--- loncom/auth/lonroles.pm	2001/12/21 16:57:54	1.32
+++ loncom/auth/lonroles.pm	2003/12/08 14:25:15	1.79
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # User Roles Screen
 #
-# $Id: lonroles.pm,v 1.32 2001/12/21 16:57:54 harris41 Exp $
+# $Id: lonroles.pm,v 1.79 2003/12/08 14:25:15 sakharuk Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -36,9 +36,8 @@
 # 12/08,12/28,
 # YEAR=2001
 # 01/15/01 Gerd Kortemeyer
-# 02/27/01 Scott Harrison
 # 03/02,05/03,05/25,05/30,06/01,07/06,08/06 Gerd Kortemeyer
-# 12/21 Scott Harrison
+# 12/29 Gerd Kortemeyer
 #
 ###
 
@@ -51,6 +50,32 @@ use Apache::Constants qw(:common);
 use Apache::File();
 use Apache::lonmenu;
 use Apache::loncommon;
+use Apache::lonannounce;
+use Apache::lonlocal;
+
+sub redirect_user {
+    my ($r,$title,$url,$msg) = @_;
+    $msg = $title if (! defined($msg));
+    &Apache::loncommon::content_type($r,'text/html');
+    &Apache::loncommon::no_cache($r);
+    $r->send_http_header;
+    my $swinfo=&Apache::lonmenu::rawconfig();
+    my $bodytag=&Apache::loncommon::bodytag('Switching Role');
+    $r->print (<<ENDREDIR);
+<head><title>$title</title>
+<meta HTTP-EQUIV="Refresh" CONTENT="1; url=$url">
+</head>
+<html>
+$bodytag
+<script>
+$swinfo
+</script>
+<h1>$msg</h1>
+</body>
+</html>
+ENDREDIR
+    return;
+}
 
 sub handler {
 
@@ -64,89 +89,163 @@ sub handler {
 # ================================================================== Roles Init
 
