--- loncom/interface/lonuserutils.pm	2007/12/21 20:34:26	1.21
+++ loncom/interface/lonuserutils.pm	2007/12/26 13:55:32	1.35
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Utility functions for managing LON-CAPA user accounts
 #
-# $Id: lonuserutils.pm,v 1.21 2007/12/21 20:34:26 raeburn Exp $
+# $Id: lonuserutils.pm,v 1.35 2007/12/26 13:55:32 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -68,7 +68,8 @@ sub modifystudent {
                     my $reply=&Apache::lonnet::modifystudent
                         # dom  name  id mode pass     f     m     l     g
                         ($udom,$unam,'',  '',  '',undef,undef,undef,undef,
-                         $section,time,undef,undef,$desiredhost);
+                         $section,time,undef,undef,$desiredhost,'','manual',
+                         '',$courseid);
                     $result .= $reply.':';
                 }
             }
@@ -126,6 +127,7 @@ sub modifyuserrole {
                                     $email,$role,$start,$end);
     if ($userresult eq 'ok') {
         if ($role ne '') {
+            $role =~ s/_/\//g;
             $roleresult = &Apache::lonnet::assignrole($udom,$uname,$scope,
                                                       $role,$end,$start);
         }
@@ -145,7 +147,7 @@ sub propagate_id_change {
                 one_time => 1,
                );
     foreach my $item (keys(%roleshash)) {
-        my ($cnum,$cdom,$role) = split(/:/,$item);
+        my ($cnum,$cdom,$role) = split(/:/,$item,-1);
         my ($start,$end) = split(/:/,$roleshash{$item});
         if (&Apache::lonnet::is_course($cdom,$cnum)) {
             my $result = &update_classlist($cdom,$cnum,$udom,$uname,$user);
@@ -265,7 +267,7 @@ sub hidden_input {
 }
 
 sub print_upload_manager_header {
-    my ($r,$datatoken,$distotal,$krbdefdom,$context)=@_;
+    my ($r,$datatoken,$distotal,$krbdefdom,$context,$permission)=@_;
     my $javascript;
     #
     if (! exists($env{'form.upfile_associate'})) {
@@ -295,9 +297,14 @@ sub print_upload_manager_header {
         $password_choice = 'int';
     }
     #
+    my $groupslist;
+    if ($context eq 'course') {
+        $groupslist = &get_groupslist();
+    }
     my $javascript_validations =
-        &javascript_validations('auth',$krbdefdom,$password_choice,undef,
-                                $env{'request.role.domain'});
+        &javascript_validations('upload',$krbdefdom,$password_choice,undef,
+                                $env{'request.role.domain'},$context,
+                                $groupslist);
     my $checked=(($env{'form.noFirstLine'})?' checked="checked" ':'');
     $r->print(&mt('Total number of records found in file: <b>[_1]</b>.',$distotal).
               "<br />\n");
@@ -324,26 +331,51 @@ sub print_upload_manager_header {
 ###############################################################
 ###############################################################
 sub javascript_validations {
-    my ($mode,$krbdefdom,$curr_authtype,$curr_authfield,$domain)=@_;
-    my $authheader;
-    if ($mode eq 'auth') {
-        my %param = ( formname => 'studentform',
-                      kerb_def_dom => $krbdefdom,
-                      curr_authtype => $curr_authtype);
-        $authheader = &Apache::loncommon::authform_header(%param);
-    } elsif ($mode eq 'createcourse') {
-        my %param = ( formname => 'ccrs',
-                      kerb_def_dom => $krbdefdom,
-                      curr_authtype => $curr_authtype );
-        $authheader = &Apache::loncommon::authform_header(%param);
-    } elsif ($mode eq 'modifycourse') {
-        my %param = ( formname => 'cmod',
+    my ($mode,$krbdefdom,$curr_authtype,$curr_authfield,$domain,
+        $context,$groupslist)=@_;
+
+    my %param = (
                   kerb_def_dom => $krbdefdom,
-                  mode => 'modifycourse',
                   curr_authtype => $curr_authtype,
-                  curr_autharg => $curr_authfield );
-        $authheader = &Apache::loncommon::authform_header(%param);
+                );
+    if ($mode eq 'createuser') {
+        $param{'formname'} = 'cu';
+    } elsif ($mode eq 'upload') {
+        $param{'formname'} = 'studentform';
+    } elsif ($mode eq 'singlestudent') {
+        $param{'formname'} = 'cu';
+    } elsif ($mode eq 'createcourse') {
+        $param{'formname'} = 'ccrs';
+    } elsif ($mode eq 'modifycourse') {
+        $param{'formname'} = 'cmod';
+        $param{'mode'} = 'modifycourse',
+        $param{'curr_autharg'} = $curr_authfield;
+    }
+
+    my ($setsection_call,$setsections_js);
+    my $finish = "  vf.submit();\n";
+    if ($mode eq 'upload') {
+        if (($context eq 'course') || ($context eq 'domain')) {
+            if ($context eq 'course') {
+                if ($env{'request.course.sec'} eq '') {
+                    $setsection_call = 'setSections(document.'.$param{'formname'}.');';
+                    $setsections_js =
+                        &setsections_javascript($param{'formname'},$groupslist,
+                                                $mode);
+                } else {
+                    $setsection_call = "'ok'";
+                }
+            } elsif ($context eq 'domain') {
+                $setsection_call = 'setCourse()';
+                $setsections_js = &dc_setcourse_js($param{'formname'},$mode);
+            }
+            $finish = "  var checkSec = $setsection_call\n".
+                      "  if (checkSec == 'ok') {\n".
+                      "      vf.submit();\n".
+                      "   }\n";
+        }
     }
+    my $authheader = &Apache::loncommon::authform_header(%param);
 
     my %alert = &Apache::lonlocal::texthash
         (username => 'You need to specify the username field.',
@@ -358,8 +390,9 @@ sub javascript_validations {
          continue => 'Continue adding users?',
          );
 
-#    my $pjump_def = &Apache::lonhtmlcommon::pjump_javascript_definition();
     my $function_name =(<<END);
+$setsections_js
+
 function verify_message (vf,founduname,foundpwd,foundname,foundid,foundsec,foundemail) {
 END
     my ($authnum,%can_assign) =  &Apache::loncommon::get_assignable_auth($domain);
@@ -479,21 +512,21 @@ END
         message+= '\\n$alert{'continue'}';
         if (confirm(message)) {
             vf.state.value='enrolling';
-            vf.submit();
+            $finish
         }
     } else {
         vf.state.value='enrolling';
-        vf.submit();
+        $finish
     }
 }
 END
     }
     my $result = $function_name;
-    if ( ($mode eq 'auth') || ($mode eq 'createcourse') || ($mode eq 'modifycourse')  ) {
+    if ( ($mode eq 'upload') || ($mode eq 'createcourse') || ($mode eq 'modifycourse')  ) {
         $result .= $auth_checks;
     }
     $result .= $optional_checks."\n".$section_checks;
-    if ( ($mode eq 'auth') || ($mode eq 'createcourse') || ($mode eq 'modifycourse')  ) {
+    if ( ($mode eq 'upload') || ($mode eq 'createcourse') || ($mode eq 'modifycourse')  ) {
         $result .= $authheader;
     }
     return $result;
@@ -654,18 +687,12 @@ ENDPICK
 ###############################################################
 ###############################################################
 sub print_upload_manager_footer {
-    my ($r,$i,$keyfields,$defdom,$today,$halfyear,$context)=@_;
-    my $formname;
-    if ($context eq 'course') {
-        $formname = 'document.studentform';
-    } elsif ($context eq 'author') {
-        $formname = 'document.studentform';
-    } elsif ($context eq 'domain') {
-        $formname = 'document.studentform';
-    }
+    my ($r,$i,$keyfields,$defdom,$today,$halfyear,$context,$permission) = @_;
+    my $form = 'document.studentform';
+    my $formname = 'studentform';
     my ($krbdef,$krbdefdom) =
         &Apache::loncommon::get_kerberos_defaults($defdom);
-    my %param = ( formname => $formname,
+    my %param = ( formname => $form,
                   kerb_def_dom => $krbdefdom,
                   kerb_def_auth => $krbdef
                   );
@@ -677,8 +704,8 @@ sub print_upload_manager_footer {
     my $krbform = &Apache::loncommon::authform_kerberos(%param);
     my $intform = &Apache::loncommon::authform_internal(%param);
     my $locform = &Apache::loncommon::authform_local(%param);
-    my $date_table = &date_setting_table(undef,undef,$context);
-
+    my $date_table = &date_setting_table(undef,undef,$context,undef,
+                                         $formname,$permission);
     my $Str = "\n".'<div class="LC_left_float">';
     $Str .= &hidden_input('nfields',$i);
     $Str .= &hidden_input('keyfields',$keyfields);
@@ -711,29 +738,30 @@ sub print_upload_manager_footer {
     }
     if ($context eq 'author') {
         $Str .= '<h3>'.&mt('Default role')."</h3>\n".
-                &mt('Choose the role to assign to users without one specified in the uploaded file');
+                &mt('Choose the role to assign to users without a value specified in the uploaded file');
     } elsif ($context eq 'course') {
         $Str .= '<h3>'.&mt('Default role and section')."</h3>\n".
-                &mt('Choose the role and/or section to assign to users without one specified in the uploaded file');
+                &mt('Choose the role and/or section(s) to assign to users without values specified in the uploaded file');
     } else {
-        $Str .= '<br /><br /><b>'.&mt('Default role and/or section')."</b><br />\n".
-                &mt('Role and/or section for users without one in the uploaded file.');
+        $Str .= '<br /><br /><b>'.&mt('Default role and/or section(s)')."</b><br />\n".
+                &mt('Role and/or section(s) for users without values specified in the uploaded file.');
     }
-    $Str .= '<br /><br />';
-    my ($options,$cb_script,$coursepick) = &default_role_selector($context,'defaultrole',1);
-    if ($context eq 'domain') {
-        $Str .= '<span class="LC_role_level">'.&mt('Domain Level').'</span><br />'.$options.'<br /><br /><span class="LC_role_level">'.&mt('Course Level').'</span><br />'.$cb_script.$coursepick;
-    } elsif ($context eq 'author') {
-        $Str .= $options;
+    $Str .= '<br />';
+    if (($context eq 'domain') || ($context eq 'author')) {
+        my ($options,$cb_script,$coursepick) = &default_role_selector($context,1);
+        if ($context eq 'domain') {
+            $Str .= '<span class="LC_role_level">'.&mt('Domain Level').'</span><br />'.$options.'<br /><br /><span class="LC_role_level">'.&mt('Course Level').'</span><br />'.$cb_script.$coursepick;
+        } elsif ($context eq 'author') {
+            $Str .= $options;
+        }
     } else {
-        $Str .= '<table><tr><td><span class="LC_nobreak"<b>'.&mt('role').':&nbsp;</b>'.
-                $options.'</span></td><td>&nbsp;</td><td><span class="LC_nobreak">'.
-                '<b>'.&mt('section').':&nbsp;</b><input type="text" name="section" value="" size="12" /></span></td></tr></table>';
-    }
-    if ($context eq 'course') {
-        $Str .= "<h3>".&mt('Full Update')."</h3>\n".
-                '<label><input type="checkbox" name="fullup" value="yes">'.
-                ' '.&mt('Full update (also print list of users not enrolled anymore)').
+        my ($cnum,$cdom) = &get_course_identity();
+        my $rowtitle = &mt('section');
+        my $secbox = &section_picker($cdom,$cnum,'Any',$rowtitle,
+                                     $permission,$context,'upload');
+        $Str .= $secbox."<h3>".&mt('Full Update')."</h3>\n".
+                '<p><label><input type="checkbox" name="fullup" value="yes">'.
+                ' '.&mt('Display students with current/future access, who are  not in the uploaded file.').'<br />'.&mt('Students selected from this list can be dropped.');
                 "</label></p>\n";
     }
     if ($context eq 'course' || $context eq 'domain') {
@@ -758,13 +786,14 @@ sub forceid_change {
         "<p>\n".'<label><input type="checkbox" name="forceid" value="yes">'.
         &mt('Disable ID/Student Number Safeguard and Force Change '.
         'of Conflicting IDs').'</label><br />'."\n".
-        &mt('(only do if you know what you are doing.)')."</br><br />\n";
+        &mt('(only do if you know what you are doing.)')."\n";
     if ($context eq 'domain') {
-        $output .= '<label><input type="checkbox" name="recurseid"'.
+        $output .= '<br /><label><input type="checkbox" name="recurseid"'.
                    ' value="yes">'. 
   &mt('Update ID/Student Number in courses in which user is Active/Future student,<br />(if forcing change).').
-                   '</label></p>'."\n";
+                   '</label>'."\n";
     }
+    $output .= '</p>';
     return $output;
 }
 
