--- loncom/interface/lonuserutils.pm	2007/11/06 18:23:14	1.3
+++ loncom/interface/lonuserutils.pm	2007/12/11 01:17:16	1.13
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Utility functions for managing LON-CAPA user accounts
 #
-# $Id: lonuserutils.pm,v 1.3 2007/11/06 18:23:14 raeburn Exp $
+# $Id: lonuserutils.pm,v 1.13 2007/12/11 01:17:16 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -35,7 +35,8 @@ use Apache::lonnet;
 use Apache::loncommon();
 use Apache::lonhtmlcommon;
 use Apache::lonlocal;
-use LONCAPA();
+use Apache::longroup;
+use LONCAPA qw(:DEFAULT :match);
 
 ###############################################################
 ###############################################################
@@ -85,28 +86,39 @@ sub modifystudent {
 sub modifyuserrole {
     my ($context,$setting,$changeauth,$cid,$udom,$uname,$uid,$umode,$upass,
         $first,$middle,$last,$gene,$sec,$forceid,$desiredhome,$email,$role,
-        $end,$start) = @_;
-    my ($scope,$userresult,$authresult,$roleresult);
+        $end,$start,$checkid) = @_;
+    my ($scope,$userresult,$authresult,$roleresult,$idresult);
     if ($setting eq 'course' || $context eq 'course') {
         $scope = '/'.$cid;
         $scope =~ s/\_/\//g;
         if ($role ne 'cc' && $sec ne '') {
             $scope .='/'.$sec;
         }
-    } elsif ($setting eq 'domain') {
+    } elsif ($context eq 'domain') {
         $scope = '/'.$env{'request.role.domain'}.'/';
-    } elsif ($setting eq 'construction_space') {
+    } elsif ($context eq 'author') {
         $scope =  '/'.$env{'user.domain'}.'/'.$env{'user.name'};
     }
     if ($context eq 'domain') {
         my $uhome = &Apache::lonnet::homeserver($uname,$udom);
         if ($uhome ne 'no_host') {
-            if (($changeauth) && (&Apache::lonnet::allowed('mau',$udom))) {
+            if (($changeauth eq 'Yes') && (&Apache::lonnet::allowed('mau',$udom))) {
                 if ((($umode =~ /^krb4|krb5|internal$/) && $upass ne '') ||
                     ($umode eq 'localauth')) {
                     $authresult = &Apache::lonnet::modifyuserauth($udom,$uname,$umode,$upass);
                 }
             }
+            if (($forceid) && (&Apache::lonnet::allowed('mau',$udom)) &&
+                ($env{'form.recurseid'}) && ($checkid)) {
+                my %userupdate = (
+                                  lastname   => $last,
+                                  middlename => $middle,
+                                  firstname  => $first,
+                                  generation => $gene,
+                                  id         => $uid,
+                                 );
+                $idresult = &propagate_id_change($uname,$udom,\%userupdate);
+            }
         }
     }
     $userresult =
@@ -114,14 +126,83 @@ sub modifyuserrole {
                                     $middle,$last,$gene,$forceid,$desiredhome,
                                     $email,$role,$start,$end);
     if ($userresult eq 'ok') {
-        if ($role ne '') { 
+        if ($role ne '') {
             $roleresult = &Apache::lonnet::assignrole($udom,$uname,$scope,
                                                       $role,$end,$start);
         }
     }
-    return ($userresult,$authresult,$roleresult);
+    return ($userresult,$authresult,$roleresult,$idresult);
+}
+
+sub propagate_id_change {
+    my ($uname,$udom,$user) = @_;
+    my (@types,@roles);
+    @types = ('active','future');
+    @roles = ('st');
+    my $idresult;
+    my %roleshash = &Apache::lonnet::get_my_roles($uname,
+                        $udom,'userroles',\@types,\@roles);
+    my %args = (
+                one_time => 1,
+               );
+    foreach my $item (keys(%roleshash)) {
+        my ($cnum,$cdom,$role) = split(/:/,$item);
+        my ($start,$end) = split(/:/,$roleshash{$item});
+        if (&Apache::lonnet::is_course($cdom,$cnum)) {
+            my $result = &update_classlist($cdom,$cnum,$udom,$uname,$user);
+            my %coursehash = 
+                &Apache::lonnet::coursedescription($cdom.'_'.$cnum,\%args);
+            my $cdesc = $coursehash{'description'};
+            if ($cdesc eq '') { 
+                $cdesc = $cdom.'_'.$cnum;
+            }
+            if ($result eq 'ok') {
+                $idresult .= &mt('Classlist update for "[_1]" in "[_2]".',$uname.':'.$udom,$cdesc).'<br />'."\n";
+            } else {
+                $idresult .= &mt('Error: "[_1]" during classlist update for "[_2]" in "[_3]".',$result,$uname.':'.$udom,$cdesc).'<br />'."\n";
+            }
+        }
+    }
+    return $idresult;
 }
 
+sub update_classlist {
+    my ($cdom,$cnum,$udom,$uname,$user) = @_;
+    my ($uid,$classlistentry);
+    my $fullname =
+        &Apache::lonnet::format_name($user->{'firstname'},$user->{'middlename'},
+                                     $user->{'lastname'},$user->{'generation'},
+                                     'lastname');
+    my %classhash = &Apache::lonnet::get('classlist',[$uname.':'.$udom],
+                                         $cdom,$cnum);
+    my @classinfo = split(/:/,$classhash{$uname.':'.$udom});
+    my $ididx=&Apache::loncoursedata::CL_ID() - 2;
+    my $nameidx=&Apache::loncoursedata::CL_FULLNAME() - 2;
+    for (my $i=0; $i<@classinfo; $i++) {
+        if ($i == $ididx) {
+            if (defined($user->{'id'})) {
+                $classlistentry .= $user->{'id'}.':';
+            } else {
+                $classlistentry .= $classinfo[$i].':';
+            }
+        } elsif ($i == $nameidx) {
+            $classlistentry .= $fullname.':';
+        } else {
+            $classlistentry .= $classinfo[$i].':';
+        }
+    }
+    $classlistentry =~ s/:$//;
+    my $reply=&Apache::lonnet::cput('classlist',
+                                    {"$uname:$udom" => $classlistentry},
+                                    $cdom,$cnum);
+    if (($reply eq 'ok') || ($reply eq 'delayed')) {
+        return 'ok';
+    } else {
+        return 'error: '.$reply;
+    }
+}
+
+
 ###############################################################
 ###############################################################
 # build a role type and role selection form
@@ -130,7 +211,7 @@ sub domain_roles_select {
     # domain context   
     #
     # Role types
-    my @roletypes = ('domain','construction_space','course');
+    my @roletypes = ('domain','author','course');
     my %lt = &role_type_names();
     #
     # build up the menu information to be passed to
@@ -152,22 +233,28 @@ sub domain_roles_select {
         my @roles;
         if ($roletype eq 'domain') {
             @roles = &domain_roles();
-        } elsif ($roletype eq 'construction_space') {
+        } elsif ($roletype eq 'author') {
             @roles = &construction_space_roles();
         } else {
             @roles = &course_roles('domain');
+            unshift(@roles,'cr');
         }
         my $order = ['Any',@roles];
         $select_menus{$roletype}->{'order'} = $order; 
         foreach my $role (@roles) {
-            $select_menus{$roletype}->{'select2'}->{$role} = 
-                          &Apache::lonnet::plaintext($role);
+            if ($role eq 'cr') {
+                $select_menus{$roletype}->{'select2'}->{$role} =
+                              &mt('Custom role');
+            } else {
+                $select_menus{$roletype}->{'select2'}->{$role} = 
+                              &Apache::lonnet::plaintext($role);
+            }
         }
         $select_menus{$roletype}->{'select2'}->{'Any'} = &mt('Any');
     }
     my $result = &Apache::loncommon::linked_select_forms
         ('studentform',('&nbsp;'x3).&mt('Role: '),$env{'form.roletype'},
-         'roletype','showrole',\%select_menus,['domain','construction_space','course']);
+         'roletype','showrole',\%select_menus,['domain','author','course']);
     return $result;
 }
 
@@ -572,7 +659,7 @@ sub print_upload_manager_footer {
     my $formname;
     if ($context eq 'course') {
         $formname = 'document.studentform';
-    } elsif ($context eq 'construction_space') {
+    } elsif ($context eq 'author') {
         $formname = 'document.studentform';
     } elsif ($context eq 'domain') {
         $formname = 'document.studentform';
@@ -623,7 +710,7 @@ sub print_upload_manager_footer {
         $Str .= '<h3>'.&mt('Settings for assigning roles:').'</h3>'."\n".
                 &mt('Pick the action to take on roles for these users:').'<br /><span class="LC_nobreak"><label><input type="radio" name="roleaction" value="norole" checked="checked" />&nbsp;'.&mt('No role changes').'</label>&nbsp;&nbsp;&nbsp;<label><input type="radio" name="roleaction" value="domain" />&nbsp;'.&mt('Add a domain role').'</label>&nbsp;&nbsp;&nbsp;<label><input type="radio" name="roleaction" value="course" />&nbsp;'.&mt('Add a course role').'</label></span>';
     }
-    if ($context eq 'construction_space') {
+    if ($context eq 'author') {
         $Str .= '<h3>'.&mt('Default role')."</h3>\n".
                 &mt('Choose the role to assign to users without one specified in the uploaded file');
     } elsif ($context eq 'course') {
@@ -637,8 +724,12 @@ sub print_upload_manager_footer {
     my ($options,$cb_script,$coursepick) = &default_role_selector($context,'defaultrole',1);
     if ($context eq 'domain') {
         $Str .= '<span class="LC_role_level">'.&mt('Domain Level').'</span><br />'.$options.'<br /><br /><span class="LC_role_level">'.&mt('Course Level').'</span><br />'.$cb_script.$coursepick;
-    } else {
+    } elsif ($context eq 'author') {
         $Str .= $options;
+    } else {
+        $Str .= '<table><tr><td><span class="LC_nobreak"<b>'.&mt('role').':&nbsp;</b>'.
+                $options.'</span></td><td>&nbsp;</td><td><span class="LC_nobreak">'.
+                '<b>'.&mt('section').':&nbsp;</b><input type="text" name="section" value="" size="12" /></span></td></tr></table>';
     }
     if ($context eq 'course') {
         $Str .= "<h3>".&mt('Full Update')."</h3>\n".
@@ -646,12 +737,9 @@ sub print_upload_manager_footer {
                 ' '.&mt('Full update (also print list of users not enrolled anymore)').
                 "</label></p>\n";
     }
-    $Str .= "<h3>".&mt('ID/Student Number')."</h3>\n";
-    $Str .= "<p>\n".'<label><input type="checkbox" name="forceid" value="yes">';
-    $Str .= &mt('Disable ID/Student Number Safeguard and Force Change '.
-                'of Conflicting IDs').
-                '</label><br />'."\n".
-                &mt('(only do if you know what you are doing.)')."</p><p>\n";
+    if ($context eq 'course' || $context eq 'domain') {
+        $Str .= &forceid_change($context);
+    }
     $Str .= '</div><div class="LC_clear_float_footer"><br /><input type="button"'.
               'onClick="javascript:verify(this.form,this.form.csec)" '.
         'value="Update Users" />'."<br />\n";
@@ -664,6 +752,23 @@ sub print_upload_manager_footer {
     return;
 }
 