     if ($ENV{'form.selectrole'}) {
-       &Apache::lonnet::appenv("request.course.id"  => '',
-                               "request.course.fn"  => '',
-                               "request.course.uri" => '',
-                               "request.course.sec" => '',
-                               "request.role" => 'cm'); 
+	if ($ENV{'request.course.id'}) {
+	    my %temp=('logout_'.$ENV{'request.course.id'} => time);
+	    &Apache::lonnet::put('email_status',\%temp);
+        }
+	&Apache::lonnet::appenv("request.course.id"   => '',
+				"request.course.fn"   => '',
+				"request.course.uri"  => '',
+				"request.course.sec"  => '',
+				"request.role"        => 'cm',
+                                "request.role.adv"    => $ENV{'user.adv'},
+				"request.role.domain" => $ENV{'user.domain'});
         foreach $envkey (keys %ENV) {
-         if ($envkey=~/^user\.role\./) {
-	    my ($dum1,$dum2,$role,@pwhere)=split(/\./,$envkey);
+            next if ($envkey!~/^user\.role\./);
+	    my (undef,undef,$role,@pwhere)=split(/\./,$envkey);
             my $where=join('.',@pwhere);
             my $trolecode=$role.'.'.$where;
             if ($ENV{'form.'.$trolecode}) {
-               my ($tstart,$tend)=split(/\./,$ENV{$envkey});
-               my $tstatus='is';
-               if ($tstart) {
-      		  if ($tstart>$then) { 
-                     $tstatus='future';
-                  }
-               }
-               if ($tend) {
-                  if ($tend<$then) { $tstatus='expired'; }
-                  if ($tend<$now) { $tstatus='will_not'; }
-               }
-               if ($tstatus eq 'is') {
-                   $where=~s/^\///;
-                   my ($cdom,$cnum,$csec)=split(/\//,$where);
-                   &Apache::lonnet::appenv('request.role' => $trolecode,
-                                           'request.course.sec' => $csec);
-                   my $msg='Entering course ...';
-                   if (($cnum) && ($role ne 'ca')) {
-		      my ($furl,$ferr)=
-			  &Apache::lonuserstate::readmap($cdom.'/'.$cnum);
-                      if (($ENV{'form.orgurl'}) && 
-                          ($ENV{'form.orgurl'}!~/^\/adm\/flip/)) {
-                         $r->internal_redirect($ENV{'form.orgurl'});
-                         return OK;
-		     } else {
-                         unless ($ENV{'request.course.id'}) {
-                             &Apache::lonnet::appenv(
-				 "request.course.id"  => $cdom.'_'.$cnum);
-                             $furl='/adm/notfound.html';
-                             $msg=
-	 '<h1><font color=red>Could not initialize top-level map.</font></h1>';
-                          }
-	                 $r->content_type('text/html');
-                         &Apache::loncommon::no_cache($r);
-                         $r->send_http_header;
-                         my $swinfo=&Apache::lonmenu::rawconfig;
-                         print (<<ENDREDIR);
-<head><title>Entering Course</title>
-<meta HTTP-EQUIV="Refresh" CONTENT="1; url=$furl">
+		my ($tstart,$tend)=split(/\./,$ENV{$envkey});
+		my $tstatus='is';
+		if ($tstart) {
+		    if ($tstart>$then) { 
+			$tstatus='future';
+		    }
+		}
+		if ($tend) {
+		    if ($tend<$then) { $tstatus='expired'; }
+		    if ($tend<$now) { $tstatus='will_not'; }
+		}
+		if ($tstatus eq 'is') {
+		    $where=~s/^\///;
+		    my ($cdom,$cnum,$csec)=split(/\//,$where);
+# check for keyed access
+		    if (($role eq 'st') && 
+                       ($ENV{'course.'.$cdom.'_'.$cnum.'.keyaccess'} eq 'yes')) {
+		         unless (&Apache::lonnet::validate_access_key(
+				     $ENV{'environment.key.'.$cdom.'_'.$cnum},
+					     $cdom,$cnum)) {
+# there is no valid key
+			     if ($ENV{'form.newkey'}) {
+# student attempts to register a new key
+			     } else {
+# print form to enter a new key
+				 &Apache::loncommon::content_type($r,'text/html');
+				 &Apache::loncommon::no_cache($r);
+				 $r->send_http_header;
+				 my $swinfo=&Apache::lonmenu::rawconfig();
+				 my $bodytag=&Apache::loncommon::bodytag
+				    ('Enter Access Key to Unlock this Course');
+				 $r->print(<<ENDENTERKEY);
+<head><title>Entering Course Access Key</title>
 </head>
 <html>
-<body bgcolor="#FFFFFF">
+$bodytag
 <script>
 $swinfo
 </script>
-$msg
-</body>
-</html>
-ENDREDIR
+<form method="post">
+<input type="hidden" name="selectrole" value="$ENV{'form.selectrole'}" />
+<input type="text" size="20" name="newkey" value="$ENV{'form.newkey'}" />
+<input type="submit" value="Enter key" />
+</form>
+</body></html>
+ENDENTERKEY
+				 return OK;
+			     }
+			 }
+		     }
+                    my $tadv=0;
+                    if (($trolecode!~/^st/) && 
+                        ($trolecode!~/^ta/) && 
+                        ($trolecode!~/^cm/)) { $tadv=1; }
+		    &Apache::lonnet::appenv(
+                                           'request.role'        => $trolecode,
+					   'request.role.adv'    => $tadv,
+					   'request.role.domain' => $cdom,
+					   'request.course.sec'  => $csec);
+		    my $msg=&mt('Entering course ...');
+
+		    if (($cnum) && ($role ne 'ca')) {
+			my ($furl,$ferr)=
+			    &Apache::lonuserstate::readmap($cdom.'/'.$cnum);
+			if (($ENV{'form.orgurl'}) && 
+			    ($ENV{'form.orgurl'}!~/^\/adm\/flip/)) {
+			    my $dest=$ENV{'form.orgurl'};
+			    if ( &Apache::lonnet::mod_perl_version() == 2 ) {
+				&Apache::lonnet::cleanenv();
+			    }
+			    $r->internal_redirect($dest);
+			    return OK;
+			} else {
+			    unless ($ENV{'request.course.id'}) {
+				&Apache::lonnet::appenv(
+				      "request.course.id"  => $cdom.'_'.$cnum);
+				$furl='/adm/roles?tryagain=1';
+				$msg=
+				    '<h1><font color=red>'.
+			 &mt('Could not initialize course at this time.').
+		    '</font></h1><h3>'.&mt('Please try again.').'</h3>'.$ferr;
+			    }
+
+			    # Check to see if the user is a CC entering a course 
+			    # for the first time
+			    my (undef, undef, $role, $courseid) = split(/\./, $envkey);
+			    if (substr($courseid, 0, 1) eq '/') {
+				$courseid = substr($courseid, 1);
+			    }
+			    $courseid =~ s/\//_/;
+			    if ($role eq 'cc' && $ENV{'course.' . $courseid . 
+							  '.course.helper.not.run'}) {
+				$furl = "/adm/helper/course.initialization.helper";
+			    }
+                            #
+                            # Send the user to the course they selected
+                            &redirect_user($r,&mt('Entering Course'),
+                                           $furl,$msg);
                             return OK;
-                     }
-                   }
-               }
-            } 
-	  }
+			}
+		    }
+                    #
+                    # Send the user to the construction space they selected
+                    if ($role =~ /^(au|ca)$/) {
+                        my $redirect_url = '/priv/';
+                        if ($role eq 'au') {
+                            $redirect_url.=$ENV{'user.name'};
+                        } else {
+                            $where =~ /\/(.*)$/;
+                            $redirect_url .= $1;
+                        }
+                        $redirect_url .= '/';
+                        &redirect_user($r,&mt('Entering Construction Space'),
+                                       $redirect_url);
+                        return OK;
+                    }
+		}
+            }
         }
-   }
-        
+    }
+
 
