--- loncom/interface/lonmodifycourse.pm	2016/11/10 21:42:19	1.89
+++ loncom/interface/lonmodifycourse.pm	2023/07/29 20:33:25	1.101
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # handler for DC-only modifiable course settings
 #
-# $Id: lonmodifycourse.pm,v 1.89 2016/11/10 21:42:19 raeburn Exp $
+# $Id: lonmodifycourse.pm,v 1.101 2023/07/29 20:33:25 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -39,6 +39,9 @@ use Apache::lonpickcourse;
 use lib '/home/httpd/lib/perl';
 use LONCAPA qw(:DEFAULT :match);
 
+my $registered_cleanup;
+my $modified_dom;
+
 sub get_dc_settable {
     my ($type,$cdom) = @_;
     if ($type eq 'Community') {
@@ -49,6 +52,10 @@ sub get_dc_settable {
         if (&showcredits($cdom)) {
             push(@items,'defaultcredits');
         }
+        my %passwdconf = &Apache::lonnet::get_passwdconf($cdom);
+        if (($passwdconf{'crsownerchg'}) && ($type ne 'Placement')) {
+            push(@items,'nopasswdchg');
+        }
         return @items;
     }
 }
@@ -101,6 +108,7 @@ sub get_enrollment_settings {
         @items = map { 'internal.'.$_; } (@{$internals});
         push(@items,@{$accessdates});
     }
+    push(@items,'internal.nopasswdchg');
     my %settings = &Apache::lonnet::get('environment',\@items,$cdom,$cnum);
     my %enrollvar;
     $enrollvar{'autharg'} = '';
@@ -126,7 +134,7 @@ sub get_enrollment_settings {
             } elsif ($type eq "authtype"
                      || $type eq "autharg"    || $type eq "coursecode"
                      || $type eq "crosslistings" || $type eq "selfenrollmgr"
-                     || $type eq "autodropfailsafe") {
+                     || $type eq "autodropfailsafe" || $type eq 'nopasswdchg') {
                 $enrollvar{$type} = $settings{$item};
             } elsif ($type eq 'defaultcredits') {
                 if (&showcredits($cdom)) {
@@ -203,28 +211,24 @@ sub print_course_search_page {
            $settingsoption = &mt('View or modify course settings which only a [_1] may modify.',$dctitle);
        }
     } elsif (&Apache::lonnet::allowed('rar',$dom)) {
-        my %adhocroles = &Apache::lonnet::userenvironment($env{'user.domain'},$env{'user.name'},
-                                                         'adhocroles.'.$dom);
-        if (keys(%adhocroles)) {
-            my @adhoc = split(',',$adhocroles{'adhocroles.'.$dom});
-            if (@adhoc > 1) {
+        my ($roles_by_num,$description,$accessref,$accessinfo) = &Apache::lonnet::get_all_adhocroles($dom);
+        if ((ref($roles_by_num) eq 'ARRAY') && (ref($description) eq 'HASH')) {
+            if (@{$roles_by_num} > 1) {
                 if ($type eq 'Community') {
-                    $roleoption = &mt('Enter the community with one of the available ad hoc roles: [_1].',
-                                  join(', ',@adhoc));
+                    $roleoption = &mt('Enter the community with one of the available ad hoc roles');
                 } elsif ($type eq 'Placement') {
-                    $roleoption = &mt('Enter the placement test with one of the available ad hoc roles: [_1].',
-                                  join(', ',@adhoc));
+                    $roleoption = &mt('Enter the placement test with one of the available ad hoc roles.');
                 } else {
-                    $roleoption = &mt('Enter the course with one of the available ad hoc roles: [_1].',
-                                  join(', ',@adhoc));
+                    $roleoption = &mt('Enter the course with one of the available ad hoc roles.');
                 }
             } else {
+                my $rolename = $description->{$roles_by_num->[0]};
                 if ($type eq 'Community') {
-                    $roleoption = &mt('Enter the community with the ad hoc role of: [_1]',$adhoc[0]);
+                    $roleoption = &mt('Enter the community with the ad hoc role of: [_1]',$rolename);
                 } elsif ($type eq 'Placement') {
-                    $roleoption = &mt('Enter the placement test with the ad hoc role of: [_1]',$adhoc[0]);
+                    $roleoption = &mt('Enter the placement test with the ad hoc role of: [_1]',$rolename);
                 } else {
-                    $roleoption = &mt('Enter the course with the ad hoc role of: [_1]',$adhoc[0]);
+                    $roleoption = &mt('Enter the course with the ad hoc role of: [_1]',$rolename);
                 }
             }
         }
@@ -245,14 +249,133 @@ sub print_course_search_page {
 }
 
 sub print_course_selection_page {
-    my ($r,$dom,$domdesc) = @_;
+    my ($r,$dom,$domdesc,$permission) = @_;
     my $type = $env{'form.type'};
     if (!defined($type)) {
         $type = 'Course';
     }
     &print_header($r,$type);
 
