--- loncom/interface/lonuserutils.pm	2007/12/12 19:47:56	1.14
+++ loncom/interface/lonuserutils.pm	2007/12/22 00:47:25	1.23
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Utility functions for managing LON-CAPA user accounts
 #
-# $Id: lonuserutils.pm,v 1.14 2007/12/12 19:47:56 raeburn Exp $
+# $Id: lonuserutils.pm,v 1.23 2007/12/22 00:47:25 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -46,8 +46,7 @@ sub modifystudent {
     # if $csec is undefined, drop the student from all the courses matching
     # this one.  If $csec is defined, drop them from all other sections of
     # this course and add them to section $csec
-    my $cdom = $env{'course.'.$courseid.'.domain'};
-    my $cnum = $env{'course.'.$courseid.'.num'};
+    my ($cnum,$cdom) = &get_course_identity($courseid);
     my %roles = &Apache::lonnet::dump('roles',$udom,$unam);
     my ($tmp) = keys(%roles);
     # Bail out if we were unable to get the students roles
@@ -69,7 +68,8 @@ sub modifystudent {
                     my $reply=&Apache::lonnet::modifystudent
                         # dom  name  id mode pass     f     m     l     g
                         ($udom,$unam,'',  '',  '',undef,undef,undef,undef,
-                         $section,time,undef,undef,$desiredhost);
+                         $section,time,undef,undef,$desiredhost,'','manual',
+                         '',$courseid);
                     $result .= $reply.':';
                 }
             }
@@ -127,6 +127,7 @@ sub modifyuserrole {
                                     $email,$role,$start,$end);
     if ($userresult eq 'ok') {
         if ($role ne '') {
+            $role =~ s/_/\//g;
             $roleresult = &Apache::lonnet::assignrole($udom,$uname,$scope,
                                                       $role,$end,$start);
         }
@@ -146,7 +147,7 @@ sub propagate_id_change {
                 one_time => 1,
                );
     foreach my $item (keys(%roleshash)) {
-        my ($cnum,$cdom,$role) = split(/:/,$item);
+        my ($cnum,$cdom,$role) = split(/:/,$item,-1);
         my ($start,$end) = split(/:/,$roleshash{$item});
         if (&Apache::lonnet::is_course($cdom,$cnum)) {
             my $result = &update_classlist($cdom,$cnum,$udom,$uname,$user);
@@ -236,8 +237,8 @@ sub domain_roles_select {
         } elsif ($roletype eq 'author') {
             @roles = &construction_space_roles();
         } else {
-            @roles = &course_roles('domain');
-            unshift(@roles,'cr');
+            my $custom = 1;
+            @roles = &course_roles('domain',undef,$custom);
         }
         my $order = ['Any',@roles];
         $select_menus{$roletype}->{'order'} = $order; 
@@ -266,7 +267,7 @@ sub hidden_input {
 }
 
 sub print_upload_manager_header {
-    my ($r,$datatoken,$distotal,$krbdefdom,$context)=@_;
+    my ($r,$datatoken,$distotal,$krbdefdom,$context,$permission)=@_;
     my $javascript;
     #
     if (! exists($env{'form.upfile_associate'})) {
@@ -296,9 +297,14 @@ sub print_upload_manager_header {
         $password_choice = 'int';
     }
     #
+    my $groupslist;
+    if ($context eq 'course') {
+        $groupslist = &get_groupslist();
+    }
     my $javascript_validations =
-        &javascript_validations('auth',$krbdefdom,$password_choice,undef,
-                                $env{'request.role.domain'});
+        &javascript_validations('upload',$krbdefdom,$password_choice,undef,
+                                $env{'request.role.domain'},$context,
+                                $permission,$groupslist);
     my $checked=(($env{'form.noFirstLine'})?' checked="checked" ':'');
     $r->print(&mt('Total number of records found in file: <b>[_1]</b>.',$distotal).
               "<br />\n");
@@ -325,26 +331,51 @@ sub print_upload_manager_header {
 ###############################################################
 ###############################################################
 sub javascript_validations {
-    my ($mode,$krbdefdom,$curr_authtype,$curr_authfield,$domain)=@_;
-    my $authheader;
-    if ($mode eq 'auth') {
-        my %param = ( formname => 'studentform',
-                      kerb_def_dom => $krbdefdom,
-                      curr_authtype => $curr_authtype);
-        $authheader = &Apache::loncommon::authform_header(%param);
-    } elsif ($mode eq 'createcourse') {
-        my %param = ( formname => 'ccrs',
-                      kerb_def_dom => $krbdefdom,
-                      curr_authtype => $curr_authtype );
-        $authheader = &Apache::loncommon::authform_header(%param);
-    } elsif ($mode eq 'modifycourse') {
-        my %param = ( formname => 'cmod',
+    my ($mode,$krbdefdom,$curr_authtype,$curr_authfield,$domain,
+        $context,$permission,$groupslist)=@_;
+
+    my %param = (
                   kerb_def_dom => $krbdefdom,
-                  mode => 'modifycourse',
                   curr_authtype => $curr_authtype,
-                  curr_autharg => $curr_authfield );
-        $authheader = &Apache::loncommon::authform_header(%param);
+                );
+    if ($mode eq 'createuser') {
+        $param{'formname'} = 'cu';
+    } elsif ($mode eq 'upload') {
+        $param{'formname'} = 'studentform';
+    } elsif ($mode eq 'singlestudent') {
+        $param{'formname'} = 'cu';
+    } elsif ($mode eq 'createcourse') {
+        $param{'formname'} = 'ccrs';
+    } elsif ($mode eq 'modifycourse') {
+        $param{'formname'} = 'cmod';
+        $param{'mode'} = 'modifycourse',
+        $param{'curr_autharg'} = $curr_authfield;
+    }
+
+    my ($setsection_call,$setsections_js);
+    my $finish = "  vf.submit();\n";
+    if ($mode eq 'upload') {
+        if (($context eq 'course') || ($context eq 'domain')) {
+            if ($context eq 'course') {
+                if ($env{'request.course.sec'} eq '') {
+                    $setsection_call = 'setSections(document.'.$param{'formname'}.');';
+                    $setsections_js =
+                        &setsections_javascript($param{'formname'},$groupslist,
+                                                $mode);
+                } else {
+                    $setsection_call = "'ok'";
+                }
+            } elsif ($context eq 'domain') {
+                $setsection_call = 'setCourse()';
+                $setsections_js = &dc_setcourse_js($param{'formname'},$mode);
+            }
+            $finish = "  var checkSec = $setsection_call\n".
+                      "  if (checkSec == 'ok') {\n".
+                      "      vf.submit();\n".
+                      "   }\n";
+        }
     }
+    my $authheader = &Apache::loncommon::authform_header(%param);
 
     my %alert = &Apache::lonlocal::texthash
         (username => 'You need to specify the username field.',
@@ -359,8 +390,9 @@ sub javascript_validations {
          continue => 'Continue adding users?',
          );
 