 # =============================================================== No Roles Init
 
-    $r->content_type('text/html');
+    &Apache::loncommon::content_type($r,'text/html');
     &Apache::loncommon::no_cache($r);
     $r->send_http_header;
     return OK if $r->header_only;
 
-    my $swinfo=&Apache::lonmenu::rawconfig;
+    my $swinfo=&Apache::lonmenu::rawconfig();
+    my $bodytag=&Apache::loncommon::bodytag('User Roles');
+    my $helptag=&Apache::loncommon::help_open_topic
+     ("General_Intro",&mt("Click here for help"));
     $r->print(<<ENDHEADER);
 <html>
 <head>
 <title>LON-CAPA User Roles</title>
-</head><body bgcolor="#FFFFFF">
+</head>
+$bodytag
+$helptag<br />
 <script>
 $swinfo
 window.focus();
@@ -157,19 +256,15 @@ ENDHEADER
 
     my ($fn,$priv,$nochoose,$error,$msg)=split(/:/,$ENV{'user.error.msg'});
     if ($ENV{'user.error.msg'}) {
-       $r->log_reason(
-     "$msg for $ENV{'user.name'} domain $ENV{'user.domain'} access $priv",$fn);
+	$r->log_reason(
+   "$msg for $ENV{'user.name'} domain $ENV{'user.domain'} access $priv",$fn);
     }
 
-# ---------------------------------------------------------------- Who is this?
+# ------------------------------------------------- Can this user re-init, etc?
 
-    my $advanced=0;
-    foreach $envkey (keys %ENV) {
-        if ($envkey=~/^user\.role\./) {
-	    my ($dum1,$dum2,$role,@pwhere)=split(/\./,$envkey);
-            if ($role ne 'st') { $advanced=1; }
-        }
-    }
+    my $advanced=$ENV{'user.adv'};
+    &Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'},['tryagain']);
+    my $tryagain=$ENV{'form.tryagain'};
 
