--- loncom/interface/loncreateuser.pm	2002/08/22 21:05:25	1.41
+++ loncom/interface/loncreateuser.pm	2003/02/03 18:03:52	1.47
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Create a user
 #
-# $Id: loncreateuser.pm,v 1.41 2002/08/22 21:05:25 albertel Exp $
+# $Id: loncreateuser.pm,v 1.47 2003/02/03 18:03:52 harris41 Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -44,10 +44,9 @@
 # 2/14,2/17,2/19,2/20,2/21,2/22,2/23,3/2,3/17,3/24,04/12 Gerd Kortemeyer
 # April Guy Albertelli
 # 05/10,10/16 Gerd Kortemeyer 
-# 11/12,11/13,11/15 Scott Harrison
 # 02/11/02 Matthew Hall
 #
-# $Id: loncreateuser.pm,v 1.41 2002/08/22 21:05:25 albertel Exp $
+# $Id: loncreateuser.pm,v 1.47 2003/02/03 18:03:52 harris41 Exp $
 ###
 
 package Apache::loncreateuser;
@@ -80,28 +79,48 @@ BEGIN {
     $authformloc  = &Apache::loncommon::authform_local(%param);
 }
 
+
+
+# ==================================================== Figure out author access
+
+sub authorpriv {
+    my ($auname,$audom)=@_;
+    if (($auname ne $ENV{'user.name'}) ||
+        (($audom ne $ENV{'user.domain'}) &&
+         ($audom ne $ENV{'request.role.domain'}))) { return ''; }
+    unless (&Apache::lonnet::allowed('cca',$audom)) { return ''; }
+    return 1;
+}
+
 # =================================================================== Phase one
 
-sub phase_one {
+sub print_username_entry_form {
     my $r=shift;
-    my $defdom=$ENV{'user.domain'};
+    my $defdom=$ENV{'request.role.domain'};
     my @domains = &Apache::loncommon::get_domains();
     my $domform = &Apache::loncommon::select_dom_form($defdom,'ccdomain');
     my $bodytag =&Apache::loncommon::bodytag(
                                   'Create Users, Change User Privileges');
+    my $selscript=&Apache::loncommon::studentbrowser_javascript();
+    my $sellink=&Apache::loncommon::selectstudent_link
+                                        ('crtuser','ccuname','ccdomain');
     $r->print(<<"ENDDOCUMENT");
 <html>
 <head>
 <title>The LearningOnline Network with CAPA</title>
+$selscript
 </head>
 $bodytag
-<form action=/adm/createuser method=post>
-<input type=hidden name=phase value=two>
+<form action="/adm/createuser" method="post" name="crtuser">
+<input type="hidden" name="phase" value="get_user_info">
 <p>
-Username: <input type=text size=15 name=ccuname><br>
-Domain: $domform 
+<table>
+<tr><td>Username:</td><td><input type="text" size="15" name="ccuname">
+</td><td rowspan="2">$sellink</td></tr><tr><td>
+Domain:</td><td>$domform</td></tr>
+</table> 
 </p>
-<input type=submit value="Continue">
+<input type="submit" value="Continue">
 </form>
 </body>
 </html>
@@ -109,7 +128,7 @@ ENDDOCUMENT
 }
 
 # =================================================================== Phase two
-sub phase_two {
+sub print_user_modification_page {
     my $r=shift;
     my $ccuname=$ENV{'form.ccuname'};
     my $ccdomain=$ENV{'form.ccdomain'};
@@ -122,7 +141,7 @@ sub phase_two {
                   );
     $loginscript  = &Apache::loncommon::authform_header(%param);
 
-    my $defdom=$ENV{'user.domain'};
+    my $defdom=$ENV{'request.role.domain'};
 
