--- loncom/interface/lonconfigsettings.pm	2015/05/22 16:52:16	1.21.4.7
+++ loncom/interface/lonconfigsettings.pm	2023/10/06 21:19:46	1.21.4.13.2.11
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Handler to set domain-wide configuration settings
 #
-# $Id: lonconfigsettings.pm,v 1.21.4.7 2015/05/22 16:52:16 raeburn Exp $
+# $Id: lonconfigsettings.pm,v 1.21.4.13.2.11 2023/10/06 21:19:46 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -37,11 +37,12 @@ use Apache::lonhtmlcommon();
 use Apache::lonlocal;
 use Apache::courseclassifier();
 use LONCAPA qw(:DEFAULT :match);
+use File::Copy;
 
 sub print_header {
-    my ($r,$phase,$context,$jscript,$container) = @_;
+    my ($r,$phase,$context,$jscript,$container,$instcode,$dom,$confname,$values) = @_;
     my ($pagetitle,$brcrumtitle,$action,$call_category_check,$instcode_check,
-        $crstype,@actions,@code_order);
+        $linkprot_check,$ltitools_check,$crstype,@actions,@code_order);
     if ($phase eq 'display') {
         @actions = &Apache::loncommon::get_env_multiple('form.actions');
     }
@@ -74,6 +75,7 @@ sub print_header {
                                                         \@code_order);
                 if (@code_order) {
                    my $noinstcodestr = &mt('You indicated cloning based on category, but did not select any categories.');
+                   &js_escape(\$noinstcodestr);
                    $instcode_check = <<"ENDSCRIPT";
     if (formname == document.display) {
         if (formname.cloners_instcode.length) {
@@ -114,9 +116,27 @@ sub print_header {
 ENDSCRIPT
                 }
             }
+            if (($context eq 'course') && ((grep(/^linkprot$/,@actions)) ||
+                (grep(/^ltitools$/,@actions)))) {
+                my $allowed;
+                my $home = &Apache::lonnet::homeserver($confname,$dom);
+                unless ($home eq 'no_host') {
+                    my @ids=&Apache::lonnet::current_machine_ids();
+                    foreach my $id (@ids) { if ($id eq $home) { $allowed=1; } }
+                }
+                if ($allowed) {
+                    if (grep((/^linkprot$/,@actions))) {
+                        $linkprot_check = &ltisecret_js('linkprot',$dom,$values);
+                    }
+                    if (grep((/^ltitools$/,@actions))) {
+                        $ltitools_check = &ltisecret_js('ltitools',$dom,$values);
+                    }
+                }
+            }
         }
     }
     my $alert = &mt('You must select at least one functionality type to display.');
+    &js_escape(\$alert);
     my $js = '
 <script type="text/javascript">
 // <![CDATA[
@@ -143,16 +163,21 @@ function changePage(formname,newphase) {
             return;
         }
     }
-    '.$instcode_check.$call_category_check.'
+    '.$instcode_check.$call_category_check.$linkprot_check.$ltitools_check.'
     formname.submit();
 }'."\n";
     if ($phase eq 'pickactions') {
-        $js .= &Apache::lonhtmlcommon::color_picker();
+	$js .= &Apache::lonhtmlcommon::color_picker();
         $js .=
             &Apache::lonhtmlcommon::set_form_elements({actions => 'checkbox'})."\n";
     } elsif ($phase eq 'display') {
-        $js .= &Apache::lonhtmlcommon::color_picker();
+	$js .= &Apache::lonhtmlcommon::color_picker();
         $js .= &color_pick_js()."\n";
+        if ($context eq 'domain') {
+            if (grep(/^(lti|ltitools)$/,@actions)) {
+                 $js .= &ltisec_javascript($dom)."\n";
+            }
+        }
     }
     $js .= &Apache::loncommon::viewport_size_js().'
 
@@ -174,22 +199,201 @@ $jscript
         $additem = {'add_entries' => \%loaditems,};
     } elsif ($phase eq 'display') {
         if ($context eq 'domain') {
+            my $onload;
             if (grep(/^coursedefaults$/,@actions)) {
+                $onload = "toggleDisplay(document.display,'cloneinstcode');".
+                          "toggleDisplay(document.display,'credits');".
+                          "toggleDisplay(document.display,'studentsubmission');";
+            }
+            if (grep(/^selfcreation$/,@actions)) {
+                my $prefix = 'cancreate_emailverified';
+                my $customclass = 'LC_selfcreate_email';
+                my $classprefix = 'LC_canmodify_emailusername_';
+                my $optionsprefix = 'LC_options_emailusername_';
+                $onload .= "toggleRows(document.display,'cancreate_email','selfassign','$customclass','$classprefix','$optionsprefix');";
+                my ($othertitle,$usertypes,$types) = &Apache::loncommon::sorted_inst_types($dom);
+                my $hascustom;
+                my ($emailrules,$emailruleorder) = &Apache::lonnet::inst_userrules($dom,'email');
+                if (ref($emailrules) eq 'HASH') {
+                    if (keys(%{$emailrules}) > 0) {
+                        $hascustom = 'cancreate_emailrule';
+                    }
+                }
+                my @posstypes;
+                if (ref($types) eq 'ARRAY') {
+                    @posstypes = @{$types};
+                    push(@posstypes,'default');
+                    foreach my $type (@posstypes) {
+                        $onload .= "toggleEmailOptions(document.display,'cancreate_emailoptions','$hascustom',".
+                                                               "'cancreate_emaildomain','$type');";
+                    }
+                } else {
+                    $onload .= "toggleEmailOptions(document.display,'cancreate_emailoptions','$hascustom',".
+                                                       "'cancreate_emaildomain','default');";
+                }
+            }
+            if (grep(/^contacts$/,@actions)) {
+                my $customclass = 'LC_helpdesk_override';
+                my $optionsprefix = 'LC_options_helpdesk_';
+                $onload .= "toggleHelpdeskRow(document.display,'overrides','$customclass','$optionsprefix');";
+            }
+            if (grep(/^lti$/,@actions)) {
+                $onload .= "toggleLTI(document.display,'user','add');".