@@ -815,7 +844,8 @@ sub print_upload_manager_form {
     my ($krbdef,$krbdefdom) =
         &Apache::loncommon::get_kerberos_defaults($defdom);
     #
-    &print_upload_manager_header($r,$datatoken,$distotal,$krbdefdom,$context);
+    &print_upload_manager_header($r,$datatoken,$distotal,$krbdefdom,$context,
+                                 $permission);
     my $i;
     my $keyfields;
     if ($total>=0) {
@@ -849,11 +879,14 @@ sub print_upload_manager_form {
     }
     $r->print('</div>');
     &print_upload_manager_footer($r,$i,$keyfields,$defdom,$today,$halfyear,
-                                 $context);
+                                 $context,$permission);
 }
 
 sub setup_date_selectors {
-    my ($starttime,$endtime,$mode,$nolink) = @_;
+    my ($starttime,$endtime,$mode,$nolink,$formname) = @_;
+    if ($formname eq '') {
+        $formname = 'studentform';
+    }
     if (! defined($starttime)) {
         $starttime = time;
         unless ($mode eq 'create_enrolldates' || $mode eq 'create_defaultdates') {
@@ -876,11 +909,11 @@ sub setup_date_selectors {
     }
 
     my $startdateform = 
-        &Apache::lonhtmlcommon::date_setter('studentform','startdate',$starttime,
+        &Apache::lonhtmlcommon::date_setter($formname,'startdate',$starttime,
             undef,undef,undef,undef,undef,undef,undef,$nolink);
 
     my $enddateform = 
-        &Apache::lonhtmlcommon::date_setter('studentform','enddate',$endtime,
+        &Apache::lonhtmlcommon::date_setter($formname,'enddate',$endtime,
             undef,undef,undef,undef,undef,undef,undef,$nolink);
 
     if ($mode eq 'create_enrolldates') {
@@ -913,24 +946,27 @@ sub get_dates_from_form {
 }
 
 sub date_setting_table {
-    my ($starttime,$endtime,$mode,$bulkaction) = @_;
+    my ($starttime,$endtime,$mode,$bulkaction,$formname,$permission) = @_;
     my $nolink;
     if ($bulkaction) {
         $nolink = 1;
     }
     my ($startform,$endform) = 
-        &setup_date_selectors($starttime,$endtime,$mode,$nolink);
+        &setup_date_selectors($starttime,$endtime,$mode,$nolink,$formname);
     my $dateDefault;
     if ($mode eq 'create_enrolldates' || $mode eq 'create_defaultdates') {
         $dateDefault = '&nbsp;';
     } elsif ($mode ne 'author' && $mode ne 'domain') {
         if (($bulkaction eq 'reenable') || 
             ($bulkaction eq 'activate') || 
-            ($bulkaction eq 'chgdates')) { 
-            $dateDefault = '<span class="LC_nobreak">'.
-                '<label><input type="checkbox" name="makedatesdefault" /> '.
-                &mt('make these dates the default for future enrollment').
-                '</label></span>';
+            ($bulkaction eq 'chgdates') ||
+            ($env{'form.action'} eq 'upload')) {
+            if ($env{'request.course.sec'} eq '') {
+                $dateDefault = '<span class="LC_nobreak">'.
+                    '<label><input type="checkbox" name="makedatesdefault" value="1" /> '.
+                    &mt('make these dates the default access dates for future student enrollment').
+                    '</label></span>';
+            }
         }
     }
     my $perpetual = '<span class="LC_nobreak"><label><input type="checkbox" name="no_end_date"';
@@ -950,7 +986,7 @@ sub date_setting_table {
                                                      'LC_oddrow_value')."\n".
                $endform.'&nbsp;'.$perpetual.
                &Apache::lonhtmlcommon::row_closure(1).
-               &Apache::lonhtmlcommon::end_pick_box().'<br />';
+               &Apache::lonhtmlcommon::end_pick_box();
     if ($dateDefault) {
         $result .=  $dateDefault.'<br />'."\n";
     }
@@ -966,14 +1002,14 @@ sub make_dates_default {
                 {'default_enrollment_start_date'=>$startdate,
                  'default_enrollment_end_date'  =>$enddate},$cdom,$cnum);
         if ($put_result eq 'ok') {
-            $result .= &mt('Set default start and end dates for course').
+            $result .= &mt('Set default start and end access dates for course.').
                        '<br />'."\n";
             #
             # Refresh the course environment
             &Apache::lonnet::coursedescription($env{'request.course.id'},
                                                {'freshen_cache' => 1});
         } else {
-            $result .= &mt('Unable to set default dates for course').":".$put_result.
+            $result .= &mt('Unable to set default access dates for course.').":".$put_result.
                        '<br />';
         }
     }
@@ -1011,33 +1047,36 @@ sub default_role_selector {
            $options .= '  <option value="'.$role.'">'.$plrole.'</option>';
         }
         my $courseform = &Apache::loncommon::selectcourse_link
-            ('studentform','defaultcourse','defaultdomain','defaultdesc',"$env{'request.role.domain'}",undef,'Course');
+            ('studentform','dccourse','dcdomain','coursedesc',"$env{'request.role.domain'}",undef,'Course');
         $cb_jscript = 
-            &Apache::loncommon::coursebrowser_javascript($env{'request.role.domain'},'defaultsec','studentform');
+            &Apache::loncommon::coursebrowser_javascript($env{'request.role.domain'},'currsec','studentform');
         $coursepick = &Apache::loncommon::start_data_table().
                       &Apache::loncommon::start_data_table_header_row().
                       '<th>'.$courseform.'</th><th>'.$lt{'rol'}.'</th>'.
                       '<th>'.$lt{'grs'}.'</th>'.
                       &Apache::loncommon::end_data_table_header_row().
                       &Apache::loncommon::start_data_table_row()."\n".
-                      '<td><input type="text" name="defaultdesc" value="" onFocus="this.blur();opencrsbrowser('."'studentform','defcourse','defdomain','coursedesc',''".')" /></td>'."\n".
+                      '<td><input type="text" name="coursedesc" value="" onFocus="this.blur();opencrsbrowser('."'studentform','dccourse','dcdomain','coursedesc',''".')" /></td>'."\n".
                       '<td><select name="courserole">'."\n".
                       &default_course_roles($context,$checkpriv,%customroles)."\n".
                       '</select></td><td>'.
                       '<table class="LC_createuser">'.
                       '<tr class="LC_section_row"><td valign"top">'.
-                      $lt{'exs'}.'<br /><select name="defaultsec">'.
+                      $lt{'exs'}.'<br /><select name="currsec">'.
                       ' <option value=""><--'.&mt('Pick course first').
                       '</select></td>'.
                       '<td>&nbsp;&nbsp;</td>'.
                       '<td valign="top">'.$lt{'new'}.'<br />'.
                       '<input type="text" name="newsec" value="" size="5" />'.
-                      '<input type="hidden" name="groups" value="" /></td>'.
-                      '</tr></table></td>'.
+                      '<input type="hidden" name="groups" value="" />'.
+                      '<input type="hidden" name="sections" value="" />'.
+                      '<input type="hidden" name="origdom" value="'.
+                      $env{'request.role.domain'}.'" />'.
+                      '<input type="hidden" name="dccourse" value="" />'.
+                      '<input type="hidden" name="dcdomain" value="" />'.
+                      '</td></tr></table></td>'.
                       &Apache::loncommon::end_data_table_row().
-                      &Apache::loncommon::end_data_table()."\n".
-                      '<input type="hidden" name="defaultcourse" value="" />'.
-                      '<input type="hidden" name="defaultdomain" value="" />';
+                      &Apache::loncommon::end_data_table()."\n";
     }
     $options .= '</select>';
     return ($options,$cb_jscript,$coursepick);
@@ -1049,15 +1088,18 @@ sub default_course_roles {
     my $custom = 1;
     my @roles = &course_roles($context,$checkpriv,$custom);
     foreach my $role (@roles) {
-        my $plrole=&Apache::lonnet::plaintext($role);
-        $output .= '  <option value="'.$role.'">'.$plrole.'</option>';
+        if ($role ne 'cr') {
+            my $plrole=&Apache::lonnet::plaintext($role);
+            $output .= '  <option value="'.$role.'">'.$plrole.'</option>';
+        }
     }
     if (keys(%customroles) > 0) {
-        my %customroles = &my_custom_roles();
-        foreach my $cust (sort(keys(%customroles))) {
-            my $custrole='cr_cr_'.$env{'user.domain'}.
-                '_'.$env{'user.name'}.'_'.$cust;
-            $output .= '  <option value="'.$custrole.'">'.$cust.'</option>';
+        if (grep(/^cr$/,@roles)) {
+            foreach my $cust (sort(keys(%customroles))) {
+                my $custrole='cr_'.$env{'user.domain'}.
+                             '_'.$env{'user.name'}.'_'.$cust;
+                $output .= '  <option value="'.$custrole.'">'.$cust.'</option>';
+            }
         }
     }
     return $output;
@@ -1108,10 +1150,10 @@ sub course_roles {
                     if (&Apache::lonnet::allowed('c'.$role,$env{'request.course.id'})) {
                         push(@roles,$role);
                     } else {
-                        if ($role ne 'cc' && $env{'request.course.section'} ne '') {
-                            if (!&Apache::lonnet::allowed('c'.$role,
+                        if ($role ne 'cc' && $env{'request.course.sec'} ne '') {
+                            if (&Apache::lonnet::allowed('c'.$role,
                                              $env{'request.course.id'}.'/'.
-                                             $env{'request.course.section'})) {
+                                             $env{'request.course.sec'})) {
                                 push(@roles,$role);
                             }
                         }
@@ -1222,7 +1264,7 @@ sub print_userlist {
     if ($env{'form.showrole'} eq 'Any') {
        $roleselected = ' selected="selected" '; 
     }
-    my $role_select;
+    my ($role_select,$cnum,$cdom);
     if ($context eq 'domain') {
         $role_select = &domain_roles_select();
         $r->print('<label>'.&mt('Role Type: [_1]',$role_select).'</label>');
@@ -1236,19 +1278,24 @@ sub print_userlist {
             if ($role eq $env{'form.showrole'}) {
                 $roleselected = ' selected="selected" ';
             }
-            my $plrole=&Apache::lonnet::plaintext($role);
+            my $plrole;
+            if ($role eq 'cr') {
+                $plrole = &mt('Custom role');
+            } else {
+                $plrole=&Apache::lonnet::plaintext($role);
+            }
             $role_select .= '<option value="'.$role.'"'.$roleselected.'>'.$plrole.'</option>';
         }
-        $roleselected = '';
-        if ($env{'form.showrole'} eq 'cr') {
-            $roleselected = ' selected="selected" ';
-        }
-        $role_select .= '<option value="cr"'.$roleselected.'>'.&mt('Custom role').'</option>'.
-                        '</select>';
+        $role_select .= '</select>';
         $r->print('<label>'.&mt('Role: [_1]',$role_select).'</label>');
+        if ($context eq 'course') {
+            ($cnum,$cdom) = &get_course_identity();
+            $r->print(&section_group_filter($cnum,$cdom));
+        }
     }
     if (!(($context eq 'domain') && ($env{'form.roletype'} eq 'course'))) {
-        $r->print(&list_submit_button(&mt('Update Display'))."\n</p>\n");
+        $r->print('&nbsp;'.&list_submit_button(&mt('Update Display')).
+                  "\n</p>\n");
     }
     my ($indexhash,$keylist) = &make_keylist_array();
     my (%userlist,%userinfo);
@@ -1264,7 +1311,7 @@ sub print_userlist {
                   &Apache::lonhtmlcommon::row_closure(1).
                   &Apache::lonhtmlcommon::end_pick_box().'</p>'.
                   '<p>'.&list_submit_button(&mt('Update Display')).
-                  "\n</p>\n");
+                  "\n".'</p><span class="LC_warning">'.&mt('Warning: data retrieval for multiple courses can take considerable time, as this operation is not currently optimized.').'</span>'."\n");
         if ($env{'form.coursepick'}) {
             $r->print('<hr />'.&mt('Searching').' ...<br />&nbsp;<br />');
         }
@@ -1275,9 +1322,11 @@ sub print_userlist {
     if ($context eq 'course') {
         my $classlist = &Apache::loncoursedata::get_classlist();
         my $secidx = &Apache::loncoursedata::CL_SECTION();
+        my $viewablesec = &viewable_section($permission);
         foreach my $student (keys(%{$classlist})) {
-            if (exists($permission->{'view_section'})) {
-                if ($classlist->{$student}[$secidx] ne $permission->{'view_section'}) {
+            my $section = $classlist->{$student}[$secidx];
+            if ($viewablesec ne '') {
+                if ($section ne $viewablesec) {
                     next;
                 } else {
                     $userlist{$student} = $classlist->{$student};
@@ -1286,16 +1335,15 @@ sub print_userlist {
                 $userlist{$student} = $classlist->{$student};
             }
         }
-        my $cid =$env{'request.course.id'};
-        my ($cnum,$cdom) = &get_course_identity($cid);
         my $showroles;
         if ($env{'form.showrole'} ne 'Any') {
             $showroles = [$env{'form.showrole'}];
         } else {
             $showroles = undef;
         }
+        my $withsec = 1;
         my %advrolehash = &Apache::lonnet::get_my_roles($cnum,$cdom,undef,
-                                                        \@statuses,$showroles);
+                                    \@statuses,$showroles,undef,$withsec);
         &gather_userinfo($context,$format,\%userlist,$indexhash,\%userinfo,
                          \%advrolehash,$permission);
     } else {
@@ -1327,12 +1375,12 @@ sub print_userlist {
                         } else {
                             my @possroles;
                             if ($env{'form.showrole'} eq 'Any') {
-                                my @possroles = &roles_by_context($context);
+                                @possroles = &roles_by_context('author');
                             } else {
                                 @possroles = ($env{'form.showrole'}); 
                             }
                             foreach my $author (sort(keys(%{$dom_roles{$key}}))) {
-                                my ($role,$authorname,$authordom) = split(/:/,$author);
+                                my ($role,$authorname,$authordom) = split(/:/,$author,-1);
                                 my $extent = '/'.$authordom.'/'.$authorname;
                                 %{$coauthors{$extent}} =
                                     &Apache::lonnet::get_my_roles($authorname,
@@ -1348,8 +1396,6 @@ sub print_userlist {
                     my %courses = &process_coursepick();
                     my %allusers; 
                     foreach my $cid (keys(%courses)) {
-                        my %coursehash =
-                            &Apache::lonnet::coursedescription($cid,{'one_time' => 1});
                         my ($cnum,$cdom,$cdesc) = &get_course_identity($cid);
                         next if ($cnum eq '' || $cdom eq '');
                         my $custom = 1;
@@ -1357,7 +1403,6 @@ sub print_userlist {
                             %statushash);
                         if ($env{'form.showrole'} eq 'Any') {
                             @roles = &course_roles($context,undef,$custom);
-                            unshift(@roles,'cr');
                         } else {
                             @roles = ($env{'form.showrole'});
                         }
@@ -1425,6 +1470,62 @@ sub print_userlist {
               $env{'form.phase'}.'" /></form>');
 }
 
