--- loncom/interface/loncreateuser.pm	2007/12/05 17:31:28	1.200
+++ loncom/interface/loncreateuser.pm	2007/12/21 12:41:25	1.213
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Create a user
 #
-# $Id: loncreateuser.pm,v 1.200 2007/12/05 17:31:28 raeburn Exp $
+# $Id: loncreateuser.pm,v 1.213 2007/12/21 12:41:25 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -76,7 +76,7 @@ my $authformfsys;
 my $authformloc;
 
 sub initialize_authen_forms {
-    my ($dom,$curr_authtype) = @_; 
+    my ($dom,$curr_authtype,$mode) = @_; 
     my ($krbdefdom)=( $ENV{'SERVER_NAME'}=~/(\w+\.\w+)$/);
     $krbdefdom= uc($krbdefdom);
     my %param = ( formname => 'document.cu',
@@ -91,6 +91,9 @@ sub initialize_authen_forms {
         if ($long_auth =~ /^krb(4|5)$/) {
             $param{'curr_kerb_ver'} = $1;
         }
+        if ($mode eq 'modifyuser') {
+            $param{'mode'} = $mode;
+        }
     }
 # no longer static due to configurable kerberos defaults
 #    $loginscript  = &Apache::loncommon::authform_header(%param);
@@ -112,15 +115,6 @@ sub auth_abbrev {
     return %abv_auth;
 }
 
-# ==================================================== Figure out author access
-
-sub authorpriv {
-    my ($auname,$audom)=@_;
-    unless ((&Apache::lonnet::allowed('cca',$audom.'/'.$auname))
-         || (&Apache::lonnet::allowed('caa',$audom.'/'.$auname))) { return ''; }
-    return 1;
-}
-
 # ====================================================
 
 sub portfolio_quota {
@@ -206,12 +200,14 @@ END_SCRIPT
 # =================================================================== Phase one
 
 sub print_username_entry_form {
-    my ($r,$response,$srch,$forcenewuser) = @_;
+    my ($r,$context,$response,$srch,$forcenewuser) = @_;
     my $defdom=$env{'request.role.domain'};
     my $formtoset = 'crtuser';
     if (exists($env{'form.startrolename'})) {
         $formtoset = 'docustom';
         $env{'form.rolename'} = $env{'form.startrolename'};
+    } elsif ($env{'form.origform'} eq 'crtusername') {
+        $formtoset =  $env{'form.origform'};
     }
 
     my ($jsback,$elements) = &crumb_utilities();
@@ -249,10 +245,11 @@ sub print_username_entry_form {
                     'ecrp' => "Edit Custom Role Privileges",
                     'nr'   => "Name of Role",
                     'cre'  => "Custom Role Editor",
-                    'mod'  => "to add/modify roles",
+                    'mod'  => "to edit user information or add/modify roles",
 				       );
     my $help = &Apache::loncommon::help_open_menu(undef,undef,282,'Instructor Interface');
     my $helpsiur=&Apache::loncommon::help_open_topic('Course_Change_Privileges');
+    my $helpsist=&Apache::loncommon::help_open_topic('Course_Add_Student');
     my $helpecpr=&Apache::loncommon::help_open_topic('Course_Editing_Custom_Roles');
     my $sellink=&Apache::loncommon::selectstudent_link('crtuser','srchterm','srchdomain');
     if ($sellink) {
@@ -263,7 +260,7 @@ sub print_username_entry_form {
         $r->print("
 <h3>$lt{'srch'} $sellink $lt{'mod'}$helpsiur</h3>
 $response");
-        $r->print(&entry_form($defdom,$srch,$forcenewuser));
+        $r->print(&entry_form($defdom,$srch,$forcenewuser,$context));
     } elsif ($env{'form.action'} eq 'custom') {
         if (&Apache::lonnet::allowed('mcr','/')) {
             $r->print(<<ENDCUSTOM);
@@ -276,24 +273,71 @@ $lt{'nr'}: $choice <input type="text" si
 </form>
 ENDCUSTOM
         }
+    } else {
+        my $actiontext = $lt{'mod'}.$helpsiur;
+        if ($env{'form.action'} eq 'singlestudent') {
+            $actiontext = $lt{'enrl'}.$helpsist;
+        }
+        $r->print("
+<h3>$lt{'srch'} $sellink $actiontext</h3>");
+        if ($env{'form.origform'} ne 'crtusername') {
+            $r->print("\n".$response);
+        }
+        $r->print(&entry_form($defdom,$srch,$forcenewuser,$context,$response));
     }
     $r->print(&Apache::loncommon::end_page());
 }
 
 sub entry_form {
-    my ($dom,$srch,$forcenewuser) = @_;
+    my ($dom,$srch,$forcenewuser,$context) = @_;
+    my %domconf = &Apache::lonnet::get_dom('configuration',['usercreation'],$dom);
+    my $cancreate = &Apache::lonuserutils::can_create_user($dom,$context);
+    if (!$cancreate) {
+        $forcenewuser = '';
+    }
     my $userpicker = 
        &Apache::loncommon::user_picker($dom,$srch,$forcenewuser,
                                        'document.crtuser');
     my $srchbutton = &mt('Search');
-    my $output = <<"ENDDOCUMENT";
+    my $output = <<"ENDBLOCK";
 <form action="/adm/createuser" method="post" name="crtuser">
 <input type="hidden" name="action" value="$env{'form.action'}" />
 <input type="hidden" name="phase" value="get_user_info" />
 $userpicker
 <input name="userrole" type="button" value="$srchbutton" onclick="javascript:validateEntry(document.crtuser)" />
 </form>
+ENDBLOCK
+    if ($cancreate && $env{'form.phase'} eq '') {
+        my $defdom=$env{'request.role.domain'};
+        my $domform = &Apache::loncommon::select_dom_form($defdom,'srchdomain');
+        my $helpcrt=&Apache::loncommon::help_open_topic('Course_Change_Privileges');
+        my %lt=&Apache::lonlocal::texthash(
+                  'crnu' => 'Create a new user',
+                  'usr'  => 'Username',
+                  'dom'  => 'in domain',
+                  'cra'  => 'Create user',
+        );
+        $output .= <<"ENDDOCUMENT";
+<form action="/adm/createuser" method="post" name="crtusername">
+<input type="hidden" name="action" value="$env{'form.action'}" />
+<input type="hidden" name="phase" value="createnewuser" />
+<input type="hidden" name="srchtype" value="exact" />
+<input type="hidden" name="srchby" value="username" />
+<input type="hidden" name="srchin" value="dom" />
+<input type="hidden" name="forcenewuser" value="1" />
+<input type="hidden" name="origform" value="crtusername" />
+<h3>$lt{crnu}$helpcrt</h3>
+<table>
+ <tr>
+  <td>$lt{'usr'}:</td>
+  <td><input type="text" size="15" name="srchterm" /></td>
+  <td>&nbsp;$lt{'dom'}:</td><td>$domform</td>
+  <td>&nbsp;<input name="userrole" type="submit" value="$lt{'cra'}" /></td>
+ </tr>
+</table>
+</form>
 ENDDOCUMENT
+    }
     return $output;
 }
 
@@ -326,7 +370,7 @@ END
 
 # =================================================================== Phase two
 sub print_user_selection_page {
-    my ($r,$response,$srch,$srch_results,$operation,$srcharray) = @_;
+    my ($r,$response,$srch,$srch_results,$operation,$srcharray,$context) = @_;
     my @fields = ('username','domain','lastname','firstname','permanentemail');
     my $sortby = $env{'form.sortby'};
 