-#    my $pjump_def = &Apache::lonhtmlcommon::pjump_javascript_definition();
     my $function_name =(<<END);
+$setsections_js
+
 function verify_message (vf,founduname,foundpwd,foundname,foundid,foundsec,foundemail) {
 END
     my ($authnum,%can_assign) =  &Apache::loncommon::get_assignable_auth($domain);
@@ -480,21 +512,21 @@ END
         message+= '\\n$alert{'continue'}';
         if (confirm(message)) {
             vf.state.value='enrolling';
-            vf.submit();
+            $finish
         }
     } else {
         vf.state.value='enrolling';
-        vf.submit();
+        $finish
     }
 }
 END
     }
     my $result = $function_name;
-    if ( ($mode eq 'auth') || ($mode eq 'createcourse') || ($mode eq 'modifycourse')  ) {
+    if ( ($mode eq 'upload') || ($mode eq 'createcourse') || ($mode eq 'modifycourse')  ) {
         $result .= $auth_checks;
     }
     $result .= $optional_checks."\n".$section_checks;
-    if ( ($mode eq 'auth') || ($mode eq 'createcourse') || ($mode eq 'modifycourse')  ) {
+    if ( ($mode eq 'upload') || ($mode eq 'createcourse') || ($mode eq 'modifycourse')  ) {
         $result .= $authheader;
     }
     return $result;
@@ -655,18 +687,12 @@ ENDPICK
 ###############################################################
 ###############################################################
 sub print_upload_manager_footer {
-    my ($r,$i,$keyfields,$defdom,$today,$halfyear,$context)=@_;
-    my $formname;
-    if ($context eq 'course') {
-        $formname = 'document.studentform';
-    } elsif ($context eq 'author') {
-        $formname = 'document.studentform';
-    } elsif ($context eq 'domain') {
-        $formname = 'document.studentform';
-    }
+    my ($r,$i,$keyfields,$defdom,$today,$halfyear,$context,$permission) = @_;
+    my $form = 'document.studentform';
+    my $formname = 'studentform';
     my ($krbdef,$krbdefdom) =
         &Apache::loncommon::get_kerberos_defaults($defdom);
-    my %param = ( formname => $formname,
+    my %param = ( formname => $form,
                   kerb_def_dom => $krbdefdom,
                   kerb_def_auth => $krbdef
                   );
@@ -678,8 +704,8 @@ sub print_upload_manager_footer {
     my $krbform = &Apache::loncommon::authform_kerberos(%param);
     my $intform = &Apache::loncommon::authform_internal(%param);
     my $locform = &Apache::loncommon::authform_local(%param);
-    my $date_table = &date_setting_table(undef,undef,$context);
-
+    my $date_table = &date_setting_table(undef,undef,$context,undef,
+                                         $formname,$permission);
     my $Str = "\n".'<div class="LC_left_float">';
     $Str .= &hidden_input('nfields',$i);
     $Str .= &hidden_input('keyfields',$keyfields);
@@ -720,21 +746,22 @@ sub print_upload_manager_footer {
         $Str .= '<br /><br /><b>'.&mt('Default role and/or section')."</b><br />\n".
                 &mt('Role and/or section for users without one in the uploaded file.');
     }
-    $Str .= '<br /><br />';
-    my ($options,$cb_script,$coursepick) = &default_role_selector($context,'defaultrole',1);
-    if ($context eq 'domain') {
-        $Str .= '<span class="LC_role_level">'.&mt('Domain Level').'</span><br />'.$options.'<br /><br /><span class="LC_role_level">'.&mt('Course Level').'</span><br />'.$cb_script.$coursepick;
-    } elsif ($context eq 'author') {
-        $Str .= $options;
+    $Str .= '<br />';
+    if (($context eq 'domain') || ($context eq 'author')) {
+        my ($options,$cb_script,$coursepick) = &default_role_selector($context,1);
+        if ($context eq 'domain') {
+            $Str .= '<span class="LC_role_level">'.&mt('Domain Level').'</span><br />'.$options.'<br /><br /><span class="LC_role_level">'.&mt('Course Level').'</span><br />'.$cb_script.$coursepick;
+        } elsif ($context eq 'author') {
+            $Str .= $options;
+        }
     } else {
-        $Str .= '<table><tr><td><span class="LC_nobreak"<b>'.&mt('role').':&nbsp;</b>'.
-                $options.'</span></td><td>&nbsp;</td><td><span class="LC_nobreak">'.
-                '<b>'.&mt('section').':&nbsp;</b><input type="text" name="section" value="" size="12" /></span></td></tr></table>';
-    }
-    if ($context eq 'course') {
-        $Str .= "<h3>".&mt('Full Update')."</h3>\n".
-                '<label><input type="checkbox" name="fullup" value="yes">'.
-                ' '.&mt('Full update (also print list of users not enrolled anymore)').
+        my ($cnum,$cdom) = &get_course_identity();
+        my $rowtitle = &mt('section');
+        my $secbox = &section_picker($cdom,$cnum,'Any',$rowtitle,
+                                     $permission,$context,'upload');
+        $Str .= $secbox."<h3>".&mt('Full Update')."</h3>\n".
+                '<p><label><input type="checkbox" name="fullup" value="yes">'.
+                ' '.&mt('Display students with current/future access, who are  not in the uploaded file.').'<br />'.&mt('Students selected from this list can be dropped.');
                 "</label></p>\n";
     }
     if ($context eq 'course' || $context eq 'domain') {
@@ -772,7 +799,7 @@ sub forceid_change {
 ###############################################################
 ###############################################################
 sub print_upload_manager_form {
-    my ($r,$context) = @_;
+    my ($r,$context,$permission) = @_;
     my $firstLine;
     my $datatoken;
     if (!$env{'form.datatoken'}) {
@@ -816,7 +843,8 @@ sub print_upload_manager_form {
     my ($krbdef,$krbdefdom) =
         &Apache::loncommon::get_kerberos_defaults($defdom);
     #
-    &print_upload_manager_header($r,$datatoken,$distotal,$krbdefdom,$context);
+    &print_upload_manager_header($r,$datatoken,$distotal,$krbdefdom,$context,
+                                 $permission);
     my $i;
     my $keyfields;
     if ($total>=0) {
@@ -850,11 +878,14 @@ sub print_upload_manager_form {
     }
     $r->print('</div>');
     &print_upload_manager_footer($r,$i,$keyfields,$defdom,$today,$halfyear,
-                                 $context);
+                                 $context,$permission);
 }
 
 sub setup_date_selectors {
-    my ($starttime,$endtime,$mode,$nolink) = @_;
+    my ($starttime,$endtime,$mode,$nolink,$formname) = @_;
+    if ($formname eq '') {
+        $formname = 'studentform';
+    }
     if (! defined($starttime)) {
         $starttime = time;
         unless ($mode eq 'create_enrolldates' || $mode eq 'create_defaultdates') {
@@ -877,11 +908,11 @@ sub setup_date_selectors {
     }
 
     my $startdateform = 
-        &Apache::lonhtmlcommon::date_setter('studentform','startdate',$starttime,
+        &Apache::lonhtmlcommon::date_setter($formname,'startdate',$starttime,
             undef,undef,undef,undef,undef,undef,undef,$nolink);
 
     my $enddateform = 
-        &Apache::lonhtmlcommon::date_setter('studentform','enddate',$endtime,
+        &Apache::lonhtmlcommon::date_setter($formname,'enddate',$endtime,
             undef,undef,undef,undef,undef,undef,undef,$nolink);
 
     if ($mode eq 'create_enrolldates') {
@@ -914,24 +945,27 @@ sub get_dates_from_form {
 }
 
 sub date_setting_table {
-    my ($starttime,$endtime,$mode,$bulkaction) = @_;
+    my ($starttime,$endtime,$mode,$bulkaction,$formname,$permission) = @_;
     my $nolink;
     if ($bulkaction) {
         $nolink = 1;
     }
     my ($startform,$endform) = 
-        &setup_date_selectors($starttime,$endtime,$mode,$nolink);
+        &setup_date_selectors($starttime,$endtime,$mode,$nolink,$formname);
     my $dateDefault;
     if ($mode eq 'create_enrolldates' || $mode eq 'create_defaultdates') {
         $dateDefault = '&nbsp;';
     } elsif ($mode ne 'author' && $mode ne 'domain') {
         if (($bulkaction eq 'reenable') || 
             ($bulkaction eq 'activate') || 
-            ($bulkaction eq 'chgdates')) { 
-            $dateDefault = '<span class="LC_nobreak">'.
-                '<label><input type="checkbox" name="makedatesdefault" /> '.
-                &mt('make these dates the default for future enrollment').
-                '</label></span>';
+            ($bulkaction eq 'chgdates') ||
+            ($env{'form.action'} eq 'upload')) {
+            if ($env{'request.course.sec'} eq '') {
+                $dateDefault = '<span class="LC_nobreak">'.
+                    '<label><input type="checkbox" name="makedatesdefault" /> '.
+                    &mt('make these dates the default access dates for future student enrollment').
+                    '</label></span>';
+            }
         }
     }
     my $perpetual = '<span class="LC_nobreak"><label><input type="checkbox" name="no_end_date"';
@@ -951,7 +985,7 @@ sub date_setting_table {
                                                      'LC_oddrow_value')."\n".
                $endform.'&nbsp;'.$perpetual.
                &Apache::lonhtmlcommon::row_closure(1).
-               &Apache::lonhtmlcommon::end_pick_box().'<br />';
+               &Apache::lonhtmlcommon::end_pick_box();
     if ($dateDefault) {
         $result .=  $dateDefault.'<br />'."\n";
     }
@@ -962,11 +996,10 @@ sub make_dates_default {
     my ($startdate,$enddate,$context) = @_;
     my $result = '';
     if ($context eq 'course') {
-        my $dom = $env{'course.'.$env{'request.course.id'}.'.domain'};
-        my $crs = $env{'course.'.$env{'request.course.id'}.'.num'};
+        my ($cnum,$cdom) = &get_course_identity();
         my $put_result = &Apache::lonnet::put('environment',
                 {'default_enrollment_start_date'=>$startdate,
-                 'default_enrollment_end_date'  =>$enddate},$dom,$crs);
+                 'default_enrollment_end_date'  =>$enddate},$cdom,$cnum);
         if ($put_result eq 'ok') {
             $result .= &mt('Set default start and end dates for course').
                        '<br />'."\n";
@@ -1013,33 +1046,36 @@ sub default_role_selector {
            $options .= '  <option value="'.$role.'">'.$plrole.'</option>';
         }
         my $courseform = &Apache::loncommon::selectcourse_link
-            ('studentform','defaultcourse','defaultdomain','defaultdesc',"$env{'request.role.domain'}",undef,'Course');
+            ('studentform','dccourse','dcdomain','coursedesc',"$env{'request.role.domain'}",undef,'Course');
         $cb_jscript = 
-            &Apache::loncommon::coursebrowser_javascript($env{'request.role.domain'},'defaultsec','studentform');
+            &Apache::loncommon::coursebrowser_javascript($env{'request.role.domain'},'currsec','studentform');
         $coursepick = &Apache::loncommon::start_data_table().
                       &Apache::loncommon::start_data_table_header_row().
                       '<th>'.$courseform.'</th><th>'.$lt{'rol'}.'</th>'.
                       '<th>'.$lt{'grs'}.'</th>'.
                       &Apache::loncommon::end_data_table_header_row().
                       &Apache::loncommon::start_data_table_row()."\n".
-                      '<td><input type="text" name="defaultdesc" value="" onFocus="this.blur();opencrsbrowser('."'studentform','defcourse','defdomain','coursedesc',''".')" /></td>'."\n".
+                      '<td><input type="text" name="coursedesc" value="" onFocus="this.blur();opencrsbrowser('."'studentform','dccourse','dcdomain','coursedesc',''".')" /></td>'."\n".
                       '<td><select name="courserole">'."\n".
                       &default_course_roles($context,$checkpriv,%customroles)."\n".
                       '</select></td><td>'.
                       '<table class="LC_createuser">'.
                       '<tr class="LC_section_row"><td valign"top">'.
-                      $lt{'exs'}.'<br /><select name="defaultsec">'.
+                      $lt{'exs'}.'<br /><select name="currsec">'.
                       ' <option value=""><--'.&mt('Pick course first').
                       '</select></td>'.
                       '<td>&nbsp;&nbsp;</td>'.
                       '<td valign="top">'.$lt{'new'}.'<br />'.
                       '<input type="text" name="newsec" value="" size="5" />'.
-                      '<input type="hidden" name="groups" value="" /></td>'.
-                      '</tr></table></td>'.
+                      '<input type="hidden" name="groups" value="" />'.
+                      '<input type="hidden" name="sections" value="" />'.
+                      '<input type="hidden" name="origdom" value="'.
+                      $env{'request.role.domain'}.'" />'.
+                      '<input type="hidden" name="dccourse" value="" />'.
+                      '<input type="hidden" name="dcdomain" value="" />'.
+                      '</td></tr></table></td>'.
                       &Apache::loncommon::end_data_table_row().
-                      &Apache::loncommon::end_data_table()."\n".
-                      '<input type="hidden" name="defaultcourse" value="" />'.
-                      '<input type="hidden" name="defaultdomain" value="" />';
+                      &Apache::loncommon::end_data_table()."\n";
     }
     $options .= '</select>';
     return ($options,$cb_jscript,$coursepick);
@@ -1048,17 +1084,21 @@ sub default_role_selector {
 sub default_course_roles {
     my ($context,$checkpriv,%customroles) = @_;
     my $output;
-    my @roles = &course_roles($context,$checkpriv);
+    my $custom = 1;
+    my @roles = &course_roles($context,$checkpriv,$custom);
     foreach my $role (@roles) {
-        my $plrole=&Apache::lonnet::plaintext($role);
-        $output .= '  <option value="'.$role.'">'.$plrole.'</option>';
+        if ($role ne 'cr') {
+            my $plrole=&Apache::lonnet::plaintext($role);
+            $output .= '  <option value="'.$role.'">'.$plrole.'</option>';
+        }
     }
     if (keys(%customroles) > 0) {
-        my %customroles = &my_custom_roles();
-        foreach my $cust (sort(keys(%customroles))) {
-            my $custrole='cr_cr_'.$env{'user.domain'}.
-                '_'.$env{'user.name'}.'_'.$cust;
-            $output .= '  <option value="'.$custrole.'">'.$cust.'</option>';
+        if (grep(/^cr$/,@roles)) {
+            foreach my $cust (sort(keys(%customroles))) {
+                my $custrole='cr_'.$env{'user.domain'}.
+                             '_'.$env{'user.name'}.'_'.$cust;
+                $output .= '  <option value="'.$custrole.'">'.$cust.'</option>';
+            }
         }
     }
     return $output;
@@ -1066,7 +1106,7 @@ sub default_course_roles {
 