-# Criteria for course search 
+    if ($permission->{'adhocrole'} eq 'custom') {
+        my %lt = &Apache::lonlocal::texthash(
+            title    => 'Ad hoc role selection',
+            preamble => 'Please choose an ad hoc role in the course.',
+            cancel   => 'Click "OK" to enter the course, or "Cancel" to choose a different course.',
+        );
+        my %jslt = &Apache::lonlocal::texthash (
+            none => 'You are not eligible to use an ad hoc role for the selected course',
+            ok   => 'OK',
+            exit => 'Cancel',
+        );
+        &js_escape(\%jslt);
+        $r->print(<<"END");
+<script type="text/javascript">
+// <![CDATA[
+\$(document).ready(function(){
+    \$( "#LC_adhocrole_chooser" ).dialog({ autoOpen: false });
+});
+
+function gochoose(cname,cdom,cdesc) {
+    document.courselist.pickedcourse.value = cdom+'_'+cname;
+    \$("#LC_choose_adhoc").empty();
+    var pickedaction = \$('input[name=phase]:checked', '#LCcoursepicker').val();
+    if (pickedaction == 'adhocrole') {
+        var http = new XMLHttpRequest();
+        var url = "/adm/pickcourse";
+        var params = "cid="+cdom+"_"+cname+"&context=adhoc";
+        http.open("POST", url, true);
+        http.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
+        http.onreadystatechange = function() {
+            if (http.readyState == 4 && http.status == 200) {
+                var data = \$.parseJSON(http.responseText);
+                var len = data.roles.length;
+                if (len == '' || len == null || len == 0) {
+                    alert('$jslt{none}');
+                } else {
+                    if (len == 1) {
+                        \$( '[name="adhocrole"]' )[0].value = data.roles[0].name;
+                        document.courselist.submit();
+                    } else {
+                        var str = '';
+                        \$("#LC_choose_adhoc").empty();
+                        for (var i=0; i<data.roles.length; i++) {
+                            \$("<label><input type='radio' value='"+data.roles[i].name+"' name='LC_get_role' id='LC_get_role_"+i+"' />"+data.roles[i].desc+"</label><span>&nbsp;&nbsp;</span>")
+                            .appendTo("#LC_choose_adhoc");
+                        }
+                        \$( "#LC_adhocrole_chooser" ).toggle( true );
+                        \$( "#LC_get_role_0").prop("checked", true);
+                        \$( "#LC_adhocrole_chooser" ).dialog({ autoOpen: false });
+                        \$( "#LC_adhocrole_chooser" ).dialog("open");
+                        \$( "#LC_adhocrole_chooser" ).dialog({
+                            height: 400,
+                            width: 500,
+                            modal: true,
+                            resizable: false,
+                            buttons: [
+                                  {
+                                   text: "$jslt{'ok'}",
+                                   click: function() {
+                                            var rolename = \$('input[name=LC_get_role]:checked', '#LChelpdeskpicker').val();
+                                            \$( '[name="adhocrole"]' )[0].value = rolename;
+                                            document.courselist.submit();
+                                        }
+                                  },
+                                  {
+                                   text: "$jslt{'exit'}",
+                                   click: function() {
+                                        \$("#LC_adhocrole_chooser").dialog( "close" );
+                                       }
+                                  }
+                            ],
+                        });
+                        \$( "#LC_adhocrole_chooser" ).find( "form" ).on( "submit", function( event ) {
+                            event.preventDefault();
+                            var rolename = \$('input[name=LC_get_role]:checked', '#LChelpdeskpicker').val()
+                            \$( '[name="adhocrole"]' )[0].value = rolename;
+                            document.courselist.submit();
+                            \$("#LC_adhocrole_chooser").dialog( "close" );
+                        });
+                    }
+                }
+            }
+        }
+        http.send(params);
+    } else {
+        document.courselist.submit();
+    }
+    return;
+}
+// ]]>
+</script>
+
+<div id="LC_adhocrole_chooser" title="$lt{'title'}" style="display:none">
+  <p>$lt{'preamble'}</p>
+  <form name="LChelpdeskadhoc" id="LChelpdeskpicker" action="">
+    <div id="LC_choose_adhoc">
+    </div>
+    <input type="hidden" name="adhocrole" id="LCadhocrole" value="" />
+    <input type="submit" tabindex="-1" style="position:absolute; top:-1000px" />
+  </form>
+  <p>$lt{'cancel'}</p>
+</div>
+END
+    } elsif ($permission->{'adhocrole'} eq 'coord') {
+        $r->print(<<"END");
+<script type="text/javascript">
+// <![CDATA[
+
+function gochoose(cname,cdom,cdesc) {
+    document.courselist.pickedcourse.value = cdom+'_'+cname;
+    document.courselist.submit();
+    return;
+}
+
+// ]]>
+</script>
+END
+    }
+
+# Criteria for course search
     my ($filterlist,$filter) = &get_filters();
     my $action = '/adm/modifycourse';
     my $dctitle = &Apache::lonnet::plaintext('dc');
@@ -307,6 +430,8 @@ sub print_modification_menu {
                       'setanon'       => 'View/Modify responders threshold for anonymous survey submissions display',
                       'selfenroll'    => 'View/Modify Self-Enrollment configuration',
                       'setpostsubmit' => 'View/Modify submit button behavior, post-submission',
+                      'setltiauth'    => 'View/Modify re-authentication requirement for LTI launch of deep-linked item',
+                      'setexttool'    => 'View/Modify External Tools permissions',
                     );
     } else {
         %linktext = (
@@ -314,6 +439,8 @@ sub print_modification_menu {
                       'setanon'       => 'View responders threshold for anonymous survey submissions display',
                       'selfenroll'    => 'View Self-Enrollment configuration',
                       'setpostsubmit' => 'View submit button behavior, post-submission',
+                      'setltiauth'    => 'View re-authentication requirement for LTI launch of deep-linked item',
+                      'setexttool'    => 'View External Tools permissions',
                     );
     }
     if ($type eq 'Community') {
@@ -352,6 +479,8 @@ sub print_modification_menu {
     my $anon_text = &mt('Responder threshold required to display anonymous survey submissions.');
     my $postsubmit_text = &mt('Override defaults for submit button behavior post-submission for this specific course.'); 
     my $mysqltables_text = &mt('Override default for lifetime of "temporary" MySQL tables containing student performance data.');
+    my $ltiauth_text = &mt('Override default for requirement for re-authentication for LTI-limited launch of deep-linked item.');
+    my $exttool_text = &mt('Override default permissions for external tools use for this specific course.');
     $linktext{'viewparms'} = 'Display current settings for automated enrollment';
 
     my %domconf = &Apache::lonnet::get_dom('configuration',['coursecategories'],$dom);
@@ -433,6 +562,22 @@ sub print_modification_menu {
                 permission => $permission->{'setpostsubmit'},
                 linktitle => '',
             },
+            {
+                linktext => $linktext{'setltiauth'},
+                icon => 'system-lock-screen.png',
+                #help => '',
+                url => &phaseurl('setltiauth'),
+                permission => $permission->{'setltiauth'},
+                linktitle => '',
+            },
+            {
+                linktext => $linktext{'setexttool'},
+                icon => 'exttool.png',
+                #help => '',
+                url => &phaseurl('setexttool'),
+                permission => $permission->{'setexttool'},
+                linktitle => '',
+            },
         ]
         },
         );
@@ -463,7 +608,9 @@ sub print_modification_menu {
                   '<li>'.$setquota_text.'</li>'."\n".
                   '<li>'.$setuploadquota_text.'</li>'."\n".
                   '<li>'.$anon_text.'</li>'."\n".
-                  '<li>'.$postsubmit_text.'</li>'."\n";
+                  '<li>'.$postsubmit_text.'</li>'."\n".
+                  '<li>'.$ltiauth_text.'</li>'."\n".
+                  '<li>'.$exttool_text.'</li>'."\n";
     my ($categories_link_start,$categories_link_end);
     if ($permission->{'catsettings'} eq 'edit') {
         $categories_link_start = '<a href="/adm/domainprefs?actions=coursecategories&amp;phase=display">';
@@ -497,29 +644,25 @@ sub print_modification_menu {
 }
 