+                           "toggleLTI(document.display,'crs','add');".
+                           "toggleLTI(document.display,'sec','add');".
+                           "toggleLTI(document.display,'lcauth','add');".
+                           "toggleLTI(document.display,'lcmenu','add');".
+                           "toggleLTI(document.display,'passback','add');".
+                           "toggleLTI(document.display,'callback','add');";
+                if (ref($values) eq 'HASH') {
+                    if (ref($values->{'lti'}) eq 'HASH') {
+                        my $numlti = scalar(keys(%{$values->{'lti'}}));
+                        for (my $i=0; $i<$numlti; $i++) {
+                            $onload .= "toggleLTI(document.display,'user','$i');".
+                                       "toggleLTI(document.display,'crs','$i');".
+                                       "toggleLTI(document.display,'sec','$i');".
+                                       "toggleLTI(document.display,'lcauth','$i');".
+                                       "toggleLTI(document.display,'lcmenu','$i');".
+                                       "toggleLTI(document.display,'passback','$i');".
+                                       "toggleLTI(document.display,'callback','$i');";
+                        }
+                    }
+                }
+                my %servers = &Apache::lonnet::get_servers($dom,'library');
+                foreach my $server (keys(%servers)) {
+                    $onload .= "togglePrivKey(document.display,'ltisec','$server');";
+                }
+                $onload .= "toggleLTIEncKey(document.display,'ltisec');";
+            }
+            if (grep(/^ltitools$/,@actions)) {
+                $onload .= "toggleLTITools(document.display,'passback','add');".
+                           "toggleLTITools(document.display,'roster','add');".
+                           "toggleLTITools(document.display,'user','add');";
+                if (ref($values) eq 'HASH') {
+                    if (ref($values->{'ltitools'}) eq 'HASH') {
+                        my $numltitools = scalar(keys(%{$values->{'ltitools'}}));
+                        for (my $i=0; $i<$numltitools; $i++) {
+                            $onload .= "toggleLTITools(document.display,'passback','$i');".
+                                       "toggleLTITools(document.display,'roster','$i');".
+                                       "toggleLTITools(document.display,'user','$i');";
+                        }
+                    }
+                }
+                my %servers = &Apache::lonnet::get_servers($dom,'library');
+                foreach my $server (keys(%servers)) {
+                    $onload .= "togglePrivKey(document.display,'toolsec','$server');";
+                }
+                $onload .= "toggleLTIEncKey(document.display,'toolsec');";
+            }
+            if (grep(/^wafproxy$/,@actions)) {
+                $onload .= "toggleWAF();checkWAF();updateWAF();";
+            }
+            if (grep(/^scantron$/,@actions)) {
+                $onload .= "toggleScantron(document.display);";
+            }
+            if (grep(/^autoupdate$/,@actions)) {
+                $onload .= "toggleLastActiveDays(document.display);";
+            }
+            if (grep(/^autoenroll$/,@actions)) {
+                $onload .= "toggleFailsafe(document.display);";
+            }
+            if (grep(/^login$/,@actions)) {
+                my %domservers = &Apache::lonnet::get_servers($dom);
+                foreach my $server (sort(keys(%domservers))) {
+                    $onload .= "toggleSamlOptions(document.display,'$server');";
+                }
+            }
+            if ($onload) {
                 my %loaditems = (
-                    '             onload' => "toggleDisplay(document.display,'cloneinstcode');".
-                                             "toggleDisplay(document.display,'credits');".
-                                             "toggleDisplay(document.display,'studentsubmission');",
+                                  'onload' => $onload,
                                 );
                 $additem = {'add_entries' => \%loaditems,};
             }
         } elsif ($context eq 'course') {
+            my ($onload,$ishome,$crshome_checked);
             if (grep(/^courseinfo$/,@actions)) {
                 if (@code_order) {
-                    $additem = {
-                                   add_entries => {'onload' => "courseSet('','load');toggleCloners(document.display.cloners_instcode);"},
-                               };
+                    $onload = "courseSet('','load');toggleCloners(document.display.cloners_instcode);";
                 }
             }
+            if (grep(/^linkprot$/,@actions)) {
+                if (ref($values) eq 'HASH') {
+                    if (ref($values->{'linkprot'}) eq 'HASH') {
+                        my $ltiauth;
+                        if (exists($env{'course.'.$env{'request.course.id'}.'.internal.ltiauth'})) {
+                            $ltiauth = $env{'course.'.$env{'request.course.id'}.'.internal.ltiauth'};
+                        } else {
+                            my %domdefs = &Apache::lonnet::get_domain_defaults($dom);
+                            $ltiauth = $domdefs{'crsltiauth'};
+                        }
+                        unless ($crshome_checked) {
+                            $ishome = &is_home();
+                            $crshome_checked = 1;
+                        }
+                        my $posslti = scalar(keys(%{$values->{'linkprot'}}));
+                        for (my $i=0; $i<=$posslti; $i++) {
+                            my $num = $i;
+                            if ($i == $posslti) {
+                                $num = 'add';
+                            }
+                            if (ref($values->{'linkprot'}->{$i}) eq 'HASH') {
+                                if ($values->{'linkprot'}->{$i}->{'usable'}) {
+                                    $onload .= "toggleChgSecret(document.display,'$num','secret','linkprot');";
+                                }
+                            }
+                            $onload .= "toggleLinkProtExtra(document.display,'returnurl','divurlparam','1','inline-block','$num');".
+                                       "toggleLinkProtExtra(document.display,'passback','passbackparam','1','inline-block','$num');";
+                            if ($ltiauth) {
+                                $onload .= "toggleLinkProtExtra(document.display,'requser','optional','1','block','$num');".
