--- loncom/interface/portfolio.pm	2006/06/22 20:09:51	1.119
+++ loncom/interface/portfolio.pm	2006/07/19 14:57:18	1.137
@@ -1,3 +1,8 @@
+# The LearningOnline Network
+# portfolio browser
+#
+# $Id: portfolio.pm,v 1.137 2006/07/19 14:57:18 albertel Exp $
+#
 # Copyright Michigan State University Board of Trustees
 #
 # This file is part of the LearningOnline Network with CAPA (LON-CAPA).
@@ -31,47 +36,69 @@ use Apache::lonfeedback;
 use Apache::lonlocal;
 use Apache::lonnet;
 use Apache::longroup;
+use Apache::lonhtmlcommon;
 use HTML::Entities;
 use LONCAPA;
 
+sub group_args {
+    my $output;
+    if (defined($env{'form.group'})) {
+        $ouput .= '&amp;group='.$env{'form.group'};
+	if (defined($env{'form.ref'})) {
+	    $output .= '&amp;ref='.$env{'form.ref'};
+	}
+    }
+    return $output;
+}
+
+sub group_form_data {
+    my $output;
+    if (defined($env{'form.group'})) {
+	$ouput = '<input type="hidden" name="group" value="'.$env{'form.group'}.'" />';
+	if (exists($env{'form.ref'})) {
+	    $output .= '<input type="hidden" name="ref" value="'.
+		$env{'form.ref'}.'" />';
+	}
+    }
+} 
+
 # receives a file name and path stub from username/userfiles/portfolio/
 # returns an anchor tag consisting encoding filename and currentpath
 sub make_anchor {
     my ($url, $filename, $current_path, $current_mode, $field_name,
-        $continue_select,$group) = @_;
+        $continue_select) = @_;
     if ($continue_select ne 'true') {$continue_select = 'false'};
     my $anchor = '<a href="'.$url.'?selectfile='.$filename.'&amp;currentpath='.$current_path.'&amp;mode='.$current_mode.'&amp;continue='.$continue_select.'&amp;fieldname='.$field_name;
-    if (defined($group)) {
-        $anchor .= '&amp;group='.$group;
-    }
+    $anchor .= &group_args()
     $anchor .= '">'.$filename.'</a>';
     return $anchor;
 }
 my $dirptr=16384;
 sub display_common {
-    my ($r,$url,$current_path,$is_empty,$dir_list,$group)=@_;
-    my $groupitem;
+    my ($r,$url,$current_path,$is_empty,$dir_list,$can_upload)=@_;
     my $namespace = &get_namespace($group);
     my $port_path = &get_port_path($group);
-    if (defined($group)) {
-        $groupitem = '<input type="hidden" name="group" value="'.$group.'" />';
-    } 
-    my $iconpath= $r->dir_config('lonIconsURL') . "/";
-    my %text=&Apache::lonlocal::texthash('upload' => 'Upload',
+    if ($can_upload) {
+        my $groupitem = &group_form_data();
+
+        my $iconpath= $r->dir_config('lonIconsURL') . "/";
+        my %text=&Apache::lonlocal::texthash(
+					 'upload' => 'Upload',
 					 'upload_label' =>  
 					 'Upload file to current directory:',
 					 'createdir' => 'Create Subdirectory',
 					 'createdir_label' => 
 					 'Create subdirectory in current directory:');
-    my $escuri = &HTML::Entities::encode($r->uri,'&<>"');
-    $r->print(<<"TABLE"); 
+        my $escuri = &HTML::Entities::encode($r->uri,'&<>"');
+        $r->print(<<"TABLE"); 
 <table id="LC_portfolio_actions">
   <tr id="LC_portfolio_upload">
     <td class="LC_label">
       $text{'upload_label'}
     </td>
-    <td class="LC_value">$groupitem
+    <td class="LC_value">
       <form method="post" enctype="multipart/form-data" action="$escuri">
+        $groupitem 
         <input name="uploaddoc" type="file" />
 	<input type="hidden" name="currentpath" value="$current_path" />
 	<input type="hidden" name="action" value="$env{"form.action"}" />
@@ -98,39 +125,61 @@ sub display_common {
   </tr>
 </table>
 TABLE
+    }
     my @tree = split (/\//,$current_path);
-    $r->print('<span class="LC_current_location">'.&make_anchor($url,$port_path,'/',$env{"form.mode"},$env{"form.fieldname"},$env{"form.continue"},$group).'/');
+    $r->print('<span class="LC_current_location">'.&make_anchor($url,$port_path,'/',$env{"form.mode"},$env{"form.fieldname"},$env{"form.continue"}).'/');
     if (@tree > 1){
         my $newCurrentPath = '';
         for (my $i = 1; $i< @tree; $i++){
             $newCurrentPath .= $tree[$i].'/';
-            $r->print(&make_anchor($url,$tree[$i],'/'.$newCurrentPath, $env{"form.mode"},$env{"form.fieldname"}, $env{"form.continue"},$group).'/');
+            $r->print(&make_anchor($url,$tree[$i],'/'.$newCurrentPath, $env{"form.mode"},$env{"form.fieldname"}, $env{"form.continue"}).'/');
         }
     }
     $r->print('</span>');
     &Apache::lonhtmlcommon::store_recent($namespace,$current_path,$current_path);
-    $r->print('<br /><form method="post" action="'.$url.'?mode='.$env{"form.mode"}.'&amp;fieldname='.$env{"form.fieldname"});
-    if (defined($group)) {
-        $r->print('&amp;group='.$group);
-    }
+    $r->print('<br /><form method="post" action="'.$url.'?mode='.$env{"form.mode"}.'&amp;fieldname='.$env{"form.fieldname"}.&group_args());
     $r->print('">'.
 	      &Apache::lonhtmlcommon::select_recent($namespace,'currentpath',
 						    'this.form.submit();'));
     $r->print("</form>");
 }
+
+sub display_directory_line {
+    my ($r,$select_mode,$fullpath, $filename, $mtime, $size, $css_class,
+	$line, $access_controls, $curr_access, $now, $version_flag,
+	$href_location, $url, $current_path, $access_admin_text)=@_;
+    # my ($filename,$dom,undef,$testdir,undef,undef,undef,undef,$size,undef,$mtime,undef,undef,undef,$obs,undef)=split(/\&/,$line,16); 
+    $r->print('<tr class="'.$css_class.'">');
+    $r->print($line);
+    $r->print('<td><img alt="" src="'.&Apache::loncommon::icon($filename).'" /></td>');
+    $r->print('<td>'.$$version_flag{$filename}.'<a href="'.$href_location.$filename.'">'.
+	      $filename.'</a></td>'); 
+    $r->print('<td>'.$size.'</td>');
+    $r->print('<td>'.&Apache::lonlocal::locallocaltime($mtime).'</td>');
+    if ($select_mode ne 'true') {
+	$r->print('<td><span style="white-space: nowrap">'.
+		  &mt($curr_access).'&nbsp;&nbsp;&nbsp;');
+	$r->print('<a href="'.$url.'?access='.$filename.
+		  '&amp;currentpath='.$current_path.&group_args().
+		  '">'.$access_admin_text.'</a></span></td>');
+    }
+    $r->print('</tr>'.$/);
+}
+
 sub display_directory {
-    my ($r,$url,$current_path,$is_empty,$dir_list,$group)=@_;
+    my ($r,$url,$current_path,$is_empty,$dir_list,$can_upload,
+        $can_modify,$can_delete,$can_setacl)=@_;
     my $iconpath= $r->dir_config('lonIconsURL') . "/";
-    my ($groupitem,$groupecho);