 sub print_adhocrole_selected {
-    my ($r,$type) = @_;
+    my ($r,$type,$permission) = @_;
     &print_header($r,$type);
     my ($cdom,$cnum) = split(/_/,$env{'form.pickedcourse'});
     my ($newrole,$selectrole);
-    if (&Apache::lonnet::allowed('ccc',$cdom)) {
+    if ($permission->{'adhocrole'} eq 'coord') {
         if ($type eq 'Community') {
             $newrole = "co./$cdom/$cnum";
         } else {
             $newrole = "cc./$cdom/$cnum";
         }
         $selectrole = 1;
-    } elsif (&Apache::lonnet::allowed('rar',$cdom)) {
-        my %adhocroles = &Apache::lonnet::userenvironment($env{'user.domain'},$env{'user.name'},
-                                                         'adhocroles.'.$cdom);
-        if (keys(%adhocroles)) {
-            my $possrole = $env{'form.adhocrole'};
-            if ($possrole ne '') {
-                my @adhoc = split(',',$adhocroles{'adhocroles.'.$cdom});
-                if (grep(/^\Q$possrole\E$/,@adhoc)) {
-                    my $confname = &Apache::lonnet::get_domainconfiguser($cdom);
-                    $newrole = "cr/$cdom/$confname/$possrole./$cdom/$cnum";
-                    $selectrole = 1;
-                }
+    } elsif ($permission->{'adhocrole'} eq 'custom') {
+        my ($okroles,$description) = &Apache::lonnet::get_my_adhocroles($env{'form.pickedcourse'},1);      
+        if (ref($okroles) eq 'ARRAY') {
+            my $possrole = $env{'form.adhocrole'}; 
+            if (($possrole ne '') && (grep(/^\Q$possrole\E$/,@{$okroles}))) {
+                my $confname = &Apache::lonnet::get_domainconfiguser($cdom);
+                $newrole = "cr/$cdom/$confname/$possrole./$cdom/$cnum";
+                $selectrole = 1;
             }
         }
     }
@@ -565,9 +708,34 @@ sub print_settings_display {
                      "<th>$lt{'dcon'}</th>\n".
                      &Apache::loncommon::end_data_table_header_row()."\n";
     foreach my $item (@items) {
+        my $shown = $enrollvar{$item};
+        if ($item eq 'crosslistings') {
+            my (@xlists,@lcsecs);
+            foreach my $entry (split(/,/,$enrollvar{$item})) {
+                my ($xlist,$lc_sec) = split(/:/,$entry);
+                push(@xlists,$xlist);
+                push(@lcsecs,$lc_sec);
+            }
+            if (@xlists) {
+                my $crskey = $cnum.':'.$enrollvar{'coursecode'};
+                my %reformatted =
+                    &Apache::lonnet::auto_instsec_reformat($cdom,'declutter',
+                                                           {$crskey => \@xlists});
+                if (ref($reformatted{$crskey}) eq 'ARRAY') {
+                    my @show;
+                    my @xlcodes = @{$reformatted{$crskey}};
+                    for (my $i=0; $i<@xlcodes; $i++) {
+                        push(@show,$xlcodes[$i].':'.$lcsecs[$i]);
+                    }
+                    if (@show) {
+                        $shown = join(',',@show);
+                    }
+                }
+            }
+        }
         $disp_table .= &Apache::loncommon::start_data_table_row()."\n".
                        "<td><b>$longtype{$item}</b></td>\n".
-                       "<td>$enrollvar{$item}</td>\n";
+                       "<td>$shown</td>\n";
         if (grep(/^\Q$item\E$/,@modifiable_params)) {
             $disp_table .= '<td align="right">'.&mt('Yes').'</td>'."\n";
         } else {
@@ -627,15 +795,20 @@ sub print_setquota {
                                         $cdom,$cnum);
     my $coursequota = $settings{'internal.coursequota'};
     my $uploadquota = $settings{'internal.uploadquota'};
-    if ($coursequota eq '') {
-        $coursequota = $staticdefaults{'coursequota'};
-    }
-    if ($uploadquota eq '') {
+    if (($uploadquota eq '') || ($coursequota eq '')) {
         my %domdefs = &Apache::lonnet::get_domain_defaults($cdom);
         my $quotatype = &Apache::lonuserutils::get_extended_type($cdom,$cnum,$type,\%settings);
-        $uploadquota = $domdefs{$quotatype.'quota'};
         if ($uploadquota eq '') {
-            $uploadquota = $staticdefaults{'uploadquota'};
+            $uploadquota = $domdefs{$quotatype.'quota'};
+            if ($uploadquota eq '') {
+                $uploadquota = $staticdefaults{'uploadquota'};
+            }
+        }
+        if ($coursequota eq '') {
+            $coursequota = $domdefs{$quotatype.'coursequota'};
+            if ($coursequota eq '') {
+                $coursequota = $staticdefaults{'coursequota'};
+            }
         }
     }
     &print_header($r,$type);
@@ -788,15 +961,7 @@ ENDDOCUMENT
 sub domain_postsubtimeout {
     my ($cdom,$type,$settings) = @_;
     return unless (ref($settings) eq 'HASH'); 
-    my $lctype = lc($type);
-    unless (($type eq 'Community') || ($type eq 'Placement')) {
-        $lctype = 'unofficial';
-        if ($settings->{'internal.coursecode'}) {
-            $lctype = 'official';
-        } elsif ($settings->{'internal.textbook'}) {
-            $lctype = 'textbook';
-        }
-    }
+    my $lctype = &get_lctype($type,$settings);
     my %domconfig =
         &Apache::lonnet::get_dom('configuration',['coursedefaults'],$cdom);
     my $postsubtimeout = 60;
@@ -812,6 +977,22 @@ sub domain_postsubtimeout {
     return $postsubtimeout;
 }
 
+sub get_lctype {
+    my ($type,$settings) = @_;
+    my $lctype = lc($type);
+    unless (($type eq 'Community') || ($type eq 'Placement')) {
+        $lctype = 'unofficial';
+        if (ref($settings) eq 'HASH') {
+            if ($settings->{'internal.coursecode'}) {
+                $lctype = 'official';
+            } elsif ($settings->{'internal.textbook'}) {
+                $lctype = 'textbook';
+            }
+        }
+    }
+    return $lctype;
+}
+
 sub print_catsettings {
     my ($r,$cdom,$cnum,$cdesc,$type,$readonly) = @_;
     &print_header($r,$type);
@@ -922,6 +1103,7 @@ sub print_course_modification_page {
     my @specific_managebydc = split(/,/,$settings{'internal.selfenrollmgrdc'});
     my @specific_managebycc = split(/,/,$settings{'internal.selfenrollmgrcc'});
     my %domdefaults = &Apache::lonnet::get_domain_defaults($cdom);
+    my %passwdconf = &Apache::lonnet::get_passwdconf($cdom);
     my @default_managebydc = split(/,/,$domdefaults{$type.'selfenrolladmdc'});
     if ($crstype eq 'Community') {
         $ccrole = 'co';
@@ -996,17 +1178,18 @@ sub print_course_modification_page {
     if ($crstype eq 'Community') {
         $r->print(&Apache::lonhtmlcommon::row_title(
                   &Apache::loncommon::help_open_topic('Modify_Community_Owner').
-                  '&nbsp;'.&mt('Community Owner'))."\n");
+                  '&nbsp;'.&mt('Community Owner'))."\n".
+                  $ownertable."\n".&Apache::lonhtmlcommon::row_closure());
     } else {
         $r->print(&Apache::lonhtmlcommon::row_title(
                       &Apache::loncommon::help_open_topic('Modify_Course_Instcode').
                       '&nbsp;'.&mt('Course Code'))."\n".
-                  '<input type="text" size="15" name="coursecode" value="'.$enrollvar{'coursecode'}.'"'.$disabled.'/>'.
+                  '<input type="text" size="15" name="coursecode" value="'.$enrollvar{'coursecode'}.'"'.$disabled.' />'.
                   &Apache::lonhtmlcommon::row_closure());
         if (($crstype eq 'Course') && (&showcredits($cdom))) {
             $r->print(&Apache::lonhtmlcommon::row_title(
                           &Apache::loncommon::help_open_topic('Modify_Course_Credithours').
-                      '&nbsp;'.&mt('Credits (students)'))."\n".
+                          '&nbsp;'.&mt('Credits (students)'))."\n".
                       '<input type="text" size="3" name="defaultcredits" value="'.$enrollvar{'defaultcredits'}.'"'.$disabled.' />'.
                       &Apache::lonhtmlcommon::row_closure());
         }
@@ -1016,8 +1199,21 @@ sub print_course_modification_page {
                   $authenitems."\n".
                   &Apache::lonhtmlcommon::row_closure().
                   &Apache::lonhtmlcommon::row_title(
-                  &Apache::loncommon::help_open_topic('Modify_Course_Owner').
-                     '&nbsp;'.&mt('Course Owner'))."\n");
+                      &Apache::loncommon::help_open_topic('Modify_Course_Owner').
+                      '&nbsp;'.&mt('Course Owner'))."\n".
+                  $ownertable."\n".&Apache::lonhtmlcommon::row_closure());
+        if (($passwdconf{'crsownerchg'}) && ($type ne 'Placement')) {
+            my $checked;
+            if ($enrollvar{'nopasswdchg'}) {
+                $checked = ' checked="checked"';
+            }
+            $r->print(&Apache::lonhtmlcommon::row_title(
+                         &Apache::loncommon::help_open_topic('Modify_Course_Chgpasswd').
+                         '&nbsp;'.&mt('Changing passwords (internal)'))."\n".
+                         '<label><input type="checkbox" value="1" name="nopasswdchg"'.$checked.$disabled.' />'.
+                         &mt('Disable changing password for users with student role by course owner').'<label>'."\n".
+                         &Apache::lonhtmlcommon::row_closure());
+        }
     }
     my ($cctitle,$rolename,$currmanages,$ccchecked,$dcchecked,$defaultchecked);
     my ($selfenrollrows,$selfenrolltitles) = &Apache::lonuserutils::get_selfenroll_titles();
@@ -1027,8 +1223,7 @@ sub print_course_modification_page {
         $cctitle = &mt('Course personnel');
     }
 
