--- loncom/interface/loncommon.pm	2007/09/12 23:32:59	1.585
+++ loncom/interface/loncommon.pm	2007/09/19 06:24:26	1.586
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # a pile of common routines
 #
-# $Id: loncommon.pm,v 1.585 2007/09/12 23:32:59 raeburn Exp $
+# $Id: loncommon.pm,v 1.586 2007/09/19 06:24:26 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -1511,24 +1511,68 @@ sub select_dom_form {
 
 =pod
 
-=item * home_server_option_list($domain)
+=item * home_server_form_item($domain,$name,$defaultflag)
 
-returns a string which contains an <option> list to be used in a 
-<select> form input.  See loncreateuser.pm for an example.
+input: 4 arguments (two required, two optional) - 
+    $domain - domain of new user
+    $name - name of form element
+    $default - Value of 'default' causes a default item to be first 
+                            option, and selected by default. 
+    $hide - Value of 'hide' causes hiding of the name of the server, 
+                            if 1 server found, or default, if 0 found.
+output: returns 1 items: 
+(a) form element which contains either:
+   (i) <select name="$name">
+        <option value="$hostid1">$hostid $servers{$hostid}</option>
+        <option value="$hostid2">$hostid $servers{$hostid}</option>       
+       </select>
+       form item if there are multiple library servers in $domain, or
+   (ii) an <input type="hidden" name="$name" value="$hostid" /> form item 
+       if there is only one library server in $domain.
+
+(b) number of library servers found.
+
+See loncreateuser.pm for example of use.
 
 =cut
 
 #-------------------------------------------
-sub home_server_option_list {
-    my $domain = shift;
+sub home_server_form_item {
+    my ($domain,$name,$default,$hide) = @_;
     my %servers = &Apache::lonnet::get_servers($domain,'library');
-    my $result = '';
-    foreach my $hostid (sort(keys(%servers))) {
-        $result.=
-            '<option value="'.$hostid.'">'.
-	    $hostid.' '.$servers{$hostid}."</option>\n";
+    my $result;
+    my $numlib = keys(%servers);
+    if ($numlib > 1) {
+        $result .= '<select name="'.$name.'" />'."\n";
+        if ($default) {
+            $result .= '<option value="default" selected>'.&mt('default').
+                       '</option>'."\n";
+        }
+        foreach my $hostid (sort(keys(%servers))) {
+            $result.= '<option value="'.$hostid.'">'.
+	              $hostid.' '.$servers{$hostid}."</option>\n";
+        }
+        $result .= '</select>'."\n";
+    } elsif ($numlib == 1) {
+        my $hostid;
+        foreach my $item (keys(%servers)) {
+            $hostid = $item;
+        }
+        $result .= '<input type="hidden" name="'.$name.'" value="'.
+                   $hostid.'" />';
+                   if (!$hide) {
+                       $result .= $hostid.' '.$servers{$hostid};
+                   }
+                   $result .= "\n";
+    } elsif ($default) {
+        $result .= '<input type="hidden" name="'.$name.
+                   '" value="default" />';
+                   if (!$hide) {
+                       $result .= &mt('default');
+                   }
+                   $result .= "\n";
     }
-    return $result;
+    return ($result,$numlib);
 }
 
 =pod
@@ -1776,11 +1820,17 @@ sub authform_nochange{
               kerb_def_dom => 'MSU.EDU',
               @_,
           );
-    my $result = '<label>'.&mt('[_1] Do not change login data',
-                     '<input type="radio" name="login" value="nochange" '.
-                     'checked="checked" onclick="'.
+    my ($authnum,%can_assign) =  &get_assignable_auth($in{'domain'}); 
+    my $result;
+    if (keys(%can_assign) == 0) {
+        $result = &mt('Under you current role you are not permitted to change login settings for this user');  
+    } else {
+        $result = '<label>'.&mt('[_1] Do not change login data',
+                  '<input type="radio" name="login" value="nochange" '.
+                  'checked="checked" onclick="'.
             "javascript:changed_radio('nochange',$in{'formname'});".'" />').
 	    '</label>';
+    }
     return $result;
 }
 
