--- loncom/interface/lonmenu.pm	2010/03/03 21:33:15	1.315
+++ loncom/interface/lonmenu.pm	2011/11/30 18:34:25	1.315.2.15
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Routines to control the menu
 #
-# $Id: lonmenu.pm,v 1.315 2010/03/03 21:33:15 droeschl Exp $
+# $Id: lonmenu.pm,v 1.315.2.15 2011/11/30 18:34:25 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -205,10 +205,10 @@ sub prep_menuitem {
     } else {             # textual Link
         $link = &mt($$menuitem[3]);
     }
-    if($$menuitem[4] eq 'newmsg'){   #special style for New Messages
-        return '<li><a href="'.$$menuitem[0].'"><span class="LC_new_message">'.$link.'</span></a></li>';
-    }
-    return '<li><a href="'.$$menuitem[0].'">'.$link.'</a></li>';
+    return '<li><a'
+           # highlighting for new messages
+           . ( $$menuitem[4] eq 'newmsg' ? ' class="LC_new_message"' : '')
+           . qq| href="$$menuitem[0]" target="_top">$link</a></li>|;
 }
 
 # primary_menu() evaluates @primary_menu and returns XHTML for the menu
@@ -220,6 +220,11 @@ sub primary_menu {
     my $menu;
     # each element of @primary contains following array:
     # (link url, icon path, alt text, link text, condition)
+    my $public;
+    if ((($env{'user.name'} eq 'public') && ($env{'user.domain'} eq 'public'))
+        || (($env{'user.name'} eq '') && ($env{'user.domain'} eq ''))) {
+        $public = 1;
+    }
     foreach my $menuitem (@primary_menu) {
         # evaluate conditions 
         next if    ref($menuitem)       ne 'ARRAY';    #
@@ -227,39 +232,76 @@ sub primary_menu {
                 && &Apache::lonmsg::mynewmail();       # whether a new msg 
         next if    $$menuitem[4]        eq 'newmsg'    # arrived or not
                 && !&Apache::lonmsg::mynewmail();      # 
-        next if    $$menuitem[4]        !~ /public/    ##we've a public user, 
-                && $env{'user.name'}    eq 'public'    ##who should not see all 
-                && $env{'user.domain'}  eq 'public';   ##links
-        next if    $$menuitem[4]        eq 'onlypublic'# hide links which are 
-                && $env{'user.name'}    ne 'public'    # only visible to public
-                && $env{'user.domain'}  ne 'public';   # users
+        next if    $$menuitem[4]        !~ /public/    ##we've a public user,
+                && $public;                            ##who should not see all
+                                                       ##links
+        next if    $$menuitem[4]        eq 'onlypublic'# hide links which are
+                && !$public;                           # only visible to public
+                                                       # users
         next if    $$menuitem[4]        eq 'roles'     ##show links depending on
-                && &Apache::loncommon::show_course();  ##term 'Courses' or 
+                && &Apache::loncommon::show_course();  ##term 'Courses' or
         next if    $$menuitem[4]        eq 'courses'   ##'Roles' wanted
                 && !&Apache::loncommon::show_course(); ##
-        
-            
+
+
         if ($$menuitem[3] eq 'Help') { # special treatment for helplink
-            $menu .= '<li>'.&Apache::loncommon::top_nav_help('Help').'</li>';
+            if ($public) {
+                my $origmail = $Apache::lonnet::perlvar{'lonSupportEMail'};
+                my $defdom = &Apache::lonnet::default_login_domain();
+                my $to = &Apache::loncommon::build_recipient_list(undef,
+                                                                  'helpdeskmail',
+                                                                  $defdom,$origmail);
+                if ($to ne '') {
+                    $menu .= &prep_menuitem($menuitem);
+                }
+            } else {
+                $menu .= '<li>'.&Apache::loncommon::top_nav_help('Help').'</li>';
+            }
         } else {
-            my @items = @{$menuitem};
-            $items[0] = 'javascript:'.$menuitem->[0].';';
-            $menu .= &prep_menuitem(\@items);
+            $menu .= &prep_menuitem($menuitem);
         }
     }
 