-    $r->print($ownertable."\n".&Apache::lonhtmlcommon::row_closure().
-              &Apache::lonhtmlcommon::row_title(
+    $r->print(&Apache::lonhtmlcommon::row_title(
               &Apache::loncommon::help_open_topic('Modify_Course_Selfenrolladmin').
                   '&nbsp;'.&mt('Self-enrollment configuration')).
               &Apache::loncommon::start_data_table()."\n".
@@ -1103,6 +1298,199 @@ sub print_selfenrollconfig {
     return;
 }
 
+sub print_set_ltiauth {
+    my ($r,$cdom,$cnum,$cdesc,$type,$readonly) = @_;
+    my %lt = &Apache::lonlocal::texthash(
+                'requ' => 'Requirement for re-authentication for student LTI-limited launch of deep-linked item',
+                'link' => 'Link protection can be set to accept username for an enrolled student (if sent by Consumer)',
+                'logi' => 'Login needed, regardless of user information sent by LTI Consumer in (signed) parameters',
+                'used' => 'Use domain default',
+                'cour' => 'Use course-specific setting',
+                'curd' => 'Current domain default is',
+                'valu' => 'Value for this course',
+                'modi' => 'Save',
+                'back' => 'Pick another action',
+    );
+    my ($domdef,$checkeddom,$checkedcrs,$domdefdisplay,$divsty,$authok,$authno);
+    $domdef = 0;
+    $checkeddom = ' checked="checked"';
+    $domdefdisplay = $lt{'logi'}; 
+    $divsty = 'display:none';
+    $authno = ' checked="checked"';
+    my %domconfig =
+        &Apache::lonnet::get_dom('configuration',['coursedefaults'],$cdom);
+    if (ref($domconfig{'coursedefaults'}) eq 'HASH') {
+        $domdef = $domconfig{'coursedefaults'}{'ltiauth'};
+    }
+    if ($domdef) {
+        $domdefdisplay = $lt{'link'};
+    }
+    my %settings = &Apache::lonnet::get('environment',['internal.ltiauth'],$cdom,$cnum);
+    my $ltiauth = $settings{'internal.ltiauth'};
+
+    if ($ltiauth ne '') {
+        $checkedcrs = $checkeddom;
+        $checkeddom = '';
+        $divsty = 'display:inline-block';
+        if ($ltiauth) {
+            $authok = ' checked="checked"';
+        }
+    }
+    &print_header($r,$type);
+    my $hidden_elements = &hidden_form_elements();
+    my ($disabled,$submit);
+    if ($readonly) {
+        $disabled = ' disabled="disabled"';
+    } else {
+        $submit = '<input type="button" onclick="javascript:changePage(this.form,'."'processltiauth'".');" value="'.$lt{'modi'}.'" />';
+    }
+    my $helpitem = &Apache::loncommon::help_open_topic('Modify_Course_LTI_Authen');
+    $r->print(<<ENDDOCUMENT);
+<form action="/adm/modifycourse" method="post" name="setltiauth">
+<h3>$helpitem $lt{'requ'} <span class="LC_nobreak">$cdesc</span></h3>
+<p><span class="LC_nobreak">$lt{'curd'}: <span style="font-style:italic">$domdefdisplay</span></span</p>
+<p><span class="LC_nobreak">
+<label><input type="radio" name="ltiauthset" value="dom" onclick="toggleLTIOptions(this.form);"$checkeddom$disabled />$lt{'used'}</label></span><br />
+<span class="LC_nobreak">
+<label><input type="radio" name="ltiauthset" value="course" onclick="toggleLTIOptions(this.form);"$checkedcrs$disabled />$lt{'cour'}</label></span>
+<fieldset id="crsltiauth" style="$divsty">
+<legend>$lt{'valu'}</legend>
+<span class="LC_nobreak">
+<label><input type="radio" name="ltiauth" value="0"$authno$disabled />$lt{'logi'}</label>
+</span><br />
+<span class="LC_nobreak">
+<label><input type="radio" name="ltiauth" value="1"$authok$disabled />$lt{'link'}</label>
+</span>
+</fieldset>
+$submit
+</p>
+$hidden_elements
+<a href="javascript:changePage(document.setltiauth,'menu')">$lt{'back'}</a>
+</form>
+ENDDOCUMENT
+    return;
+}
+
+sub print_set_exttool {
+    my ($r,$cdom,$cnum,$cdesc,$type,$readonly) = @_;
+    my %titles = &exttool_titles($type);
+    my ($domdef,$domdefdom,$checkeddom,$checkedcrs,$domdefdisplay,$divsty);
+    $domdef = 0;
+    $domdefdom = 1;
+    $checkeddom = ' checked="checked"';
+    $divsty = 'display:none';
+    my %settings = &Apache::lonnet::get('environment',['internal.coursecode',
+                                        'internal.textbook'],$cdom,$cnum);
+    my $lctype = &get_lctype($type,\%settings);
+    my %domconfig =
+        &Apache::lonnet::get_dom('configuration',['coursedefaults'],$cdom);
+    if (ref($domconfig{'coursedefaults'}) eq 'HASH') {
+        if (ref($domconfig{'coursedefaults'}{'exttool'}) eq 'HASH') {
+            if (exists($domconfig{'coursedefaults'}{'exttool'}{$lctype})) {
+                $domdef = $domconfig{'coursedefaults'}{'exttool'}{$lctype};
+            }
+        }
+        if (ref($domconfig{'coursedefaults'}{'domexttool'}) eq 'HASH') {
+            if (exists($domconfig{'coursedefaults'}{'domexttool'}{$lctype})) {
+                $domdefdom = $domconfig{'coursedefaults'}{'domexttool'}{$lctype};
+            }
+        }
+    }
+    if ($domdef && $domdefdom) {
+        $domdefdisplay = $titles{'both'};
+    } elsif ($domdef) {
+        $domdefdisplay = $titles{'crs'};
+    } elsif ($domdefdom) {
+        $domdefdisplay = $titles{'dom'}; 
+    } else {
+        $domdefdisplay = $titles{'none'};
+    }
+    my %settings = &Apache::lonnet::get('environment',['internal.exttool'],$cdom,$cnum);
+    my $crsexttool = $settings{'internal.exttool'};
+    my %crschecked = (
+                         both => ' checked="checked"',
+                         dom  => '',
+                         crs => '',
+                         none => '',
+                     ); 
+    if ($crsexttool ne '') {
+        $checkedcrs = $checkeddom;
+        $checkeddom = '';
+        $divsty = 'display:inline-block';
+        foreach my $option ('both','dom','crs','none') {
+            if ($crsexttool eq $option) {
+                $crschecked{$option} = ' checked="checked"'; 
+            } else {
+                $crschecked{$option} = '';
+            }
+        }
+    }
+    &print_header($r,$type);
+    my $hidden_elements = &hidden_form_elements();
+    my ($disabled,$submit);
+    if ($readonly) {
+        $disabled = ' disabled="disabled"';
+    } else {
