--- loncom/interface/loncreateuser.pm	2017/01/28 03:48:44	1.432
+++ loncom/interface/loncreateuser.pm	2017/11/04 20:23:23	1.447
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Create a user
 #
-# $Id: loncreateuser.pm,v 1.432 2017/01/28 03:48:44 raeburn Exp $
+# $Id: loncreateuser.pm,v 1.447 2017/11/04 20:23:23 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -647,7 +647,8 @@ sub curr_requestauthor {
 # =================================================================== Phase one
 
 sub print_username_entry_form {
-    my ($r,$context,$response,$srch,$forcenewuser,$crstype,$brcrum) = @_;
+    my ($r,$context,$response,$srch,$forcenewuser,$crstype,$brcrum,
+        $permission) = @_;
     my $defdom=$env{'request.role.domain'};
     my $formtoset = 'crtuser';
     if (exists($env{'form.startrolename'})) {
@@ -673,11 +674,25 @@ sub print_username_entry_form {
     }
     my $helpitem = 'Course_Change_Privileges';
     if ($env{'form.action'} eq 'custom') {
-        $helpitem = 'Course_Editing_Custom_Roles';
+        if ($context eq 'course') {
+            $helpitem = 'Course_Editing_Custom_Roles';
+        } elsif ($context eq 'domain') {
+            $helpitem = 'Domain_Editing_Custom_Roles';
+        }
     } elsif ($env{'form.action'} eq 'singlestudent') {
         $helpitem = 'Course_Add_Student';
     } elsif ($env{'form.action'} eq 'accesslogs') {
         $helpitem = 'Domain_User_Access_Logs';
+    } elsif ($context eq 'author') {
+        $helpitem = 'Author_Change_Privileges';
+    } elsif ($context eq 'domain') {
+        if ($permission->{'cusr'}) {
+            $helpitem = 'Domain_Change_Privileges';
+        } elsif ($permission->{'view'}) {
+            $helpitem = 'Domain_View_Privileges';
+        } else {
+            undef($helpitem);
+        }
     }
     my %breadcrumb_text = &singleuser_breadcrumb($crstype,$context,$defdom);
     if ($env{'form.action'} eq 'custom') {
@@ -755,6 +770,7 @@ sub print_username_entry_form {
         }
     } else {
         my $actiontext = $lt{'srad'};
+        my $fixeddom;
         if ($env{'form.action'} eq 'singlestudent') {
             if ($crstype eq 'Community') {
                 $actiontext = $lt{'srme'};
@@ -763,9 +779,11 @@ sub print_username_entry_form {
             }
         } elsif ($env{'form.action'} eq 'accesslogs') {
             $actiontext = $lt{'srva'};
+            $fixeddom = 1;
         } elsif (($env{'form.action'} eq 'singleuser') &&
                  ($context eq 'domain') && (!&Apache::lonnet::allowed('mau',$defdom))) {
             $actiontext = $lt{'srvu'};
+            $fixeddom = 1;
         }
         $r->print("<h3>$actiontext</h3>");
         if ($env{'form.origform'} ne 'crtusername') {
@@ -774,7 +792,7 @@ sub print_username_entry_form {
                          '<br clear="all" />');
             }
         }
-        $r->print(&entry_form($defdom,$srch,$forcenewuser,$context,$response,$crstype,1));
+        $r->print(&entry_form($defdom,$srch,$forcenewuser,$context,$response,$crstype,$fixeddom));
     }
 }
 