     return "<ol class=\"LC_primary_menu LC_right\">$menu</ol>";
 }
 
+#returns hashref {user=>'',dom=>''} containing:
+#   own name, domain if user is au
+#   name, domain of parent author if user is ca or aa
+#empty return if user is not an author or not on homeserver
+#
+#TODO this should probably be moved somewhere more central
+#since it can be used by different parts of the system
+sub getauthor{
+    return unless $env{'request.role'}=~/^(ca|aa|au)/; #nothing to do if user isn't some kind of author
+
+                        #co- or assistent author?
+    my ($dom, $user) = ($env{'request.role'} =~ /^(?:ca|aa)\.\/($match_domain)\/($match_username)$/)
+                       ? ($1, $2) #domain, username of the parent author
+                       : @env{ ('request.role.domain', 'user.name') }; #own domain, username
+
+    # current server == home server?
+    my $home =  &Apache::lonnet::homeserver($user,$dom);
+    foreach (&Apache::lonnet::current_machine_ids()){
+        return {user => $user, dom => $dom} if $_ eq $home;
+    }
+
+    # if wrong server
+    return;
+}
+
 
 sub secondary_menu {
     my $menu;
 
     my $crstype = &Apache::loncommon::course_type();
-    my $canedit = &Apache::lonnet::allowed('mdc', $env{'request.course.id'});
-    my $canviewgrps = &Apache::lonnet::allowed('vcg', $env{'request.course.id'}
-                   . ($env{'request.course.sec'} ? "/$env{'request.course.sec'}"
-                                                 : '')); 
+    my $crs_sec = $env{'request.course.id'} . ($env{'request.course.sec'}
+                                               ? "/$env{'request.course.sec'}"
+                                               : '');
+    my $canedit       = &Apache::lonnet::allowed('mdc', $env{'request.course.id'});
+    my $canviewgrps   = &Apache::lonnet::allowed('vcg', $crs_sec);
+    my $author        = getauthor();
+
     my $showlink = &show_return_link();
     my %groups = &Apache::lonnet::get_active_groups(
                      $env{'user.domain'}, $env{'user.name'},
@@ -269,6 +311,7 @@ sub secondary_menu {
         # evaluate conditions 
         next if    ref($menuitem)  ne 'ARRAY';
         next if    $$menuitem[4]   ne 'always'
+                && $$menuitem[4]   ne 'author'
                 && !$env{'request.course.id'};
         next if    $$menuitem[4]   eq 'showreturn'
                 && !$showlink
@@ -290,6 +333,8 @@ sub secondary_menu {
         next if    $$menuitem[4]   =~ /showgroups$/
                 && !$canviewgrps
                 && !%groups;
+        next if    $$menuitem[4]    eq 'author'
+                && !$author;
 
         if ($$menuitem[3] eq 'Roles' && $env{'request.course.id'}) {
             # special treatment for role selector
@@ -331,11 +376,18 @@ sub secondary_menu {
         $menu =~ s/\[url\]/$escurl/g;
         $menu =~ s/\[symb\]/$escsymb/g;
     }
+    $menu =~ s/\[uname\]/$$author{user}/g;
+    $menu =~ s/\[udom\]/$$author{dom}/g;
 
     return "<ul id=\"LC_secondary_menu\">$menu</ul>";
 }
 
 sub show_return_link {
+    if (($env{'request.noversionuri'} =~ m{^/adm/(viewclasslist|navmaps)($|\?)})
+        || ($env{'request.noversionuri'} =~ m{^/adm/.*/aboutme($|\?)})) {
+
+        return if ($env{'form.register'});
+    }
     return (($env{'request.noversionuri'}=~m{^/(res|public)/} &&
 	     $env{'request.symb'} eq '')
 	    ||
@@ -344,7 +396,7 @@ sub show_return_link {
 	    (($env{'request.noversionuri'}=~/^\/adm\//) &&
 	     ($env{'request.noversionuri'}!~/^\/adm\/wrapper\//) &&
 	     ($env{'request.noversionuri'}!~
-	      m[^/adm/.*/(smppg|bulletinboard|aboutme)($|\?)])
+	      m[^/adm/.*/(smppg|bulletinboard)($|\?)])
 	     ));
 }
 
@@ -401,12 +453,12 @@ sub innerregister {
         $newmail= 'swmenu.setstatus("you have","messages");';
     } 
 
-    my ($breadcrumb,$separator);
+    my ($breadcrumb,$separator,$resurl);
     if ($noremote
 	     && ($env{'request.symb'}) 
 	     && ($env{'request.course.id'})) {
 
