--- loncom/interface/loncreateuser.pm	2007/12/21 15:33:32	1.217
+++ loncom/interface/loncreateuser.pm	2007/12/21 20:34:26	1.221
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Create a user
 #
-# $Id: loncreateuser.pm,v 1.217 2007/12/21 15:33:32 raeburn Exp $
+# $Id: loncreateuser.pm,v 1.221 2007/12/21 20:34:26 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -809,141 +809,44 @@ ENDNOPORTPRIV
             &display_existing_roles($r,$ccuname,$ccdomain,\%inccourses);
         }
     } ## End of new user/old user logic
-    my $addrolesdisplay = 0;
-    $r->print('<h3>'.&mt('Add Roles').'</h3>');
-#
-# Co-Author
-# 
-    if (&Apache::lonuserutils::authorpriv($env{'user.name'},
-                                          $env{'request.role.domain'}) &&
-        ($env{'user.name'} ne $ccuname || $env{'user.domain'} ne $ccdomain)) {
-        # No sense in assigning co-author role to yourself
-        $addrolesdisplay = 1;
-	my $cuname=$env{'user.name'};
-        my $cudom=$env{'request.role.domain'};
-	   my %lt=&Apache::lonlocal::texthash(
-		    'cs'   => "Construction Space",
-                    'act'  => "Activate",                    
-                    'rol'  => "Role",
-                    'ext'  => "Extent",
-                    'sta'  => "Start",
-                    'end'  => "End",
-                    'cau'  => "Co-Author",
-                    'caa'  => "Assistant Co-Author",
-                    'ssd'  => "Set Start Date",
-                    'sed'  => "Set End Date"
-				       );
-       $r->print('<h4>'.$lt{'cs'}.'</h4>'."\n". 
-           &Apache::loncommon::start_data_table()."\n".
-           &Apache::loncommon::start_data_table_header_row()."\n".
-           '<th>'.$lt{'act'}.'</th><th>'.$lt{'rol'}.'</th>'.
-           '<th>'.$lt{'ext'}.'</th><th>'.$lt{'sta'}.'</th>'.
-           '<th>'.$lt{'end'}.'</th>'."\n".
-           &Apache::loncommon::end_data_table_header_row()."\n".
-           &Apache::loncommon::start_data_table_row()."\n".
-           '<td>
-            <input type=checkbox name="act_'.$cudom.'_'.$cuname.'_ca" />
-           </td>
-           <td>'.$lt{'cau'}.'</td>
-           <td>'.$cudom.'_'.$cuname.'</td>
-           <td><input type="hidden" name="start_'.$cudom.'_'.$cuname.'_ca" value="" />
-             <a href=
-"javascript:pjump('."'date_start','Start Date Co-Author',document.cu.start_$cudom\_$cuname\_ca.value,'start_$cudom\_$cuname\_ca','cu.pres','dateset'".')">'.$lt{'ssd'}.'</a></td>
-<td><input type="hidden" name="end_'.$cudom.'_'.$cuname.'_ca" value="" />
-<a href=
-"javascript:pjump('."'date_end','End Date Co-Author',document.cu.end_$cudom\_$cuname\_ca.value,'end_$cudom\_$cuname\_ca','cu.pres','dateset'".')">'.$lt{'sed'}.'</a></td>'."\n".
-          &Apache::loncommon::end_data_table_row()."\n".
-          &Apache::loncommon::start_data_table_row()."\n".
-'<td><input type=checkbox name="act_'.$cudom.'_'.$cuname.'_aa" /></td>
-<td>'.$lt{'caa'}.'</td>
-<td>'.$cudom.'_'.$cuname.'</td>
-<td><input type="hidden" name="start_'.$cudom.'_'.$cuname.'_aa" value="" />
-<a href=
-"javascript:pjump('."'date_start','Start Date Assistant Co-Author',document.cu.start_$cudom\_$cuname\_aa.value,'start_$cudom\_$cuname\_aa','cu.pres','dateset'".')">'.$lt{'ssd'}.'</a></td>
-<td><input type="hidden" name="end_'.$cudom.'_'.$cuname.'_aa" value="" />
-<a href=
-"javascript:pjump('."'date_end','End Date Assistant Co-Author',document.cu.end_$cudom\_$cuname\_aa.value,'end_$cudom\_$cuname\_aa','cu.pres','dateset'".')">'.$lt{'sed'}.'</a></td>'."\n".
-         &Apache::loncommon::end_data_table_row()."\n".
-         &Apache::loncommon::end_data_table());
-    } elsif ($env{'request.role'} =~ /^au\./) {
-        if (!(&Apache::lonuserutils::authorpriv($env{'user.name'},
-                                                $env{'request.role.domain'}))) {
-            $r->print('<span class="LC_error">'.
-                      &mt('You do not have privileges to assign co-author roles.').
-                      '</span>');
-        } elsif (($env{'user.name'} eq $ccuname) && 
-             ($env{'user.domain'} eq $ccdomain)) {
-           $r->print(&mt('Assigning yourself a co-author or assistant co-author role in your own author area in Construction Space is not permitted'));
-        }
-    }
-#
-# Domain level
-#
-    my $num_domain_level = 0;
-    my $domaintext = 
-    '<h4>'.&mt('Domain Level').'</h4>'.
-    &Apache::loncommon::start_data_table().
-    &Apache::loncommon::start_data_table_header_row().
-    '<th>'.&mt('Activate').'</th><th>'.&mt('Role').'</th><th>'.
-    &mt('Extent').'</th>'.
-    '<th>'.&mt('Start').'</th><th>'.&mt('End').'</th>'.
-    &Apache::loncommon::end_data_table_header_row();
-    foreach my $thisdomain (sort(&Apache::lonnet::all_domains())) {
-        foreach my $role ('dc','li','dg','au','sc') {
-            if (&Apache::lonnet::allowed('c'.$role,$thisdomain)) {
-               my $plrole=&Apache::lonnet::plaintext($role);
-	       my %lt=&Apache::lonlocal::texthash(
-                    'ssd'  => "Set Start Date",
-                    'sed'  => "Set End Date"
-				       );
-               $num_domain_level ++;
-               $domaintext .= 
-&Apache::loncommon::start_data_table_row().
-'<td><input type=checkbox name="act_'.$thisdomain.'_'.$role.'" /></td>
-<td>'.$plrole.'</td>
-<td>'.$thisdomain.'</td>
-<td><input type="hidden" name="start_'.$thisdomain.'_'.$role.'" value="" />
-<a href=
-"javascript:pjump('."'date_start','Start Date $plrole',document.cu.start_$thisdomain\_$role.value,'start_$thisdomain\_$role','cu.pres','dateset'".')">'.$lt{'ssd'}.'</a></td>
-<td><input type="hidden" name="end_'.$thisdomain.'_'.$role.'" value="" />
-<a href=
-"javascript:pjump('."'date_end','End Date $plrole',document.cu.end_$thisdomain\_$role.value,'end_$thisdomain\_$role','cu.pres','dateset'".')">'.$lt{'sed'}.'</a></td>'.