 sub construction_space_roles {
     my ($checkpriv) = @_;
-    my @allroles = ('ca','aa');
+    my @allroles = &roles_by_context('author');
     my @roles;
     if ($checkpriv) {
         foreach my $role (@allroles) {
@@ -1082,7 +1122,7 @@ sub construction_space_roles {
 
 sub domain_roles {
     my ($checkpriv) = @_;
-    my @allroles = ('dc','li','dg','au','sc');
+    my @allroles = &roles_by_context('domain');
     my @roles;
     if ($checkpriv) {
         foreach my $role (@allroles) {
@@ -1097,8 +1137,8 @@ sub domain_roles {
 }
 
 sub course_roles {
-    my ($context,$checkpriv) = @_;
-    my @allroles = ('st','ta','ep','in','cc');
+    my ($context,$checkpriv,$custom) = @_;
+    my @allroles = &roles_by_context('course',$custom);
     my @roles;
     if ($context eq 'domain') {
         @roles = @allroles;
@@ -1109,10 +1149,10 @@ sub course_roles {
                     if (&Apache::lonnet::allowed('c'.$role,$env{'request.course.id'})) {
                         push(@roles,$role);
                     } else {
-                        if ($role ne 'cc' && $env{'request.course.section'} ne '') {
-                            if (!&Apache::lonnet::allowed('c'.$role,
+                        if ($role ne 'cc' && $env{'request.course.sec'} ne '') {
+                            if (&Apache::lonnet::allowed('c'.$role,
                                              $env{'request.course.id'}.'/'.
-                                             $env{'request.course.section'})) {
+                                             $env{'request.course.sec'})) {
                                 push(@roles,$role);
                             }
                         }
@@ -1128,17 +1168,18 @@ sub course_roles {
 