-        my ($mapurl,$rid,$resurl) = &Apache::lonnet::decode_symb(&Apache::lonnet::symbread());
+        (my $mapurl, my $rid,$resurl) = &Apache::lonnet::decode_symb(&Apache::lonnet::symbread());
         my $coursetitle = $env{'course.'.$env{'request.course.id'}.'.description'};
 
         my $maptitle = &Apache::lonnet::gettitle($mapurl);
@@ -417,9 +469,16 @@ sub innerregister {
         } else {
             $contentstext = &mt('Course Contents');
         }
-        my @crumbs = ({text  => $contentstext, 
-                       href  => "Javascript:gonav('/adm/navmaps')"});
-
+        my @crumbs;
+        unless (($forcereg) && ($env{'request.noversionuri'} eq '/adm/navmaps')
+                && ($mapurl eq $env{'course.'.$env{'request.course.id'}.'.url'})) {
+            my $navhref = "javascript:gopost('/adm/navmaps','')";
+            if ($env{'environment.remotenavmap'} eq 'on') {
+                 $navhref = "javascript:gonav('/adm/navmaps');";
+            }
+            @crumbs = ({text  => $contentstext,
+                        href  => $navhref});
+        }
         if ($mapurl ne $env{'course.'.$env{'request.course.id'}.'.url'}) { 
             push(@crumbs, {text  => '...',
                            no_mt => 1});
@@ -433,6 +492,7 @@ sub innerregister {
 
         &Apache::lonhtmlcommon::clear_breadcrumbs();
         &Apache::lonhtmlcommon::add_breadcrumb(@crumbs);
+
         #$breadcrumb .= &Apache::lonhtmlcommon::breadcrumbs(undef,undef,0);
 	unless (($env{'request.state'} eq 'edit') || ($newmail) ||
 		($env{'request.state'} eq 'construct') ||
@@ -440,6 +500,11 @@ sub innerregister {
             $separator = &Apache::loncommon::head_subbox();
         }
         #
+    } elsif (!$const_space){
+        #a situation when we're looking at a resource outside of context of a
+        #course or construction space (e.g. with cumulative rights)
+        &Apache::lonhtmlcommon::clear_breadcrumbs();
+        &Apache::lonhtmlcommon::add_breadcrumb({text => 'View Resource'});
     }
     if ($env{'request.state'} eq 'construct') {
         $newmail = $titletable;
@@ -533,6 +598,8 @@ sub innerregister {
             my $cfuname='';
             my $cfudom='';
             my $uploaded;
+            my $switchserver='';
+            my $home;
             if ($env{'request.filename'}) {
                 my $file=&Apache::lonnet::declutter($env{'request.filename'});
                 if (defined($cnum) && defined($cdom)) {
@@ -543,18 +610,20 @@ sub innerregister {
                     # Check that the user has permission to edit this resource
                     ($cfuname,$cfudom)=&Apache::loncacc::constructaccess($file,$1);
                     if (defined($cfudom)) {
-		        my $home=&Apache::lonnet::homeserver($cfuname,$cfudom);
+		        $home=&Apache::lonnet::homeserver($cfuname,$cfudom);
 		        my $allowed=0;
 		        my @ids=&Apache::lonnet::current_machine_ids();
 		        foreach my $id (@ids) { if ($id eq $home) { $allowed=1; } }
 		        if ($allowed) {
                             $cfile=$file;
+                        } else {
+                            $switchserver=$file;
                         }
                     }
                 }
             }
             # Finally, turn the button on or off
-            if ($cfile && !$const_space) {
+            if (($cfile || $switchserver) && !$const_space) {
                 my $nocrsedit;