@@ -371,7 +415,7 @@ ENDSCRIPT
               faq=>282,bug=>'Instructor Interface',});
         $r->print(&Apache::lonhtmlcommon::breadcrumbs('User Management'));
         $r->print("<b>$lt{'usrch'}</b><br />");
-        $r->print(&entry_form($srch->{'srchdomain'},$srch));
+        $r->print(&entry_form($srch->{'srchdomain'},$srch,undef,$context));
         $r->print('<h3>'.$lt{'usel'}.'</h3>');
     } else {
         $r->print($jscript."<b>$lt{'stusrch'}</b><br />");
@@ -443,9 +487,17 @@ sub print_user_modification_page {
     my ($r,$ccuname,$ccdomain,$srch,$response,$context) = @_;
     if (($ccuname eq '') || ($ccdomain eq '')) {
         my $usermsg = &mt('No username and/or domain provided.'); 
-	&print_username_entry_form($r,$usermsg);
+	&print_username_entry_form($r,$context,$usermsg);
         return;
     }
+    my ($form,$formname);
+    if ($env{'form.action'} eq 'singlestudent') {
+        $form = 'document.enrollstudent';
+        $formname = 'enrollstudent';
+    } else {
+        $form = 'document.cu';
+        $formname = 'cu';
+    }
     my %abv_auth = &auth_abbrev();
     my ($curr_authtype,%rulematch,%inst_results,$curr_kerb_ver,$newuser,
         %alerts,%curr_rules,%got_rules);
@@ -471,7 +523,7 @@ sub print_user_modification_page {
                             $domdesc,$curr_rules{$ccdomain}{'username'},
                             'username');
                     }
-                    &print_username_entry_form($r,$userchkmsg);
+                    &print_username_entry_form($r,$context,$userchkmsg);
                     return;
                 } 
             }
@@ -627,7 +679,7 @@ sub print_user_modification_page {
     }
 ENDSCRIPT
     } else {
-        $nondc_setsection_code =
+        $nondc_setsection_code = 
             &Apache::lonuserutils::setsections_javascript('cu',$groupslist);
     }
     my $js = &user_modification_js($pjump_def,$dc_setcourse_code,
@@ -689,6 +741,7 @@ ENDFORMINFO
         &initialize_authen_forms($ccdomain);
         my %lt=&Apache::lonlocal::texthash(
                 'cnu'            => 'Create New User',
+                'ast'            => 'as a student',
                 'ind'            => 'in domain',
                 'lg'             => 'Login Data',
                 'hs'             => "Home Server",
@@ -704,9 +757,14 @@ $loginscript
 <input type='hidden' name='makeuser' value='1' />
 <h2>$lt{'cnu'} "$ccuname" $lt{'ind'} $ccdomain</h2>
 ENDTITLE
-        $r->print('<div class="LC_left_float">'.
-                  &personal_data_display($ccuname,$ccdomain,$newuser,
-                                         %inst_results));
+        if ($env{'form.action'} eq 'singlestudent') {
+            $r->print(' ('.$lt{'ast'}.')');
+        }
+        $r->print('</h2>'."\n".'<div class="LC_left_float">');
+        my $personal_table = 
+            &personal_data_display($ccuname,$ccdomain,$newuser,$context,
+                                   $inst_results{$ccuname.':'.$ccdomain});
+        $r->print($personal_table);
         my ($home_server_pick,$numlib) = 
             &Apache::loncommon::home_server_form_item($ccdomain,'hserver',
                                                       'default','hide');
@@ -768,26 +826,32 @@ ENDAUTH
         } else {
             $r->print(&Apache::lonuserutils::set_login($ccdomain,$authformkrb,$authformint,$authformloc)); 
         }
-        $r->print(<<ENDPORT);
-        $portfolioform
-</div><div class="LC_clear_float_footer"></div>
-ENDPORT
-    } else { # user already exists
+        $r->print('</h2>'."\n".'<div class="LC_left_float">');
+    } else { # user already exist-
 	my %lt=&Apache::lonlocal::texthash(
                     'cup'  => "Modify existing user: ",
+                    'ens'  => "Enroll one student: ",
                     'id'   => "in domain",
 				       );
 	$r->print(<<ENDCHANGEUSER);
 $start_page
 $crumbs
 $forminfo
-<h2>$lt{'cup'} "$ccuname" $lt{'id'} "$ccdomain"</h2>
+<h2>
 ENDCHANGEUSER
-        $r->print('<div class="LC_left_float">'.
-                  &personal_data_display($ccuname,$ccdomain,$newuser,
-                                         %inst_results));
-        if ($context eq 'domain') {
-            $r->print(&Apache::lonuserutils::forceid_change());
+        if ($env{'form.action'} eq 'singlestudent') {
+            $r->print($lt{'ens'});
+        } else {
+            $r->print($lt{'cup'});
+        }
+        $r->print(' "'.$ccuname.'" '.$lt{'id'}.' "'.$ccdomain.'"</h2>'.
+                  "\n".'<div class="LC_left_float">');
+        my ($personal_table,$showforceid) = 
+            &personal_data_display($ccuname,$ccdomain,$newuser,$context,
+                                   $inst_results{$ccuname.':'.$ccdomain});
+        $r->print($personal_table);
+        if ($showforceid) {
+            $r->print(&Apache::lonuserutils::forceid_change($context));
         }
         $r->print('</div>');
         my $user_auth_text = 
@@ -816,12 +880,21 @@ ENDNOPORTPRIV
             if ($user_quota_text ne '') {
                 $r->print($user_quota_text);
             }
-            $r->print('</div>');
-
+            if ($env{'form.action'} eq 'singlestudent') {
+                $r->print(&date_sections_select($context,$newuser,$formname));
+            }
         } elsif ($user_quota_text ne '') {
-            $r->print('<div class="LC_left_float">'.$user_quota_text.'</div>');
+            $r->print('<div class="LC_left_float">'.$user_quota_text);
+            if ($env{'form.action'} eq 'singlestudent') {
+                $r->print(&date_sections_select($context,$newuser,$formname));
+            }
+        } else {
+            if ($env{'form.action'} eq 'singlestudent') {
+                $r->print('<div class="LC_left_float">'.
+                          &date_sections_select($context,$newuser,$formname));
+            }
         }
-        $r->print('<div class="LC_clear_float_footer"></div>');
+        $r->print('</div><div class="LC_clear_float_footer"></div>');
         my %rolesdump=&Apache::lonnet::dump('roles',$ccdomain,$ccuname);
         # Build up table of user roles to allow revocation of a role.
         my ($tmp) = keys(%rolesdump);
@@ -925,7 +998,7 @@ ENDNOPORTPRIV
                }
                if (($role_code eq 'ca') || ($role_code eq 'aa')) {
                    $area=~m{/($match_domain)/($match_username)};
-		   if (&authorpriv($2,$1)) {
+		   if (&Apache::lonuserutils::authorpriv($2,$1)) {
 		       $allowed=1;
                    } else {
                        $allowed=0;
@@ -1018,7 +1091,8 @@ ENDNOPORTPRIV
 #
 # Co-Author
 # 
-    if (&authorpriv($env{'user.name'},$env{'request.role.domain'}) &&
+    if (&Apache::lonuserutils::authorpriv($env{'user.name'},
+                                          $env{'request.role.domain'}) &&
         ($env{'user.name'} ne $ccuname || $env{'user.domain'} ne $ccdomain)) {
         # No sense in assigning co-author role to yourself
         $addrolesdisplay = 1;
@@ -1069,7 +1143,8 @@ ENDNOPORTPRIV
          &Apache::loncommon::end_data_table_row()."\n".
          &Apache::loncommon::end_data_table());
     } elsif ($env{'request.role'} =~ /^au\./) {
-        if (!(&authorpriv($env{'user.name'},$env{'request.role.domain'}))) {
+        if (!(&Apache::lonuserutils::authorpriv($env{'user.name'},
+                                                $env{'request.role.domain'}))) {
             $r->print('<span class="LC_error">'.
                       &mt('You do not have privileges to assign co-author roles.').
                       '</span>');
@@ -1148,6 +1223,35 @@ ENDNOPORTPRIV
     $r->print("</form>".&Apache::loncommon::end_page());
 }
 