 sub curr_role_permissions {
     my ($context,$setting,$checkpriv) = @_; 
+    my $custom = 1;
     my @roles;
     if ($context eq 'author') {
         @roles = &construction_space_roles($checkpriv);
     } elsif ($context eq 'domain') {
         if ($setting eq 'course') {
-            @roles = &course_roles($context,$checkpriv); 
+            @roles = &course_roles($context,$checkpriv,$custom); 
         } else {
             @roles = &domain_roles($checkpriv);
         }
     } elsif ($context eq 'course') {
-        @roles = &course_roles($context,$checkpriv);
+        @roles = &course_roles($context,$checkpriv,$custom);
     }
     return @roles;
 }
@@ -1236,15 +1277,15 @@ sub print_userlist {
             if ($role eq $env{'form.showrole'}) {
                 $roleselected = ' selected="selected" ';
             }
-            my $plrole=&Apache::lonnet::plaintext($role);
+            my $plrole;
+            if ($role eq 'cr') {
+                $plrole = &mt('Custom role');
+            } else {
+                $plrole=&Apache::lonnet::plaintext($role);
+            }
             $role_select .= '<option value="'.$role.'"'.$roleselected.'>'.$plrole.'</option>';
         }
-        $roleselected = '';
-        if ($env{'form.showrole'} eq 'cr') {
-            $roleselected = ' selected="selected" ';
-        }
-        $role_select .= '<option value="cr"'.$roleselected.'>'.&mt('Custom role').'</option>'.
-                        '</select>';
+        $role_select .= '</select>';
         $r->print('<label>'.&mt('Role: [_1]',$role_select).'</label>');
     }
     if (!(($context eq 'domain') && ($env{'form.roletype'} eq 'course'))) {
@@ -1275,9 +1316,11 @@ sub print_userlist {
     if ($context eq 'course') {
         my $classlist = &Apache::loncoursedata::get_classlist();
         my $secidx = &Apache::loncoursedata::CL_SECTION();
+        my $viewablesec = &viewable_section($permission);
         foreach my $student (keys(%{$classlist})) {
-            if (exists($permission->{'view_section'})) {
-                if ($classlist->{$student}[$secidx] ne $permission->{'view_section'}) {
+            my $section = $classlist->{$student}[$secidx];
+            if ($viewablesec ne '') {
+                if ($section ne $viewablesec) {
                     next;
                 } else {
                     $userlist{$student} = $classlist->{$student};
@@ -1286,24 +1329,24 @@ sub print_userlist {
                 $userlist{$student} = $classlist->{$student};
             }
         }
-        my $cid =$env{'request.course.id'};
-        my $cdom=$env{'course.'.$cid.'.domain'};
-        my $cnum=$env{'course.'.$cid.'.num'};
+        my $cid = $env{'request.course.id'};
+        my ($cnum,$cdom) = &get_course_identity($cid);
         my $showroles;
         if ($env{'form.showrole'} ne 'Any') {
             $showroles = [$env{'form.showrole'}];
         } else {
             $showroles = undef;
         }
+        my $withsec = 1;
         my %advrolehash = &Apache::lonnet::get_my_roles($cnum,$cdom,undef,
-                                                        \@statuses,$showroles);
+                                    \@statuses,$showroles,undef,$withsec);
         &gather_userinfo($context,$format,\%userlist,$indexhash,\%userinfo,
                          \%advrolehash,$permission);
     } else {
         my (%cstr_roles,%dom_roles);
         if ($context eq 'author') {
             # List co-authors and assistant co-authors
-            my @possroles = ('ca','aa');
+            my @possroles = &roles_by_context($context);
             %cstr_roles = &Apache::lonnet::get_my_roles(undef,undef,undef,
                                               \@statuses,\@possroles);
             &gather_userinfo($context,$format,\%userlist,$indexhash,\%userinfo,
@@ -1328,12 +1371,12 @@ sub print_userlist {
                         } else {
                             my @possroles;
                             if ($env{'form.showrole'} eq 'Any') {
-                                @possroles = ('ca','aa');
+                                @possroles = &roles_by_context('author');
                             } else {
                                 @possroles = ($env{'form.showrole'}); 
                             }
                             foreach my $author (sort(keys(%{$dom_roles{$key}}))) {
-                                my ($role,$authorname,$authordom) = split(/:/,$author);
+                                my ($role,$authorname,$authordom) = split(/:/,$author,-1);
                                 my $extent = '/'.$authordom.'/'.$authorname;
                                 %{$coauthors{$extent}} =
                                     &Apache::lonnet::get_my_roles($authorname,
@@ -1349,17 +1392,13 @@ sub print_userlist {
                     my %courses = &process_coursepick();
                     my %allusers; 
                     foreach my $cid (keys(%courses)) {
-                        my %coursehash =
-                            &Apache::lonnet::coursedescription($cid,{'one_time' => 1});
-                        my $cdom = $coursehash{'domain'};
-                        my $cnum = $coursehash{'num'};
+                        my ($cnum,$cdom,$cdesc) = &get_course_identity($cid);
                         next if ($cnum eq '' || $cdom eq '');
-                        my $cdesc = $coursehash{'description'};
+                        my $custom = 1;
                         my (@roles,@sections,%access,%users,%userdata,
                             %statushash);
                         if ($env{'form.showrole'} eq 'Any') {
-                            @roles = &course_roles($context);
-                            unshift(@roles,'cr');
+                            @roles = &course_roles($context,undef,$custom);
                         } else {
                             @roles = ($env{'form.showrole'});
                         }
@@ -1435,13 +1474,21 @@ sub list_submit_button {
 sub gather_userinfo {
     my ($context,$format,$userlist,$indexhash,$userinfo,$rolehash,$permission) = @_;
     foreach my $item (keys(%{$rolehash})) {
-        @{$userlist->{$item}} = ();
         my %userdata;
-        if ($context eq 'author' || $context eq 'course') { 
+        if ($context eq 'author') { 
             ($userdata{'username'},$userdata{'domain'},$userdata{'role'}) =
                 split(/:/,$item);
             ($userdata{'start'},$userdata{'end'})=split(/:/,$rolehash->{$item});
             &build_user_record(\%userdata,$userinfo,$indexhash,$item,$userlist);
+        } elsif ($context eq 'course') {
+            my $viewablesec = &viewable_section($permission);
+            ($userdata{'username'},$userdata{'domain'},$userdata{'role'},
+             $userdata{'section'}) = split(/:/,$item,-1);
+            ($userdata{'start'},$userdata{'end'})=split(/:/,$rolehash->{$item});
+            if (($viewablesec ne '') && ($userdata{'section'} ne '')) {
+                next if ($viewablesec ne $userdata{'section'});
+            }
+            &build_user_record(\%userdata,$userinfo,$indexhash,$item,$userlist);
         } elsif ($context eq 'domain') {
             if ($env{'form.roletype'} eq 'domain') {
                 ($userdata{'role'},$userdata{'username'},$userdata{'domain'}) =
@@ -1471,13 +1518,14 @@ sub gather_userinfo {
                             my $space = ', ';
                             if ($format eq 'html' || $format eq 'view') {
                                 $spanstart = '<span class="LC_nobreak">';
-                                if ($permission->{'cusr'}) {
-                                    if ($numcids > 1) {
-                                        $spanstart .= '<input type="radio" name="'.$item.'" value="'.$cid.'" &nbsp; />';
-                                    } else {
-                                        $spanstart .= '<input type="hidden" name="'.$item.'" value="'.$cid.'" &nbsp; />';
-                                    }
-                                }
+                                # FIXME: actions on courses disabled for now
+#                                if ($permission->{'cusr'}) {
+#                                    if ($numcids > 1) {
+#                                        $spanstart .= '<input type="radio" name="'.$item.'" value="'.$cid.'" &nbsp; />';
+#                                    } else {
+#                                        $spanstart .= '<input type="hidden" name="'.$item.'" value="'.$cid.'" &nbsp; />';
+#                                    }
+#                                }
                                 $spanend = '</span><br />';
                                 $space = ',&nbsp;';
                             }
@@ -1756,24 +1804,26 @@ sub show_users_list {
     if (!grep(/^\Q$sortby\E$/,@sortable)) {
         $sortby = 'username';
     }
-    my $setting = $env{'form.roleaction'};
+    my $setting = $env{'form.roletype'};
     my ($cid,$cdom,$cnum,$classgroups,$displayphotos,$displayclickers);
     if ($context eq 'course') {
-        $cid=$env{'request.course.id'};
-        $cdom = $env{'course.'.$cid.'.domain'};
-        $cnum = $env{'course.'.$cid.'.num'};
+        $cid = $env{'request.course.id'};
+        ($cnum,$cdom) = &get_course_identity($cid);
         ($classgroups) = &Apache::loncoursedata::get_group_memberships(
                                      $userlist,$keylist,$cdom,$cnum);
-        if (! exists($env{'form.displayphotos'})) {
-            $env{'form.displayphotos'} = 'off';
-        }
-        $displayphotos = $env{'form.displayphotos'};
-        if (! exists($env{'form.displayclickers'})) {
-            $env{'form.displayclickers'} = 'off';
-        }
-        $displayclickers = $env{'form.displayclickers'};
-        if ($env{'course.'.$cid.'.internal.showphoto'}) {
-            $r->print('
+        if ($mode eq 'autoenroll') {
+            $env{'form.showrole'} = 'st';
+        } else {
+            if (! exists($env{'form.displayphotos'})) {
+                $env{'form.displayphotos'} = 'off';
+            }
+            $displayphotos = $env{'form.displayphotos'};
+            if (! exists($env{'form.displayclickers'})) {
+                $env{'form.displayclickers'} = 'off';
+            }
+            $displayclickers = $env{'form.displayclickers'};
+            if ($env{'course.'.$cid.'.internal.showphoto'}) {
+                $r->print('
 <script type="text/javascript">
 function photowindow(photolink) {
     var title = "Photo_Viewer";
@@ -1783,14 +1833,15 @@ function photowindow(photolink) {
     stdeditbrowser.focus();
 }
 </script>
-           ');
-        }
-        $r->print(<<END);
+               ');
+            }
+            $r->print(<<END);
 <input type="hidden" name="displayphotos" value="$displayphotos" />
 <input type="hidden" name="displayclickers" value="$displayclickers" />
 END
+        }
     }
-    unless ($mode eq 'autoenroll') {
+    if ($mode ne 'autoenroll') {
         my $check_uncheck_js = &Apache::loncommon::check_uncheck_jscript();
         my $alert = &mt("You must select at least one user by checking a user's 'Select' checkbox");
         my $singconfirm = &mt(' for a single user');
@@ -1919,49 +1970,52 @@ END
     } elsif ($env{'form.showrole'} ne 'Any') {
         $rolefilter = &Apache::lonnet::plaintext($env{'form.showrole'});
     }
-    my $results_description = &results_header_row($rolefilter,$statusmode,
-                                                  $context);
-    $r->print('<b>'.$results_description.'</b><br />');
+    my $results_description;
+    if ($mode ne 'autoenroll') {
+        $results_description = &results_header_row($rolefilter,$statusmode,
+                                                   $context,$permission);
+        $r->print('<b>'.$results_description.'</b><br />');
+    }
     my ($output,$actionselect);
-    if ($mode eq 'html' || $mode eq 'view') {
-        if ($permission->{'cusr'}) {
-            $actionselect = &select_actions($context,$setting,$statusmode);
-        }
-        $r->print(<<END);
+    if ($mode eq 'html' || $mode eq 'view' || $mode eq 'autoenroll') {
+        if ($mode ne 'autoenroll') {
+            if ($permission->{'cusr'}) {
+                $actionselect = &select_actions($context,$setting,$statusmode);
+            }
+            $r->print(<<END);
 <input type="hidden" name="srchby"  value="uname" />
 <input type="hidden" name="srchin"   value="dom" />
 <input type="hidden" name="srchtype" value="exact" />
 <input type="hidden" name="srchterm" value="" />
 <input type="hidden" name="srchdomain" value="" /> 
 END
-         if ($mode ne 'autoenroll') {
-             $output = '<p>';
-             my @linkdests = ('aboutme');
-             if ($permission->{'cusr'}) {
-                 push (@linkdests,'modify');
-                 $output .= '<span class="LC_nobreak">'.$lt{'link'}.':&nbsp;';
-                 my $usernamelink = $env{'form.usernamelink'};
-                 if ($usernamelink eq '') {
-                     $usernamelink = 'aboutme';
-                 }
-                 foreach my $item (@linkdests) {
-                     my $checkedstr = '';
-                     if ($item eq $usernamelink) {
-                         $checkedstr = ' checked="checked" ';
-                     }
-                     $output .= '<label><input type="radio" name="usernamelink" value="'.$item.'"'.$checkedstr.'>&nbsp;'.$lt{$item}.'</label>&nbsp;&nbsp;';
-                 }
-                 $output .= '</span><br />';
-             } else {
-                 $output .= &mt("Click on a username to view the user's personal page.").'<br />';
-             }
-             if ($actionselect) {
-                 $output .= <<"END"; 
+            $output = '<p>';
+            my @linkdests = ('aboutme');
+            if ($permission->{'cusr'}) {
+                push (@linkdests,'modify');
+                $output .= '<span class="LC_nobreak">'.$lt{'link'}.':&nbsp;';
+                my $usernamelink = $env{'form.usernamelink'};
+                if ($usernamelink eq '') {
+                    $usernamelink = 'aboutme';
+                }
+                foreach my $item (@linkdests) {
+                    my $checkedstr = '';
+                    if ($item eq $usernamelink) {
+                        $checkedstr = ' checked="checked" ';
+                    }
+                    $output .= '<label><input type="radio" name="usernamelink" value="'.$item.'"'.$checkedstr.'>&nbsp;'.$lt{$item}.'</label>&nbsp;&nbsp;';
+                }
+                $output .= '</span><br />';
+            } else {
+                $output .= &mt("Click on a username to view the user's personal page.").'<br />';
+            }
+            if ($actionselect) {
+                $output .= <<"END"; 
 $lt{'ac'}:&nbsp;$actionselect <input type="button" value="$lt{'pr'}" onclick="javascript:verify_action(document.studentform.actionlist)" /></p>
 <p><input type="button" value="$lt{'ca'}" onclick="javascript:checkAll(document.studentform.actionlist)" /> &nbsp;
 <input type="button" value="$lt{'ua'}" onclick="javascript:uncheckAll(document.studentform.actionlist)" />
 END
-             }
+            }
         }
         $output .= "\n<p>\n".
                   &Apache::loncommon::start_data_table().
@@ -1980,7 +2034,7 @@ END
             $output .= "<th><a href=\"javascript:document.studentform.sortby.value='$item';document.studentform.submit();\">$lt{$item}</a></th>\n";
         }
         my %role_types = &role_type_names();
-        if ($context eq 'course') {
+        if ($context eq 'course' && $mode ne 'autoenroll') {
             if ($env{'form.showrole'} eq 'st' || $env{'form.showrole'} eq 'Any') {
                 # Clicker display on or off?
                 my %clicker_options = &Apache::lonlocal::texthash(
@@ -2014,8 +2068,8 @@ END
                       '    </th>'."\n";
                 }
             }
-            $output .= &Apache::loncommon::end_data_table_header_row();
         }
+        $output .= &Apache::loncommon::end_data_table_header_row();
 # Done with the HTML header line
     } elsif ($mode eq 'csv') {
         #
@@ -2151,32 +2205,54 @@ END
         }
         if ($mode eq 'view' || $mode eq 'html' || $mode eq 'autoenroll') {
             $r->print(&Apache::loncommon::start_data_table_row());
-            $r->print("<td>$rowcount</td>\n");
             my $checkval;
-            if ($mode ne 'autoenroll' && $actionselect) {
-                $checkval = $user; 
-                if ($context eq 'course') {
-                    if ($role eq 'st') {
-                        $checkval .= ':st';
-                    }
-                    $checkval .= ':'.$in{'section'};
-                    if ($role eq 'st') {
-                        $checkval .= ':'.$in{'type'}.':'.$in{'lockedtype'};
+            if ($mode eq 'autoenroll') {
+                my $cellentry;
+                if ($in{'type'} eq 'auto') {
+                    $cellentry = '<b>'.&mt('auto').'</b>&nbsp;<label><input type="checkbox" name="chgauto" value="'.$in{'username'}.':'.$in{'domain'}.'" />&nbsp;Change</label>';
+                    $autocount ++;
+                } else {
+                    $cellentry = '<table border="0" cellspacing="0"><tr><td rowspan="2"><b>'.&mt('manual').'</b></td><td><nobr><label><input type="checkbox" name="chgmanual" value="'.$in{'username'}.':'.$in{'domain'}.'" />&nbsp;Change</label></nobr></td></tr><tr><td><nobr>';
+                    $manualcount ++;
+                    if ($in{'lockedtype'}) {
+                        $cellentry .= '<label><input type="checkbox" name="unlockchg" value="'.$in{'username'}.':'.$in{'domain'}.'" />&nbsp;'.&mt('Unlock').'</label>';
+                        $unlockcount ++;
+                    } else {
+                        $cellentry .= '<label><input type="checkbox" name="lockchg" value="'.$in{'username'}.':'.$in{'domain'}.'" />&nbsp;'.&mt('Lock').'</label>';
+                        $lockcount ++;
+                    }
+                    $cellentry .= '</nobr></td></tr></table>';
+                }
+                $r->print("<td>$cellentry</td>\n");
+            } else {
+                $r->print("<td>$rowcount</td>\n");
+                $checkval;
+                if ($actionselect) {
+                    $checkval = $user; 
+                    if ($context eq 'course') {
+                        if ($role eq 'st') {
+                            $checkval .= ':st';
+                        }
+                        $checkval .= ':'.$in{'section'};
+                        if ($role eq 'st') {
+                            $checkval .= ':'.$in{'type'}.':'.$in{'lockedtype'};
+                        }
                     }
+                    $r->print('<td><input type="checkbox" name="actionlist" value="'.
+                              $checkval.'"></td>');
                 }
-                $r->print('<td><input type="checkbox" name="actionlist" value="'.
-                          $checkval.'"></td>');
             }
             foreach my $item (@cols) {
                 if ($item eq 'username') {
-                    $r->print('<td>'.&print_username_link($permission,\%in).'</td>');
-                } elsif (($item eq 'start' || $item eq 'end') && ($mode ne 'autoeroll') && ($actionselect)) {
+                    $r->print('<td>'.&print_username_link($mode,$permission,
+                                                          \%in).'</td>');
+                } elsif (($item eq 'start' || $item eq 'end') && ($actionselect)) {
                     $r->print('<td>'.$in{$item}.'<input type="hidden" name="'.$checkval.'_'.$item.'" value="'.$sdata->[$index{$item}].'" /></td>'."\n");
                 } else {
                     $r->print('<td>'.$in{$item}.'</td>'."\n");
                 }
             }
-            if ($context eq 'course') {
+            if (($context eq 'course') && ($mode ne 'autoenroll')) {
                 if ($env{'form.showrole'} eq 'st' || $env{'form.showrole'} eq 'Any') {
                     if ($displayclickers eq 'on') {
                         my $clickers =
@@ -2256,9 +2332,11 @@ END
 }
 
