--- loncom/auth/lonroles.pm	2008/05/12 23:47:37	1.188
+++ loncom/auth/lonroles.pm	2008/05/14 19:18:37	1.189
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # User Roles Screen
 #
-# $Id: lonroles.pm,v 1.188 2008/05/12 23:47:37 www Exp $
+# $Id: lonroles.pm,v 1.189 2008/05/14 19:18:37 www Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -137,6 +137,8 @@ sub handler {
 # Is this an ad-hoc CC-role?
                 if (my ($domain,$coursenum) =
 		    ($envkey =~ m-^form\.cc\./($match_domain)/($match_courseid)$-)) {
+                   # See if that is even allowed
+                    
                     if ($dcroles{$domain}) {
                         &check_privs($domain,$coursenum,$then,$now,'cc');
                     }
@@ -155,9 +157,15 @@ sub handler {
 # Is this a new ad-hoc CA-role?
                 if (my ($domain) =
                     ($envkey =~ m-^form\.adhocca\./($match_domain)$-)) {
+                    my $user=$env{'form.adhoccauname.'.$domain};
+                    if (!$user) { $user=$env{'form.adhoccaunamerecent.'.$domain} };
+                   # See if that is even allowed
+                    my %blocked=&Apache::lonnet::get('environment',['domcoord.author'],$domain,$user);
+                    if ($blocked{'domcoord.author'} eq 'blocked') {
+                       $env{'user.error.msg'}=':::1:User '.$user.' in domain '.$domain.' blocked domain coordinator access';
+                       last;
+                    }
                     if ($dcroles{$domain}) {
-                        my $user=$env{'form.adhoccauname.'.$domain};
-                        if (!$user) { $user=$env{'form.adhoccaunamerecent.'.$domain} };
                         if (($user) && ($user=~/$match_username/) && (&is_author_homeserver($user,$domain))) { 
                            &check_privs($domain,$user,$then,$now,'ca');
                            $env{'form.ca./'.$domain.'/'.$user}=1;