+                                           "toggleLinkProtExtra(document.display,'mapuser','userfield','other','inline-block','$num');";
+                            }
+                            if ($ishome) {
+                                $onload .= "uncheckLinkProtMakeVis('linkprot','visible','$num');";
+                            }
+                        }
+                    }
+                }
+            }
+            if (grep(/^ltitools$/,@actions)) {
+                if (ref($values) eq 'HASH') {
+                    if (ref($values->{'ltitools'}) eq 'HASH') {
+                        unless ($crshome_checked) {
+                            $ishome = &is_home();
+                            $crshome_checked = 1;
+                        }
+                        my $possltitools = scalar(keys(%{$values->{'ltitools'}}));
+                        for (my $i=0; $i<=$possltitools; $i++) {
+                            my $num = $i;
+                            if ($i == $possltitools) {
+                                $num = 'add';
+                            }
+                            if (ref($values->{'ltitools'}->{$i}) eq 'HASH') {
+                                if ($values->{'ltitools'}->{$i}->{'usable'}) {
+                                    $onload .= "toggleChgSecret(document.display,'$num','secret','ltitools');";
+                                }
+                            }
+                            if ($ishome) {
+                                $onload .= "uncheckLinkProtMakeVis('ltitools','visible','$num');";
+                            }
+                        }
+                    }
+                }
+            }
+            if (grep(/^appearance$/,@actions)) {
+                $onload .= "toggleExtRes();";
+            }
+            if (grep(/^localization$/,@actions)) {
+                $onload .= "toggleTimeZone();";
+            }
+            if (grep(/^grading$/,@actions)) {
+                $onload .= 'toggleGrading(document.display);toggleHiddenTotalsSec(document.display);';
+            }
+            if ($onload) {
+                my %loaditems = (
+                                  'onload' => $onload,
+                                );
+                $additem = {'add_entries' => \%loaditems,};
+            }
         }
     }
     $r->print(&Apache::loncommon::start_page($pagetitle,$js,$additem));
@@ -206,8 +410,128 @@ $jscript
     return;
 }
 
+sub ltisecret_js {
+    my ($name,$dom,$values) = @_;
+    return unless (ref($values) eq 'HASH');
+    my $js;
+    if (($name eq 'linkprot') || ($name eq 'ltitools')) {
+        my (@changeable,@settable);
+        if (ref($values->{$name}) eq 'HASH') {
+            if (keys(%{$values->{$name}})) {
+                my @current = sort { $a <=> $b } keys(%{$values->{$name}});
+                if (@current) {
+                    for (my $i=0; $i<@current; $i++) {
+                        my $num = $current[$i];
+                        if (ref($values->{$name}->{$num}) eq 'HASH') {
+                            if ($values->{$name}->{$num}->{'usable'}) {
+                                push(@changeable,$i);
+                            } else {
+                                push(@settable,$i);
+                            }
+                        }
+                    }
+                }
+            }
+        }
+        my ($numrules,$intargjs);
+$js .= <<ENDJS;
+
+var ${name}radio = '';
+var ${name}secretinput = '';
+var ${name}posscheck = '';
+
+ENDJS
+        if (@changeable) {
+            foreach my $num (@changeable) {
+                ($numrules,$intargjs) =
+                    &Apache::loncommon::passwd_validation_js($name.'secretinput',$dom,$name,$num);
+                $js .= <<"ENDJS";
+${name}posscheck = '';
+${name}radio = document.display.elements['${name}_changesecret_$num'];
+if (${name}radio.length) {
+    for (var i=0; i<${name}radio.length; i++) {
+        if (${name}radio[i].checked) {
+            if (${name}radio[i].value == 1) {
+                ${name}posscheck = 1;
+            }
+        }
+    }
+}
+
+ENDJS
+                if ($numrules) {
+                    $js .= <<"ENDJS";
+if (${name}posscheck) {
+    ${name}secretinput = document.display.elements['${name}_secret_$num'].value;
+    $intargjs
+}
+
+ENDJS
+                }
+                $js .= <<"ENDJS";
+if (${name}posscheck) {
+    uncheckLinkProtMakeVis('$name','visible','$num');
+    document.display.elements['${name}_secret_$num'].type = 'password';
+}
+
+ENDJS
+            }
+        }
+        if (@settable) {
+            foreach my $num (@settable) {
+                ($numrules,$intargjs) =
+                    &Apache::loncommon::passwd_validation_js($name.'secretinput',$dom,$name,$num);
+                if ($numrules) {
+                    $js .= <<ENDJS;
+${name}secretinput = document.display.elements['${name}_secret_$num'].value;
+$intargjs
+
+ENDJS
+                }
+                $js .= <<ENDJS;
+uncheckLinkProtMakeVis('$name','visible','$num');
+document.display.elements['${name}_secret_$num'].type = 'password';
+
+ENDJS
+            }
+        }
+        ($numrules,$intargjs) =
+            &Apache::loncommon::passwd_validation_js($name.'secretinput',$dom,$name,'add');
+        if ($numrules) {
+            $js .= <<ENDJS
+${name}secretinput = document.display.elements['${name}_secret_add'].value;
+if (document.display.elements['${name}_add'].checked) {
+    $intargjs
+}
+
+ENDJS
+        }
+        $js .= <<ENDJS;
+uncheckLinkProtMakeVis('$name','visible','add');
+document.display.elements['${name}_secret_add'].type = 'password';
+
+ENDJS
+    }
+    return $js;
+}
+
+sub is_home {
+    my $ishome;
+    my $chome = $env{'course.'.$env{'request.course.id'}.'.home'};
+    unless (($chome eq 'no_host') || ($chome eq '')) {
+        my @ids=&Apache::lonnet::current_machine_ids();
+        foreach my $id (@ids) {
+            if ($id eq $chome) {
+                $ishome=1;
+                last;
+            }
+        }
+    }
+    return $ishome;
+}
+
 sub print_footer {
-    my ($r,$phase,$newphase,$button_text,$actions,$container) = @_;
+    my ($r,$phase,$newphase,$button_text,$actions,$container,$parm_permission) = @_;
     $button_text = &mt($button_text);
     $r->print('<input type="hidden" name="phase" value="" />');
     if (defined($env{'form.origin'})) {
@@ -232,8 +556,16 @@ sub print_footer {
         } else {
             $onclick = '"javascript:changePage(document.'.$phase.','."'$newphase'".')"';
         }
-        $r->print('<p><input type="button" name="store" value="'.