 sub print_username_link {
-    my ($permission,$in) = @_;
+    my ($mode,$permission,$in) = @_;
     my $output;
-    if (!$permission->{'cusr'}) {
+    if ($mode eq 'autoenroll') {
+        $output = $in->{'username'};
+    } elsif (!$permission->{'cusr'}) {
         $output = &Apache::loncommon::aboutmewrapper($in->{'username'},
                                                      $in->{'username'},
                                                      $in->{'domain'});
@@ -2290,6 +2368,10 @@ sub select_actions {
                 chgsec   => "Change section associated with user roles",
     );
     my ($output,$options,%choices);
+    # FIXME Disable actions for now for roletype=course in domain context
+    if ($context eq 'domain' && $setting eq 'course') {
+        return;
+    }
     if ($statusmode eq 'Any') {
         $options .= '
 <option value="chgdates">'.$lt{'chgdates'}.'</option>';
@@ -2395,7 +2477,7 @@ ENDTWO
 }
 
 sub date_section_selector {
-    my ($context) = @_;
+    my ($context,$permission) = @_;
     my $callingform = $env{'form.callingform'};
     my $formname = 'dateselect';  
     my $groupslist = &get_groupslist();
@@ -2474,14 +2556,14 @@ END
             $starttime = time;
         }
         $date_items = &date_setting_table($starttime,undef,$context,
-                                          $env{'form.bulkaction'});
+                                          $env{'form.bulkaction'},$formname,
+                                          $permission);
     }
     $output .= '<h3>'.$headertext.'</h3>'.
                '<form name="'.$formname.'" method="post">'."\n".
                 $date_items;
     if ($context eq 'course' && $env{'form.bulkaction'} eq 'chgsec') {
-        my $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'};
-        my $cnum = $env{'course.'.$env{'request.course.id'}.'.num'};
+        my ($cnum,$cdom) = &get_course_identity();
         my %sections_count =
             &Apache::loncommon::get_sections($cdom,$cnum);
         my $info;
@@ -2509,17 +2591,8 @@ END
             $info = '<input type="hidden" name="retainsec" value="0" />'; 
         }
         my $sections_select .= &course_sections(\%sections_count,$env{'form.showrole'});
-        my $secbox = '<p>'.&Apache::lonhtmlcommon::start_pick_box()."\n".
-                     &Apache::lonhtmlcommon::row_title(&mt('New section to assign'),'LC_oddrow_value')."\n".
-                     '<table class="LC_createuser"><tr class="LC_section_row">'."\n".
-                     '<td align="center">'.&mt('Existing sections')."\n".
-                     '<br />'.$sections_select.'</td><td align="center">'.
-                     &mt('New section').'<br />'."\n".
-                     '<input type="text" name="newsec" size="15" />'."\n".
-                     '<input type="hidden" name="sections" value="" />'."\n".
-                     '</td></tr></table>'."\n".
-                     &Apache::lonhtmlcommon::row_closure(1)."\n".
-                     &Apache::lonhtmlcommon::end_pick_box().'</p>';
+        my $rowtitle = &mt('New section to assign');
+        my $secbox = &section_picker($cdom,$cnum,$env{'form.showrole'},$rowtitle,$permission,$context);
         $output .= $info.$secbox;
     }
     $output .= '<p>'.
@@ -2529,8 +2602,38 @@ END
     return $output;
 }
 
