--- loncom/interface/loncreateuser.pm	2007/10/11 02:16:25	1.189
+++ loncom/interface/loncreateuser.pm	2007/10/22 22:16:38	1.190
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Create a user
 #
-# $Id: loncreateuser.pm,v 1.189 2007/10/11 02:16:25 albertel Exp $
+# $Id: loncreateuser.pm,v 1.190 2007/10/22 22:16:38 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -65,6 +65,7 @@ use Apache::lonnet;
 use Apache::loncommon;
 use Apache::lonlocal;
 use Apache::longroup;
+use Apache::lonuserutils;
 use LONCAPA qw(:DEFAULT :match);
 
 my $loginscript; # piece of javascript used in two separate instances
@@ -111,19 +112,6 @@ sub auth_abbrev {
     return %abv_auth;
 }
 
-# ======================================================= Existing Custom Roles
-
-sub my_custom_roles {
-    my %returnhash=();
-    my %rolehash=&Apache::lonnet::dump('roles');
-    foreach my $key (keys %rolehash) {
-	if ($key=~/^rolesdef\_(\w+)$/) {
-	    $returnhash{$1}=$1;
-	}
-    }
-    return %returnhash;
-}
-
 # ==================================================== Figure out author access
 
 sub authorpriv {
@@ -237,21 +225,25 @@ sub print_username_entry_form {
                 'onload' => "javascript:setFormElements(document.$formtoset)",
                     );
     my $start_page =
-	&Apache::loncommon::start_page('Create Users, Change User Privileges',
+	&Apache::loncommon::start_page('User Management',
 				       $jscript,{'add_entries' => \%loaditems,});
-   &Apache::lonhtmlcommon::add_breadcrumb
-     ({href=>"javascript:backPage(document.crtuser)",
-       text=>"User modify/custom role edit",
-       faq=>282,bug=>'Instructor Interface',});
-
+    if ($env{'form.action'} eq 'singleuser') {
+        &Apache::lonhtmlcommon::add_breadcrumb
+          ({href=>"javascript:backPage(document.crtuser)",
+            text=>"Single user search",
+            faq=>282,bug=>'Instructor Interface',});
+    } elsif ($env{'form.action'} eq 'custom') {
+        &Apache::lonhtmlcommon::add_breadcrumb
+          ({href=>"javascript:backPage(document.crtuser)",
+            text=>"Pick custom role",});
+    }
     my $crumbs = &Apache::lonhtmlcommon::breadcrumbs('User Management');
-    my %existingroles=&my_custom_roles();
+    my %existingroles=&Apache::lonuserutils::my_custom_roles();
     my $choice=&Apache::loncommon::select_form('make new role','rolename',
 		('make new role' => 'Generate new role ...',%existingroles));
     my %lt=&Apache::lonlocal::texthash(
                     'srch' => "User Search",
                      or    => "or",
-		    'siur' => "Set Individual User Roles",
 		    'usr'  => "Username",
                     'dom'  => "Domain",
                     'ecrp' => "Edit Custom Role Privileges",
@@ -266,22 +258,24 @@ sub print_username_entry_form {
     if ($sellink) {
         $sellink = "$lt{'or'} ".$sellink;
     } 
-    $r->print("
-$start_page
-$crumbs
-<h2>$lt{siur}$helpsiur</h2>
-<h3>$lt{'srch'} $sellink $lt{'mod'}</h3>
+    $r->print($start_page."\n".$crumbs);
+    if ($env{'form.action'} eq 'singleuser') {
+        $r->print("
+<h3>$lt{'srch'} $sellink $lt{'mod'}$helpsiur</h3>
 $response");
-    $r->print(&entry_form($defdom,$srch,$forcenewuser));
-    if (&Apache::lonnet::allowed('mcr','/')) {
-        $r->print(<<ENDCUSTOM);
+        $r->print(&entry_form($defdom,$srch,$forcenewuser));
+    } elsif ($env{'form.action'} eq 'custom') {
+        if (&Apache::lonnet::allowed('mcr','/')) {
+            $r->print(<<ENDCUSTOM);
 <form action="/adm/createuser" method="post" name="docustom">
+<input type="hidden" name="action" value="$env{'form.action'}" />
 <input type="hidden" name="phase" value="selected_custom_edit" />
-<h2>$lt{'ecrp'}$helpecpr</h2>
+<h3>$lt{'ecrp'}$helpecpr</h3>
 $lt{'nr'}: $choice <input type="text" size="15" name="newrolename" /><br />
 <input name="customeditor" type="submit" value="$lt{'cre'}" />
 </form>
 ENDCUSTOM
+        }
     }
     $r->print(&Apache::loncommon::end_page());
 }
@@ -294,6 +288,7 @@ sub entry_form {
     my $srchbutton = &mt('Search');
     my $output = <<"ENDDOCUMENT";
 <form action="/adm/createuser" method="post" name="crtuser">
+<input type="hidden" name="action" value="$env{'form.action'}" />
 <input type="hidden" name="phase" value="get_user_info" />
 $userpicker
 <input name="userrole" type="button" value="$srchbutton" onclick="javascript:validateEntry(document.crtuser)" />
@@ -331,7 +326,7 @@ END
 