     my $display_out;
     my $select_mode;
     my $checked_files;
     my $port_path = &get_port_path($group);
     my ($uname,$udom) = &get_name_dom($group);
-    if (defined($group)) {
-       $groupitem = '<input type="hidden" name="group" value="'.$group.'" />'; 
-       $groupecho = '&amp;group='.$group;
+    my $access_admin_text = &mt('View Status');
+    if ($can_setacl) {
+        $access_admin_text = &mt('View/Change Status');
     }
+
     my $current_permissions = &Apache::lonnet::get_portfile_permissions($udom,
                                                                         $uname);
     my %locked_files = &Apache::lonnet::get_marked_as_readonly_hash(
@@ -142,8 +191,9 @@ sub display_directory {
 	$checked_files =&Apache::lonnet::files_in_path($uname,$env{'form.currentpath'});
 	$select_mode = 'true';
     } 
-    if ($is_empty && ($current_path ne '/')) {
-        $display_out = '<form method="post" action="'.$url.'">'.$groupitem.
+    if ($is_empty && ($current_path ne '/') && $can_delete) {
+        $display_out = '<form method="post" action="'.$url.'">'.
+	    &group_form_data().
         '<input type="hidden" name="action" value="deletedir" />'.
         '<input type="submit" name="deletedir" value="'.&mt("Delete Directory").'" />'.
         '<input type="hidden" name="selectfile" value="" />'.
@@ -162,12 +212,12 @@ sub display_directory {
         $r->print('<table id="LC_browser">'.
             '<tr><th colspan="2">Actions</th><th>&nbsp;</th><th>Name</th><th>Size</th><th>Last Modified</th><th>Current Access Status</th></tr>');
     }
-    if (defined($group)) {
-        $r->print("\n".$groupitem."\n");
-    }
+    $r->print("\n".&group_form_data()."\n");
+
     my $href_location="/uploaded/$udom/$uname/$port_path".$current_path;
     my $href_edit_location="/editupload/$udom/$uname/$port_path".$current_path;
     my @dir_lines;
+    my @version_lines;
     my %versioned;
     foreach my $line (sort 
 		      { 
@@ -181,14 +231,30 @@ sub display_directory {
     	$filename =~ s/\s+$//;
     	my ($fname,$version,$extension) = &Apache::grades::file_name_version_ext($filename);
     	if ($version) {
-    	    $versioned{$fname} .= $version.",";
+    	    push(@version_lines, [$filename,$dom,$testdir,$size,$mtime,$obs]);
+    	    $versioned{$fname.'.'.$extension} .= $version.",";
+    	} else {
+    	    push(@dir_lines, [$filename,$dom,$testdir,$size,$mtime,$obs]);
     	}
-        push(@dir_lines, [$filename,$dom,$testdir,$size,$mtime,$obs]);
     }
     foreach my $line (@dir_lines) {
         my ($filename,$dom,$testdir,$size,$mtime,$obs) = @$line;
         my ($fname,$version,$extension) = &Apache::grades::file_name_version_ext($filename);
     	if (($filename ne '.') && ($filename ne '..') && ($filename !~ /\.meta$/ ) && ($filename !~ /(.*)\.(\d+)\.([^\.]*)$/)) {
+    	    my %version_flag;
+    	    my $show_versions;
+    	    if ($env{'form.showversions'} eq $filename) {
+    	        $show_versions = 'true';
+    	    }
+    	    if (exists($versioned{$filename})) {
+    	        if ($show_versions) {
+                    $version_flag{$filename} = '<a href="portfolio"><img alt="'.&mt('opened folder').'" src="'.$iconpath.'folder_pointer_opened.gif" /></a>';
+    	        } else {
+                    $version_flag{$filename} = '<a href="portfolio?showversions='.$filename.'"><img alt="'.&mt('closed folder').'" src="'.$iconpath.'folder_pointer_closed.gif" /></a>';
+                }
+    	    } else {
+    	        $version_flag{$filename} = '';
+    	    }
             if ($dirptr&$testdir) {
 		my $colspan='colspan="2"';
                 if ($select_mode eq 'true'){
@@ -196,20 +262,14 @@ sub display_directory {
                 }
 		$r->print('<tr class="LC_browser_folder"><td '.$colspan.'><img alt="'.&mt('closed folder').'" src="'.$iconpath.'folder_closed.gif" /></td>');
                 $r->print('<td>Go to ...</td>');
-                $r->print('<td>'.&make_anchor($url,$filename.'/',$current_path.$filename.'/',$env{'form.mode'},$env{"form.fieldname"},$env{'form.continue'},$group).'</td>'); 
+                $r->print('<td>'.$version_flag{$filename}.&make_anchor($url,$filename.'/',$current_path.$filename.'/',$env{'form.mode'},$env{"form.fieldname"},$env{'form.continue'}).'/</td>'); 
                 $r->print('</tr>'); 
             } else {
 		my $css_class = 'LC_browser_file';
 		my $line;
-                my $version_flag;
-                if (exists($versioned{$fname})) {
-                   $version_flag = "*";
-                } else {
-                    $version_flag = "";
-                }
-               my $fullpath = $current_path.$filename;
+                my $fullpath = $current_path.$filename;
                 $fullpath = &prepend_group($fullpath,$group);
-                if ($select_mode eq 'true'){
+                if ($select_mode eq 'true') {
                     $line='<td><input type="checkbox" name="checkfile" value="'.$filename.'"';
 		    if ($$checked_files{$filename} eq 'selected') {
                         $line.=" checked ";
@@ -217,78 +277,103 @@ sub display_directory {
 		    $line.=' /></td>';
                 } else {
                     if (exists $locked_files{$fullpath}) {
-                        $line.='<td colspan="2"><a href="'.$url.'?lockinfo='.$current_path.$filename.$groupecho.'">Locked</a></td>';
+                        $line.='<td colspan="2"><a href="'.$url.'?lockinfo='.$current_path.$filename.&group_args().'">Locked</a></td>';
 			$css_class= 'LC_browser_file_locked';
                     } else {
-			my $cat='<img alt="'.&mt('Catalog Information').
-			    '" src="'.&Apache::loncommon::lonhttpdurl('/res/adm/pages/catalog.gif').'" />';
-                        $line.='<td><input type="checkbox" name="selectfile" value="'.$filename.'" />
-                            <a href="'.$url.'?rename='.$filename.'&amp;currentpath='.$current_path.$groupecho.'">Rename</a></td>
-                            <td><a href="'.$href_edit_location.$filename.'.meta">'.$cat.'</a>
-                            </td>';
-                    }
-		    $r->print('<tr class="'.$css_class.'">');
-		    $r->print($line);
-                }
-                my $curr_access;
-                my $pub_access = 0;
-                my $guest_access = 0;