+sub singleuser_breadcrumb {
+    my %breadcrumb_text;
+    if ($env{'form.action'} eq 'singlestudent') {
+        $breadcrumb_text{'search'} = 'Enroll a student';
+        $breadcrumb_text{'userpicked'} = 'Select a user',
+        $breadcrumb_text{'modify'} = 'Set section/dates',
+    } else {
+        $breadcrumb_text{'search'} = 'Create/modify user';
+        $breadcrumb_text{'userpicked'} = 'Select a user',
+        $breadcrumb_text{'modify'} = 'Set user role',
+    }
+    return %breadcrumb_text;
+}
+
+sub date_sections_select {
+    my ($context,$newuser,$formname,$permission) = @_;
+    my $cid = $env{'request.course.id'};
+    my ($cnum,$cdom) = &Apache::lonuserutils::get_course_identity($cid);
+    my $date_table = '<h3>'.&mt('Starting and Ending Dates').'</h3>'."\n".
+        &Apache::lonuserutils::date_setting_table(undef,undef,$context,
+                                                  undef,$formname,$permission);
+    my $rowtitle = 'Section';
+    my $secbox = '<h3>'.&mt('Section').'</h3>'."\n".
+        &Apache::lonuserutils::section_picker($cdom,$cnum,'st',$rowtitle,
+                                              $permission);
+    my $output = $date_table.$secbox;
+    return $output;
+}
+
 sub user_authentication {
     my ($ccuname,$ccdomain,$krbdefdom,$abv_auth) = @_;
     my $currentauth=&Apache::lonnet::queryauthenticate($ccuname,$ccdomain);
@@ -1197,12 +1301,8 @@ $lt{'uuas'} ($currentauth). $lt{'adcs'}.
 ENDBADAUTH
         }
     } else { # Authentication type is valid
-        &initialize_authen_forms($ccdomain,$currentauth);
-        my $authformnop_row;
-        if (&Apache::lonnet::allowed('mau',$ccdomain)) {
-            $authformnop_row = &Apache::loncommon::start_data_table_row();
-        }
-        my ($authformcurrent,$authform_other,$can_modify) =
+        &initialize_authen_forms($ccdomain,$currentauth,'modifyuser');
+        my ($authformcurrent,$can_modify,@authform_others) =
             &modify_login_block($ccdomain,$currentauth);
         if (&Apache::lonnet::allowed('mau',$ccdomain)) {
             # Current user has login modification privileges
@@ -1217,7 +1317,7 @@ ENDBADAUTH
                        '</script>'."\n".
                        '<h3>'.$lt{'ld'}.'</h3>'.
                        &Apache::loncommon::start_data_table().
-                       $authformnop_row.
+                       &Apache::loncommon::start_data_table_row().
                        '<td>'.$authformnop;
             if ($can_modify) {
                 $outcome .= '</td>'."\n".
@@ -1229,11 +1329,12 @@ ENDBADAUTH
                 $outcome .= '&nbsp;('.$authformcurrent.')</td>'.
                             &Apache::loncommon::end_data_table_row()."\n";
             }
-            if ($authform_other ne '') {
-                $outcome .= $authform_other;
+            foreach my $item (@authform_others) { 
+                $outcome .= &Apache::loncommon::start_data_table_row().
+                            '<td>'.$item.'</td>'.
+                            &Apache::loncommon::end_data_table_row()."\n";
             }
-            $outcome .= &Apache::loncommon::end_data_table_row().
-                        &Apache::loncommon::end_data_table();
+            $outcome .= &Apache::loncommon::end_data_table();
         } else {
             if (&Apache::lonnet::allowed('mau',$env{'request.role.domain'})) {
                 my %lt=&Apache::lonlocal::texthash(
@@ -1256,18 +1357,14 @@ sub modify_login_block {
     my %domconfig = &Apache::lonnet::get_dom('configuration',['usercreation'],$dom);
     my ($authnum,%can_assign) =
         &Apache::loncommon::get_assignable_auth($dom);
-    my ($authformcurrent,$authform_other,$show_override_msg);
+    my ($authformcurrent,@authform_others,$show_override_msg);
     if ($currentauth=~/^krb(4|5):/) {
         $authformcurrent=$authformkrb;
         if ($can_assign{'int'}) {
-            $authform_other = &Apache::loncommon::start_data_table_row().
-                              '<td>'.$authformint.'</td>'.
-                              &Apache::loncommon::end_data_table_row()."\n"
+            push(@authform_others,$authformint);
         }
         if ($can_assign{'loc'}) {
-            $authform_other .= &Apache::loncommon::start_data_table_row().
-                               '<td>'.$authformloc.'</td>'.
-                               &Apache::loncommon::end_data_table_row()."\n";
+            push(@authform_others,$authformloc);
         }
         if (($can_assign{'krb4'}) || ($can_assign{'krb5'})) {
             $show_override_msg = 1;
@@ -1275,14 +1372,10 @@ sub modify_login_block {
     } elsif ($currentauth=~/^internal:/) {
         $authformcurrent=$authformint;
         if (($can_assign{'krb4'}) || ($can_assign{'krb5'})) {
-            $authform_other = &Apache::loncommon::start_data_table_row().
-                              '<td>'.$authformkrb.'</td>'.
-                              &Apache::loncommon::end_data_table_row()."\n";
+            push(@authform_others,$authformkrb);
         }
         if ($can_assign{'loc'}) {
-            $authform_other .= &Apache::loncommon::start_data_table_row().
-                               '<td>'.$authformloc.'</td>'.
-                               &Apache::loncommon::end_data_table_row()."\n";
+            push(@authform_others,$authformloc);
         }
         if ($can_assign{'int'}) {
             $show_override_msg = 1;
@@ -1290,19 +1383,13 @@ sub modify_login_block {
     } elsif ($currentauth=~/^unix:/) {
         $authformcurrent=$authformfsys;
         if (($can_assign{'krb4'}) || ($can_assign{'krb5'})) {
-            $authform_other = &Apache::loncommon::start_data_table_row().
-                              '<td>'.$authformkrb.'</td>'.
-                              &Apache::loncommon::end_data_table_row()."\n";
+            push(@authform_others,$authformkrb);
         }
         if ($can_assign{'int'}) {
-            $authform_other .= &Apache::loncommon::start_data_table_row().
-                               '<td>'.$authformint.'</td>'.
-                               &Apache::loncommon::end_data_table_row()."\n"
+            push(@authform_others,$authformint);
         }
         if ($can_assign{'loc'}) {
-            $authform_other .= &Apache::loncommon::start_data_table_row().
-                               '<td>'.$authformloc.'</td>'.
-                               &Apache::loncommon::end_data_table_row()."\n";
+            push(@authform_others,$authformloc);
         }
         if ($can_assign{'fsys'}) {
             $show_override_msg = 1;
@@ -1310,35 +1397,38 @@ sub modify_login_block {
     } elsif ($currentauth=~/^localauth:/) {
         $authformcurrent=$authformloc;
         if (($can_assign{'krb4'}) || ($can_assign{'krb5'})) {
-            $authform_other = &Apache::loncommon::start_data_table_row().
-                              '<td>'.$authformkrb.'</td>'.
-                              &Apache::loncommon::end_data_table_row()."\n";
+            push(@authform_others,$authformkrb);
         }
         if ($can_assign{'int'}) {
-            $authform_other .= &Apache::loncommon::start_data_table_row().
-                               '<td>'.$authformint.'</td>'.
-                               &Apache::loncommon::end_data_table_row()."\n"
+            push(@authform_others,$authformint);
         }
         if ($can_assign{'loc'}) {
             $show_override_msg = 1;
         }
     }
     if ($show_override_msg) {
-        $authformcurrent.= ' <span class="LC_cusr_emph">'.
+        $authformcurrent = '<table><tr><td colspan="3">'.$authformcurrent.
+                           '</td></tr>'."\n".
+                           '<tr><td>&nbsp;&nbsp;&nbsp;</td>'.
+                           '<td><b>'.&mt('Currently in use').'</b></td>'.
+                           '<td align="right"><span class="LC_cusr_emph">'.
                             &mt('will override current values').
-                            '</span><br />';
+                            '</span></td></tr></table>';
     }
-    return ($authformcurrent,$authform_other,$show_override_msg); 
+    return ($authformcurrent,$show_override_msg,@authform_others); 
 }
 
 sub personal_data_display {
-    my ($ccuname,$ccdomain,$newuser,%inst_results) = @_; 
-    my ($output,%userenv);
+    my ($ccuname,$ccdomain,$newuser,$context,$inst_results) = @_;
+    my ($output,$showforceid,%userenv,%domconfig);
     if (!$newuser) {
         # Get the users information
         %userenv = &Apache::lonnet::get('environment',
                    ['firstname','middlename','lastname','generation',
                     'permanentemail','id'],$ccdomain,$ccuname);
+        %domconfig =
+            &Apache::lonnet::get_dom('configuration',['usermodification'],
+                                     $ccdomain);
     }
     my %lt=&Apache::lonlocal::texthash(
                 'pd'             => "Personal Data",
@@ -1370,27 +1460,57 @@ sub personal_data_display {
         }
         $output .= &Apache::lonhtmlcommon::row_title($rowtitle,undef,'LC_oddrow_value')."\n";
         if ($newuser) {
-            if ($inst_results{$item} ne '') {
-                $output .= '<input type="hidden" name="c'.$item.'" value="'.$inst_results{$item}.'" />'.$inst_results{$item};
+            if (ref($inst_results) eq 'HASH') {
+                if ($inst_results->{$item} ne '') {
+                    $output .= '<input type="hidden" name="c'.$item.'" value="'.$inst_results->{$item}.'" />'.$inst_results->{$item};
+                } else {
+                    $output .= '<input type="text" name="c'.$item.'" size="'.$textboxsize{$item}.'" value="" />';
+                }
             } else {
                 $output .= '<input type="text" name="c'.$item.'" size="'.$textboxsize{$item}.'" value="" />';
             }
         } else {
+            my $canmodify = 0;
             if (&Apache::lonnet::allowed('mau',$ccdomain)) {
+                $canmodify = 1;
+            } else {
+                if (ref($domconfig{'usermodification'}) eq 'HASH') {
+                    if (ref($domconfig{'usermodification'}{$context}) eq 'HASH') {
+                        foreach my $key (keys(%{$domconfig{'usermodification'}{$context}})) {
+                            if (ref($domconfig{'usermodification'}{$context}{$key}) eq 'HASH') {
+                                if ($domconfig{'usermodification'}{$context}{$key}{$item}) { 
+                                    $canmodify = 1;
+                                    last;
+                                }
+                            }
+                        }
+                    }
+                } elsif ($context eq 'course') {
+                    $canmodify = 1;
+                }
+            }
+            if ($canmodify) {
                 $output .= '<input type="text" name="c'.$item.'" size="'.$textboxsize{$item}.'" value="'.$userenv{$item}.'" />';
             } else {
                 $output .= $userenv{$item};
             }
+            if ($item eq 'id') {
+                $showforceid = $canmodify; 
+            } 
         }
         $output .= &Apache::lonhtmlcommon::row_closure(1);
     }
     $output .= &Apache::lonhtmlcommon::end_pick_box();
-    return $output;
+    if (wantarray) {
+        return ($output,$showforceid);
+    } else {
+        return $output;
+    }
 }
 