 # -------------------------------------------------------- Generate Page Output
 # --------------------------------------------------------------- Error Header?
@@ -180,32 +275,37 @@ ENDHEADER
         $r->print("Resource: $fn\n");
         $r->print("Action  : $msg\n</pre><hr>");
     } else {
-        $r->print("<h1>LON-CAPA User Roles</h1>");
         if ($ENV{'user.error.msg'}) {
 	    $r->print(
- '<h3><font color=red>You need to choose another user role or '.
- 'enter a specific course for this function</font></h3>');
+ '<h3><font color=red>'.
+ &mt('You need to choose another user role or enter a specific course for this function').'</font></h3>');
 	}
     }
 # -------------------------------------------------------- Choice or no choice?
     if ($nochoose) {
         if ($advanced) {
-	   $r->print("<h2>Assigned User Roles</h2>\n");
+	    $r->print("<h2>".&mt('Assigned User Roles')."</h2>\n");
         } else {
-           $r->print("<h2>Sorry ...</h2>\nThis resource might be part of");
-           if ($ENV{'request.course.id'}) {
-	       $r->print(' another');
-           } else {
-               $r->print(' a certain');
-           } 
-           $r->print(' course.</body></html>');
-           return OK;
+	    $r->print("<h2>".&mt('Sorry ...')."</h2>\n".
+		      &mt('This resource might be part of'));
+	    if ($ENV{'request.course.id'}) {
+		$r->print(&mt(' another'));
+	    } else {
+		$r->print(&mt(' a certain'));
+	    } 
+	    $r->print(&mt(' course.').'</body></html>');
+	    return OK;
         } 
     } else {
         if ($advanced) {
-           $r->print("<h2>Select a User Role</h2>\n");
+	    $r->print(&mt("Your home server is ").
+		      $Apache::lonnet::hostname{&Apache::lonnet::homeserver
+                      ($ENV{'user.name'},$ENV{'user.domain'})}.
+		      "<br />\n");
+	    $r->print(&mt(
+      "Author and Co-Author roles may not be available on servers other than your home server."));
         } else {
-	   $r->print("<h2>Enter a Course</h2>\n");
+	    $r->print("<h2>".&mt('Select a Course to Enter')."</h2>\n");
         }
         if (($ENV{'REDIRECT_QUERY_STRING'}) && ($fn)) {
     	    $fn.='?'.$ENV{'REDIRECT_QUERY_STRING'};
@@ -214,18 +314,28 @@ ENDHEADER
         $r->print('<input type=hidden name=orgurl value="'.$fn.'">');
         $r->print('<input type=hidden name=selectrole value=1>');
     }
-    $r->print('<br>Show all roles: <input type=checkbox name=showall');
-    if ($ENV{'form.showall'}) { $r->print(' checked'); }
-    $r->print('><input type=submit value="Display"><br>');
+    if ($ENV{'user.adv'}) {
+	$r->print(
+	      '<br />'.&mt('Show all roles').': <input type="checkbox" name="showall"');
+	if ($ENV{'form.showall'}) { $r->print(' checked'); }
+	$r->print('><input type=submit value="'.&mt('Display').'">');
+    }
 # ----------------------------------------------------------------------- Table
-    $r->print('<table><tr>');
+    $r->print('<br /><table><tr>');
     unless ($nochoose) { $r->print('<th>&nbsp;</th>'); }
-       $r->print('<th>User Role</th><th colspan=2>Extent</th>'.
-                 '<th>Start</th><th>End</th><th>Remark</th></tr>'."\n");
+    $r->print('<th>'.&mt('User Role').'</th><th colspan=2>'.&mt('Extent').
+         '</th><th>'.&mt('Start').'</th><th>'.&mt('End').'</th><th>'.
+	      &mt('Remark').'</th></tr>'."\n");
 