+sub forceid_change {
+    my ($context) = @_;
+    my $output = 
+        "<h3>".&mt('ID/Student Number')."</h3>\n".
+        "<p>\n".'<label><input type="checkbox" name="forceid" value="yes">'.
+        &mt('Disable ID/Student Number Safeguard and Force Change '.
+        'of Conflicting IDs').'</label><br />'."\n".
+        &mt('(only do if you know what you are doing.)')."</br><br />\n";
+    if ($context eq 'domain') {
+        $output .= '<label><input type="checkbox" name="recurseid"'.
+                   ' value="yes">'. 
+  &mt('Update ID/Student Number in courses in which user is Active/Future student,<br />(if forcing change).').
+                   '</label></p>'."\n";
+    }
+    return $output;
+}
+
 ###############################################################
 ###############################################################
 sub print_upload_manager_form {
@@ -749,7 +854,7 @@ sub print_upload_manager_form {
 }
 
 sub setup_date_selectors {
-    my ($starttime,$endtime,$mode) = @_;
+    my ($starttime,$endtime,$mode,$nolink) = @_;
     if (! defined($starttime)) {
         $starttime = time;
         unless ($mode eq 'create_enrolldates' || $mode eq 'create_defaultdates') {
@@ -770,12 +875,15 @@ sub setup_date_selectors {
             }
         }
     }
-    my $startdateform = &Apache::lonhtmlcommon::date_setter('studentform',
-                                                            'startdate',
-                                                            $starttime);
-    my $enddateform = &Apache::lonhtmlcommon::date_setter('studentform',
-                                                          'enddate',
-                                                          $endtime);
+
+    my $startdateform = 
+        &Apache::lonhtmlcommon::date_setter('studentform','startdate',$starttime,
+            undef,undef,undef,undef,undef,undef,undef,$nolink);
+
+    my $enddateform = 
+        &Apache::lonhtmlcommon::date_setter('studentform','enddate',$endtime,
+            undef,undef,undef,undef,undef,undef,undef,$nolink);
+
     if ($mode eq 'create_enrolldates') {
         $startdateform = &Apache::lonhtmlcommon::date_setter('ccrs',
                                                             'startenroll',
@@ -806,35 +914,44 @@ sub get_dates_from_form {
 }
 
 sub date_setting_table {
-    my ($starttime,$endtime,$mode) = @_;
-    my ($startform,$endform)=&setup_date_selectors($starttime,$endtime,$mode);
+    my ($starttime,$endtime,$mode,$bulkaction) = @_;
+    my $nolink;
+    if ($bulkaction) {
+        $nolink = 1;
+    }
+    my ($startform,$endform) = 
+        &setup_date_selectors($starttime,$endtime,$mode,$nolink);
     my $dateDefault;
     if ($mode eq 'create_enrolldates' || $mode eq 'create_defaultdates') {
         $dateDefault = '&nbsp;';
-    } elsif ($mode ne 'construction_space' && $mode ne 'domain') {
-        $dateDefault = '<nobr>'.
-        '<label><input type="checkbox" name="makedatesdefault" /> '.
-        &mt('make these dates the default for future enrollment').
-        '</label></nobr>';
+    } elsif ($mode ne 'author' && $mode ne 'domain') {
+        if (($bulkaction eq 'reenable') || 
+            ($bulkaction eq 'activate') || 
+            ($bulkaction eq 'chgdates')) { 
+            $dateDefault = '<span class="LC_nobreak">'.
+                '<label><input type="checkbox" name="makedatesdefault" /> '.
+                &mt('make these dates the default for future enrollment').
+                '</label></span>';
+        }
     }
-    my $perpetual = '<nobr><label><input type="checkbox" name="no_end_date"';
+    my $perpetual = '<span class="LC_nobreak"><label><input type="checkbox" name="no_end_date"';
     if (defined($endtime) && $endtime == 0) {
         $perpetual .= ' checked';
     }
-    $perpetual.= ' /> '.&mt('no ending date').'</label></nobr>';
+    $perpetual.= ' /> '.&mt('no ending date').'</label></span>';
     if ($mode eq 'create_enrolldates') {
         $perpetual = '&nbsp;';
     }
-    my $result = &Apache::lonhtmlcommon::start_pick_box()."\n".
-                 &Apache::lonhtmlcommon::row_title(&mt('Starting Date'),
-                                                   'LC_oddrow_value')."\n".
-                 $startform."\n".
-                 &Apache::lonhtmlcommon::row_closure(1).
-                 &Apache::lonhtmlcommon::row_title(&mt('Ending Date'),
-                                                   'LC_oddrow_value')."\n".
-                 $endform.'&nbsp;'.$perpetual.
-                 &Apache::lonhtmlcommon::row_closure(1).
-                 &Apache::lonhtmlcommon::end_pick_box().'<br />';
+    my $result = &Apache::lonhtmlcommon::start_pick_box()."\n";
+    $result .= &Apache::lonhtmlcommon::row_title(&mt('Starting Date'),
+                                                     'LC_oddrow_value')."\n".
+               $startform."\n".
+               &Apache::lonhtmlcommon::row_closure(1).
+               &Apache::lonhtmlcommon::row_title(&mt('Ending Date'), 
+                                                     'LC_oddrow_value')."\n".
+               $endform.'&nbsp;'.$perpetual.
+               &Apache::lonhtmlcommon::row_closure(1).
+               &Apache::lonhtmlcommon::end_pick_box().'<br />';
     if ($dateDefault) {
         $result .=  $dateDefault.'<br />'."\n";
     }
@@ -851,7 +968,8 @@ sub make_dates_default {
                 {'default_enrollment_start_date'=>$startdate,
                  'default_enrollment_end_date'  =>$enddate},$dom,$crs);
         if ($put_result eq 'ok') {
-            $result .= "Set default start and end dates for course<br />";
+            $result .= &mt('Set default start and end dates for course').
+                       '<br />'."\n";
             #
             # Refresh the course environment
             &Apache::lonnet::coursedescription($env{'request.course.id'},
@@ -868,7 +986,7 @@ sub default_role_selector {
     my ($context,$checkpriv) = @_;
     my %customroles;
     my ($options,$coursepick,$cb_jscript);
-    if ($context ne 'construction_space') {
+    if ($context ne 'author') {
         %customroles = &my_custom_roles();
     }
 
@@ -882,7 +1000,7 @@ sub default_role_selector {
                ' <option value="">'.&mt('Please select').'</option>'."\n"; 
     if ($context eq 'course') {
         $options .= &default_course_roles($context,$checkpriv,%customroles);
-    } elsif ($context eq 'construction_space') {
+    } elsif ($context eq 'author') {
         my @roles = &construction_space_roles($checkpriv);
         foreach my $role (@roles) {
            my $plrole=&Apache::lonnet::plaintext($role);
@@ -1011,7 +1129,7 @@ sub course_roles {
 sub curr_role_permissions {
     my ($context,$setting,$checkpriv) = @_; 
     my @roles;
-    if ($context eq 'construction_space') {
+    if ($context eq 'author') {
         @roles = &construction_space_roles($checkpriv);
     } elsif ($context eq 'domain') {
         if ($setting eq 'course') {
@@ -1052,7 +1170,11 @@ sub print_userlist {
         ($env{'form.Status'});
 
     if ($env{'form.showrole'} eq '') {
-        $env{'form.showrole'} = 'Any';
+        if ($context eq 'course') {
+            $env{'form.showrole'} = 'st';
+        } else {
+            $env{'form.showrole'} = 'Any';            
+        }
     }
     if (! defined($env{'form.output'}) ||
         $env{'form.output'} !~ /^(csv|excel|html)$/ ) {
@@ -1143,8 +1265,12 @@ sub print_userlist {
                   &Apache::lonhtmlcommon::end_pick_box().'</p>'.
                   '<p>'.&list_submit_button(&mt('Update Display')).
                   "\n</p>\n");
+        if ($env{'form.coursepick'}) {
+            $r->print('<hr />'.&mt('Searching').' ...<br />&nbsp;<br />');
+        }
+    } else {
+        $r->print('<hr />'.&mt('Searching').' ...<br />&nbsp;<br />');
     }
-    $r->print('<hr />'.&mt('Searching').' ...<br />&nbsp;<br />');
     $r->rflush();
     if ($context eq 'course') {
         my $classlist = &Apache::loncoursedata::get_classlist();
@@ -1172,33 +1298,33 @@ sub print_userlist {
         my %advrolehash = &Apache::lonnet::get_my_roles($cnum,$cdom,undef,
                                                         \@statuses,$showroles);
         &gather_userinfo($context,$format,\%userlist,$indexhash,\%userinfo,
-                         \%advrolehash);
+                         \%advrolehash,$permission);
     } else {
         my (%cstr_roles,%dom_roles);
-        if ($context eq 'construction_space') {
+        if ($context eq 'author') {
             # List co-authors and assistant co-authors
             my @possroles = ('ca','aa');
             %cstr_roles = &Apache::lonnet::get_my_roles(undef,undef,undef,
                                               \@statuses,\@possroles);
             &gather_userinfo($context,$format,\%userlist,$indexhash,\%userinfo,
-                             \%cstr_roles);
+                             \%cstr_roles,$permission);
         } elsif ($context eq 'domain') {
             if ($env{'form.roletype'} eq 'domain') {
                 %dom_roles = &Apache::lonnet::get_domain_roles($env{'request.role.domain'});
                 foreach my $key (keys(%dom_roles)) {
                     if (ref($dom_roles{$key}) eq 'HASH') {
                         &gather_userinfo($context,$format,\%userlist,$indexhash,
-                                         \%userinfo,$dom_roles{$key});
+                                         \%userinfo,$dom_roles{$key},$permission);
                     }
                 }
-            } elsif ($env{'form.roletype'} eq 'construction_space') {
+            } elsif ($env{'form.roletype'} eq 'author') {
                 my %dom_roles = &Apache::lonnet::get_domain_roles($env{'request.role.domain'},['au']);
                 my %coauthors;
                 foreach my $key (keys(%dom_roles)) {
                     if (ref($dom_roles{$key}) eq 'HASH') {
                         if ($env{'form.showrole'} eq 'au') {
                             &gather_userinfo($context,$format,\%userlist,$indexhash,
-                                             \%userinfo,$dom_roles{$key});
+                                             \%userinfo,$dom_roles{$key},$permission);
                         } else {
                             my @possroles;
                             if ($env{'form.showrole'} eq 'Any') {
@@ -1214,7 +1340,7 @@ sub print_userlist {
                                        $authordom,undef,\@statuses,\@possroles);
                             }
                             &gather_userinfo($context,$format,\%userlist,
-                                             $indexhash,\%userinfo,\%coauthors);
+                                     $indexhash,\%userinfo,\%coauthors,$permission);
                         }
                     }
                 }
@@ -1227,11 +1353,13 @@ sub print_userlist {
                             &Apache::lonnet::coursedescription($cid,{'one_time' => 1});
                         my $cdom = $coursehash{'domain'};
                         my $cnum = $coursehash{'num'};
+                        next if ($cnum eq '' || $cdom eq '');
                         my $cdesc = $coursehash{'description'};
                         my (@roles,@sections,%access,%users,%userdata,
-                            %users,%statushash);
+                            %statushash);
                         if ($env{'form.showrole'} eq 'Any') {
                             @roles = &course_roles($context);
+                            unshift(@roles,'cr');
                         } else {
                             @roles = ($env{'form.showrole'});
                         }
@@ -1258,20 +1386,22 @@ sub print_userlist {
                         }
                     }
                     &gather_userinfo($context,$format,\%userlist,$indexhash,
-                                     \%userinfo,\%allusers);
+                                     \%userinfo,\%allusers,$permission);
                 } else {
+                    $r->print('<input type="hidden" name="phase" value="'.
+                              $env{'form.phase'}.'" /></form>');
                     return;
                 }
             }
         }
     }
     if (keys(%userlist) == 0) {
-        if ($context eq 'construction_space') {
+        if ($context eq 'author') {
             $r->print(&mt('There are no co-authors to display.')."\n");
         } elsif ($context eq 'domain') {
             if ($env{'form.roletype'} eq 'domain') {
                 $r->print(&mt('There are no users with domain roles to display.')."\n");
-            } elsif ($env{'form.roletype'} eq 'construction_space') {
+            } elsif ($env{'form.roletype'} eq 'author') {
                 $r->print(&mt('There are no authors or co-authors to display.')."\n");
             } elsif ($env{'form.roletype'} eq 'course') {
                 $r->print(&mt('There are no course users to display')."\n"); 
@@ -1281,28 +1411,33 @@ sub print_userlist {
         }
     } else {
         # Print out the available choices
+        my $usercount;
         if ($env{'form.action'} eq 'modifystudent') {
-            &show_users_list($r,$context,'view','modify',
-                             $env{'form.Status'},\%userlist,$keylist);
+            ($usercount) = &show_users_list($r,$context,'view',$permission,
+                                 $env{'form.Status'},\%userlist,$keylist);
         } else {
-            &show_users_list($r,$context,$env{'form.output'},'aboutme',
-                             $env{'form.Status'},\%userlist,$keylist);
+            ($usercount) = &show_users_list($r,$context,$env{'form.output'},
+                               $permission,$env{'form.Status'},\%userlist,$keylist);
+        }
+        if (!$usercount) {
+            $r->print('<br />'.&mt('There are no users matching the search criteria.')); 
         }
     }
-    $r->print('</form>');
+    $r->print('<input type="hidden" name="phase" value="'.
+              $env{'form.phase'}.'" /></form>');
 }
 