-&Apache::loncommon::end_data_table_row();
-            }
-        } 
-    }
-    $domaintext.= &Apache::loncommon::end_data_table();
-    if ($num_domain_level > 0) {
-        $r->print($domaintext);
-        $addrolesdisplay = 1;
-    }
-#
-# Course level
-#
 
-    if ($env{'request.role'} =~ m{^dc\./($match_domain)/$}) {
-        $r->print(&course_level_dc($1,'Course'));
-        $r->print('<br /><input type="button" value="'.&mt('Modify User').'" onClick="setCourse()" />'."\n");
-    } elsif ($env{'request.role'} =~ m{^au\./($match_domain)/$}) {
-        if ($addrolesdisplay) {
-            $r->print('<br /><input type="button" value="'.&mt('Modify User').'"');
-            if ($newuser) {
-                $r->print(' onClick="verify_message(this.form)" \>'."\n");
+    if ($env{'form.action'} eq 'singlestudent') {
+        $r->print('<br /><input type="button" value="'.&mt('Enroll Student').'" onClick="setSections(this.form)" />'."\n");
+    } else {
+        $r->print('<h3>'.&mt('Add Roles').'</h3>');
+        my $addrolesdisplay = 0;
+        if ($context eq 'domain' || $context eq 'author') {
+            $addrolesdisplay = &new_coauthor_roles($r,$ccuname,$ccdomain);
+        }
+        if ($context eq 'domain') {
+            my $add_domainroles = &new_domain_roles($r);
+            if (!$addrolesdisplay) {
+                $addrolesdisplay = $add_domainroles;
+            }
+            $r->print(&course_level_dc($env{'request.role.domain'},'Course'));
+            $r->print('<br /><input type="button" value="'.&mt('Modify User').'" onClick="setCourse()" />'."\n");
+        } elsif ($context eq 'author') {
+            if ($addrolesdisplay) {
+                $r->print('<br /><input type="button" value="'.&mt('Modify User').'"');
+                if ($newuser) {
+                    $r->print(' onClick="verify_message(this.form)" \>'."\n");
+                } else {
+                    $r->print('onClick="this.form.submit()" \>'."\n");
+                }
             } else {
-                $r->print('onClick="this.form.submit()" \>'."\n"); 
+                $r->print('<br /><a href="javascript:backPage(document.cu)">'.
+                          &mt('Back to previous page').'</a>');
             }
         } else {
-            $r->print('<br /><a href="javascript:backPage(document.cu)">'.
-                      &mt('Back to previous page').'</a>');
+            $r->print(&course_level_table(%inccourses));
+            $r->print('<br /><input type="button" value="'.&mt('Modify User').'" onClick="setSections(this.form)" />'."\n");
         }
-    } else {
-        $r->print(&course_level_table(%inccourses));
-        $r->print('<br /><input type="button" value="'.&mt('Modify User').'" onClick="setSections(this.form)" />'."\n");
     }
     $r->print(&Apache::lonhtmlcommon::echo_form_input(['phase','userrole','ccdomain','prevphase','currstate','ccuname','ccdomain']));
     $r->print('<input type="hidden" name="currstate" value="" />');
     $r->print('<input type="hidden" name="prevphase" value="'.$env{'form.phase'}.'" />');
     $r->print("</form>".&Apache::loncommon::end_page());
+    return;
 }
 
 sub singleuser_breadcrumb {
@@ -1208,6 +1111,124 @@ sub display_existing_roles {
     return;
 }
 
+sub new_coauthor_roles {
+    my ($r,$ccuname,$ccdomain) = @_;
+    my $addrolesdisplay = 0;
+    #
+    # Co-Author
+    #
+    if (&Apache::lonuserutils::authorpriv($env{'user.name'},
+                                          $env{'request.role.domain'}) &&
+        ($env{'user.name'} ne $ccuname || $env{'user.domain'} ne $ccdomain)) {
+        # No sense in assigning co-author role to yourself
+        $addrolesdisplay = 1;
+        my $cuname=$env{'user.name'};
+        my $cudom=$env{'request.role.domain'};
+        my %lt=&Apache::lonlocal::texthash(
+                    'cs'   => "Construction Space",
+                    'act'  => "Activate",
+                    'rol'  => "Role",
+                    'ext'  => "Extent",
+                    'sta'  => "Start",
+                    'end'  => "End",
+                    'cau'  => "Co-Author",
+                    'caa'  => "Assistant Co-Author",
+                    'ssd'  => "Set Start Date",
+                    'sed'  => "Set End Date"
+                                       );
+        $r->print('<h4>'.$lt{'cs'}.'</h4>'."\n".
+                  &Apache::loncommon::start_data_table()."\n".
+                  &Apache::loncommon::start_data_table_header_row()."\n".
+                  '<th>'.$lt{'act'}.'</th><th>'.$lt{'rol'}.'</th>'.
+                  '<th>'.$lt{'ext'}.'</th><th>'.$lt{'sta'}.'</th>'.
+                  '<th>'.$lt{'end'}.'</th>'."\n".
+                  &Apache::loncommon::end_data_table_header_row()."\n".
+                  &Apache::loncommon::start_data_table_row().'
+           <td>
+            <input type=checkbox name="act_'.$cudom.'_'.$cuname.'_ca" />
+           </td>
+           <td>'.$lt{'cau'}.'</td>
+           <td>'.$cudom.'_'.$cuname.'</td>
+           <td><input type="hidden" name="start_'.$cudom.'_'.$cuname.'_ca" value="" />
+             <a href=
+"javascript:pjump('."'date_start','Start Date Co-Author',document.cu.start_$cudom\_$cuname\_ca.value,'start_$cudom\_$cuname\_ca','cu.pres','dateset'".')">'.$lt{'ssd'}.'</a></td>
+<td><input type="hidden" name="end_'.$cudom.'_'.$cuname.'_ca" value="" />
+<a href=
+"javascript:pjump('."'date_end','End Date Co-Author',document.cu.end_$cudom\_$cuname\_ca.value,'end_$cudom\_$cuname\_ca','cu.pres','dateset'".')">'.$lt{'sed'}.'</a></td>'."\n".
+              &Apache::loncommon::end_data_table_row()."\n".
+              &Apache::loncommon::start_data_table_row()."\n".
+'<td><input type=checkbox name="act_'.$cudom.'_'.$cuname.'_aa" /></td>
+<td>'.$lt{'caa'}.'</td>
+<td>'.$cudom.'_'.$cuname.'</td>
+<td><input type="hidden" name="start_'.$cudom.'_'.$cuname.'_aa" value="" />
+<a href=
+"javascript:pjump('."'date_start','Start Date Assistant Co-Author',document.cu.start_$cudom\_$cuname\_aa.value,'start_$cudom\_$cuname\_aa','cu.pres','dateset'".')">'.$lt{'ssd'}.'</a></td>
+<td><input type="hidden" name="end_'.$cudom.'_'.$cuname.'_aa" value="" />
+<a href=
+"javascript:pjump('."'date_end','End Date Assistant Co-Author',document.cu.end_$cudom\_$cuname\_aa.value,'end_$cudom\_$cuname\_aa','cu.pres','dateset'".')">'.$lt{'sed'}.'</a></td>'."\n".
+             &Apache::loncommon::end_data_table_row()."\n".
+             &Apache::loncommon::end_data_table());
+    } elsif ($env{'request.role'} =~ /^au\./) {
+        if (!(&Apache::lonuserutils::authorpriv($env{'user.name'},
+                                                $env{'request.role.domain'}))) {
+            $r->print('<span class="LC_error">'.
+                      &mt('You do not have privileges to assign co-author roles.').