+    my (%roletext,%sortrole,%roleclass);
     foreach $envkey (sort keys %ENV) {
+        my $button = 1;
+        my $switchserver='';
+	my $roletext;
+	my $sortkey;
         if ($envkey=~/^user\.role\./) {
-	    my ($dum1,$dum2,$role,@pwhere)=split(/\./,$envkey);
+	    my (undef,undef,$role,@pwhere)=split(/\./,$envkey);
+            next if (!defined($role) || $role eq '');
             my $where=join('.',@pwhere);
             my $trolecode=$role.'.'.$where;
             my ($tstart,$tend)=split(/\./,$ENV{$envkey});
@@ -233,181 +343,292 @@ ENDHEADER
             my $tstatus='is';
             my $tpstart='&nbsp;';
             my $tpend='&nbsp;';
+            my $tfont='#000000';
             if ($tstart) {
 		if ($tstart>$then) { 
-                   $tstatus='future';
-                   if ($tstart<$now) { $tstatus='will'; }
+                    $tstatus='future';
+                    if ($tstart<$now) { $tstatus='will'; }
                 }
-                $tpstart=localtime($tstart);
+                $tpstart=&Apache::lonlocal::locallocaltime($tstart);
             }
             if ($tend) {
                 if ($tend<$then) { 
-                   $tstatus='expired'; 
+                    $tstatus='expired'; 
                 } elsif ($tend<$now) { 
-                   $tstatus='will_not'; 
+                    $tstatus='will_not'; 
                 }
-                $tpend=localtime($tend);
+                $tpend=&Apache::lonlocal::locallocaltime($tend);
             }
             if ($ENV{'request.role'} eq $trolecode) {
 		$tstatus='selected';
             }
             my $tbg;
-           if (($tstatus eq 'is') || ($tstatus eq 'selected') ||
-               ($ENV{'form.showall'})) {
-            if ($tstatus eq 'is') {
-		$tbg='#77FF77';
-            } elsif ($tstatus eq 'future') {
-                $tbg='#FFFF77';
-            } elsif ($tstatus eq 'will') {
-                $tbg='#FFAA77';
-                $tremark.='Active at next login. ';
-            } elsif ($tstatus eq 'expired') {
-                $tbg='#FF7777';
-	    } elsif ($tstatus eq 'will_not') {
-                $tbg='#AAFF77';
-                $tremark.='Expired after logout. ';
-            } elsif ($tstatus eq 'selected') {
-                $tbg='#11CC55';
-                $tremark.='Currently selected. ';
-            }
-            my $trole;
-            if ($role =~ /^cr\//) {
-	       my ($rdummy,$rdomain,$rauthor,$rrole)=split(/\//,$role);
-               $tremark.='<br>Defined by '.$rauthor.' at '.$rdomain.'.';
-               $trole=$rrole;
-	    } else {
-               $trole=Apache::lonnet::plaintext($role);
-            }
-            my $ttype;
-            my $twhere;
-            my ($tdom,$trest,$tsection)=
-               split(/\//,Apache::lonnet::declutter($where));
-            if ($trest) {
-	      if ($role eq 'ca') {
-	        $ttype='Construction Space';
-                $twhere='User: '.$trest.'<br>Domain: '.$tdom;
-                $ENV{'course.'.$tdom.'_'.$trest.'.description'}='ca';
-              } else {
-		$ttype='Course';
-                if ($tsection) {
-                   $ttype.='<br>Section/Group: '.$tsection;
-                }     
-                my $tcourseid=$tdom.'_'.$trest;
-                if ($ENV{'course.'.$tcourseid.'.description'}) {
-		    $twhere=$ENV{'course.'.$tcourseid.'.description'};
+            if (($tstatus eq 'is') || ($tstatus eq 'selected') ||
+                ($ENV{'form.showall'})) {
+                if ($tstatus eq 'is') {
+                    $tbg='#77FF77';
+                    $tfont='#003300';
+                } elsif ($tstatus eq 'future') {
+                    $tbg='#FFFF77';
+                    $button=0;
+                } elsif ($tstatus eq 'will') {
+                    $tbg='#FFAA77';
+                    $tremark.=&mt('Active at next login. ');
+                } elsif ($tstatus eq 'expired') {
+                    $tbg='#FF7777';
+                    $tfont='#330000';
+                    $button=0;
+                } elsif ($tstatus eq 'will_not') {
+                    $tbg='#AAFF77';
+                    $tremark.=&mt('Expired after logout. ');
+                } elsif ($tstatus eq 'selected') {
+                    $tbg='#11CC55';
+                    $tfont='#002200';
+                    $tremark.=&mt('Currently selected. ');
+                }
+                my $trole;
+                if ($role =~ /^cr\//) {
+                    my ($rdummy,$rdomain,$rauthor,$rrole)=split(/\//,$role);
+                    $tremark.='<br>'.&mt('Defined by ').$rauthor.
+			&mt(' at ').$rdomain.'.';
+                    $trole=$rrole;
                 } else {
-                    my %newhash=Apache::lonnet::coursedescription($tcourseid);
-                    if (%newhash) {
-			$twhere=$newhash{'description'};
+                    $trole=Apache::lonnet::plaintext($role);
+                }
+                my $ttype;
+                my $twhere;
+                my ($tdom,$trest,$tsection)=
+                    split(/\//,Apache::lonnet::declutter($where));
+                # First, Co-Authorship roles
+                if ($role eq 'ca') {
+                    my $home = &Apache::lonnet::homeserver($trest,$tdom);
+                    if ($home ne $r->dir_config('lonHostID')) {
+			$button=0;
+                        $switchserver=&Apache::lonnet::escape('http://'.
+                         $Apache::lonnet::hostname{$home}.
+                         '/adm/login?domain='.$ENV{'user.domain'}.
+			  '&username='.$ENV{'user.name'}.
+                          '&firsturl=/priv/'.$trest);
+                    }
+                    #next if ($home eq 'no_host');
+                    $home = $Apache::lonnet::hostname{$home};
+                    $ttype='Construction Space';
+                    $twhere=&mt('User').': '.$trest.'<br />'.&mt('Domain').
+			': '.$tdom.'<br />'.
+                        ' '.&mt('Server').':&nbsp;'.$home;
+                    $ENV{'course.'.$tdom.'_'.$trest.'.description'}='ca';
+		    $sortkey=$role."$trest:$tdom";
+                } elsif ($role eq 'au') {
+                    # Authors
+                    my $home = &Apache::lonnet::homeserver
+                        ($ENV{'user.name'},$ENV{'user.domain'});
+                    if ($home ne $r->dir_config('lonHostID')) {
+			$button=0;
+                        $switchserver=&Apache::lonnet::escape('http://'.
+                         $Apache::lonnet::hostname{$home}.
+                          '/adm/login?domain='.$ENV{'user.domain'}.
+			   '&username='.$ENV{'user.name'}.
+                           '&firsturl=/priv/'.$ENV{'user.name'});
+                    }
+                    #next if ($home eq 'no_host');
+                    $home = $Apache::lonnet::hostname{$home};
+                    $ttype='Construction Space';
