--- loncom/interface/lonuserutils.pm	2010/08/04 16:50:29	1.121
+++ loncom/interface/lonuserutils.pm	2010/09/20 00:51:15	1.126
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Utility functions for managing LON-CAPA user accounts
 #
-# $Id: lonuserutils.pm,v 1.121 2010/08/04 16:50:29 raeburn Exp $
+# $Id: lonuserutils.pm,v 1.126 2010/09/20 00:51:15 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -295,7 +295,8 @@ sub hidden_input {
 }
 
 sub print_upload_manager_header {
-    my ($r,$datatoken,$distotal,$krbdefdom,$context,$permission,$crstype)=@_;
+    my ($r,$datatoken,$distotal,$krbdefdom,$context,$permission,$crstype,
+        $can_assign)=@_;
     my $javascript;
     #
     if (! exists($env{'form.upfile_associate'})) {
@@ -309,9 +310,9 @@ sub print_upload_manager_header {
         }
     }
     if ($env{'form.upfile_associate'} eq 'reverse') {
-        $javascript=&upload_manager_javascript_reverse_associate();
+        $javascript=&upload_manager_javascript_reverse_associate($can_assign);
     } else {
-        $javascript=&upload_manager_javascript_forward_associate();
+        $javascript=&upload_manager_javascript_forward_associate($can_assign);
     }
     #
     # Deal with restored settings
@@ -585,6 +586,31 @@ END
 ###############################################################
 ###############################################################
 sub upload_manager_javascript_forward_associate {
+    my ($can_assign) = @_;
+    my $auth_update;
+    if (ref($can_assign) eq 'HASH') {
+        if (keys(%{$can_assign}) > 1) {
+            $auth_update = <<"END";
+   // If we set the password, make the password form below correspond to
+   // the new value.
+   if (nw==9) {
+      changed_radio('int',document.studentform);
+      set_auth_radio_buttons('int',document.studentform);
+END
+        }
+        if ($can_assign->{'krb4'} || $can_assign->{'krb5'}) {
+           $auth_update .= "      vf.krbarg.value='';\n";
+        }
+        if ($can_assign->{'int'}) {
+           $auth_update .= "      vf.intarg.value='';\n";
+        }
+        if ($can_assign->{'loc'}) {
+           $auth_update .= "      vf.locarg.value='';\n";
+        }
+        $auth_update .= "
+   }\n";
+    }
+
     return(<<ENDPICK);
 function verify(vf,sec_caller) {
     var founduname=0;
@@ -661,15 +687,7 @@ function flip(vf,tf) {
          }
       }
    }
-   // If we set the password, make the password form below correspond to
-   // the new value.
-   if (nw==9) {
-       changed_radio('int',document.studentform);
-       set_auth_radio_buttons('int',document.studentform);
-       vf.intarg.value='';
-       vf.krbarg.value='';
-       vf.locarg.value='';
-   }
+   $auth_update
 }
 
 function clearpwd(vf) {
@@ -687,6 +705,29 @@ ENDPICK
 ###############################################################
 ###############################################################
 sub upload_manager_javascript_reverse_associate {
+    my ($can_assign) = @_;
+    my $auth_update; 
+    if (ref($can_assign) eq 'HASH') {
+        if (keys(%{$can_assign}) > 1) {
+            $auth_update = <<"END";
+   // initial password specified, pick internal authentication
+   if (tf==8 && nw!=0) {
+      changed_radio('int',document.studentform);
+      set_auth_radio_buttons('int',document.studentform);
+END
+        }
+        if ($can_assign->{'krb'}) {      
+           $auth_update .= "      vf.krbarg.value='';\n";
+        }
+        if ($can_assign->{'int'}) {
+           $auth_update .= "      vf.intarg.value='';\n";
+        }
+        if ($can_assign->{'loc'}) {
+           $auth_update .= "      vf.locarg.value='';\n";
+        }
+        $auth_update .= "
+   }\n";
+    }
     return(<<ENDPICK);
 function verify(vf,sec_caller) {
     var founduname=0;
@@ -726,14 +767,7 @@ function flip(vf,tf) {
    if ((tf>=2) && (tf<=5) && (nw!=0)) {
       eval('vf.f1.selectedIndex=0;')
    }
-   // intial password specified, pick internal authentication
-   if (tf==8 && nw!=0) {
-       changed_radio('int',document.studentform);
-       set_auth_radio_buttons('int',document.studentform);
-       vf.krbarg.value='';
-       vf.intarg.value='';
-       vf.locarg.value='';
-   }
+   $auth_update
 }
 