+                      '</span>');
+        } elsif (($env{'user.name'} eq $ccuname) &&
+             ($env{'user.domain'} eq $ccdomain)) {
+            $r->print(&mt('Assigning yourself a co-author or assistant co-author role in your own author area in Construction Space is not permitted'));
+        }
+    }
+    return $addrolesdisplay;;
+}
+
+sub new_domain_roles {
+    my ($r) = @_;
+    my $addrolesdisplay = 0;
+    #
+    # Domain level
+    #
+    my $num_domain_level = 0;
+    my $domaintext =
+    '<h4>'.&mt('Domain Level').'</h4>'.
+    &Apache::loncommon::start_data_table().
+    &Apache::loncommon::start_data_table_header_row().
+    '<th>'.&mt('Activate').'</th><th>'.&mt('Role').'</th><th>'.
+    &mt('Extent').'</th>'.
+    '<th>'.&mt('Start').'</th><th>'.&mt('End').'</th>'.
+    &Apache::loncommon::end_data_table_header_row();
+    foreach my $thisdomain (sort(&Apache::lonnet::all_domains())) {
+        foreach my $role ('dc','li','dg','au','sc') {
+            if (&Apache::lonnet::allowed('c'.$role,$thisdomain)) {
+               my $plrole=&Apache::lonnet::plaintext($role);
+               my %lt=&Apache::lonlocal::texthash(
+                    'ssd'  => "Set Start Date",
+                    'sed'  => "Set End Date"
+                                       );
+               $num_domain_level ++;
+               $domaintext .=
+&Apache::loncommon::start_data_table_row().
+'<td><input type=checkbox name="act_'.$thisdomain.'_'.$role.'" /></td>
+<td>'.$plrole.'</td>
+<td>'.$thisdomain.'</td>
+<td><input type="hidden" name="start_'.$thisdomain.'_'.$role.'" value="" />
+<a href=
+"javascript:pjump('."'date_start','Start Date $plrole',document.cu.start_$thisdomain\_$role.value,'start_$thisdomain\_$role','cu.pres','dateset'".')">'.$lt{'ssd'}.'</a></td>
+<td><input type="hidden" name="end_'.$thisdomain.'_'.$role.'" value="" />
+<a href=
+"javascript:pjump('."'date_end','End Date $plrole',document.cu.end_$thisdomain\_$role.value,'end_$thisdomain\_$role','cu.pres','dateset'".')">'.$lt{'sed'}.'</a></td>'.
+&Apache::loncommon::end_data_table_row();
+            }
+        }
+    }
+    $domaintext.= &Apache::loncommon::end_data_table();
+    if ($num_domain_level > 0) {
+        $r->print($domaintext);
+        $addrolesdisplay = 1;
+    }
+    return $addrolesdisplay;
+}
+
 sub user_authentication {
     my ($ccuname,$ccdomain,$krbdefdom,$abv_auth) = @_;
     my $currentauth=&Apache::lonnet::queryauthenticate($ccuname,$ccdomain);
@@ -1376,15 +1397,17 @@ sub modify_login_block {
 
 sub personal_data_display {
     my ($ccuname,$ccdomain,$newuser,$context,$inst_results) = @_;
-    my ($output,$showforceid,%userenv,%domconfig);
+    my ($output,$showforceid,%userenv,%canmodify);
+    my @userinfo = ('firstname','middlename','lastname','generation',
+                    'permanentemail','id');
     if (!$newuser) {
         # Get the users information
         %userenv = &Apache::lonnet::get('environment',
                    ['firstname','middlename','lastname','generation',
                     'permanentemail','id'],$ccdomain,$ccuname);
-        %domconfig =
-            &Apache::lonnet::get_dom('configuration',['usermodification'],
-                                     $ccdomain);
+        %canmodify =
+            &Apache::lonuserutils::can_modify_userinfo($context,$ccdomain,
+                                                       \@userinfo);
     }
     my %lt=&Apache::lonlocal::texthash(
                 'pd'             => "Personal Data",
@@ -1396,8 +1419,6 @@ sub personal_data_display {
                 'id'             => "ID/Student Number",
                 'lg'             => "Login Data"
     );
-    my @userinfo = ('firstname','middlename','lastname','generation',
-                    'permanentemail','id');
     my %textboxsize = (
                        firstname      => '15',
                        middlename     => '15',
@@ -1426,33 +1447,14 @@ sub personal_data_display {
                 $output .= '<input type="text" name="c'.$item.'" size="'.$textboxsize{$item}.'" value="" />';
             }
         } else {
-            my $canmodify = 0;
-            if (&Apache::lonnet::allowed('mau',$ccdomain)) {
-                $canmodify = 1;
-            } else {
-                if (ref($domconfig{'usermodification'}) eq 'HASH') {
-                    if (ref($domconfig{'usermodification'}{$context}) eq 'HASH') {
-                        foreach my $key (keys(%{$domconfig{'usermodification'}{$context}})) {
-                            if (ref($domconfig{'usermodification'}{$context}{$key}) eq 'HASH') {
-                                if ($domconfig{'usermodification'}{$context}{$key}{$item}) { 
-                                    $canmodify = 1;
-                                    last;
-                                }
-                            }
-                        }
-                    }
-                } elsif ($context eq 'course') {
-                    $canmodify = 1;
-                }
-            }
-            if ($canmodify) {
+            if ($canmodify{$item}) {
                 $output .= '<input type="text" name="c'.$item.'" size="'.$textboxsize{$item}.'" value="'.$userenv{$item}.'" />';
             } else {
                 $output .= $userenv{$item};
             }
             if ($item eq 'id') {
-                $showforceid = $canmodify; 
-            } 
+                $showforceid = $canmodify{$item};
+            }
         }
         $output .= &Apache::lonhtmlcommon::row_closure(1);
     }
@@ -1474,7 +1476,9 @@ sub update_user_data {
     my $end       = '</span><br /><br />';
     my $rtnlink   = '<a href="javascript:backPage(document.userupdate,'.
                     "'$env{'form.prevphase'}','modify')".'" />'.
-                    &mt('Return to previous page').'</a>'.&Apache::loncommon::end_page();
+                    &mt('Return to previous page').'</a>'.