 # =================================================================== Phase two
 sub print_user_selection_page {
-    my ($r,$response,$srch,$srch_results,$context,$srcharray) = @_;
+    my ($r,$response,$srch,$srch_results,$operation,$srcharray) = @_;
     my @fields = ('username','domain','lastname','firstname','permanentemail');
     my $sortby = $env{'form.sortby'};
 
@@ -365,11 +360,11 @@ ENDSCRIPT
                                        'firstname'      => "first name",
                                        'permanentemail' => "permanent e-mail",
                                       );
-    if ($context eq 'createuser') {
-        $r->print(&Apache::loncommon::start_page('Create Users, Change User Privileges',$jscript));
+    if ($operation eq 'createuser') {
+        $r->print(&Apache::loncommon::start_page('User Management',$jscript));
         &Apache::lonhtmlcommon::add_breadcrumb
             ({href=>"javascript:backPage(document.usersrchform,'','')",
-              text=>"User modify/custom role edit",
+              text=>"Create/modify user",
               faq=>282,bug=>'Instructor Interface',},
              {href=>"javascript:backPage(document.usersrchform,'get_user_info','select')",
               text=>"Select User",
@@ -425,9 +420,10 @@ ENDSCRIPT
               ' <input type="hidden" name="seluname" value="" />'."\n".
               ' <input type="hidden" name="seludom" value="" />'."\n".
               ' <input type="hidden" name="currstate" value="select" />'."\n".
-              ' <input type="hidden" name="phase" value="get_user_info" />'."\n");
+              ' <input type="hidden" name="phase" value="get_user_info" />'."\n".
+              ' <input type="hidden" name="action" value="singleuser" />'."\n");
     $r->print($response);
-    if ($context eq 'createuser') {
+    if ($operation eq 'createuser') {
         $r->print('</form>'.&Apache::loncommon::end_page());
     } else {
         $r->print('<input type="hidden" name="action" value="enrollstudent" />'."\n".
@@ -707,18 +703,18 @@ ENDSECCODE
         my ($krbdef,$krbdefdom) =
             &Apache::loncommon::get_kerberos_defaults($ccdomain);
         $javascript_validations = 
-            &Apache::londropadd::javascript_validations('auth',$krbdefdom,undef,
+            &Apache::lonuserutils::javascript_validations('auth',$krbdefdom,undef,
                                                         undef,$ccdomain);
     }
     $js .= "\n".
        '<script type="text/javascript">'."\n".$jsback."\n".
        $javascript_validations.'</script>';
     my $start_page = 
-	&Apache::loncommon::start_page('Create Users, Change User Privileges',
+	&Apache::loncommon::start_page('User Management',
 				       $js,{'add_entries' => \%loaditem,});
     &Apache::lonhtmlcommon::add_breadcrumb
      ({href=>"javascript:backPage(document.cu)",
-       text=>"User modify/custom role edit",
+       text=>"Create/modify user",
        faq=>282,bug=>'Instructor Interface',});
 