 sub list_submit_button {
     my ($text) = @_;
-    return '<input type="submit" value="'.$text.'" />';
+    return '<input type="button" name="updatedisplay" value="'.$text.'" onclick="javascript:display_update()" />';
 }
 
 sub gather_userinfo {
-    my ($context,$format,$userlist,$indexhash,$userinfo,$rolehash) = @_;
+    my ($context,$format,$userlist,$indexhash,$userinfo,$rolehash,$permission) = @_;
     foreach my $item (keys(%{$rolehash})) {
         @{$userlist->{$item}} = ();
         my %userdata;
-        if ($context eq 'construction_space' || $context eq 'course') { 
+        if ($context eq 'author' || $context eq 'course') { 
             ($userdata{'username'},$userdata{'domain'},$userdata{'role'}) =
                 split(/:/,$item);
             ($userdata{'start'},$userdata{'end'})=split(/:/,$rolehash->{$item});
@@ -1313,7 +1448,7 @@ sub gather_userinfo {
                     split(/:/,$item);
                 ($userdata{'end'},$userdata{'start'})=split(/:/,$rolehash->{$item});
                 &build_user_record(\%userdata,$userinfo,$indexhash,$item,$userlist);
-            } elsif ($env{'form.roletype'} eq 'construction_space') {
+            } elsif ($env{'form.roletype'} eq 'author') {
                 if (ref($rolehash->{$item}) eq 'HASH') {
                     $userdata{'extent'} = $item;
                     foreach my $key (keys(%{$rolehash->{$item}})) {
@@ -1328,6 +1463,7 @@ sub gather_userinfo {
                 ($userdata{'username'},$userdata{'domain'},$userdata{'role'}) =
                     split(/:/,$item);
                 if (ref($rolehash->{$item}) eq 'HASH') {
+                    my $numcids = keys(%{$rolehash->{$item}});
                     foreach my $cid (sort(keys(%{$rolehash->{$item}}))) {
                         if (ref($rolehash->{$item}{$cid}) eq 'HASH') {
                             my $spanstart = '';
@@ -1335,6 +1471,13 @@ sub gather_userinfo {
                             my $space = ', ';
                             if ($format eq 'html' || $format eq 'view') {
                                 $spanstart = '<span class="LC_nobreak">';
+                                if ($permission->{'cusr'}) {
+                                    if ($numcids > 1) {
+                                        $spanstart .= '<input type="radio" name="'.$item.'" value="'.$cid.'" &nbsp; />';
+                                    } else {
+                                        $spanstart .= '<input type="hidden" name="'.$item.'" value="'.$cid.'" &nbsp; />';
+                                    }
+                                }
                                 $spanend = '</span><br />';
                                 $space = ',&nbsp;';
                             }
@@ -1357,6 +1500,7 @@ sub gather_userinfo {
 
 sub build_user_record {
     my ($userdata,$userinfo,$indexhash,$record_key,$userlist) = @_;
+    next if ($userdata->{'start'} eq '-1' && $userdata->{'end'} eq '-1');
     &process_date_info($userdata);
     my $username = $userdata->{'username'};
     my $domain = $userdata->{'domain'};
@@ -1388,11 +1532,11 @@ sub courses_selector {
     my %idnums = ();
     my %idlist_titles = ();
     my $caller = 'global';
-    my $totcodes = 0;
     my $format_reply;
     my $jscript = '';
 
-    my $totcodes =
+    my $totcodes = 0;
+    $totcodes =
         &Apache::courseclassifier::retrieve_instcodes(\%coursecodes,
                                                       $cdom,$totcodes);
     if ($totcodes > 0) {
@@ -1594,7 +1738,7 @@ sub process_date_info {
 }
 
 sub show_users_list {
-    my ($r,$context,$mode,$linkto,$statusmode,$userlist,$keylist)=@_;
+    my ($r,$context,$mode,$permission,$statusmode,$userlist,$keylist)=@_;
     #
     # Variables for excel output
     my ($excel_workbook, $excel_sheet, $excel_filename,$row,$format);
@@ -1612,6 +1756,7 @@ sub show_users_list {
     if (!grep(/^\Q$sortby\E$/,@sortable)) {
         $sortby = 'username';
     }
+    my $setting = $env{'form.roleaction'};
     my ($cid,$cdom,$cnum,$classgroups,$displayphotos,$displayclickers);
     if ($context eq 'course') {
         $cid=$env{'request.course.id'};
@@ -1646,7 +1791,69 @@ function photowindow(photolink) {
 END
     }
     unless ($mode eq 'autoenroll') {
+        my $check_uncheck_js = &Apache::loncommon::check_uncheck_jscript();
+        my $alert = &mt("You must select at least one user by checking a user's 'Select' checkbox");
+        my $singconfirm = &mt(' for a single user');
+        my $multconfirm = &mt(' for multiple users');
+        my $date_sec_selector = &date_section_javascript($context,$setting,$statusmode); 
         $r->print(<<END);
+
+<script type="text/javascript" language="Javascript">
+$check_uncheck_js
+
+function verify_action (field) {
+    var numchecked = 0;
+    var singconf = '$singconfirm';
+    var multconf = '$multconfirm';
+    if (field.length > 0) {
+        for (i = 0; i < field.length; i++) {
+            if (field[i].checked == true) {
+               numchecked ++;
+            }
+        }
+    } else {
+        if (field.checked == true) {
+            numchecked ++;
+        }
+    }
+    if (numchecked == 0) {
+        alert("$alert");
+    } 
+    else {
+        var message = document.studentform.bulkaction[document.studentform.bulkaction.selectedIndex].text;
+        if (numchecked == 1) { 
+            message += singconf;
+        } 
+        else {
+            message += multconf; 
+        }
+        if (confirm(message)) {
+            document.studentform.phase.value = 'bulkchange';
+            document.studentform.submit();
+        }
+    }
+}
+
+function username_display_launch(username,domain) {
+    var target;
+    for (var i=0; i<document.studentform.usernamelink.length; i++) {
+        if (document.studentform.usernamelink[i].checked) {
+            target = document.studentform.usernamelink[i].value;
+        }
+    }
+    if (target == 'modify') {
+        document.studentform.srchterm.value=username;
+        document.studentform.srchdomain.value=domain;
+        document.studentform.phase.value='get_user_info';
+        document.studentform.action.value = 'singleuser';
+        document.studentform.submit();
+    }
+    else {
+        document.location.href = '/adm/'+domain+'/'+username+'/aboutme';
+    }
+}
+</script>
+$date_sec_selector
 <input type="hidden" name="state" value="$env{'form.state'}" />
 END
     }
@@ -1670,10 +1877,17 @@ END
                        'clicker'    => "clicker id",
                        'photo'      => "photo",
                        'extent'     => "extent",
+                       'pr'         => "Proceed",
+                       'ca'         => "check all",
+                       'ua'         => "uncheck all",
+                       'ac'         => "Action to take for selected users",
+                       'link'       => "Behavior of username links",
+                       'aboutme'    => "Display a user's personal page",
+                       'modify'     => "Modify a user's information",
                       );
     if ($context eq 'domain' && $env{'form.roletype'} eq 'course') {
         $lt{'extent'} = &mt('Course(s): description, section(s), status');
-    } elsif ($context eq 'construction_space') {
+    } elsif ($context eq 'author') {
         $lt{'extent'} = &mt('Author'); 
     }
     my @cols = ('username','domain','id','fullname');
@@ -1686,7 +1900,7 @@ END
     if ($env{'form.showrole'} eq 'Any' || $env{'form.showrole'} eq 'cr') {
         push(@cols,'role');
     }
-    if ($context eq 'domain' && ($env{'form.roletype'} eq 'construction_space' ||
+    if ($context eq 'domain' && ($env{'form.roletype'} eq 'author' ||
                                 $env{'form.roletype'} eq 'course')) {
         push (@cols,'extent');
     }
@@ -1699,73 +1913,109 @@ END
     }
     push(@cols,'email');
 