@@ -1791,64 +1841,132 @@ sub authform_kerberos{
               kerb_def_auth => 'krb4',
               @_,
               );
-    my ($check4,$check5,$krbarg);
+    my ($check4,$check5,$krbcheck,$krbarg,$krbver,$result,$authtype,
+        $autharg,$jscall);
+    my ($authnum,%can_assign) =  &get_assignable_auth($in{'domain'});
     if ($in{'kerb_def_auth'} eq 'krb5') {
-       $check5 = " checked=\"on\"";
+       $check5 = ' checked="on"';
     } else {
-       $check4 = " checked=\"on\"";
+       $check4 = ' checked="on"';
     }
     $krbarg = $in{'kerb_def_dom'};
-
-    my $krbcheck = "";
-    if ( grep/^curr_authtype$/,(keys %in) ) {
-        if ($in{'curr_authtype'} =~ m/^krb/) {
-            $krbcheck = " checked=\"on\"";
-            if ( grep/^curr_autharg$/,(keys %in) ) {
+    if (grep(/^curr_authtype$/,(keys(%in)))) {
+        if ($in{'curr_authtype'} =~ m/^krb(\d+)$/) {
+            $krbver = $1;
+            $krbcheck = ' checked="on"';
+            if ($krbver eq '5') {
+                $check5 = ' checked="on"';
+                $check4 = '';
+            } else {
+                $check4 = ' checked="on"';
+                $check5 = '';
+            }
+            if (grep(/^curr_autharg$/,(keys(%in)))) {
                 $krbarg = $in{'curr_autharg'};
             }
+            if (!$can_assign{'krb4'} && !$can_assign{'krb5'}) {
+                if (grep(/^curr_autharg$/,(keys(%in)))) {
+                    $result = 
+    &mt('Currently Kerberos authenticated with domain [_1] Version [_2].',
+        $in{'curr_autharg'},$krbver);
+                } else {
+                    $result =
+    &mt('Currently Kerberos authenticated, Version [_1].',$krbver);
+                }
+                return $result; 
+            }
+        }
+    } else {
+        if ($authnum == 1) {
+            $authtype = '<input type="hidden" name="login" value="krb">';
         }
     }
-
-    my $jscall = "javascript:changed_radio('krb',$in{'formname'});";
-    my $result .= &mt
+    if (!$can_assign{'krb4'} && !$can_assign{'krb5'}) {
+        return;
+    }
+    $jscall = "javascript:changed_radio('krb',$in{'formname'});";
+    if ($authtype eq '') {
+        $authtype = '<input type="radio" name="login" value="krb" '.
+                    'onclick="'.$jscall.'" onchange="'.$jscall.'"'.
+                    $krbcheck.' />';
+    }
+    if (($can_assign{'krb4'} && $can_assign{'krb5'}) ||
+        ($can_assign{'krb4'} && !$can_assign{'krb5'} && 
+         $in{'curr_authtype'} eq 'krb5') ||
+        (!$can_assign{'krb4'} && $can_assign{'krb5'} && 
+         $in{'curr_authtype'} eq 'krb4')) {
+        $result .= &mt
         ('[_1] Kerberos authenticated with domain [_2] '.
          '[_3] Version 4 [_4] Version 5 [_5]',
-         '<label><input type="radio" name="login" value="krb" '.
-             'onclick="'.$jscall.'" onchange="'.$jscall.'"'.$krbcheck.' />',
+         '<label>'.$authtype,
          '</label><input type="text" size="10" name="krbarg" '.
              'value="'.$krbarg.'" '.
              'onchange="'.$jscall.'" />',
          '<label><input type="radio" name="krbver" value="4" '.$check4.' />',
          '</label><label><input type="radio" name="krbver" value="5" '.$check5.' />',
 	 '</label>');
+    } elsif ($can_assign{'krb4'}) {
+        $result .= &mt
+        ('[_1] Kerberos authenticated with domain [_2] '.
+         '[_3] Version 4 [_4]',
+         '<label>'.$authtype,
+         '</label><input type="text" size="10" name="krbarg" '.
+             'value="'.$krbarg.'" '.
+             'onchange="'.$jscall.'" />',
+         '<label><input type="hidden" name="krbver" value="4" />',
+         '</label>');
+    } elsif ($can_assign{'krb5'}) {
+        $result .= &mt
+        ('[_1] Kerberos authenticated with domain [_2] '.
+         '[_3] Version 5 [_4]',
+         '<label>'.$authtype,
+         '</label><input type="text" size="10" name="krbarg" '.
+             'value="'.$krbarg.'" '.
+             'onchange="'.$jscall.'" />',
+         '<label><input type="hidden" name="krbver" value="5" />',
+         '</label>');
+    }
     return $result;
 }
 