     if ($env{'form.phase'} eq 'userpicked') {
@@ -735,7 +731,7 @@ ENDSECCODE
 
     my $forminfo =<<"ENDFORMINFO";
 <form action="/adm/createuser" method="post" name="cu">
-<input type="hidden" name="phase"       value="update_user_data" />
+<input type="hidden" name="phase" value="update_user_data" />
 <input type="hidden" name="ccuname" value="$ccuname" />
 <input type="hidden" name="ccdomain" value="$ccdomain" />
 <input type="hidden" name="pres_value"  value="" />
@@ -759,6 +755,7 @@ ENDFORMINFO
                 'cnu'            => 'Create New User',
                 'ind'            => 'in domain',
                 'lg'             => 'Login Data',
+                'hs'             => "Home Server",
         );
 	$r->print(<<ENDTITLE);
 $start_page
@@ -793,7 +790,7 @@ $lt{'hs'}: $home_server_pick
                 if (ref($rules->{$rulematch}) eq 'HASH') {
                     my $authtype = $rules->{$rulematch}{'authtype'};
                     if ($authtype !~ /^(krb4|krb5|int|fsys|loc)$/) {
-                        $r->print(&set_login($ccdomain));
+                        $r->print(&Apache::lonuserutils::set_login($ccdomain,$authformkrb,$authformint,$authformloc));
                     } else { 
                         my $authparm = $rules->{$rulematch}{'authparm'};
                         if ($authtype =~ /^krb(4|5)$/) {
@@ -819,7 +816,7 @@ KERB
                         }
                     }
                 } else {
-                    $r->print(&set_login($ccdomain));
+                    $r->print(&Apache::lonuserutils::set_login($ccdomain,$authformkrb,$authformint,$authformloc));
                 }
             }
             if ($authmsg) {
@@ -830,7 +827,7 @@ $varauth
 ENDAUTH
             }
         } else {
-            $r->print(&set_login($ccdomain)); 
+            $r->print(&Apache::lonuserutils::set_login($ccdomain,$authformkrb,$authformint,$authformloc)); 
         }
         $r->print(<<ENDPORT);
         $portfolioform
@@ -1129,13 +1126,15 @@ ENDNOPORTPRIV
 "javascript:pjump('."'date_end','End Date Assistant Co-Author',document.cu.end_$cudom\_$cuname\_aa.value,'end_$cudom\_$cuname\_aa','cu.pres','dateset'".')">'.$lt{'sed'}.'</a></td>'."\n".
          &Apache::loncommon::end_data_table_row()."\n".
          &Apache::loncommon::end_data_table());
-    } elsif (!(&authorpriv($env{'user.name'},$env{'request.role.domain'}))) {
-        $r->print('<span class="LC_error">'.
-                  &mt('You do not have privileges to assign co-author roles.').
-                  '</span>');     
-    } elsif (($env{'user.name'} eq $ccuname) && 
+    } elsif ($env{'request.role'} =~ /^au\./) {
+        if (!(&authorpriv($env{'user.name'},$env{'request.role.domain'}))) {
+            $r->print('<span class="LC_error">'.
+                      &mt('You do not have privileges to assign co-author roles.').
+                      '</span>');
+        } elsif (($env{'user.name'} eq $ccuname) && 
              ($env{'user.domain'} eq $ccdomain)) {
-       $r->print(&mt('Assigning yourself a co-author or assistant co-author role in your own author area in Construction Space is not permitted'));  
+           $r->print(&mt('Assigning yourself a co-author or assistant co-author role in your own author area in Construction Space is not permitted'));
+        }
     }
 #
 # Domain level
@@ -1236,7 +1235,7 @@ sub user_authentication {
         );
         if (&Apache::lonnet::allowed('mau',$ccdomain)) {
             &initialize_authen_forms($ccdomain);
-            my $choices = &set_login($ccdomain);
+            my $choices = &Apache::lonuserutils::set_login($ccdomain,$authformkrb,$authformint,$authformloc);
             $outcome = <<ENDBADAUTH;
 <script type="text/javascript" language="Javascript">
 $loginscript
@@ -1307,34 +1306,6 @@ ENDNOPRIV
     return $outcome;
 }
 