-    my $rolefilter;
-    if ($env{'form.showrole'} ne 'Any') {
+    my $rolefilter = $env{'form.showrole'};
+    if ($env{'form.showrole'} eq 'cr') {
+        $rolefilter = &mt('custom');  
+    } elsif ($env{'form.showrole'} ne 'Any') {
         $rolefilter = &Apache::lonnet::plaintext($env{'form.showrole'});
     }
     my $results_description = &results_header_row($rolefilter,$statusmode,
                                                   $context);
     $r->print('<b>'.$results_description.'</b><br />');
+    my ($output,$actionselect);
     if ($mode eq 'html' || $mode eq 'view') {
-        if ($linkto eq 'aboutme') {
-            $r->print(&mt("Select a user name to view the user's personal page."));
-        } elsif ($linkto eq 'modify') {
-            $r->print(&mt("Select a user name to modify the user's information"));
+        if ($permission->{'cusr'}) {
+            $actionselect = &select_actions($context,$setting,$statusmode);
         }
         $r->print(<<END);
-<input type="hidden" name="sname"  value="" />
-<input type="hidden" name="sdom"   value="" />
+<input type="hidden" name="srchby"  value="uname" />
+<input type="hidden" name="srchin"   value="dom" />
+<input type="hidden" name="srchtype" value="exact" />
+<input type="hidden" name="srchterm" value="" />
+<input type="hidden" name="srchdomain" value="" /> 
 END
-        $r->print("\n<p>\n".
+         if ($mode ne 'autoenroll') {
+             $output = '<p>';
+             my @linkdests = ('aboutme');
+             if ($permission->{'cusr'}) {
+                 push (@linkdests,'modify');
+                 $output .= '<span class="LC_nobreak">'.$lt{'link'}.':&nbsp;';
+                 my $usernamelink = $env{'form.usernamelink'};
+                 if ($usernamelink eq '') {
+                     $usernamelink = 'aboutme';
+                 }
+                 foreach my $item (@linkdests) {
+                     my $checkedstr = '';
+                     if ($item eq $usernamelink) {
+                         $checkedstr = ' checked="checked" ';
+                     }
+                     $output .= '<label><input type="radio" name="usernamelink" value="'.$item.'"'.$checkedstr.'>&nbsp;'.$lt{$item}.'</label>&nbsp;&nbsp;';
+                 }
+                 $output .= '</span><br />';
+             } else {
+                 $output .= &mt("Click on a username to view the user's personal page.").'<br />';
+             }
+             if ($actionselect) {
+                 $output .= <<"END"; 
+$lt{'ac'}:&nbsp;$actionselect <input type="button" value="$lt{'pr'}" onclick="javascript:verify_action(document.studentform.actionlist)" /></p>
+<p><input type="button" value="$lt{'ca'}" onclick="javascript:checkAll(document.studentform.actionlist)" /> &nbsp;
+<input type="button" value="$lt{'ua'}" onclick="javascript:uncheckAll(document.studentform.actionlist)" />
+END
+             }
+        }
+        $output .= "\n<p>\n".
                   &Apache::loncommon::start_data_table().
-                  &Apache::loncommon::start_data_table_header_row());
+                  &Apache::loncommon::start_data_table_header_row();
         if ($mode eq 'autoenroll') {
-            $r->print("
+            $output .= "
  <th><a href=\"javascript:document.studentform.sortby.value='type';document.studentform.submit();\">$lt{'type'}</a></th>
-            ");
+            ";
         } else {
-            $r->print("
-<th>Count</th>
-            ");
+            $output .= "\n".'<th>'.&mt('Count').'</th>'."\n";
+            if ($actionselect) {
+                $output .= '<th>'.&mt('Select').'</th>'."\n";
+            }
         }
         foreach my $item (@cols) {
-            $r->print("<th><a href=\"javascript:document.studentform.sortby.value='$item';document.studentform.submit();\">$lt{$item}</a></th>\n");
+            $output .= "<th><a href=\"javascript:document.studentform.sortby.value='$item';document.studentform.submit();\">$lt{$item}</a></th>\n";
         }
         my %role_types = &role_type_names();
         if ($context eq 'course') {
-            # Clicker display on or off?
-            my %clicker_options = &Apache::lonlocal::texthash(
-                                                        'on' => 'Show',
-                                                        'off' => 'Hide',
-                                                       );
-            my $clickerchg = 'on';
-            if ($displayclickers eq 'on') {
-                $clickerchg = 'off';
-            }
-            $r->print('    <th>'."\n".'     '.
-                '<a href="javascript:document.studentform.displayclickers.value='.
+            if ($env{'form.showrole'} eq 'st' || $env{'form.showrole'} eq 'Any') {
+                # Clicker display on or off?
+                my %clicker_options = &Apache::lonlocal::texthash(
+                                                            'on' => 'Show',
+                                                            'off' => 'Hide',
+                                                           );
+                my $clickerchg = 'on';
+                if ($displayclickers eq 'on') {
+                    $clickerchg = 'off';
+                }
+                $output .= '    <th>'."\n".'     '.
+                    '<a href="javascript:document.studentform.displayclickers.value='.
                       "'".$clickerchg."'".';document.studentform.submit();">'.
                       $clicker_options{$clickerchg}.'</a>&nbsp;'.$lt{'clicker'}."\n".
-                      '    </th>'."\n");
+                      '    </th>'."\n";
 
-            # Photo display on or off?
-            if ($env{'course.'.$env{'request.course.id'}.'.internal.showphoto'}) {
-                my %photo_options = &Apache::lonlocal::texthash(
-                                                        'on' => 'Show',
-                                                        'off' => 'Hide',
-                                                            );
-                my $photochg = 'on';
-                if ($displayphotos eq 'on') {
-                    $photochg = 'off';
-                }
-                $r->print('    <th>'."\n".'     '.
-            '<a href="javascript:document.studentform.displayphotos.value='.
+                # Photo display on or off?
+                if ($env{'course.'.$env{'request.course.id'}.'.internal.showphoto'}) {
+                    my %photo_options = &Apache::lonlocal::texthash(
+                                                            'on' => 'Show',
+                                                            'off' => 'Hide',
+                                                                );
+                    my $photochg = 'on';
+                    if ($displayphotos eq 'on') {
+                        $photochg = 'off';
+                    }
+                    $output .= '    <th>'."\n".'     '.
+                '<a href="javascript:document.studentform.displayphotos.value='.
                       "'".$photochg."'".';document.studentform.submit();">'.
                       $photo_options{$photochg}.'</a>&nbsp;'.$lt{'photo'}."\n".
-                      '    </th>'."\n");
+                      '    </th>'."\n";
+                }
             }
-            $r->print(&Apache::loncommon::end_data_table_header_row());
-        } 
+            $output .= &Apache::loncommon::end_data_table_header_row();
+        }
 # Done with the HTML header line
     } elsif ($mode eq 'csv') {
         #
@@ -1805,15 +2055,29 @@ END
     foreach my $idx (@$keylist) {
         $index{$idx} = $i++;
     }
+    my $usercount = 0;
     # Get groups, role, permanent e-mail so we can sort on them if
     # necessary.
     foreach my $user (keys(%{$userlist})) {
+        if ($context eq 'domain' &&  $user eq $env{'request.role.domain'}.'-domainconfig:'.$env{'request.role.domain'}) {
+            delete($userlist->{$user});
+            next;
+        }
         my ($uname,$udom,$role,$groups,$email);
+        if (($statusmode ne 'Any') && 
+                 ($userlist->{$user}->[$index{'status'}] ne $statusmode)) {
+            delete($userlist->{$user});
+            next;
+        }
         if ($context eq 'domain') {
             if ($env{'form.roletype'} eq 'domain') {
                 ($role,$uname,$udom) = split(/:/,$user);
-               
-            } elsif ($env{'form.roletype'} eq 'construction_space') {
+                if (($uname eq $env{'request.role.domain'}.'-domainconfig') &&
+                    ($udom eq $env{'request.role.domain'})) {
+                    delete($userlist->{$user});
+                    next;
+                }
+            } elsif ($env{'form.roletype'} eq 'author') {
                 ($uname,$udom,$role) = split(/:/,$user,-1);
             } elsif ($env{'form.roletype'} eq 'course') {
                 ($uname,$udom,$role) = split(/:/,$user);
@@ -1839,8 +2103,21 @@ END
         if ($emails{'permanentemail'} =~ /\S/) {
             $userlist->{$user}->[$index{'email'}] = $emails{'permanentemail'};
         }
+        $usercount ++;
+    }
+    my $autocount = 0;
+    my $manualcount = 0;
+    my $lockcount = 0;
+    my $unlockcount = 0;
+    if ($usercount) {
+        $r->print($output);
+    } else {
+        if ($mode eq 'autoenroll') {
+            return ($usercount,$autocount,$manualcount,$lockcount,$unlockcount);
+        } else {
+            return;
+        }
     }
-
     #
     # Sort the users
     my $index  = $index{$sortby};
@@ -1852,18 +2129,15 @@ END
         lc($userlist->{$a}->[$second]) cmp lc($userlist->{$b}->[$second])            ||
         lc($userlist->{$a}->[$third]) cmp lc($userlist->{$b}->[$third])
         } (keys(%$userlist));
-    my $usercount = 0;
-    my $autocount = 0;
-    my $manualcount = 0;
-    my $lockcount = 0;
-    my $unlockcount = 0;
+    my $rowcount = 0;
     foreach my $user (@sorted_users) {
-        my $sdata = $userlist->{$user};
         my %in;
+        my $sdata = $userlist->{$user};
+        $rowcount ++; 
         foreach my $item (@{$keylist}) {
             $in{$item} = $sdata->[$index{$item}];
         }
-        next if (($statusmode ne 'Any') && ($in{'status'} ne $statusmode));
+        my $role = $in{'role'};
         $in{'role'}=&Apache::lonnet::plaintext($sdata->[$index{'role'}]); 
         if (! defined($in{'start'}) || $in{'start'} == 0) {
             $in{'start'} = &mt('none');
@@ -1875,45 +2149,53 @@ END
         } else {
             $in{'end'} = &Apache::lonlocal::locallocaltime($in{'end'});
         }
-        $usercount ++;
         if ($mode eq 'view' || $mode eq 'html' || $mode eq 'autoenroll') {
             $r->print(&Apache::loncommon::start_data_table_row());
-            $r->print("<td>$usercount</td>\n");
-            if ($linkto eq 'aboutme') {
-                $in{'username'} = 
-                    &Apache::loncommon::aboutmewrapper($in{'username'},
-                                                       $in{'username'},
-                                                       $in{'domain'});
-            } elsif ($linkto eq 'modify') {
-                $in{'username'} = '<a href="'.
-                          "javascript:document.studentform.sname.value='".
-                           $in{'username'}.
-                           "';document.studentform.sdom.value='".$in{'domain'}.
-                           "';document.studentform.state.value='selected".
-                           "';document.studentform.submit();".'">'.
-                           $in{'username'}."</a>\n";
+            $r->print("<td>$rowcount</td>\n");
+            my $checkval;
+            if ($mode ne 'autoenroll' && $actionselect) {
+                $checkval = $user; 
+                if ($context eq 'course') {
+                    if ($role eq 'st') {
+                        $checkval .= ':st';
+                    }
+                    $checkval .= ':'.$in{'section'};
+                    if ($role eq 'st') {
+                        $checkval .= ':'.$in{'type'}.':'.$in{'lockedtype'};
+                    }
+                }
+                $r->print('<td><input type="checkbox" name="actionlist" value="'.
+                          $checkval.'"></td>');
             }
             foreach my $item (@cols) {
-                $r->print('<td>'.$in{$item}.'</td>'."\n");
+                if ($item eq 'username') {
+                    $r->print('<td>'.&print_username_link($permission,\%in).'</td>');
+                } elsif (($item eq 'start' || $item eq 'end') && ($mode ne 'autoeroll') && ($actionselect)) {
+                    $r->print('<td>'.$in{$item}.'<input type="hidden" name="'.$checkval.'_'.$item.'" value="'.$sdata->[$index{$item}].'" /></td>'."\n");
+                } else {
+                    $r->print('<td>'.$in{$item}.'</td>'."\n");
+                }
             }
             if ($context eq 'course') {
-                if ($displayclickers eq 'on') {
-                    my $clickers =
+                if ($env{'form.showrole'} eq 'st' || $env{'form.showrole'} eq 'Any') {
+                    if ($displayclickers eq 'on') {
+                        my $clickers =
                    (&Apache::lonnet::userenvironment($in{'domain'},$in{'username'},'clickers'))[1];
-                    if ($clickers!~/\w/) { $clickers='-'; }
-                    $r->print('<td>'.$clickers.'</td>');
-                } else {
-                    $r->print('    <td>&nbsp;</td>  ');
-                }
-                if ($displayphotos eq 'on') {
-                    if ($env{'course.'.$env{'request.course.id'}.
-                        '.internal.showphoto'}) {
-                        my $imgurl =
-               &Apache::lonnet::retrievestudentphoto($in{'domain'},$in{'username'},'gif','thumbnail');
-                        $r->print('    <td align="right"><a href="javascript:photowindow('."'".&Apache::lonnet::studentphoto($in{'domain'},$in{'username'},'jpg')."'".')"><img src="'.$imgurl.'" border="1"></a></td>');
+                        if ($clickers!~/\w/) { $clickers='-'; }
+                        $r->print('<td>'.$clickers.'</td>');
                     } else {
                         $r->print('    <td>&nbsp;</td>  ');
                     }
+                    if ($env{'course.'.$env{'request.course.id'}.'.internal.showphoto'}) {
+                        if ($displayphotos eq 'on' && $sdata->[$index{'role'}] eq 'st') {
+                            my $imgurl =
+                        &Apache::lonnet::retrievestudentphoto($in{'domain'},$in{'username'},
+                                                          'gif','thumbnail');
+                            $r->print('    <td align="right"><a href="javascript:photowindow('."'".&Apache::lonnet::studentphoto($in{'domain'},$in{'username'},'jpg')."'".')"><img src="'.$imgurl.'" border="1"></a></td>');
+                        } else {
+                            $r->print('    <td>&nbsp;</td>  ');
+                        }
+                    }
                 }
             }
             $r->print(&Apache::loncommon::end_data_table_row());
@@ -1968,31 +2250,299 @@ END
     }
     if ($mode eq 'autoenroll') {
         return ($usercount,$autocount,$manualcount,$lockcount,$unlockcount);
+    } else {
+        return ($usercount);
     }
-    return;
+}
+
+sub print_username_link {
+    my ($permission,$in) = @_;
+    my $output;
+    if (!$permission->{'cusr'}) {
+        $output = &Apache::loncommon::aboutmewrapper($in->{'username'},
+                                                     $in->{'username'},
+                                                     $in->{'domain'});
+    } else {
+        $output = '<a href="javascript:username_display_launch('.
+                  "'$in->{'username'}','$in->{'domain'}'".')" />'.
+                  $in->{'username'}.'</a>';
+    }
+    return $output;
 }
 