+sub section_group_filter {
+    my ($cnum,$cdom) = @_;
+    my @filters;
+    if ($env{'request.course.sec'} eq '') {
+        @filters = ('sec');
+    }
+    push(@filters,'grp');
+    my %name = (
+                 sec => 'secfilter',
+                 grp => 'grpfilter',
+               );
+    my %title = &Apache::lonlocal::texthash (
+                                              sec  => 'Section(s)',
+                                              grp  => 'Group(s)',
+                                              all  => 'all',
+                                              none => 'none',
+                                            );
+    my ($output,@options);
+    foreach my $item (@filters) {
+        my $markup; 
+        if ($env{'form.'.$name{$item}} eq '') {
+            $env{'form.'.$name{$item}} = 'all';
+        }
+        if ($item eq 'sec') {
+            if ($env{'form.showrole'} eq 'cc') {
+                $env{'form.'.$name{$item}} = 'none';
+            }
+            my %sections_count = &Apache::loncommon::get_sections($cdom,$cnum);
+            @options = sort(keys(%sections_count));
+        } elsif ($item eq 'grp') {
+            my %curr_groups = &Apache::longroup::coursegroups();
+            @options = sort(keys(%curr_groups));
+        }
+        if (@options > 0) {
+            my $currsel;
+            $markup = '<select name="'.$name{$item}.'" />'."\n";
+            foreach my $option ('all','none',@options) { 
+                $currsel = '';
+                if ($env{'form.'.$name{$item}} eq $option) {
+                    $currsel = ' selected="selected" ';
+                }
+                $markup .= ' <option value="'.$option.'"'.$currsel.'>';
+                if (($option eq 'all') || ($option eq 'none')) {
+                    $markup .= $title{$option};
+                } else {
+                    $markup .= $option;
+                }   
+                $markup .= '</option>'."\n";
+            }
+            $markup .= '</select>'."\n";
+            $output .= ('&nbsp;'x3).'<label>'.$title{$item}.': '.$markup.'</label>';
+        }
+    }
+    return $output;
+}
+
 sub list_submit_button {
     my ($text) = @_;
     return '<input type="button" name="updatedisplay" value="'.$text.'" onclick="javascript:display_update()" />';
@@ -1433,19 +1534,30 @@ sub list_submit_button {
 sub gather_userinfo {
     my ($context,$format,$userlist,$indexhash,$userinfo,$rolehash,$permission) = @_;
     foreach my $item (keys(%{$rolehash})) {
-        @{$userlist->{$item}} = ();
         my %userdata;
-        if ($context eq 'author' || $context eq 'course') { 
+        if ($context eq 'author') { 
             ($userdata{'username'},$userdata{'domain'},$userdata{'role'}) =
                 split(/:/,$item);
             ($userdata{'start'},$userdata{'end'})=split(/:/,$rolehash->{$item});
-            &build_user_record(\%userdata,$userinfo,$indexhash,$item,$userlist);
+            &build_user_record($context,\%userdata,$userinfo,$indexhash,
+                               $item,$userlist);
+        } elsif ($context eq 'course') {
+            my $viewablesec = &viewable_section($permission);
+            ($userdata{'username'},$userdata{'domain'},$userdata{'role'},
+             $userdata{'section'}) = split(/:/,$item,-1);
+            ($userdata{'start'},$userdata{'end'})=split(/:/,$rolehash->{$item});
+            if (($viewablesec ne '') && ($userdata{'section'} ne '')) {
+                next if ($viewablesec ne $userdata{'section'});
+            }
+            &build_user_record($context,\%userdata,$userinfo,$indexhash,
+                               $item,$userlist);
         } elsif ($context eq 'domain') {
             if ($env{'form.roletype'} eq 'domain') {
                 ($userdata{'role'},$userdata{'username'},$userdata{'domain'}) =
                     split(/:/,$item);
                 ($userdata{'end'},$userdata{'start'})=split(/:/,$rolehash->{$item});
-                &build_user_record(\%userdata,$userinfo,$indexhash,$item,$userlist);
+                &build_user_record($context,\%userdata,$userinfo,$indexhash,
+                                   $item,$userlist);
             } elsif ($env{'form.roletype'} eq 'author') {
                 if (ref($rolehash->{$item}) eq 'HASH') {
                     $userdata{'extent'} = $item;
@@ -1454,7 +1566,8 @@ sub gather_userinfo {
                         ($userdata{'start'},$userdata{'end'}) = 
                             split(/:/,$rolehash->{$item}{$key});
                         my $uniqid = $key.':'.$item;
-                        &build_user_record(\%userdata,$userinfo,$indexhash,$uniqid,$userlist);
+                        &build_user_record($context,\%userdata,$userinfo,
+                                           $indexhash,$uniqid,$userlist);
                     }
                 }
             } elsif ($env{'form.roletype'} eq 'course') {
@@ -1469,13 +1582,14 @@ sub gather_userinfo {
                             my $space = ', ';
                             if ($format eq 'html' || $format eq 'view') {
                                 $spanstart = '<span class="LC_nobreak">';
-                                if ($permission->{'cusr'}) {
-                                    if ($numcids > 1) {
-                                        $spanstart .= '<input type="radio" name="'.$item.'" value="'.$cid.'" &nbsp; />';
-                                    } else {
-                                        $spanstart .= '<input type="hidden" name="'.$item.'" value="'.$cid.'" &nbsp; />';
-                                    }
-                                }
+                                # FIXME: actions on courses disabled for now
+#                                if ($permission->{'cusr'}) {
+#                                    if ($numcids > 1) {
+#                                        $spanstart .= '<input type="radio" name="'.$item.'" value="'.$cid.'" />&nbsp;';
+#                                    } else {
+#                                        $spanstart .= '<input type="hidden" name="'.$item.'" value="'.$cid.'" />&nbsp;';
+#                                    }
+#                                }
                                 $spanend = '</span><br />';
                                 $space = ',&nbsp;';
                             }
@@ -1483,13 +1597,20 @@ sub gather_userinfo {
                                     $rolehash->{$item}{$cid}{'desc'}.$space;
                             if (ref($rolehash->{$item}{$cid}{'secs'}) eq 'HASH') { 
                                 foreach my $sec (sort(keys(%{$rolehash->{$item}{$cid}{'secs'}}))) {
-                                    $userdata{'extent'} .= $sec.$space.$rolehash->{$item}{$cid}{'secs'}{$sec}.$spanend;
+                                    if (($env{'form.Status'} eq 'Any') ||
+                                        ($env{'form.Status'} eq $rolehash->{$item}{$cid}{'secs'}{$sec})) {
+                                        $userdata{'extent'} .= $sec.$space.$rolehash->{$item}{$cid}{'secs'}{$sec}.$spanend;
+                                        $userdata{'status'} = $rolehash->{$item}{$cid}{'secs'}{$sec};
+                                    }
                                 }
                             }
                         }
                     }
                 }
-                &build_user_record(\%userdata,$userinfo,$indexhash,$item,$userlist);
+                if ($userdata{'status'} ne '') {
+                    &build_user_record($context,\%userdata,$userinfo,
+                                       $indexhash,$item,$userlist);
+                }
             }
         }
     }
@@ -1497,14 +1618,15 @@ sub gather_userinfo {
 }
 