-                  $button_text.'" onclick='.$onclick.' /></p>');
+        my $showbutton = 1;
+        if (ref($parm_permission) eq 'HASH') {
+            unless (($parm_permission->{'process'}) || ($newphase eq 'display')) {
+                $showbutton = 0;
+            }
+        }
+        if ($showbutton) {
+            $r->print('<p><input type="button" name="store" value="'.
+                      $button_text.'" onclick='.$onclick.' /></p>');
+        }
     }
     if ($phase eq 'process') {
         $r->print('</form>');
@@ -243,7 +575,8 @@ sub print_footer {
 }
 
 sub make_changes {
-    my ($r,$dom,$phase,$context,$prefs_order,$prefs,$values,$confname,$roles,$allitems,$container) = @_;
+    my ($r,$dom,$phase,$context,$prefs_order,$prefs,$values,$confname,$roles,
+        $allitems,$container,$parm_permission) = @_;
     my %brcrumtext = &get_crumb_text();
     my @actions = &Apache::loncommon::get_env_multiple('form.actions');
     my ($numchanged,%changes,%disallowed);
@@ -253,7 +586,7 @@ sub make_changes {
        {href=>"javascript:changePage(document.$phase,'$phase')",
         text=>"Updated"});
     &print_header($r,$phase,$context,undef,$container);
-    my ($crstype,%lastact);
+    my ($crstype,%lastact,$errors);
     if ($context eq 'course') {
         $crstype = &Apache::loncommon::course_type();
     }
@@ -267,9 +600,11 @@ sub make_changes {
                                           $confname,$item,$roles,$values,\%lastact));
                 } else {
                     $changes{$item} = {};
-                    &Apache::courseprefs::process_changes($dom,$item,$values,
-                                                          $prefs->{$item},$changes{$item},
-                                                          $allitems,\%disallowed,$crstype);
+                    $errors =
+                        &Apache::courseprefs::process_changes($dom,$confname,$item,$values,
+                                                              $prefs->{$item},$changes{$item},
+                                                              $allitems,\%disallowed,$crstype,
+                                                              \%lastact);
                     if (keys(%{$changes{$item}}) > 0) {
                         $numchanged ++;
                     }
@@ -301,20 +636,23 @@ sub make_changes {
             }
             $r->print('</p>');
         }
+        if ($errors) {
+            $r->print('<p>'.$errors.'</p>');
+        }
     }
     $r->print('<p>');
     my $footer_text = 'Back to configuration display';
     if ($context eq 'course') {
         $footer_text = 'Back to display/edit settings'; 
     }
-    &print_footer($r,$phase,'display',$footer_text,\@actions,$container);
+    &print_footer($r,$phase,'display',$footer_text,\@actions,$container,$parm_permission);
     $r->print('</p>');
     return \%lastact;
 }
 
 sub display_settings {
     my ($r,$dom,$phase,$context,$prefs_order,$prefs,$values,$confname,$jscript,
-        $allitems,$crstype,$container) = @_;
+        $allitems,$crstype,$container,$parm_permission) = @_;
     my %brcrumtext = &get_crumb_text();
     my @actions = &Apache::loncommon::get_env_multiple('form.actions');
     &Apache::lonhtmlcommon::add_breadcrumb
@@ -324,12 +662,12 @@ sub display_settings {
     if (ref($values) eq 'HASH') {
         $instcode = $values->{'internal.coursecode'};
     }
-    &print_header($r,$phase,$context,$jscript,$container,$instcode);
+    &print_header($r,$phase,$context,$jscript,$container,$instcode,$dom,$confname,$values);
     my $divwidth = 900;
     if ((ref($prefs_order) eq 'ARRAY') && (ref($prefs) eq 'HASH') && (ref($values) eq 'HASH')) { 
         if (@actions > 0) {
             my $rowsum = 0;
-            my (%output,%rowtotal,@items);
+            my (%output,%rowtotal,@items,$got_check_uncheck,$got_change_secret);
             foreach my $item (@{$prefs_order}) {
                 if (grep(/^\Q$item\E$/,@actions)) {
                     push(@items,$item);
@@ -368,14 +706,50 @@ sub display_settings {
                                     $settings = $inststatus;
                                 }
                             }
+                        } elsif (($item eq 'lti') || ($item eq 'ltitools')) {
+                            unless ($got_change_secret) {
+                                $r->print('<script type="text/javascript">'."\n".
+                                          '// <![CDATA['."\n".
+                                          &change_secret_js()."\n".
+                                          '// ]]>'."\n".
+                                          '</script>'."\n");
+                                $got_change_secret = 1;
+                            }
+                            if ($item eq 'lti') {
+                                if (ref($values->{'ltisec'}) eq 'HASH') {
+                                    if (ref($values->{'lti'}) eq 'HASH') {
+                                        $settings = {%{$values->{'lti'}},%{$values->{'ltisec'}}};
+                                    } else {
+                                        $settings = $values->{'ltisec'};
+                                    }
+                                } elsif (ref($values->{'lti'}) eq 'HASH') {
+                                    $settings = $values->{'lti'};
+                                }
+                            } elsif ($item eq 'ltitools') {
+                                if (ref($values->{'toolsec'}) eq 'HASH') {
+                                    if (ref($values->{'ltitools'}) eq 'HASH') {
+                                        $settings = {%{$values->{'ltitools'}},%{$values->{'toolsec'}}};
+                                    } else {
+                                        $settings = $values->{'toolsec'};
+                                    }
+                                }
+                            }
                         }
                         ($output{$item},$rowtotal{$item}) =
                             &Apache::domainprefs::print_config_box($r,$dom,$confname,
                                 $phase,$item,$prefs->{$item},$settings);
                     } else {
+                        unless ($got_change_secret) {
+                            $r->print('<script type="text/javascript">'."\n".