-sub set_login {
-    my ($dom) = @_;
-    my %domconfig = &Apache::lonnet::get_dom('configuration',['usercreation'],$dom);
-    my $response;
-    my ($authnum,%can_assign) = 
-        &Apache::loncommon::get_assignable_auth($dom);
-    if ($authnum) {
-        $response = &Apache::loncommon::start_data_table();
-        if (($can_assign{'krb4'}) || ($can_assign{'krb5'})) {
-            $response .= &Apache::loncommon::start_data_table_row().
-                         '<td>'.$authformkrb.'</td>'.
-                         &Apache::loncommon::end_data_table_row()."\n";
-        }
-        if ($can_assign{'int'}) {
-            $response .= &Apache::loncommon::start_data_table_row().
-                         '<td>'.$authformint.'</td>'.
-                         &Apache::loncommon::end_data_table_row()."\n"
-        }
-        if ($can_assign{'loc'}) {
-            $response .= &Apache::loncommon::start_data_table_row().
-                         '<td>'.$authformloc.'</td>'.
-                         &Apache::loncommon::end_data_table_row()."\n";
-        }
-        $response .= &Apache::loncommon::end_data_table();
-    }
-    return $response;
-}
-
 sub modify_login_block {
     my ($dom,$currentauth) = @_;
     my %domconfig = &Apache::lonnet::get_dom('configuration',['usercreation'],$dom);
@@ -1432,7 +1403,6 @@ sub personal_data_display {
                 'generation'     => "Generation",
                 'permanentemail' => "Permanent e-mail address",
                 'id'             => "ID/Student Number",
-                'hs'             => "Home Server",
                 'lg'             => "Login Data"
     );
     my @userinfo = ('firstname','middlename','lastname','generation',
@@ -1498,7 +1468,7 @@ sub update_user_data {
     $r->print(&Apache::loncommon::start_page($title,$jscript));
     &Apache::lonhtmlcommon::add_breadcrumb
        ({href=>"javascript:backPage(document.userupdate)",
-         text=>"User modify/custom role edit",
+         text=>"Create/modify user",
          faq=>282,bug=>'Instructor Interface',});
     if ($env{'form.prevphase'} eq 'userpicked') {
         &Apache::lonhtmlcommon::add_breadcrumb
@@ -1799,6 +1769,7 @@ END
     $r->print('<h3>'.&mt('Modifying Roles').'</h3>');
     foreach my $key (keys (%env)) {
 	next if (! $env{$key});
+        next if ($key eq 'form.action');
 	# Revoke roles
 	if ($key=~/^form\.rev/) {
 	    if ($key=~/^form\.rev\:([^\_]+)\_([^\_\.]+)$/) {
@@ -1990,7 +1961,7 @@ END
                     }
                 }
 	    } else {
-		$r->print('<p>'.&mt('ERROR').': '.&mt('Unknown command').' <tt>'.$key.'</tt></p><br />');
+		$r->print('<p><span class="LC_error">'.&mt('ERROR').': '.&mt('Unknown command').' <tt>'.$key.'</tt></span></p><br />');
             }
             foreach my $key (sort(keys(%disallowed))) {
                 if (($key eq 'none') || ($key eq 'all')) {  
@@ -2024,6 +1995,7 @@ sub update_result_form {
     }
     $outcome .= '<input type="hidden" name="phase" value="" />'."\n".
                 '<input type ="hidden" name="currstate" value="" />'."\n".
+                '<input type ="hidden" name="action" value="singleuser" />'."\n".
                 '</form>';
     return $outcome;
 }
@@ -2108,7 +2080,7 @@ sub custom_role_editor {
 
     $rolename=~s/[^A-Za-z0-9]//gs;
 
-    if (!$rolename) {
+    if (!$rolename || $env{'form.phase'} eq 'pickrole') {
 	&print_username_entry_form($r);
         return;
     }
@@ -2177,8 +2149,8 @@ sub custom_role_editor {
     $head_script .= "\n".$jsback."\n".'</script>'."\n";
     $r->print(&Apache::loncommon::start_page('Custom Role Editor',$head_script));
    &Apache::lonhtmlcommon::add_breadcrumb
-     ({href=>"javascript:backPage(document.form1,'','')",
-       text=>"User modify/custom role edit",
+     ({href=>"javascript:backPage(document.form1,'pickrole','')",
+       text=>"Pick custom role",
        faq=>282,bug=>'Instructor Interface',},
       {href=>"javascript:backPage(document.form1,'','')",
          text=>"Edit custom role",
@@ -2221,6 +2193,7 @@ ENDCCF
              &Apache::loncommon::end_data_table_row());
     }
     $r->print(&Apache::loncommon::end_data_table().
+   '<input type="hidden" name="action" value="'.$env{'form.action'}.'" />'.
    '<input type="hidden" name="startrolename" value="'.$env{'form.rolename'}.
    '" />'."\n".'<input type="hidden" name="currstate" value="" />'."\n".   
    '<input type="reset" value="'.&mt("Reset").'" />'."\n".
@@ -2302,23 +2275,19 @@ sub make_button_code {
 # ---------------------------------------------------------- Call to definerole
 sub set_custom_role {
     my ($r) = @_;
-
     my $rolename=$env{'form.rolename'};
-
     $rolename=~s/[^A-Za-z0-9]//gs;
-
     if (!$rolename) {
-	&print_username_entry_form($r);
+	&custom_role_editor($r);
         return;
     }
-
     my ($jsback,$elements) = &crumb_utilities();
     my $jscript = '<script type="text/javascript">'.$jsback."\n".'</script>';
 