+        $submit = '<input type="button" onclick="javascript:changePage(this.form,'."'processexttool'".');" value="'.$titles{'modi'}.'" />';
+    }
+    my $helpitem = &Apache::loncommon::help_open_topic('Modify_Course_External_Tool');
+    $r->print(<<ENDDOCUMENT);
+<form action="/adm/modifycourse" method="post" name="setexttool">
+<h3>$helpitem $titles{'extt'}</h3>
+<h4><span class="LC_nobreak">$type: $cdesc</span></h4>
+<p><span class="LC_nobreak">$titles{'curd'}: <span style="font-style:italic">$domdefdisplay</span></span</p>
+<p><span class="LC_nobreak">
+<label><input type="radio" name="exttoolset" value="dom" onclick="toggleExtToolOptions(this.form);"$checkeddom$disabled />$titles{'used'}</label></span><br />
+<span class="LC_nobreak">
+<label><input type="radio" name="exttoolset" value="course" onclick="toggleExtToolOptions(this.form);"$checkedcrs$disabled />$titles{'cour'}</label></span>
+<fieldset id="crsexttool" style="$divsty">
+<legend>$titles{'valu'}</legend>
+<span class="LC_nobreak">
+<label><input type="radio" name="exttool" value="both"$crschecked{'both'}$disabled />$titles{'both'}</label>
+</span><br />
+<span class="LC_nobreak">
+<label><input type="radio" name="exttool" value="dom"$crschecked{'dom'}$disabled />$titles{'dom'}</label>
+</span><br />
+<span class="LC_nobreak">
+<label><input type="radio" name="exttool" value="crs"$crschecked{'crs'}$disabled />$titles{'crs'}</label>
+</span><br />
+<span class="LC_nobreak">
+<label><input type="radio" name="exttool" value="none"$crschecked{'none'}$disabled />$titles{'none'}</label>
+</span>
+</fieldset><br />
+$submit
+</p>
+$hidden_elements
+<a href="javascript:changePage(document.setexttool,'menu')">$titles{'back'}</a>
+</form>
+ENDDOCUMENT
+    return;
+}
+
+sub exttool_titles {
+    my ($type) = @_;
+    my %titles = &Apache::lonlocal::texthash(
+                'extt' => 'External Tool permissions',
+                'none' => 'Use of external tools not permitted',
+                'crs' => 'Only external tools defined in course may be used',
+                'dom' => 'Only external tools defined in domain may be used',
+                'both' => 'External tools defined/configured in either domain or course may be used',
+                'used' => 'Use domain default',
+                'cour' => 'Use course-specific setting',
+                'curd' => 'Current domain default is',
+                'valu' => 'Value for this course',
+                'modi' => 'Save',
+                'back' => 'Pick another action',
+    );
+    if ($type eq 'Community') {
+        $titles{'crs'} = &mt('Only external tools defined in community may be used');
+        $titles{'both'} = &mt('External tools defined/configured in either domain or community may be used');
+        $titles{'cour'} = &mt('Use community-specific setting');
+        $titles{'valu'} = &mt('Value for this community');
+    }
+    return %titles;
+}
+
 sub modify_selfenrollconfig {
     my ($r,$type,$cdesc,$coursehash) = @_;
     return unless(ref($coursehash) eq 'HASH');
@@ -1166,6 +1554,8 @@ sub gather_authenitems {
             $curr_authtype = 'int';
         } elsif ($enrollvar->{'authtype'} eq 'localauth' ) {
             $curr_authtype = 'loc';
+        } elsif ($enrollvar->{'authtype'} eq 'lti' ) {
+            $curr_authtype = 'lti';
         }
     }
     unless ($curr_authtype eq '') {
@@ -1186,7 +1576,8 @@ sub gather_authenitems {
     $authform{'krb'} = &Apache::loncommon::authform_kerberos(%param);
     $authform{'int'} = &Apache::loncommon::authform_internal(%param);
     $authform{'loc'} = &Apache::loncommon::authform_local(%param);
-    foreach my $item ('krb','int','loc') {
+    $authform{'lti'} = &Apache::loncommon::authform_lti(%param);
+    foreach my $item ('krb','int','loc','lti') {
         if ($authform{$item} ne '') {
             $authenitems .= $authform{$item}.'<br />';
         }
@@ -1207,6 +1598,10 @@ sub modify_course {
         if (&showcredits($cdom)) {  
             push(@items,'internal.defaultcredits');
         }
+        my %passwdconf = &Apache::lonnet::get_passwdconf($cdom);
+        if ($passwdconf{'crsownerchg'}) {
+            push(@items,'internal.nopasswdchg');
+        }
     }
     my %settings = &Apache::lonnet::get('environment',\@items,$cdom,$cnum);
     my $description = $settings{'description'};
@@ -1222,6 +1617,7 @@ sub modify_course {
     } else {
         %changed = ( code  => 0,
                      owner => 0,
+                     passwd => 0,
                    );
         $ccrole = 'cc';
         unless ($settings{'internal.sectionnums'} eq '') {
@@ -1252,6 +1648,8 @@ sub modify_course {
             if ((defined($env{'form.locarg'})) && ($env{'form.locarg'})) {
                 $newattr{'autharg'} = $env{'form.locarg'};
             }
+        } elsif ($env{'form.login'} eq 'lti') {
+            $newattr{'authtype'} = 'lti';
         }
         if ( $newattr{'authtype'}=~ /^krb/) {
             if ($newattr{'autharg'}  eq '') {
@@ -1274,9 +1672,21 @@ sub modify_course {
             $newattr{'mysqltables'} = $env{'form.mysqltables'};
             $newattr{'mysqltables'} =~ s/\D+//g;
         }
-        if (($type ne 'Placement') && (&showcredits($cdom) && exists($env{'form.defaultcredits'}))) {
-            $newattr{'defaultcredits'}=$env{'form.defaultcredits'};
-            $newattr{'defaultcredits'} =~ s/[^\d\.]//g;
+        if ($type ne 'Placement') {
+            if (&showcredits($cdom) && exists($env{'form.defaultcredits'})) {
+                $newattr{'defaultcredits'}=$env{'form.defaultcredits'};
+                $newattr{'defaultcredits'} =~ s/[^\d\.]//g;
+            }
+            if (grep(/^nopasswdchg$/,@modifiable_params)) {
+                if ($env{'form.nopasswdchg'}) {
+                    $newattr{'nopasswdchg'} = 1;
+                    unless ($currattr{'nopasswdchg'}) {
+                        $changed{'passwd'} = 1;
+                    }
+                } elsif ($currattr{'nopasswdchg'}) {
+                    $changed{'passwd'} = 1;
+                }
+            }
         }
     }
 