                 # Suppress display where CC has switched to student role.
                 if ($env{'request.course.id'}) {
@@ -566,9 +635,19 @@ sub innerregister {
                 if ($nocrsedit) {
                     $editbutton=&clear(6,1);
                 } else {
+                    my $bot = "go('$cfile')";
+                    if ($switchserver) {
+                        if ( $env{'request.symb'} && $env{'request.course.id'} ) {
+                            my ($mapurl,$rid,$resurl) = &Apache::lonnet::decode_symb(&Apache::lonnet::symbread());
+                            $cfile = '/adm/switchserver?otherserver='.$home.'&amp;role='.
+                                     &HTML::Entities::encode($env{'request.role'},'"<>&').'&amp;symb='.
+                                     &HTML::Entities::encode($env{'request.symb'},'"<>&');
+                            $bot = "need_switchserver('$cfile');";
+                        }
+                    }
                     $editbutton=&switch
                        ('','',6,1,'pcstr.gif','edit[_1]','resource[_2]',
-                     "go('".$cfile."');","Edit this resource");
+                       $bot,"Edit this resource");
                     $noeditbutton = 0;
                 }
             } elsif ($editbutton eq '') {
@@ -591,6 +670,18 @@ sub innerregister {
                 }
             }
         }
+        if ($env{'request.course.id'}) {
+            if ($resurl eq "public/$cdom/$cnum/syllabus") {
+                if ($env{'course.'.$env{'request.course.id'}.'.externalsyllabus'} =~ /\w/) {
+                    if (&Apache::lonnet::allowed('mdc',$env{'request.course.id'})) {
+                        $editbutton=&switch('','',6,1,'pcstr.png','Edit',
+                                            'resource[_2]',
+                                            "go('/adm/courseprefs?phase=display&actions=courseinfo')",
+                                            'Edit this resource');
+                    }
+                }
+            }
+        }
         ###
         ###
 # Prepare the rest of the buttons
@@ -633,6 +724,18 @@ ENDMENUITEMS
 # We are in a course and looking at a registred URL
 # Should probably be in mydesk.tab
 #
+
+            my %icon_text;
+            if ($noremote) {
+                %icon_text = &Apache::lonlocal::texthash (
+                               annotate => 'Notes',
+                               bookmark => 'Bookmark',
+                               catalog  => 'Info',
+                               evaluate => 'Evaluate',
+                               feedback => 'Communicate',
+                               printout => 'Print',
+                             );
+            }
 	    $menuitems=(<<ENDMENUITEMS);
 c&3&1
 s&2&1&back.gif&backward[_1]&&gopost('/adm/flip','back:'+currentURL)&Go to the previous resource in the course sequence&&1
@@ -640,8 +743,8 @@ s&2&3&forw.gif&forward[_1]&&gopost('/adm
 c&6&3
 c&8&1
 c&8&2
-s&8&3&prt.gif&prepare[_1]&printout[_1]&gopost('/adm/printout',currentURL)&Prepare a printable document
-s&9&1&sbkm.gif&set[_1]&bookmark[_2]&set_bookmark()&Set a bookmark for this resource&&1
+s&8&3&prt.gif&prepare[_1]&printout[_1]&gopost('/adm/printout',currentURL)&Prepare a printable document&&&$icon_text{'printout'}
+s&9&1&sbkm.gif&set[_1]&bookmark[_2]&set_bookmark()&Set a bookmark for this resource&&1&$icon_text{'bookmark'}
 ENDMENUITEMS
 