 # ================================================================= Phase Three
 sub update_user_data {
-    my ($r) = @_; 
+    my ($r,$context) = @_; 
     my $uhome=&Apache::lonnet::homeserver($env{'form.ccuname'},
                                           $env{'form.ccdomain'});
     # Error messages
@@ -1405,20 +1525,20 @@ sub update_user_data {
     } else {
         $title='Modify User Privileges';
     }
-
+    my $newuser = 0;
     my ($jsback,$elements) = &crumb_utilities();
     my $jscript = '<script type="text/javascript">'."\n".
                   $jsback."\n".'</script>'."\n";
-
+    my %breadcrumb_text = &singleuser_breadcrumb();
     $r->print(&Apache::loncommon::start_page($title,$jscript));
     &Apache::lonhtmlcommon::add_breadcrumb
        ({href=>"javascript:backPage(document.userupdate)",
-         text=>"Create/modify user",
+         text=>$breadcrumb_text{'search'},
          faq=>282,bug=>'Instructor Interface',});
     if ($env{'form.prevphase'} eq 'userpicked') {
         &Apache::lonhtmlcommon::add_breadcrumb
            ({href=>"javascript:backPage(document.userupdate,'get_user_info','select')",
-             text=>"Select a user",
+             text=>$breadcrumb_text{'userpicked'},
              faq=>282,bug=>'Instructor Interface',});
     }
     &Apache::lonhtmlcommon::add_breadcrumb
@@ -1578,6 +1698,10 @@ sub update_user_data {
 	}
     }
     ##
+    my (@userroles,%userupdate,$cnum,$cdom,$namechanged);
+    if ($context eq 'course') {
+        ($cnum,$cdom) = &Apache::lonuserutils::get_course_identity();
+    }
     if (! $env{'form.makeuser'} ) {
         # Check for need to change
         my %userenv = &Apache::lonnet::get
@@ -1588,20 +1712,132 @@ sub update_user_data {
         if ($tmp =~ /^(con_lost|error)/i) { 
             %userenv = ();
         }
-        # Check to see if we need to change user information
+        my $no_forceid_alert;
+        # Check to see if user information can be changed
+        my %domconfig =
+            &Apache::lonnet::get_dom('configuration',['usermodification'],
+                                     $env{'form.ccdomain'});
+        my @statuses = ('active','future');
+        my %roles = &Apache::lonnet::get_my_roles($env{'form.ccuname'},$env{'form.ccdomain'},'userroles',\@statuses,undef,$env{'request.role.domain'});
+        my ($auname,$audom);
+        if ($context eq 'course') {
+            $cnum = $env{'course.'.$env{'request.course.id'}.'.num'};
+            $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'};
+            if ($cnum eq '' || $cdom eq '') {
+                my $cid = $env{'request.course.id'};
+                my %coursehash =
+                     &Apache::lonnet::coursedescription($cid,{'one_time' => 1});
+                $cdom = $coursehash{'domain'};
+                $cnum = $coursehash{'num'};
+            } 
+        } elsif ($context eq 'author') {
+            $auname = $env{'user.name'};
+            $audom = $env{'user.domain'};     
+        }
+        foreach my $item (keys(%roles)) {
+            my ($rolenum,$roledom,$role) = split(/:/,$item);
+            if ($context eq 'course') {
+                if ($cnum ne '' && $cdom ne '') {
+                    if ($rolenum eq $cnum && $roledom eq $cdom) {
+                        if (!grep(/^\Q$role\E$/,@userroles)) {
+                            push(@userroles,$role);
+                        }
+                    }
+                }
+            } elsif ($context eq 'author') {
+                if ($rolenum eq $auname && $roledom eq $audom) {
+                    if (!grep(/^\Q$role\E$/,@userroles)) { 
+                        push(@userroles,$role);
+                    }
+                }
+            }
+        }
+        # Check for course or co-author roles being activated or re-enabled
+        if ($context eq 'author' || $context eq 'course') {
+            foreach my $key (keys(%env)) {
+                if ($context eq 'author') {
+                    if ($key=~/^form\.act_\Q$audom\E_\Q$auname\E_([^_]+)/) {
+                        if (!grep(/^\Q$1\E$/,@userroles)) {
+                            push(@userroles,$1);
+                        }
+                    } elsif ($key =~/^form\.ren\:\Q$audom\E\/\Q$auname\E_([^_]+)/) {
+                        if (!grep(/^\Q$1\E$/,@userroles)) {
+                            push(@userroles,$1);
+                        }
+                    }
+                } elsif ($context eq 'course') {
+                    if ($key=~/^form\.act_\Q$cdom\E_\Q$cnum\E_([^_]+)/) {
+                        if (!grep(/^\Q$1\E$/,@userroles)) {
+                            push(@userroles,$1);
+                        }
+                    } elsif ($key =~/^form\.ren\:\Q$cdom\E\/\Q$cnum\E(\/?\w*)_([^_]+)/) {
+                        if (!grep(/^\Q$1\E$/,@userroles)) {
+                            push(@userroles,$1);
+                        }
+                    }
+                }
+            }
+        }
+        #Check to see if we can change personal data for the user 
+        my (@mod_disallowed,@longroles);
+        foreach my $role (@userroles) {
+            if ($role eq 'cr') {
+                push(@longroles,'Custom');
+            } else {
+                push(@longroles,&Apache::lonnet::plaintext($role)); 
+            }
+        }
         foreach my $item ('firstname','middlename','lastname','generation','permanentemail','id') {
+            my $canmodify = 0;
+            if (&Apache::lonnet::allowed('mau',$env{'form.ccdomain'})) {
+                $canmodify = 1;
+            } else {
+                if ($context eq 'course' || $context eq 'author') {
+                    if (ref($domconfig{'usermodification'}) eq 'HASH') {
+                        if (ref($domconfig{'usermodification'}{$context}) eq 'HASH') {
+                            foreach my $role (@userroles) {
+                                if (ref($domconfig{'usermodification'}{$context}{$role}) eq 'HASH') {
+                                    if ($domconfig{'usermodification'}{$context}{$role}{$item}) {
+                                        $canmodify = 1;
+                                        last;
+                                    }
+                                }
+                            }
+                        }
+                    }
+                } elsif ($context eq 'course') {
+                    if (grep(/^st$/,@userroles)) {
+                        $canmodify = 1;
+                    }
+                }
+            }
             # Strip leading and trailing whitespace
-            $env{'form.c'.$item} =~ s/(\s+$|^\s+)//g; 
+            $env{'form.c'.$item} =~ s/(\s+$|^\s+)//g;
+            if (!$canmodify) {
+                if (defined($env{'form.c'.$item})) {
+                    if ($env{'form.c'.$item} ne $userenv{$item}) {
+                        push(@mod_disallowed,$item);
+                    }
+                }
+                $env{'form.c'.$item} = $userenv{$item};
+            }
         }
         # Check to see if we can change the ID/student number
         my $forceid = $env{'form.forceid'};
         my $recurseid = $env{'form.recurseid'};
         my $newuser = 0;
-        my $disallowed_id = 0;
         my (%alerts,%rulematch,%idinst_results,%curr_rules,%got_rules);
-        if (!$forceid) {
-            $env{'form.cid'} = $userenv{'id'};
-        } elsif ($env{'form.cid'} ne $userenv{'id'}) {
+        my %uidhash = &Apache::lonnet::idrget($env{'form.ccdomain'},
+                                            $env{'form.ccuname'});
+        if (($uidhash{$env{'form.ccuname'}}) && 
+            ($uidhash{$env{'form.ccuname'}}!~/error\:/) && 
+            (!$forceid)) {
+            if ($env{'form.cid'} ne $uidhash{$env{'form.ccuname'}}) {
+                $env{'form.cid'} = $userenv{'id'};
+                $no_forceid_alert = &mt('New student/employeeID does not match existing ID for this user.').'<br />'.&mt('Change is not permitted without checking the \'Force ID change\' checkbox on the previous page.').'<br />'."\n";        
+            }
+        }
+        if ($env{'form.cid'} ne $userenv{'id'}) {
             my $checkhash;
             my $checks = { 'id' => 1 };
             $checkhash->{$env{'form.ccuname'}.':'.$env{'form.ccdomain'}} = 
@@ -1612,15 +1848,17 @@ sub update_user_data {
                 \%alerts,\%rulematch,\%idinst_results,\%curr_rules,\%got_rules);
             if (ref($alerts{'id'}) eq 'HASH') {
                 if (ref($alerts{'id'}{$env{'form.ccdomain'}}) eq 'HASH') {
-                   $disallowed_id = 1;
+                   $env{'form.cid'} = $userenv{'id'};
                 }
             }
         }
-        my ($quotachanged,$namechanged,$oldportfolioquota,$newportfolioquota,
-            $inststatus,$isdefault,$defquotatext);
+        my ($quotachanged,$oldportfolioquota,$newportfolioquota,
+            $inststatus,$oldisdefault,$newisdefault,$olddefquotatext,
+            $newdefquotatext);
         my ($defquota,$settingstatus) = 
             &Apache::loncommon::default_quota($env{'form.ccdomain'},$inststatus);
         my %changeHash;
+        $changeHash{'portfolioquota'} = $userenv{'portfolioquota'};
         if ($userenv{'portfolioquota'} ne '') {
             $oldportfolioquota = $userenv{'portfolioquota'};
             if ($env{'form.customquota'} == 1) {
@@ -1630,15 +1868,16 @@ sub update_user_data {
                     $newportfolioquota = $env{'form.portfolioquota'};
                     $newportfolioquota =~ s/[^\d\.]//g;
                 }
-                if ($newportfolioquota != $userenv{'portfolioquota'}) {
+                if ($newportfolioquota != $oldportfolioquota) {
                     $quotachanged = &quota_admin($newportfolioquota,\%changeHash);
                 }
             } else {
                 $quotachanged = &quota_admin('',\%changeHash);
                 $newportfolioquota = $defquota;
-                $isdefault = 1; 
+                $newisdefault = 1; 
             }
         } else {
+            $oldisdefault = 1;
             $oldportfolioquota = $defquota;
             if ($env{'form.customquota'} == 1) {
                 if ($env{'form.portfolioquota'} eq '') {
@@ -1650,43 +1889,47 @@ sub update_user_data {
                 $quotachanged = &quota_admin($newportfolioquota,\%changeHash);
             } else {
                 $newportfolioquota = $defquota;
-                $isdefault = 1;
+                $newisdefault = 1;
             }
         }
-        if ($isdefault) {
-            if ($settingstatus eq '') {
-                $defquotatext = &mt('(default)');
-            } else {
-                my ($usertypes,$order) = 
-                    &Apache::lonnet::retrieve_inst_usertypes($env{'form.ccdomain'});
-                if ($usertypes->{$settingstatus} eq '') {
-                    $defquotatext = &mt('(default)');
-                } else { 
-                    $defquotatext = &mt('(default for [_1])',$usertypes->{$settingstatus});
-                }
-            }
+        if ($oldisdefault) {
+            $olddefquotatext = &get_defaultquota_text($settingstatus);
+        }