@@ -1311,7 +1721,7 @@ sub modify_course {
         } 
     }
 
-    if ($changed{'owner'} || $changed{'code'}) {
+    if ($changed{'owner'} || $changed{'code'} || $changed{'passwd'}) {
         my %crsinfo = &Apache::lonnet::courseiddump($cdom,'.',1,'.','.',$cnum,
                                                     undef,undef,'.');
         if (ref($crsinfo{$env{'form.pickedcourse'}}) eq 'HASH') {
@@ -1321,10 +1731,29 @@ sub modify_course {
             if ($changed{'owner'}) {
                 $crsinfo{$env{'form.pickedcourse'}}{'owner'} = $env{'form.courseowner'};
             }
+            if ($changed{'passwd'}) {
+                if ($env{'form.nopasswdchg'}) {
+                    $crsinfo{$env{'form.pickedcourse'}}{'nopasswdchg'} = 1;
+                } else {
+                    delete($crsinfo{'nopasswdchg'});
+                }
+            }
             my $chome = &Apache::lonnet::homeserver($cnum,$cdom);
             my $putres = &Apache::lonnet::courseidput($cdom,\%crsinfo,$chome,'notime');
-            if ($putres eq 'ok') {
+            if (($putres eq 'ok') && (($changed{'owner'} || $changed{'code'}))) {
                 &update_coowners($cdom,$cnum,$chome,\%settings,\%newattr);
+                if ($changed{'code'}) {
+                    &Apache::lonnet::devalidate_cache_new('instcats',$cdom);
+                    # Update cache of self-cataloging courses on institution's server(s).
+                    if (&Apache::lonnet::shared_institution($cdom)) {
+                        unless ($registered_cleanup) {
+                            my $handlers = $r->get_handlers('PerlCleanupHandler');
+                            $r->set_handlers('PerlCleanupHandler' => [\&devalidate_remote_instcats,@{$handlers}]);
+                            $registered_cleanup=1;
+                            $modified_dom = $cdom;
+                        }
+                    }
+                }
             }
         }
     }
@@ -1370,6 +1799,12 @@ sub modify_course {
                         $shown = &mt('None');
                     } elsif (($attr eq 'mysqltables') && ($shown eq '')) {
                         $shown = &mt('domain default');
+                    } elsif ($attr eq 'nopasswdchg') {
+                        if ($shown) {
+                            $shown = &mt('Yes');
+                        } else {
+                            $shown = &mt('No');
+                        }
                     }
                     $chgresponse .= '<li>'.&mt('[_1] now set to: [_2]',$longtype{$attr},$shown).'</li>';
                 } else {
@@ -1382,6 +1817,12 @@ sub modify_course {
                         $shown = &mt('None');
                     } elsif (($attr eq 'mysqltables') && ($shown eq '')) {
                         $shown = &mt('domain default');
+                    } elsif ($attr eq 'nopasswdchg') {
+                        if ($shown) {
+                            $shown = &mt('Yes');
+                        } else {
+                            $shown = &mt('No');
+                        }
                     }
                     $nochgresponse .= '<li>'.&mt('[_1] still set to: [_2]',$longtype{$attr},$shown).'</li>';
                 }
@@ -2047,6 +2488,217 @@ sub modify_catsettings {
     return;
 }
 