 my $currentURL = &Apache::loncommon::get_symb();
@@ -654,7 +757,7 @@ if(length($annotation) > 0){
 	$menuitems.="anot.gif";
 }
 $menuitems.="&anno-[_1]&tations[_1]&annotate()&";
-$menuitems.="Make notes and annotations about this resource&&1\n";
+$menuitems.="Make notes and annotations about this resource&&1&$icon_text{'annotate'}\n";
 
             unless ($noremote) { 
                 my $showreqcrs = &check_for_rcrs();
@@ -663,21 +766,26 @@ $menuitems.="Make notes and annotations
                                 "&go('/adm/requestcourse')&Course requests\n";
                 }
             }
-            unless ($env{'request.noversionuri'}=~/\/(bulletinboard|smppg|navmaps|syllabus|aboutme)(\?|$)/) {
+            unless ($env{'request.noversionuri'}=~/\/(bulletinboard|smppg|navmaps|syllabus|aboutme|viewclasslist|portfolio)(\?|$)/) {
 		if ((!$env{'request.enc'}) && ($env{'request.noversionuri'} !~ m{^/adm/wrapper/ext/})) {
+                    my $tail;
+                    unless ($env{'request.state'} eq 'construct') {
+                        $tail = '&&&'.$icon_text{'catalog'};
+                    }
 		    $menuitems.=(<<ENDREALRES);
-s&6&3&catalog.gif&catalog[_2]&info[_1]&catalog_info()&Show Metadata
+s&6&3&catalog.gif&catalog[_2]&info[_1]&catalog_info()&Show Metadata$tail
 ENDREALRES
                 }
 	        $menuitems.=(<<ENDREALRES);
-s&8&1&eval.gif&evaluate[_1]&this[_1]&gopost('/adm/evaluate',currentURL,1)&Provide my evaluation of this resource
-s&8&2&fdbk.gif&feedback[_1]&discuss[_1]&gopost('/adm/feedback',currentURL,1)&Provide feedback messages or contribute to the course discussion about this resource
+s&8&1&eval.gif&evaluate[_1]&this[_1]&gopost('/adm/evaluate',currentURL,1)&Provide my evaluation of this resource&&&$icon_text{'evaluate'}
+s&8&2&fdbk.gif&feedback[_1]&discuss[_1]&gopost('/adm/feedback',currentURL,1)&Provide feedback messages or contribute to the course discussion about this resource&&&$icon_text{'feedback'}
 ENDREALRES
 	    }
         }
 	if ($env{'request.uri'} =~ /^\/res/) {
+            my $icontext = &mt('Print');
 	    $menuitems .= (<<ENDMENUITEMS);
-s&8&3&prt.gif&prepare[_1]&printout[_1]&gopost('/adm/printout',currentURL)&Prepare a printable document
+s&8&3&prt.gif&prepare[_1]&printout[_1]&gopost('/adm/printout',currentURL)&Prepare a printable document&&&$icontext
 ENDMENUITEMS
 	}
         my $buttons='';
@@ -717,15 +825,16 @@ ENDMENUITEMS
             #publish button in construction space
             if ($env{'request.state'} eq 'construct'){
                 Apache::lonhtmlcommon::add_breadcrumb_tool(
-                     'advtools', @inlineremote[63]);
+                     'advtools', $inlineremote[63]);
             }else{
                 Apache::lonhtmlcommon::add_breadcrumb_tool(
-                     'tools', @inlineremote[63]);
+                     'tools', $inlineremote[63]);
             }
-            
 
-            Apache::lonhtmlcommon::add_breadcrumb_tool(
-                'advtools', @inlineremote[61,71,72,73,92]);
+            unless ($env{'request.noversionuri'}=~ m{^/adm/(navmaps|viewclasslist)(\?|$)}) {
+                Apache::lonhtmlcommon::add_breadcrumb_tool(
+                    'advtools', @inlineremote[61,71,72,73,92]);
+            }
         }
 
 #       # Registered, textual output
@@ -1102,7 +1211,7 @@ sub clear {
 # The javascript is usually similar to "go('/adm/roles')" or "cstrgo(..)".
 
 sub switch {
-    my ($uname,$udom,$row,$col,$img,$top,$bot,$act,$desc,$cat,$nobreak)=@_;
+    my ($uname,$udom,$row,$col,$img,$top,$bot,$act,$desc,$cat,$nobreak,$inlinetools)=@_;
     $act=~s/\$uname/$uname/g;
     $act=~s/\$udom/$udom/g;
     $top=&mt($top);
@@ -1112,7 +1221,9 @@ sub switch {
        $img=&mt($img);
     }
     my $idx=10*$row+$col;
-    $category_members{$cat}.=':'.$idx;
+    if ($cat ne '') {
+        $category_members{$cat}.=':'.$idx;
+    }
 
     unless ($env{'environment.remote'} eq 'off') {
        if (($row<1) || ($row>13)) { return ''; }
@@ -1156,9 +1267,13 @@ sub switch {
            if ($env{'environment.icons'} eq 'iconsonly') {
               $inlineremote[$idx]='<a title="'.$desc.'" href="javascript:'.$act.';">'.$pic.'</a>';
            } else {
+              my $icon_text = $desc;
+              if ($inlinetools) {
+                  $icon_text = $inlinetools.'&nbsp;';
+              }
 	      $inlineremote[$idx]=
 		   '<a title="'.$desc.'" class="LC_menubuttons_link" href="javascript:'.$act.';">'.$pic.
-		   '<span class="LC_menubuttons_inline_text">'.$desc.'</span></a>';
+		   '<span class="LC_menubuttons_inline_text">'.$icon_text.'&nbsp;</span></a>';
            }
        }
    }
@@ -1258,6 +1373,13 @@ sub rawconfig {
         my ($row,$col,$pro,$prt,$img,$top,$bot,$act,$desc,$cat)=split(/\:/,$line);
         $prt=~s/\$uname/$uname/g;
         $prt=~s/\$udom/$udom/g;
+        if ($env{'environment.remotenavmap'} eq 'on') {
+             unless ($env{'environment.remote'} eq 'on') {
+                 if ($img eq 'nav.gif') {
+                     $act = "gonav('/adm/navmaps','')";
+                 }
+             }
+        }
         if ($prt =~ /\$crs/) {
             next unless ($env{'request.course.id'});
             next if ($crstype eq 'Community');
@@ -1554,6 +1676,9 @@ sub utilityfunctions {
     my $end_page_bookmark = 
         &Apache::loncommon::end_page({'js_ready' => 1});
 