+        if ($newisdefault) {
+            $newdefquotatext = &get_defaultquota_text($settingstatus);
         }
-        if (&Apache::lonnet::allowed('mau',$env{'form.ccdomain'}) && 
-            ($env{'form.cfirstname'}  ne $userenv{'firstname'}  ||
-             $env{'form.cmiddlename'} ne $userenv{'middlename'} ||
-             $env{'form.clastname'}   ne $userenv{'lastname'}   ||
-             $env{'form.cgeneration'} ne $userenv{'generation'} ||
-             $env{'form.cid'} ne $userenv{'id'}                 ||
-             $env{'form.cpermanentemail'} ne $userenv{'permanentemail'} )) {
+        if ($env{'form.cfirstname'}  ne $userenv{'firstname'}  ||
+            $env{'form.cmiddlename'} ne $userenv{'middlename'} ||
+            $env{'form.clastname'}   ne $userenv{'lastname'}   ||
+            $env{'form.cgeneration'} ne $userenv{'generation'} ||
+            $env{'form.cid'} ne $userenv{'id'}                 ||
+            $env{'form.cpermanentemail'} ne $userenv{'permanentemail'} ) {
             $namechanged = 1;
         }
-        if ($namechanged) {
-            # Make the change
+        if ($namechanged || $quotachanged) {
             $changeHash{'firstname'}  = $env{'form.cfirstname'};
             $changeHash{'middlename'} = $env{'form.cmiddlename'};
             $changeHash{'lastname'}   = $env{'form.clastname'};
             $changeHash{'generation'} = $env{'form.cgeneration'};
             $changeHash{'id'}         = $env{'form.cid'};
             $changeHash{'permanentemail'} = $env{'form.cpermanentemail'};
-            my $putresult = &Apache::lonnet::put
-                ('environment',\%changeHash,
-                 $env{'form.ccdomain'},$env{'form.ccuname'});
-            if ($putresult eq 'ok') {
+            my ($quotachgresult,$namechgresult);
+            if ($quotachanged) {
+                $quotachgresult = 
+                    &Apache::lonnet::put('environment',\%changeHash,
+                                  $env{'form.ccdomain'},$env{'form.ccuname'});
+            }
+            if ($namechanged) {
+            # Make the change
+                $namechgresult =
+                    &Apache::lonnet::modifyuser($env{'form.ccdomain'},
+                        $env{'form.ccuname'},$changeHash{'id'},undef,undef,
+                        $changeHash{'firstname'},$changeHash{'middlename'},
+                        $changeHash{'lastname'},$changeHash{'generation'},
+                        $changeHash{'id'},undef,$changeHash{'permanentemail'});
+            }
+            if (($namechanged && $namechgresult eq 'ok') || 
+                ($quotachanged && $quotachgresult eq 'ok')) {
             # Tell the user we changed the name
 		my %lt=&Apache::lonlocal::texthash(
                              'uic'  => "User Information Changed",             
@@ -1700,48 +1943,63 @@ sub update_user_data {
                              'prvs' => "Previous",
                              'chto' => "Changed To"
 						   );
+                $r->print('<h4>'.$lt{'uic'}.'</h4>'.
+                          &Apache::loncommon::start_data_table().
+                          &Apache::loncommon::start_data_table_header_row());
                 $r->print(<<"END");
-<table border="2">
-<caption>$lt{'uic'}</caption>
-<tr><th>&nbsp;</th>
+    <th>&nbsp;</th>
     <th>$lt{'frst'}</th>
     <th>$lt{'mddl'}</th>
     <th>$lt{'lst'}</th>
     <th>$lt{'gen'}</th>
     <th>$lt{'id'}</th>
     <th>$lt{'mail'}</th>
-    <th>$lt{'disk'}</th></tr>
-<tr><td>$lt{'prvs'}</td>
+    <th>$lt{'disk'}</th>
+END
+                $r->print(&Apache::loncommon::end_data_table_header_row().
+                          &Apache::loncommon::start_data_table_row());
+                $r->print(<<"END");
+    <td><b>$lt{'prvs'}</b></td>
     <td>$userenv{'firstname'}  </td>
     <td>$userenv{'middlename'} </td>
     <td>$userenv{'lastname'}   </td>
     <td>$userenv{'generation'} </td>
     <td>$userenv{'id'}</td>
     <td>$userenv{'permanentemail'} </td>
-    <td>$oldportfolioquota Mb</td>
-</tr>
-<tr><td>$lt{'chto'}</td>
+    <td>$oldportfolioquota Mb $olddefquotatext </td>
+END
+                $r->print(&Apache::loncommon::end_data_table_row().
+                          &Apache::loncommon::start_data_table_row());
+                $r->print(<<"END");
+    <td><b>$lt{'chto'}</b></td>
     <td>$env{'form.cfirstname'}  </td>
     <td>$env{'form.cmiddlename'} </td>
     <td>$env{'form.clastname'}   </td>
     <td>$env{'form.cgeneration'} </td>
     <td>$env{'form.cid'} </td>
     <td>$env{'form.cpermanentemail'} </td>
-    <td>$newportfolioquota Mb $defquotatext </td></tr>
-</table>
+    <td>$newportfolioquota Mb $newdefquotatext </td>
 END
-                if (($forceid) && ($recurseid) && (!$disallowed_id) &&
-                    (&Apache::lonnet::allowed('mau',$env{'form.ccdomain'}))) {
-                    my %userupdate = (
+                $r->print(&Apache::loncommon::end_data_table_row().
+                          &Apache::loncommon::end_data_table().'<br />');
+                if ($env{'form.cid'} ne $userenv{'id'}) {
+                    &Apache::lonnet::idput($env{'form.ccdomain'},
+                         ($env{'form.ccuname'} => $env{'form.cid'}));
+                    if (($recurseid) &&
+                        (&Apache::lonnet::allowed('mau',$env{'form.ccdomain'}))) {
+                        %userupdate = (
                                   lastname   => $env{'form.clasaname'},
                                   middlename => $env{'form.cmiddlename'},
                                   firstname  => $env{'form.cfirstname'},
                                   generation => $env{'fora.cgeneration'},
                                   id         => $env{'form.cid'},
                              );
-                    my $idresult = &propagate_id_change($env{'form.ccname'},
-                                    $env{'form.ccdomain'},\%userupdate);
-                    $r->print('<br />'.$idresult.'<br />');
+                        my $idresult = 
+                            &Apache::lonuserutils::propagate_id_change(
+                                $env{'form.ccuname'},$env{'form.ccdomain'},
+                                \%userupdate);
+                        $r->print('<br />'.$idresult.'<br />');
+                    }
                 }
                 if (($env{'form.ccdomain'} eq $env{'user.domain'}) && 
                     ($env{'form.ccuname'} eq $env{'user.name'})) {
@@ -1754,17 +2012,11 @@ END
             } else { # error occurred
                 $r->print('<span class="LC_error">'.&mt('Unable to successfully change environment for').' '.
                       $env{'form.ccuname'}.' '.&mt('in domain').' '.
-                      $env{'form.ccdomain'}.'</span>');
+                      $env{'form.ccdomain'}.'</span><br />');
             }
         }  else { # End of if ($env ... ) logic
-            my $putresult;
-            if ($quotachanged) {
-                $putresult = &Apache::lonnet::put
-                                 ('environment',\%changeHash,
-                                  $env{'form.ccdomain'},$env{'form.ccuname'});
-            }
-            # They did not want to change the users name but we can
-            # still tell them what the name is
+            # They did not want to change the users name or quota but we can
+            # still tell them what the name and quota are 
 	    my %lt=&Apache::lonlocal::texthash(
                            'id'   => "ID/Student number",
                            'mail' => "Permanent e-mail",
@@ -1773,20 +2025,41 @@ END
             $r->print(<<"END");
 <h4>$userenv{'firstname'} $userenv{'middlename'} $userenv{'lastname'} $userenv{'generation'}
 END
-            if ($userenv{'permanentemail'} eq '') {
-                $r->print('</h4>');
+            if ($userenv{'permanentemail'} ne '') {
+                $r->print('<br />['.$lt{'mail'}.': '.
+                          $userenv{'permanentemail'}.']');
+            }
+            $r->print('<br />['.$lt{'disk'}.': '.$oldportfolioquota.' Mb '. 
+                 $olddefquotatext.']</h4>');
+        }
+        if (@mod_disallowed) {
+            my ($rolestr,$contextname);
+            if (@longroles > 0) {
+                $rolestr = join(', ',@longroles);
             } else {
-                $r->print('&nbsp;&nbsp;('.$lt{'mail'}.': '.
-                          $userenv{'permanentemail'}.')</h4>');
+                $rolestr = &mt('No roles');
             }
-            if ($putresult eq 'ok') {
-                if ($oldportfolioquota != $newportfolioquota) {
-                    $r->print('<h4>'.$lt{'disk'}.': '.$newportfolioquota.' Mb '. 
-                              $defquotatext.'</h4>');
-                    &Apache::lonnet::appenv('environment.portfolioquota' => $changeHash{'portfolioquota'});
-                }
+            if ($context eq 'course') {
+                $contextname = &mt('course');
+            } elsif ($context eq 'author') {
+                $contextname = &mt('co-author');
+            }
+            $r->print(&mt('The following fields were not updated: ').'<ul>');
+            my %fieldtitles = &Apache::loncommon::personal_data_fieldtitles();
+            foreach my $field (@mod_disallowed) {
+                $r->print('<li>'.$fieldtitles{$field}.'</li>'."\n"); 
+            }
+            $r->print('</ul>');
+            if (@mod_disallowed == 1) {
+                $r->print(&mt("You do not have the authority to change this field given the user's current set of active/future [_1] roles:",$contextname));
+            } else {
+                $r->print(&mt("You do not have the authority to change these fields given the user's current set of active/future [_1] roles:",$contextname));
             }
+            $r->print('<span class="LC_cusr_emph">'.$rolestr.'</span><br />'.
+                      &mt('Contact your <a href="[_1]">helpdesk</a> for more information.',"javascript:helpMenu('display')").'<br />');
         }
+        $r->print($no_forceid_alert.
+                  &Apache::lonuserutils::print_namespacing_alerts($env{'form.ccdomain'},\%alerts, \%curr_rules));
     }
     ##
     my $now=time;
@@ -1807,10 +2080,10 @@ END
 	        $r->print(&mt('Revoking [_1] in [_2]: [_3]',
 			      $role,$scope,'<b>'.$result.'</b>').'<br />');
 		if ($role eq 'st') {
-                    my $result =
+		    my $result = 
                         &Apache::lonuserutils::classlist_drop($scope,
                             $env{'form.ccuname'},$env{'form.ccdomain'},
-                            $now);
+			    $now);
 		    $r->print($result);
 		}
 	    }
@@ -1834,10 +2107,10 @@ END
 	        $r->print(&mt('Deleting [_1] in [_2]: [_3]',$role,$scope,
 			      '<b>'.$result.'</b>').'<br />');
 		if ($role eq 'st') {
-                    my $result =
+		    my $result = 
                         &Apache::lonuserutils::classlist_drop($scope,
                             $env{'form.ccuname'},$env{'form.ccdomain'},
-                            $now);
+			    $now);
 		    $r->print($result);
 		}
             }
@@ -2014,6 +2287,23 @@ END
     $r->print(&Apache::loncommon::end_page());
 }
 