     $ccuname=~s/\W//g;
     $ccdomain=~s/\W//g;
@@ -160,7 +179,7 @@ ENDDOCHEAD
                                      'Create Users, Change User Privileges'));
     my $forminfo =<<"ENDFORMINFO";
 <form action="/adm/createuser" method="post" name="cu">
-<input type="hidden" name="phase"       value="three">
+<input type="hidden" name="phase"       value="update_user_data">
 <input type="hidden" name="ccuname"     value="$ccuname">
 <input type="hidden" name="ccdomain"    value="$ccdomain">
 <input type="hidden" name="pres_value"  value="" >
@@ -294,18 +313,12 @@ END
                        }
                    }
                }
-               # I have no idea what the hell the above code does
-               # So the following is a check:
-               if ($allowed) {
-                   # If we are looking at a co-author role, make sure it is 
-                   # for the current users construction space before we let 
-                   # them revoke it.
-                   if (($role_code eq 'ca') && 
-                       ($ENV{'request.role'} !~ /^dc/)) {
-                       if ($area !~ 
-                           /^\/$ENV{'user.domain'}\/$ENV{'user.name'}/) {
-                           $allowed = 0;
-                       }
+               if ($role_code eq 'ca') {
+                   $area=~/\/(\w+)\/(\w+)/;
+		   if (&authorpriv($2,$1)) {
+		       $allowed=1;
+                   } else {
+                       $allowed=0;
                    }
                }
                my $row = '';
@@ -331,7 +344,7 @@ END
 	my $currentauth=&Apache::lonnet::queryauthenticate($ccuname,$ccdomain);
 	if ($currentauth=~/^krb(4|5):/) {
 	    $currentauth=~/^krb(4|5):(.*)/;
-	    my $krbdefdom2=$1;
+	    my $krbdefdom=$1;
             my %param = ( formname => 'document.cu',
                           kerb_def_dom => $krbdefdom 
                           );
@@ -343,7 +356,7 @@ END
 		$currentauth=~/^internal:/ or
 		$currentauth=~/^localauth:/
 		) { # bad authentication scheme
-	    if (&Apache::lonnet::allowed('mau',$ENV{'user.domain'})) {
+	    if (&Apache::lonnet::allowed('mau',$ENV{'request.role.domain'})) {
 		$r->print(<<ENDBADAUTH);
 <hr />
 <script type="text/javascript" language="Javascript">
@@ -406,7 +419,7 @@ ENDBADAUTH
 <td bgcolor='#cbbcbb'>Changing this value will overwrite existing authentication for the user; you should notify the user of this change.</td></tr>
 </table>
 ENDCURRENTAUTH
-            if (&Apache::lonnet::allowed('mau',$ENV{'user.domain'})) {
+            if (&Apache::lonnet::allowed('mau',$ENV{'request.role.domain'})) {
 		# Current user has login modification privileges
 		$r->print(<<ENDOTHERAUTHS);
 <hr />
@@ -427,10 +440,11 @@ ENDOTHERAUTHS
 #
 # Co-Author
 # 
-
-    if (&Apache::lonnet::allowed('cca',$ENV{'user.domain'})) {
+    if (&authorpriv($ENV{'user.name'},$ENV{'request.role.domain'}) &&
+        ($ENV{'user.name'} ne $ccuname || $ENV{'user.domain'} ne $ccdomain)) {
+        # No sense in assigning co-author role to yourself
 	my $cuname=$ENV{'user.name'};
-        my $cudom=$ENV{'user.domain'};
+        my $cudom=$ENV{'request.role.domain'};
        $r->print(<<ENDCOAUTH);
 <h4>Construction Space</h4>
 <table border=2><tr><th>Activate</th><th>Role</th><th>Extent</th>
@@ -486,7 +500,7 @@ ENDDROW
 }
 
 # ================================================================= Phase Three
-sub phase_three {
+sub update_user_data {
     my $r=shift;
     my $uhome=&Apache::lonnet::homeserver($ENV{'form.ccuname'},
                                           $ENV{'form.ccdomain'});
@@ -783,17 +797,17 @@ sub handler {
         (&Apache::lonnet::allowed('cin',$ENV{'request.course.id'})) || 
         (&Apache::lonnet::allowed('ccr',$ENV{'request.course.id'})) || 
         (&Apache::lonnet::allowed('cep',$ENV{'request.course.id'})) ||
-        (&Apache::lonnet::allowed('cca',$ENV{'user.domain'})) ||
-        (&Apache::lonnet::allowed('mau',$ENV{'user.domain'}))) {
+        (&Apache::lonnet::allowed('cca',$ENV{'request.role.domain'})) ||
+        (&Apache::lonnet::allowed('mau',$ENV{'request.role.domain'}))) {
        $r->content_type('text/html');
        $r->send_http_header;
        unless ($ENV{'form.phase'}) {
-	   &phase_one($r);
+	   &print_username_entry_form($r);
        }
-       if ($ENV{'form.phase'} eq 'two') {
-           &phase_two($r);
-       } elsif ($ENV{'form.phase'} eq 'three') {
-           &phase_three($r);
+       if ($ENV{'form.phase'} eq 'get_user_info') {
+           &print_user_modification_page($r);
+       } elsif ($ENV{'form.phase'} eq 'update_user_data') {
+           &update_user_data($r);
        }
    } else {
       $ENV{'user.error.msg'}=