+sub section_picker {
+    my ($cdom,$cnum,$role,$rowtitle,$permission,$context,$mode) = @_;
+    my %sections_count = &Apache::loncommon::get_sections($cdom,$cnum);
+    my $sections_select .= &course_sections(\%sections_count,$role);
+    my $secbox = '<p>'.&Apache::lonhtmlcommon::start_pick_box()."\n";
+    if ($mode eq 'upload') {
+        my ($options,$cb_script,$coursepick) =
+            &default_role_selector($context,1);
+        $secbox .= &Apache::lonhtmlcommon::row_title('role','LC_oddrow_value').
+                   $options. &Apache::lonhtmlcommon::row_closure(1)."\n";
+    }
+    $secbox .= &Apache::lonhtmlcommon::row_title($rowtitle,'LC_oddrow_value')."\n";
+    if ($env{'request.course.sec'} eq '') {
+        $secbox .= '<table class="LC_createuser"><tr class="LC_section_row">'."\n".
+                   '<td align="center">'.&mt('Existing sections')."\n".
+                   '<br />'.$sections_select.'</td><td align="center">'.
+                   &mt('New section').'<br />'."\n".
+                   '<input type="text" name="newsec" size="15" />'."\n".
+                   '<input type="hidden" name="sections" value="" />'."\n".
+                   '</td></tr></table>'."\n";
+    } else {
+       $secbox .= '<input type="hidden" name="sections" value="'.
+                   $env{'request.course.sec'}.'" />'.
+                   $env{'request.course.sec'};
+    }
+    $secbox .= &Apache::lonhtmlcommon::row_closure(1)."\n".
+               &Apache::lonhtmlcommon::end_pick_box().'</p>';
+    return $secbox;
+}
+
 sub results_header_row {
-    my ($rolefilter,$statusmode,$context) = @_;
+    my ($rolefilter,$statusmode,$context,$permission) = @_;
     my ($description,$showfilter);
     if ($rolefilter ne 'Any') {
         $showfilter = $rolefilter;
@@ -2550,6 +2653,13 @@ sub results_header_row {
                 $description .= &mt('All users in course with [_1] roles',$rolefilter);
             }
         }
+        if (exists($permission->{'view_section'})) {
+            if ($env{'form.showrole'} eq 'st') {
+                $description .= ' '.&mt('(section [_1] only)',$permission->{'view_section'});
+            } elsif ($env{'form.showrole'} eq 'any') {
+                $description .= ' '.&mt('(section [_1] only)',$permission->{'view_section'});
+            }
+        }
     } elsif ($context eq 'author') {
         $description = 
             &mt('Author space for <span class="LC_cusr_emph">[_1]</span>',
@@ -2629,12 +2739,27 @@ sub results_header_row {
     }
     return $description;
 }
+
+sub viewable_section {
+    my ($permission) = @_;
+    my $viewablesec;
+    if (ref($permission) eq 'HASH') {
+        if (exists($permission->{'view_section'})) {
+            $viewablesec = $permission->{'view_section'};
+        } elsif (exists($permission->{'cusr_section'})) {
+            $viewablesec = $permission->{'cusr_section'};
+        }
+    }
+    return $viewablesec;
+}
+
     
 #################################################
 #################################################
 sub show_drop_list {
-    my ($r,$classlist,$keylist,$nosort)=@_;
+    my ($r,$classlist,$keylist,$nosort,$permission)=@_;
     my $cid=$env{'request.course.id'};
+    my ($cnum,$cdom) = &get_course_identity($cid);
     if (! exists($env{'form.sortby'})) {
         &Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'},
                                                 ['sortby']);
@@ -2643,26 +2768,17 @@ sub show_drop_list {
     if ($sortby !~ /^(username|domain|section|groups|fullname|id|start|end)$/) {
         $sortby = 'username';
     }
-    my $cdom = $env{'course.'.$cid.'.domain'};
-    my $cnum = $env{'course.'.$cid,'.num'};
     my ($classgroups) = &Apache::loncoursedata::get_group_memberships(
                                               $classlist,$keylist,$cdom,$cnum);
     #
     my $action = "drop";
+    my $check_uncheck_js = &Apache::loncommon::check_uncheck_jscript();
     $r->print(<<END);
 <input type="hidden" name="sortby" value="$sortby" />
 <input type="hidden" name="action" value="$action" />
 <input type="hidden" name="state"  value="done" />
-<script>
-function checkAll(field) {
-    for (i = 0; i < field.length; i++)
-        field[i].checked = true ;
-}
-
-function uncheckAll(field) {
-    for (i = 0; i < field.length; i++)
-        field[i].checked = false ;
-}
+<script type="text/javascript" language="Javascript">
+$check_uncheck_js
 </script>
 <p>
 <input type="hidden" name="phase" value="four">
@@ -2677,9 +2793,9 @@ my %lt=&Apache::lonlocal::texthash('usrn
                                    'groups' => "active groups",
                                    );
     if ($nosort) {
-        $r->print(&Apache::loncommon::start_data_table());
+        $r->print(&Apache::loncommon::start_data_table().
+                  &Apache::loncommon::start_data_table_header_row());
         $r->print(<<END);
-<tr>
     <th>&nbsp;</th>
     <th>$lt{'usrn'}</th>
     <th>$lt{'dom'}</th>
@@ -2689,32 +2805,32 @@ my %lt=&Apache::lonlocal::texthash('usrn
     <th>$lt{'start'}</th>
     <th>$lt{'end'}</th>
     <th>$lt{'groups'}</th>
-</tr>
 END
-
+        $r->print(&Apache::loncommon::end_data_table_header_row());
     } else  {
-        $r->print(&Apache::loncommon::start_data_table());
+        $r->print(&Apache::loncommon::start_data_table().
+                  &Apache::loncommon::start_data_table_header_row());
         $r->print(<<END);
-<tr><th>&nbsp;</th>
+    <th>&nbsp;</th>
     <th>
-       <a href="/adm/dropadd?action=$action&sortby=username">$lt{'usrn'}</a>
+       <a href="/adm/createuser?action=$action&sortby=username">$lt{'usrn'}</a>
     </th><th>
-       <a href="/adm/dropadd?action=$action&sortby=domain">$lt{'dom'}</a>
+       <a href="/adm/createuser?action=$action&sortby=domain">$lt{'dom'}</a>
     </th><th>
-       <a href="/adm/dropadd?action=$action&sortby=id">ID</a>
+       <a href="/adm/createuser?action=$action&sortby=id">ID</a>
     </th><th>
-       <a href="/adm/dropadd?action=$action&sortby=fullname">$lt{'sn'}</a>
+       <a href="/adm/createuser?action=$action&sortby=fullname">$lt{'sn'}</a>
     </th><th>
-       <a href="/adm/dropadd?action=$action&sortby=section">$lt{'sec'}</a>
+       <a href="/adm/createuser?action=$action&sortby=section">$lt{'sec'}</a>
     </th><th>
-       <a href="/adm/dropadd?action=$action&sortby=start">$lt{'start'}</a>
+       <a href="/adm/createuser?action=$action&sortby=start">$lt{'start'}</a>
     </th><th>
-       <a href="/adm/dropadd?action=$action&sortby=end">$lt{'end'}</a>
+       <a href="/adm/createuser?action=$action&sortby=end">$lt{'end'}</a>
     </th><th>
-       <a href="/adm/dropadd?action=$action&sortby=groups">$lt{'groups'}</a>
+       <a href="/adm/createuser?action=$action&sortby=groups">$lt{'groups'}</a>
     </th>
-</tr>
 END
+        $r->print(&Apache::loncommon::end_data_table_header_row());
     }
     #
     # Sort the students
@@ -2761,6 +2877,13 @@ END
         }
         my $status   = $sdata->[$index{'status'}];
         next if ($status ne 'Active');
+        if ($env{'request.course.sec'} ne '') {
+            if ($section ne $env{'request.course.sec'}) {
+                next;
+            }
+        }
+        my $studentkey = $student.':'.$section;
+        my $startitem = '<input type="hidden" name="'.$studentkey.'_start" value="'.$sdata->[$index{'start'}].'" />';
         #
         $r->print(&Apache::loncommon::start_data_table_row());
         $r->print(<<"END");
@@ -2820,7 +2943,7 @@ sub print_first_users_upload_form {
 
 # ================================================= Drop/Add from uploaded file
 sub upfile_drop_add {
-    my ($r,$context) = @_;
+    my ($r,$context,$permission) = @_;
     &Apache::loncommon::load_tmp_file($r);
     my @userdata=&Apache::loncommon::upfile_record_sep();
     if($env{'form.noFirstLine'}){shift(@userdata);}
@@ -3271,9 +3394,10 @@ sub user_change_result {
 }
 