+sub get_defaultquota_text {
+    my ($settingstatus) = @_;
+    my $defquotatext; 
+    if ($settingstatus eq '') {
+        $defquotatext = &mt('(default)');
+    } else {
+        my ($usertypes,$order) =
+            &Apache::lonnet::retrieve_inst_usertypes($env{'form.ccdomain'});
+        if ($usertypes->{$settingstatus} eq '') {
+            $defquotatext = &mt('(default)');
+        } else {
+            $defquotatext = &mt('(default for [_1])',$usertypes->{$settingstatus});
+        }
+    }
+    return $defquotatext;
+}
+
 sub update_result_form {
     my ($uhome) = @_;
     my $outcome = 
@@ -2021,6 +2311,9 @@ sub update_result_form {
     foreach my $item ('srchby','srchin','srchtype','srchterm','srchdomain','ccuname','ccdomain') {
         $outcome .= '<input type="hidden" name="'.$item.'" value="'.$env{'form.'.$item}.'" />'."\n";
     }
+    if ($env{'form.origname'} ne '') {
+        $outcome .= '<input type="hidden" name="origname" value="'.$env{'form.origname'}.'" />'."\n";
+    }
     foreach my $item ('sortby','seluname','seludom') {
         if (exists($env{'form.'.$item})) {
             $outcome .= '<input type="hidden" name="'.$item.'" value="'.$env{'form.'.$item}.'" />'."\n";
@@ -2379,17 +2672,20 @@ sub handler {
     if ($env{'request.course.id'}) {
         $context = 'course';
     } elsif ($env{'request.role'} =~ /^au\./) {
-        $context = 'construction_space';
+        $context = 'author';
     } else {
         $context = 'domain';
     }
     &Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'},
-                                            ['action','state']);
+        ['action','state','callingform','roletype','showrole','bulkaction']);
     &Apache::lonhtmlcommon::clear_breadcrumbs();
-    &Apache::lonhtmlcommon::add_breadcrumb
-        ({href=>"/adm/createuser",
-          text=>"User Management"});
-    my ($permission,$allowed) = &get_permission($context);
+    if ($env{'form.action'} ne 'dateselect') {
+        &Apache::lonhtmlcommon::add_breadcrumb
+            ({href=>"/adm/createuser",
+              text=>"User Management"});
+    }
+    my ($permission,$allowed) = 
+        &Apache::lonuserutils::get_permission($context);
     if (!$allowed) {
         $env{'user.error.msg'}=
             "/adm/createuser:cst:0:0:Cannot create/modify user data ".
@@ -2404,7 +2700,7 @@ sub handler {
     if (! exists($env{'form.action'})) {
         $r->print(&header());
         $r->print(&Apache::lonhtmlcommon::breadcrumbs('User Management'));
-        $r->print(&print_main_menu($permission));
+        $r->print(&print_main_menu($permission,$context));
         $r->print(&Apache::loncommon::end_page());
     } elsif ($env{'form.action'} eq 'upload' && $permission->{'cusr'}) {
         $r->print(&header());
@@ -2428,22 +2724,8 @@ sub handler {
             &Apache::lonuserutils::print_first_users_upload_form($r,$context);
         }
         $r->print('</form>'.&Apache::loncommon::end_page());
-    } elsif ($env{'form.action'} eq 'expire' && $permission->{'cusr'}) {
-        $r->print(&header());
-        &Apache::lonhtmlcommon::add_breadcrumb
-            ({href=>'/adm/createuser?action=expire',
-              text=>"Expire User Roles"});
-        $r->print(&Apache::lonhtmlcommon::breadcrumbs('Expire User Roles',
-                                                      'User_Management_Drops'));
-        if (! exists($env{'form.state'})) {
-            &Apache::lonuserutils::print_expire_menu($r,$context);
-        } elsif ($env{'form.state'} eq 'done') {
-            &Apache::lonuserutils::expire_user_list($r);
-        } else {
-            &Apache::lonuserutils::print_expire_menu($r,$context);
-        }
-        $r->print(&Apache::loncommon::end_page());
-    } elsif ($env{'form.action'} eq 'singleuser' && $permission->{'cusr'}) {
+    } elsif ((($env{'form.action'} eq 'singleuser') || ($env{'form.action'}
+             eq 'singlestudent')) && ($permission->{'cusr'})) {
         my $phase = $env{'form.phase'};
         my @search = ('srchterm','srchby','srchin','srchtype','srchdomain');
 	&Apache::loncreateuser::restore_prev_selections();
@@ -2452,8 +2734,20 @@ sub handler {
 	    $srch->{$item} = $env{'form.'.$item};
 	}
 