-                my $cond_access = 0;
-                foreach my $key (sort(keys(%{$access_controls{$fullpath}}))) {
-                    my ($num,$scope,$end,$start) = &unpack_acc_key($key);
-                    if (($now > $start) && (!$end || $end > $now)) {
-                        if ($scope eq 'public')  {
-                            $pub_access = 1;
-                        } elsif ($scope eq 'guest') {
-                            $guest_access = 1;
+                        if (!$can_modify) {
+                            $line .= '<td colspan="2">';
                         } else {
-                            $cond_access = 1;
+                            $line .= '<td>';
                         }
+                        if ($can_delete) {
+                            $line .= '<input type="checkbox" name="selectfile" value="'.$filename.'" />';
+                        }
+                        if ($can_modify) {
+                            my $cat='<img alt="'.&mt('Catalog Information').
+                            '" src="'.&Apache::loncommon::lonhttpdurl('/res/adm/pages/catalog.gif').'" />';
+                            $line .= '<a href="'.$url.'?rename='.$filename.'&amp;currentpath='.$current_path.&group_args().'">Rename</a>';
+                            $line .= '</td><td>'.$version_flag{$filename}.'<a href="'.$href_edit_location.$filename.'.meta">'.$cat.'</a>';
+                        }
+                        $line .= '</td>';
                     }
                 }
-                if (!$pub_access && !$guest_access && !$cond_access) {
-                    $curr_access = &mt('Private');
-                } else {
-                    my @allaccesses; 
-                    if ($pub_access) {
-                        push(@allaccesses,&mt('Public'));
-                    }
-                    if ($guest_access) {
-                        push(@allaccesses,&mt('Password-protected'));
-                    }
-                    if ($cond_access) {
-                        push(@allaccesses,&mt('Conditional'));
-                    }
-                    $curr_access = join('+ ',@allaccesses);
-                }
-                $r->print('<td><img alt="" src="'.&Apache::loncommon::icon($filename).'" /></td>');
-                $r->print('<td><a href="'.$href_location.$filename.'">'.
-			    $filename.'</a></td>'); 
-                $r->print('<td>'.$size.'</td>');
-                $r->print('<td>'.&Apache::lonlocal::locallocaltime($mtime).'</td>');
-                $r->print('<td><span style="white-space: nowrap">'.&mt($curr_access).'&nbsp;&nbsp;&nbsp;'.
-                          '<a href="'.$url.'?access='.$filename.
-                          '&amp;currentpath='.$current_path.$groupecho.
-                          '">'.&mt('View/Change').'</a></span></td>');
-                $r->print('</tr>'); 
+		my $curr_access;
+		if ($select_mode ne 'true') {
+		    my $pub_access = 0;
+		    my $guest_access = 0;
+		    my $cond_access = 0;
+		    foreach my $key (sort(keys(%{$access_controls{$fullpath}}))) {
+			my ($num,$scope,$end,$start) = &unpack_acc_key($key);
+			if (($now > $start) && (!$end || $end > $now)) {
+			    if ($scope eq 'public')  {
+				$pub_access = 1;
+			    } elsif ($scope eq 'guest') {
+				$guest_access = 1;
+			    } else {
+				$cond_access = 1;
+			    }
+			}
+		    }
+		    if (!$pub_access && !$guest_access && !$cond_access) {
+			$curr_access = &mt('Private');
+		    } else {
+			my @allaccesses; 
+			if ($pub_access) {
+			    push(@allaccesses,&mt('Public'));
+			}
+			if ($guest_access) {
+			    push(@allaccesses,&mt('Passphrase-protected'));
+			}
+			if ($cond_access) {
+			    push(@allaccesses,&mt('Conditional'));
+			}
+			$curr_access = join('+ ',@allaccesses);
+		    }
+		}
+                &display_directory_line($r,$select_mode,$fullpath, $filename, $mtime, $size, $css_class, $line, \%access_controls, $curr_access,
+                        $now, \%version_flag, $href_location, $url, $current_path, $access_admin_text);
+#		$r->print('<tr class="'.$css_class.'">');
+#		$r->print($line);
+#		$r->print('<td><img alt="" src="'.&Apache::loncommon::icon($filename).'" /></td>');
+#		$r->print('<td>'.$version_flag{$filename}.'<a href="'.$href_location.$filename.'">'.
+#			  $filename.'</a></td>'); 
+#		$r->print('<td>'.$size.'</td>');
+#		$r->print('<td>'.&Apache::lonlocal::locallocaltime($mtime).'</td>');
+#		if ($select_mode ne 'true') {
+#		    $r->print('<td><span style="white-space: nowrap">'.
+#			      &mt($curr_access).'&nbsp;&nbsp;&nbsp;');
+#		    $r->print('<a href="'.$url.'?access='.$filename.
+#			      '&amp;currentpath='.$current_path.&group_args().
+#			      '">'.$access_admin_text.'</a></span></td>');
+#		}
+#		$r->print('</tr>'.$/);
+		if ($show_versions) {
+		    &display_directory_line($r,$select_mode,$fullpath, $css_class, $line, \%access_controls, 
+                        $now, \%version_flag, $href_location, $url, $current_path, $access_admin_text);
+
+		}
             }
         }
     }
     if ($select_mode eq 'true') {
         $r->print('</table>
-            <input type="hidden" name="continue" value="true">
-            <input type="hidden" name="fieldname" value="'.$env{'form.fieldname'}.'">
-            <input type="hidden" name="mode" value="selectfile">
+            <input type="hidden" name="continue" value="true" />
+            <input type="hidden" name="fieldname" value="'.$env{'form.fieldname'}.'" />
+            <input type="hidden" name="mode" value="selectfile" />
             <input type="submit" name="submit" value="Select checked files, and continue selecting." /><br />
             <input type="button" name="doit" onClick= "finishSelect();" value="Select checked files, and close window" />
             <input type="hidden" name="currentpath" value="'.$current_path.'" />
         </form>');        
     } else {
-        $r->print('</table>
+        $r->print('</table>');
+        if ($can_delete) {
+            $r->print('
         <input type="submit" name="doit" value="Delete Checked Files" />
         <input type="hidden" name="action" value="delete" />
         <input type="hidden" name="currentpath" value="'.$current_path.'" />
-        </form>');
+        </form>'
+            );
+        }
     }
 }
 