+                                      '// <![CDATA['."\n".
+                                      &change_secret_js()."\n".
+                                      '// ]]>'."\n".
+                                      '</script>'."\n");
+                            $got_change_secret = 1;
+                        }
                         ($output{$item},$rowtotal{$item}) =
-                            &Apache::courseprefs::print_config_box($r,$dom,$phase,
-                                $item,$prefs->{$item},$values,$allitems,$crstype);
+                            &Apache::courseprefs::print_config_box($r,$dom,$confname,$phase,
+                                $item,$prefs->{$item},$values,$allitems,$crstype,$parm_permission);
                     }
                     $rowsum += $rowtotal{$item};
                 }
@@ -385,7 +759,7 @@ sub display_settings {
                 $r->print($output{$items[$i]});
             }
             $r->print('</div>');
-            $r->print(&print_footer($r,$phase,'process','Save Changes',\@actions,$container));
+            $r->print(&print_footer($r,$phase,'process','Save Changes',\@actions,$container,$parm_permission));
         } else {
             $r->print('<input type="hidden" name="phase" value="" />'.
                       '<span class="LC_error">'.&mt('No settings chosen').
@@ -398,7 +772,7 @@ sub display_settings {
 }
 
 sub display_choices {
-    my ($r,$phase,$context,$prefs_order,$prefs,$container) = @_;
+    my ($r,$phase,$context,$prefs_order,$prefs,$container,$parm_permission) = @_;
     if ($phase eq '') {
         $phase = 'pickactions';
     }
@@ -409,7 +783,13 @@ sub display_choices {
               &Apache::loncommon::check_uncheck_jscript()."\n".
               '// ]]>'."\n".
               '</script>'."\n");
-    $r->print('<h3>'.&mt('Settings to display/modify').'</h3>'.
+    my $heading = &mt('Settings to display/modify');
+    if (ref($parm_permission) eq 'HASH') {
+        unless ($parm_permission->{'process'}) {
+            $heading = &mt('Settings to display');
+        }
+    }
+    $r->print('<h3>'.$heading.'</h3>'.
               '<div><input type="button" value="'.&mt('check all').'" '.
               'onclick="javascript:checkAll(document.pickactions.actions)"'.
               ' />'.('&nbsp;'x2).
@@ -445,9 +825,9 @@ sub display_choices {
                 $thirddiv = 1;
             }
         }
-        $r->print('</div><br clear="all" />');
     }
-    $r->print(&print_footer($r,$phase,'display','Display',undef,$container));
+    $r->print('</div><div style="padding:0;clear:both;margin:0;border:0"></div>');
+    $r->print(&print_footer($r,$phase,'display','Display',undef,$container,$parm_permission));
     $r->print('</form>');
     $r->print(&Apache::loncommon::end_page());
     return;
@@ -495,6 +875,274 @@ ENDCOL
     return $output;
 }
 
+sub ltisec_javascript {
+    my ($dom) = @_;
+    my %servers = &Apache::lonnet::get_servers($dom,'library');
+    my $primary = &Apache::lonnet::domain($dom,'primary');
+    my $course_servers = "'".join("','",keys(%servers))."'";
+    my $output = <<"ENDJS";
+
+function toggleLTIEncKey(form,context) {
+    var shownhosts = new Array();
+    var hiddenhosts = new Array();
+    var forcourse = new Array($course_servers);
+    var fromdomain = '$primary';
+    var crsradio;
+    if (context == 'ltisec') {
+        crsradio = form.elements['ltisec_crslinkprot'];
+    } else {
+        crsradio = form.elements['toolsec_crs'];
+    }
+    if (crsradio.length) {
+        for (var i=0; i<crsradio.length; i++) {
+            if (crsradio[i].checked) {
+                if (crsradio[i].value == 1) {
+                    if (forcourse.length > 0) {
+                        for (var j=0; j<forcourse.length; j++) {
+                            if (!shownhosts.includes(forcourse[j])) {
+                                shownhosts.push(forcourse[j]);
+                            }
+                        }
+                    }
+                } else {
+                    if (forcourse.length > 0) {
+                        for (var j=0; j<forcourse.length; j++) {
+                            if (!hiddenhosts.includes(forcourse[j])) {
+                                hiddenhosts.push(forcourse[j]);
+                            }
+                        }
+                    }
+                }
+            }
+        }
+    }
+    var domradio;
+    if (context == 'ltisec') {
+        domradio = form.elements['ltisec_domlinkprot'];
+    } else {
+        domradio = form.elements['toolsec_dom'];
+    }
+    if (domradio.length) {
+        for (var i=0; i<domradio.length; i++) {
+            if (domradio[i].checked) {
+                if (domradio[i].value == 1) {
+                    if (!shownhosts.includes(fromdomain)) {
+                        shownhosts.push(fromdomain);
+                    }
+                } else {
+                    if (!hiddenhosts.includes(fromdomain)) {
+                        hiddenhosts.push(fromdomain);
+                    }
+                }
+            }
+        }
+    }
+    if (context == 'ltisec') {
+        var consumersradio = form.elements['ltisec_consumers'];
+        if (consumersradio.length) {
+            for (var i=0; i<consumersradio.length; i++) {
+                if (consumersradio[i].checked) {
+                    if (consumersradio[i].value == 1) {
+                        if (!shownhosts.includes(fromdomain)) {
+                            shownhosts.push(fromdomain);
+                        }
+                    } else {
+                        if (!hiddenhosts.includes(fromdomain)) {
+                            hiddenhosts.push(fromdomain);
+                        }
+                    }
+                }
+            }
+        }
+    }
+    if (shownhosts.length > 0) {
+        for (var i=0; i<shownhosts.length; i++) {
+            if (document.getElementById(context+'_info_'+shownhosts[i])) {
+                document.getElementById(context+'_info_'+shownhosts[i]).style.display = 'block';