+                    &Apache::loncommon::end_page();
+    my $now = time;
     my $title;
     if (exists($env{'form.makeuser'})) {
 	$title='Set Privileges for New User';
@@ -1499,14 +1503,12 @@ sub update_user_data {
     }
     &Apache::lonhtmlcommon::add_breadcrumb
        ({href=>"javascript:backPage(document.userupdate,'$env{'form.prevphase'}','modify')",
-         text=>"Set user role",
+         text=>$breadcrumb_text{'modify'},
          faq=>282,bug=>'Instructor Interface',},
         {href=>"/adm/createuser",
          text=>"Result",
          faq=>282,bug=>'Instructor Interface',});
     $r->print(&Apache::lonhtmlcommon::breadcrumbs('User Management'));
-
-    my %disallowed;
     $r->print(&update_result_form($uhome));
     # Check Inputs
     if (! $env{'form.ccuname'} ) {
@@ -1531,6 +1533,9 @@ sub update_user_data {
 		  $end.$rtnlink);
 	return;
     }
+    if ($uhome eq 'no_host') {
+        $newuser = 1;
+    }
     if (! exists($env{'form.makeuser'})) {
         # Modifying an existing user, so check the validity of the name
         if ($uhome eq 'no_host') {
@@ -1568,7 +1573,6 @@ sub update_user_data {
 	    return;
     }
 
-
     $r->print('<h3>'.&mt('User [_1] in domain [_2]',
 			 $env{'form.ccuname'}, $env{'form.ccdomain'}).'</h3>');
     my (%alerts,%rulematch,%inst_results,%curr_rules);
@@ -1595,7 +1599,7 @@ sub update_user_data {
         my %checkhash;
         my %checks = ('id' => 1);
         %{$checkhash{$env{'form.ccuname'}.':'.$env{'form.ccdomain'}}} = (
-            'newuser' => 1, 
+            'newuser' => $newuser, 
             'id' => $env{'form.cid'},
         );
         if ($env{'form.cid'} ne '') {
@@ -1629,10 +1633,10 @@ sub update_user_data {
              $env{'form.cgeneration'},undef,$desiredhost,
              $env{'form.cpermanentemail'});
 	$r->print(&mt('Generating user').': '.$result);
-        my $home = &Apache::lonnet::homeserver($env{'form.ccuname'},
+        $uhome = &Apache::lonnet::homeserver($env{'form.ccuname'},
                                                $env{'form.ccdomain'});
-        $r->print('<br />'.&mt('Home server').': '.$home.' '.
-                  &Apache::lonnet::hostname($home));
+        $r->print('<br />'.&mt('Home server').': '.$uhome.' '.
+                  &Apache::lonnet::hostname($uhome));
     } elsif (($env{'form.login'} ne 'nochange') &&
              ($env{'form.login'} ne ''        )) {
 	# Modify user privileges
@@ -1676,22 +1680,12 @@ sub update_user_data {
         my @statuses = ('active','future');
         my %roles = &Apache::lonnet::get_my_roles($env{'form.ccuname'},$env{'form.ccdomain'},'userroles',\@statuses,undef,$env{'request.role.domain'});
         my ($auname,$audom);
-        if ($context eq 'course') {
-            $cnum = $env{'course.'.$env{'request.course.id'}.'.num'};
-            $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'};
-            if ($cnum eq '' || $cdom eq '') {
-                my $cid = $env{'request.course.id'};
-                my %coursehash =
-                     &Apache::lonnet::coursedescription($cid,{'one_time' => 1});
-                $cdom = $coursehash{'domain'};
-                $cnum = $coursehash{'num'};
-            } 
-        } elsif ($context eq 'author') {
+        if ($context eq 'author') {
             $auname = $env{'user.name'};
             $audom = $env{'user.domain'};     
         }
         foreach my $item (keys(%roles)) {
-            my ($rolenum,$roledom,$role) = split(/:/,$item);
+            my ($rolenum,$roledom,$role) = split(/:/,$item,-1);
             if ($context eq 'course') {
                 if ($cnum ne '' && $cdom ne '') {
                     if ($rolenum eq $cnum && $roledom eq $cdom) {
@@ -1708,27 +1702,33 @@ sub update_user_data {
                 }
             }
         }
-        # Check for course or co-author roles being activated or re-enabled
-        if ($context eq 'author' || $context eq 'course') {
-            foreach my $key (keys(%env)) {
-                if ($context eq 'author') {
-                    if ($key=~/^form\.act_\Q$audom\E_\Q$auname\E_([^_]+)/) {
-                        if (!grep(/^\Q$1\E$/,@userroles)) {
-                            push(@userroles,$1);
-                        }
-                    } elsif ($key =~/^form\.ren\:\Q$audom\E\/\Q$auname\E_([^_]+)/) {
-                        if (!grep(/^\Q$1\E$/,@userroles)) {
-                            push(@userroles,$1);
-                        }
-                    }
-                } elsif ($context eq 'course') {
-                    if ($key=~/^form\.act_\Q$cdom\E_\Q$cnum\E_([^_]+)/) {
-                        if (!grep(/^\Q$1\E$/,@userroles)) {
-                            push(@userroles,$1);
+        if ($env{'form.action'} eq 'singlestudent') {
+            if (!grep(/^st$/,@userroles)) {
+                push(@userroles,'st');
+            }
+        } else {
+            # Check for course or co-author roles being activated or re-enabled
+            if ($context eq 'author' || $context eq 'course') {
+                foreach my $key (keys(%env)) {
+                    if ($context eq 'author') {
+                        if ($key=~/^form\.act_\Q$audom\E_\Q$auname\E_([^_]+)/) {
+                            if (!grep(/^\Q$1\E$/,@userroles)) {
+                                push(@userroles,$1);
+                            }
+                        } elsif ($key =~/^form\.ren\:\Q$audom\E\/\Q$auname\E_([^_]+)/) {
+                            if (!grep(/^\Q$1\E$/,@userroles)) {
+                                push(@userroles,$1);
+                            }
                         }
-                    } elsif ($key =~/^form\.ren\:\Q$cdom\E\/\Q$cnum\E(\/?\w*)_([^_]+)/) {
-                        if (!grep(/^\Q$1\E$/,@userroles)) {
-                            push(@userroles,$1);
+                    } elsif ($context eq 'course') {
+                        if ($key=~/^form\.act_\Q$cdom\E_\Q$cnum\E_([^_]+)/) {
+                            if (!grep(/^\Q$1\E$/,@userroles)) {
+                                push(@userroles,$1);
+                            }
+                        } elsif ($key =~/^form\.ren\:\Q$cdom\E\/\Q$cnum\E(\/?\w*)_([^_]+)/) {
+                            if (!grep(/^\Q$1\E$/,@userroles)) {
+                                push(@userroles,$1);
+                            }
                         }
                     }
                 }
@@ -1743,33 +1743,12 @@ sub update_user_data {
                 push(@longroles,&Apache::lonnet::plaintext($role)); 
             }
         }
-        foreach my $item ('firstname','middlename','lastname','generation','permanentemail','id') {
-            my $canmodify = 0;
-            if (&Apache::lonnet::allowed('mau',$env{'form.ccdomain'})) {
-                $canmodify = 1;
-            } else {
-                if ($context eq 'course' || $context eq 'author') {
-                    if (ref($domconfig{'usermodification'}) eq 'HASH') {
-                        if (ref($domconfig{'usermodification'}{$context}) eq 'HASH') {
-                            foreach my $role (@userroles) {
-                                if (ref($domconfig{'usermodification'}{$context}{$role}) eq 'HASH') {
-                                    if ($domconfig{'usermodification'}{$context}{$role}{$item}) {
-                                        $canmodify = 1;
-                                        last;
-                                    }
-                                }
-                            }
-                        }
-                    }
-                } elsif ($context eq 'course') {
-                    if (grep(/^st$/,@userroles)) {
-                        $canmodify = 1;
-                    }
-                }
-            }
+        my @userinfo = ('firstname','middlename','lastname','generation','permanentemail','id');
+        my %canmodify = &Apache::lonuserutils::can_modify_userinfo($context,$env{'form.ccdomain'},\@userinfo,\@userroles);
+        foreach my $item (@userinfo) {
             # Strip leading and trailing whitespace
             $env{'form.c'.$item} =~ s/(\s+$|^\s+)//g;
-            if (!$canmodify) {
+            if (!$canmodify{$item}) {
                 if (defined($env{'form.c'.$item})) {
                     if ($env{'form.c'.$item} ne $userenv{$item}) {
                         push(@mod_disallowed,$item);
@@ -1781,7 +1760,6 @@ sub update_user_data {
         # Check to see if we can change the ID/student number
         my $forceid = $env{'form.forceid'};
         my $recurseid = $env{'form.recurseid'};
-        my $newuser = 0;
         my (%alerts,%rulematch,%idinst_results,%curr_rules,%got_rules);
         my %uidhash = &Apache::lonnet::idrget($env{'form.ccdomain'},
                                             $env{'form.ccuname'});
@@ -1813,6 +1791,10 @@ sub update_user_data {
             $newdefquotatext);
         my ($defquota,$settingstatus) = 
             &Apache::loncommon::default_quota($env{'form.ccdomain'},$inststatus);
+        my $showquota;
+        if (&Apache::lonnet::allowed('mpq',$env{'form.ccdomain'})) {
+            $showquota = 1;
+        }
         my %changeHash;
         $changeHash{'portfolioquota'} = $userenv{'portfolioquota'};
         if ($userenv{'portfolioquota'} ne '') {
@@ -1883,6 +1865,13 @@ sub update_user_data {
                         $changeHash{'firstname'},$changeHash{'middlename'},
                         $changeHash{'lastname'},$changeHash{'generation'},
                         $changeHash{'id'},undef,$changeHash{'permanentemail'});
+                %userupdate = (
+                               lastname   => $env{'form.clastname'},
+                               middlename => $env{'form.cmiddlename'},
+                               firstname  => $env{'form.cfirstname'},
+                               generation => $env{'form.cgeneration'},
+                               id         => $env{'form.cid'},
+                             );
             }
             if (($namechanged && $namechgresult eq 'ok') || 
                 ($quotachanged && $quotachgresult eq 'ok')) {
@@ -1910,8 +1899,11 @@ sub update_user_data {
     <th>$lt{'gen'}</th>
     <th>$lt{'id'}</th>
     <th>$lt{'mail'}</th>
-    <th>$lt{'disk'}</th>
 END
+                if ($showquota) {
+                    $r->print("
+    <th>$lt{'disk'}</th>\n");
+                }
                 $r->print(&Apache::loncommon::end_data_table_header_row().
