--- loncom/interface/lonuserutils.pm	2010/11/13 01:29:34	1.97.2.20
+++ loncom/interface/lonuserutils.pm	2010/11/15 18:50:37	1.97.2.25
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Utility functions for managing LON-CAPA user accounts
 #
-# $Id: lonuserutils.pm,v 1.97.2.20 2010/11/13 01:29:34 raeburn Exp $
+# $Id: lonuserutils.pm,v 1.97.2.25 2010/11/15 18:50:37 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -296,7 +296,8 @@ sub hidden_input {
 }
 
 sub print_upload_manager_header {
-    my ($r,$datatoken,$distotal,$krbdefdom,$context,$permission,$crstype)=@_;
+    my ($r,$datatoken,$distotal,$krbdefdom,$context,$permission,$crstype,
+        $can_assign)=@_;
     my $javascript;
     #
     if (! exists($env{'form.upfile_associate'})) {
@@ -310,9 +311,9 @@ sub print_upload_manager_header {
         }
     }
     if ($env{'form.upfile_associate'} eq 'reverse') {
-        $javascript=&upload_manager_javascript_reverse_associate();
+        $javascript=&upload_manager_javascript_reverse_associate($can_assign);
     } else {
-        $javascript=&upload_manager_javascript_forward_associate();
+        $javascript=&upload_manager_javascript_forward_associate($can_assign);
     }
     #
     # Deal with restored settings
@@ -533,6 +534,7 @@ END
         if (message!='') {
             message+='\\n';
         }
+        message+='$alert{'section'}';
     }
     if (foundemail==0) {
         if (message!='') {
@@ -586,6 +588,46 @@ END
 ###############################################################
 ###############################################################
 sub upload_manager_javascript_forward_associate {
+    my ($can_assign) = @_;
+    my ($auth_update,$numbuttons,$argreset);
+    if (ref($can_assign) eq 'HASH') {
+        if ($can_assign->{'krb4'} || $can_assign->{'krb5'}) {
+            $argreset .= "      vf.krbarg.value='';\n";
+            $numbuttons ++ ;
+        }
+        if ($can_assign->{'int'}) {
+            $argreset .= "      vf.intarg.value='';\n";
+            $numbuttons ++;
+        }
+        if ($can_assign->{'loc'}) {
+            $argreset .= "      vf.locarg.value='';\n";
+            $numbuttons ++;
+        }
+        if (!$can_assign->{'int'}) {
+            my $warning = &mt('You may not specify an initial password for each user, as this is only available when new users use LON-CAPA internal authentication.\n').
+                          &mt('Your current role does not have rights to create users with that authentication type.');
+            $auth_update = <<"END";
+   // Currently the initial password field is only supported for internal auth
+   // (see bug 6368).
+   if (nw==9) {
+       eval('vf.f'+tf+'.selectedIndex=0;')
+       alert('$warning');
+   }
+END
+        } elsif ($numbuttons > 1) {
+            $auth_update = <<"END";
+   // If we set the password, make the password form below correspond to
+   // the new value.
+   if (nw==9) {
+      changed_radio('int',document.studentform);
+      set_auth_radio_buttons('int',document.studentform);
+$argreset
+   }
+
+END
+        }
+    }
+
     return(<<ENDPICK);
 function verify(vf,sec_caller) {
     var founduname=0;
@@ -662,15 +704,7 @@ function flip(vf,tf) {
          }
       }
    }
-   // If we set the password, make the password form below correspond to
-   // the new value.
-   if (nw==9) {
-       changed_radio('int',document.studentform);
-       set_auth_radio_buttons('int',document.studentform);
-       vf.intarg.value='';
-       vf.krbarg.value='';
-       vf.locarg.value='';
-   }
+   $auth_update
 }
 
 function clearpwd(vf) {
@@ -688,6 +722,45 @@ ENDPICK
 ###############################################################
 ###############################################################
 sub upload_manager_javascript_reverse_associate {
+    my ($can_assign) = @_;
+    my ($auth_update,$numbuttons,$argreset);
+    if (ref($can_assign) eq 'HASH') {
+        if ($can_assign->{'krb4'} || $can_assign->{'krb5'}) {
+            $argreset .= "      vf.krbarg.value='';\n";
+            $numbuttons ++ ;
+        }
+        if ($can_assign->{'int'}) {
+            $argreset .= "      vf.intarg.value='';\n";
+            $numbuttons ++;
+        }
+        if ($can_assign->{'loc'}) {
+            $argreset .= "      vf.locarg.value='';\n";
+            $numbuttons ++;
+        }
+        if (!$can_assign->{'int'}) {
+            my $warning = &mt('You may not specify an initial password, as this is only available when new users use LON-CAPA internal authentication.\n').