     $r->print(&Apache::loncommon::start_page('Save Custom Role'),$jscript);
     &Apache::lonhtmlcommon::add_breadcrumb
-        ({href=>"javascript:backPage(document.customresult,'','')",
-          text=>"User modify/custom role edit",
+        ({href=>"javascript:backPage(document.customresult,'pickrole','')",
+          text=>"Pick custom role",
           faq=>282,bug=>'Instructor Interface',},
          {href=>"javascript:backPage(document.customresult,'selected_custom_edit','')",
           text=>"Edit custom role",
@@ -2381,7 +2350,7 @@ sub set_custom_role {
 						$env{'user.name'},
 						$rolename));
     }
-    $r->print('<p><a href="/adm/createuser">Create another role, or Create/Modify a user.</a></p><form name="customresult" method="post">');
+    $r->print('<p><a href="javascript:backPage(document.customresult,'."'pickrole'".')">'.&mt('Create or edit another custom role').'</a></p><form name="customresult" method="post">');
     $r->print(&Apache::lonhtmlcommon::echo_form_input([]).'</form>');
     $r->print(&Apache::loncommon::end_page());
 }
@@ -2389,84 +2358,290 @@ sub set_custom_role {
 # ================================================================ Main Handler
 sub handler {
     my $r = shift;
-
     if ($r->header_only) {
        &Apache::loncommon::content_type($r,'text/html');
        $r->send_http_header;
        return OK;
     }
+    my $context;
+    if ($env{'request.course.id'}) {
+        $context = 'course';
+    } elsif ($env{'request.role'} =~ /^au\./) {
+        $context = 'construction_space';
+    } else {
+        $context = 'domain';
+    }
+    &Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'},
+                                            ['action','state']);
+    &Apache::lonhtmlcommon::clear_breadcrumbs();
+    &Apache::lonhtmlcommon::add_breadcrumb
+        ({href=>"/adm/createuser",
+          text=>"User Management"});
+    my ($permission,$allowed) = &get_permission($context);
+    if (!$allowed) {
+        $env{'user.error.msg'}=
+            "/adm/createuser:cst:0:0:Cannot create/modify user data ".
+                                 "or view user status.";
+        return HTTP_NOT_ACCEPTABLE;
+    }
+
+    &Apache::loncommon::content_type($r,'text/html');
+    $r->send_http_header;
+
+    # Main switch on form.action and form.state, as appropriate
+    if (! exists($env{'form.action'})) {
+        $r->print(&header());
+        $r->print(&Apache::lonhtmlcommon::breadcrumbs('User Management'));
+        $r->print(&print_main_menu($permission));
+        $r->print(&Apache::loncommon::end_page());
+    } elsif ($env{'form.action'} eq 'upload' && $permission->{'cusr'}) {
+        $r->print(&header());
+        &Apache::lonhtmlcommon::add_breadcrumb
+            ({href=>'/adm/createuser?action=upload&state=',
+              text=>"Upload Users List"});
+        $r->print(&Apache::lonhtmlcommon::breadcrumbs('Upload Users List',
+                                                   'User_Management_Upload'));
+        $r->print('<form name="studentform" method="post" '.
+                  'enctype="multipart/form-data" '.
+                  ' action="/adm/createuser">'."\n");
+        if (! exists($env{'form.state'})) {
+            &Apache::lonuserutils::print_first_users_upload_form($r,$context);
+        } elsif ($env{'form.state'} eq 'got_file') {
+            &Apache::lonuserutils::print_upload_manager_form($r,$context);
+        } elsif ($env{'form.state'} eq 'enrolling') {
+            if ($env{'form.datatoken'}) {
+                &Apache::lonuserutils::upfile_drop_add($r,$context);
+            }
+        } else {
+            &Apache::lonuserutils::print_first_users_upload_form($r,$context);
+        }
+        $r->print('</form>'.&Apache::loncommon::end_page());
+    } elsif ($env{'form.action'} eq 'expire' && $permission->{'cusr'}) {
+        $r->print(&header());
+        &Apache::lonhtmlcommon::add_breadcrumb
+            ({href=>'/adm/createuser?action=expire',
+              text=>"Expire User Roles"});
+        $r->print(&Apache::lonhtmlcommon::breadcrumbs('Expire User Roles',
+                                                      'User_Management_Drops'));
+        if (! exists($env{'form.state'})) {
+            &Apache::lonuserutils::print_expire_menu($r,$context);
+        } elsif ($env{'form.state'} eq 'done') {
+            &Apache::lonuserutils::expire_user_list($r);
+        } else {
+            &Apache::lonuserutils::print_expire_menu($r,$context);
+        }
+        $r->print(&Apache::loncommon::end_page());
+    } elsif ($env{'form.action'} eq 'singleuser' && $permission->{'cusr'}) {
+        my $phase = $env{'form.phase'};
+        my @search = ('srchterm','srchby','srchin','srchtype','srchdomain');
+
+        if (($phase eq 'get_user_info') || ($phase eq 'userpicked')) {
+            my $srch;