 sub build_user_record {
-    my ($userdata,$userinfo,$indexhash,$record_key,$userlist) = @_;
+    my ($context,$userdata,$userinfo,$indexhash,$record_key,$userlist) = @_;
     next if ($userdata->{'start'} eq '-1' && $userdata->{'end'} eq '-1');
-    &process_date_info($userdata);
+    if (!(($context eq 'domain') && ($env{'form.roletype'} eq 'course'))) {
+        &process_date_info($userdata);
+    }
     my $username = $userdata->{'username'};
     my $domain = $userdata->{'domain'};
     if (ref($userinfo->{$username.':'.$domain}) eq 'HASH') {
-        $userdata->{'fullname'} =
-        $userinfo->{$username.':'.$domain}{'fullname'};
+        $userdata->{'fullname'} = $userinfo->{$username.':'.$domain}{'fullname'};
         $userdata->{'id'} = $userinfo->{$username.':'.$domain}{'id'};
     } else {
         &aggregate_user_info($domain,$username,$userinfo);
@@ -1754,10 +1876,10 @@ sub show_users_list {
     if (!grep(/^\Q$sortby\E$/,@sortable)) {
         $sortby = 'username';
     }
-    my $setting = $env{'form.roleaction'};
+    my $setting = $env{'form.roletype'};
     my ($cid,$cdom,$cnum,$classgroups,$displayphotos,$displayclickers);
     if ($context eq 'course') {
-        $cid=$env{'request.course.id'};
+        $cid = $env{'request.course.id'};
         ($cnum,$cdom) = &get_course_identity($cid);
         ($classgroups) = &Apache::loncoursedata::get_group_memberships(
                                      $userlist,$keylist,$cdom,$cnum);
@@ -1794,8 +1916,8 @@ END
     if ($mode ne 'autoenroll') {
         my $check_uncheck_js = &Apache::loncommon::check_uncheck_jscript();
         my $alert = &mt("You must select at least one user by checking a user's 'Select' checkbox");
-        my $singconfirm = &mt(' for a single user');
-        my $multconfirm = &mt(' for multiple users');
+        my $singconfirm = &mt(' for a single user?');
+        my $multconfirm = &mt(' for multiple users?');
         my $date_sec_selector = &date_section_javascript($context,$setting,$statusmode); 
         $r->print(<<END);
 
@@ -1923,10 +2045,10 @@ END
     my $results_description;
     if ($mode ne 'autoenroll') {
         $results_description = &results_header_row($rolefilter,$statusmode,
-                                                   $context,$permission);
+                                                   $context,$permission,$mode);
         $r->print('<b>'.$results_description.'</b><br />');
     }
-    my ($output,$actionselect);
+    my ($output,$actionselect,%canchange,%canchangesec);
     if ($mode eq 'html' || $mode eq 'view' || $mode eq 'autoenroll') {
         if ($mode ne 'autoenroll') {
             if ($permission->{'cusr'}) {
@@ -1965,6 +2087,45 @@ $lt{'ac'}:&nbsp;$actionselect <input typ
 <p><input type="button" value="$lt{'ca'}" onclick="javascript:checkAll(document.studentform.actionlist)" /> &nbsp;
 <input type="button" value="$lt{'ua'}" onclick="javascript:uncheckAll(document.studentform.actionlist)" />
 END
+                my @allroles;
+                if ($env{'form.showrole'} eq 'Any') {
+                    my $custom = 1;
+                    if ($context eq 'domain') {
+                        @allroles = &roles_by_context($setting,$custom);
+                    } else {
+                        @allroles = &roles_by_context($context,$custom);
+                    }
+                } else {
+                    @allroles = ($env{'form.showrole'});
+                }
+                foreach my $role (@allroles) {
+                    if ($context eq 'domain') {
+                        if ($setting eq 'domain') {
+                            if (&Apache::lonnet::allowed('c'.$role,
+                                    $env{'request.role.domain'})) {
+                                $canchange{$role} = 1;
+                            }
+                        } elsif ($setting eq 'author') {
+                            if (&Apache::lonnet::allowed('c'.$role,
+                                    $env{'request.role.domain'})) {
+                                $canchange{$role} = 1;
+                            }
+                        }
+                    } elsif ($context eq 'author') {
+                        if (&Apache::lonnet::allowed('c'.$role,
+                            $env{'user.domain'}.'/'.$env{'user.name'})) {
+                            $canchange{$role} = 1;
+                        }
+                    } elsif ($context eq 'course') {
+                        if (&Apache::lonnet::allowed('c'.$role,$env{'request.course.id'})) {
+                            $canchange{$role} = 1;
+                        } elsif ($env{'request.course.sec'} ne '') {
+                            if (&Apache::lonnet::allowed('c'.$role,$env{'request.course.id'}.'/'.$env{'request.course.sec'})) {
+                                $canchangesec{$role} = $env{'request.course.sec'};
+                            }
+                        }
+                    }
+                }
             }
         }
         $output .= "\n<p>\n".
@@ -2060,6 +2221,17 @@ END
         $index{$idx} = $i++;
     }
     my $usercount = 0;
+    my ($secfilter,$grpfilter);
+    if ($context eq 'course') {
+        $secfilter = $env{'form.secfilter'};
+        $grpfilter = $env{'form.grpfilter'};
+        if ($secfilter eq '') {
+            $secfilter = 'all';
+        }
+        if ($grpfilter eq '') {
+            $grpfilter = 'all';
+        }
+    }
     # Get groups, role, permanent e-mail so we can sort on them if
     # necessary.
     foreach my $user (keys(%{$userlist})) {
@@ -2097,11 +2269,40 @@ END
             delete($userlist->{$user});
             next;
         }
-        if (ref($classgroups) eq 'HASH') {
-            $groups = $classgroups->{$user};
-        }
-        if (ref($groups->{active}) eq 'HASH') {
-            $userlist->{$user}->[$index{'groups'}] = join(', ',keys(%{$groups->{'active'}}));
+        if ($context eq 'course') {
+            my @ac_groups;
+            if (ref($classgroups) eq 'HASH') {
+                $groups = $classgroups->{$user};
+            }
+            if (ref($groups->{'active'}) eq 'HASH') {
+                @ac_groups = keys(%{$groups->{'active'}});
+                $userlist->{$user}->[$index{'groups'}] = join(', ',@ac_groups);
+            }
+            if ($mode ne 'autoenroll') {
+                my $section = $userlist->{$user}->[$index{'section'}];
+                if ($secfilter eq 'none') {
+                    if ($section ne '') {
+                        delete($userlist->{$user});
+                        next;
+                    }
+                } elsif ($secfilter ne 'all') {
+                    if ($section ne $secfilter) {
+                        delete($userlist->{$user});
+                        next;
+                    }
+                }
+                if ($grpfilter eq 'none') {
+                    if (@ac_groups > 0) {
+                        delete($userlist->{$user});
+                        next;
+                    }
+                } elsif ($grpfilter ne 'all') {
+                    if (!grep(/^\Q$grpfilter\E$/,@ac_groups)) {
+                        delete($userlist->{$user});
+                        next;
+                    }
+                }
+            }
         }
         my %emails   = &Apache::loncommon::getemails($uname,$udom);
         if ($emails{'permanentemail'} =~ /\S/) {
@@ -2178,18 +2379,38 @@ END
                 $r->print("<td>$rowcount</td>\n");
                 $checkval;
                 if ($actionselect) {
-                    $checkval = $user; 
-                    if ($context eq 'course') {
-                        if ($role eq 'st') {
-                            $checkval .= ':st';
+                    my $showcheckbox;
+                    if ($role =~ /^cr\//) {
+                        $showcheckbox = $canchange{'cr'};
+                    } else {
+                        $showcheckbox = $canchange{$role};
+                    }
+                    if (!$showcheckbox) {
+                        if ($context eq 'course') {
+                            if ($canchangesec{$role} ne '') {
+                                if ($canchangesec{$role} eq $in{'section'}) {
+                                    $showcheckbox = 1;
+                                }
+                            }
                         }
-                        $checkval .= ':'.$in{'section'};
-                        if ($role eq 'st') {
-                            $checkval .= ':'.$in{'type'}.':'.$in{'lockedtype'};
+                    }
+                    if ($showcheckbox) {
+                        $checkval = $user; 
+                        if ($context eq 'course') {
+                            if ($role eq 'st') {
+                                $checkval .= ':st';
+                            }
+                            $checkval .= ':'.$in{'section'};
+                            if ($role eq 'st') {
+                                $checkval .= ':'.$in{'type'}.':'.
+                                             $in{'lockedtype'};
+                            }
                         }
+                        $r->print('<td><input type="checkbox" name="'.
+                                  'actionlist" value="'.$checkval.'"></td>');
+                    } else {
+                        $r->print('<td>&nbsp;</td>');
                     }
-                    $r->print('<td><input type="checkbox" name="actionlist" value="'.
-                              $checkval.'"></td>');
                 }
             }
             foreach my $item (@cols) {
@@ -2318,6 +2539,24 @@ sub select_actions {
                 chgsec   => "Change section associated with user roles",
     );
     my ($output,$options,%choices);
+    # FIXME Disable actions for now for roletype=course in domain context
+    if ($context eq 'domain' && $setting eq 'course') {
+        return;
+    }
+    if ($context eq 'course') {
+        if ($env{'form.showrole'} ne 'Any') {
+             if (!&Apache::lonnet::allowed('c'.$env{'form.showrole'},
+                                           $env{'request.course.id'})) {
+                 if ($env{'request.course.sec'} eq '') {
+                     return;
+                 } else {
+                     if (!&Apache::lonnet::allowed('c'.$env{'form.showrole'},$env{'request.course.id'}.'/'.$env{'request.course.sec'})) {
+                         return;
+                     }
+                 }
+            }
+        }
+    }
     if ($statusmode eq 'Any') {
         $options .= '
 <option value="chgdates">'.$lt{'chgdates'}.'</option>';
@@ -2344,7 +2583,7 @@ sub select_actions {
 <option value="delete">'.$lt{'delete'}.'</option>';
     }
     if (($context eq 'course') || ($context eq 'domain' && $setting eq 'course')) {
-        if ($statusmode ne 'Expired') {
+        if (($statusmode ne 'Expired') && ($env{'request.course.sec'} eq '')) {
             $options .= '
 <option value="chgsec">'.$lt{'chgsec'}.'</option>';
             $choices{'sections'} = 1;
@@ -2451,7 +2690,8 @@ END
             if (($env{'form.bulkaction'} eq 'reenable') || 
                 ($env{'form.bulkaction'} eq 'activate') || 
                 ($env{'form.bulkaction'} eq 'chgdates')) {
-                $output .= <<"END";
+                if ($env{'request.course.sec'} eq '') {
+                    $output .= <<"END";
  
         if (formname.makedatesdefault.checked == true) {
             opener.document.$callingform.makedatesdefault.value = 1;
@@ -2461,6 +2701,7 @@ END
         }
 