-        if (($phase eq 'get_user_info') || ($phase eq 'userpicked')) {
-            if ($env{'form.phase'} eq 'get_user_info') {
+        if (($phase eq 'get_user_info') || ($phase eq 'userpicked') ||
+            ($phase eq 'createnewuser')) {
+            if ($env{'form.phase'} eq 'createnewuser') {
+                my $response;
+                if ($env{'form.srchterm'} !~ /^$match_username$/) {
+                    my $response = &mt('You must specify a valid username. Only the following are allowed: letters numbers - . @');
+                    &print_username_entry_form($r,$context,$response,$srch);
+                } else {
+                    my $ccuname =&LONCAPA::clean_username($srch->{'srchterm'});
+                    my $ccdomain=&LONCAPA::clean_domain($srch->{'srchdomain'});
+                    &print_user_modification_page($r,$ccuname,$ccdomain,
+                                                  $srch,$response,$context);
+                }
+            } elsif ($env{'form.phase'} eq 'get_user_info') {
                 my ($currstate,$response,$forcenewuser,$results) = 
                     &user_search_result($srch);
                 if ($env{'form.currstate'} eq 'modify') {
@@ -2461,7 +2755,7 @@ sub handler {
                 }
                 if ($currstate eq 'select') {
                     &print_user_selection_page($r,$response,$srch,$results,
-                                               'createuser',\@search);
+                                               'createuser',\@search,$context);
                 } elsif ($currstate eq 'modify') {
                     my ($ccuname,$ccdomain);
                     if (($srch->{'srchby'} eq 'uname') && 
@@ -2482,7 +2776,7 @@ sub handler {
                 } elsif ($currstate eq 'query') {
                     &print_user_query_page($r,'createuser');
                 } else {
-                    &print_username_entry_form($r,$response,$srch,
+                    &print_username_entry_form($r,$context,$response,$srch,
                                                $forcenewuser);
                 }
             } elsif ($env{'form.phase'} eq 'userpicked') {
@@ -2492,9 +2786,9 @@ sub handler {
                                               $context);
             }
         } elsif ($env{'form.phase'} eq 'update_user_data') {
-            &update_user_data($r);
+            &update_user_data($r,$context);
         } else {
-            &print_username_entry_form($r,undef,$srch);
+            &print_username_entry_form($r,$context,undef,$srch);
         }
     } elsif ($env{'form.action'} eq 'custom' && $permission->{'custom'}) {
         if ($env{'form.phase'} eq 'set_custom_roles') {
@@ -2502,62 +2796,94 @@ sub handler {
         } else {
             &custom_role_editor($r);
         }
-    } elsif ($env{'form.action'} eq 'listusers' && $permission->{'view'}) {
-        my ($cb_jscript,$jscript,$totcodes,$codetitles,$idlist,$idlist_titles);
-        my $formname = 'studentform';
-        if ($context eq 'domain' && $env{'form.roletype'} eq 'course') {
-            ($cb_jscript,$jscript,$totcodes,$codetitles,$idlist,$idlist_titles) = 
-                &Apache::lonuserutils::courses_selector($env{'request.role.domain'},
-                                                        $formname);
-            my $js = &add_script($jscript).$cb_jscript;
-            my $loadcode = 
-                &Apache::lonuserutils::course_selector_loadcode($formname);
-            if ($loadcode ne '') {
-                $r->print(&header($js,{'onload' => $loadcode,}));
+    } elsif (($env{'form.action'} eq 'listusers') && 
+             ($permission->{'view'} || $permission->{'cusr'})) {
+        if ($env{'form.phase'} eq 'bulkchange') {
+            &Apache::lonhtmlcommon::add_breadcrumb
+                ({href=>'backPage(document.studentform)',
+                  text=>"List Users"});
+            my $setting = $env{'form.roletype'};
+            my $choice = $env{'form.bulkaction'};
+            $r->print(&header());
+            $r->print(&Apache::lonhtmlcommon::breadcrumbs("List Users",
+                                                          'User_Management_List'));
+            if ($permission->{'cusr'}) {
+                &Apache::lonuserutils::update_user_list($r,$context,$setting,$choice);
+            }
+        } else {
+            &Apache::lonhtmlcommon::add_breadcrumb
+                ({href=>'/adm/createuser?action=listusers',
+                  text=>"List Users"});
+            my ($cb_jscript,$jscript,$totcodes,$codetitles,$idlist,$idlist_titles);
+            my $formname = 'studentform';
+            if ($context eq 'domain' && $env{'form.roletype'} eq 'course') {
+                ($cb_jscript,$jscript,$totcodes,$codetitles,$idlist,$idlist_titles) = 
+                    &Apache::lonuserutils::courses_selector($env{'request.role.domain'},
+                                                            $formname);
+                $jscript .= &verify_user_display();
+                my $js = &add_script($jscript).$cb_jscript;
+                my $loadcode = 
+                    &Apache::lonuserutils::course_selector_loadcode($formname);
+                if ($loadcode ne '') {
+                    $r->print(&header($js,{'onload' => $loadcode,}));
+                } else {
+                    $r->print(&header($js));
+                }
             } else {
-                $r->print(&header($js));
+                $r->print(&header(&add_script(&verify_user_display())));
             }
-        } else {
-            $r->print(&header());
+            $r->print(&Apache::lonhtmlcommon::breadcrumbs("List Users",
+                                                          'User_Management_List'));
+            &Apache::lonuserutils::print_userlist($r,undef,$permission,$context,
+                         $formname,$totcodes,$codetitles,$idlist,$idlist_titles);
+            $r->print(&Apache::loncommon::end_page());
         }
-        &Apache::lonhtmlcommon::add_breadcrumb
-            ({href=>'/adm/createuser?action=listusers',
-              text=>"List Users"});
-        $r->print(&Apache::lonhtmlcommon::breadcrumbs("List Users",
-                                                      'User_Management_List'));
-        &Apache::lonuserutils::print_userlist($r,undef,$permission,$context,
-                     $formname,$totcodes,$codetitles,$idlist,$idlist_titles);
-        $r->print(&Apache::loncommon::end_page());
-    } elsif ($env{'form.action'} eq 'expire' && $permission->{'cusr'}) {
+    } elsif ($env{'form.action'} eq 'drop' && $permission->{'cusr'}) {
         $r->print(&header());
         &Apache::lonhtmlcommon::add_breadcrumb
             ({href=>'/adm/createuser?action=drop',
-              text=>"Expire Users"});
-        $r->print(&Apache::lonhtmlcommon::breadcrumbs('Expire User Roles',
-                                                      'User_Management_Drops'));
-        if (! exists($env{'form.state'})) {
-            &Apache::lonuserutils::print_expire_menu($r,$context);
+              text=>"Drop Students"});
+        if (!exists($env{'form.state'})) {
+            $r->print(&Apache::lonhtmlcommon::breadcrumbs('Drop Students',
+                                                          'Course_Drop_Student'));
+
+            &Apache::lonuserutils::print_drop_menu($r,$context,$permission);
         } elsif ($env{'form.state'} eq 'done') {
-            &Apache::lonuserutiles::expire_user_list($r);
-        } else {
-            &print_expire_menu($r,$context);
+            &Apache::lonhtmlcommon::add_breadcrumb
+            ({href=>'/adm/createuser?action=drop',
+              text=>"Result"});
+            $r->print(&Apache::lonhtmlcommon::breadcrumbs('Drop Students',
+                                                          'Course_Drop_Student'));
+            &Apache::lonuserutils::update_user_list($r,$context,undef,
+                                                    $env{'form.action'});
         }
         $r->print(&Apache::loncommon::end_page());
+    } elsif ($env{'form.action'} eq 'dateselect') {
+        if ($permission->{'cusr'}) {
+            $r->print(&header(undef,undef,{'no_nav_bar' => 1}).
+                      &Apache::lonuserutils::date_section_selector($context).
+                      &Apache::loncommon::end_page());
+        } else {
+            $r->print(&header().
+                     '<span class="LC_error">'.&mt('You do not have permission to modify dates or sections for users').'</span>'. 
+                     &Apache::loncommon::end_page());
+        }
     } else {
         $r->print(&header());
-        $r->print(&Apache::lonhtmlcommon::breadcrumbs('User Management'));            $r->print(&print_main_menu($permission));
+        $r->print(&Apache::lonhtmlcommon::breadcrumbs('User Management'));
+        $r->print(&print_main_menu($permission,$context));
         $r->print(&Apache::loncommon::end_page());
     }
     return OK;
 }
 