+            foreach my $item (@search) {
+                $srch->{$item} = $env{'form.'.$item};
+            }
+            if ($env{'form.phase'} eq 'get_user_info') {
+                my ($currstate,$response,$forcenewuser,$results) = 
+                    &user_search_result($srch);
+                if ($env{'form.currstate'} eq 'modify') {
+                    $currstate = $env{'form.currstate'};
+                }
+                if ($currstate eq 'select') {
+                    &print_user_selection_page($r,$response,$srch,$results,
+                                               'createuser',\@search);
+                } elsif ($currstate eq 'modify') {
+                    my ($ccuname,$ccdomain);
+                    if (($srch->{'srchby'} eq 'uname') && 
+                        ($srch->{'srchtype'} eq 'exact')) {
+                        $ccuname = $srch->{'srchterm'};
+                        $ccdomain= $srch->{'srchdomain'};
+                    } else {
+                        my @matchedunames = keys(%{$results});
+                        ($ccuname,$ccdomain) = split(/:/,$matchedunames[0]);
+                    }
+                    $ccuname =&LONCAPA::clean_username($ccuname);
+                    $ccdomain=&LONCAPA::clean_domain($ccdomain);
+                    if ($env{'form.forcenewuser'}) {
+                        $response = '';
+                    }
+                    &print_user_modification_page($r,$ccuname,$ccdomain,
+                                                  $srch,$response);
+                } elsif ($currstate eq 'query') {
+                    &print_user_query_page($r,'createuser');
+                } else {
+                    &print_username_entry_form($r,$response,$srch,
+                                               $forcenewuser);
+                }
+            } elsif ($env{'form.phase'} eq 'userpicked') {
+                my $ccuname = &LONCAPA::clean_username($env{'form.seluname'});
+                my $ccdomain = &LONCAPA::clean_domain($env{'form.seludom'});
+                &print_user_modification_page($r,$ccuname,$ccdomain,$srch);
+            }
+        } elsif ($env{'form.phase'} eq 'update_user_data') {
+            &update_user_data($r);
+        } else {
+            &print_username_entry_form($r);
+        }
+    } elsif ($env{'form.action'} eq 'custom' && $permission->{'custom'}) {
+        if ($env{'form.phase'} eq 'set_custom_roles') {
+            &set_custom_role($r);
+        } else {
+            &custom_role_editor($r);
+        }
+    } elsif ($env{'form.action'} eq 'listusers' && $permission->{'view'}) {
+        $r->print(&header());
+        &Apache::lonhtmlcommon::add_breadcrumb
+            ({href=>'/adm/createuser?action=listusers',
+              text=>"List Users' Roles"});
+        $r->print(&Apache::lonhtmlcommon::breadcrumbs("List Users' Roles",
+                                                      'User_Management_List'));
+        if (! exists($env{'form.state'})) {
+            &Apache::lonuserutils::print_html_classlist($r,undef,$permission);
+        } elsif ($env{'form.state'} eq 'csv') {
+            &Apache::lonuserutils::print_html_classlist($r,'csv',$permission);
+        } elsif ($env{'form.state'} eq 'excel') {
+            &Apache::lonuserutils::print_html_classlist($r,'excel',$permission);
+        } else {
+            &Apache::lonuserutils::print_html_classlist($r,undef,$permission);
+        }
+        $r->print(&Apache::loncommon::end_page());
+    } elsif ($env{'form.action'} eq 'expire' && $permission->{'cusr'}) {
+        $r->print(&header());
+        &Apache::lonhtmlcommon::add_breadcrumb
+            ({href=>'/adm/createuser?action=drop',
+              text=>"Expire Users"});
+        $r->print(&Apache::lonhtmlcommon::breadcrumbs('Expire User Roles',
+                                                      'User_Management_Drops'));
+        if (! exists($env{'form.state'})) {
+            &Apache::lonuserutils::print_expire_menu($r,$context);
+        } elsif ($env{'form.state'} eq 'done') {
+            &Apache::lonuserutiles::expire_user_list($r);
+        } else {
+            &print_expire_menu($r,$context);
+        }
+        $r->print(&Apache::loncommon::end_page());
+    } else {
+        $r->print(&header());
+        $r->print(&Apache::lonhtmlcommon::breadcrumbs('User Management'));            $r->print(&print_main_menu($permission));
+        $r->print(&Apache::loncommon::end_page());
+    }
+    return OK;
+}
+
+sub header {
+    my ($jscript,$loaditems) = @_;
+    my $start_page;
+    if (ref($loaditems) eq 'HASH') {
+        $start_page=&Apache::loncommon::start_page('User Management',$jscript,{'add_entries' => $loaditems,});
+    } else {
+        $start_page=&Apache::loncommon::start_page('User Management',$jscript);
+    }
+    return $start_page;
+}
 