                           &Apache::loncommon::start_data_table_row());
                 $r->print(<<"END");
@@ -1922,8 +1914,11 @@ END
     <td>$userenv{'generation'} </td>
     <td>$userenv{'id'}</td>
     <td>$userenv{'permanentemail'} </td>
-    <td>$oldportfolioquota Mb $olddefquotatext </td>
 END
+                if ($showquota) {
+                    $r->print("
+    <td>$oldportfolioquota Mb $olddefquotatext </td>\n");
+                }
                 $r->print(&Apache::loncommon::end_data_table_row().
                           &Apache::loncommon::start_data_table_row());
                 $r->print(<<"END");
@@ -1934,8 +1929,11 @@ END
     <td>$env{'form.cgeneration'} </td>
     <td>$env{'form.cid'} </td>
     <td>$env{'form.cpermanentemail'} </td>
-    <td>$newportfolioquota Mb $newdefquotatext </td>
 END
+                if ($showquota) {
+                    $r->print("
+    <td>$newportfolioquota Mb $newdefquotatext </td>\n");
+                }
                 $r->print(&Apache::loncommon::end_data_table_row().
                           &Apache::loncommon::end_data_table().'<br />');
                 if ($env{'form.cid'} ne $userenv{'id'}) {
@@ -1943,13 +1941,6 @@ END
                          ($env{'form.ccuname'} => $env{'form.cid'}));
                     if (($recurseid) &&
                         (&Apache::lonnet::allowed('mau',$env{'form.ccdomain'}))) {
-                        %userupdate = (
-                                  lastname   => $env{'form.clasaname'},
-                                  middlename => $env{'form.cmiddlename'},
-                                  firstname  => $env{'form.cfirstname'},
-                                  generation => $env{'fora.cgeneration'},
-                                  id         => $env{'form.cid'},
-                             );
                         my $idresult = 
                             &Apache::lonuserutils::propagate_id_change(
                                 $env{'form.ccuname'},$env{'form.ccdomain'},
@@ -1985,8 +1976,11 @@ END
                 $r->print('<br />['.$lt{'mail'}.': '.
                           $userenv{'permanentemail'}.']');
             }
-            $r->print('<br />['.$lt{'disk'}.': '.$oldportfolioquota.' Mb '. 
-                 $olddefquotatext.']</h4>');
+            if ($showquota) {
+                $r->print('<br />['.$lt{'disk'}.': '.$oldportfolioquota.' Mb '. 
+                          $olddefquotatext.']');
+            }
+            $r->print('</h4>');
         }
         if (@mod_disallowed) {
             my ($rolestr,$contextname);
@@ -2017,9 +2011,31 @@ END
         $r->print($no_forceid_alert.
                   &Apache::lonuserutils::print_namespacing_alerts($env{'form.ccdomain'},\%alerts, \%curr_rules));
     }
-    ##
+    if ($env{'form.action'} eq 'singlestudent') {
+        &enroll_single_student($r,$uhome,$amode,$genpwd,$now,$newuser);
+    } else {
+        my $rolechanges = &update_roles($r);
+        if (!$rolechanges && $namechanged) {
+            if ($context eq 'course') {
+                if (@userroles > 0) {
+                    if (grep(/^st$/,@userroles)) {
+                        my $classlistupdated =
+                            &Apache::lonuserutils::update_classlist($cdom,
+                                              $cnum,$env{'form.ccdomain'},
+                                       $env{'form.ccuname'},\%userupdate);
+                    }
+                }
+            }
+        }
+    }
+    $r->print(&Apache::loncommon::end_page());
+}
+
+sub update_roles {
+    my ($r) = @_;
     my $now=time;
     my $rolechanges = 0;
+    my %disallowed;
     $r->print('<h3>'.&mt('Modifying Roles').'</h3>');
     foreach my $key (keys (%env)) {
 	next if (! $env{$key});
@@ -2092,7 +2108,7 @@ END
                 if ($role eq 'st') {
                     if ($url =~ m-^/($match_domain)/($match_courseid)/?(\w*)$-) {
                         my $result = &Apache::loncommon::commit_studentrole(\$logmsg,$udom,$uname,$url,$role,$now,0,$1,$2,$3);
-                        if (($result =~ /^error/) || ($result eq 'not_in_class') || ($result eq 'unknown_course')) {
+                        if (($result =~ /^error/) || ($result eq 'not_in_class') || ($result eq 'unknown_course') || ($result eq 'refused')) {
                             $output = "Error: $result\n";
                         } else {
                             $output = &mt('Assigning').' '.$role.' in '.$url.
@@ -2240,7 +2256,50 @@ END
     if (!$rolechanges) {
         $r->print(&mt('No roles to modify'));
     }
-    $r->print(&Apache::loncommon::end_page());
+    return $rolechanges;
+}
+
+sub enroll_single_student {
+    my ($r,$uhome,$amode,$genpwd,$now,$newuser) = @_;
+    $r->print('<h3>'.&mt('Enrolling Student').'</h3>');
+
+    # Remove non alphanumeric values from section
+    $env{'form.sections'}=~s/\W//g;
+
+    # Clean out any old student roles the user has in this class.