 sub header {
-    my ($jscript,$loaditems) = @_;
+    my ($jscript,$loaditems,$args) = @_;
     my $start_page;
     if (ref($loaditems) eq 'HASH') {
-        $start_page=&Apache::loncommon::start_page('User Management',$jscript,{'add_entries' => $loaditems,});
+        $start_page=&Apache::loncommon::start_page('User Management',$jscript,{'add_entries' => $loaditems});
     } else {
-        $start_page=&Apache::loncommon::start_page('User Management',$jscript);
+        $start_page=&Apache::loncommon::start_page('User Management',$jscript,$args);
     }
     return $start_page;
 }
@@ -2567,39 +2893,98 @@ sub add_script {
     return '<script type="text/javascript">'."\n".$js."\n".'</script>';
 }
 
+sub verify_user_display {
+    my $output = <<"END";
+
+function display_update() {
+    document.studentform.action.value = 'listusers';
+    document.studentform.phase.value = 'display';
+    document.studentform.submit();
+}
+
+END
+    return $output;
+
+}
+
 ###############################################################
 ###############################################################
 #  Menu Phase One
 sub print_main_menu {
-    my ($permission) = @_;
+    my ($permission,$context) = @_;
+    my %links = (
+                       domain => {
+                                   upload => 'Upload a File of Users',
+                                   singleuser => 'Add/Manage a Single User',
+                                   listusers => 'Manage Multiple Users',
+                                 },
+                       author => {
+                                   upload => 'Upload a File of Co-authors',
+                                   singleuser => 'Add/Manage a Single Co-author',
+                                   listusers => 'Display Co-authors and Manage Multiple Users',
+                                 },
+                       course => {
+                                   upload => 'Upload a File of Course Users',
+                                   singleuser => 'Add/Manage a Single Course User',
+                                   listusers => 'Display Class Lists and Manage Multiple Users',
+                                 },
+                     );
     my @menu =
         (
-          { text => 'Upload a File of Users to Modify/Create Users and/or Add roles',
+          { text => $links{$context}{'upload'},
             help => 'User_Management_Upload',
             action => 'upload',
             permission => $permission->{'cusr'},
             },
-          { text => 'Create User/Set User Roles for a single user',
+          { text => $links{$context}{'singleuser'}, 
             help => 'User_Management_Single_User',
             action => 'singleuser',
             permission => $permission->{'cusr'},
             },
-          { text => 'Display Lists of Users',
+          { text => $links{$context}{'listusers'},
             help => 'User_Management_List',
             action => 'listusers',
-            permission => $permission->{'view'},
-            },
-#          { text => 'Expire User Roles',
-#            help => 'User_Management_Drops',
-#            action => 'expire',
-#            permission => $permission->{'cusr'},
-#            },
-          { text => 'Edit Custom Roles',
-            help => 'Custom_Role_Edit',
-            action => 'custom',
-            permission => $permission->{'custom'},
+            permission => ($permission->{'view'} || $permission->{'cusr'}),
           },
         );
+    if ($context eq 'domain' || $context eq 'course') {
+        my $customlink =  { text => 'Edit Custom Roles',
+                            help => 'Custom_Role_Edit',
+                            action => 'custom',
+                            permission => $permission->{'custom'},
+                          };
+        push(@menu,$customlink);
+    }
+    if ($context eq 'course') {
+        my ($cnum,$cdom) = &Apache::lonuserutils::get_course_identity();
+        my @courselinks =
+            (
+              { text => 'Enroll a Single Student',
+                 help => 'Course_Single_Student',
+                 action => 'singlestudent',
+                 permission => $permission->{'cusr'},
+                 },
+              { text => 'Drop Students',
+                help => 'Course_Drop_Student',
+                action => 'drop',
+                permission => $permission->{'cusr'},
+              });
+        if (!exists($permission->{'cusr_section'})) {
+            push(@courselinks,
+               { text => 'Automated Student Enrollment Manager',
+                 permission => (&Apache::lonnet::auto_run($cnum,$cdom)
+                                && $permission->{'cusr'}),
+                 url  => '/adm/populate',
+                 });
+        }
+        push(@courselinks,
+               { text => 'Manage Course Groups',
+                 help => 'Course_Manage_Group',
+                 permission => $permission->{'grp_manage'},
+                 url => '/adm/coursegroups?refpage=cusr',
+               });
+        push(@menu,@courselinks);
+    }
     my $menu_html = '';
     foreach my $menu_item (@menu) {
         next if (! $menu_item->{'permission'});
@@ -2621,57 +3006,6 @@ sub print_main_menu {
     return $menu_html;
 }
 
-sub get_permission {
-    my ($context) = @_;
-    my %permission;
-    if ($context eq 'course') {
-        if ((&Apache::lonnet::allowed('cta',$env{'request.course.id'})) ||
-            (&Apache::lonnet::allowed('cin',$env{'request.course.id'})) ||
-            (&Apache::lonnet::allowed('ccr',$env{'request.course.id'})) ||
-            (&Apache::lonnet::allowed('cep',$env{'request.course.id'})) ||
-            (&Apache::lonnet::allowed('cst',$env{'request.course.id'}))) {
-            $permission{'cusr'} = 1;
-            $permission{'view'} =
-                 &Apache::lonnet::allowed('vcl',$env{'request.course.id'});
-
-        }
-        if (&Apache::lonnet::allowed('ccr',$env{'request.course.id'})) {
-            $permission{'custom'} = 1;
-        }
-        if (&Apache::lonnet::allowed('vcl',$env{'request.course.id'})) {
-            $permission{'view'} = 1;
-            if (!$permission{'view'}) {
-                my $scope = $env{'request.course.id'}.'/'.$env{'request.course.sec'};
-                $permission{'view'} =  &Apache::lonnet::allowed('vcl',$scope);
-                if ($permission{'view'}) {
-                    $permission{'view_section'} = $env{'request.course.sec'};
-                }
-            }
-        }
-    } elsif ($context eq 'construction_space') {
-        $permission{'cusr'} = &authorpriv($env{'user.name'},$env{'request.role.domain'});
-        $permission{'view'} = $permission{'cusr'};
-    } else {
-        if ((&Apache::lonnet::allowed('cad',$env{'request.role.domain'})) ||
-            (&Apache::lonnet::allowed('cli',$env{'request.role.domain'})) ||
-            (&Apache::lonnet::allowed('cau',$env{'request.role.domain'})) ||
-            (&Apache::lonnet::allowed('csc',$env{'request.role.domain'})) ||
-            (&Apache::lonnet::allowed('cdg',$env{'request.role.domain'})) || 
-            (&Apache::lonnet::allowed('mau',$env{'request.role.domain'}))) {
-            $permission{'cusr'} = 1;
-        }
-        if (&Apache::lonnet::allowed('ccr',$env{'request.role.domain'})) {
-            $permission{'custom'} = 1;
-        }
-        $permission{'view'} = $permission{'cusr'};
-    }
-    my $allowed = 0;
-    foreach my $perm (values(%permission)) {
-        if ($perm) { $allowed=1; last; }
-    }
-    return (\%permission,$allowed);
-}
-
 sub restore_prev_selections {
     my %saveable_parameters = ('srchby'   => 'scalar',
 			       'srchin'   => 'scalar',
@@ -3074,6 +3408,10 @@ sub crumb_utilities {
            srchtype => 'selectbox',
            srchdomain => 'selectbox',
        },
+       crtusername => {
+           srchterm => 'text',
+           srchdomain => 'selectbox',
+       },
        docustom => {
            rolename => 'selectbox',
            newrolename => 'textbox',
@@ -3089,8 +3427,18 @@ sub crumb_utilities {
 
     my $jsback .= qq|
 function backPage(formname,prevphase,prevstate) {
-    formname.phase.value = prevphase;
-    formname.currstate.value = prevstate;
+    if (typeof prevphase == 'undefined') {
+        formname.phase.value = '';
+    }
+    else {  
+        formname.phase.value = prevphase;
+    }
+    if (typeof prevstate == 'undefined') {
+        formname.currstate.value = '';
+    }
+    else {
+        formname.currstate.value = prevstate;
+    }
     formname.submit();
 }
 |;
@@ -3132,7 +3480,8 @@ sub course_level_table {
 		    &Apache::loncommon::get_sections($domain,$cnum);
             }
         }
-	foreach my $role ('st','ta','ep','in','cc') {
+        my @roles = &Apache::lonuserutils::roles_by_context('course');
+	foreach my $role (@roles) {
 	    if (&Apache::lonnet::allowed('c'.$role,$thiscourse)) {
 		my $plrole=&Apache::lonnet::plaintext($role);
 		$table .= &Apache::loncommon::start_data_table_row().
@@ -3141,9 +3490,9 @@ sub course_level_table {
 <td>'.$area.'<br />Domain: '.$domain.'</td>'."\n";
 	        if ($role ne 'cc') {
                     if (%sections_count) {
-                        my $currsec =
+                        my $currsec = 
                             &Apache::lonuserutils::course_sections(\%sections_count,
-                                                       $protectedcourse.'_'.$role);
+                                                        $protectedcourse.'_'.$role);
                         $table .= 
                     '<td><table class="LC_createuser">'.
                      '<tr class="LC_section_row">
@@ -3183,7 +3532,7 @@ ENDTIMEENTRY
 <td>'.$plrole.'</td>
 <td>'.$area.'</td>'."\n";
                 if (%sections_count) {
-                    my $currsec =
+                    my $currsec = 
                         &Apache::lonuserutils::course_sections(\%sections_count,
                                                                $customrole);
                     $table.=
@@ -3232,6 +3581,7 @@ $table.
 sub course_level_dc {
     my ($dcdom) = @_;
     my %customroles=&Apache::lonuserutils::my_custom_roles();
+    my @roles = &Apache::lonuserutils::roles_by_context('course');
     my $hiddenitems = '<input type="hidden" name="dcdomain" value="'.$dcdom.'" />'.
                       '<input type="hidden" name="origdom" value="'.$dcdom.'" />'.
                       '<input type="hidden" name="dccourse" value="" />';
@@ -3256,7 +3606,7 @@ sub course_level_dc {
     my $otheritems = &Apache::loncommon::start_data_table_row()."\n".
                      '<td><input type="text" name="coursedesc" value="" onFocus="this.blur();opencrsbrowser('."'cu','dccourse','dcdomain','coursedesc',''".')" /></td>'."\n".
                      '<td><select name="role">'."\n";
-    foreach  my $role ('st','ta','ep','in','cc') {
+    foreach my $role (@roles) {
         my $plrole=&Apache::lonnet::plaintext($role);
         $otheritems .= '  <option value="'.$role.'">'.$plrole;
     }