 sub role_type_names {
     my %lt = &Apache::lonlocal::texthash (
-                         'domain'             => 'Domain Roles',
-                         'construction_space' => 'Co-Author Roles',
-                         'course'             => 'Course Roles',
+                         'domain' => 'Domain Roles',
+                         'author' => 'Co-Author Roles',
+                         'course' => 'Course Roles',
              );
     return %lt;
 }
 
+sub select_actions {
+    my ($context,$setting,$statusmode) = @_;
+    my %lt = &Apache::lonlocal::texthash(
+                revoke   => "Revoke user roles",
+                delete   => "Delete user roles",
+                reenable => "Re-enable expired user roles",
+                activate => "Make future user roles active now",
+                chgdates  => "Change starting/ending dates",
+                chgsec   => "Change section associated with user roles",
+    );
+    my ($output,$options,%choices);
+    if ($statusmode eq 'Any') {
+        $options .= '
+<option value="chgdates">'.$lt{'chgdates'}.'</option>';
+        $choices{'dates'} = 1;
+    } else {
+        if ($statusmode eq 'Future') {
+            $options .= '
+<option value="activate">'.$lt{'activate'}.'</option>';
+            $choices{'dates'} = 1;
+        } elsif ($statusmode eq 'Expired') {
+            $options .= '
+<option value="reenable">'.$lt{'reenable'}.'</option>';
+            $choices{'dates'} = 1;
+        }
+        if ($statusmode eq 'Active' || $statusmode eq 'Future') {
+            $options .= '
+<option value="chgdates">'.$lt{'chgdates'}.'</option>
+<option value="revoke">'.$lt{'revoke'}.'</option>';
+            $choices{'dates'} = 1;
+        }
+    }
+    if ($context eq 'domain') {
+        $options .= '
+<option value="delete">'.$lt{'delete'}.'</option>';
+    }
+    if (($context eq 'course') || ($context eq 'domain' && $setting eq 'course')) {
+        if ($statusmode ne 'Expired') {
+            $options .= '
+<option value="chgsec">'.$lt{'chgsec'}.'</option>';
+            $choices{'sections'} = 1;
+        }
+    }
+    if ($options) {
+        $output = '<select name="bulkaction" onchange="javascript:opendatebrowser(this.form,'."'studentform'".')" />'."\n".
+                  '<option value="" selected="selected">'.
+                  &mt('Please select').'</option>'."\n".$options."\n".'</select>';
+        if ($choices{'dates'}) {
+            $output .= 
+                '<input type="hidden" name="startdate_month" value="" />'."\n".
+                '<input type="hidden" name="startdate_day" value="" />'."\n".
+                '<input type="hidden" name="startdate_year" value="" />'."\n".
+                '<input type="hidden" name="startdate_hour" value="" />'."\n".
+                '<input type="hidden" name="startdate_minute" value="" />'."\n".
+                '<input type="hidden" name="startdate_second" value="" />'."\n".
+                '<input type="hidden" name="enddate_month" value="" />'."\n".
+                '<input type="hidden" name="enddate_day" value="" />'."\n".
+                '<input type="hidden" name="enddate_year" value="" />'."\n".
+                '<input type="hidden" name="enddate_hour" value="" />'."\n".
+                '<input type="hidden" name="enddate_minute" value="" />'."\n".
+                '<input type="hidden" name="enddate_second" value="" />'."\n";
+            if ($context eq 'course') {
+                $output .= '<input type="hidden" name="makedatesdefault" value="" />'."\n";
+            }
+        }
+        if ($choices{'sections'}) {
+            $output .= '<input type="hidden" name="retainsec" value= "" />'."\n".
+                       '<input type="hidden" name="newsecs" value= "" />'."\n";
+        }
+    }
+    return $output;
+}
+
+sub date_section_javascript {
+    my ($context,$setting) = @_;
+    my $title;
+    if (($context eq 'course') || ($context eq 'domain' && $setting eq 'course'))  {
+        $title = &mt('Date and Section selector');
+    } else {
+        $title = &mt('Date selector');
+    }
+    my $output = '
+<script type="text/javascript">
+    var stdeditbrowser;'."\n";
+    $output .= <<"ENDONE";
+    function opendatebrowser(callingform,formname) {
+        var bulkaction = callingform.bulkaction.options[callingform.bulkaction.selectedIndex].value;
+        if (bulkaction == 'revoke' || bulkaction == 'delete' || bulkaction == '') {
+            return;
+        }
+        var url = '/adm/createuser?';
+        var type = '';
+        var showrole = callingform.showrole.options[callingform.showrole.selectedIndex].value;
+ENDONE
+    if ($context eq 'domain') {
+        $output .= '
+        type = callingform.roletype.options[callingform.roletype.selectedIndex].value;
+';
+    }
+    my $width= '700';
+    my $height = '400';
+    $output .= <<"ENDTWO";
+        url += 'action=dateselect&callingform=' + formname + 
+               '&roletype='+type+'&showrole='+showrole +'&bulkaction='+bulkaction;
+        var title = '$title';
+        var options = 'scrollbars=1,resizable=1,menubar=0';
+        options += ',width=$width,height=$height';
+        stdeditbrowser = open(url,title,options,'1');
+        stdeditbrowser.focus();
+    }
+</script>
+ENDTWO
+    return $output;
+}
+
+sub date_section_selector {
+    my ($context) = @_;
+    my $callingform = $env{'form.callingform'};
+    my $formname = 'dateselect';  
+    my $groupslist = &get_groupslist();
+    my $sec_js = &setsections_javascript($formname,$groupslist);
+    my $output = <<"END";
+<script type="text/javascript">
+
+$sec_js
+
+function saveselections(formname) {
+
+END
+    if ($env{'form.bulkaction'} eq 'chgsec') {
+        $output .= <<"END";
+        opener.document.$callingform.retainsec.value = formname.retainsec.value;
+        setSections(formname);
+        if (seccheck == 'ok') {
+            opener.document.$callingform.newsecs.value = formname.sections.value;
+            window.close();
+        }
+        return;
+END
+    } else {
+        if ($context eq 'course') {
+            if (($env{'form.bulkaction'} eq 'reenable') || 
+                ($env{'form.bulkaction'} eq 'activate') || 
+                ($env{'form.bulkaction'} eq 'chgdates')) {
+                $output .= <<"END";
+ 
+        if (formname.makedatesdefault.checked == true) {
+            opener.document.$callingform.makedatesdefault.value = 1;
+        }
+        else {
+            opener.document.$callingform.makedatesdefault.value = 0;
+        }
+
+END
+            }
+        }
+        $output .= <<"END";
+    opener.document.$callingform.startdate_month.value =  formname.startdate_month.options[formname.startdate_month.selectedIndex].value;
+    opener.document.$callingform.startdate_day.value =  formname.startdate_day.value;
+    opener.document.$callingform.startdate_year.value = formname.startdate_year.value;
+    opener.document.$callingform.startdate_hour.value =  formname.startdate_hour.options[formname.startdate_hour.selectedIndex].value;
+    opener.document.$callingform.startdate_minute.value =  formname.startdate_minute.value;
+    opener.document.$callingform.startdate_second.value = formname.startdate_second.value;
+    opener.document.$callingform.enddate_month.value =  formname.enddate_month.options[formname.enddate_month.selectedIndex].value;
+    opener.document.$callingform.enddate_day.value =  formname.enddate_day.value;
+    opener.document.$callingform.enddate_year.value = formname.enddate_year.value;
+    opener.document.$callingform.enddate_hour.value =  formname.enddate_hour.options[formname.enddate_hour.selectedIndex].value;
+    opener.document.$callingform.enddate_minute.value =  formname.enddate_minute.value;
+    opener.document.$callingform.enddate_second.value = formname.enddate_second.value;
+    window.close();
+END
+    }
+    $output .= '
+}
+</script>
+';
+    my %lt = &Apache::lonlocal::texthash (
+                 chac => 'Access dates to apply for selected users',
+                 chse => 'Changes in section affiliation to apply to selected users',
+                 fors => 'For student roles changing the section, will result in a section switch as students may only be in one section of a course at a time.',
+                 forn => 'For a role in a course that is not a student role, a user may have roles in more than one section of a course at a time.',
+                 reta => "Retain each user's current section affiliations?", 
+                 dnap => '(Does not apply to student roles).', 
+            );
+    my ($date_items,$headertext);
+    if ($env{'form.bulkaction'} eq 'chgsec') {
+        $headertext = $lt{'chse'};
+    } else {
+        $headertext = $lt{'chac'};
+        my $starttime;
+        if (($env{'form.bulkaction'} eq 'activate') || 
+            ($env{'form.bulkaction'} eq 'reenable')) {
+            $starttime = time;
+        }
+        $date_items = &date_setting_table($starttime,undef,$context,
+                                          $env{'form.bulkaction'});
+    }
+    $output .= '<h3>'.$headertext.'</h3>'.
+               '<form name="'.$formname.'" method="post">'."\n".
+                $date_items;
+    if ($context eq 'course' && $env{'form.bulkaction'} eq 'chgsec') {
+        my $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'};
+        my $cnum = $env{'course.'.$env{'request.course.id'}.'.num'};
+        my %sections_count =
+            &Apache::loncommon::get_sections($cdom,$cnum);
+        my $info;
+        if ($env{'form.showrole'} eq 'st') {
+            $output .= '<p>'.$lt{'fors'}.'</p>'; 
+        } elsif ($env{'form.shorole'} eq 'Any') {
+            $output .= '<p>'.$lt{'fors'}.'</p>'.
+                       '<p>'.$lt{'forn'}.'&nbsp;';
+            $info = $lt{'reta'};
+        } else {
+            $output .= '<p>'.$lt{'forn'}.'&nbsp;';
+            $info = $lt{'reta'};
+        }
+        if ($info) {
+            $info .= '<span class="LC_nobreak">'.
+                     '<label><input type="radio" name="retainsec" value="1" '.
+                     'checked="checked" />'.&mt('Yes').'</label>&nbsp;&nbsp;'.
+                     '<label><input type="radio" name="retainsec" value="0" />'.
+                     &mt('No').'</label></span>';
+            if ($env{'form.showrole'} eq 'Any') {
+                $info .= '<br />'.$lt{'dnap'};
+            }
+            $info .= '</p>';
+        } else {
+            $info = '<input type="hidden" name="retainsec" value="0" />'; 
+        }
+        my $sections_select .= &course_sections(\%sections_count,$env{'form.showrole'});
+        my $secbox = '<p>'.&Apache::lonhtmlcommon::start_pick_box()."\n".
+                     &Apache::lonhtmlcommon::row_title(&mt('New section to assign'),'LC_oddrow_value')."\n".
+                     '<table class="LC_createuser"><tr class="LC_section_row">'."\n".
+                     '<td align="center">'.&mt('Existing sections')."\n".
+                     '<br />'.$sections_select.'</td><td align="center">'.
+                     &mt('New section').'<br />'."\n".
+                     '<input type="text" name="newsec" size="15" />'."\n".
+                     '<input type="hidden" name="sections" value="" />'."\n".
+                     '</td></tr></table>'."\n".
+                     &Apache::lonhtmlcommon::row_closure(1)."\n".
+                     &Apache::lonhtmlcommon::end_pick_box().'</p>';
+        $output .= $info.$secbox;
+    }
+    $output .= '<p>'.
+&mt('Use "Save" to update the main window with your selections.').'<br /><br />'.
+'<input type="button" name="dateselection" value="'.&mt('Save').'" onclick="javascript:saveselections(this.form)" /></p>'."\n".
+'</form>';
+    return $output;
+}
+
 sub results_header_row {
     my ($rolefilter,$statusmode,$context) = @_;
-    my $description;
+    my ($description,$showfilter);
+    if ($rolefilter ne 'Any') {
+        $showfilter = $rolefilter;
+    }