-    if ((&Apache::lonnet::allowed('cta',$env{'request.course.id'})) ||
-        (&Apache::lonnet::allowed('cin',$env{'request.course.id'})) || 
-        (&Apache::lonnet::allowed('ccr',$env{'request.course.id'})) || 
-        (&Apache::lonnet::allowed('cep',$env{'request.course.id'})) ||
-	(&authorpriv($env{'user.name'},$env{'request.role.domain'})) ||
-        (&Apache::lonnet::allowed('mau',$env{'request.role.domain'}))) {
-       &Apache::loncommon::content_type($r,'text/html');
-       $r->send_http_header;
-       &Apache::lonhtmlcommon::clear_breadcrumbs();
-      
-       my $phase = $env{'form.phase'};
-       my @search = ('srchterm','srchby','srchin','srchtype','srchdomain');
-       
-       &Apache::loncreateuser::restore_prev_selections();
-       my $srch;
-       foreach my $item (@search) {
-	   $srch->{$item} = $env{'form.'.$item};
-       }
-
-       if (($phase eq 'get_user_info') || ($phase eq 'userpicked')) {
-
-           if ($env{'form.phase'} eq 'get_user_info') {
-               my ($currstate,$response,$forcenewuser,$results) = 
-                   &user_search_result($srch);
-               if ($env{'form.currstate'} eq 'modify') {
-                   $currstate = $env{'form.currstate'};
-               }
-               if ($currstate eq 'select') {
-                   &print_user_selection_page($r,$response,$srch,$results,'createuser',\@search);
-               } elsif ($currstate eq 'modify') {
-                   my ($ccuname,$ccdomain);
-                   if (($srch->{'srchby'} eq 'uname') && 
-                       ($srch->{'srchtype'} eq 'exact')) {
-                       $ccuname = $srch->{'srchterm'};
-                       $ccdomain= $srch->{'srchdomain'};
-                   } else {
-                       my @matchedunames = keys(%{$results});
-                       ($ccuname,$ccdomain) = split(/:/,$matchedunames[0]);
-                   }
-                   $ccuname =&LONCAPA::clean_username($ccuname);
-                   $ccdomain=&LONCAPA::clean_domain($ccdomain);
-                   if ($env{'form.forcenewuser'}) {
-                       $response = '';
-                   }   
-                   &print_user_modification_page($r,$ccuname,$ccdomain,$srch,
-                                                 $response);
-               } elsif ($currstate eq 'query') {
-                   &print_user_query_page($r,'createuser');
-               } else {
-                   &print_username_entry_form($r,$response,$srch,$forcenewuser);
-               }
-           } elsif ($env{'form.phase'} eq 'userpicked') {
-               my $ccuname = &LONCAPA::clean_username($env{'form.seluname'});
-               my $ccdomain = &LONCAPA::clean_domain($env{'form.seludom'});
-               &print_user_modification_page($r,$ccuname,$ccdomain,$srch);
-           }
-       } elsif ($env{'form.phase'} eq 'update_user_data') {
-           &update_user_data($r);
-       } elsif ($env{'form.phase'} eq 'selected_custom_edit') {
-           &custom_role_editor($r);
-       } elsif ($env{'form.phase'} eq 'set_custom_roles') {
-	   &set_custom_role($r);
-       } else {
-           &print_username_entry_form($r,undef,$srch);
-       }
-   } else {
-      $env{'user.error.msg'}=
-        "/adm/createuser:mau:0:0:Cannot modify user data";
-      return HTTP_NOT_ACCEPTABLE; 
-   }
-   return OK;
+###############################################################
+###############################################################
+#  Menu Phase One
+sub print_main_menu {
+    my ($permission) = @_;
+    my @menu =
+        (
+          { text => 'Upload a File of Users to Set Roles',
+            help => 'User_Management_Upload',
+            action => 'upload',
+            permission => $permission->{'cusr'},
+            },
+          { text => 'Set User Roles for an Individual User',
+            help => 'User_Management_Single_User',
+            action => 'singleuser',
+            permission => $permission->{'cusr'},
+            },
+#          { text => 'Display User Roles for Multiple Users',
+#            help => 'User_Management_List',
+#            action => 'listusers',
+#            permission => $permission->{'view'},