@@ -833,11 +851,16 @@ sub entry_form {
             $inexact = 1;
         }
     }
-    my $cancreate =
-        &Apache::lonuserutils::can_create_user($dom,$context,$usertype);
+    my ($cancreate,$noinstd);
+    if ($env{'form.action'} eq 'accesslogs') {
+        $noinstd = 1;
+    } else {
+        $cancreate =
+            &Apache::lonuserutils::can_create_user($dom,$context,$usertype);
+    }
     my ($userpicker,$cansearch) = 
        &Apache::loncommon::user_picker($dom,$srch,$forcenewuser,
-                                       'document.crtuser',$cancreate,$usertype,$context,$fixeddom);
+                                       'document.crtuser',$cancreate,$usertype,$context,$fixeddom,$noinstd);
     my $srchbutton = &mt('Search');
     if ($env{'form.action'} eq 'singlestudent') {
         $srchbutton = &mt('Search and Enroll');
@@ -863,7 +886,15 @@ ENDBLOCK
         (!(($env{'form.action'} eq 'singleuser') && ($context eq 'domain') &&
         (!&Apache::lonnet::allowed('mau',$env{'request.role.domain'}))))) {
         my $defdom=$env{'request.role.domain'};
-        my $domform = &Apache::loncommon::select_dom_form($defdom,'srchdomain');
+        my ($trusted,$untrusted);
+        if ($context eq 'course') {
+            ($trusted,$untrusted) = &Apache::lonnet::trusted_domains('enroll',$defdom);
+        } elsif ($context eq 'author') {
+            ($trusted,$untrusted) = &Apache::lonnet::trusted_domains('othcoau',$defdom);
+        } elsif ($context eq 'domain') {
+            ($trusted,$untrusted) = &Apache::lonnet::trusted_domains('domroles',$defdom); 
+        }
+        my $domform = &Apache::loncommon::select_dom_form($defdom,'srchdomain',undef,undef,undef,$trusted,$untrusted);
         my %lt=&Apache::lonlocal::texthash(
                   'enro' => 'Enroll one student',
                   'enrm' => 'Enroll one member',
@@ -999,6 +1030,10 @@ ENDSCRIPT
             $helpitem = 'Course_Change_Privileges';
         } elsif ($env{'form.action'} eq 'singlestudent') {
             $helpitem = 'Course_Add_Student';
+        } elsif ($context eq 'author') {
+            $helpitem = 'Author_Change_Privileges';
+        } elsif ($context eq 'domain') {
+            $helpitem = 'Domain_Change_Privileges';
         }
         push (@{$brcrum},
                   {href => "javascript:backPage(document.usersrchform,'','')",
@@ -1044,7 +1079,7 @@ ENDSCRIPT
             $r->print('</h3>');
         } elsif ($env{'form.action'} eq 'accesslogs') {
             $r->print("<b>$lt{'srcva'}</b><br />");
-            $r->print(&entry_form($srch->{'srchdomain'},$srch,undef,'accesslogs',undef,undef,1));
+            $r->print(&entry_form($srch->{'srchdomain'},$srch,undef,$context,undef,undef,1));
             $r->print('<h3>'.$lt{'vacsel'}.'</h3>');
         }
     }
@@ -1125,7 +1160,8 @@ sub print_user_modification_page {
     if (($ccuname eq '') || ($ccdomain eq '')) {
         my $usermsg = &mt('No username and/or domain provided.');
         $env{'form.phase'} = '';
-	&print_username_entry_form($r,$context,$usermsg,'','',$crstype,$brcrum);
+	&print_username_entry_form($r,$context,$usermsg,'','',$crstype,$brcrum,
+                                   $permission);
         return;
     }
     my ($form,$formname);
@@ -1174,7 +1210,8 @@ sub print_user_modification_page {
             }
             $response .= '</p><br />';
             $env{'form.phase'} = '';
-            &print_username_entry_form($r,$context,$response,undef,undef,$crstype,$brcrum);
+            &print_username_entry_form($r,$context,$response,undef,undef,$crstype,$brcrum,
+                                       $permission);
             return;
         }
         $newuser = 1;
@@ -1198,7 +1235,8 @@ sub print_user_modification_page {
                             'username');
                     }
                     $env{'form.phase'} = '';
-                    &print_username_entry_form($r,$context,$userchkmsg,undef,undef,$crstype,$brcrum);
+                    &print_username_entry_form($r,$context,$userchkmsg,undef,undef,$crstype,$brcrum,
+                                               $permission);
                     return;
                 }
             }
@@ -1223,6 +1261,10 @@ sub print_user_modification_page {
     my $helpitem = 'Course_Change_Privileges';
     if ($env{'form.action'} eq 'singlestudent') {
         $helpitem = 'Course_Add_Student';
+    } elsif ($context eq 'author') {
+        $helpitem = 'Author_Change_Privileges';
+    } elsif ($context eq 'domain') {
+        $helpitem = 'Domain_Change_Privileges';
     }
     push (@{$brcrum},
         {href => "javascript:backPage($form)",
@@ -1442,8 +1484,10 @@ ENDAUTH
             if ($env{'request.role.domain'} eq $ccdomain) {
                 $r->print(&build_tools_display($ccuname,$ccdomain,'requestcourses'));
             } else {
-                $r->print(&coursereq_externaluser($ccuname,$ccdomain,
-                                                  $env{'request.role.domain'}));
+                if (&Apache::lonnet::will_trust('reqcrs',$ccdomain,$env{'request.role.domain'})) {
+                    $r->print(&coursereq_externaluser($ccuname,$ccdomain,
+                                                      $env{'request.role.domain'}));
+                }
             }
             $r->print(&Apache::loncommon::end_data_table());
         }
@@ -2101,11 +2145,20 @@ sub new_domain_roles {
     '<th>'.&mt('Start').'</th><th>'.&mt('End').'</th>'.
     &Apache::loncommon::end_data_table_header_row();
     my @allroles = &Apache::lonuserutils::roles_by_context('domain');
+    my $uprimary = &Apache::lonnet::domain($env{'request.role.domain'},'primary');
+    my $uintdom = &Apache::lonnet::internet_dom($uprimary);
     foreach my $thisdomain (sort(&Apache::lonnet::all_domains())) {
         foreach my $role (@allroles) {
             next if ($role eq 'ad');
             next if (($role eq 'au') && ($ccdomain ne $thisdomain));
             if (&Apache::lonnet::allowed('c'.$role,$thisdomain)) {
+               if ($role eq 'dc') {
+                   unless ($thisdomain eq $env{'request.role.domain'}) {
+                       my $domprim = &Apache::lonnet::domain($thisdomain,'primary');
+                       my $intdom = &Apache::lonnet::internet_dom($domprim);
+                       next unless ($uintdom eq $intdom);
+                   }
+               }
                my $plrole=&Apache::lonnet::plaintext($role);
                my %lt=&Apache::lonlocal::texthash(
                     'ssd'  => "Set Start Date",
@@ -2318,7 +2371,7 @@ sub modify_login_block {
 