 END
+                }
             }
         }
         $output .= <<"END";
@@ -2510,12 +2751,10 @@ END
                 $date_items;
     if ($context eq 'course' && $env{'form.bulkaction'} eq 'chgsec') {
         my ($cnum,$cdom) = &get_course_identity();
-        my %sections_count =
-            &Apache::loncommon::get_sections($cdom,$cnum);
         my $info;
         if ($env{'form.showrole'} eq 'st') {
             $output .= '<p>'.$lt{'fors'}.'</p>'; 
-        } elsif ($env{'form.shorole'} eq 'Any') {
+        } elsif ($env{'form.showrole'} eq 'Any') {
             $output .= '<p>'.$lt{'fors'}.'</p>'.
                        '<p>'.$lt{'forn'}.'&nbsp;';
             $info = $lt{'reta'};
@@ -2536,7 +2775,6 @@ END
         } else {
             $info = '<input type="hidden" name="retainsec" value="0" />'; 
         }
-        my $sections_select .= &course_sections(\%sections_count,$env{'form.showrole'});
         my $rowtitle = &mt('New section to assign');
         my $secbox = &section_picker($cdom,$cnum,$env{'form.showrole'},$rowtitle,$permission,$context);
         $output .= $info.$secbox;
@@ -2579,13 +2817,15 @@ sub section_picker {
 }
 
 sub results_header_row {
-    my ($rolefilter,$statusmode,$context,$permission) = @_;
+    my ($rolefilter,$statusmode,$context,$permission,$mode) = @_;
     my ($description,$showfilter);
     if ($rolefilter ne 'Any') {
         $showfilter = $rolefilter;
     }
     if ($context eq 'course') {
-        $description = &mt('Course - ').$env{'course.'.$env{'request.course.id'}.'.description'}.': ';
+        if ($mode eq 'csv' || $mode eq 'excel') {
+            $description = &mt('Course - ').$env{'course.'.$env{'request.course.id'}.'.description'}.': ';
+        }
         if ($statusmode eq 'Expired') {
             $description .= &mt('Users in course with expired [_1] roles',$showfilter);
         } elsif ($statusmode eq 'Future') {
@@ -2599,13 +2839,48 @@ sub results_header_row {
                 $description .= &mt('All users in course with [_1] roles',$rolefilter);
             }
         }
-        if (exists($permission->{'view_section'})) {
+        my $constraint;
+        my $viewablesec = &viewable_section($permission);
+        if ($viewablesec ne '') {
             if ($env{'form.showrole'} eq 'st') {
-                $description .= ' '.&mt('(section [_1] only)',$permission->{'view_section'});
-            } elsif ($env{'form.showrole'} eq 'any') {
-                $description .= ' '.&mt('(section [_1] only)',$permission->{'view_section'});
+                $constraint = &mt('only users in section "[_1]"',$viewablesec);
+            } elsif ($env{'form.showrole'} ne 'cc') {
+                $constraint = &mt('only users affiliated with no section or section "[_1]"',$viewablesec);
+            }
+            if (($env{'form.grpfilter'} ne 'all') && ($env{'form.grpfilter'} ne '')) {
+                if ($env{'form.grpfilter'} eq 'none') {
+                    $constraint .= &mt(' and not in any group');
+                } else {
+                    $constraint .= &mt(' and members of group: "[_1]"',$env{'form.grpfilter'});
+                }
+            }
+        } else {
+            if (($env{'form.secfilter'} ne 'all') && ($env{'form.secfilter'} ne '')) {
+                if ($env{'form.secfilter'} eq 'none') {
+                    $constraint = &mt('only users affiliated with no section');
+                } else {
+                    $constraint = &mt('only users affiliated with section "[_1]"',$env{'form.secfilter'});
+                }
+            }
+            if (($env{'form.grpfilter'} ne 'all') && ($env{'form.grpfilter'} ne '')) {
+                if ($env{'form.grpfilter'} eq 'none') {
+                    if ($constraint eq '') {
+                        $constraint = &mt('only users not in any group');
+                    } else {
+                        $constraint .= &mt(' and also not in any group'); 
+                    }
+                } else {
+                    if ($constraint eq '') {
+                        $constraint = &mt('only members of group: "[_1]"',$env{'form.grpfilter'});
+                    } else {
+                        $constraint .= &mt(' and also members of group: "[_1]"'.$env{'form.grpfilter'});
+                    }
+                }
             }
         }
+        if ($constraint ne '') {
+            $description .= ' ('.$constraint.')';
+        } 
     } elsif ($context eq 'author') {
         $description = 
             &mt('Author space for <span class="LC_cusr_emph">[_1]</span>',
@@ -2685,12 +2960,26 @@ sub results_header_row {
     }
     return $description;
 }
+
+sub viewable_section {
+    my ($permission) = @_;
+    my $viewablesec;
+    if (ref($permission) eq 'HASH') {
+        if (exists($permission->{'view_section'})) {
+            $viewablesec = $permission->{'view_section'};
+        } elsif (exists($permission->{'cusr_section'})) {
+            $viewablesec = $permission->{'cusr_section'};
+        }
+    }
+    return $viewablesec;
+}
+
     