@@ -308,27 +393,20 @@ sub open_form {
 }
 
 sub close_form {
-    my ($r,$url,$group,$button_text)=@_;
+    my ($r,$url,$button_text)=@_;
     if (!defined($button_text)) {
         $button_text = {
                          'continue' => &mt('Continue'),
                          'cancel'   => &mt('Cancel'),
                        };
     }
-    $r->print('<p><input type="submit" value="'.$button_text->{'continue'}.'" />');
-    if (defined($group)) {
-       $r->print("\n".'<input type="hidden" name="group" value="'.
-              $group.'" />');
-    }
-    $r->print('</p></form>');
+    $r->print('<p><input type="submit" value="'.$button_text->{'continue'}.'" />')
+    $r->print(&group_form_data().'</p></form>');
     $r->print('<form action="'.$url.'" method="post">
                <p>
               <input type="hidden" name="currentpath" value="'.
-	      $env{'form.currentpath'}.'" />');
-    if (defined($group)) {
-       $r->print("\n".'<input type="hidden" name="group" value="'.
-              $group.'" />');
-    }
+	      $env{'form.currentpath'}.'" />'.
+	      &group_form_data());
     $r->print("\n".'   <input type="submit" value="'.$button_text->{'cancel'}.'" />
                </p></form>'); 
 }
@@ -355,17 +433,15 @@ sub display_file {
 }
 
 sub done {
-    my ($message,$url,$group)=@_;
+    my ($message,$url)=@_;
     unless (defined $message) {
         $message='Done';
     }
     my $result = '<h3><a href="'.$url.'?currentpath='.
 	         $env{'form.currentpath'}.
 	         '&fieldname='.$env{'form.fieldname'}.
-	         '&mode='.$env{'form.mode'};
-    if (defined($group)) {
-        $result .= '&group='.$group;
-    }
+	         '&mode='.$env{'form.mode'}.
+		 &group_args();
     $result .= '">'.&mt($message).'</a></h3>';
     return $result;
 }
@@ -379,15 +455,15 @@ sub delete {
     my ($uname,$udom) = &get_name_dom($group);
     if (&Apache::lonnet::is_locked($file_name,$udom,$uname) eq 'true') {
         $r->print ("The file is locked and cannot be deleted.<br />");
-        $r->print(&done('Back',$url,$group));
+        $r->print(&done('Back',$url));
     } else {
         if (scalar(@files)) {
             &open_form($r,$url);
             $r->print('<p>'.&mt('Delete').' '.&display_file(undef,\@files).'?</p>');
-            &close_form($r,$url,$group);
+            &close_form($r,$url);
         } else {
             $r->print("No file was checked to delete.<br />");
-            $r->print(&done(undef,$url,$group));
+            $r->print(&done(undef,$url));
         }
     }
 } 
@@ -407,14 +483,14 @@ sub delete_confirmed {
 		  ') while trying to delete '.&display_file(undef, $delete_file).'</span><br />');
         }
     }
-    $r->print(&done(undef,$url,$group));
+    $r->print(&done(undef,$url));
 }
 
 sub delete_dir {
-    my ($r,$url,$group)=@_;
+    my ($r,$url)=@_;
     &open_form($r,$url);
     $r->print('<p>'.&mt('Delete').' '.&display_file().'?</p>');
-    &close_form($r,$url,$group);
+    &close_form($r,$url);
 } 
 
 sub delete_dir_confirmed {
@@ -443,7 +519,7 @@ sub delete_dir_confirmed {
         }
         $env{'form.currentpath'} = $directory_name;
     }
-    $r->print(&done(undef,$url,$group));
+    $r->print(&done(undef,$url));
 }
 
 sub rename {
@@ -453,12 +529,12 @@ sub rename {
     $file_name = &prepend_group($file_name,$group);
     if (&Apache::lonnet::is_locked($file_name,$udom,$uname) eq 'true') {
         $r->print ("The file is locked and cannot be renamed.<br />");
-        $r->print(&done(undef,$url,$group));
+        $r->print(&done(undef,$url));
     } else {
         &open_form($r,$url);
         $r->print('<p>'.&mt('Rename').' '.&display_file().' to 
                    <input name="filenewname" type="input" size="50" />?</p>');
-        &close_form($r,$url,$group);
+        &close_form($r,$url);
     }
 }
 