 sub personal_data_display {
     my ($ccuname,$ccdomain,$newuser,$context,$inst_results,$rolesarray,
-        $now,$captchaform,$emailusername,$usertype) = @_;
+        $now,$captchaform,$emailusername,$usertype,$usernameset,$condition,$excluded) = @_;
     my ($output,%userenv,%canmodify,%canmodify_status);
     my @userinfo = ('firstname','middlename','lastname','generation',
                     'permanentemail','id');
@@ -2345,6 +2398,7 @@ sub personal_data_display {
                 'inststatus'     => "Affiliation",
                 'email'          => 'E-mail address',
                 'valid'          => 'Validation',
+                'username'       => 'Username',
     );
 
     %canmodify_status =
@@ -2363,7 +2417,7 @@ sub personal_data_display {
             if (ref($emailusername) eq 'HASH') {
                 if (ref($emailusername->{$usertype}) eq 'HASH') {
                     my ($infofields,$infotitles) = &Apache::loncommon::emailusername_info();
-                    @userinfo = ();          
+                    @userinfo = ();
                     if ((ref($infofields) eq 'ARRAY') && (ref($infotitles) eq 'HASH')) {
                         foreach my $field (@{$infofields}) { 
                             if ($emailusername->{$usertype}->{$field}) {
@@ -2393,9 +2447,38 @@ sub personal_data_display {
     $output = '<h3>'.$lt{'pd'}.'</h3>'.
               &Apache::lonhtmlcommon::start_pick_box();
     if (($context eq 'selfcreate') && ($newuser eq 'email')) {
+        my $size = 25;
+        if ($condition) {
+            if ($condition =~ /^\@[^\@]+$/) {
+                $size = 10;
+            } else {
+                undef($condition);
+            }
+        } 
+        if ($excluded) {
+            unless ($excluded =~ /^\@[^\@]+$/) {
+                undef($condition);
+            }
+        }
         $output .= &Apache::lonhtmlcommon::row_title($lt{'email'}.'<b>*</b>',undef,
                                                      'LC_oddrow_value')."\n".
-                   '<input type="text" name="uname" size="25" value="" autocomplete="off" />';
+                   '<input type="text" name="uname" size="'.$size.'" value="" autocomplete="off" />';
+        if ($condition) {
+            $output .= $condition;
+        } elsif ($excluded) {
+            $output .= '<br /><span style="font-size: smaller">'.&mt('You must use an e-mail address that does not end with [_1]',
+                                                                     $excluded).'</span>';
+        }
+        if ($usernameset eq 'first') {
+            $output .= '<br /><span style="font-size: smaller">';
+            if ($condition) {
+                $output .= &mt('Your username in LON-CAPA will be the part of your e-mail address before [_1]',
+                                      $condition);
+            } else {
+                $output .= &mt('Your username in LON-CAPA will be the part of your e-mail address before the @');
+            }
+            $output .= '</span>';
+        }
         $rowcount ++;
         $output .= &Apache::lonhtmlcommon::row_closure(1);
         my $upassone = '<input type="password" name="upass'.$now.'" size="20" autocomplete="off" />';
@@ -2410,6 +2493,19 @@ sub personal_data_display {
                                                      'LC_oddrow_value')."\n".
                    $upasstwo.
                    &Apache::lonhtmlcommon::row_closure()."\n";
+        if ($usernameset eq 'free') {
+            my $onclick = "toggleUsernameDisp(this,'selfcreateusername');"; 
+            $output .= &Apache::lonhtmlcommon::row_title($lt{'username'},undef,'LC_oddrow_value')."\n".
+                       &mt('Use e-mail address: ').
+                       '<label><input type="radio" name="emailused" value="1" checked="checked" onclick="'.$onclick.'" />'.&mt('Yes').'</label>'."\n".
+                       ('&nbsp;'x2).
+                       '<label><input type="radio" name="emailused" value="0" onclick="'.$onclick.'" />'.&mt('No').'</label>'."\n".
+                       '<div id="selfcreateusername" style="display: none; font-size: smaller">'.
+                       '<br /><span class="LC_nobreak">'.&mt('Preferred username').
+                       '&nbsp;<input type="text" name="username" value="" size="20" autocomplete="off"/>'.
+                       '</span></div>'."\n".&Apache::lonhtmlcommon::row_closure(1);
+            $rowcount ++;
+        }
     }
     foreach my $item (@userinfo) {
         my $rowtitle = $lt{$item};
@@ -2641,6 +2737,10 @@ sub update_user_data {
     my $helpitem = 'Course_Change_Privileges';
     if ($env{'form.action'} eq 'singlestudent') {
         $helpitem = 'Course_Add_Student';
+    } elsif ($context eq 'author') {
+        $helpitem = 'Author_Change_Privileges';
+    } elsif ($context eq 'domain') {
+        $helpitem = 'Domain_Change_Privileges';
     }
     push(@{$brcrum}, 
             {href => "javascript:backPage(document.userupdate,'$env{'form.prevphase'}','modify')",
@@ -4305,9 +4405,9 @@ sub build_roles {
 # ========================================================== Custom Role Editor
 