+    &Apache::lonuserutils::modifystudent($env{'form.ccdomain'},
+         $env{'form.ccuname'},$env{'request.course.id'},undef,$uhome);
+    my ($startdate,$enddate) = &Apache::lonuserutils::get_dates_from_form();
+    my $enroll_result =
+        &Apache::lonnet::modify_student_enrollment($env{'form.ccdomain'},
+            $env{'form.ccuname'},$env{'form.cid'},$env{'form.cfirstname'},
+            $env{'form.cmiddlename'},$env{'form.clastname'},
+            $env{'form.generation'},$env{'form.sections'},$enddate,
+            $startdate,'manual',undef,$env{'request.course.id'});
+    if ($enroll_result =~ /^ok/) {
+        $r->print(&mt('<b>[_1]</b> enrolled',$env{'form.ccuname'}.':'.$env{'form.ccdomain'}));
+        if ($env{'form.sections'} ne '') {
+            $r->print(' '.&mt('in section [_1]',$env{'form.sections'}));
+        }
+        my ($showstart,$showend);
+        if ($startdate <= $now) {
+            $showstart = &mt('Access starts immediately');
+        } else {
+            $showstart = &mt('Access starts: ').&Apache::lonlocal::locallocaltime($startdate);
+        }
+        if ($enddate == 0) {
+            $showend = &mt('ends: no ending date');
+        } else {
+            $showend = &mt('ends: ').&Apache::lonlocal::locallocaltime($enddate);
+        }
+        $r->print('.<br />'.$showstart.'; '.$showend);
+        if ($startdate <= $now && !$newuser) {
+            $r->print("<p> ".&mt('If the student is currently logged-in to LON-CAPA, the new role will be available when the student next logs in.')."</p>");
+        }
+    } else {
+        $r->print(&mt('unable to enroll').": ".$enroll_result);
+    }
+    return;
 }
 
 sub get_defaultquota_text {
@@ -2280,7 +2339,7 @@ sub update_result_form {
     }
     $outcome .= '<input type="hidden" name="phase" value="" />'."\n".
                 '<input type ="hidden" name="currstate" value="" />'."\n".
-                '<input type ="hidden" name="action" value="singleuser" />'."\n".
+                '<input type ="hidden" name="action" value="'.$env{'form.action'}.'" />'."\n".
                 '</form>';
     return $outcome;
 }
@@ -2671,10 +2730,11 @@ sub handler {
         if (! exists($env{'form.state'})) {
             &Apache::lonuserutils::print_first_users_upload_form($r,$context);
         } elsif ($env{'form.state'} eq 'got_file') {
-            &Apache::lonuserutils::print_upload_manager_form($r,$context);
+            &Apache::lonuserutils::print_upload_manager_form($r,$context,
+                                                             $permission);
         } elsif ($env{'form.state'} eq 'enrolling') {
             if ($env{'form.datatoken'}) {
-                &Apache::lonuserutils::upfile_drop_add($r,$context);
+                &Apache::lonuserutils::upfile_drop_add($r,$context,$permission);
             }
         } else {
             &Apache::lonuserutils::print_first_users_upload_form($r,$context);
@@ -2696,16 +2756,18 @@ sub handler {
                 my $response;
                 if ($env{'form.srchterm'} !~ /^$match_username$/) {
                     my $response = &mt('You must specify a valid username. Only the following are allowed: letters numbers - . @');
+                    $env{'form.phase'} = '';
                     &print_username_entry_form($r,$context,$response,$srch);
                 } else {
                     my $ccuname =&LONCAPA::clean_username($srch->{'srchterm'});
                     my $ccdomain=&LONCAPA::clean_domain($srch->{'srchdomain'});
                     &print_user_modification_page($r,$ccuname,$ccdomain,
-                                                  $srch,$response,$context);
+                                                  $srch,$response,$context,
+                                                  $permission);
                 }
             } elsif ($env{'form.phase'} eq 'get_user_info') {
                 my ($currstate,$response,$forcenewuser,$results) = 
-                    &user_search_result($srch);
+                    &user_search_result($context,$srch);
                 if ($env{'form.currstate'} eq 'modify') {
                     $currstate = $env{'form.currstate'};
                 }
@@ -2734,7 +2796,8 @@ sub handler {
                         $response = '';
                     }
                     &print_user_modification_page($r,$ccuname,$ccdomain,
-                                                  $srch,$response,$context);
+                                                  $srch,$response,$context,
+                                                  $permission);
                 } elsif ($currstate eq 'query') {
                     &print_user_query_page($r,'createuser');
                 } else {
@@ -2745,7 +2808,7 @@ sub handler {
                 my $ccuname = &LONCAPA::clean_username($env{'form.seluname'});
                 my $ccdomain = &LONCAPA::clean_domain($env{'form.seludom'});
                 &print_user_modification_page($r,$ccuname,$ccdomain,$srch,'',
-                                              $context);
+                                              $context,$permission);
             }
         } elsif ($env{'form.phase'} eq 'update_user_data') {
             &update_user_data($r,$context);
@@ -2762,15 +2825,22 @@ sub handler {
              ($permission->{'view'} || $permission->{'cusr'})) {
         if ($env{'form.phase'} eq 'bulkchange') {
             &Apache::lonhtmlcommon::add_breadcrumb
-                ({href=>'backPage(document.studentform)',
-                  text=>"List Users"});
+                ({href=>'/adm/createuser?action=listusers',
+                  text=>"List Users"},
+                {href=>"/adm/createuser",
+                  text=>"Result"});
             my $setting = $env{'form.roletype'};
             my $choice = $env{'form.bulkaction'};
             $r->print(&header());
-            $r->print(&Apache::lonhtmlcommon::breadcrumbs("List Users",
+            $r->print(&Apache::lonhtmlcommon::breadcrumbs("Update Users",
                                                           'User_Management_List'));
             if ($permission->{'cusr'}) {
                 &Apache::lonuserutils::update_user_list($r,$context,$setting,$choice);
+                $r->print('<p><a href="/adm/createuser?action=listusers">'.&mt('Display User Lists').'</a>');
+                $r->print(&Apache::loncommon::end_page());
+            } else {
+                $r->print(&mt('You are not authorized to make bulk changes to user roles'));
+                $r->print(&Apache::loncommon::end_page());
             }
         } else {
             &Apache::lonhtmlcommon::add_breadcrumb
@@ -2823,7 +2893,8 @@ sub handler {
     } elsif ($env{'form.action'} eq 'dateselect') {
         if ($permission->{'cusr'}) {
             $r->print(&header(undef,undef,{'no_nav_bar' => 1}).
-                      &Apache::lonuserutils::date_section_selector($context).
+                      &Apache::lonuserutils::date_section_selector($context,
+                                                                   $permission).
                       &Apache::loncommon::end_page());
         } else {
             $r->print(&header().