 #################################################
 #################################################
 sub show_drop_list {
-    my ($r,$classlist,$keylist,$nosort,$permission)=@_;
-    my $cid=$env{'request.course.id'};
+    my ($r,$classlist,$nosort,$permission) = @_;
+    my $cid = $env{'request.course.id'};
     my ($cnum,$cdom) = &get_course_identity($cid);
     if (! exists($env{'form.sortby'})) {
         &Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'},
@@ -2700,9 +2989,6 @@ sub show_drop_list {
     if ($sortby !~ /^(username|domain|section|groups|fullname|id|start|end)$/) {
         $sortby = 'username';
     }
-    my ($classgroups) = &Apache::loncoursedata::get_group_memberships(
-                                              $classlist,$keylist,$cdom,$cnum);
-    #
     my $action = "drop";
     my $check_uncheck_js = &Apache::loncommon::check_uncheck_jscript();
     $r->print(<<END);
@@ -2715,15 +3001,40 @@ $check_uncheck_js
 <p>
 <input type="hidden" name="phase" value="four">
 END
-
-my %lt=&Apache::lonlocal::texthash('usrn'   => "username",
-                                   'dom'    => "domain",
-                                   'sn'     => "student name",
-                                   'sec'    => "section",
-                                   'start'  => "start date",
-                                   'end'    => "end date",
-                                   'groups' => "active groups",
-                                   );
+    my ($indexhash,$keylist) = &make_keylist_array();
+    my $studentcount = 0;
+    if (ref($classlist) eq 'HASH') {
+        foreach my $student (keys(%{$classlist})) {
+            my $sdata = $classlist->{$student}; 
+            my $status = $sdata->[$indexhash->{'status'}];
+            my $section = $sdata->[$indexhash->{'section'}];
+            if ($status ne 'Active') {
+                delete($classlist->{$student});
+                next;
+            }
+            if ($env{'request.course.sec'} ne '') {
+                if ($section ne $env{'request.course.sec'}) {
+                    delete($classlist->{$student});
+                    next;
+                }
+            }
+            $studentcount ++;
+        }
+    }
+    if (!$studentcount) {
+        $r->print(&mt('There are no students to drop.'));
+        return;
+    }
+    my ($classgroups) = &Apache::loncoursedata::get_group_memberships(
+                                              $classlist,$keylist,$cdom,$cnum);
+    my %lt=&Apache::lonlocal::texthash('usrn'   => "username",
+                                       'dom'    => "domain",
+                                       'sn'     => "student name",
+                                       'sec'    => "section",
+                                       'start'  => "start date",
+                                       'end'    => "end date",
+                                       'groups' => "active groups",
+                                      );
     if ($nosort) {
         $r->print(&Apache::loncommon::start_data_table().
                   &Apache::loncommon::start_data_table_header_row());
@@ -2766,32 +3077,26 @@ END
     }
     #
     # Sort the students
-    my %index;
-    my $i;
-    foreach (@$keylist) {
-        $index{$_} = $i++;
-    }
-    $index{'groups'} = scalar(@$keylist);
-    my $index  = $index{$sortby};
-    my $second = $index{'username'};
-    my $third  = $index{'domain'};
+    my $index  = $indexhash->{$sortby};
+    my $second = $indexhash->{'username'};
+    my $third  = $indexhash->{'domain'};
     my @Sorted_Students = sort {
         lc($classlist->{$a}->[$index])  cmp lc($classlist->{$b}->[$index])
             ||
         lc($classlist->{$a}->[$second]) cmp lc($classlist->{$b}->[$second])
             ||
         lc($classlist->{$a}->[$third]) cmp lc($classlist->{$b}->[$third])
-        } (keys(%$classlist));
+        } (keys(%{$classlist}));
     foreach my $student (@Sorted_Students) {
         my $error;
         my $sdata = $classlist->{$student};
-        my $username = $sdata->[$index{'username'}];
-        my $domain   = $sdata->[$index{'domain'}];
-        my $section  = $sdata->[$index{'section'}];
-        my $name     = $sdata->[$index{'fullname'}];
-        my $id       = $sdata->[$index{'id'}];
-        my $start    = $sdata->[$index{'start'}];
-        my $end      = $sdata->[$index{'end'}];
+        my $username = $sdata->[$indexhash->{'username'}];
+        my $domain   = $sdata->[$indexhash->{'domain'}];
+        my $section  = $sdata->[$indexhash->{'section'}];
+        my $name     = $sdata->[$indexhash->{'fullname'}];
+        my $id       = $sdata->[$indexhash->{'id'}];
+        my $start    = $sdata->[$indexhash->{'start'}];
+        my $end      = $sdata->[$indexhash->{'end'}];
         my $groups = $classgroups->{$student};
         my $active_groups;
         if (ref($groups->{active}) eq 'HASH') {
@@ -2807,25 +3112,18 @@ END
         } else {
             $end = &Apache::lonlocal::locallocaltime($end);
         }
-        my $status   = $sdata->[$index{'status'}];
-        next if ($status ne 'Active');
-        if ($env{'request.course.sec'} ne '') {
-            if ($section ne $env{'request.course.sec'}) {
-                next;
-            }
-        }
         my $studentkey = $student.':'.$section;
-        my $startitem = '<input type="hidden" name="'.$studentkey.'_start" value="'.$sdata->[$index{'start'}].'" />';
+        my $startitem = '<input type="hidden" name="'.$studentkey.'_start" value="'.$sdata->[$indexhash->{'start'}].'" />';
         #
         $r->print(&Apache::loncommon::start_data_table_row());
         $r->print(<<"END");
-    <td><input type="checkbox" name="droplist" value="$student"></td>
+    <td><input type="checkbox" name="droplist" value="$studentkey"></td>
     <td>$username</td>
     <td>$domain</td>
     <td>$id</td>
     <td>$name</td>
     <td>$section</td>
-    <td>$start</td>
+    <td>$start $startitem</td>
     <td>$end</td>
     <td>$active_groups</td>
 END
@@ -2833,7 +3131,7 @@ END
     }
     $r->print(&Apache::loncommon::end_data_table().'<br />');
     %lt=&Apache::lonlocal::texthash(
-                       'dp'   => "Expire Users' Roles",
+                       'dp'   => "Drop Students",
                        'ca'   => "check all",
                        'ua'   => "uncheck all",
                                        );
@@ -2890,6 +3188,10 @@ sub upfile_drop_add {
             $fields{$env{'form.f'.$i}}=$keyfields[$i];
         }
     }
+    if ($env{'form.fullup'} ne 'yes') {
+        $r->print('<form name="studentform" method="post" action="/adm/createuser">'."\n".
+                  '<input type="hidden" name="action" value="'.$env{'form.action'}.'" />');
+    }
     #
     # Store the field choices away
     foreach my $field (qw/username names
@@ -2911,7 +3213,7 @@ sub upfile_drop_add {
     #
     my ($startdate,$enddate) = &get_dates_from_form();
     if ($env{'form.makedatesdefault'}) {
-        $r->print(&make_dates_default($startdate,$enddate));
+        $r->print(&make_dates_default($startdate,$enddate,$context));
     }
     # Determine domain and desired host (home server)
     my $domain=$env{'request.role.domain'};
@@ -2964,22 +3266,59 @@ sub upfile_drop_add {
             $defaultrole = $env{'form.defaultrole'};
         } elsif ($setting eq 'course') {
             $defaultrole = $env{'form.courserole'};
+            $defaultsec = $env{'form.sections'};
         }  
     } elsif ($context eq 'author') {
         $defaultrole = $env{'form.defaultrole'};
-    }
-    if ($context eq 'domain' && $setting eq 'course') { 
-        if ($env{'form.newsec'} ne '') {
-            $defaultsec = $env{'form.newsec'};
-        } elsif ($env{'form.defaultsec'} ne '') {
-            $defaultsec = $env{'form.defaultsec'}
-        }
+    } elsif ($context eq 'course') {
+        $defaultrole = $env{'form.defaultrole'};
+        $defaultsec = $env{'form.sections'};
     }
     if ($env{'request.course.id'} ne '') {
         $cid = $env{'request.course.id'};
-    } elsif ($env{'form.defaultdomain'} ne '' && $env{'form.defaultcourse'} ne '') {
-        $cid = $env{'form.defaultdomain'}.'_'.
-               $env{'form.defaultcourse'};
+    } elsif ($setting eq 'course') {
+        if (&Apache::lonnet::is_course($env{'form.dcdomain'},$env{'form.dccourse'})) {
+            $cid = $env{'form.dcdomain'}.'_'.$env{'form.dccourse'};
+        }
+    }
+    # Check to see if user information can be changed
+    my @userinfo = ('firstname','middlename','lastname','generation',
+                    'permanentemail','id');
+    my %canmodify;
+    if (&Apache::lonnet::allowed('mau',$domain)) {
+        foreach my $field (@userinfo) {
+            $canmodify{$field} = 1;
+        }
+    }
+    my (%userlist,%modifiable_fields,@poss_roles);
+    my $secidx = &Apache::loncoursedata::CL_SECTION();
+    my @courseroles = &roles_by_context('course',1);
+    if (!&Apache::lonnet::allowed('mau',$domain)) {
+        if ($context eq 'course' || $context eq 'author') {
+            @poss_roles =  &curr_role_permissions($context);
+            my @statuses = ('active','future');
+            my ($indexhash,$keylist) = &make_keylist_array();
+            my %info;
+            foreach my $role (@poss_roles) {
+                %{$modifiable_fields{$role}} = &can_modify_userinfo($context,$domain,
+                                                        \@userinfo,[$role]);
+            }
+            if ($context eq 'course') {
+                my ($cnum,$cdom) = &get_course_identity();
+                my $roster = &Apache::loncoursedata::get_classlist();
+                %userlist = %{$roster};
+                my %advrolehash = &Apache::lonnet::get_my_roles($cnum,$cdom,undef,
+                                                         \@statuses,\@poss_roles);
+                &gather_userinfo($context,'view',\%userlist,$indexhash,\%info,
+                                \%advrolehash,$permission);
+            } elsif ($context eq 'author') {
+                my %cstr_roles = &Apache::lonnet::get_my_roles(undef,undef,undef,
+                                                  \@statuses,\@poss_roles);
+                &gather_userinfo($context,'view',\%userlist,$indexhash,\%info,
+                             \%cstr_roles,$permission);
+
+            }
+        }
     }
     if ( $domain eq &LONCAPA::clean_domain($domain)
         && ($amode ne '')) {
@@ -3000,16 +3339,50 @@ sub upfile_drop_add {
                      );
         my $flushc=0;
         my %student=();
-        my %curr_groups;
+        my (%curr_groups,@sections,@cleansec,@secs,$defaultwarn,$groupwarn);
         my %userchg;
-        if ($context eq 'course') {
-            # Get information about course groups
-            %curr_groups = &Apache::longroup::coursegroups();
+        if ($context eq 'course' || $setting eq 'course') {
+            if ($context eq 'course') {
+                # Get information about course groups
+                %curr_groups = &Apache::longroup::coursegroups();
+            } elsif ($setting eq 'course') {
+                if ($cid) {
+                    %curr_groups =
+                        &Apache::longroup::coursegroups($env{'form.dcdomain'},
+                                                        $env{'form.dccourse'});
+                }
+            }
+            # determine section number
+            if ($defaultsec =~ /,/) {
+                push(@sections,split(/,/,$defaultsec));
+            } else {
+                push(@sections,$defaultsec);
+            }
+            # remove non alphanumeric values from section
+            foreach my $item (@sections) {
+                $item =~ s/\W//g;
+                if ($item eq "none" || $item eq 'all') {
+                    $defaultwarn = &mt('Default section name [_1] could not be used as it is a reserved word.',$item);
+                } elsif ($item ne ''  && exists($curr_groups{$item})) {
+                    $groupwarn = &mt('Default section name "[_1]" is the name of a course group. Section names and group names must be distinct.',$item);
+                } elsif ($item ne '') {
+                    push(@cleansec,$item);
+                }
+            }
+            if ($defaultwarn) {
+                $r->print($defaultwarn.'<br />');
+            }
+            if ($groupwarn) {
+                $r->print($groupwarn.'<br />');
+            }
         }
         my (%curr_rules,%got_rules,%alerts);
+        my %customroles = &my_custom_roles();
+        my ($custom_ok,@permitted_roles) =
+            &roles_on_upload($context,%customroles);
         # Get new users list
-        foreach (@userdata) {
-            my %entries=&Apache::loncommon::record_sep($_);
+        foreach my $line (@userdata) {
+            my %entries=&Apache::loncommon::record_sep($line);
             # Determine user name
             unless (($entries{$fields{'username'}} eq '') ||
                     (!defined($entries{$fields{'username'}}))) {
@@ -3037,30 +3410,43 @@ sub upfile_drop_add {
       &mt('<b>[_1]</b>: Unacceptable username for user [_2] [_3] [_4] [_5]',
           $entries{$fields{'username'}},$fname,$mname,$lname,$gen).
                               '</b>');
+                    next;
                 } else {
                     my $username = $entries{$fields{'username'}};
-                    my $sec;
-                    if ($context eq 'course' || $setting eq 'course') {
-                        # determine section number
-                        if (defined($fields{'sec'})) {
-                            if (defined($entries{$fields{'sec'}})) {
-                                $sec=$entries{$fields{'sec'}};
+                    if (defined($fields{'sec'})) {
+                        if (defined($entries{$fields{'sec'}})) {
+                            my $item = $entries{$fields{'sec'}};
+                            $item =~ s/(\s+$|^\s+)//g;
+                            if ($item eq "none" || $item eq 'all') {
+                                $r->print('<br />'.&mt('<b>[_1]</b>: Unable to enroll user [_2] [_3] [_4] [_5] in a section named "[_6]" - this is a reserved word.',$username,$fname,$mname,$lname,$gen,$item));
+                                next;
+                            } elsif (exists($curr_groups{$item})) {
+                                $r->print('<br />'.&mt('<b>[_1]</b>: Unable to enroll user [_2] [_3] [_4] [_5] in a section named "[_6]" - this is a course group.',$username,$fname,$mname,$lname,$gen,$item).' '.&mt('Section names and group names must be distinct.'));
+                                next;
+                            } else {
+                                push(@secs,$item);
                             }
-                        } else {
-                            $sec = $defaultsec;
                         }
-                        # remove non alphanumeric values from section
-                        $sec =~ s/\W//g;
-                        if ($sec eq "none" || $sec eq 'all') {