+sub modify_ltiauth {
+    my ($r,$cdom,$cnum,$cdesc,$domdesc,$type) = @_;
+    my %lt = &Apache::lonlocal::texthash(
+                'requ' => 'Requirement for re-authentication for student LTI-limited launch of deep-linked item',
+                'link' => 'Link protection can be set to accept username for an enrolled student (if sent by Consumer)',
+                'logi' => 'Login needed, regardless of user information sent by LTI Consumer in (signed) parameters',
+                'used' => 'Use domain default',
+                'cour' => 'Use course-specific setting',
+                'modi' => 'Save',
+                'back' => 'Pick another action',
+    );
+    &print_header($r,$type);
+    $r->print('<form action="/adm/modifycourse" method="post" name="processltiauth">'."\n".
+              '<h3>'.$lt{'requ'}.
+              ' <span class="LC_nobreak">'.$cdesc.'</span></h3>');
+    my %oldsettings = &Apache::lonnet::get('environment',['internal.ltiauth'],$cdom,$cnum);
+    my $oldltiauth = $oldsettings{'internal.ltiauth'};
+    my $domdef;
+    my %domconfig =
+        &Apache::lonnet::get_dom('configuration',['coursedefaults'],$cdom);
+    if (ref($domconfig{'coursedefaults'}) eq 'HASH') {
+        $domdef = $domconfig{'coursedefaults'}{'ltiauth'};
+    }
+    my ($newltiauth,$nochange,$change,$status,$error,$ltiauth);
+    if ($env{'form.ltiauthset'} eq 'dom') {
+        if ($oldltiauth eq '') {
+            $nochange = 1;
+        } else {
+            $change = 1;
+        }
+    } elsif ($env{'form.ltiauthset'} eq 'course') {
+        if ($env{'form.ltiauth'} =~ /^0|1$/) { 
+            $newltiauth = $env{'form.ltiauth'};
+        }
+        if ($oldltiauth == $newltiauth) {
+            $nochange = 1;
+        } else {
+            $change = 1;
+        }
+    }
+    if ($change) {
+        if ($newltiauth ne '') {
+            my %cenv = (
+                         'internal.ltiauth' => $newltiauth,
+                       );
+            if (&Apache::lonnet::put('environment',\%cenv,$cdom,$cnum) eq 'ok') {
+                if ($env{'course.'.$cdom.'_'.$cnum.'.description'} ne '') {
+                    &Apache::lonnet::appenv(
+                       {'course.'.$cdom.'_'.$cnum.'.internal.ltiauth' => $newltiauth});
+                }
+            } else {
+                $error = 1;
+            }
+        } else {
+            if (&Apache::lonnet::del('environment',['internal.ltiauth'],$cdom,$cnum) eq 'ok') {
+                if (exists($env{'course.'.$cdom.'_'.$cnum.'.internal.ltiauth'})) {
+                    &Apache::lonnet::delenv('course.'.$cdom.'_'.$cnum.'.internal.ltiauth');
+                }
+            } else {
+                $error = 1;
+            }
+        }
+    }
+    if ($error) {
+        $nochange = 1;
+    }
+    if ($nochange) {
+        $ltiauth = $oldltiauth;
+    } else {
+        $ltiauth = $newltiauth;
+    }
+    if ($ltiauth eq '') {
+        $status = $lt{'used'}.': ';
+        if ($domdef) {
+            $status .= '<span style="font-style:italic">'.$lt{'link'}.'</span>';
+        } else {
+            $status .= '<span style="font-style:italic">'.$lt{'logi'}.'</span>';
+        }
+    } else {
+        $status = $lt{'cour'}.': ';
+        if ($ltiauth) {
+            $status .= '<span style="font-style:italic">'.$lt{'link'}.'</span>';
+        } else {
+            $status .= '<span style="font-style:italic">'.$lt{'logi'}.'</span>';
+        }
+    }
+    if ($error) {
+        $r->print('<p class="LC_warning">'.&mt('An error occurred when saving your changes').'</p>');
+    }
+    $r->print('<p>');
+    if ($nochange) {
+        $r->print(&mt('Re-authentication requirement for LTI launch of deep-linked item is unchanged'));
+    } elsif ($change) {
+        $r->print(&mt('Re-authentication requirement for LTI launch of deep-linked changed'));
+    }
+    $r->print('<br />'.$status);
+    $r->print('</p><p>'.
+              '<a href="javascript:changePage(document.processltiauth,'."'menu'".')">'.
+              $lt{'back'}.'</a></p>');
+    $r->print(&hidden_form_elements().'</form>');
+    return;
+}
+
+sub modify_exttool {
+    my ($r,$cdom,$cnum,$cdesc,$domdesc,$type) = @_;
+    my %titles = &exttool_titles($type);
+    &print_header($r,$type);
+    $r->print('<form action="/adm/modifycourse" method="post" name="processexttool">'."\n".
+              '<h3>'.$titles{'extt'}.'</h3>'.
+              '<h4><span class="LC_nobreak">'.$type.': '.$cdesc.'</span></h4>');
+    my %oldsettings = &Apache::lonnet::get('environment',['internal.exttool'],$cdom,$cnum);
+    my $oldcrsexttool = $oldsettings{'internal.exttool'};
+    my $domdefdom = 1;
+    my $domdef = 0;
+    my $domdefdisplay;
+    my %settings = &Apache::lonnet::get('environment',['internal.coursecode',
+                                        'internal.textbook'],$cdom,$cnum);
+    my $lctype = &get_lctype($type,\%settings);
+    my %domconfig =
+        &Apache::lonnet::get_dom('configuration',['coursedefaults'],$cdom);
+    if (ref($domconfig{'coursedefaults'}) eq 'HASH') {
+        if (ref($domconfig{'coursedefaults'}{'domexttool'}) eq 'HASH') {
+            if (exists($domconfig{'coursedefaults'}{'domexttool'}{$lctype})) {
+                $domdefdom = $domconfig{'coursedefaults'}{'domexttool'}{$lctype};
+            }
+        }
+        if (ref($domconfig{'coursedefaults'}{'exttool'}) eq 'HASH') {
+            if (exists($domconfig{'coursedefaults'}{'exttool'}{$lctype})) {
+                $domdef = $domconfig{'coursedefaults'}{'exttool'}{$lctype};
+            }
+        }
+    }
+    if ($domdef && $domdefdom) {
+        $domdefdisplay = $titles{'both'};
+    } elsif ($domdef) {
+        $domdefdisplay = $titles{'crs'};
+    } elsif ($domdefdom) {
+        $domdefdisplay = $titles{'dom'};
+    } else {
+        $domdefdisplay = $titles{'none'};
+    }
+    my ($newcrsexttool,$nochange,$change,$status,$error,$exttool);
+    if ($env{'form.exttoolset'} eq 'dom') {
+        if ($oldcrsexttool eq '') {
+            $nochange = 1;
+        } else {
+            $change = 1;
+        }
+    } elsif ($env{'form.exttoolset'} eq 'course') {
+        if ($env{'form.exttool'} =~ /^both|dom|crs|none$/) {
+            $newcrsexttool = $env{'form.exttool'};
+        }
+        if ($oldcrsexttool eq $newcrsexttool) {
+            $nochange = 1;
+        } else {
+            $change = 1;
+        }
+    }
+    if ($change) {
+        if ($newcrsexttool ne '') {
+            my %cenv = (
+                         'internal.exttool' => $newcrsexttool,
+                       );
+            if (&Apache::lonnet::put('environment',\%cenv,$cdom,$cnum) eq 'ok') {
+                if ($env{'course.'.$cdom.'_'.$cnum.'.description'} ne '') {
+                    &Apache::lonnet::appenv(
+                       {'course.'.$cdom.'_'.$cnum.'.internal.exttool' => $newcrsexttool});
+                }
+            } else {
+                $error = 1;
+            }
+        } else {
+            if (&Apache::lonnet::del('environment',['internal.exttool'],$cdom,$cnum) eq 'ok') {
+                if (exists($env{'course.'.$cdom.'_'.$cnum.'.internal.exttool'})) {
+                    &Apache::lonnet::delenv('course.'.$cdom.'_'.$cnum.'.internal.exttool');
+                }
+            } else {
+                $error = 1;
+            }
+        }
+    }
+    if ($error) {
+        $nochange = 1;
+    }
+    if ($nochange) {
+        $exttool = $oldcrsexttool;
+    } else {
+        $exttool = $newcrsexttool;
+    }
+    if ($exttool eq '') {
+        $status = $titles{'used'}.': <span style="font-style:italic">'.$domdefdisplay.'</span>';
+    } else {
+        $status = $titles{'cour'}.': <span style="font-style:italic">'.$titles{$exttool}.'</span>';
+    }
+    if ($error) {
+        $r->print('<p class="LC_warning">'.&mt('An error occurred when saving your changes').'</p>');
+    }
+    $r->print('<p>');
+    if ($nochange) {
+        $r->print(&mt('External Tool permissions unchanged'));
+    } elsif ($change) {
+        $r->print(&mt('External Tool permissions changed'));
+    }
+    $r->print('<br />'.$status);
+    $r->print('</p><p>'.
+              '<a href="javascript:changePage(document.processexttool,'."'menu'".')">'.
+              $titles{'back'}.'</a></p>');
+    $r->print(&hidden_form_elements().'</form>');
+    return;
+}
+
 sub print_header {
     my ($r,$type,$javascript_validations) = @_;
     my $phase = "start";
@@ -2067,13 +2719,7 @@ function changePage(formname,newphase) {
     if ($phase eq 'setparms') {
 	$js .= $javascript_validations;
     } elsif ($phase eq 'courselist') {
-        $js .= qq|
-
-function gochoose(cname,cdom,cdesc) {
-    document.courselist.pickedcourse.value = cdom+'_'+cname;
-    document.courselist.submit();
-}
-
+        $js .= <<"ENDJS";
 function hide_searching() {
     if (document.getElementById('searching')) {
         document.getElementById('searching').style.display = 'none';
@@ -2081,7 +2727,7 @@ function hide_searching() {
     return;
 }
 
-|;
+ENDJS
     } elsif ($phase eq 'setquota') {
         my $invalid = &mt('The quota you entered contained invalid characters.');
         my $alert = &mt('You must enter a number');
@@ -2091,9 +2737,10 @@ function hide_searching() {
         $js .= <<"ENDSCRIPT";
 
 function verify_quota() {
-    var newquota = document.setquota.coursequota.value; 
+    var newcoursequota = document.setquota.coursequota.value;
+    var newuploadquota = document.setquota.uploadquota.value;
     var num_reg = $regexp;
-    if (num_reg.test(newquota)) {
+    if ((num_reg.test(newcoursequota)) && (num_reg.test(newuploadquota))) {
         changePage(document.setquota,'processquota');
     } else {
         alert("$invalid\\n$alert");
@@ -2208,6 +2855,64 @@ function togglePostsubmit(caller) {
 