@@ -2877,17 +2948,17 @@ sub print_main_menu {
     my %links = (
                        domain => {
                                    upload => 'Upload a File of Users',
-                                   singleuser => 'Add/Manage a Single User',
+                                   singleuser => 'Add/Modify a Single User',
                                    listusers => 'Manage Multiple Users',
                                  },
                        author => {
                                    upload => 'Upload a File of Co-authors',
-                                   singleuser => 'Add/Manage a Single Co-author',
+                                   singleuser => 'Add/Modify a Single Co-author',
                                    listusers => 'Display Co-authors and Manage Multiple Users',
                                  },
                        course => {
                                    upload => 'Upload a File of Course Users',
-                                   singleuser => 'Add/Manage a Single Course User',
+                                   singleuser => 'Add/Modify a Single Course User',
                                    listusers => 'Display Class Lists and Manage Multiple Users',
                                  },
                      );
@@ -2981,7 +3052,7 @@ sub restore_prev_selections {
 
 #-------------------------------------------------- functions for &phase_two
 sub user_search_result {
-    my ($srch) = @_;
+    my ($context,$srch) = @_;
     my %allhomes;
     my %inst_matches;
     my %srch_results;
@@ -3050,14 +3121,14 @@ sub user_search_result {
                         my $uhome=&Apache::lonnet::homeserver($srch->{'srchterm'},$srch->{'srchdomain'});
                         if ($uhome eq 'no_host') {
                             ($currstate,$response,$forcenewuser) =
-                                &build_search_response($srch,%srch_results);
+                                &build_search_response($context,$srch,%srch_results);
                         } else {
                             $currstate = 'modify';
                         }
                     } else {
                         %srch_results = &Apache::lonnet::usersearch($srch);
                         ($currstate,$response,$forcenewuser) =
-                            &build_search_response($srch,%srch_results);
+                            &build_search_response($context,$srch,%srch_results);
                     }
                 } else {
                     my $courseusers = &get_courseusers();
@@ -3066,7 +3137,7 @@ sub user_search_result {
                             $currstate = 'modify';
                         } else {
                             ($currstate,$response,$forcenewuser) =
-                                &build_search_response($srch,%srch_results);
+                                &build_search_response($context,$srch,%srch_results);
                         }
                     } else {
                         foreach my $user (keys(%$courseusers)) {
@@ -3093,7 +3164,7 @@ sub user_search_result {
                             }
                         }
                         ($currstate,$response,$forcenewuser) =
-                            &build_search_response($srch,%srch_results);
+                            &build_search_response($context,$srch,%srch_results);
                     }
                 }
             }
@@ -3103,7 +3174,7 @@ sub user_search_result {
             ($dirsrchres,%srch_results) = &Apache::lonnet::inst_directory_query($srch);
             if ($dirsrchres eq 'ok') {
                 ($currstate,$response,$forcenewuser) = 
-                    &build_search_response($srch,%srch_results);
+                    &build_search_response($context,$srch,%srch_results);
             } else {
                 my $showdom = &display_domain_info($srch->{'srchdomain'});
                 $response = '<span class="LC_warning">'.
@@ -3117,7 +3188,7 @@ sub user_search_result {
         if ($srch->{'srchin'} eq 'dom') {
             %srch_results = &Apache::lonnet::usersearch($srch);
             ($currstate,$response,$forcenewuser) = 
-                &build_search_response($srch,%srch_results); 
+                &build_search_response($context,$srch,%srch_results); 
         } elsif ($srch->{'srchin'} eq 'crs') {
             my $courseusers = &get_courseusers(); 
             foreach my $user (keys(%$courseusers)) {
@@ -3169,14 +3240,14 @@ sub user_search_result {
                 }
             }
             ($currstate,$response,$forcenewuser) = 
-                &build_search_response($srch,%srch_results); 
+                &build_search_response($context,$srch,%srch_results); 
         } elsif ($srch->{'srchin'} eq 'alc') {
             $currstate = 'query';
         } elsif ($srch->{'srchin'} eq 'instd') {
             ($dirsrchres,%srch_results) = &Apache::lonnet::inst_directory_query($srch); 
             if ($dirsrchres eq 'ok') {
                 ($currstate,$response,$forcenewuser) = 
-                    &build_search_response($srch,%srch_results);
+                    &build_search_response($context,$srch,%srch_results);
             } else {
                 my $showdom = &display_domain_info($srch->{'srchdomain'});                $response = '<span class="LC_warning">'.
                     &mt('Institutional directory search is not available in domain: [_1]',$showdom).
@@ -3282,7 +3353,7 @@ sub get_courseusers {
 }
 
 sub build_search_response {
-    my ($srch,%srch_results) = @_;
+    my ($context,$srch,%srch_results) = @_;
     my ($currstate,$response,$forcenewuser);
     my %names = (
           'uname' => 'username',
@@ -3341,8 +3412,15 @@ sub build_search_response {
                 }
             }
             if (!($srch->{'srchby'} eq 'uname' && $srch->{'srchin'} eq 'dom' && $srch->{'srchtype'} eq 'exact' && $srch->{'srchdomain'} eq $env{'request.role.domain'})) {
-                my $showdom = &display_domain_info($env{'request.role.domain'}); 
+                my $cancreate =
+                    &Apache::lonuserutils::can_create_user($env{'request.role.domain'},$context);
+                if ($cancreate) {
+                    my $showdom = &display_domain_info($env{'request.role.domain'}); 
                 $response .= '<br /><br />'.&mt("<b>To add a new user</b> (you can only create new users in your current role's domain - <span class=\"LC_cusr_emph\">[_1]</span>):",$env{'request.role.domain'}).'<ul><li>'.&mt("Set 'Domain/institution to search' to: <span class=\"LC_cusr_emph\">[_1]</span>",$showdom).'<li>'.&mt("Set 'Search criteria' to: <span class=\"LC_cusr_emph\">'username is ...... in selected LON-CAPA domain'").'</span></li><li>'.&mt('Provide the proposed username').'</li><li>'.&mt('Search').'</li></ul><br />';
+                } else {
+                    my $helplink = ' href="javascript:helpMenu('."'display'".')"';
+                    $response .= '<br /><br />'.&mt("You are not authorized to create new users in your current role's domain - <span class=\"LC_cusr_emph\">[_1]</span>.",$env{'request.role.domain'}).'<br />'.&mt('Contact the <a[_1]>helpdesk</a> if you need to create a new user.',$helplink).'<br /><br />';
+                }
             }
         }
     }
@@ -3444,83 +3522,24 @@ sub course_level_table {
         }
         my @roles = &Apache::lonuserutils::roles_by_context('course');
 	foreach my $role (@roles) {
+            my $plrole=&Apache::lonnet::plaintext($role);
 	    if (&Apache::lonnet::allowed('c'.$role,$thiscourse)) {
-		my $plrole=&Apache::lonnet::plaintext($role);
-		$table .= &Apache::loncommon::start_data_table_row().
-'<td><input type="checkbox" name="act_'.$protectedcourse.'_'.$role.'" /></td>
-<td>'.$plrole.'</td>
-<td>'.$area.'<br />Domain: '.$domain.'</td>'."\n";
-	        if ($role ne 'cc') {
-                    if (%sections_count) {
-                        my $currsec = 
-                            &Apache::lonuserutils::course_sections(\%sections_count,
-                                                        $protectedcourse.'_'.$role);
-                        $table .= 
-                    '<td><table class="LC_createuser">'.
-                     '<tr class="LC_section_row">
-                        <td valign="top">'.$lt{'exs'}.'<br />'.
-                        $currsec.'</td>'.
-                     '<td>&nbsp;&nbsp;</td>'.
-                     '<td valign="top">&nbsp;'.$lt{'new'}.'<br />'.
-                     '<input type="text" name="newsec_'.$protectedcourse.'_'.$role.'" value="" />'.
-                     '<input type="hidden" '.
-                     'name="sec_'.$protectedcourse.'_'.$role.'" /></td>'.
-                     '</tr></table></td>';
-                    } else {
-                        $table .= '<td><input type="text" size="10" '.