-                            $r->print('<br />'.
-      &mt('<b>[_1]</b>: Unable to enroll: section name "[_2]" for user [_3] [_4] [_5] [_6] is a reserved word.',
-                                      $username,$sec,$fname,$mname,$lname,$gen));
-                            next;
-                        } elsif (($sec ne '') && (exists($curr_groups{$sec}))) {
-                            $r->print('<br />'.
-      &mt('<b>[_1]</b>: Unable to enroll: section name "[_2]" for user [_3] [_4] [_5] [_6] is a course group. Section names and group names must be distinct.',
-                                      $username,$sec,$fname,$mname,$lname,$gen));
-                            next;
+                    }
+                    if ($env{'request.course.sec'} ne '') {
+                        @secs = ($env{'request.course.sec'});
+                        if (ref($userlist{$username.':'.$domain}) eq 'ARRAY') {
+                            my $currsec = $userlist{$username.':'.$domain}[$secidx];
+                            if ($currsec ne $env{'request.course.sec'}) {
+                                $r->print('<br />'.&mt('<b>[_1]</b>: Unable to enroll user [_2] [_3] [_4] [_5] in a section named "[_6]".',$username,$fname,$mname,$lname,$gen,$secs[0]).'<br />');
+                                if ($currsec eq '') {
+                                    $r->print(&mt('This user already has an active/future student role in the course, unaffiliated to any section.'));
+
+                                } else {
+                                    $r->print(&mt('This user already has an active/future role in section "[_1]" of the course.',$currsec));
+                                }
+                                $r->print('<br />'.&mt('Although your current role has privileges to add students to section "[_1]", you do not have privileges to modify existing enrollments in other sections.',$secs[0]).'<br />');
+                                next;
+                            }
+                        }
+                    } elsif ($context eq 'course' || $setting eq 'course') {
+                        if (@secs == 0) {
+                            @secs = @cleansec;
                         }
                     }
                     # determine id number
@@ -3089,12 +3475,17 @@ sub upfile_drop_add {
                     my $role = '';
                     if (defined($fields{'role'})) {
                         if ($entries{$fields{'role'}}) {
-                            my @poss_roles = 
-                                 &curr_role_permissions($context,$setting);
-                            if (grep(/^\Q$entries{$fields{'role'}}\E/,@poss_roles)) {
+                            if (grep(/^\Q$entries{$fields{'role'}}\E$/,@permitted_roles)) {
                                 $role=$entries{$fields{'role'}};
-                            } else {
-                                my $rolestr = join(', ',@poss_roles);
+                                $role =~ s/(\s+$|^\s+)//g;
+                            }
+                            if ($custom_ok) {
+                                if ($customroles{$role}) {
+                                    $role = 'cr_'.$env{'user.domain'}.'_'.$env{'user.name'}.'_'.$entries{$fields{'role'}};
+                                }
+                            }
+                            if ($role eq '') {
+                                my $rolestr = join(', ',@permitted_roles);
                                 $r->print('<br />'.
       &mt('<b>[_1]</b>: You do not have permission to add the requested role [_2] for the user.',$entries{$fields{'username'}},$entries{$fields{'role'}}).'<br />'.&mt('Allowable role(s) is/are: [_1].',$rolestr)."\n");
                                 next;
@@ -3106,7 +3497,7 @@ sub upfile_drop_add {
                     }
                     # Clean up whitespace
                     foreach (\$domain,\$username,\$id,\$fname,\$mname,
-                             \$lname,\$gen,\$sec,\$role) {
+                             \$lname,\$gen) {
                         $$_ =~ s/(\s+$|^\s+)//g;
                     }
                     # check against rules
@@ -3129,7 +3520,35 @@ sub upfile_drop_add {
                             }
                         }
                     } else {
-# FIXME check if user info can be updated.   
+                        if ($context eq 'course' || $context eq 'author') {
+                            if ($role eq '') {
+                                my @checkroles;
+                                foreach my $role (@poss_roles) {
+                                    my $endkey;
+                                    if ($role ne 'st') {
+                                        $endkey = ':'.$role;
+                                    }
+                                    if (exists($userlist{$username.':'.$domain.$endkey})) {
+                                        if (!grep(/^\Q$role\E$/,@checkroles)) {
+                                            push(@checkroles,$role);
+                                        }
+                                    }
+                                }
+                                if (@checkroles > 0) {
+                                    %canmodify = &can_modify_userinfo($context,$domain,\@userinfo,\@checkroles);
+                                }
+                            } elsif (ref($modifiable_fields{$role}) eq 'HASH') {
+                                %canmodify = %{$modifiable_fields{$role}};
+                            }
+                        }
+                        my @newinfo = (\$fname,\$mname,\$lname,\$gen,\$email,\$id);
+                        for (my $i=0; $i<@userinfo; $i++) {
+                            if (${$newinfo[$i]} ne '') {
+                                if (!$canmodify{$userinfo[$i]}) {
+                                    ${$newinfo[$i]} = '';
+                                }
+                            }
+                        }
                     }
                     if ($id ne '') {
                         if (!$newuser) {
@@ -3154,29 +3573,73 @@ sub upfile_drop_add {
                         }
                     }
                     if ($password || $env{'form.login'} eq 'loc') {
-                        my ($userresult,$authresult,$roleresult);
+                        my $multiple = 0;
+                        my ($userresult,$authresult,$roleresult,$idresult);
+                        my (%userres,%authres,%roleres,%idres);
                         if ($role eq 'st') {
-                            &modifystudent($domain,$username,$cid,$sec,
-                                           $desiredhost);
-                            $roleresult = 
-                                &Apache::lonnet::modifystudent
-                                    ($domain,$username,$id,$amode,$password,
-                                     $fname,$mname,$lname,$gen,$sec,$enddate,
-                                     $startdate,$env{'form.forceid'},
-                                     $desiredhost,$email);
+                            my $sec;
+                            if ($cid) {
+                                if (@secs > 0) {
+                                    $sec = $secs[0];
+                                }
+                                &modifystudent($domain,$username,$cid,$sec,
+                                               $desiredhost);
+                                $roleresult =
+                                    &Apache::lonnet::modifystudent
+                                        ($domain,$username,$id,$amode,$password,
+                                         $fname,$mname,$lname,$gen,$sec,$enddate,
+                                         $startdate,$env{'form.forceid'},
+                                         $desiredhost,$email,'manual','',$cid);
+                                $userresult = $roleresult;
+                            }
+                        } else {
+                            if (($context eq 'course') || 
+                                (grep(/^\Q$role\E$/,@courseroles))) {
+                                if (!$cid) {
+                                    next;
+                                }
+                            }
+                            my $singlesec;
+                            if ((grep(/^\Q$role\E$/,@courseroles)) && ($role ne 'cc')) {
+                                if (@secs > 1) {
+                                    $multiple = 1;
+                                    foreach my $sec (@secs) {
+                                        ($userres{$sec},$authres{$sec},$roleres{$sec},$idres{$sec}) =
+                                            &modifyuserrole($context,$setting,
+                                                $changeauth,$cid,$domain,$username,
+                                                $id,$amode,$password,$fname,
+                                                $mname,$lname,$gen,$sec,
+                                                $env{'form.forceid'},$desiredhost,
+                                                $email,$role,$enddate,$startdate,$checkid);
+                                    }
+                                } elsif (@secs > 0) {
+                                    $singlesec = $secs[0];
+                                }
+                            }
+                            if (!$multiple) {
+                                ($userresult,$authresult,$roleresult,$idresult) = 
+                                    &modifyuserrole($context,$setting,
+                                        $changeauth,$cid,$domain,$username, 
+                                        $id,$amode,$password,$fname,
+                                        $mname,$lname,$gen,$singlesec,
+                                        $env{'form.forceid'},$desiredhost,
+                                        $email,$role,$enddate,$startdate,$checkid);
+                            }
+                        }
+                        if ($multiple) {
+                            foreach my $sec (sort(keys(%userres))) {
+                               $flushc =
+                                &user_change_result($r,$userres{$sec},$authres{$sec},
+                                                    $roleres{$sec},$idres{$sec},\%counts,$flushc,
+                                                    $username,\%userchg);
+
+                            }
                         } else {
-                            ($userresult,$authresult,$roleresult) = 
-                                &modifyuserrole($context,$setting,
-                                    $changeauth,$cid,$domain,$username, 
-                                    $id,$amode,$password,$fname,
-                                    $mname,$lname,$gen,$sec,
-                                    $env{'form.forceid'},$desiredhost,
-                                    $email,$role,$enddate,$startdate,$checkid);
+                            $flushc = 
+                                &user_change_result($r,$userresult,$authresult,
+                                                    $roleresult,$idresult,\%counts,$flushc,
+                                                    $username,\%userchg);
                         }
-                        $flushc = 
-                            &user_change_result($r,$userresult,$authresult,
-                                                $roleresult,\%counts,$flushc,
-                                                $username,%userchg);
                     } else {
                         if ($context eq 'course') {
                             $r->print('<br />'. 
@@ -3197,11 +3660,13 @@ sub upfile_drop_add {
         } # end of foreach (@userdata)
         # Flush the course logs so reverse user roles immediately updated
         &Apache::lonnet::flushcourselogs();
-        $r->print("</p>\n<p>\n".&mt('Processed [_1] user(s).',$counts{'user'}).
+        $r->print("</p>\n<p>\n".&mt('Processed [quant,_1,user].',$counts{'user'}).
                   "</p>\n");
         if ($counts{'role'} > 0) {
             $r->print("<p>\n".
-                      &mt('Roles added for [_1] users. If user is active, the new role will be available when the user next logs in to LON-CAPA.',$counts{'role'})."</p>\n");
+                      &mt('Roles added for [quant,_1,user].',$counts{'role'}).' '.&mt('If a user is currently logged-in to LON-CAPA, any new roles which are active will be available when the user next logs in.')."</p>\n");
+        } else {
+            $r->print('<p>'.&mt('No roles added').'</p>');
         }
         if ($counts{'auth'} > 0) {
             $r->print("<p>\n".
@@ -3209,23 +3674,22 @@ sub upfile_drop_add {
                           $counts{'auth'})."</p>\n");
         }
         $r->print(&print_namespacing_alerts($domain,\%alerts,\%curr_rules));
-        $r->print('<form name="uploadresult" action="/adm/createuser">');
-        $r->print(&Apache::lonhtmlcommon::echo_form_input(['phase','prevphase','currstate']));
-        $r->print('</form>');
         #####################################
-        #           Drop students           #
+        # Display list of students to drop  #
         #####################################
         if ($env{'form.fullup'} eq 'yes') {
-            $r->print('<h3>'.&mt('Dropping Students')."</h3>\n");
+            $r->print('<h3>'.&mt('Students to Drop')."</h3>\n");
             #  Get current classlist
-            my ($classlist,$keylist)=&Apache::loncoursedata::get_classlist();
+            my $classlist = &Apache::loncoursedata::get_classlist();
             if (! defined($classlist)) {
-                $r->print(&mt('There are no students currently enrolled.').
-                          "\n");
+                $r->print('<form name="studentform" method="post" action="/adm/createuser" />'.
+                          '<input type="hidden" name="action" value="'.$env{'form.action'}.'" />'.
+                          &mt('There are no students with current/future access to the course.').
+                          '</form>'."\n");
             } else {
                 # Remove the students we just added from the list of students.
-                foreach (@userdata) {
-                    my %entries=&Apache::loncommon::record_sep($_);
+                foreach my $line (@userdata) {
+                    my %entries=&Apache::loncommon::record_sep($line);
                     unless (($entries{$fields{'username'}} eq '') ||
                             (!defined($entries{$fields{'username'}}))) {
                         delete($classlist->{$entries{$fields{'username'}}.
@@ -3233,10 +3697,13 @@ sub upfile_drop_add {
                     }
                 }
                 # Print out list of dropped students.
-                &show_drop_list($r,$classlist,$keylist,'nosort');
+                &show_drop_list($r,$classlist,'nosort',$permission);
             }
         }
     } # end of unless
+    if ($env{'form.fullup'} ne 'yes') {
+        $r->print('</form>');
+    }
 }
 