+    my $confirm_switch = &mt("Editing requires switching to the resource's home server.").'\n'.
+                         &mt('Switch server?');
+
 return (<<ENDUTILITY)
 
     var currentURL="$currenturl";
@@ -1571,10 +1696,13 @@ function go(url) {
    }
 }
 
-function gotop(url) {
+function need_switchserver(url) {
     if (url!='' && url!= null) {
-        top.location.href = url;
+        if (confirm("$confirm_switch")) {
+            go(url);
+        }
     }
+    return;
 }
 
 function gopost(url,postdata) {
@@ -1666,7 +1794,7 @@ function edit_bookmarks() {
    go('');
    w_BookmarkPal_flag=1;
    bookmarkpal=window.open("/adm/bookmarks",
-               "BookmarkPal", "width=400,height=505,scrollbars=0");
+               "BookmarkPal", "width=500,height=505,scrollbars=0");
 }
 
 function annotate() {
@@ -1763,7 +1891,7 @@ sub roles_selector {
     my ($cdom,$cnum) = @_;
     my $crstype = &Apache::loncommon::course_type();
     my $now = time;
-    my (%courseroles,%seccount);
+    my (%courseroles,%seccount,%courseprivs);
     my $is_cc;
     my $role_selector;
     my $ccrole;
@@ -1771,7 +1899,17 @@ sub roles_selector {
         $ccrole = 'co';
     } else {
         $ccrole = 'cc';
-    } 
+    }
+    my $priv;
+    my $destinationurl = $ENV{'REQUEST_URI'};
+    my $reqprivs = &required_privs();
+    if (ref($reqprivs) eq 'HASH') {
+        my $destination = $destinationurl;
+        $destination =~ s/(\?.*)$//;
+        if (exists($reqprivs->{$destination})) {
+            $priv = $reqprivs->{$destination};
+        }
+    }
     if ($env{'user.role.'.$ccrole.'./'.$cdom.'/'.$cnum}) {
         my ($start,$end) = split(/\./,$env{'user.role.'.$ccrole.'./'.$cdom.'/'.$cnum});
         
@@ -1784,7 +1922,7 @@ sub roles_selector {
         }
     }
     if ($is_cc) {
-        &get_all_courseroles($cdom,$cnum,\%courseroles,\%seccount);
+        &get_all_courseroles($cdom,$cnum,\%courseroles,\%seccount,\%courseprivs,$priv);
     } else {
         my %gotnosection;
         foreach my $item (keys(%env)) {
@@ -1800,6 +1938,18 @@ sub roles_selector {
                         $gotnosection{$role} = 1;
                     }
                 }
+                if ($priv ne '') {
+                    my $cnumsec = $cnum;
+                    if ($sec ne '') {
+                        $cnumsec .= "/$sec";
+                    }
+                    $courseprivs{"$role./$cdom/$cnumsec./"} =
+                        $env{"user.priv.$role./$cdom/$cnumsec./"};
+                    $courseprivs{"$role./$cdom/$cnumsec./$cdom/"} =
+                        $env{"user.priv.$role./$cdom/$cnumsec./$cdom/"};
+                    $courseprivs{"$role./$cdom/$cnumsec./$cdom/$cnumsec"} =
+                        $env{"user.priv.$role./$cdom/$cnumsec./$cdom/$cnumsec"};
+                }
                 if (ref($courseroles{$role}) eq 'ARRAY') {
                     if ($sec ne '') {
                         if (!grep(/^\Q$sec\E$/,@{$courseroles{$role}})) {
@@ -1825,7 +1975,7 @@ sub roles_selector {
     }
     my @roles_order = ($ccrole,'in','ta','ep','ad','st');
     if (keys(%courseroles) > 1) {
-        $role_selector = &jump_to_role($cdom,$cnum,\%seccount,\%courseroles);
+        $role_selector = &jump_to_role($cdom,$cnum,\%seccount,\%courseroles,\%courseprivs,$priv);
         $role_selector .= '<form name="rolechooser" method="post" action="/adm/roles">
                           <select name="switchrole" onchange="javascript:adhocRole('."'switchrole'".')">';
         $role_selector .= '<option value="">'.$switchtext.'</option>';
@@ -1841,7 +1991,7 @@ sub roles_selector {
         }
         $role_selector .= '</select>'."\n".
                '<input type="hidden" name="destinationurl" value="'.
-               &HTML::Entities::encode($ENV{'REQUEST_URI'}).'" />'."\n".
+               &HTML::Entities::encode($destinationurl).'" />'."\n".
                '<input type="hidden" name="gotorole" value="1" />'."\n".
                '<input type="hidden" name="selectrole" value="" />'."\n".
                '<input type="hidden" name="switch" value="1" />'."\n".
@@ -1851,18 +2001,21 @@ sub roles_selector {
 }
 