-                     'name="sec_'.$protectedcourse.'_'.$role.'" /></td>';
-                    }
-                } else { 
-		    $table .= '<td>&nbsp</td>';
+                $table .= &course_level_row($protectedcourse,$role,$area,$domain,
+                                            $plrole,\%sections_count,\%lt);    
+            } elsif ($env{'request.course.sec'} ne '') {
+                if (&Apache::lonnet::allowed('c'.$role,$thiscourse.'/'.
+                                             $env{'request.course.sec'})) {
+                    $table .= &course_level_row($protectedcourse,$role,$area,$domain,
+                                                $plrole,\%sections_count,\%lt);
                 }
-		$table .= <<ENDTIMEENTRY;
-<td><input type="hidden" name="start_$protectedcourse\_$role" value='' />
-<a href=
-"javascript:pjump('date_start','Start Date $plrole',document.cu.start_$protectedcourse\_$role.value,'start_$protectedcourse\_$role','cu.pres','dateset')">$lt{'ssd'}</a></td>
-<td><input type="hidden" name="end_$protectedcourse\_$role" value='' />
-<a href=
-"javascript:pjump('date_end','End Date $plrole',document.cu.end_$protectedcourse\_$role.value,'end_$protectedcourse\_$role','cu.pres','dateset')">$lt{'sed'}</a></td>
-ENDTIMEENTRY
-                $table.= &Apache::loncommon::end_data_table_row();
             }
         }
-        foreach my $cust (sort keys %customroles) {
-	    if (&Apache::lonnet::allowed('ccr',$thiscourse)) {
-		my $plrole=$cust;
-                my $customrole=$protectedcourse.'_cr_cr_'.$env{'user.domain'}.
-		    '_'.$env{'user.name'}.'_'.$plrole;
-		$table .= &Apache::loncommon::start_data_table_row().
-'<td><input type="checkbox" name="act_'.$customrole.'" /></td>
-<td>'.$plrole.'</td>
-<td>'.$area.'</td>'."\n";
-                if (%sections_count) {
-                    my $currsec = 
-                        &Apache::lonuserutils::course_sections(\%sections_count,
-                                                               $customrole);
-                    $table.=
-                   '<td><table class="LC_createuser">'.
-                   '<tr class="LC_section_row"><td valign="top">'.
-                   $lt{'exs'}.'<br />'.$currsec.'</td>'.
-                   '<td>&nbsp;&nbsp;</td>'.
-                   '<td valign="top">&nbsp;'.$lt{'new'}.'<br />'.
-                   '<input type="text" name="newsec_'.$customrole.'" value="" /></td>'.
-                   '<input type="hidden" '.
-                   'name="sec_'.$customrole.'" /></td>'.
-                   '</tr></table></td>';
-                } else {
-                    $table .= '<td><input type="text" size="10" '.
-                     'name="sec_'.$customrole.'" /></td>';
-                }
-                $table .= <<ENDENTRY;
-<td><input type="hidden" name="start_$customrole" value='' />
-<a href=
-"javascript:pjump('date_start','Start Date $plrole',document.cu.start_$customrole.value,'start_$customrole','cu.pres','dateset')">$lt{'ssd'}</a></td>
-<td><input type="hidden" name="end_$customrole" value='' />
-<a href=
-"javascript:pjump('date_end','End Date $plrole',document.cu.end_$customrole.value,'end_$customrole','cu.pres','dateset')">$lt{'sed'}</a></td>
-ENDENTRY
-               $table .= &Apache::loncommon::end_data_table_row();
-           }
+        if (&Apache::lonnet::allowed('ccr',$thiscourse)) {
+            foreach my $cust (sort keys %customroles) {
+                my $role = 'cr_cr_'.$env{'user.domain'}.'_'.$env{'user.name'}.'_'.$cust;
+                $table .= &course_level_row($protectedcourse,$role,$area,$domain,
+                                            $cust,\%sections_count,\%lt);
+            }
 	}
     }
     return '' if ($table eq ''); # return nothing if there is nothing 
@@ -3540,6 +3559,52 @@ $table.
     return $result;
 }
 
+sub course_level_row {
+    my ($protectedcourse,$role,$area,$domain,$plrole,$sections_count,$lt) = @_;
+    my $table = &Apache::loncommon::start_data_table_row().
+                ' <td><input type="checkbox" name="act_'.
+                $protectedcourse.'_'.$role.'" /></td>'."\n".
+                ' <td>'.$plrole.'</td>'."\n".
+                '<td>'.$area.'<br />Domain: '.$domain.'</td>'."\n";
+    if ($role eq 'cc') {
+        $table .= '<td>&nbsp</td>';
+    } elsif ($env{'request.course.sec'} ne '') {
+        $table .= ' <td><input type="hidden" value="'.
+                  $env{'request.course.sec'}.'" '.
+                  'name="sec_'.$protectedcourse.'_'.$role.'" />'.
+                  $env{'request.course.sec'}.'</td>';
+    } else {
+        if (ref($sections_count) eq 'HASH') {
+            my $currsec = 
+                &Apache::lonuserutils::course_sections($sections_count,
+                                                       $protectedcourse.'_'.$role);
+            $table .= '<td><table class="LC_createuser">'.
+                      '<tr class="LC_section_row">
+                        <td valign="top">'.$lt->{'exs'}.'<br />'.
+                        $currsec.'</td>
+                        <td>&nbsp;&nbsp;</td>
+                        <td valign="top">&nbsp;'.$lt->{'new'}.'<br />'.
+                     '<input type="text" name="newsec_'.$protectedcourse.'_'.$role.
+                     '" value="" />'.
+                     '<input type="hidden" '.
+                     'name="sec_'.$protectedcourse.'_'.$role.'" /></td>'."\n".
+                     '</tr></table></td>';
+        } else {
+            $table .= '<td><input type="text" size="10" '.
+                      'name="sec_'.$protectedcourse.'_'.$role.'" /></td>';
+        }
+    }
+    $table .= <<ENDTIMEENTRY;
+<td><input type="hidden" name="start_$protectedcourse\_$role" value='' />
+<a href=
+"javascript:pjump('date_start','Start Date $plrole',document.cu.start_$protectedcourse\_$role.value,'start_$protectedcourse\_$role','cu.pres','dateset')">$lt->{'ssd'}</a></td>
+<td><input type="hidden" name="end_$protectedcourse\_$role" value='' />
+<a href=
+"javascript:pjump('date_end','End Date $plrole',document.cu.end_$protectedcourse\_$role.value,'end_$protectedcourse\_$role','cu.pres','dateset')">$lt->{'sed'}</a></td>
+ENDTIMEENTRY
+    $table.= &Apache::loncommon::end_data_table_row();
+}
+
 sub course_level_dc {
     my ($dcdom) = @_;
     my %customroles=&Apache::lonuserutils::my_custom_roles();
@@ -3586,6 +3651,7 @@ sub course_level_dc {
                      '<td>&nbsp;&nbsp;</td>'.
                      '<td valign="top">&nbsp;<b>'.$lt{'new'}.'</b><br />'.
                      '<input type="text" name="newsec" value="" />'.
+                     '<input type="hidden" name="sections" value="" />'.
                      '<input type="hidden" name="groups" value="" /></td>'.
                      '</tr></table></td>';
     $otheritems .= <<ENDTIMEENTRY;