     if ($context eq 'course') {
         $description = &mt('Course - ').$env{'course.'.$env{'request.course.id'}.'.description'}.': ';
         if ($statusmode eq 'Expired') {
-            $description .= &mt('Users in course with expired [_1] roles',$rolefilter);
-        }
-        if ($statusmode eq 'Future') {
-            $description .= &mt('Users in course with future [_1] roles',$rolefilter);
+            $description .= &mt('Users in course with expired [_1] roles',$showfilter);
+        } elsif ($statusmode eq 'Future') {
+            $description .= &mt('Users in course with future [_1] roles',$showfilter);
         } elsif ($statusmode eq 'Active') {
-            $description .= &mt('Users in course with active [_1] roles',$rolefilter);
+            $description .= &mt('Users in course with active [_1] roles',$showfilter);
         } else {
             if ($rolefilter eq 'Any') {
                 $description .= &mt('All users in course');
@@ -2000,17 +2550,17 @@ sub results_header_row {
                 $description .= &mt('All users in course with [_1] roles',$rolefilter);
             }
         }
-    } elsif ($context eq 'construction_space') {
+    } elsif ($context eq 'author') {
         $description = &mt('Author space for [_1].').' ';
         if ($statusmode eq 'Expired') {
-            $description .= &mt('Co-authors with expired [_1] roles',$rolefilter);
+            $description .= &mt('Co-authors with expired [_1] roles',$showfilter);
         } elsif ($statusmode eq 'Future') {
-            $description .= &mt('Co-authors with future [_1] roles',$rolefilter);
+            $description .= &mt('Co-authors with future [_1] roles',$showfilter);
         } elsif ($statusmode eq 'Active') {
-            $description .= &mt('Co-authors with active [_1] roles',$rolefilter);
+            $description .= &mt('Co-authors with active [_1] roles',$showfilter);
         } else {
             if ($rolefilter eq 'Any') {
-                $description .= &mt('All co-authors',$rolefilter);
+                $description .= &mt('All co-authors');
             } else {
                 $description .= &mt('All co-authors with [_1] roles',$rolefilter);
             }
@@ -2020,28 +2570,28 @@ sub results_header_row {
         $description = &mt('Domain - ').$domdesc.': ';
         if ($env{'form.roletype'} eq 'domain') {
             if ($statusmode eq 'Expired') {
-                $description .= &mt('Users in domain with expired [_1] roles',$rolefilter);
+                $description .= &mt('Users in domain with expired [_1] roles',$showfilter);
             } elsif ($statusmode eq 'Future') {
-                $description .= &mt('Users in domain with future [_1] roles',$rolefilter);
+                $description .= &mt('Users in domain with future [_1] roles',$showfilter);
             } elsif ($statusmode eq 'Active') {
-                $description .= &mt('Users in domain with active [_1] roles',$rolefilter);
+                $description .= &mt('Users in domain with active [_1] roles',$showfilter);
             } else {
                 if ($rolefilter eq 'Any') {
-                    $description .= &mt('All users in domain',$rolefilter);
+                    $description .= &mt('All users in domain');
                 } else {
                     $description .= &mt('All users in domain with [_1] roles',$rolefilter);
                 }
             }
-        } elsif ($env{'form.roletype'} eq 'construction_space') {
+        } elsif ($env{'form.roletype'} eq 'author') {
             if ($statusmode eq 'Expired') {
-                $description .= &mt('Co-authors in domain with expired [_1] roles',$rolefilter);
+                $description .= &mt('Co-authors in domain with expired [_1] roles',$showfilter);
             } elsif ($statusmode eq 'Future') {
-                $description .= &mt('Co-authors in domain with future [_1] roles',$rolefilter);
+                $description .= &mt('Co-authors in domain with future [_1] roles',$showfilter);
             } elsif ($statusmode eq 'Active') {
-               $description .= &mt('Co-authors in domain with active [_1] roles',$rolefilter);
+               $description .= &mt('Co-authors in domain with active [_1] roles',$showfilter);
             } else {
                 if ($rolefilter eq 'Any') {
-                    $description .= &mt('All users with co-author roles in domain',$rolefilter);
+                    $description .= &mt('All users with co-author roles in domain',$showfilter);
                 } else {
                     $description .= &mt('All co-authors in domain  with [_1] roles',$rolefilter);
                 }
@@ -2061,11 +2611,11 @@ sub results_header_row {
                 $description .= &mt('All courses in domain').' - ';
             }
             if ($statusmode eq 'Expired') {
-                $description .= &mt('users with expired [_1] roles',$rolefilter);
+                $description .= &mt('users with expired [_1] roles',$showfilter);
             } elsif ($statusmode eq 'Future') {
-                $description .= &mt('users with future [_1] roles',$rolefilter);
+                $description .= &mt('users with future [_1] roles',$showfilter);
             } elsif ($statusmode eq 'Active') {
-                $description .= &mt('users with active [_1] roles',$rolefilter);
+                $description .= &mt('users with active [_1] roles',$showfilter);
             } else {
                 if ($rolefilter eq 'Any') {
                     $description .= &mt('all users');
@@ -2358,7 +2908,7 @@ sub upfile_drop_add {
         } elsif ($setting eq 'course') {
             $defaultrole = $env{'form.courserole'};
         }  
-    } elsif ($context eq 'construction_space') {
+    } elsif ($context eq 'author') {
         $defaultrole = $env{'form.defaultrole'};
     }
     if ($context eq 'domain' && $setting eq 'course') { 
@@ -2381,7 +2931,7 @@ sub upfile_drop_add {
         #######################################
         if ($context eq 'course') {
             $r->print('<h3>'.&mt('Enrolling Users')."</h3>\n<p>\n");
-        } elsif ($context eq 'construction_space') {
+        } elsif ($context eq 'author') {
             $r->print('<h3>'.&mt('Updating Co-authors')."</h3>\n<p>\n");
         } else {
             $r->print('<h3>'.&mt('Adding/Modifying Users')."</h3>\n<p>\n");
@@ -2399,6 +2949,7 @@ sub upfile_drop_add {
             # Get information about course groups
             %curr_groups = &Apache::longroup::coursegroups();
         }
+        my (%curr_rules,%got_rules,%alerts);
         # Get new users list
         foreach (@userdata) {
             my %entries=&Apache::loncommon::record_sep($_);
@@ -2430,7 +2981,7 @@ sub upfile_drop_add {
           $entries{$fields{'username'}},$fname,$mname,$lname,$gen).
                               '</b>');
                 } else {
-                    my $username = $entries{$fields{'username'}}; 
+                    my $username = $entries{$fields{'username'}};
                     my $sec;
                     if ($context eq 'course' || $setting eq 'course') {
                         # determine section number
@@ -2501,6 +3052,50 @@ sub upfile_drop_add {
                              \$lname,\$gen,\$sec,\$role) {
                         $$_ =~ s/(\s+$|^\s+)//g;
                     }
+                    # check against rules
+                    my $checkid = 0;
+                    my $newuser = 0;
+                    my (%rulematch,%inst_results,%idinst_results);
+                    my $uhome=&Apache::lonnet::homeserver($username,$domain);
+                    if ($uhome eq 'no_host') {
+                        $checkid = 1;
+                        $newuser = 1;
+                        my $checkhash;
+                        my $checks = { 'username' => 1 };
+                        $checkhash->{$username.':'.$domain} = { 'newuser' => 1, };
+                        &Apache::loncommon::user_rule_check($checkhash,$checks,
+                            \%alerts,\%rulematch,\%inst_results,\%curr_rules,
+                            \%got_rules);
+                        if (ref($alerts{'username'}) eq 'HASH') {
+                            if (ref($alerts{'username'}{$domain}) eq 'HASH') {
+                                next if ($alerts{'username'}{$domain}{$username});
+                            }
+                        }
+                    } else {
+# FIXME check if user info can be updated.   
+                    }
+                    if ($id ne '') {
+                        if (!$newuser) {
+                            my %idhash = &Apache::lonnet::idrget($domain,($username));
+                            if ($idhash{$username} ne $id) {
+                                $checkid = 1;
+                            }
+                        }
+                        if ($checkid) {
+                            my $checkhash;
+                            my $checks = { 'id' => 1 };
+                            $checkhash->{$username.':'.$domain} = { 'newuser' => $newuser,
+                                                                    'id'  => $id };
+                            &Apache::loncommon::user_rule_check($checkhash,$checks,
+                                \%alerts,\%rulematch,\%idinst_results,\%curr_rules,
+                                \%got_rules);
+                            if (ref($alerts{'id'}) eq 'HASH') {
+                                if (ref($alerts{'id'}{$domain}) eq 'HASH') {
+                                    next if ($alerts{'id'}{$domain}{$id});
+                                }
+                            }
+                        }
+                    }
                     if ($password || $env{'form.login'} eq 'loc') {
                         my ($userresult,$authresult,$roleresult);
                         if ($role eq 'st') {
@@ -2519,7 +3114,7 @@ sub upfile_drop_add {
                                     $id,$amode,$password,$fname,
                                     $mname,$lname,$gen,$sec,
                                     $env{'form.forceid'},$desiredhost,
-                                    $email,$role,$enddate,$startdate);
+                                    $email,$role,$enddate,$startdate,$checkid);
                         }
                         $flushc = 
                             &user_change_result($r,$userresult,$authresult,
@@ -2530,7 +3125,7 @@ sub upfile_drop_add {
                             $r->print('<br />'. 
       &mt('<b>[_1]</b>: Unable to enroll.  No password specified.',$username)
                                      );
-                        } elsif ($context eq 'construction_space') {
+                        } elsif ($context eq 'author') {
                             $r->print('<br />'.
       &mt('<b>[_1]</b>: Unable to add co-author.  No password specified.',$username)
                                      );
@@ -2544,9 +3139,7 @@ sub upfile_drop_add {
             }
         } # end of foreach (@userdata)
         # Flush the course logs so reverse user roles immediately updated
-        if ($context eq 'course' || ($context eq 'domain' && $setting eq 'course')) {
-            &Apache::lonnet::flushcourselogs();
-        }
+        &Apache::lonnet::flushcourselogs();
         $r->print("</p>\n<p>\n".&mt('Processed [_1] user(s).',$counts{'user'}).
                   "</p>\n");
         if ($counts{'role'} > 0) {
@@ -2558,6 +3151,7 @@ sub upfile_drop_add {
                       &mt('Authentication changed for [_1] existing users.',
                           $counts{'auth'})."</p>\n");
         }
+        $r->print(&print_namespacing_alerts($domain,\%alerts,\%curr_rules));
         $r->print('<form name="uploadresult" action="/adm/createuser">');
         $r->print(&Apache::lonhtmlcommon::echo_form_input(['phase','prevphase','currstate']));
         $r->print('</form>');
@@ -2588,6 +3182,46 @@ sub upfile_drop_add {
     } # end of unless
 }
 