 sub print_namespacing_alerts {
@@ -3280,8 +3747,8 @@ sub print_namespacing_alerts {
 }
 
 sub user_change_result {
-    my ($r,$userresult,$authresult,$roleresult,$counts,$flushc,$username,
-        $userchg) = @_;
+    my ($r,$userresult,$authresult,$roleresult,$idresult,$counts,$flushc,
+        $username,$userchg) = @_;
     my $okresult = 0;
     if ($userresult ne 'ok') {
         if ($userresult =~ /^error:(.+)$/) {
@@ -3322,6 +3789,9 @@ sub user_change_result {
             $flushc=0;
         }
     }
+    if ($idresult) {
+        $r->print($idresult);
+    }
     return $flushc;
 }
 
@@ -3330,14 +3800,12 @@ sub print_drop_menu {
     my ($r,$context,$permission) = @_;
     $r->print('<h3>'.&mt("Drop Students").'</h3>'."\n".
               '<form name="studentform" method="post">'."\n");
-    my $cid=$env{'request.course.id'};
-    my ($classlist,$keylist) = &Apache::loncoursedata::get_classlist();
+    my $classlist = &Apache::loncoursedata::get_classlist();
     if (! defined($classlist)) {
         $r->print(&mt('There are no students currently enrolled.')."\n");
-        return;
+    } else {
+        &show_drop_list($r,$classlist,'nosort',$permission);
     }
-    # Print out the available choices
-    &show_drop_list($r,$classlist,$keylist,$permission);
     $r->print('</form>'. &Apache::loncommon::end_page());
     return;
 }
@@ -3349,10 +3817,10 @@ sub update_user_list {
     my $now = time;
     my $count=0;
     my @changelist;
-    if ($choice ne '') {
-        @changelist = &Apache::loncommon::get_env_multiple('form.actionlist');
-    } else {
+    if ($choice eq 'drop') {
         @changelist = &Apache::loncommon::get_env_multiple('form.droplist');
+    } else {
+        @changelist = &Apache::loncommon::get_env_multiple('form.actionlist');
     }
     my %result_text = ( ok    => { 'revoke'   => 'Revoked',
                                    'delete'   => 'Deleted',
@@ -3419,7 +3887,6 @@ sub update_user_list {
             }
         }
         my $plrole = &Apache::lonnet::plaintext($role);
-        my ($uid,$first,$middle,$last,$gene,$sec);
         my $start = $env{'form.'.$item.'_start'};
         my $end = $env{'form.'.$item.'_end'};
         if ($choice eq 'drop') {
@@ -3439,16 +3906,12 @@ sub update_user_list {
                     &Apache::lonnet::revokerole($udom,$uname,$scope,$role);
             }
         } elsif ($choice eq 'delete') {
-            $start = -1;
-            $end = -1;
             if ($role eq 'st') {
-# FIXME - how does role deletion affect classlist?
-                &Apache::lonnet::modify_student_enrollment($udom,$uname,undef,undef,undef,undef,undef,$sec,$end,$start,$type,$locktype,$cid);
-            } else {
-                $result =
-                    &Apache::lonnet::assignrole($udom,$uname,$scope,$role,$now,
-                                                0,1);
-             }
+                &Apache::lonnet::modify_student_enrollment($udom,$uname,undef,undef,undef,undef,undef,$sec,$now,$start,$type,$locktype,$cid);
+            }
+            $result =
+                &Apache::lonnet::assignrole($udom,$uname,$scope,$role,$now,
+                                            $start,1);
         } else {
             #reenable, activate, change access dates or change section
             if ($choice ne 'chgsec') {
@@ -3490,27 +3953,36 @@ sub update_user_list {
                             $nochg = 1;
                         }
                     } else {
-                        if (!grep(/^\Q$sec\E$/,@newsecs)) {
-                            $revresult =
-                               &Apache::lonnet::revokerole($udom,$uname,$scope,$role);
+                        if (@newsecs > 0) {
+                            if (grep(/^\Q$sec\E$/,@newsecs)) {
+                                push(@retained,$sec);
+                            } else {
+                                $revresult =
+                                    &Apache::lonnet::revokerole($udom,$uname,
+                                                                $scope,$role);
+                            }
                         } else {
-                            push(@retained,$sec);
+                            $revresult =
+                                &Apache::lonnet::revokerole($udom,$uname,
+                                                            $scope,$role);
                         }
                     }
                 } else {
-                    push(@retained,$sec);
+                    if ($sec eq '') {
+                        $nochg = 1;
+                    } else { 
+                        push(@retained,$sec);
+                    }
                 }
                 # add new sections
                 if (@newsecs == 0) {
                     if (!$nochg) {
-                        if ($sec ne '') {
-                            if ($role eq 'st') {
-                                $result = 
-                                    &Apache::lonnet::modify_student_enrollment($udom,$uname,undef,undef,undef,undef,undef,undef,$end,$start,$type,$locktype,$cid);
-                            } else {
-                                my $newscope = $scopestem;
-                                $result = &Apache::lonnet::assignrole($udom,$uname,$newscope,$role,$end,$start);
-                            }
+                        if ($role eq 'st') {
+                            $result = 
+                                &Apache::lonnet::modify_student_enrollment($udom,$uname,undef,undef,undef,undef,undef,undef,$end,$start,$type,$locktype,$cid);
+                        } else {
+                            my $newscope = $scopestem;
+                            $result = &Apache::lonnet::assignrole($udom,$uname,$newscope,$role,$end,$start);
                         }
                     }
                 } else {
@@ -3544,11 +4016,24 @@ sub update_user_list {
             $count++;
         } else {
             $r->print(
-                &mt("Error $result_text{'error'}{$choice} [_1] in [_2] for [_3]:[_4]",
+                &mt("Error $result_text{'error'}{$choice} [_1] in [_2] for [_3]: [_4].",
                     $plrole,$extent,$uname.':'.$udom,$result).'<br />');
         }
     }
-    $r->print('<p><b>'.&mt("$result_text{'ok'}{$choice} role(s) for [quant,_1,user,users,users].",$count).'</b></p>');
+    $r->print('<form name="studentform" method="post" action="/adm/createuser">'."\n");
+    if ($choice eq 'drop') {
+        $r->print('<input type="hidden" name="action" value="listusers" />'."\n".
+                  '<input type="hidden" name="Status" value="Active" />'."\n".
+                  '<input type="hidden" name="showrole" value="st" />'."\n");
+    } else {
+        foreach my $item ('action','sortby','roletype','showrole','Status','secfilter','grpfilter') {
+            if ($env{'form.'.$item} ne '') {
+                $r->print('<input type="hidden" name="'.$item.'" value="'.$env{'form.'.$item}.
+                          '" />'."\n");
+            }
+        }
+    }
+    $r->print('<p><b>'.&mt("$result_text{'ok'}{$choice} role(s) for [quant,_1,user,users,no users].",$count).'</b></p>');
     if ($count > 0) {
         if ($choice eq 'revoke' || $choice eq 'drop') {
             $r->print('<p>'.&mt('Re-enabling will re-activate data for the role.</p>'));
@@ -3558,23 +4043,25 @@ sub update_user_list {
     }
     if ($env{'form.makedatesdefault'}) {
         if ($choice eq 'chgdates' || $choice eq 'reenable' || $choice eq 'activate') {
-            $r->print(&make_dates_default($startdate,$enddate));
+            $r->print(&make_dates_default($startdate,$enddate,$context));
         }
     }
+    my $linktext = &mt('Display User Lists');
+    if ($choice eq 'drop') {
+        $linktext = &mt('Display current class roster');
+    }
+    $r->print('<a href="javascript:document.studentform.submit()">'.$linktext.'</a></form>'."\n");
 }
 
 sub classlist_drop {
-    my ($scope,$uname,$udom,$now,$action) = @_;
+    my ($scope,$uname,$udom,$now) = @_;
     my ($cdom,$cnum) = ($scope=~m{^/($match_domain)/($match_courseid)});
-    my $cid=$cdom.'_'.$cnum;
-    my $user = $uname.':'.$udom;
-    if ($action eq 'drop') {
+    if (&Apache::lonnet::is_course($cdom,$cnum)) {
+        my $user = $uname.':'.$udom;
         if (!&active_student_roles($cnum,$cdom,$uname,$udom)) {
             my $result =
                 &Apache::lonnet::cput('classlist',
-                                      { $user => $now },
-                                      $env{'course.'.$cid.'.domain'},
-                                      $env{'course.'.$cid.'.num'});
+                                      { $user => $now },$cdom,$cnum);
             return &mt('Drop from classlist: [_1]',
                        '<b>'.$result.'</b>').'<br />';
         }
@@ -3644,16 +4131,26 @@ sub course_sections {
     my ($sections_count,$role) = @_;
     my $output = '';
     my @sections = (sort {$a <=> $b} keys %{$sections_count});
-    if (scalar(@sections) == 1) {
+    my $numsec = scalar(@sections);
+    if ($numsec <= 1) {
         $output = '<select name="currsec_'.$role.'" >'."\n".
-                  '  <option value="">Select</option>'."\n".
-                  '  <option value="">No section</option>'."\n".
+                  '  <option value="">'.&mt('Select').'</option>'."\n".
+                  '  <option value="">'.&mt('No section').'</option>'."\n";
+        if ($numsec == 1) {
+            $output .=  
                   '  <option value="'.$sections[0].'" >'.$sections[0].'</option>'."\n";
+        }
     } else {
         $output = '<select name="currsec_'.$role.'" ';
         my $multiple = 4;
         if (scalar(@sections) < 4) { $multiple = scalar(@sections); }
-        $output .= 'multiple="multiple" size="'.$multiple.'">'."\n";
+        if ($role eq 'st') {
+            $output .= '>'."\n".
+                       '  <option value="">'.&mt('Select').'</option>'."\n".
+                       '  <option value="">'.&mt('No section')."</option>\n";
+        } else {
+            $output .= 'multiple="multiple" size="'.$multiple.'">'."\n";
+        }
         foreach my $sec (@sections) {
             $output .= '<option value="'.$sec.'">'.$sec."</option>\n";
         }
@@ -3673,16 +4170,27 @@ sub get_groupslist {
 }
 
 sub setsections_javascript {
-    my ($form,$groupslist) = @_;
-    my ($checkincluded,$finish,$roleplace,$setsection_js);
-    if ($form eq 'cu') {
+    my ($formname,$groupslist,$mode) = @_;
+    my ($checkincluded,$finish,$rolecode,$setsection_js);
+    if ($mode eq 'upload') {
+        $checkincluded = 'formname.name == "'.$formname.'"';
+        $finish = "return 'ok';";
+        $rolecode = "var role = formname.defaultrole.options[formname.defaultrole.selectedIndex].value;\n";
+    } elsif ($formname eq 'cu') {
         $checkincluded = 'formname.elements[i-1].checked == true';
         $finish = 'formname.submit()';
-        $roleplace = 3;
+        $rolecode = "var match = str.split('_');
+                var role = match[3];\n";
+    } elsif ($formname eq 'enrollstudent') {
+        $checkincluded = 'formname.name == "'.$formname.'"';
+        $finish = 'formname.submit()';
+        $rolecode = "var match = str.split('_');
+                var role = match[1];\n";
     } else {
-        $checkincluded = 'formname.name == "'.$form.'"'; 
+        $checkincluded = 'formname.name == "'.$formname.'"'; 
         $finish = "seccheck = 'ok';";
-        $roleplace = 1;
+        $rolecode = "var match = str.split('_');
+                var role = match[1];\n";
         $setsection_js = "var seccheck = 'alert';"; 
     }
     my %alerts = &Apache::lonlocal::texthash(
@@ -3707,8 +4215,7 @@ function setSections(formname) {
         var checkcurr = str.match(re1);
         if (checkcurr != null) {
             if ($checkincluded) {
-                var match = str.split('_');
-                var role = match[$roleplace];
+                $rolecode
                 if (role == 'cc') {
                     alert("$alerts{'secd'}\\n$alerts{'accr'}");
                 }
@@ -3783,6 +4290,9 @@ sub can_create_user {
     my ($dom,$context,$usertype) = @_;
     my %domconf = &Apache::lonnet::get_dom('configuration',['usercreation'],$dom);
     my $cancreate = 1;
+    if (&Apache::lonnet::allowed('mau',$dom)) {
+        return $cancreate;
+    }
     if (ref($domconf{'usercreation'}) eq 'HASH') {
         if (ref($domconf{'usercreation'}{'cancreate'}) eq 'HASH') {
             if ($context eq 'course' || $context eq 'author') {
@@ -3937,7 +4447,8 @@ sub get_permission {
     } else {
         my @allroles = &roles_by_context($context);
         foreach my $role (@allroles) {
-            if (&Apache::lonnet::allowed('c'.$role,$env{'request.role.domain'})) {                $permission{'cusr'} = 1;
+            if (&Apache::lonnet::allowed('c'.$role,$env{'request.role.domain'})) {
+                $permission{'cusr'} = 1;
                 last;
             }
         }
@@ -3966,6 +4477,27 @@ sub authorpriv {
          || (&Apache::lonnet::allowed('caa',$audom.'/'.$auname))) { return ''; }    return 1;
 }
 
+sub roles_on_upload {
+    my ($context,%customroles) = @_;
+    my (@possible_roles,@permitted_roles);
+    if ($context eq 'domain') {
+        @possible_roles = &curr_role_permissions($context,undef,1);
+        push(@possible_roles,&curr_role_permissions($context,'course',1));
+    } else {
+        @possible_roles = &curr_role_permissions($context,undef,1);
+    }
+    my $custom_ok = 0;
+    foreach my $role (@possible_roles) {
+        if ($role eq 'cr') {
+            $custom_ok = 1;
+            push(@permitted_roles,keys(%customroles));
+        } else {
+            push(@permitted_roles,$role);
+        }
+    }
+    return ($custom_ok,@permitted_roles);
+}
+
 sub get_course_identity {
     my ($cid) = @_;
     my ($cnum,$cdom,$cdesc);
@@ -4125,6 +4657,5 @@ sub sectioncheck_alerts {
     return %alerts;
 }
 
-
 1;