@@ -471,7 +547,7 @@ sub rename_confirmed {
 	$r->print('<span class="LC_error">'.
 		  &mt("Error: no valid filename was provided to rename to.").
 		  '</span><br />');
-	$r->print(&done(undef,$url,$group));
+	$r->print(&done(undef,$url));
 	return;
     } 
     my $result=
@@ -489,30 +565,170 @@ sub rename_confirmed {
 		      '<strong>'.&display_file('',$env{'form.filenewname'}).'</strong>',
 		      '<strong>'.&display_file('',$filenewname).'</strong>'));
     }
-    $r->print(&done(undef,$url,$group));
+    $r->print(&done(undef,$url));
 }
 
 sub display_access {
-    my ($r,$url,$group) = @_;
+    my ($r,$url,$group,$can_setacl,$port_path) = @_;
     my ($uname,$udom) = &get_name_dom($group);
     my $file_name = $env{'form.currentpath'}.$env{'form.access'};
     $file_name = &prepend_group($file_name,$group);
     my $current_permissions = &Apache::lonnet::get_portfile_permissions($udom,
                                                                         $uname);
     my %access_controls = &Apache::lonnet::get_access_controls($current_permissions,$group,$file_name);
-    &open_form($r,$url);
-    $r->print('<h3>'.&mt('Allowing others to retrieve portfolio file: [_1]',$env{'form.currentpath'}.$env{'form.access'}).'</h3>'."\n");
-    $r->print(&mt('Access to this file by others can be set to be one or more of the following types: public, password-protected or conditional.').'<br /><ul><li>'.&mt('Public files are available to anyone without the need for login.').'</li><li>'.&mt('Password-protected files do not require log-in, but will require the viewer to enter the password you set.').'</li><li>'.&mt('Conditional files are accessible to logged-in users with accounts in the LON-CAPA network, who satify the conditions you set.').'<br />'.&mt('The conditions can include affiliation with a particular course or group, or a user account in a specific domain.').'<br />'.&mt('Alternatively you can grant access to people with specific LON-CAPA usernames and domains.').'</li></ul>');
-    &access_setting_table($r,$access_controls{$file_name});
-    my $button_text = {
+    my $aclcount = keys(%access_controls);
+    my $header = '<h3>'.&mt('Allowing others to retrieve portfolio file: [_1]',$port_path.$env{'form.currentpath'}.$env{'form.access'}).'</h3>';
+    my $info .= &mt('Access to this file by others can be set to be one or more of the following types: public, passphrase-protected or conditional.').'<br /><ul><li>'.&mt('Public files are available to anyone without the need for login.').'</li><li>'.&mt('Passphrase-protected files do not require log-in, but will require the viewer to enter the passphrase you set.').'</li><li>'.&mt('Conditional files are accessible to logged-in users with accounts in the LON-CAPA network, who satisfy the conditions you set.').'<br />'.&mt('The conditions can include affiliation with a particular course or group, or a user account in a specific domain.').'<br />'.&mt('Alternatively access can be granted to people with specific LON-CAPA usernames and domains.').'</li></ul>';
+    if ($can_setacl) {
+        &open_form($r,$url);
+        $r->print($header.$info);
+        &access_setting_table($r,$access_controls{$file_name});
+        my $button_text = {
                         'continue' => &mt('Proceed'),
                         'cancel' => &mt('Back to directory listing'),
                       };
-    &close_form($r,$url,$group,$button_text);
+        &close_form($r,$url,$button_text);
+    } else {
+        $r->print($header);
+        if ($aclcount) {  
+            $r->print($info);
+        }
+        &view_access_settings($r,$url,$access_controls{$file_name},$aclcount);
+    }
+}
+
+sub view_access_settings {
+    my ($r,$url,$access_controls,$aclcount) = @_;
+    my ($showstart,$showend);
+    my %todisplay;
+    foreach my $key (sort(keys(%{$access_controls}))) {
+        my ($num,$scope,$end,$start) = &unpack_acc_key($key);
+        $todisplay{$scope}{$key} = $$access_controls{$key};
+    }
+    if ($aclcount) {
+        $r->print(&mt('<h4>Current access controls defined for this file:</h4>'));
+        $r->print(&Apache::loncommon::start_data_table());
+        $r->print(&Apache::loncommon::start_data_table_header_row());
+        $r->print('<th>'.&mt('Access control').'</th><th>'.&mt('Dates available').
+                  '</th><th>'.&mt('Additional information').'</th>');
+        $r->print(&Apache::loncommon::end_data_table_header_row());
+        my $count = 1;
+        my $chg = 'none';
+        &build_access_summary($r,$count,$chg,%todisplay);
+        $r->print(&Apache::loncommon::end_data_table());
+    } else {
+        $r->print(&mt('No access control settings currently exist for this file.<br />' ));
+    }
+    $r->print('<br /><a href="'.$url.'?currentpath='.$env{'form.currentpath'}.
+              &group_args().'">'.&mt('Return to directory listing').'</a>');
+    return;
+}
+
+sub build_access_summary {
+    my ($r,$count,$chg,%todisplay) = @_; 
+    my ($showstart,$showend);
+    my %scope_desc = (
+                      public => 'Public',
+                      guest => 'Passphrase-protected',
+                      domains => 'Conditional: domain-based',
+                      users => 'Conditional: user-based',
+                      course => 'Conditional: course-based',
+                      group => 'Conditional: group-based',
+                     );
+    my @allscopes = ('public','guest','domains','users','course','group');
+    foreach my $scope (@allscopes) {
+        if ((!(exists($todisplay{$scope}))) || (ref($todisplay{$scope}) ne 'HASH')) {
+            next;
+        }
+        foreach my $key (sort(keys(%{$todisplay{$scope}}))) {
+            if ($count) {
+                $r->print(&Apache::loncommon::start_data_table_row());
+            }
+            my ($num,$scope,$end,$start) = &unpack_acc_key($key);
+            my $content = $todisplay{$scope}{$key};
+            if ($chg eq 'delete') {
+                $showstart = &mt('Deleted');
+                $showend = $showstart;
+            } else {
+                $showstart = localtime($start);
+                if ($end == 0) {
+                    $showend = &mt('No end date');
+                } else {
+                    $showend = localtime($end);
+                }
+            }
+            $r->print('<td>'.&mt($scope_desc{$scope}));
+            if (($scope eq 'course') || ($scope eq 'group')) {
+                if ($chg ne 'delete') {
+                    my $cid = $content->{'domain'}.'_'.$content->{'number'};
+                    my %course_description = &Apache::lonnet::coursedescription($cid);
+                    $r->print('<br />('.$course_description{'description'}.')');
+                }
+            }
+            $r->print('</td><td>'.&mt('Start: ').$showstart.
+                  '<br />'.&mt('End: ').$showend.'</td><td>');
+            if ($chg ne 'delete') {
+                if ($scope eq 'guest') {
+                    $r->print(&mt('Passphrase').': '.$content->{'password'});
+                } elsif ($scope eq 'course' || $scope eq 'group') {
+                    $r->print('<table><tr>');
+                    $r->print('<th>'.&mt('Roles').'</th><th>'.
+                          &mt('Access').'</th><th>'.
+                                          &mt('Sections').'</th>');
+                    if ($scope eq 'course') {
+                        $r->print('<th>'.&mt('Groups').'</th>');
+                    } else {
+                        $r->print('<th>'.&mt('Teams').'</th>');
+                    }
+                    $r->print('</tr>');
+                    foreach my $id (sort(keys(%{$content->{'roles'}}))) {
+                        $r->print('<tr>');
+                        foreach my $item ('role','access','section','group') {
+                            $r->print('<td>');
+                            if ($item eq 'role') {
+                                my $ucscope = $scope;
+                                $ucscope =~ s/^(\w)/uc($1)/e;
+                                my $role_output;
+                                foreach my $role (@{$content->{'roles'}{$id}{$item}}) {
+                                    if ($role eq 'all') {
+                                        $role_output .= $role.',';
+                                    } elsif ($role =~ /^cr/) {
+                                        $role_output .= (split('/',$role))[3].',';
+                                    } else {
+                                        $role_output .= &Apache::lonnet::plaintext($role,$ucscope).',';
+                                    }
+                                }
+                                $role_output =~ s/,$//;
+                                $r->print($role_output);
+                            } else {
+                                $r->print(join(',',@{$content->{'roles'}{$id}{$item}}));
+                            }
+                            $r->print('</tr>');
+                        }
+			$r->print("</table>");
+                    }
+		    $r->print("</tr></table>");
+                } elsif ($scope eq 'domains') {
+                    $r->print(&mt('Domains: ').join(',',@{$content->{'dom'}}));
+                } elsif ($scope eq 'users') {
+                    my $curr_user_list = &sort_users($content->{'users'});
+                    $r->print(&mt('Users: ').$curr_user_list);
+                } else {
+                    $r->print('&nbsp;');
+                }
+            } else {
+                $r->print('&nbsp;');
+            }
+            $r->print('</td>');
+            $r->print(&Apache::loncommon::end_data_table_row());
+            $count ++;
+        }
+    }
 }
 