 # ========================================================= Menu Phase Two Drop
-sub print_expire_menu {
-    my ($r,$context) = @_;
-    $r->print("<h3>".&mt("Expire Users' Roles")."</h3>");
+sub print_drop_menu {
+    my ($r,$context,$permission) = @_;
+    $r->print('<h3>'.&mt("Drop Students").'</h3>'."\n".
+              '<form name="studentform" method="post">'."\n");
     my $cid=$env{'request.course.id'};
     my ($classlist,$keylist) = &Apache::loncoursedata::get_classlist();
     if (! defined($classlist)) {
@@ -3281,11 +3405,11 @@ sub print_expire_menu {
         return;
     }
     # Print out the available choices
-    &show_drop_list($r,$classlist,$keylist);
+    &show_drop_list($r,$classlist,$keylist,$permission);
+    $r->print('</form>'. &Apache::loncommon::end_page());
     return;
 }
 
-
 # ================================================================== Phase four
 
 sub update_user_list {
@@ -3301,12 +3425,18 @@ sub update_user_list {
     my %result_text = ( ok    => { 'revoke'   => 'Revoked',
                                    'delete'   => 'Deleted',
                                    'reenable' => 'Re-enabled',
-                                   'activate' => 'Activated', 
+                                   'activate' => 'Activated',
+                                   'chgdates' => 'Changed Access Dates for',
+                                   'chgsec'   => 'Changed section for',
+                                   'drop'     => 'Dropped',
                                  },
                         error => {'revoke'    => 'revoking',
                                   'delete'    => 'deleting',
                                   'reenable'  => 're-enabling',
                                   'activate'  => 'activating',
+                                  'chgdates'  => 'changing access dates for',
+                                  'chgsec'    => 'changing section for',
+                                  'drop'      => 'dropping',
                                  },
                       );
     my ($startdate,$enddate);
@@ -3316,7 +3446,18 @@ sub update_user_list {
     foreach my $item (@changelist) {
         my ($role,$uname,$udom,$cid,$sec,$scope,$result,$type,$locktype,@sections,
             $scopestem);
-        if ($context eq 'course') {
+        if ($choice eq 'drop') {
+            ($uname,$udom,$sec) = split(/:/,$item,-1);
+            $role = 'st';
+            $cid = $env{'request.course.id'};
+            $scopestem = '/'.$cid;
+            $scopestem =~s/\_/\//g;
+            if ($sec eq '') {
+                $scope = $scopestem;
+            } else {
+                $scope = $scopestem.'/'.$sec;
+            }
+        } elsif ($context eq 'course') {
             ($uname,$udom,$role,$sec,$type,$locktype) = split(/\:/,$item,-1);
             $cid = $env{'request.course.id'};
             $scopestem = '/'.$cid;
@@ -3349,8 +3490,14 @@ sub update_user_list {
         my ($uid,$first,$middle,$last,$gene,$sec);
         my $start = $env{'form.'.$item.'_start'};
         my $end = $env{'form.'.$item.'_end'};
-        # revoke or delete user role
-        if ($choice eq 'revoke') {
+        if ($choice eq 'drop') {
+            # drop students
+            $end = $now;
+            $type = 'manual';
+            $result =
+                &Apache::lonnet::modify_student_enrollment($udom,$uname,undef,undef,undef,undef,undef,$sec,$end,$start,$type,$locktype,$cid);
+        } elsif ($choice eq 'revoke') {
+            # revoke or delete user role
             $end = $now; 
             if ($role eq 'st') {
                 $result = 
@@ -3452,19 +3599,26 @@ sub update_user_list {
                 }
             }
         }
+        my $extent = $scope;
+        if ($choice eq 'drop' || $context eq 'course') {
+            my ($cnum,$cdom,$cdesc) = &get_course_identity($cid);
+            if ($cdesc) {
+                $extent = $cdesc;
+            }
+        }
         if ($result eq 'ok' || $result eq 'ok:') {
             $r->print(&mt("$result_text{'ok'}{$choice} role of '[_1]' in [_2] for [_3]",
-                          $plrole,$scope,$uname.':'.$udom).'<br />');
+                          $plrole,$extent,$uname.':'.$udom).'<br />');
             $count++;
         } else {
             $r->print(
                 &mt("Error $result_text{'error'}{$choice} [_1] in [_2] for [_3]:[_4]",
-                    $plrole,$scope,$uname.':'.$udom,$result).'<br />');
+                    $plrole,$extent,$uname.':'.$udom,$result).'<br />');
         }
     }
     $r->print('<p><b>'.&mt("$result_text{'ok'}{$choice} role(s) for [quant,_1,user,users,users].",$count).'</b></p>');
     if ($count > 0) {
-        if ($choice eq 'revoke') {
+        if ($choice eq 'revoke' || $choice eq 'drop') {
             $r->print('<p>'.&mt('Re-enabling will re-activate data for the role.</p>'));
         }
         # Flush the course logs so reverse user roles immediately updated
@@ -3693,5 +3847,352 @@ ENDSECCODE
     return $setsection_js; 
 }
 