 sub authform_internal{  
-    my %args = (
+    my %in = (
                 formname => 'document.cu',
                 kerb_def_dom => 'MSU.EDU',
                 @_,
                 );
-
-    my $intcheck = "";
-    my $intarg = 'value=""';
-    if ( grep/^curr_authtype$/,(keys %args) ) {
-        if ($args{'curr_authtype'} eq 'int') {
-            $intcheck = " checked=\"on\"";
-            if ( grep/^curr_autharg$/,(keys %args) ) {
-                $intarg = "value=\"$args{'curr_autharg'}\"";
+    my ($intcheck,$intarg,$result,$authtype,$autharg,$jscall);
+    my ($authnum,%can_assign) =  &get_assignable_auth($in{'domain'});
+    if (grep(/^curr_authtype$/,(keys(%in)))) {
+        if ($in{'curr_authtype'} eq 'internal:') {
+            if ($can_assign{'int'}) {
+                $intcheck = 'checked="on" ';
+                if (grep(/^curr_autharg$/,(keys(%in)))) {
+                    $intarg = $in{'curr_autharg'};
+                }
+            } else {
+                $result = &mt('Currently internally authenticated.');
+                return $result;
             }
         }
+    } else {
+        if ($authnum == 1) {
+            $authtype = '<input type="hidden" name="login" value="int">';
+        }
     }
-
-    my $jscall = "javascript:changed_radio('int',$args{'formname'});";
-    my $result.=&mt
+    if (!$can_assign{'int'}) {
+        return;
+    }
+    $jscall = "javascript:changed_radio('int',$in{'formname'});";
+    if ($authtype eq '') {
+        $authtype = '<input type="radio" name="login" value="int" '.$intcheck.
+                    ' onchange="'.$jscall.'" onclick="'.$jscall.'" />';
+    }
+    $autharg = '<input type="text" size="10" name="intarg" value="'.
+               $intarg.'" onchange="'.$jscall.'" />';
+    $result = &mt
         ('[_1] Internally authenticated (with initial password [_2])',
-         '<label><input type="radio" name="login" value="int" '.$intcheck.
-             ' onchange="'.$jscall.'" onclick="'.$jscall.'" />',
-         '</label><input type="text" size="10" name="intarg" '.$intarg.
-             ' onchange="'.$jscall.'" />');
+         '<label>'.$authtype,'</label>'.$autharg);
     return $result;
 }
 
@@ -1858,24 +1976,38 @@ sub authform_local{
               kerb_def_dom => 'MSU.EDU',
               @_,
               );
-
-    my $loccheck = "";
-    my $locarg = 'value=""';
-    if ( grep/^curr_authtype$/,(keys %in) ) {
-        if ($in{'curr_authtype'} eq 'loc') {
-            $loccheck = " checked=\"on\"";
-            if ( grep/^curr_autharg$/,(keys %in) ) {
-                $locarg = "value=\"$in{'curr_autharg'}\"";
+    my ($loccheck,$locarg,$result,$authtype,$autharg,$jscall);
+    my ($authnum,%can_assign) =  &get_assignable_auth($in{'domain'});
+    if (grep(/^curr_authtype$/,(keys(%in)))) {
+        if ($in{'curr_authtype'} eq 'localauth:') {
+            if ($can_assign{'loc'}) {
+                $loccheck = 'checked="on" ';
+                if (grep(/^curr_autharg$/,(keys(%in)))) {
+                    $locarg = $in{'curr_autharg'};
+                }
+            } else {
+                $result = &mt('Currently using local (institutional) authentication.');
+                return $result;
             }
         }
+    } else {
+        if ($authnum == 1) {
+            $authtype = '<input type="hidden" name="login" value="loc">';
+        }
     }
-
-    my $jscall = "javascript:changed_radio('loc',$in{'formname'});";
-    my $result.=&mt('[_1] Local Authentication with argument [_2]',
-                    '<label><input type="radio" name="login" value="loc" '.$loccheck.
-                        ' onchange="'.$jscall.'" onclick="'.$jscall.'" />',
-                    '</label><input type="text" size="10" name="locarg" '.$locarg.
-                        ' onchange="'.$jscall.'" />');
+    if (!$can_assign{'loc'}) {
+        return;
+    }
+    $jscall = "javascript:changed_radio('loc',$in{'formname'});";
+    if ($authtype eq '') {
+        $authtype = '<input type="radio" name="login" value="loc" '.
+                    $loccheck.' onchange="'.$jscall.'" onclick="'.
+                    $jscall.'" />';
+    }
+    $autharg = '<input type="text" size="10" name="locarg" value="'.
+               $locarg.'" onchange="'.$jscall.'" />';
+    $result = &mt('[_1] Local Authentication with argument [_2]',
+                  '<label>'.$authtype,'</label>'.$autharg);
     return $result;
 }
 