+                    $twhere=&mt('Domain').': '.$tdom.'<br />'.&mt('Server').
+			':&nbsp;'.$home;
+                    $ENV{'course.'.$tdom.'_'.$trest.'.description'}='ca';
+		    $sortkey=$role;
+                } elsif ($trest) {
+                    $ttype='Course';
+                    if ($tsection) {
+                        $ttype.='<br>'.&mt('Section/Group').': '.$tsection;
+		    }
+                    my $tcourseid=$tdom.'_'.$trest;
+                    if ($ENV{'course.'.$tcourseid.'.description'}) {
+                        $twhere=$ENV{'course.'.$tcourseid.'.description'};
+			$sortkey=$tdom."\0".$twhere."\0".$envkey;
+                        unless ($twhere eq &mt('Currently not available')) {
+			    $twhere.=' <font size="-2">'.
+        &Apache::loncommon::syllabuswrapper(&mt('Syllabus'),$trest,$tdom,$tfont).
+                                    '</font>';
+			}
                     } else {
-                        $twhere='Currently not available';
-                        $ENV{'course.'.$tcourseid.'.description'}=$twhere;
+                        my %newhash=Apache::lonnet::coursedescription
+                            ($tcourseid);
+                        if (%newhash) {
+			    $sortkey=$tdom."\0".$newhash{'description'}.
+				"\0".$envkey;
+                            $twhere=$newhash{'description'}.
+                              ' <font size="-2">'.
+        &Apache::loncommon::syllabuswrapper(&mt('Syllabus'),$trest,$tdom,$tfont).
+                              '</font>';
+                        } else {
+                            $twhere=&mt('Currently not available');
+                            $ENV{'course.'.$tcourseid.'.description'}=$twhere;
+			    $sortkey=$tdom."\0".$twhere."\0".$envkey;
+                        }
                     }
-                }
-	      }
-            } elsif ($tdom) {
-                $ttype='Domain';
-                $twhere=$tdom;
-            } else {
-                $ttype='System';
-                $twhere='system wide';
-            }
-               
-            $r->print('<tr bgcolor='.$tbg.'>');
-            unless ($nochoose) {
-		if ($tstatus eq 'is') {
-                    $r->print('<td><input type=submit value=Select name="'.
-                              $trolecode.'"></td>');
-                } elsif ($ENV{'user.adv'}) {
-                    $r->print(
-                        '<td><input type=submit value="Re-Initialize" name="'.
-                              $trolecode.'"></td>');
+		    if ($role ne 'st') { $twhere.="<br />".&mt('Domain').":".$tdom; }
+                } elsif ($tdom) {
+                    $ttype='Domain';
+                    $twhere=$tdom;
+		    $sortkey=$role.$twhere;
                 } else {
-                    $r->print('<td>&nbsp;</td>');
+                    $ttype='System';
+                    $twhere=&mt('system wide');
+		    $sortkey=$role.$twhere;
                 }
-            }
-            $r->print('<td>'.$trole.'</td><td>'.
-		      $ttype.'</td><td>'.$twhere.'</td><td>'.$tpstart.
-                      '</td><td>'.$tpend.
-                      '</td><td>'.$tremark.'&nbsp;</td></tr>'."\n");
-	}
+ 
+                $roletext.='<tr bgcolor='.$tbg.'>';
+                unless ($nochoose) {
+                    if (!$button) {
+			if ($switchserver) {
+			    $roletext.='<td><a href="/adm/logout?handover='.
+                              $switchserver.'">'.&mt('Switch Server').'</a></td>';
+                        } else {
+                            $roletext.=('<td>&nbsp;</td>');
+                        }
+                    } elsif ($tstatus eq 'is') {
+                        $roletext.=('<td><input type=submit value="'.
+				  &mt('Select').'" name="'.
+                                  $trolecode.'"></td>');
+                    } elsif ($tryagain) {
+                        $roletext.=
+			    '<td><input type=submit value="'.
+		  &mt('Try Selecting Again').'" name="'.$trolecode.'"></td>';
+                    } elsif ($advanced) {
+                        $roletext.=
+                            '<td><input type=submit value="'.
+		        &mt('Re-Initialize').'" name="'.$trolecode.'"></td>';
+                    } else {
+                        $roletext.='<td>&nbsp;</td>';
+                    }
+                }
+                $tremark.=&Apache::lonannounce::showday(time,1,
+                         &Apache::lonannounce::readcalendar($tdom.'_'.$trest));
+                
+		$roletext.='<td><font color="'.$tfont.'">'.$trole.
+                      '</font></td><td><font color="'.$tfont.'">'.$ttype.
+                      '</font></td><td><font color="'.$tfont.'">'.$twhere.
+                      '</font></td><td><font color="'.$tfont.'">'.$tpstart.
+                      '</font></td><td><font color="'.$tfont.'">'.$tpend.
+                      '</font></td><td><font color="'.$tfont.'">'.$tremark.
+                      '&nbsp;</font></td></tr>'."\n";
+		$roletext{$envkey}=$roletext;
+		if (!$sortkey) {$sortkey=$twhere."\0".$envkey;}
+		$sortrole{$sortkey}=$envkey;
+		$roleclass{$envkey}=$ttype;
+	    }
         }
     }
+    my $doheaders=-1;
+    foreach my $type ('Construction Space','Course','Domain','System') {
+	my $haverole=0;
+	foreach my $which (sort {uc($a) cmp uc($b)} (keys(%sortrole))) {
+	    if ($roleclass{$sortrole{$which}} =~ /^\Q$type\E/) { 
+		$haverole=1;
+	    }
+	}
+	if ($haverole) { $doheaders++; }
+    }
+    foreach my $type ('Construction Space','Course','Domain','System') {
+	my $output;
+	foreach my $which (sort {uc($a) cmp uc($b)} (keys(%sortrole))) {
+	    if ($roleclass{$sortrole{$which}} =~ /^\Q$type\E/) { 
+		$output.=&mt($roletext{$sortrole{$which}});
+	    }
+	}
+	if ($output) {
+	    if ($doheaders > 0) {
+		$r->print("<tr bgcolor='#BBffBB'>".
+			  "<td align='center' colspan='7'>".&mt($type)."</td>");
+	    }
+	    $r->print($output);	    
+	}
+    }
     my $tremark='';
+    my $tfont='#003300';
     if ($ENV{'request.role'} eq 'cm') {
 	$r->print('<tr bgcolor="#11CC55">');
-        $tremark='Currently selected.';
+        $tremark=&mt('Currently selected. ');
+        $tfont='#002200';
     } else {
         $r->print('<tr bgcolor="#77FF77">');
     }
     unless ($nochoose) {
-       if ($ENV{'request.role'} ne 'cm') {
-          $r->print('<td><input type=submit value=Select name="cm"></td>');
-       } else {
-          $r->print('<td>&nbsp;</td>');
-       }
+	if ($ENV{'request.role'} ne 'cm') {
+	    $r->print('<td><input type=submit value="'.
+		      &mt('Select').'" name="cm"></td>');
+	} else {
+	    $r->print('<td>&nbsp;</td>');
+	}
     }
-    $r->print('<td colspan=5>No role specified'.
-                      '</td><td>'.$tremark.'&nbsp;</td></tr>'."\n");
+    $r->print('<td colspan=5><font color="'.$tfont.'">'.&mt('No role specified').
+      '</font></td><td><font color="'.$tfont.'">'.$tremark.
+      '&nbsp;</font></td></tr>'."\n");
 