 ENDSCRIPT
 
+    } elsif ($phase eq 'setltiauth') {
+        $js .= <<"ENDJS";
+function toggleLTIOptions(form) {
+    var radioname = 'ltiauthset';
+    var divid = 'crsltiauth';
+    var num = form.elements[radioname].length;
+    if (num) {
+        var setvis = '';
+        for (var i=0; i<num; i++) {
+            if (form.elements[radioname][i].checked) {
+                if (form.elements[radioname][i].value == 'course') {
+                    if (document.getElementById(divid)) {
+                        document.getElementById(divid).style.display = 'inline-block';
+                    }
+                    setvis = 1;
+                }
+                break;
+            }
+        }
+        if (!setvis) {
+            if (document.getElementById(divid)) {
+                document.getElementById(divid).style.display = 'none';
+            }
+        }
+    }
+    return;
+}
+
+ENDJS
+    } elsif ($phase eq 'setexttool') {
+        $js .= <<"ENDJS";
+function toggleExtToolOptions(form) {
+    var radioname = 'exttoolset';
+    var divid = 'crsexttool';
+    var num = form.elements[radioname].length;
+    if (num) {
+        var setvis = '';
+        for (var i=0; i<num; i++) {
+            if (form.elements[radioname][i].checked) {
+                if (form.elements[radioname][i].value == 'course') {
+                    if (document.getElementById(divid)) {
+                        document.getElementById(divid).style.display = 'inline-block';
+                    }
+                    setvis = 1;
+                }
+                break;
+            }
+        }
+        if (!setvis) {
+            if (document.getElementById(divid)) {
+                document.getElementById(divid).style.display = 'none';
+            }
+        }
+    }
+    return;
+}
+
+ENDJS
     }
     my $starthash;
     if ($env{'form.phase'} eq 'adhocrole') {
@@ -2218,6 +2923,14 @@ ENDSCRIPT
         $starthash = {
            add_entries => {'onload' => "hide_searching(); courseSet(document.filterpicker.official, 'load');"},
                      };
+    } elsif ($env{'form.phase'} eq 'setltiauth') {
+        $starthash = {
+           add_entries => {'onload' => "toggleLTIOptions(document.setltiauth);"},
+                     };
+    } elsif ($env{'form.phase'} eq 'setexttool') {
+        $starthash = {
+           add_entries => {'onload' => "toggleExtToolOptions(document.setexttool);"},
+                     };
     }
     $r->print(&Apache::loncommon::start_page('View/Modify Course/Community Settings',
 					     &Apache::lonhtmlcommon::scripttag($js),
@@ -2304,6 +3017,7 @@ sub course_settings_descrip {
                       'selfenrollmgrdc'  => "Course-specific self-enrollment configuration by Domain Coordinator",
                       'selfenrollmgrcc'  => "Course-specific self-enrollment configuration by Course personnel",
                       'mysqltables'      => '"Temporary" student performance tables lifetime (seconds)',
+                      'nopasswdchg' => 'Disable changing password for users with student role by course owner',
          );
     }
     return %longtype;
@@ -2316,7 +3030,8 @@ sub hidden_form_elements {
           'locarg','krbarg','krbver','counter','hidefromcat','usecategory',
           'threshold','postsubmit','postsubtimeout','defaultcredits','uploadquota',
           'selfenrollmgrdc','selfenrollmgrcc','action','state','currsec_st',
-          'sections','newsec','mysqltables'],['^selfenrollmgr_','^selfenroll_'])."\n".
+          'sections','newsec','mysqltables','nopasswdchg','ltiauth','ltiauthset',
+          'exttoolset','exttool'],['^selfenrollmgr_','^selfenroll_'])."\n".
           '<input type="hidden" name="prevphase" value="'.$env{'form.phase'}.'" />';
     return $hidden_elements;
 }
@@ -2332,6 +3047,7 @@ sub showcredits {
 sub get_permission {
     my ($dom) = @_;
     my ($allowed,%permission);
+    my %passwdconf = &Apache::lonnet::get_passwdconf($dom);
     if (&Apache::lonnet::allowed('ccc',$dom)) {
         $allowed = 1;
         %permission = (
@@ -2347,7 +3063,15 @@ sub get_permission {
             catsettings       => 'edit',
             processcat        => 'edit',
             selfenroll        => 'edit',
+            adhocrole         => 'coord',
+            setltiauth        => 'edit',
+            processltiauth    => 'edit',
+            setexttool        => 'edit',
+            processexttool    => 'edit',
         );
+        if ($passwdconf{'crsownerchg'}) {
+            $permission{passwdchg} = 'edit';
+        }
     } elsif (&Apache::lonnet::allowed('rar',$dom)) {
         $allowed = 1;
         %permission = (
@@ -2358,11 +3082,33 @@ sub get_permission {
             setparms      => 'view',
             catsettings   => 'view',
             selfenroll    => 'view',
+            adhocrole     => 'custom',
+            setltiauth    => 'view',
+            setexttool    => 'view',
         );
+        if ($passwdconf{'crsownerchg'}) {
+            $permission{passwdchg} = 'view';
+        }
     }
     return ($allowed,\%permission);
 }
 
+sub devalidate_remote_instcats {
+    if ($modified_dom ne '') {
+        my %servers = &Apache::lonnet::internet_dom_servers($modified_dom);
+        my %thismachine;
+        map { $thismachine{$_} = 1; } &Apache::lonnet::current_machine_ids();
+        if (keys(%servers)) {
+            foreach my $server (keys(%servers)) {
+                next if ($thismachine{$server});
+                &Apache::lonnet::remote_devalidate_cache($server,['instcats:'.$modified_dom]);
+            }
+        }
+        $modified_dom = '';
+    }
+    return;
+}
+
 sub handler {
     my $r = shift;
     if ($r->header_only) {
@@ -2371,6 +3117,9 @@ sub handler {
         return OK;
     }
 
+    $registered_cleanup=0;
+    $modified_dom = '';
+
     my $dom = $env{'request.role.domain'};
     my $domdesc = &Apache::lonnet::domain($dom,'description');
     my ($allowed,$permission) = &get_permission($dom);
@@ -2412,7 +3161,7 @@ sub handler {
               {href=>"javascript:changePage(document.$phase,'courselist')",
               text=>$choose_text});
             if ($phase eq 'courselist') {
-                &print_course_selection_page($r,$dom,$domdesc);
+                &print_course_selection_page($r,$dom,$domdesc,$permission);
             } else {
                 my ($checked,$cdesc,$coursehash) = &check_course($dom,$domdesc);
                 if ($checked eq 'ok') {
@@ -2435,7 +3184,7 @@ sub handler {
                         &Apache::lonhtmlcommon::add_breadcrumb
                          ({href=>"javascript:changePage(document.$phase,'adhocrole')",
                            text=>$enter_text});
-                        &print_adhocrole_selected($r,$type);
+                        &print_adhocrole_selected($r,$type,$permission);
                     } else {
                         &Apache::lonhtmlcommon::add_breadcrumb
                         ({href=>"javascript:changePage(document.$phase,'menu')",
@@ -2539,6 +3288,30 @@ sub handler {
                                   text=>"Result"});
                                 &modify_selfenrollconfig($r,$type,$cdesc,$coursehash);
                             }
+                        } elsif (($phase eq 'setltiauth') && ($permission->{'setltiauth'})) {
+                            &Apache::lonhtmlcommon::add_breadcrumb
+                            ({href=>"javascript:changePage(document.$phase,'$phase')",
+                              text=>"Requirement for re-authentication for LTI launch of deep-linked item"});
+                            &print_set_ltiauth($r,$cdom,$cnum,$cdesc,$type,$readonly);
+                        } elsif (($phase eq 'processltiauth') && ($permission->{'processltiauth'})) {
+                            &Apache::lonhtmlcommon::add_breadcrumb
+                            ({href=>"javascript:changePage(document.$phase,'setltiauth')",
+                              text=>"Requirement for re-authentication for LTI launch of deep-linked item"},
+                             {href=>"javascript:changePage(document.$phase,'$phase')",
+                              text=>"Result"});
+                            &modify_ltiauth($r,$cdom,$cnum,$cdesc,$domdesc,$type);
+                        } elsif (($phase eq 'setexttool') && ($permission->{'setexttool'})) {
+                            &Apache::lonhtmlcommon::add_breadcrumb
+                            ({href=>"javascript:changePage(document.$phase,'$phase')",
+                              text=>"External Tool permission"});
+                            &print_set_exttool($r,$cdom,$cnum,$cdesc,$type,$readonly);
+                        } elsif (($phase eq 'processexttool') && ($permission->{'processexttool'})) {
+                            &Apache::lonhtmlcommon::add_breadcrumb
+                            ({href=>"javascript:changePage(document.$phase,'setexttool')",
+                              text=>"External Tool permission"},
+                             {href=>"javascript:changePage(document.$phase,'$phase')",
+                              text=>"Result"});
+                            &modify_exttool($r,$cdom,$cnum,$cdesc,$domdesc,$type);
                         }
                     }
                 } else {