+                          &mt('Your current role does not have rights to create users with that authentication type.');
+            $auth_update = <<"END";
+   // Currently the initial password field is only supported for internal auth
+   // (see bug 6368).
+   if (tf==8 && nw!=0) {
+       eval('vf.f'+tf+'.selectedIndex=0;')
+       alert('$warning');
+   }
+END
+        } elsif ($numbuttons > 1) {
+            $auth_update = <<"END";
+   // initial password specified, pick internal authentication
+   if (tf==8 && nw!=0) {
+      changed_radio('int',document.studentform);
+      set_auth_radio_buttons('int',document.studentform);
+$argreset
+   }
+
+END
+        }
+    }
+
     return(<<ENDPICK);
 function verify(vf,sec_caller) {
     var founduname=0;
@@ -695,6 +768,7 @@ function verify(vf,sec_caller) {
     var foundname=0;
     var foundid=0;
     var foundsec=0;
+    var foundemail=0;
     var foundrole=0;
     var founddomain=0;
     var foundinststatus=0;
@@ -706,11 +780,12 @@ function verify(vf,sec_caller) {
         if (i==6 && tw!=0) { foundid=1; }
         if (i==7 && tw!=0) { foundsec=1; }
         if (i==8 && tw!=0) { foundpwd=1; }
-        if (i==9 && tw!=0) { foundrole=1; }
-        if (i==10 && tw!=0) { founddomain=1; }
-        if (i==13 && tw!=0) { foundinstatus=1; }
+        if (i==9 && tw!=0) { foundemail=1; }
+        if (i==10 && tw!=0) { foundrole=1; }
+        if (i==11 && tw!=0) { founddomain=1; }
+        if (i==12 && tw!=0) { foundinstatus=1; }
     }
-    verify_message(vf,founduname,foundpwd,foundname,foundid,foundsec,foundrole,founddomain,foundinststatus);
+    verify_message(vf,founduname,foundpwd,foundname,foundid,foundsec,foundemail,foundrole,founddomain,foundinststatus);
 }
 
 function flip(vf,tf) {
@@ -727,14 +802,7 @@ function flip(vf,tf) {
    if ((tf>=2) && (tf<=5) && (nw!=0)) {
       eval('vf.f1.selectedIndex=0;')
    }
-   // intial password specified, pick internal authentication
-   if (tf==8 && nw!=0) {
-       changed_radio('int',document.studentform);
-       set_auth_radio_buttons('int',document.studentform);
-       vf.krbarg.value='';
-       vf.intarg.value='';
-       vf.locarg.value='';
-   }
+   $auth_update
 }
 
 function clearpwd(vf) {
@@ -979,8 +1047,9 @@ sub print_upload_manager_form {
     my ($krbdef,$krbdefdom) =
         &Apache::loncommon::get_kerberos_defaults($defdom);
     #
+    my ($authnum,%can_assign) =  &Apache::loncommon::get_assignable_auth($defdom);
     &print_upload_manager_header($r,$datatoken,$distotal,$krbdefdom,$context,
-                                 $permission,$crstype);
+                                 $permission,$crstype,\%can_assign);
     my $i;
     my $keyfields;
     if ($total>=0) {
@@ -3915,10 +3984,15 @@ sub upfile_drop_add {
                 $r->print($groupwarn.'<br />');
             }
         }
-        my (%curr_rules,%got_rules,%alerts);
+        my (%curr_rules,%got_rules,%alerts,%cancreate);
         my %customroles = &my_custom_roles($crstype);
         my @permitted_roles = 
             &roles_on_upload($context,$setting,$crstype,%customroles); 
+        my %longtypes = &Apache::lonlocal::texthash(
+                            official   => 'Institutional',
+                            unofficial => 'Non-institutional',
+                        );
+        map { $cancreate{$_} = &can_create_user($domain,$context,$_); } keys(%longtypes);
         # Get new users list
         foreach my $line (@userdata) {
             my @secs;
@@ -4072,9 +4146,16 @@ sub upfile_drop_add {
                     my (%rulematch,%inst_results,%idinst_results);
                     my $uhome=&Apache::lonnet::homeserver($username,$userdomain);
                     if ($uhome eq 'no_host') {
-                        next if ($userdomain ne $domain);
+                        if ($userdomain ne $domain) {
+                            $r->print('<br />'.