 sub get_all_courseroles {
-    my ($cdom,$cnum,$courseroles,$seccount) = @_;
-    unless ((ref($courseroles) eq 'HASH') && (ref($seccount) eq 'HASH')) {
+    my ($cdom,$cnum,$courseroles,$seccount,$courseprivs) = @_;
+    unless ((ref($courseroles) eq 'HASH') && (ref($seccount) eq 'HASH') &&
+            (ref($courseprivs) eq 'HASH')) {
         return;
     }
     my ($result,$cached) = 
         &Apache::lonnet::is_cached_new('getcourseroles',$cdom.'_'.$cnum);
     if (defined($cached)) {
         if (ref($result) eq 'HASH') {
-            if ((ref($result->{'roles'}) eq 'HASH') && 
-                (ref($result->{'seccount'}) eq 'HASH')) {
+            if ((ref($result->{'roles'}) eq 'HASH') &&
+                (ref($result->{'seccount'}) eq 'HASH') &&
+                (ref($result->{'privs'}) eq 'HASH')) {
                 %{$courseroles} = %{$result->{'roles'}};
                 %{$seccount} = %{$result->{'seccount'}};
+                %{$courseprivs} = %{$result->{'privs'}};
                 return;
             }
         }
@@ -1890,30 +2043,43 @@ sub get_all_courseroles {
                 push(@{$courseroles->{$urole}},$usec);
             }
         }
+        my $area = '/'.$cdom.'/'.$cnum;
+        if ($usec ne '') {
+            $area .= '/'.$usec;
+        }
+        if ($role =~ /^cr\//) {
+            &Apache::lonnet::custom_roleprivs($courseprivs,$urole,$cdom,$cnum,$urole.'.'.$area,$area);
+        } else {
+            &Apache::lonnet::standard_roleprivs($courseprivs,$urole,$cdom,$urole.'.'.$area,$cnum,$area);
+        }
     }
     my %sections_count = &Apache::loncommon::get_sections($cdom,$cnum,['st']);
     @{$courseroles->{'st'}} = ();
+    &Apache::lonnet::standard_roleprivs($courseprivs,'st',$cdom,"st./$cdom/$cnum",$cnum,"/$cdom/$cnum");
     if (keys(%sections_count) > 0) {
         push(@{$courseroles->{'st'}},keys(%sections_count));
-        $seccount->{'st'} = scalar(keys(%sections_count)); 
+        $seccount->{'st'} = scalar(keys(%sections_count));
     }
     my $rolehash = {
                      'roles'    => $courseroles,
                      'seccount' => $seccount,
+                     'privs'    => $courseprivs,
                    };
     &Apache::lonnet::do_cache_new('getcourseroles',$cdom.'_'.$cnum,$rolehash);
     return;
 }
 