+            }
+        }
+        if (document.getElementById(context+'_noprivkey')) {
+            document.getElementById(context+'_noprivkey').style.display = 'none';
+        }
+    } else {
+        if (document.getElementById(context+'_noprivkey')) {
+            document.getElementById(context+'_noprivkey').style.display = 'inline-block';
+        }
+    }
+    if (hiddenhosts.length > 0) {
+        for (var i=0; i<hiddenhosts.length; i++) {
+            if (!shownhosts.includes(hiddenhosts[i])) {
+                if (document.getElementById(context+'_info_'+hiddenhosts[i])) {
+                    document.getElementById(context+'_info_'+hiddenhosts[i]).style.display = 'none';
+                }
+            }
+        }
+    }
+    return;
+}
+
+function togglePrivKey(form,context,hostid) {
+    var radioname = '';
+    var currdivid = '';
+    var newdivid = '';
+    if ((document.getElementById(context+'_divcurrprivkey_'+hostid)) &&
+        (document.getElementById(context+'_divchgprivkey_'+hostid))) {
+        currdivid = document.getElementById(context+'_divcurrprivkey_'+hostid);
+        newdivid = document.getElementById(context+'_divchgprivkey_'+hostid);
+        radioname = form.elements[context+'_changeprivkey_'+hostid];
+        if (radioname) {
+            if (radioname.length > 0) {
+                var setvis;
+                for (var i=0; i<radioname.length; i++) {
+                    if (radioname[i].checked == true) {
+                        if (radioname[i].value == 1) {
+                            newdivid.style.display = 'inline-block';
+                            currdivid.style.display = 'none';
+                            setvis = 1;
+                        }
+                        break;
+                    }
+                }
+                if (!setvis) {
+                    newdivid.style.display = 'none';
+                    currdivid.style.display = 'inline-block';
+                }
+            }
+        }
+    }
+    return;
+}
+
+ENDJS
+
+}
+
+sub ltitools_javascript {
+    my ($settings) = @_;
+    my $togglejs = &ltitools_toggle_js();
+    unless (ref($settings) eq 'HASH') {
+        return $togglejs;
+    }
+    my (%ordered,$total,%jstext);
+    $total = 0;
+    foreach my $item (keys(%{$settings})) {
+        if (ref($settings->{$item}) eq 'HASH') {
+            my $num = $settings->{$item}{'order'};
+            $ordered{$num} = $item;
+        }
+    }
+    $total = scalar(keys(%{$settings}));
+    my @jsarray = ();
+    foreach my $item (sort {$a <=> $b } (keys(%ordered))) {
+        push(@jsarray,$ordered{$item});
+    }
+    my $jstext = '    var ltitools = Array('."'".join("','",@jsarray)."'".');'."\n";
+    return <<"ENDSCRIPT";
+<script type="text/javascript">
+// <![CDATA[
+function reorderLTITools(form,item) {
+    var changedVal;
+$jstext
+    var newpos = 'ltitools_add_pos';
+    var maxh = 1 + $total;
+    var current = new Array;
+    var newitemVal = form.elements[newpos].options[form.elements[newpos].selectedIndex].value;
+    if (item == newpos) {
+        changedVal = newitemVal;
+    } else {
+        changedVal = form.elements[item].options[form.elements[item].selectedIndex].value;
+        current[newitemVal] = newpos;
+    }
+    for (var i=0; i<ltitools.length; i++) {
+        var elementName = 'ltitools_'+ltitools[i];
+        if (elementName != item) {
+            if (form.elements[elementName]) {
+                var currVal = form.elements[elementName].options[form.elements[elementName].selectedIndex].value;
+                current[currVal] = elementName;
+            }
+        }
+    }
+    var oldVal;
+    for (var j=0; j<maxh; j++) {
+        if (current[j] == undefined) {
+            oldVal = j;
+        }
+    }
+    if (oldVal < changedVal) {
+        for (var k=oldVal+1; k<=changedVal ; k++) {
+           var elementName = current[k];
+           form.elements[elementName].selectedIndex = form.elements[elementName].selectedIndex - 1;
+        }
+    } else {
+        for (var k=changedVal; k<oldVal; k++) {
+            var elementName = current[k];
+            form.elements[elementName].selectedIndex = form.elements[elementName].selectedIndex + 1;
+        }
+    }
+    return;
+}
+
+// ]]>
+</script>
+
+$togglejs
+
+ENDSCRIPT
+}
+
+sub ltitools_toggle_js {
+    return <<"ENDSCRIPT";
+<script type="text/javascript">
+// <![CDATA[
+
+function toggleLTITools(form,setting,item) {
+    var radioname = '';
+    var divid = '';
+    if ((setting == 'passback') || (setting == 'roster')) {
+        radioname = 'ltitools_'+setting+'_'+item;
+        divid = 'ltitools_'+setting+'time_'+item;
+        var num = form.elements[radioname].length;
+        if (num) {
+            var setvis = '';
+            for (var i=0; i<num; i++) {
+                if (form.elements[radioname][i].checked) {
+                    if (form.elements[radioname][i].value == '1') {
+                        if (document.getElementById(divid)) {
+                            document.getElementById(divid).style.display = 'inline-block';
+                        }
+                        setvis = 1;
+                    }
+                    break;
+                }
+            }
+        }
+        if (!setvis) {
+            if (document.getElementById(divid)) {
+                document.getElementById(divid).style.display = 'none';
+            }
+        }
+    }
+    if (setting == 'user') {
+        divid = 'ltitools_'+setting+'_div_'+item;
+        var checkid = 'ltitools_'+setting+'_field_'+item;
+        if (document.getElementById(divid)) {
+            if (document.getElementById(checkid)) {
+                if (document.getElementById(checkid).checked) {
+                    document.getElementById(divid).style.display = 'inline-block';
+                } else {
+                    document.getElementById(divid).style.display = 'none';
+                }
+            }
+        }
+    }
+    return;
+}
+// ]]>
+</script>
+
+ENDSCRIPT
+}
+
 sub get_crumb_text {
     my %brcrumbtext = (