     $r->print('</table>');
     unless ($nochoose) {
 	$r->print("</form>\n");
     }
 # ------------------------------------------------------------ Privileges Info
-  if ($advanced) {
-    $r->print('<hr><h2>Current Privileges</h2>');
+    if (($advanced) && (($ENV{'user.error.msg'}) || ($error))) {
+	$r->print('<hr><h2>Current Privileges</h2>');
 
-    foreach $envkey (sort keys %ENV) {
-        if ($envkey=~/^user\.priv\.$ENV{'request.role'}\./) {
-            my $where=$envkey;
-            $where=~s/^user\.priv\.$ENV{'request.role'}\.//;
-            my $ttype;
-            my $twhere;
-            my ($tdom,$trest,$tsec)=
-               split(/\//,Apache::lonnet::declutter($where));
-            if ($trest) {
-	      if ($ENV{'course.'.$tdom.'_'.$trest.'.description'} eq 'ca') {
-	        $ttype='Construction Space';
-                $twhere='User: '.$trest.', Domain: '.$tdom;
-              } else {
-		$ttype='Course';
-                $twhere=$ENV{'course.'.$tdom.'_'.$trest.'.description'};
-                if ($tsec) {
-		    $twhere.=' (Section/Group: '.$tsec.')';
-                }
-	      }
-            } elsif ($tdom) {
-                $ttype='Domain';
-                $twhere=$tdom;
-            } else {
-                $ttype='System';
-                $twhere='/';
-            }
-            $r->print("\n<h3>".$ttype.': '.$twhere.'</h3><ul>');
-            foreach (sort split(/:/,$ENV{$envkey})) {
-              if ($_) {
-		  my ($prv,$restr)=split(/\&/,$_);
-                  my $trestr='';
-                  if ($restr ne 'F') {
-                      my $i;
-                      $trestr.=' (';
-                      for ($i=0;$i<length($restr);$i++) {
-		         $trestr.=
-                           Apache::lonnet::plaintext(substr($restr,$i,1));
-                         if ($i<length($restr)-1) { $trestr.=', '; }
-		      }
-                      $trestr.=')';
-                  }
-                  $r->print('<li>'.Apache::lonnet::plaintext($prv).$trestr.
-                            '</li>');
-	      }
-            }
-            $r->print('</ul>');
-        }
+	foreach $envkey (sort keys %ENV) {
+	    if ($envkey=~/^user\.priv\.$ENV{'request.role'}\./) {
+		my $where=$envkey;
+		$where=~s/^user\.priv\.$ENV{'request.role'}\.//;
+		my $ttype;
+		my $twhere;
+		my ($tdom,$trest,$tsec)=
+		    split(/\//,Apache::lonnet::declutter($where));
+		if ($trest) {
+		    if ($ENV{'course.'.$tdom.'_'.$trest.'.description'} eq 'ca') {
+			$ttype='Construction Space';
+			$twhere='User: '.$trest.', Domain: '.$tdom;
+		    } else {
+			$ttype='Course';
+			$twhere=$ENV{'course.'.$tdom.'_'.$trest.'.description'};
+			if ($tsec) {
+			    $twhere.=' (Section/Group: '.$tsec.')';
+			}
+		    }
+		} elsif ($tdom) {
+		    $ttype='Domain';
+		    $twhere=$tdom;
+		} else {
+		    $ttype='System';
+		    $twhere='/';
+		}
+		$r->print("\n<h3>".$ttype.': '.$twhere.'</h3><ul>');
+		foreach (sort split(/:/,$ENV{$envkey})) {
+		    if ($_) {
+			my ($prv,$restr)=split(/\&/,$_);
+			my $trestr='';
+			if ($restr ne 'F') {
+			    my $i;
+			    $trestr.=' (';
+			    for ($i=0;$i<length($restr);$i++) {
+				$trestr.=
+			       Apache::lonnet::plaintext(substr($restr,$i,1));
+				if ($i<length($restr)-1) { $trestr.=', '; }
+			    }
+			    $trestr.=')';
+			}
+			$r->print('<li>'.
+				  Apache::lonnet::plaintext($prv).$trestr.
+				  '</li>');
+		    }
+		}
+		$r->print('</ul>');
+	    }
+	}
+    }
+    $r->print(&Apache::lonnet::getannounce());
+    if ($advanced) {
+	$r->print('<p><small><i>This is LON-CAPA '.
+		  $r->dir_config('lonVersion').'</i></small></p>');
     }
-  }
-
     $r->print("</body></html>\n");
     return OK;
 } 
@@ -431,6 +652,36 @@ Invoked by /etc/httpd/conf/srm.conf:
  ErrorDocument	  500 /adm/errorhandler
  </Location>
 