+sub print_namespacing_alerts {
+    my ($domain,$alerts,$curr_rules) = @_;
+    my $output;
+    if (ref($alerts) eq 'HASH') {
+        if (keys(%{$alerts}) > 0) {
+            if (ref($alerts->{'username'}) eq 'HASH') {
+                foreach my $dom (sort(keys(%{$alerts->{'username'}}))) {
+                    my $count;
+                    if (ref($alerts->{'username'}{$dom}) eq 'HASH') {
+                        $count = keys(%{$alerts->{'username'}{$dom}});
+                    }
+                    my $domdesc = &Apache::lonnet::domain($domain,'description');
+                    if (ref($curr_rules->{$dom}) eq 'HASH') {
+                        $output .= &Apache::loncommon::instrule_disallow_msg(
+                                        'username',$domdesc,$count,'upload');
+                    }
+                    $output .= &Apache::loncommon::user_rule_formats($dom,
+                                   $domdesc,$curr_rules->{$dom}{'username'},
+                                   'username');
+                }
+            }
+            if (ref($alerts->{'id'}) eq 'HASH') {
+                foreach my $dom (sort(keys(%{$alerts->{'id'}}))) {
+                    my $count;
+                    if (ref($alerts->{'id'}{$dom}) eq 'HASH') {
+                        $count = keys(%{$alerts->{'id'}{$dom}});
+                    }
+                    my $domdesc = &Apache::lonnet::domain($domain,'description');
+                    if (ref($curr_rules->{$dom}) eq 'HASH') {
+                        $output .= &Apache::loncommon::instrule_disallow_msg(
+                                              'id',$domdesc,$count,'upload');
+                    }
+                    $output .= &Apache::loncommon::user_rule_formats($dom,
+                                    $domdesc,$curr_rules->{$dom}{'id'},'id');
+                }
+            }
+        }
+    }
+}
+
 sub user_change_result {
     my ($r,$userresult,$authresult,$roleresult,$counts,$flushc,$username,
         $userchg) = @_;
@@ -2652,36 +3286,226 @@ sub print_expire_menu {
 
 # ================================================================== Phase four
 
-sub expire_user_list {
-    my ($r,$context) = @_;
+sub update_user_list {
+    my ($r,$context,$setting,$choice) = @_;
+    my $now = time;
     my $count=0;
-    my @droplist = &Apache::loncommon::get_env_multiple('form.droplist');
-    foreach (@droplist) {
-        my ($uname,$udom)=split(/\:/,$_);
-        # drop student
-        my $result = &modifystudent($udom,$uname,$env{'request.course.id'});
+    my @changelist;
+    if ($choice ne '') {
+        @changelist = &Apache::loncommon::get_env_multiple('form.actionlist');
+    } else {
+        @changelist = &Apache::loncommon::get_env_multiple('form.droplist');
+    }
+    my %result_text = ( ok    => { 'revoke'   => 'Revoked',
+                                   'delete'   => 'Deleted',
+                                   'reenable' => 'Re-enabled',
+                                   'activate' => 'Activated', 
+                                 },
+                        error => {'revoke'    => 'revoking',
+                                  'delete'    => 'deleting',
+                                  'reenable'  => 're-enabling',
+                                  'activate'  => 'activating',
+                                 },
+                      );
+    my ($startdate,$enddate);
+    if ($choice eq 'chgdates' || $choice eq 'reenable' || $choice eq 'activate') {
+        ($startdate,$enddate) = &get_dates_from_form();
+    }
+    foreach my $item (@changelist) {
+        my ($role,$uname,$udom,$cid,$sec,$scope,$result,$type,$locktype,@sections,
+            $scopestem);
+        if ($context eq 'course') {
+            ($uname,$udom,$role,$sec,$type,$locktype) = split(/\:/,$item,-1);
+            $cid = $env{'request.course.id'};
+            $scopestem = '/'.$cid;
+            $scopestem =~s/\_/\//g;
+            if ($sec eq '') {
+                $scope = $scopestem;
+            } else {
+                $scope = $scopestem.'/'.$sec;
+            }
+        } elsif ($context eq 'author') {
+            ($uname,$udom,$role) = split(/\:/,$item,-1);
+            $scope = '/'.$env{'user.domain'}.'/'.$env{'user.name'};
+        } elsif ($context eq 'domain') {
+            if ($setting eq 'domain') {
+                ($role,$uname,$udom) = split(/\:/,$item,-1);
+                $scope = '/'.$env{'request.role.domain'}.'/';
+            } elsif ($setting eq 'author') { 
+                ($uname,$udom,$role,$scope) = split(/\:/,$item);
+            } elsif ($setting eq 'course') {
+                ($uname,$udom,$role,$cid,$sec,$type,$locktype) = 
+                    split(/\:/,$item);
+                $scope = '/'.$cid;
+                $scope =~s/\_/\//g;
+                if ($sec ne '') {
+                    $scope .= '/'.$sec;
+                }
+            }
+        }
+        my $plrole = &Apache::lonnet::plaintext($role);
+        my ($uid,$first,$middle,$last,$gene,$sec);
+        my $start = $env{'form.'.$item.'_start'};
+        my $end = $env{'form.'.$item.'_end'};
+        # revoke or delete user role
+        if ($choice eq 'revoke') {
+            $end = $now; 
+            if ($role eq 'st') {
+                $result = 
+                    &Apache::lonnet::modify_student_enrollment($udom,$uname,undef,undef,undef,undef,undef,$sec,$end,$start,$type,$locktype,$cid);
+            } else {
+                $result = 
+                    &Apache::lonnet::revokerole($udom,$uname,$scope,$role);
+            }
+        } elsif ($choice eq 'delete') {
+            $start = -1;
+            $end = -1;
+            if ($role eq 'st') {
+# FIXME - how does role deletion affect classlist?
+                &Apache::lonnet::modify_student_enrollment($udom,$uname,undef,undef,undef,undef,undef,$sec,$end,$start,$type,$locktype,$cid);
+            } else {
+                $result =
+                    &Apache::lonnet::assignrole($udom,$uname,$scope,$role,$now,
+                                                0,1);
+             }
+        } else {
+            #reenable, activate, change access dates or change section
+            if ($choice ne 'chgsec') {
+                $start = $startdate; 
+                $end = $enddate;
+            }
+            if ($choice eq 'reenable') {
+                if ($role eq 'st') {
+                    $result = &Apache::lonnet::modify_student_enrollment($udom,$uname,undef,undef,undef,undef,undef,$sec,$end,$start,$type,$locktype,$cid);
+                } else {
+                    $result = 
+                        &Apache::lonnet::assignrole($udom,$uname,$scope,$role,$end,
+                                                    $now);
+                }
+            } elsif ($choice eq 'activate') {
+                if ($role eq 'st') {
+                    $result = &Apache::lonnet::modify_student_enrollment($udom,$uname,undef,undef,undef,undef,undef,$sec,$end,$start,$type,$locktype,$cid);
+                } else {
+                    $result = &Apache::lonnet::assignrole($udom,$uname,$scope,$role,$end,
+                                            $now);
+                }
+            } elsif ($choice eq 'chgdates') {
+                if ($role eq 'st') {
+                    $result = &Apache::lonnet::modify_student_enrollment($udom,$uname,undef,undef,undef,undef,undef,$sec,$end,$start,$type,$locktype,$cid);
+                } else {
+                    $result = &Apache::lonnet::assignrole($udom,$uname,$scope,$role,$end,
+                                                $start);
+                }
+            } elsif ($choice eq 'chgsec') {
+                my (@newsecs,$revresult,$nochg,@retained);
+                if ($role ne 'cc') {
+                    @newsecs = split(/,/,$env{'form.newsecs'});
+                }
+                # remove existing section if not to be retained.   
+                if (!$env{'form.retainsec'}) {
+                    if ($sec eq '') {
+                        if (@newsecs == 0) {
+                            $result = &mt('No change in section assignment (none)');
+                            $nochg = 1;
+                        }
+                    } else {
+                        if (!grep(/^\Q$sec\E$/,@newsecs)) {
+                            $revresult =
+                               &Apache::lonnet::revokerole($udom,$uname,$scope,$role);
+                        } else {
+                            push(@retained,$sec);
+                        }
+                    }
+                } else {
+                    push(@retained,$sec);
+                }
+                # add new sections
+                if (@newsecs == 0) {
+                    if (!$nochg) {
+                        if ($sec ne '') {
+                            if ($role eq 'st') {
+                                $result = 
+                                    &Apache::lonnet::modify_student_enrollment($udom,$uname,undef,undef,undef,undef,undef,undef,$end,$start,$type,$locktype,$cid);
+                            } else {
+                                my $newscope = $scopestem;
+                                $result = &Apache::lonnet::assignrole($udom,$uname,$newscope,$role,$end,$start);
+                            }
+                        }
+                    }
+                } else {
+                    foreach my $newsec (@newsecs) { 
+                        if (!grep(/^\Q$newsec\E$/,@retained)) {
+                            if ($role eq 'st') {
+                                $result = &Apache::lonnet::modify_student_enrollment($udom,$uname,undef,undef,undef,undef,undef,$newsec,$end,$start,$type,$locktype,$cid);
+                            } else {
+                                my $newscope = $scopestem;
+                                if ($newsec ne '') {
+                                   $newscope .= '/'.$newsec;
+                                }
+                                $result = &Apache::lonnet::assignrole($udom,$uname,
+                                                        $newscope,$role,$end,$start);
+                            }
+                        }
+                    }
+                }
+            }
+        }
         if ($result eq 'ok' || $result eq 'ok:') {
-            $r->print(&mt('Dropped [_1]',$uname.'@'.$udom).'<br>');
+            $r->print(&mt("$result_text{'ok'}{$choice} role of '[_1]' in [_2] for [_3]",
+                          $plrole,$scope,$uname.':'.$udom).'<br />');
             $count++;
         } else {
             $r->print(
-          &mt('Error dropping [_1]:[_2]',$uname.'@'.$udom,$result).
-                      '<br />');
+                &mt("Error $result_text{'error'}{$choice} [_1] in [_2] for [_3]:[_4]",
+                    $plrole,$scope,$uname.':'.$udom,$result).'<br />');
+        }
+    }
+    $r->print('<p><b>'.&mt("$result_text{'ok'}{$choice} role(s) for [quant,_1,user,users,users].",$count).'</b></p>');
+    if ($count > 0) {
+        if ($choice eq 'revoke') {
+            $r->print('<p>'.&mt('Re-enabling will re-activate data for the role.</p>'));
+        }
+        # Flush the course logs so reverse user roles immediately updated
+        &Apache::lonnet::flushcourselogs();
+    }
+    if ($env{'form.makedatesdefault'}) {
+        if ($choice eq 'chgdates' || $choice eq 'reenable' || $choice eq 'activate') {
+            $r->print(&make_dates_default($startdate,$enddate));
         }
     }
-    $r->print('<p><b>'.&mt('Dropped [_1] user(s).',$count).'</b></p>');
-    $r->print('<p>'.&mt('Re-enrollment will re-activate data.')) if ($count);
 }
 