 sub jump_to_role {
-    my ($cdom,$cnum,$seccount,$courseroles) = @_;
+    my ($cdom,$cnum,$seccount,$courseroles,$courseprivs,$priv) = @_;
     my %lt = &Apache::lonlocal::texthash(
                 this => 'This role has section(s) associated with it.',
                 ente => 'Enter a specific section.',
                 orlb => 'Enter a specific section, or leave blank for no section.',
                 avai => 'Available sections are:',
                 youe => 'You entered an invalid section choice:',
-                plst => 'Please try again',
+                plst => 'Please try again.',
+                role => 'The role you selected is not permitted to view the current page.',
+                swit => 'Switch role, but display Main Menu page instead?',
     );
     my $js;
     if (ref($courseroles) eq 'HASH') {
@@ -1936,6 +2102,37 @@ sub jump_to_role {
                    '    numsec['.$i.'] = "'.$seccount->{$items[$i]}.'";'."\n";
         }
     }
+    my $checkroles = 0;
+    if ($priv && ref($courseprivs) eq 'HASH') {
+        my (%disallowed,%allowed,@disallow);
+        foreach my $role (sort(keys(%{$courseprivs}))) {
+            my $trole;
+            if ($role =~ m{^(.+?)\Q./$cdom/$cnum\E}) {
+                $trole = $1;
+            }
+            if (($trole ne '') && ($trole ne 'cm')) {
+                if ($courseprivs->{$role} =~ /\Q:$priv\E($|:|\&\w+)/) {
+                    $allowed{$trole} = 1;
+                } else {
+                    $disallowed{$trole} = 1;
+                }
+            }
+        }
+        foreach my $trole (keys(%disallowed)) {
+            unless ($allowed{$trole}) {
+                push(@disallow,$trole);
+            }
+        }
+        if (@disallow > 0) {
+            $checkroles = 1;
+            $js .= "    var disallow = new Array('".join("','",@disallow)."');\n".
+                   "    var rolecheck = 1;\n";
+        }
+    }
+    if (!$checkroles) {
+        $js .=  "    var disallow = new Array();\n".
+                "    rolecheck = 0;\n";
+    }
     return <<"END";
 <script type="text/javascript">
 //<![CDATA[
@@ -1943,7 +2140,7 @@ function adhocRole(roleitem) {
     $js
     var newrole =  document.rolechooser.elements[roleitem].options[document.rolechooser.elements[roleitem].selectedIndex].value;
     if (newrole == '') {
-        return; 
+        return;
     } 
     var fullrole = newrole+'./$cdom/$cnum';
     var selidx = '';
@@ -1952,6 +2149,18 @@ function adhocRole(roleitem) {
             selidx = i;
         }
     }
+    if (rolecheck > 0) {
+        for (var i=0; i<disallow.length; i++) {
+            if (disallow[i] == newrole) {
+                if (confirm("$lt{'role'}\\n$lt{'swit'}")) {
+                    document.rolechooser.destinationurl.value = '/adm/menu';
+                } else {
+                    document.rolechooser.elements[roleitem].selectedIndex = 0;
+                    return;
+                }
+            }
+        }
+    }
     var secok = 1;
     var secchoice = '';
     if (selidx >= 0) {
@@ -1959,7 +2168,7 @@ function adhocRole(roleitem) {
             secok = 0;
             var numrolesec = rolesections[selidx].length;
             var msgidx = numsec[selidx] - numrolesec;
-            secchoice = prompt("$lt{'this'}\\n"+secpick[msgidx]+"\\n$lt{'avai'} "+roleseclist[selidx],"");
+            secchoice = prompt("$lt{'this'} "+secpick[msgidx]+"\\n$lt{'avai'} "+roleseclist[selidx],"");
             if (secchoice == '') {
                 if (msgidx > 0) {
                     secok = 1;
@@ -1989,6 +2198,7 @@ function adhocRole(roleitem) {
         return;
     }
     if (fullrole == "$env{'request.role'}") {
+        document.rolechooser.elements[roleitem].selectedIndex = 0;
         return;
     }
     itemid = retrieveIndex('gotorole');
@@ -2014,6 +2224,22 @@ function retrieveIndex(item) {
 END
 }
 
+sub required_privs {
+    my $privs =  {
+             '/adm/parmset'      => 'opa',
+             '/adm/courseprefs'  => 'opa',
+             '/adm/whatsnew'     => 'whn',
+             '/adm/populate'     => 'cst',
+             '/adm/trackstudent' => 'vsa',
+             '/adm/statistics'   => 'vgr',
+           };
+    unless ($env{'course.'.$env{'request.course.id'}.'.grading'} eq 'spreadsheet') {
+        $privs->{'/adm/classcalc'}   = 'vgr',
+        $privs->{'/adm/assesscalc'}  = 'vgr',
+        $privs->{'/adm/studentcalc'} = 'vgr';
+    }
+    return $privs;
+}
 
 # ================================================================ Main Program