 function clearpwd(vf) {
@@ -978,8 +1012,9 @@ sub print_upload_manager_form {
     my ($krbdef,$krbdefdom) =
         &Apache::loncommon::get_kerberos_defaults($defdom);
     #
+    my ($authnum,%can_assign) =  &Apache::loncommon::get_assignable_auth($defdom);
     &print_upload_manager_header($r,$datatoken,$distotal,$krbdefdom,$context,
-                                 $permission,$crstype);
+                                 $permission,$crstype,\%can_assign);
     my $i;
     my $keyfields;
     if ($total>=0) {
@@ -3922,10 +3957,15 @@ sub upfile_drop_add {
                 $r->print($groupwarn.'<br />');
             }
         }
-        my (%curr_rules,%got_rules,%alerts);
+        my (%curr_rules,%got_rules,%alerts,%cancreate);
         my %customroles = &my_custom_roles($crstype);
         my @permitted_roles = 
-            &roles_on_upload($context,$setting,$crstype,%customroles); 
+            &roles_on_upload($context,$setting,$crstype,%customroles);
+        my %longtypes = &Apache::lonlocal::texthash(
+                            official   => 'Institutional',
+                            unofficial => 'Non-institutional',
+                        );
+        map { $cancreate{$_} = &can_create_user($domain,$context,$_); } keys(%longtypes);
         # Get new users list
         foreach my $line (@userdata) {
             my @secs;
@@ -4071,9 +4111,16 @@ sub upfile_drop_add {
                     my (%rulematch,%inst_results,%idinst_results);
                     my $uhome=&Apache::lonnet::homeserver($username,$userdomain);
                     if ($uhome eq 'no_host') {
-                        next if ($userdomain ne $domain);
+                        if ($userdomain ne $domain) {
+                            $r->print('<br />'.
+                                &mt('[_1]: The domain specified ([_2]) is different to that of the course.',
+                                    '<b>'.$username.'</b>',$userdomain).'<br />'.
+                                &mt('The user does not already exist, and you may not create a new user in a different domain.'));
+                            next;
+                        }
                         $checkid = 1;
                         $newuser = 1;
+                        my $user = $username.':'.$domain;
                         my $checkhash;
                         my $checks = { 'username' => 1 };
                         $checkhash->{$username.':'.$domain} = { 'newuser' => 1, };
@@ -4082,9 +4129,26 @@ sub upfile_drop_add {
                             \%got_rules);
                         if (ref($alerts{'username'}) eq 'HASH') {
                             if (ref($alerts{'username'}{$domain}) eq 'HASH') {
-                                next if ($alerts{'username'}{$domain}{$username});
+                                if ($alerts{'username'}{$domain}{$username}) {
+                                    $r->print('<br />'.
+                                              &mt('[_1]: matches the username format at your institution, but is not known to your directory service.','<b>'.$username.'</b>').'<br />'.
+                                              &mt('Consequently, the user was not created.'));
+                                    next;
+                                }
+                            }
+                        }
+                        my $usertype = 'unofficial';
+                        if (ref($rulematch{$user}) eq 'HASH') {
+                            if ($rulematch{$user}{'username'}) {
+                                $usertype = 'official';
                             }
                         }
+                        unless ($cancreate{$usertype}) {
+                            my $showtype = $longtypes{$usertype};
+                            $r->print('<br />'.
+                                      &mt("[_1]: The user does not exist, and you are not permitted to create users of type: $showtype.",'<b>'.$username.'</b>'));
+                            next;
+                        }
                     } else {
                         if ($context eq 'course' || $context eq 'author') {
                             if ($userdomain eq $domain ) {
@@ -4135,7 +4199,12 @@ sub upfile_drop_add {
                                 \%got_rules);
                             if (ref($alerts{'id'}) eq 'HASH') {
                                 if (ref($alerts{'id'}{$userdomain}) eq 'HASH') {
-                                    next if ($alerts{'id'}{$userdomain}{$id});
+                                    if ($alerts{'id'}{$userdomain}{$id}) {
+                                        $r->print(&mt('[_1]: has a student/employee ID matching the format at your institution, but the ID is found by your directory service.',
+                                                  '<b>'.$username.'</b>').'<br />'.
+                                                  &mt('Consequently, the user was not created.'));
+                                        next;
+                                    }
                                 }
                             }
                         }
@@ -4230,7 +4299,7 @@ sub upfile_drop_add {
             }
         } # end of foreach (@userdata)
         # Flush the course logs so reverse user roles immediately updated
-        &Apache::lonnet::flushcourselogs();
+        $r->register_cleanup(\&Apache::lonnet::flushcourselogs);
         $r->print("</p>\n<p>\n".&mt('Processed [quant,_1,user].',$counts{'user'}).
                   "</p>\n");
         if ($counts{'role'} > 0) {
@@ -4722,7 +4791,7 @@ sub update_user_list {
             $r->print('<p>'.&mt('Re-enabling will re-activate data for the role.').'</p>');
         }
         # Flush the course logs so reverse user roles immediately updated
-        &Apache::lonnet::flushcourselogs();
+        $r->register_cleanup(\&Apache::lonnet::flushcourselogs);
     }
     if ($env{'form.makedatesdefault'}) {
         if ($choice eq 'chgdates' || $choice eq 'reenable' || $choice eq 'activate') {
@@ -4937,7 +5006,7 @@ sub setsections_javascript {
                     accr => 'A course coordinator role will be added with access to all sections.',
                     acor => 'A coordinator role will be added with access to all sections',
                     inea => 'In each course, each user may only have one student role at a time.',
-                    inec => 'In each community, each user may only have one member role at a time.',
+                    inco => 'In each community, each user may only have one member role at a time.',
                     youh => 'You had selected ',
                     secs => 'sections.',
                     plmo => 'Please modify your selections so they include no more than one section.',