+                                &mt('[_1]: The domain specified ([_2]) is different to that of the course.',
+                                    '<b>'.$username.'</b>',$userdomain).'<br />'.
+                                &mt('The user does not already exist, and you may not create a new user in a different domain.'));
+                            next;
+                        }
                         $checkid = 1;
                         $newuser = 1;
+                        my $user = $username.':'.$domain;
                         my $checkhash;
                         my $checks = { 'username' => 1 };
                         $checkhash->{$username.':'.$domain} = { 'newuser' => 1, };
@@ -4083,9 +4164,26 @@ sub upfile_drop_add {
                             \%got_rules);
                         if (ref($alerts{'username'}) eq 'HASH') {
                             if (ref($alerts{'username'}{$domain}) eq 'HASH') {
-                                next if ($alerts{'username'}{$domain}{$username});
+                                if ($alerts{'username'}{$domain}{$username}) {
+                                    $r->print('<br />'.
+                                              &mt('[_1]: matches the username format at your institution, but is not known to your directory service.','<b>'.$username.'</b>').'<br />'.
+                                              &mt('Consequently, the user was not created.'));
+                                    next;
+                                }
                             }
                         }
+                        my $usertype = 'unofficial';
+                        if (ref($rulematch{$user}) eq 'HASH') {
+                            if ($rulematch{$user}{'username'}) {
+                                $usertype = 'official';
+                            }
+                        }
+                        unless ($cancreate{$usertype}) {
+                            my $showtype = $longtypes{$usertype};
+                            $r->print('<br />'.
+                                      &mt('[_1]: The user does not exist, and you are not permitted to create users of type: [_2].','<b>'.$username.'</b>',$showtype));
+                            next;
+                        }
                     } else {
                         if ($context eq 'course' || $context eq 'author') {
                             if ($userdomain eq $domain ) {
@@ -4136,7 +4234,12 @@ sub upfile_drop_add {
                                 \%got_rules);
                             if (ref($alerts{'id'}) eq 'HASH') {
                                 if (ref($alerts{'id'}{$userdomain}) eq 'HASH') {
-                                    next if ($alerts{'id'}{$userdomain}{$id});
+                                    if ($alerts{'id'}{$userdomain}{$id}) {
+                                        $r->print(&mt('[_1]: has a student/employee ID matching the format at your institution, but the ID is found by your directory service.',
+                                                  '<b>'.$username.'</b>').'<br />'.
+                                                  &mt('Consequently, the user was not created.'));
+                                        next;
+                                    }
                                 }
                             }
                         }
@@ -4231,7 +4334,7 @@ sub upfile_drop_add {
             }
         } # end of foreach (@userdata)
         # Flush the course logs so reverse user roles immediately updated
-        &Apache::lonnet::flushcourselogs();
+        $r->register_cleanup(\&Apache::lonnet::flushcourselogs);
         $r->print("</p>\n<p>\n".&mt('Processed [quant,_1,user].',$counts{'user'}).
                   "</p>\n");
         if ($counts{'role'} > 0) {
@@ -4722,7 +4825,7 @@ sub update_user_list {
             $r->print('<p>'.&mt('Re-enabling will re-activate data for the role.').'</p>');
         }
         # Flush the course logs so reverse user roles immediately updated
-        &Apache::lonnet::flushcourselogs();
+        $r->register_cleanup(\&Apache::lonnet::flushcourselogs);
     }
     if ($env{'form.makedatesdefault'}) {
         if ($choice eq 'chgdates' || $choice eq 'reenable' || $choice eq 'activate') {
@@ -4937,7 +5040,7 @@ sub setsections_javascript {
                     accr => 'A course coordinator role will be added with access to all sections.',
                     acor => 'A coordinator role will be added with access to all sections',
                     inea => 'In each course, each user may only have one student role at a time.',
-                    inec => 'In each community, each user may only have one member role at a time.',
+                    inco => 'In each community, each user may only have one member role at a time.',
                     youh => 'You had selected ',
                     secs => 'sections.',
                     plmo => 'Please modify your selections so they include no more than one section.',