--- loncom/auth/lonroles.pm	2003/06/18 15:05:32	1.61
+++ loncom/auth/lonroles.pm	2003/09/17 17:50:49	1.70
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # User Roles Screen
 #
-# $Id: lonroles.pm,v 1.61 2003/06/18 15:05:32 www Exp $
+# $Id: lonroles.pm,v 1.70 2003/09/17 17:50:49 albertel Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -52,6 +52,30 @@ use Apache::lonmenu;
 use Apache::loncommon;
 use Apache::lonannounce;
 
+sub redirect_user {
+    my ($r,$title,$url,$msg) = @_;
+    $msg = $title if (! defined($msg));
+    $r->content_type('text/html');
+    &Apache::loncommon::no_cache($r);
+    $r->send_http_header;
+    my $swinfo=&Apache::lonmenu::rawconfig();
+    my $bodytag=&Apache::loncommon::bodytag('Switching Role');
+    $r->print (<<ENDREDIR);
+<head><title>$title</title>
+<meta HTTP-EQUIV="Refresh" CONTENT="1; url=$url">
+</head>
+<html>
+$bodytag
+<script>
+$swinfo
+</script>
+<h1>$msg</h1>
+</body>
+</html>
+ENDREDIR
+    return;
+}
+
 sub handler {
 
     my $r = shift;
@@ -141,12 +165,17 @@ ENDENTERKEY
 					   'request.role.domain' => $cdom,
 					   'request.course.sec'  => $csec);
 		    my $msg='Entering course ...';
+
 		    if (($cnum) && ($role ne 'ca')) {
 			my ($furl,$ferr)=
 			    &Apache::lonuserstate::readmap($cdom.'/'.$cnum);
 			if (($ENV{'form.orgurl'}) && 
 			    ($ENV{'form.orgurl'}!~/^\/adm\/flip/)) {
-			    $r->internal_redirect($ENV{'form.orgurl'});
+			    my $dest=$ENV{'form.orgurl'};
+			    if ( $Apache::lonnet::mod_perl_version() == 2 ) {
+				&Apache::lonnet::cleanenv();
+			    }
+			    $r->internal_redirect($dest);
 			    return OK;
 			} else {
 			    unless ($ENV{'request.course.id'}) {
@@ -154,7 +183,7 @@ ENDENTERKEY
 				      "request.course.id"  => $cdom.'_'.$cnum);
 				$furl='/adm/roles?tryagain=1';
 				$msg=
-	 '<h1><font color=red>Could not initialize course at this time.</font></h1><h3>Please try again.</h3>';
+	 '<h1><font color=red>Could not initialize course at this time.</font></h1><h3>Please try again.</h3>'.$ferr;
 			    }
 
 			    # Check to see if the user is a CC entering a course 
@@ -168,28 +197,28 @@ ENDENTERKEY
 							  '.course.helper.not.run'}) {
 				$furl = "/adm/helper/course.initialization.helper";
 			    }
-
-			    $r->content_type('text/html');
-			    &Apache::loncommon::no_cache($r);
-			    $r->send_http_header;
-			    my $swinfo=&Apache::lonmenu::rawconfig();
-			    my $bodytag=&Apache::loncommon::bodytag('Switching Role');
-			    print (<<ENDREDIR);
-<head><title>Entering Course</title>
-<meta HTTP-EQUIV="Refresh" CONTENT="1; url=$furl">
-</head>
-<html>
-$bodytag
-<script>
-$swinfo
-</script>
-<h1>$msg</h1>
-</body>
-</html>
-ENDREDIR
+                            #
+                            # Send the user to the course they selected
+                            &redirect_user($r,'Entering Course',
+                                           $furl,$msg);
                             return OK;
 			}
 		    }
+                    #
+                    # Send the user to the construction space they selected
+                    if ($role =~ /^(au|ca)$/) {
+                        my $redirect_url = '/priv/';
+                        if ($role eq 'au') {
+                            $redirect_url.=$ENV{'user.name'};
+                        } else {
+                            $where =~ /\/(.*)$/;
+                            $redirect_url .= $1;
+                        }
+                        $redirect_url .= '/';
+                        &redirect_user($r,'Entering Construction Space',
+                                       $redirect_url);
+                        return OK;
+                    }
 		}
             }
         }
@@ -281,11 +310,14 @@ ENDHEADER
         $r->print('<input type=hidden name=orgurl value="'.$fn.'">');
         $r->print('<input type=hidden name=selectrole value=1>');
     }
-    $r->print('<br>Show all roles: <input type=checkbox name=showall');
-    if ($ENV{'form.showall'}) { $r->print(' checked'); }
-    $r->print('><input type=submit value="Display"><br>');
+    if ($ENV{'user.adv'}) {
+	$r->print(
+	      '<br />Show all roles: <input type="checkbox" name="showall"');
+	if ($ENV{'form.showall'}) { $r->print(' checked'); }
+	$r->print('><input type=submit value="Display">');
+    }
 # ----------------------------------------------------------------------- Table
-    $r->print('<table><tr>');
+    $r->print('<br /><table><tr>');
     unless ($nochoose) { $r->print('<th>&nbsp;</th>'); }
     $r->print('<th>User Role</th><th colspan=2>Extent</th>'.
 	      '<th>Start</th><th>End</th><th>Remark</th></tr>'."\n");
@@ -542,7 +574,11 @@ ENDHEADER
 	    }
 	}
     }
-
+    $r->print(&Apache::lonnet::getannounce());
+    if ($advanced) {
+	$r->print('<p><small><i>This is LON-CAPA '.
+		  $r->dir_config('lonVersion').'</i></small></p>');
+    }
     $r->print("</body></html>\n");
     return OK;
 } 
@@ -566,6 +602,36 @@ Invoked by /etc/httpd/conf/srm.conf:
  ErrorDocument	  500 /adm/errorhandler
  </Location>
 
+=head1 OVERVIEW
+
+=head2 Choosing Roles
+
+C<lonroles> is a handler that allows a user to switch roles in
+mid-session. LON-CAPA attempts to work with "No Role Specified", the
+default role that a user has before selecting a role, as widely as
+possible, but certain handlers for example need specification which
+course they should act on, etc. Both in this scenario, and when the
+handler determines via C<lonnet>'s C<&allowed> function that a certain
+action is not allowed, C<lonroles> is used as error handler. This
+allows the user to select another role which may have permission to do
+what they were trying to do. C<lonroles> can also be accessed via the
+B<CRS> button in the Remote Control. 
+
+=begin latex
+
+\begin{figure}
+\begin{center}
+\includegraphics[width=0.45\paperwidth,keepaspectratio]{Sample_Roles_Screen}
+  \caption{\label{Sample_Roles_Screen}Sample Roles Screen} 
+\end{center}
+\end{figure}
+
+=end latex
+
+=head2 Role Initialization
+
+The privileges for a user are established at login time and stored in the session environment. As a consequence, a new role does not become active till the next login. Handlers are able to query for privileges using C<lonnet>'s C<&allowed> function. When a user first logs in, their role is the "common" role, which means that they have the sum of all of their privileges. During a session it might become necessary to choose a particular role, which as a consequence also limits the user to only the privileges in that particular role.
+
 =head1 INTRODUCTION
 
 This module enables a user to select what role he wishes to