--- loncom/interface/loncreateuser.pm	2002/08/23 19:43:11	1.42
+++ loncom/interface/loncreateuser.pm	2003/02/13 21:35:50	1.48
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Create a user
 #
-# $Id: loncreateuser.pm,v 1.42 2002/08/23 19:43:11 matthew Exp $
+# $Id: loncreateuser.pm,v 1.48 2003/02/13 21:35:50 albertel Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -44,10 +44,9 @@
 # 2/14,2/17,2/19,2/20,2/21,2/22,2/23,3/2,3/17,3/24,04/12 Gerd Kortemeyer
 # April Guy Albertelli
 # 05/10,10/16 Gerd Kortemeyer 
-# 11/12,11/13,11/15 Scott Harrison
 # 02/11/02 Matthew Hall
 #
-# $Id: loncreateuser.pm,v 1.42 2002/08/23 19:43:11 matthew Exp $
+# $Id: loncreateuser.pm,v 1.48 2003/02/13 21:35:50 albertel Exp $
 ###
 
 package Apache::loncreateuser;
@@ -71,15 +70,30 @@ BEGIN {
     my %param = ( formname => 'document.cu',
                   kerb_def_dom => $krbdefdom 
                   );
-    $loginscript  = &Apache::loncommon::authform_header(%param);
+# no longer static due to configurable kerberos defaults
+#    $loginscript  = &Apache::loncommon::authform_header(%param);
     $generalrule  = &Apache::loncommon::authform_authorwarning(%param);
     $authformnop  = &Apache::loncommon::authform_nochange(%param);
-    $authformkrb  = &Apache::loncommon::authform_kerberos(%param);
+# no longer static due to configurable kerberos defaults
+#    $authformkrb  = &Apache::loncommon::authform_kerberos(%param);
     $authformint  = &Apache::loncommon::authform_internal(%param);
     $authformfsys = &Apache::loncommon::authform_filesystem(%param);
     $authformloc  = &Apache::loncommon::authform_local(%param);
 }
 
+
+
+# ==================================================== Figure out author access
+
+sub authorpriv {
+    my ($auname,$audom)=@_;
+    if (($auname ne $ENV{'user.name'}) ||
+        (($audom ne $ENV{'user.domain'}) &&
+         ($audom ne $ENV{'request.role.domain'}))) { return ''; }
+    unless (&Apache::lonnet::allowed('cca',$audom)) { return ''; }
+    return 1;
+}
+
 # =================================================================== Phase one
 
 sub print_username_entry_form {
@@ -89,17 +103,24 @@ sub print_username_entry_form {
     my $domform = &Apache::loncommon::select_dom_form($defdom,'ccdomain');
     my $bodytag =&Apache::loncommon::bodytag(
                                   'Create Users, Change User Privileges');
+    my $selscript=&Apache::loncommon::studentbrowser_javascript();
+    my $sellink=&Apache::loncommon::selectstudent_link
+                                        ('crtuser','ccuname','ccdomain');
     $r->print(<<"ENDDOCUMENT");
 <html>
 <head>
 <title>The LearningOnline Network with CAPA</title>
+$selscript
 </head>
 $bodytag
-<form action="/adm/createuser" method="post">
+<form action="/adm/createuser" method="post" name="crtuser">
 <input type="hidden" name="phase" value="get_user_info">
 <p>
-Username: <input type="text" size="15" name="ccuname"><br>
-Domain: $domform 
+<table>
+<tr><td>Username:</td><td><input type="text" size="15" name="ccuname">
+</td><td rowspan="2">$sellink</td></tr><tr><td>
+Domain:</td><td>$domform</td></tr>
+</table> 
 </p>
 <input type="submit" value="Continue">
 </form>
@@ -114,15 +135,17 @@ sub print_user_modification_page {
     my $ccuname=$ENV{'form.ccuname'};
     my $ccdomain=$ENV{'form.ccdomain'};
 
-    $ENV{'SERVER_NAME'}=~/(\w+\.\w+)$/;
-    my $krbdefdom=$1;
-    $krbdefdom=~tr/a-z/A-Z/;
+    my $defdom=$ENV{'request.role.domain'};
+
+    my ($krbdef,$krbdefdom) =
+       &Apache::loncommon::get_kerberos_defaults($defdom);
+
     my %param = ( formname => 'document.cu',
-                  kerb_def_dom => $krbdefdom 
+                  kerb_def_dom => $krbdefdom,
+                  kerb_def_auth => $krbdef
                   );
     $loginscript  = &Apache::loncommon::authform_header(%param);
-
-    my $defdom=$ENV{'request.role.domain'};
+    $authformkrb  = &Apache::loncommon::authform_kerberos(%param);
 
     $ccuname=~s/\W//g;
     $ccdomain=~s/\W//g;
@@ -294,18 +317,12 @@ END
                        }
                    }
                }
-               # I have no idea what the hell the above code does
-               # So the following is a check:
-               if ($allowed) {
-                   # If we are looking at a co-author role, make sure it is 
-                   # for the current users construction space before we let 
-                   # them revoke it.
-                   if (($role_code eq 'ca') && 
-                       ($ENV{'request.role'} !~ /^dc/)) {
-                       if ($area !~ 
-                           /^\/$ENV{'request.role.domain'}\/$ENV{'user.name'}/) {
-                           $allowed = 0;
-                       }
+               if ($role_code eq 'ca') {
+                   $area=~/\/(\w+)\/(\w+)/;
+		   if (&authorpriv($2,$1)) {
+		       $allowed=1;
+                   } else {
+                       $allowed=0;
                    }
                }
                my $row = '';
@@ -331,7 +348,7 @@ END
 	my $currentauth=&Apache::lonnet::queryauthenticate($ccuname,$ccdomain);
 	if ($currentauth=~/^krb(4|5):/) {
 	    $currentauth=~/^krb(4|5):(.*)/;
-	    my $krbdefdom2=$1;
+	    my $krbdefdom=$1;
             my %param = ( formname => 'document.cu',
                           kerb_def_dom => $krbdefdom 
                           );
@@ -427,7 +444,9 @@ ENDOTHERAUTHS
 #
 # Co-Author
 # 
-    if (&Apache::lonnet::allowed('cca',$ENV{'request.role.domain'})) {
+    if (&authorpriv($ENV{'user.name'},$ENV{'request.role.domain'}) &&
+        ($ENV{'user.name'} ne $ccuname || $ENV{'user.domain'} ne $ccdomain)) {
+        # No sense in assigning co-author role to yourself
 	my $cuname=$ENV{'user.name'};
         my $cudom=$ENV{'request.role.domain'};
        $r->print(<<ENDCOAUTH);