                        domain => 'Domain Settings',
@@ -503,4 +1151,271 @@ sub get_crumb_text {
     return %brcrumbtext;
 }
 
+sub publishlogo {
+    my ($r,$action,$formname,$dom,$confname,$subdir,$thumbwidth,$thumbheight,
+        $savefileas,$modified) = @_;
+    my ($output,$fname,$logourl,$madethumb);
+    if ($action eq 'upload') {
+        $fname=$env{'form.'.$formname.'.filename'};
+        chop($env{'form.'.$formname});
+    } else {
+        ($fname) = ($formname =~ /([^\/]+)$/);
+    }
+    if ($savefileas ne '') {
+        $fname = $savefileas;
+    }
+    $fname=&Apache::lonnet::clean_filename($fname);
+# See if there is anything left
+    unless ($fname) { return ('error: no uploaded file'); }
+    $fname="$subdir/$fname";
+    my $docroot=$r->dir_config('lonDocRoot');
+    my $filepath="$docroot/priv";
+    my $relpath = "$dom/$confname";
+    my ($fnamepath,$file,$fetchthumb);
+    $file=$fname;
+    if ($fname=~m|/|) {
+        ($fnamepath,$file) = ($fname =~ m|^(.*)/([^/]+)$|);
+    }
+    my @parts=split(/\//,"$filepath/$relpath/$fnamepath");
+    my $count;
+    for ($count=5;$count<=$#parts;$count++) {
+        $filepath.="/$parts[$count]";
+        if ((-e $filepath)!=1) {
+            mkdir($filepath,02770);
+        }
+    }
+    # Check for bad extension and disallow upload
+    if ($file=~/\.(\w+)$/ &&
+        (&Apache::loncommon::fileembstyle($1) eq 'hdn')) {
+        $output =
+            &mt('Invalid file extension ([_1]) - reserved for internal use.',$1);
+    } elsif ($file=~/\.(\w+)$/ &&
+        !defined(&Apache::loncommon::fileembstyle($1))) {
+        $output = &mt('Unrecognized file extension ([_1]) - rename the file with a proper extension and re-upload.',$1);
+    } elsif ($file=~/\.(\d+)\.(\w+)$/) {
+        $output = &mt('Filename not allowed - rename the file to remove the number immediately before the file extension([_1]) and re-upload.',$2);
+    } elsif (-d "$filepath/$file") {
+        $output = &mt('Filename is a directory name - rename the file and re-upload');
+    } else {
+        my $source = $filepath.'/'.$file;
+        my $logfile;
+        if (!open($logfile,">>",$source.'.log')) {
+            return (&mt('No write permission to Authoring Space'));
+        }
+        print $logfile
+"\n================= Publish ".localtime()." ================\n".
+$env{'user.name'}.':'.$env{'user.domain'}."\n";
+# Save the file
+        if (!open(FH,">",$source)) {
+            &Apache::lonnet::logthis('Failed to create '.$source);
+            return (&mt('Failed to create file'));
+        }
+        if ($action eq 'upload') {
+            if (!print FH ($env{'form.'.$formname})) {
+                &Apache::lonnet::logthis('Failed to write to '.$source);
+                return (&mt('Failed to write file'));
+            }
+        } else {
+            my $original = &Apache::lonnet::filelocation('',$formname);
+            if(!copy($original,$source)) {
+                &Apache::lonnet::logthis('Failed to copy '.$original.' to '.$source);
+                return (&mt('Failed to write file'));
+            }
+        }
+        close(FH);
+        chmod(0660, $source); # Permissions to rw-rw---.
+
+        my $targetdir=$docroot.'/res/'.$dom.'/'.$confname .'/'.$fnamepath;
+        my $copyfile=$targetdir.'/'.$file;
+
+        my @parts=split(/\//,$targetdir);
+        my $path="/$parts[1]/$parts[2]/$parts[3]/$parts[4]";
+        for (my $count=5;$count<=$#parts;$count++) {
+            $path.="/$parts[$count]";
+            if (!-e $path) {
+                print $logfile "\nCreating directory ".$path;
+                mkdir($path,02770);
+            }
+        }
+        my $versionresult;
+        if (-e $copyfile) {
+            $versionresult = &logo_versioning($targetdir,$file,$logfile);
+        } else {
+            $versionresult = 'ok';
+        }
+        if ($versionresult eq 'ok') {
+            if (copy($source,$copyfile)) {
+                print $logfile "\nCopied original source to ".$copyfile."\n";
+                $output = 'ok';
+                $logourl = '/res/'.$dom.'/'.$confname.'/'.$fname;
+                if (ref($modified) eq 'ARRAY') {
+                    push(@{$modified},[$copyfile,$source]);
+                }
+                my $metaoutput =
+                    &write_metadata($dom,$confname,$formname,$targetdir,$file,$logfile);
+            } else {
+                print $logfile "\nUnable to write ".$copyfile.':'.$!."\n";
+                $output = &mt('Failed to copy file to RES space').", $!";
+            }
+            if (($thumbwidth =~ /^\d+$/) && ($thumbheight =~ /^\d+$/)) {
+                my $inputfile = $filepath.'/'.$file;
+                my $outfile = $filepath.'/'.'tn-'.$file;
+                my ($fullwidth,$fullheight) = &Apache::lonnet::check_dimensions($inputfile);
+                if ($fullwidth ne '' && $fullheight ne '') {
+                    if ($fullwidth > $thumbwidth && $fullheight > $thumbheight) {
+                        my $thumbsize = $thumbwidth.'x'.$thumbheight;
+                        my @args = ('convert','-sample',$thumbsize,$inputfile,$outfile);
+                        system({$args[0]} @args);
+                        chmod(0660, $filepath.'/tn-'.$file);
+                        if (-e $outfile) {
+                            my $copyfile=$targetdir.'/tn-'.$file;
+                            if (copy($outfile,$copyfile)) {
+                                print $logfile "\nCopied source to ".$copyfile."\n";
+                                my $thumb_metaoutput =
+                                    &write_metadata($dom,$confname,$formname,
+                                                    $targetdir,'tn-'.$file,$logfile);
+                                if (ref($modified) eq 'ARRAY') {
+                                    push(@{$modified},[$copyfile,$outfile]);
+                                }
+                                $madethumb = 1;
+                            } else {
+                                print $logfile "\nUnable to write ".$copyfile.