@@ -1885,16 +2017,85 @@ sub authform_filesystem{
               kerb_def_dom => 'MSU.EDU',
               @_,
               );
-    my $jscall = "javascript:changed_radio('fsys',$in{'formname'});";
-    my $result.= &mt
+    my ($fsyscheck,$result,$authtype,$autharg,$jscall);
+    my ($authnum,%can_assign) =  &get_assignable_auth($in{'domain'});
+    if (grep(/^curr_authtype$/,(keys(%in)))) {
+        if ($in{'curr_authtype'} eq 'unix:') {
+            if ($can_assign{'fsys'}) {
+                $fsyscheck = 'checked="on" ';
+            } else {
+                $result = &mt('Currently Filesystem Authenticated.');
+                return $result;
+            }           
+        }
+    } else {
+        if ($authnum == 1) {
+            $authtype = '<input type="hidden" name="login" value="fsys">';
+        }
+    }
+    if (!$can_assign{'fsys'}) {
+        return;
+    }
+    $jscall = "javascript:changed_radio('fsys',$in{'formname'});";
+    if ($authtype eq '') {
+        $authtype = '<input type="radio" name="login" value="fsys" '.
+                    $fsyscheck.' onchange="'.$jscall.'" onclick="'.
+                    $jscall.'" />';
+    }
+    $autharg = '<input type="text" size="10" name="fsysarg" value=""'.
+               ' onchange="'.$jscall.'" />';
+    $result = &mt
         ('[_1] Filesystem Authenticated (with initial password [_2])',
          '<label><input type="radio" name="login" value="fsys" '.
-         'onchange="'.$jscall.'" onclick="'.$jscall.'" />',
+         $fsyscheck.'onchange="'.$jscall.'" onclick="'.$jscall.'" />',
          '</label><input type="text" size="10" name="fsysarg" value="" '.
                   'onchange="'.$jscall.'" />');
     return $result;
 }
 
+sub get_assignable_auth {
+    my ($dom) = @_;
+    if ($dom eq '') {
+        $dom = $env{'request.role.domain'};
+    }
+    my %can_assign = (
+                          krb4 => 1,
+                          krb5 => 1,
+                          int  => 1,
+                          loc  => 1,
+                     );
+    my %domconfig = &Apache::lonnet::get_dom('configuration',['usercreation'],$dom);
+    if (ref($domconfig{'usercreation'}) eq 'HASH') {
+        if (ref($domconfig{'usercreation'}{'authtypes'}) eq 'HASH') {
+            my $authhash = $domconfig{'usercreation'}{'authtypes'};
+            my $context;
+            if ($env{'request.role'} =~ /^au/) {
+                $context = 'author';
+            } elsif ($env{'request.role'} =~ /^dc/) {
+                $context = 'domain';
+            } elsif ($env{'request.course.id'}) {
+                $context = 'course';
+            }
+            if ($context) {
+                if (ref($authhash->{$context}) eq 'HASH') {
+                   %can_assign = %{$authhash->{$context}}; 
+                }
+            }
+        }
+    }
+    my $authnum = 0;
+    foreach my $key (keys(%can_assign)) {
+        if ($can_assign{$key}) {
+            $authnum ++;
+        }
+    }
+    if ($can_assign{'krb4'} && $can_assign{'krb5'}) {
+        $authnum --;
+    }
+    return ($authnum,%can_assign);
+}
+
+
 ###############################################################
 ##    Get Authentication Defaults for Domain                 ##
 ###############################################################
@@ -2020,7 +2221,7 @@ sub initialize_keywords {
     # Remove special values from %Keywords.
     foreach my $value ('total.count','average.count') {
         delete($Keywords{$value}) if (exists($Keywords{$value}));
-    }
+  }
     return 1;
 }