+
 sub update_access {
-    my ($r,$url,$group) = @_;
+    my ($r,$url,$group,$port_path) = @_;
     my $totalprocessed = 0;
     my %processing;
     my %title  = (
@@ -538,7 +754,7 @@ sub update_access {
     }
     my $file_name = $env{'form.currentpath'}.$env{'form.selectfile'};
     $r->print('<h3>'.&mt('Allowing others to retrieve portfolio file: [_1]',
-              $file_name).'</h3>'."\n");
+              $port_path.$file_name).'</h3>'."\n");
     $file_name = &prepend_group($file_name,$group);
     my ($uname,$udom) = &get_name_dom($group);
     my ($errors,$outcome,$deloutcome,$new_values,$translation);
@@ -577,93 +793,16 @@ sub update_access {
                     $r->print('<td rowspan="'.$numchgs.'">'.&mt($title{$chg}).
                               '.</td>');
                     my $count = 0;
+                    my %todisplay;
                     foreach my $key (sort(keys(%{$$changes{$chg}}))) {
-                        if ($count) {
-                            $r->print(&Apache::loncommon::start_data_table_row());
-                        }
-                        my ($num,$scope,$end,$start) = &unpack_acc_key($key); 
+                        my ($num,$scope,$end,$start) = &unpack_acc_key($key);
                         my $newkey = $key;
                         if ($chg eq 'activate') {
                             $newkey =~ s/^(\d+)/$$translation{$1}/;
                         }
-                        my $content = $$updated_controls{$newkey};
-                        if ($chg eq 'delete') {
-                            $showstart = &mt('Deleted');
-                            $showend = $showstart;
-                        } else {
-                            $showstart = localtime($start);
-                            if ($end == 0) {
-                                $showend = &mt('No end date');
-                            } else {
-                                $showend = localtime($end);
-                            }
-                        }
-                        $r->print('<td>'.&mt($scope));
-                        if (($scope eq 'course') || ($scope eq 'group')) {
-                            if ($chg ne 'delete') {
-                                my $cid = $content->{'domain'}.'_'.$content->{'number'};
-                                my %course_description = &Apache::lonnet::coursedescription($cid);
-                                $r->print('<br />('.$course_description{'description'}.')');
-                            }
-                        }  
-                        $r->print('</td><td>'.&mt('Start: ').$showstart.
-                                  '<br />'.&mt('End: ').$showend.'</td><td>');
-                        if ($chg ne 'delete') {
-                            if ($scope eq 'guest') {
-                                $r->print(&mt('Password').': '.$content->{'password'});
-                            } elsif ($scope eq 'course' || $scope eq 'group') {
-                                $r->print('<table><tr>');
-                                $r->print('<th>'.&mt('Roles').'</th><th>'.
-                                          &mt('Access').'</th><th>'.
-                                          &mt('Sections').'</th>');
-                                if ($scope eq 'course') {
-                                    $r->print('<th>'.&mt('Groups').'</th>');
-                                } else {
-                                    $r->print('<th>'.&mt('Teams').'</th>');
-                                }
-                                $r->print('</tr>');
-                                foreach my $id (sort(keys(%{$content->{'roles'}}))) {
-                                    $r->print('<tr>');
-                                    foreach my $item ('role','access','section','group') {
-                                        $r->print('<td>');
-                                        if ($item eq 'role') {
-                                            my $ucscope = $scope;
-                                            $ucscope =~ s/^(\w)/uc($1)/;
-                                            my $role_output;  
-                                            foreach my $role (@{$content->{'roles'}{$id}{$item}}) {
-                                                if ($role eq 'all') {
-                                                    $role_output .= $role.',';
-                                                } elsif ($role =~ /^cr/) {
-                                                    $role_output .= (split('/',$role))[3].',';
-                                                } else {
-                                                    $role_output .= &Apache::lonnet::plaintext($role,$ucscope).',';
-                                                }
-                                            }
-                                            $role_output =~ s/,$//;
-                                            $r->print($role_output);  
-                                        } else {
-                                            $r->print(join(',',@{$content->{'roles'}{$id}{$item}}));
-                                        }
-                                        $r->print('</td>');
-                                    }
-                                }
-                                $r->print(&Apache::loncommon::end_data_table_row());
-                                $r->print(&Apache::loncommon::end_data_table());
-                            } elsif ($scope eq 'domains') {
-                                $r->print(&mt('Domains: ').join(',',@{$content->{'dom'}}));
-                            } elsif ($scope eq 'users') {
-                                my $curr_user_list = &sort_users($content->{'users'});
-                                $r->print(&mt('Users: ').$curr_user_list);
-                            } else {
-                                $r->print('&nbsp;');
-                            }
-                        } else {
-                            $r->print('&nbsp;');
-                        }
-                        $r->print('</td>');
-                        $r->print(&Apache::loncommon::end_data_table_row());
-                        $count ++;
+                        $todisplay{$scope}{$newkey} = $$updated_controls{$newkey};
                     }
+                    &build_access_summary($r,$count,$chg,%todisplay);  
                 }
             }
             $r->print(&Apache::loncommon::end_data_table());
@@ -703,11 +842,14 @@ sub update_access {
                                     $access_controls{$file_name},$now,$then);
             }
         }
-        &close_form($r,$url,$group);
+        &close_form($r,$url);
     } else {
         $r->print('<br /><a href="'.$url.'?access='.$env{'form.selectfile'}.
-                  '&amp;currentpath='.$env{'form.currentpath'}.'">'.
-                   &mt('Display all access settings for this file').'</a>');
+                  '&amp;currentpath='.$env{'form.currentpath'}.$group_arg.'">'.
+                   &mt('Display all access settings for this file').'</a>'.
+                  '&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'.
+                  '<a href="'.$url.'?currentpath='.$env{'form.currentpath'}.
+                  &group_args().'">'.&mt('Return to directory listing').'</a>');
     }
     return;
 }
@@ -857,11 +999,11 @@ sub access_setting_table {
     $r->print(&Apache::loncommon::end_data_table_row());
     $r->print(&Apache::loncommon::end_data_table());
     $r->print('</td><td width="40">&nbsp;</td><td valign="top">');
-    $r->print('<h3>'.&mt('Password-protected access:').' '.$guesttext.'</h3>');
+    $r->print('<h3>'.&mt('Passphrase-protected access:').' '.$guesttext.'</h3>');
     $r->print(&Apache::loncommon::start_data_table());
     $r->print(&Apache::loncommon::start_data_table_header_row());
     $r->print('<th>'.&mt('Action').'</th><th>'.&mt('Dates available').
-              '</th><th>'. &mt('Password').'</th>');
+              '</th><th>'. &mt('Passphrase').'</th>');
     $r->print(&Apache::loncommon::end_data_table_header_row());
     $r->print(&Apache::loncommon::start_data_table_row());
     my $passwd;
@@ -1032,6 +1174,8 @@ sub course_row {
     if ($type eq 'group') {
         $crsgrptext = 'Teams';
     }
+    my $uctype = $type;
+    $uctype =~ s/^(\w)/uc($1)/e;
     my ($num,$scope,$end,$start) = &set_identifiers($status,$item,$now,$then,
                                                     $type);
     $r->print('<td>'.$js.&actionbox($status,$num,$scope).'</td>');
@@ -1040,8 +1184,6 @@ sub course_row {
         my %course_description = &Apache::lonnet::coursedescription($cid);
         $r->print('<td><input type="hidden" name="crsdom_'.$num.'" value="'.$content->{'domain'}.'" /><input type="hidden" name="crsnum_'.$num.'" value="'.$content->{'number'}.'" />'.$course_description{'description'}.'</td>');
     } elsif ($status eq 'new') {
-        my $uctype = $type;
-        $uctype =~ s/^(\w)/uc($1)/e;
         $r->print('<td>'.&Apache::loncommon::selectcourse_link('portform','crsnum_'.$num,'crsdom_'.$num,'description_'.$num,undef,undef,$uctype).'&nbsp;&nbsp;<input type="text" name="description_'.$num.'" size="30" /><input type="hidden" name="crsdom_'.$num.'" /><input type="hidden" name="crsnum_'.$num.'" /></td>');
     }
     $r->print('<td>'.&dateboxes($num,$start,$end).'</td>');
@@ -1059,7 +1201,7 @@ sub course_row {
             my $role_selects = &role_selectors($num,$role_id,$status,$type,$content,'display');
             $r->print('<tr><td><span style="white-space: nowrap"><label><input type="checkbox" name="delete_role_'.$num.'" value="'.$role_id.'" />'.&mt('Delete').'</label></span><br /><input type="hidden" name="preserve_role_'.$num.'" value="'.$role_id.'" /></td>'.$role_selects.'</tr>');
         }
-        $r->print('</table><br />'.&mt('Add a roles-based condition').'&nbsp;<input type="checkbox" name ="add_role_'.$num.'" onClick="javascript:setRoleOptions(this,'."'$num','$content->{'domain'}','$content->{'number'}','Course'".')" value="'.$max_id.'" /><input type="hidden" name="role_'.$num.'_'.$max_id.'" /><input type="hidden" name="access_'.$num.'_'.$max_id.'" /><input type="hidden" name="section_'.$num.'_'.$max_id.'" /><input type="hidden" name="group_'.$num.'_'.$max_id.'" /></td>');
+        $r->print('</table><br />'.&mt('Add a roles-based condition').'&nbsp;<input type="checkbox" name ="add_role_'.$num.'" onClick="javascript:setRoleOptions(this,'."'$num','$content->{'domain'}','$content->{'number'}','$uctype'".')" value="'.$max_id.'" /><input type="hidden" name="role_'.$num.'_'.$max_id.'" /><input type="hidden" name="access_'.$num.'_'.$max_id.'" /><input type="hidden" name="section_'.$num.'_'.$max_id.'" /><input type="hidden" name="group_'.$num.'_'.$max_id.'" /></td>');
     } elsif ($status eq 'new') {
         my $role_id = 1;
         my $role_selects = &role_selectors($num,$role_id,$status,$type,undef,'display');
@@ -1185,8 +1327,10 @@ sub role_selectors {
          $cdom = $env{'form.cdom'};
          $cnum = $env{'form.cnum'};
     }
+    my $uctype = $type;
+    $uctype =~ s/^(\w)/uc($1)/e;
     my ($sections,$groups,$allroles,$rolehash,$accesshash) =
-            &Apache::loncommon::get_secgrprole_info($cdom,$cnum,1,$type);
+            &Apache::loncommon::get_secgrprole_info($cdom,$cnum,1,$uctype);
     if (!@{$sections}) {
         @{$sections} = ('none');
     } else {
@@ -1244,6 +1388,10 @@ sub role_options_window {
     my $cnum = $env{'form.cnum'};
     my $type = $env{'form.type'};
     my $addindex = $env{'form.setroles'};
+    my $grouptitle = 'Groups';
+    if ($type eq 'Group') {
+         $grouptitle = 'Teams';
+    } 
     my $role_selects = &role_selectors(1,1,'new',$type,undef,'rolepicker');
     $r->print(<<"END_SCRIPT");
 <script type="text/javascript">
@@ -1264,7 +1412,7 @@ function setRoles() {
 </script>
 END_SCRIPT
     $r->print(&mt('Select roles, course status, section(s) and group(s) for users who will be able to access the portfolio file.'));
-    $r->print('<form name="rolepicker" action="/adm/portfolio" method="post"><table><tr><th>'.&mt('Roles').'</th><th>'.&mt('[_1] status',$type).'</th><th>'.&mt('Sections').'</th><th>'.&mt('Groups').'</th></tr><tr>'.$role_selects.'</tr></table><br /><input type="button" name="rolepickbutton" value="Save selections" onclick="setRoles()" />');
+    $r->print('<form name="rolepicker" action="/adm/portfolio" method="post"><table><tr><th>'.&mt('Roles').'</th><th>'.&mt('[_1] status',$type).'</th><th>'.&mt('Sections').'</th><th>'.&mt($grouptitle).'</th></tr><tr>'.$role_selects.'</tr></table><br /><input type="button" name="rolepickbutton" value="Save selections" onclick="setRoles()" />');
     return;
 }
 