+sub can_create_user {
+    my ($dom,$context,$usertype) = @_;
+    my %domconf = &Apache::lonnet::get_dom('configuration',['usercreation'],$dom);
+    my $cancreate = 1;
+    if (ref($domconf{'usercreation'}) eq 'HASH') {
+        if (ref($domconf{'usercreation'}{'cancreate'}) eq 'HASH') {
+            if ($context eq 'course' || $context eq 'author') {
+                my $creation = $domconf{'usercreation'}{'cancreate'}{$context};
+                if ($creation eq 'none') {
+                    $cancreate = 0;
+                } elsif ($creation ne 'any') {
+                    if (defined($usertype)) {
+                        if ($creation ne $usertype) {
+                            $cancreate = 0;
+                        }
+                    }
+                }
+            }
+        }
+    }
+    return $cancreate;
+}
+
+sub can_modify_userinfo {
+    my ($context,$dom,$fields,$userroles) = @_;
+    my %domconfig =
+       &Apache::lonnet::get_dom('configuration',['usermodification'],
+                                $dom);
+    my %canmodify;
+    if (ref($fields) eq 'ARRAY') {
+        foreach my $field (@{$fields}) {
+            $canmodify{$field}  = 0;
+            if (&Apache::lonnet::allowed('mau',$dom)) {
+                $canmodify{$field} = 1;
+            } else {
+                if (ref($domconfig{'usermodification'}) eq 'HASH') {
+                    if (ref($domconfig{'usermodification'}{$context}) eq 'HASH') {
+                        if (ref($userroles) eq 'ARRAY') {
+                            foreach my $role (@{$userroles}) {
+                                my $testrole;
+                                if ($role =~ /^cr\//) {
+                                    $testrole = 'cr';
+                                } else {
+                                    $testrole = $role;
+                                }
+                                if (ref($domconfig{'usermodification'}{$context}{$testrole}) eq 'HASH') {
+                                    if ($domconfig{'usermodification'}{$context}{$testrole}{$field}) {
+                                        $canmodify{$field} = 1;
+                                        last;
+                                    }
+                                }
+                            }
+                        } else {
+                            foreach my $key (keys(%{$domconfig{'usermodification'}{$context}})) {
+                                if (ref($domconfig{'usermodification'}{$context}{$key}) eq 'HASH') {
+                                    if ($domconfig{'usermodification'}{$context}{$key}{$field}) {
+                                        $canmodify{$field} = 1;
+                                        last;
+                                    }
+                                }
+                            }
+                        }
+                    }
+                } elsif ($context eq 'course') {
+                    if (ref($userroles) eq 'ARRAY') {
+                        if (grep(/^st$/,@{$userroles})) {
+                            $canmodify{$field} = 1;
+                        }
+                    } else {
+                        $canmodify{$field} = 1;
+                    }
+                }
+            }
+        }
+    }
+    return %canmodify;
+}
+
+sub check_usertype {
+    my ($dom,$uname,$rules) = @_;
+    my $usertype;
+    if (ref($rules) eq 'HASH') {
+        my @user_rules = keys(%{$rules});
+        if (@user_rules > 0) {
+            my %rule_check = &Apache::lonnet::inst_rulecheck($dom,$uname,undef,'username',\@user_rules);
+            if (keys(%rule_check) > 0) {
+                $usertype = 'unofficial';
+                foreach my $item (keys(%rule_check)) {
+                    if ($rule_check{$item}) {
+                        $usertype = 'official';
+                        last;
+                    }
+                }
+            }
+        }
+    }
+    return $usertype;
+}
+
+sub roles_by_context {
+    my ($context,$custom) = @_;
+    my @allroles;
+    if ($context eq 'course') {
+        @allroles = ('st','ad','ta','ep','in','cc');
+        if ($custom) {
+            push(@allroles,'cr');
+        }
+    } elsif ($context eq 'author') {
+        @allroles = ('ca','aa');
+    } elsif ($context eq 'domain') {
+        @allroles = ('li','dg','sc','au','dc');
+    }
+    return @allroles;
+}
+
+sub get_permission {
+    my ($context,$roles) = @_;
+    my %permission;
+    if ($context eq 'course') {
+        my $custom = 1;
+        my @allroles = &roles_by_context($context,$custom);
+        foreach my $role (@allroles) {
+            if (&Apache::lonnet::allowed('c'.$role,$env{'request.course.id'})) {
+                $permission{'cusr'} = 1;
+                last;
+            }
+        }
+        if (&Apache::lonnet::allowed('ccr',$env{'request.course.id'})) {
+            $permission{'custom'} = 1;
+        }
+        if (&Apache::lonnet::allowed('vcl',$env{'request.course.id'})) {
+            $permission{'view'} = 1;
+        }
+        if (!$permission{'view'}) {
+            my $scope = $env{'request.course.id'}.'/'.$env{'request.course.sec'};
+            $permission{'view'} =  &Apache::lonnet::allowed('vcl',$scope);
+            if ($permission{'view'}) {
+                $permission{'view_section'} = $env{'request.course.sec'};
+            }
+        }
+        if (!$permission{'cusr'}) {
+            if ($env{'request.course.sec'} ne '') {
+                my $scope = $env{'request.course.id'}.'/'.$env{'request.course.sec'};
+                $permission{'cusr'} = (&Apache::lonnet::allowed('cst',$scope));
+                if ($permission{'cusr'}) {
+                    $permission{'cusr_section'} = $env{'request.course.sec'};
+                }
+            }
+        }
+        if (&Apache::lonnet::allowed('mdg',$env{'request.course.id'})) {
+            $permission{'grp_manage'} = 1;
+        }
+    } elsif ($context eq 'author') {
+        $permission{'cusr'} = &authorpriv($env{'user.name'},$env{'request.role.domain'});
+        $permission{'view'} = $permission{'cusr'};
+    } else {
+        my @allroles = &roles_by_context($context);
+        foreach my $role (@allroles) {
+            if (&Apache::lonnet::allowed('c'.$role,$env{'request.role.domain'})) {                $permission{'cusr'} = 1;
+                last;
+            }
+        }
+        if (!$permission{'cusr'}) {
+            if (&Apache::lonnet::allowed('mau',$env{'request.role.domain'})) {
+                $permission{'cusr'} = 1;
+            }
+        }
+        if (&Apache::lonnet::allowed('ccr',$env{'request.role.domain'})) {
+            $permission{'custom'} = 1;
+        }
+        $permission{'view'} = $permission{'cusr'};
+    }
+    my $allowed = 0;
+    foreach my $perm (values(%permission)) {
+        if ($perm) { $allowed=1; last; }
+    }
+    return (\%permission,$allowed);
+}
+
+# ==================================================== Figure out author access
+
+sub authorpriv {
+    my ($auname,$audom)=@_;
+    unless ((&Apache::lonnet::allowed('cca',$audom.'/'.$auname))
+         || (&Apache::lonnet::allowed('caa',$audom.'/'.$auname))) { return ''; }    return 1;
+}
+
+sub get_course_identity {
+    my ($cid) = @_;
+    my ($cnum,$cdom,$cdesc);
+    if ($cid eq '') {
+        $cid = $env{'request.course.id'}
+    }
+    if ($cid ne '') {
+        $cnum = $env{'course.'.$cid.'.num'};
+        $cdom = $env{'course.'.$cid.'.domain'};
+        $cdesc = $env{'course.'.$cid.'.description'};
+        if ($cnum eq '' || $cdom eq '') {
+            my %coursehash =
+                &Apache::lonnet::coursedescription($cid,{'one_time' => 1});
+            $cdom = $coursehash{'domain'};
+            $cnum = $coursehash{'num'};
+            $cdesc = $coursehash{'description'};
+        }
+    }
+    return ($cnum,$cdom,$cdesc);
+}
+
+sub dc_setcourse_js {
+    my ($formname,$mode) = @_;
+    my $dc_setcourse_code;
+    my $cctext = &Apache::lonnet::plaintext('cc');
+    my %alerts = &sectioncheck_alerts();
+    my $role = 'role';
+    if ($mode eq 'upload') {
+        $role = 'courserole';
+    }
+    $dc_setcourse_code = (<<"SCRIPTTOP");
+function setCourse() {
+    var course = document.$formname.dccourse.value;
+    if (course != "") {
+        if (document.$formname.dcdomain.value != document.$formname.origdom.value) {
+            alert("$alerts{'curd'}");
+            return;
+        }
+        var userrole = document.$formname.$role.options[document.$formname.$role.selectedIndex].value
+        var section="";
+        var numsections = 0;
+        var newsecs = new Array();
+        for (var i=0; i<document.$formname.currsec.length; i++) {
+            if (document.$formname.currsec.options[i].selected == true ) {
+                if (document.$formname.currsec.options[i].value != "" && document.$formname.currsec.options[i].value != null) {
+                    if (numsections == 0) {
+                        section = document.$formname.currsec.options[i].value
+                        numsections = 1;
+                    }
+                    else {
+                        section = section + "," +  document.$formname.currsec.options[i].value
+                        numsections ++;
+                    }
+                }
+            }
+        }
+        if (document.$formname.newsec.value != "" && document.$formname.newsec.value != null) {
+            if (numsections == 0) {
+                section = document.$formname.newsec.value
+            }
+            else {
+                section = section + "," +  document.$formname.newsec.value
+            }
+            newsecs = document.$formname.newsec.value.split(/,/g);
+            numsections = numsections + newsecs.length;
+        }
+        if ((userrole == 'st') && (numsections > 1)) {
+            alert("$alerts{'inea'}. $alerts{'youh'} "+numsections+" $alerts{'sect'}.\\n$alerts{'plsm'}.")
+            return;
+        }
+        for (var j=0; j<newsecs.length; j++) {
+            if ((newsecs[j] == 'all') || (newsecs[j] == 'none')) {
+                alert("'"+newsecs[j]+"' $alerts{'mayn'}.\\n$alerts{'plsc'}.");
+                return;
+            }
+            if (document.$formname.groups.value != '') {
+                var groups = document.$formname.groups.value.split(/,/g);
+                for (var k=0; k<groups.length; k++) {
+                    if (newsecs[j] == groups[k]) {
+                        alert("'"+newsecs[j]+"' $alerts{'mayt'}.\\n$alerts{'secn'}. $alerts{'plsc'}.");
+                        return;
+                    }
+                }
+            }
+        }
+        if ((userrole == 'cc') && (numsections > 0)) {
+            alert("$alerts{'secd'} $cctext $alerts{'role'}.\\n$alerts{'accr'}.");
+            section = "";
+        }
+SCRIPTTOP
+    if ($mode ne 'upload') {
+        $dc_setcourse_code .= (<<"ENDSCRIPT");
+        var coursename = "_$env{'request.role.domain'}"+"_"+course+"_"+userrole
+        var numcourse = getIndex(document.$formname.dccourse);
+        if (numcourse == "-1") {
+            alert("$alerts{'thwa'}");
+            return;
+        }
+        else {
+            document.$formname.elements[numcourse].name = "act"+coursename;
+            var numnewsec = getIndex(document.$formname.newsec);
+            if (numnewsec != "-1") {
+                document.$formname.elements[numnewsec].name = "sec"+coursename;
+                document.$formname.elements[numnewsec].value = section;
+            }
+            var numstart = getIndex(document.$formname.start);
+            if (numstart != "-1") {
+                document.$formname.elements[numstart].name = "start"+coursename;
+            }
+            var numend = getIndex(document.$formname.end);
+            if (numend != "-1") {
+                document.$formname.elements[numend].name = "end"+coursename
+            }
+        }
+    }
+    document.$formname.submit();
+}
+
+ENDSCRIPT
+    } else {
+        $dc_setcourse_code .=  "
+        document.$formname.sections.value = section;
+    }
+    return 'ok';
+}
+";
+    }
+    $dc_setcourse_code .= (<<"ENDSCRIPT");
+
+    function getIndex(caller) {
+        for (var i=0;i<document.$formname.elements.length;i++) {
+            if (document.$formname.elements[i] == caller) {
+                return i;
+            }
+        }
+        return -1;
+    }
+ENDSCRIPT
+}
+
+sub sectioncheck_alerts {
+    my %alerts = &Apache::lonlocal::texthash(
+                    curd => 'You must select a course in the current domain',
+                    inea => 'In each course, each user may only have one student role at a time',
+                    youh => 'You had selected',
+                    sect => 'sections',
+                    plsm => 'Please modify your selections so they include no more than one section',
+                    mayn => 'may not be used as the name for a section, as it is a reserved word',
+                    plsc => 'Please choose a different section name',
+                    mayt => 'may not be used as the name for a section, as it is the name of a course group',
+                    secn => 'Section names and group names must be distinct',
+                    secd => 'Section designations do not apply to ',
+                    role => 'roles',
+                    accr => 'role will be added with access to all sections',
+                    thwa => 'There was a problem with your course selection'
+                 );
+    return %alerts;
+}
+
+
 1;
 

'.&mt('manual').'	Change
	'; + $manualcount ++; + if ($in{'lockedtype'}) { + $cellentry .= ' '.&mt('Unlock').''; + $unlockcount ++; + } else { + $cellentry .= ' '.&mt('Lock').''; + $lockcount ++; + } + $cellentry .= '