-sub section_check_js {
-    my $groupslist;
-    my %curr_groups = &Apache::longroup::coursegroups();
-    if (%curr_groups) {
-        $groupslist = join('","',sort(keys(%curr_groups)));
+sub classlist_drop {
+    my ($scope,$uname,$udom,$now,$action) = @_;
+    my ($cdom,$cnum) = ($scope=~m{^/($match_domain)/($match_courseid)});
+    my $cid=$cdom.'_'.$cnum;
+    my $user = $uname.':'.$udom;
+    if ($action eq 'drop') {
+        if (!&active_student_roles($cnum,$cdom,$uname,$udom)) {
+            my $result =
+                &Apache::lonnet::cput('classlist',
+                                      { $user => $now },
+                                      $env{'course.'.$cid.'.domain'},
+                                      $env{'course.'.$cid.'.num'});
+            return &mt('Drop from classlist: [_1]',
+                       '<b>'.$result.'</b>').'<br />';
+        }
     }
+}
+
+sub active_student_roles {
+    my ($cnum,$cdom,$uname,$udom) = @_;
+    my %roles =
+        &Apache::lonnet::get_my_roles($uname,$udom,'userroles',
+                                      ['future','active'],['st']);
+    return exists($roles{"$cnum:$cdom:st"});
+}
+
+sub section_check_js {
+    my $groupslist= &get_groupslist();
     return <<"END";
 function validate(caller) {
-    var groups = new Array("$groupslist");
+    var groups = new Array($groupslist);
     var secname = caller.value;
     if ((secname == 'all') || (secname == 'none')) {
         alert("'"+secname+"' may not be used as the name for a section, as it is a reserved word.\\nPlease choose a different section name.");
@@ -2728,5 +3552,144 @@ sub set_login {
     return $response;
 }
 
+sub course_sections {
+    my ($sections_count,$role) = @_;
+    my $output = '';
+    my @sections = (sort {$a <=> $b} keys %{$sections_count});
+    if (scalar(@sections) == 1) {
+        $output = '<select name="currsec_'.$role.'" >'."\n".
+                  '  <option value="">Select</option>'."\n".
+                  '  <option value="">No section</option>'."\n".
+                  '  <option value="'.$sections[0].'" >'.$sections[0].'</option>'."\n";
+    } else {
+        $output = '<select name="currsec_'.$role.'" ';
+        my $multiple = 4;
+        if (scalar(@sections) < 4) { $multiple = scalar(@sections); }
+        $output .= 'multiple="multiple" size="'.$multiple.'">'."\n";
+        foreach my $sec (@sections) {
+            $output .= '<option value="'.$sec.'">'.$sec."</option>\n";
+        }
+    }
+    $output .= '</select>';
+    return $output;
+}
+
+sub get_groupslist {
+    my $groupslist;
+    my %curr_groups = &Apache::longroup::coursegroups();
+    if (%curr_groups) {
+        $groupslist = join('","',sort(keys(%curr_groups)));
+        $groupslist = '"'.$groupslist.'"';
+    }
+    return $groupslist; 
+}
+
+sub setsections_javascript {
+    my ($form,$groupslist) = @_;
+    my ($checkincluded,$finish,$roleplace,$setsection_js);
+    if ($form eq 'cu') {
+        $checkincluded = 'formname.elements[i-1].checked == true';
+        $finish = 'formname.submit()';
+        $roleplace = 3;
+    } else {
+        $checkincluded = 'formname.name == "'.$form.'"'; 
+        $finish = "seccheck = 'ok';";
+        $roleplace = 1;
+        $setsection_js = "var seccheck = 'alert';"; 
+    }
+    my %alerts = &Apache::lonlocal::texthash(
+                    secd => 'Section designations do not apply to Course Coordinator roles.',
+                    accr => 'A course coordinator role will be added with access to all sections.',
+                    inea => 'In each course, each user may only have one student role at a time.',
+                    youh => 'You had selected ',
+                    secs => 'sections.',
+                    plmo => 'Please modify your selections so they include no more than one section.',
+                    mayn => 'may not be used as the name for a section, as it is a reserved word.',
+                    plch => 'Please choose a different section name.',
+                    mnot => 'may not be used as a section name, as it is the name of a course group.',
+                    secn => 'Section names and group names must be distinct. Please choose a different section name.',
+                 );                
+    $setsection_js .= <<"ENDSECCODE";
+
+function setSections(formname) {
+    var re1 = /^currsec_/;
+    var groups = new Array($groupslist);
+    for (var i=0;i<formname.elements.length;i++) {
+        var str = formname.elements[i].name;
+        var checkcurr = str.match(re1);
+        if (checkcurr != null) {
+            if ($checkincluded) {
+                var match = str.split('_');
+                var role = match[$roleplace];
+                if (role == 'cc') {
+                    alert("$alerts{'secd'}\\n$alerts{'accr'}");
+                }
+                else {
+                    var sections = '';
+                    var numsec = 0;
+                    var sections;
+                    for (var j=0; j<formname.elements[i].length; j++) {
+                        if (formname.elements[i].options[j].selected == true ) {
+                            if (formname.elements[i].options[j].value != "") {
+                                if (numsec == 0) {
+                                    if (formname.elements[i].options[j].value != "") {
+                                        sections = formname.elements[i].options[j].value;
+                                        numsec ++;
+                                    }
+                                }
+                                else {
+                                    sections = sections + "," +  formname.elements[i].options[j].value
+                                    numsec ++;
+                                }
+                            }
+                        }
+                    }
+                    if (numsec > 0) {
+                        if (formname.elements[i+1].value != "" && formname.elements[i+1].value != null) {
+                            sections = sections + "," +  formname.elements[i+1].value;
+                        }
+                    }
+                    else {
+                        sections = formname.elements[i+1].value;
+                    }
+                    var newsecs = formname.elements[i+1].value;
+                    var numsplit;
+                    if (newsecs != null && newsecs != "") {
+                        numsplit = newsecs.split(/,/g);
+                        numsec = numsec + numsplit.length;
+                    }
+
+                    if ((role == 'st') && (numsec > 1)) {
+                        alert("$alerts{'inea'} $alerts{'youh'} "+numsec+" $alerts{'secs'}\\n$alerts{'plmo'}")
+                        return;
+                    }
+                    else {
+                        if (numsplit != null) {
+                            for (var j=0; j<numsplit.length; j++) {
+                                if ((numsplit[j] == 'all') ||
+                                    (numsplit[j] == 'none')) {
+                                    alert("'"+numsplit[j]+"' $alerts{'mayn'}\\n$alerts{'plch'}");
+                                    return;
+                                }
+                                for (var k=0; k<groups.length; k++) {
+                                    if (numsplit[j] == groups[k]) {
+                                        alert("'"+numsplit[j]+"' $alerts{'mnot'}\\n$alerts{'secn'}");
+                                        return;
+                                    }
+                                }
+                            }
+                        }
+                        formname.elements[i+2].value = sections;
+                    }
+                }
+            }
+        }
+    }
+    $finish
+}
+ENDSECCODE
+    return $setsection_js; 
+}
+
 1;