@@ -1297,11 +1445,7 @@ ENDSMP
                     fileList = fileList + document.forms.checkselect.currentpath.value + document.forms.checkselect[i].value + "," ;
                 }
             }
-            opener.document.forms.lonhomework.
-ENDSMP
-    $javascript .= $env{'form.fieldname'};
-    $javascript .= (<<ENDSMP);
-        .value=fileList;
+            opener.document.forms.lonhomework.$env{'form.fieldname'}.value=fileList;
             self.close();
         }
         </script>
@@ -1322,6 +1466,14 @@ sub upload {
     my $fname=$env{'form.uploaddoc.filename'};
     my $filesize = (length($env{'form.uploaddoc'})) / 1000; #express in k (1024?)
     my $disk_quota = 20000; # expressed in k
+    if (defined($group)) {
+        my $grp_quota = &get_group_quota($group); # quota expressed in k 
+        if ($grp_quota ne '') {
+            $disk_quota = $grp_quota;
+        } else {
+            $disk_quota = 0;
+        }
+    }
     $fname=&Apache::lonnet::clean_filename($fname);
 
     my $portfolio_root=&get_portfolio_root($group);
@@ -1349,17 +1501,17 @@ sub upload {
     if (($current_disk_usage + $filesize) > $disk_quota){
         $r->print('<span class="LC_error">Unable to upload <strong>'.$fname.' (size = '.$filesize.' kilobytes)</strong>. Disk quota will be exceeded.</span>'.
                   '<br />Disk quota is '.$disk_quota.' kilobytes. Your current disk usage is '.$current_disk_usage.' kilobytes.');
-        $r->print(&done('Back',$url,$group));
+        $r->print(&done('Back',$url));
     } 
     elsif ($found_file){
         if ($locked_file){
             $r->print('<span class="LC_error">'.'Unable to upload <strong>'.$fname.'</strong>, a <strong>locked</strong> file by that name was found in <strong>'.$port_path.$env{'form.currentpath'}.'</strong></span>'.
                   '<br />You will be able to rename or delete existing '.$fname.' after a grade has been assigned.');
-            $r->print(&done('Back',$url,$group));      
+            $r->print(&done('Back',$url));      
         } else {   
             $r->print('<span class="LC_error">'.'Unable to upload <strong>'.$fname.'</strong>, a file by that name was found in <strong>'.$port_path.$env{'form.currentpath'}.'</strong></span>'.
                   '<br />To upload, rename or delete existing '.$fname.' in '.$port_path.$env{'form.currentpath'});
-            $r->print(&done('Back',$url,$group));
+            $r->print(&done('Back',$url));
         }
     } else {
         my $result=&Apache::lonnet::userfileupload('uploaddoc','',
@@ -1367,12 +1519,13 @@ sub upload {
         if ($result !~ m|^/uploaded/|) {
             $r->print('<span class="LC_error">'.'An errror occured ('.$result.
 	              ') while trying to upload '.&display_file().'</span><br />');
-	    $r->print(&done('Back',$url,$group));
+	    $r->print(&done('Back',$url));
         } else {
-            $r->print(&done(undef,$url,$group));
+            $r->print(&done(undef,$url));
         }
     }
 }
+
 sub lock_info {
     my ($r,$url,$group) = @_;
     my ($uname,$udom) = &get_name_dom($group);
@@ -1402,7 +1555,7 @@ sub lock_info {
             }
         }
     }
-    $r->print(&done('Back',$url,$group));
+    $r->print(&done('Back',$url));
     return 'ok';
 }
 sub createdir {
@@ -1440,13 +1593,13 @@ sub createdir {
     if ($newdir ne $env{'form.newdir'}) {
         $r->print("The new directory name was changed from:<br /><strong>".$env{'form.newdir'}."</strong> to <strong>$newdir </strong>");  
     }
-    $r->print(&done(undef,$url,$group));
+    $r->print(&done(undef,$url));
 }
 
 sub get_portfolio_root {
     my ($group) = @_;
-    my ($portfolio_root,$udom,$uname,$path);
-    ($uname,$udom) = &get_name_dom($group);
+    my ($uname,$udom) = &get_name_dom($group);
+    my $path;
     if (defined($group)) {
         $path = '/userfiles/groups/'.$group.'/portfolio';
     } else {
@@ -1455,6 +1608,23 @@ sub get_portfolio_root {
     return (&Apache::loncommon::propath($udom,$uname).$path);
 }
 
+sub get_group_quota {
+    my ($group) = @_;
+    my $group_quota; 
+    my $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'};
+    my $cnum = $env{'course.'.$env{'request.course.id'}.'.num'};
+    my %curr_groups = &Apache::longroup::coursegroups($cdom,$cnum,$group);
+    if (%curr_groups) {
+        my %group_info =  &Apache::longroup::get_group_settings(
+                                                    $curr_groups{$group});
+        $group_quota = $group_info{'quota'}; #expressed in Mb
+        if ($group_quota) {
+            $group_quota = 1000 * $group_quota; #expressed in k
+        } 
+    }
+    return $group_quota;
+} 
+
 sub get_dir_list {
     my ($portfolio_root,$group) = @_;
     my ($uname,$udom) = &get_name_dom($group);
@@ -1478,7 +1648,7 @@ sub get_name_dom {
 sub prepend_group {
     my ($filename,$group) = @_;
     if (defined($group)) {
-        $filename = $group.'/'.$filename;
+        $filename = $group.$filename;
     }
     return $filename;
 }
@@ -1504,18 +1674,74 @@ sub get_port_path {
     return $port_path;
 }
 
+sub missing_priv {
+    my ($r,$url,$priv,$group) = @_;
+    my $longtext = {
+                      upload => 'upload files',
+                      delete => 'delete files',
+                      rename => 'rename files',
+                      setacl => 'set access controls for files',
+                   };
+    my $escpath = &HTML::Entities::encode($env{'form.currentpath'},'&<>"');
+    my $rtnlink = '<a href="'.$url;
+    if ($url =~ /\?/) {
+        $rtnlink .= '&';
+    } else {
+        $rtnlink .= '?';
+    }
+    $rtnlink .= 'currentpath='.$escpath;
+    $r->print(&mt('<h3>Action disallowed</h3>'));
+    $r->print(&mt('You do not have sufficient privileges to [_1] ',
+                  $longtext->{$priv}));
+    if ($group) {
+        $r->print(&mt("in the group's file repository."));
+        $rtnlink .= &group_args()
+    } else {
+        $r->print(&mt('in this portfolio.'));
+    }
+    $rtnlink .= '">'.&mt('Return to directory listing page').'</a>';
+    $r->print('<br />'.$rtnlink);
+    $r->print(&Apache::loncommon::end_page());
+    return;
+}
+
+sub coursegrp_portfolio_header {
+    my ($cdom,$cnum,$grp_desc)=@_;
+    my $gpterm  = &Apache::loncommon::group_term();
+    my $ucgpterm = $gpterm;
+    $ucgpterm =~ s/^(\w)/uc($1)/e;
+    if ($env{'form.ref'}) {
+        &Apache::lonhtmlcommon::add_breadcrumb
+            ({href=>"/adm/coursegroups",
+              text=>"Groups",
+              title=>"Course Groups"});
+    }
+    &Apache::lonhtmlcommon::add_breadcrumb
+        ({href=>"/adm/$cdom/$cnum/$group/smppg?ref=$env{'form.ref'}",
+          text=>"$ucgpterm: $grp_desc",
+          title=>"Go to group's home page"},
+         {href=>"/adm/coursegrp_portfolio?".&group_args(),
+          text=>"Group Portfolio",
+          title=>"Display group portfolio"});
+    my $output = &Apache::lonhtmlcommon::breadcrumbs(
+                         &mt('[_1] portfolio files - [_2]',$gpterm,$grp_desc));
+    return $output;
+}
+
+
 sub handler {
     # this handles file management
     my $r = shift;
     &Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'},
          ['selectfile','currentpath','meta','lockinfo','currentfile','action',
 	  'fieldname','mode','rename','continue','group','access','setnum',
-          'cnum','cdom','type','setroles']);
-    my ($uname,$udom,$portfolio_root,$url,$group,$caller,$title);
+          'cnum','cdom','type','setroles','showversions','ref']);
+    my ($uname,$udom,$portfolio_root,$url,$group,$caller,$title,$grp_desc);
     if ($r->uri =~ m|^(/adm/)([^/]+)|) {
         $url = $1.$2;
         $caller = $2;
     }
+    my ($can_modify,$can_delete,$can_upload,$can_setacl);
     if ($caller eq 'coursegrp_portfolio') {
     #  Needs to be in a course
         if (! ($env{'request.course.fn'})) {
@@ -1525,15 +1751,18 @@ sub handler {
             return HTTP_NOT_ACCEPTABLE;
         }
         my $earlyout = 0;
-        my $view_permission = &Apache::lonnet::allowed('vcg',
-                                                $env{'request.course.id'});
-        $group = $env{'form.group'};
-        $group =~ s/\W//g;
+        my $view_permission = 
+           &Apache::lonnet::allowed('vcg',$env{'request.course.id'}.($env{'request.course.sec'}?'/'.$env{'request.course.sec'}:''));
+        $env{'form.group'} =~ s/\W//g;
+	my $group = $env{'form.group'};
         if ($group) {
             ($uname,$udom) = &get_name_dom($group);
             my %curr_groups = &Apache::longroup::coursegroups($udom,$uname,
 							       $group); 
             if (%curr_groups) {
+                my %grp_content = &Apache::longroup::get_group_settings(
+                                                         $curr_groups{$group});
+                $grp_desc = &unescape($grp_content{'description'});
                 if (($view_permission) || (&Apache::lonnet::allowed('rgf',
                                       $env{'request.course.id'}.'/'.$group))) {
                     $portfolio_root = &get_portfolio_root($group);
@@ -1551,12 +1780,36 @@ sub handler {
             $earlyout = 1;
         }
         if ($earlyout) { return OK; }
+        if (&Apache::lonnet::allowed('mdg',$env{'request.course.id'})) {
+            $can_modify = 1;
+            $can_delete = 1;
+            $can_upload = 1;
+            $can_setacl = 1;
+        } else {
+            if (&Apache::lonnet::allowed('agf',$env{'request.course.id'}.'/'.$group)) {
+                $can_setacl = 1;
+            }
+            if (&Apache::lonnet::allowed('ugf',$env{'request.course.id'}.'/'.$group)) {
+                $can_upload = 1;
+            }
+            if (&Apache::lonnet::allowed('mgf',$env{'request.course.id'}.'/'.$group)) {
+                $can_modify = 1;
+            }
+            if (&Apache::lonnet::allowed('dgf',$env{'request.course.id'}.'/'.$group)) {
+                $can_delete = 1;
+            }
+        }
     } else {
         ($uname,$udom) = &get_name_dom();
         $portfolio_root = &get_portfolio_root();
         $title = &mt('Portfolio Manager');
+        $can_modify = 1;
+        $can_delete = 1;
+        $can_upload = 1;
+        $can_setacl = 1;
     }
 
