable to modify requested student.('.$ENV{'form.student'}.'</font>');
+	$request->print(&show_grading_menu_form($ENV{'form.symb'},$ENV{'form.url'}));
+	return;
+    }
     my $result='<h3><font color="#339933">&nbsp;'.$ENV{'form.title'}.'</font></h3>';
     $result.='<h3>&nbsp;Student: '.$$fullname{$ENV{'form.student'}}.
 	'<font color="#999999"> ('.$uname.($udom eq $cdom ? '':':'.$udom).')</font></h3>'."\n";
@@ -2796,14 +2823,13 @@ sub updateGradeByPage {
 
     $iterator->next(); # skip the first BEGIN_MAP
     my $curRes = $iterator->next(); # for "current resource"
-    my ($depth,$ctr,$question,$changeflag)= (1,0,1,0);
-    while ($depth > 0 && $ctr < 100) { # ctr, just in case it never gets out of loop
+    my ($depth,$question,$changeflag)= (1,1,0);
+    while ($depth > 0) {
         if($curRes == $iterator->BEGIN_MAP) { $depth++; }
-        if($curRes == $iterator->END_MAP) { $depth++; }
+        if($curRes == $iterator->END_MAP) { $depth--; }
 
         if (ref($curRes) && $curRes->is_problem() && !$curRes->randomout) {
 	    my $parts = $curRes->parts();
-	    $parts = &temp_parts_fix($parts); # remove line when lonnavmap is fixed
             my $title = $curRes->compTitle();
 	    my $symbx = $curRes->symb();
 	    $studentTable.='<tr bgcolor="#ffffe6"><td align="center" valign="top" >'.$question.
@@ -2860,9 +2886,10 @@ sub updateGradeByPage {
 
 	}
         $curRes = $iterator->next();
-	$ctr++;
     }
 
+    $navmap->untieHashes();
+
     $studentTable.='</td></tr></table></td></tr></table>';
     $studentTable.=&show_grading_menu_form($ENV{'form.symb'},$ENV{'form.url'});
     my $grademsg=($changeflag == 0 ? 'No score was changed or updated.' :
@@ -3390,7 +3417,8 @@ GRADINGMENUJS
 
 sub handler {
     my $request=$_[0];
-    
+
+    undef(%perm);
     if ($ENV{'browser.mathml'}) {
 	$request->content_type('text/xml');
     } else {
@@ -3419,15 +3447,14 @@ sub handler {
 		if ($tsymb) {
 		    my ($map,$id,$url)=split(/\_\_\_/,$tsymb);
 		    if (&Apache::lonnet::allowed('mgr',$tcrsid)) {
-			$request->print(
-					&Apache::lonnet::ssi('/res/'.$url,
-							     ('grade_username' => $tuname,
-							      'grade_domain' => $tudom,
-							      'grade_courseid' => $tcrsid,
-							      'grade_symb' => $tsymb)));
+			$request->print(&Apache::lonnet::ssi_body('/res/'.$url,
+					  ('grade_username' => $tuname,
+					   'grade_domain' => $tudom,
+					   'grade_courseid' => $tcrsid,
+					   'grade_symb' => $tsymb)));
 		    } else {
 			$request->print('<h3>Not authorized: '.$token.'</h3>');
-		    }           
+		    }
 		} else {
 		    $request->print('<h3>Not a valid DocID: '.$token.'</h3>');
 		}
@@ -3436,12 +3463,28 @@ sub handler {
 	    }
 	}
     } else {
-	$Apache::grades::viewgrades=&Apache::lonnet::allowed('vgr',$ENV{'request.course.id'});
+	if (!($perm{'vgr'}=&Apache::lonnet::allowed('vgr',$ENV{'request.course.id'}))) {
+	    if ($perm{'vgr'}=&Apache::lonnet::allowed('vgr',$ENV{'request.course.id'}.'/'.$ENV{'request.course.sec'})) {
+		$perm{'vgr_section'}=$ENV{'request.course.sec'};
+	    } else {
+		delete($perm{'vgr'});
+	    }
+	}
+	if (!($perm{'mgr'}=&Apache::lonnet::allowed('mgr',$ENV{'request.course.id'}))) {
+	    if ($perm{'mgr'}=&Apache::lonnet::allowed('mgr',$ENV{'request.course.id'}.'/'.$ENV{'request.course.sec'})) {
+		$perm{'mgr_section'}=$ENV{'request.course.sec'};
+	    } else {
+		delete($perm{'mgr'});
+	    }
+	}
+#	$Apache::lonxml::debug=1;
+#	&Apache::lonxml::debug("command is $command");
+
 	if ($command eq 'submission') {
 	    ($ENV{'form.student'} eq '' ? &listStudents($request) : &submission($request,0,0));
-	} elsif ($command eq 'pickStudentPage') {
+	} elsif ($command eq 'pickStudentPage' && $perm{'vgr'}) {
 	    &pickStudentPage($request);
-	} elsif ($command eq 'displayPage') {
+	} elsif ($command eq 'displayPage' && $perm{'vgr'}) {
 	    &displayPage($request);
 	} elsif ($command eq 'gradeByPage') {
 	    &updateGradeByPage($request);