+                                               ':'.$!."\n";
+                            }
+                        }
+                    }
+                }
+            }
+        } else {
+            $output = $versionresult;
+        }
+    }
+    return ($output,$logourl,$madethumb);
+}
+
+sub logo_versioning {
+    my ($targetdir,$file,$logfile) = @_;
+    my $target = $targetdir.'/'.$file;
+    my ($maxversion,$fn,$extn,$output);
+    $maxversion = 0;
+    if ($file =~ /^(.+)\.(\w+)$/) {
+        $fn=$1;
+        $extn=$2;
+    }
+    opendir(DIR,$targetdir);
+    while (my $filename=readdir(DIR)) {
+        if ($filename=~/\Q$fn\E\.(\d+)\.\Q$extn\E$/) {
+            $maxversion=($1>$maxversion)?$1:$maxversion;
+        }
+    }
+    $maxversion++;
+    print $logfile "\nCreating old version ".$maxversion."\n";
+    my $copyfile=$targetdir.'/'.$fn.'.'.$maxversion.'.'.$extn;
+    if (copy($target,$copyfile)) {
+        print $logfile "Copied old target to ".$copyfile."\n";
+        $copyfile=$copyfile.'.meta';
+        if (copy($target.'.meta',$copyfile)) {
+            print $logfile "Copied old target metadata to ".$copyfile."\n";
+            $output = 'ok';
+        } else {
+            print $logfile "Unable to write metadata ".$copyfile.':'.$!."\n";
+            $output = &mt('Failed to copy old meta').", $!, ";
+        }
+    } else {
+        print $logfile "Unable to write ".$copyfile.':'.$!."\n";
+        $output = &mt('Failed to copy old target').", $!, ";
+    }
+    return $output;
+}
+
+sub write_metadata {
+    my ($dom,$confname,$formname,$targetdir,$file,$logfile) = @_;
+    my (%metadatafields,%metadatakeys,$output);
+    $metadatafields{'title'}=$formname;
+    $metadatafields{'creationdate'}=time;
+    $metadatafields{'lastrevisiondate'}=time;
+    $metadatafields{'copyright'}='public';
+    $metadatafields{'modifyinguser'}=$env{'user.name'}.':'.
+                                         $env{'user.domain'};
+    $metadatafields{'authorspace'}=$confname.':'.$dom;
+    $metadatafields{'domain'}=$dom;
+    {
+        print $logfile "\nWrite metadata file for ".$targetdir.'/'.$file;
+        my $mfh;
+        if (open($mfh,">",$targetdir.'/'.$file.'.meta')) {
+            foreach (sort(keys(%metadatafields))) {
+                unless ($_=~/\./) {
+                    my $unikey=$_;
+                    $unikey=~/^([A-Za-z]+)/;
+                    my $tag=$1;
+                    $tag=~tr/A-Z/a-z/;
+                    print $mfh "\n\<$tag";
+                    foreach (split(/\,/,$metadatakeys{$unikey})) {
+                        my $value=$metadatafields{$unikey.'.'.$_};
+                        $value=~s/\"/\'\'/g;
+                        print $mfh ' '.$_.'="'.$value.'"';
+                    }
+                    print $mfh '>'.
+                        &HTML::Entities::encode($metadatafields{$unikey},'<>&"')
+                            .'</'.$tag.'>';
+                }
+            }
+            $output = 'ok';
+            print $logfile "\nWrote metadata";
+            close($mfh);
+        } else {
+            print $logfile "\nFailed to open metadata file";
+            $output = &mt('Could not write metadata');
+        }
+    }
+    return $output;
+}
+
+sub change_secret_js {
+    return <<"ENDSCRIPT";
+function toggleChgSecret(form,num,item,name) {
+    var radioname = '';
+    var currdivid = '';
+    var newdivid = '';
+    if ((document.getElementById(name+'_divcurr'+item+'_'+num)) &&
+        (document.getElementById(name+'_divchg'+item+'_'+num))) {
+        currdivid = document.getElementById(name+'_divcurr'+item+'_'+num);
+        newdivid = document.getElementById(name+'_divchg'+item+'_'+num);
+        radioname = form.elements[name+'_change'+item+'_'+num];
+        if (radioname) {
+            if (radioname.length > 0) {
+                var setvis;
+                for (var i=0; i<radioname.length; i++) {
+                    if (radioname[i].checked == true) {
+                        if (radioname[i].value == 1) {
+                            newdivid.style.display = 'inline-block';
+                            currdivid.style.display = 'none';
+                            setvis = 1;
+                        }
+                        break;
+                    }
+                }
+                if (!setvis) {
+                    newdivid.style.display = 'none';
+                    currdivid.style.display = 'inline-block';
+                }
+            }
+        }
+    }
+    return;
+}
+
+function uncheckLinkProtMakeVis(name,item,num) {
+    if (document.getElementById(name+'_'+item+'_'+num)) {
+        var currtype = document.getElementById(name+'_'+item+'_'+num).type;
+        if (currtype.toLowerCase() == 'checkbox') {
+            document.getElementById(name+'_'+item+'_'+num).checked = false;
+        }
+    }
+    return;
+}
+ENDSCRIPT
+
+}
+
 1;