+    my $port_path = &get_port_path($group);
     &Apache::loncommon::no_cache($r);
     &Apache::loncommon::content_type($r,'text/html');
     $r->send_http_header;
@@ -1582,37 +1835,77 @@ sub handler {
         &open_form($r,$url);
 #        $r->print(&edit_meta_data($r, $env{'form.currentpath'}.$env{'form.selectfile'}));
         $r->print('Edit the meta data<br />');
-        &close_form($r,$url,$group);
+        &close_form($r,$url);
     }
     if ($env{'form.store'}) {
     }
 
     if ($env{'form.uploaddoc.filename'}) {
-	&upload($r,$url,$group);
+        if ($can_upload) {
+	    &upload($r,$url,$group);
+        } else {
+            &missing_priv($r,$url,'upload',$group,$refarg),
+        }
     } elsif ($env{'form.action'} eq 'delete' && $env{'form.confirmed'}) {
-	&delete_confirmed($r,$url,$group);
+        if ($can_delete) {
+	    &delete_confirmed($r,$url,$group);
+        } else {
+            &missing_priv($r,$url,'delete',$group);
+        }
     } elsif ($env{'form.action'} eq 'delete') {
-	&delete($r,$url,$group);
+        if ($can_delete) {
+	    &delete($r,$url,$group,$refarg);
+        } else {
+            &missing_priv($r,$url,'delete',$group);
+        }
     } elsif ($env{'form.action'} eq 'deletedir' && $env{'form.confirmed'}) {
-	&delete_dir_confirmed($r,$url,$group);
-    } elsif ($env{'form.action'} eq 'deletedir'){
-	&delete_dir($r,$url,$group);
+        if ($can_delete) {
+	    &delete_dir_confirmed($r,$url,$group);
+        } else {
+            &missing_priv($r,$url,'delete',$group);
+        }
+    } elsif ($env{'form.action'} eq 'deletedir') {
+        if ($can_delete) {
+	    &delete_dir($r,$url);
+        } else {
+            &missing_priv($r,$url,'delete',$group);
+        }
     } elsif ($env{'form.action'} eq 'rename' && $env{'form.confirmed'}) {
-	&rename_confirmed($r,$url,$group);
+        if ($can_modify) {
+	    &rename_confirmed($r,$url,$group);
+        } else {
+            &missing_priv($r,$url,'rename',$group);
+        }
     } elsif ($env{'form.rename'}) {
         $env{'form.selectfile'} = $env{'form.rename'};
         $env{'form.action'} = 'rename';
-	&rename($r,$url,$group);
+        if ($can_modify) {
+	    &rename($r,$url,$group);
+        } else {
+            &missing_priv($r,$url,'rename',$group);
+        }
     } elsif ($env{'form.access'}) {
         $env{'form.selectfile'} = $env{'form.access'};
         $env{'form.action'} = 'chgaccess';
-        &display_access($r,$url,$group);
+        &display_access($r,$url,$group,$can_setacl,$port_path);
     } elsif ($env{'form.action'} eq 'chgaccess') {
-        &update_access($r,$url,$group);
+        if ($can_setacl) {
+            &update_access($r,$url,$group,$port_path);
+        } else {
+            &missing_priv($r,$url,'setacl',$group);
+        }
     } elsif ($env{'form.action'} eq 'rolepicker') {
-        &role_options_window($r);
+        if ($can_setacl) { 
+            &role_options_window($r);
+        } else {
+            &missing_priv($r,$url,'setacl',$group);
+        }
     } elsif ($env{'form.createdir'}) {
-	&createdir($r,$url,$group);
+        if ($can_upload) {
+	    &createdir($r,$url,$group);
+        } else {
+            &missing_priv($r,$url,'upload',$group);
+        }
     } elsif ($env{'form.lockinfo'}) {
         &lock_info($r,$url,$group);
     } else {
@@ -1620,6 +1913,10 @@ sub handler {
 	if ($env{'form.currentpath'}) {
 	    $current_path = $env{'form.currentpath'};
 	}
+        if ($caller eq 'coursegrp_portfolio') {
+            &Apache::lonhtmlcommon::clear_breadcrumbs();
+            $r->print(&coursegrp_portfolio_header($udom,$uname,$grp_desc));
+        }
         my @dir_list=&get_dir_list($portfolio_root,$group);
 	if ($dir_list[0] eq 'no_such_dir'){
 	    # two main reasons for this:
@@ -1641,11 +1938,14 @@ sub handler {
         }
 	# need to know if directory is empty so it can be removed if desired
 	my $is_empty=(@dir_list == 2);
-	&display_common($r,$url,$current_path,$is_empty,\@dir_list,$group);
-        &display_directory($r,$url,$current_path,$is_empty,\@dir_list,$group);
+	&display_common($r,$url,$current_path,$is_empty,\@dir_list,
+			$can_upload);
+        &display_directory($r,$url,$current_path,$is_empty,\@dir_list,
+                           $can_upload,$can_modify,$can_delete,$can_setacl);
 	$r->print(&Apache::loncommon::end_page());
     }
     return OK;
 }
+
 1;
 __END__

Actions			Name	Size	Last Modified	Current Access Status
	Go to ...	'.&make_anchor($url,$filename.'/',$current_path.$filename.'/',$env{'form.mode'},$env{"form.fieldname"},$env{'form.continue'},$group).'	'.$version_flag{$filename}.&make_anchor($url,$filename.'/',$current_path.$filename.'/',$env{'form.mode'},$env{"form.fieldname"},$env{'form.continue'}).'/
Locked	Locked		- Rename	'.$cat.' -
'; } else { - $cond_access = 1; + $line .= '		'; } + if ($can_delete) { + $line .= ''; + } + if ($can_modify) { + my $cat=''; + $line .= 'Rename'; + $line .= '	'.$version_flag{$filename}.''.$cat.''; + } + $line .= '		'. - $filename.'	'.$size.'	'.&Apache::lonlocal::locallocaltime($mtime).'	'.&mt($curr_access).' '. - ''.&mt('View/Change').'
	'.$version_flag{$filename}.''. +# $filename.'	'.$size.'	'.&Apache::lonlocal::locallocaltime($mtime).'	'. +# &mt($curr_access).' '); +# $r->print(''.$access_admin_text.'