+=head1 OVERVIEW
+
+=head2 Choosing Roles
+
+C<lonroles> is a handler that allows a user to switch roles in
+mid-session. LON-CAPA attempts to work with "No Role Specified", the
+default role that a user has before selecting a role, as widely as
+possible, but certain handlers for example need specification which
+course they should act on, etc. Both in this scenario, and when the
+handler determines via C<lonnet>'s C<&allowed> function that a certain
+action is not allowed, C<lonroles> is used as error handler. This
+allows the user to select another role which may have permission to do
+what they were trying to do. C<lonroles> can also be accessed via the
+B<CRS> button in the Remote Control. 
+
+=begin latex
+
+\begin{figure}
+\begin{center}
+\includegraphics[width=0.45\paperwidth,keepaspectratio]{Sample_Roles_Screen}
+  \caption{\label{Sample_Roles_Screen}Sample Roles Screen} 
+\end{center}
+\end{figure}
+
+=end latex
+
+=head2 Role Initialization
+
+The privileges for a user are established at login time and stored in the session environment. As a consequence, a new role does not become active till the next login. Handlers are able to query for privileges using C<lonnet>'s C<&allowed> function. When a user first logs in, their role is the "common" role, which means that they have the sum of all of their privileges. During a session it might become necessary to choose a particular role, which as a consequence also limits the user to only the privileges in that particular role.
+
 =head1 INTRODUCTION
 
 This module enables a user to select what role he wishes to