+#            },
+#          { text => 'Expire User Roles ',
+#            help => 'User_Management_Drops',
+#            action => 'expire',
+#            permission => $permission->{'cusr'},
+#            },
+          { text => 'Edit Custom Roles',
+            help => 'Custom_Role_Edit',
+            action => 'custom',
+            permission => $permission->{'custom'},
+          },
+        );
+    my $menu_html = '';
+    foreach my $menu_item (@menu) {
+        next if (! $menu_item->{'permission'});
+        $menu_html.='<p>';
+        $menu_html.='<font size="+1">';
+        if (exists($menu_item->{'url'})) {
+            $menu_html.=qq{<a href="$menu_item->{'url'}">};
+        } else {
+            $menu_html.=
+                qq{<a href="/adm/createuser?action=$menu_item->{'action'}">};
+        }
+        $menu_html.= &mt($menu_item->{'text'}).'</a></font>';
+        if (exists($menu_item->{'help'})) {
+            $menu_html.=
+                &Apache::loncommon::help_open_topic($menu_item->{'help'});
+        }
+        $menu_html.='</p>';
+    }
+    return $menu_html;
+}
+
+sub get_permission {
+    my ($context) = @_;
+    my %permission;
+    if ($context eq 'course') {
+        if ((&Apache::lonnet::allowed('cta',$env{'request.course.id'})) ||
+            (&Apache::lonnet::allowed('cin',$env{'request.course.id'})) ||
+            (&Apache::lonnet::allowed('ccr',$env{'request.course.id'})) ||
+            (&Apache::lonnet::allowed('cep',$env{'request.course.id'})) ||
+            (&Apache::lonnet::allowed('cst',$env{'request.course.id'}))) {
+            $permission{'cusr'} = 1;
+            $permission{'view'} =
+                 &Apache::lonnet::allowed('vcl',$env{'request.course.id'});
+
+        }
+        if (&Apache::lonnet::allowed('ccr',$env{'request.course.id'})) {
+            $permission{'custom'} = 1;
+        }
+        if (&Apache::lonnet::allowed('vcl',$env{'request.course.id'})) {
+            $permission{'view'} = 1;
+            if (!$permission{'view'}) {
+                my $scope = $env{'request.course.id'}.'/'.$env{'request.course.sec'};
+                $permission{'view'} =  &Apache::lonnet::allowed('vcl',$scope);
+                if ($permission{'view'}) {
+                    $permission{'view_section'} = $env{'request.course.sec'};
+                }
+            }
+        }
+    } elsif ($context eq 'construction_space') {
+        $permission{'cusr'} = &authorpriv($env{'user.name'},$env{'request.role.domain'});
+        $permission{'view'} = $permission{'cusr'};
+    } else {
+        if ((&Apache::lonnet::allowed('cad',$env{'request.role.domain'})) ||
+            (&Apache::lonnet::allowed('cli',$env{'request.role.domain'})) ||
+            (&Apache::lonnet::allowed('cau',$env{'request.role.domain'})) ||
+            (&Apache::lonnet::allowed('csc',$env{'request.role.domain'})) ||
+            (&Apache::lonnet::allowed('cdg',$env{'request.role.domain'})) || 
+            (&Apache::lonnet::allowed('mau',$env{'request.role.domain'}))) {
+            $permission{'cusr'} = 1;
+        }
+        if (&Apache::lonnet::allowed('ccr',$env{'request.role.domain'})) {
+            $permission{'custom'} = 1;
+        }
+        $permission{'view'} = $permission{'cusr'};
+    }
+    my $allowed = 0;
+    foreach my $perm (values(%permission)) {
+        if ($perm) { $allowed=1; last; }
+    }
+    return (\%permission,$allowed);
 }
 
 sub restore_prev_selections {
@@ -2898,7 +3073,7 @@ sub course_level_table {
     my $table = '';
 # Custom Roles?
 
-    my %customroles=&my_custom_roles();
+    my %customroles=&Apache::lonuserutils::my_custom_roles();
     my %lt=&Apache::lonlocal::texthash(
             'exs'  => "Existing sections",
             'new'  => "Define new section",
@@ -3045,7 +3220,7 @@ sub course_sections {
 
 sub course_level_dc {
     my ($dcdom) = @_;
-    my %customroles=&my_custom_roles();
+    my %customroles=&Apache::lonuserutils::my_custom_roles();
     my $hiddenitems = '<input type="hidden" name="dcdomain" value="'.$dcdom.'" />'.
                       '<input type="hidden" name="origdom" value="'.$dcdom.'" />'.
                       '<input type="hidden" name="dccourse" value="" />';