 sub custom_role_editor {
-    my ($r,$brcrum,$prefix) = @_;
+    my ($r,$context,$brcrum,$prefix,$permission) = @_;
     my $action = $env{'form.customroleaction'};
-    my $rolename; 
+    my ($rolename,$helpitem);
     if ($action eq 'new') {
         $rolename=$env{'form.newrolename'};
     } else {
@@ -4318,14 +4418,17 @@ sub custom_role_editor {
     if ($env{'request.course.id'}) {
         $crstype = &Apache::loncommon::course_type();
         $context = 'course';
+        $helpitem = 'Course_Editing_Custom_Roles';
     } else {
         $context = 'domain';
         $crstype = 'course';
+        $helpitem = 'Domain_Editing_Custom_Roles';
     }
 
     $rolename=~s/[^A-Za-z0-9]//gs;
     if (!$rolename || $env{'form.phase'} eq 'pickrole') {
-	&print_username_entry_form($r,undef,undef,undef,undef,$crstype,$brcrum);
+	&print_username_entry_form($r,$context,undef,undef,undef,$crstype,$brcrum,
+                                   $permission);
         return;
     }
 
@@ -4380,7 +4483,7 @@ sub custom_role_editor {
                text => "Edit custom role",
                faq  => 282,
                bug  => 'Instructor Interface',
-               help => 'Course_Editing_Custom_Roles'}
+               help => $helpitem}
               );
     my $args = { bread_crumbs          => $brcrum,
                  bread_crumbs_component => 'User Management'};
@@ -4407,11 +4510,11 @@ ENDCCF
 
 # ---------------------------------------------------------- Call to definerole
 sub set_custom_role {
-    my ($r,$context,$brcrum,$prefix) = @_;
+    my ($r,$context,$brcrum,$prefix,$permission) = @_;
     my $rolename=$env{'form.rolename'};
     $rolename=~s/[^A-Za-z0-9]//gs;
     if (!$rolename) {
-	&custom_role_editor($r,$brcrum,$prefix);
+	&custom_role_editor($r,$context,$brcrum,$prefix,$permission);
         return;
     }
     my ($jsback,$elements) = &crumb_utilities();
@@ -4420,6 +4523,10 @@ sub set_custom_role {
                  .$jsback."\n"
                  .'// ]]>'."\n"
                  .'</script>'."\n";
+    my $helpitem = 'Course_Editing_Custom_Roles';
+    if ($context eq 'domain') {
+        $helpitem = 'Domain_Editing_Custom_Roles';
+    }
     push(@{$brcrum},
         {href => "javascript:backPage(document.customresult,'pickrole','')",
          text => "Pick custom role",
@@ -4433,7 +4540,7 @@ sub set_custom_role {
          text => "Result",
          faq  => 282,
          bug  => 'Instructor Interface',
-         help => 'Course_Editing_Custom_Roles'},
+         help => $helpitem,}
         );
     my $args = { bread_crumbs           => $brcrum,
                  bread_crumbs_component => 'User Management'};
@@ -4504,7 +4611,8 @@ sub handler {
        $r->send_http_header;
        return OK;
     }
-    my ($context,$crstype);
+    my ($context,$crstype,$cid,$cnum,$cdom,$allhelpitems);
+
     if ($env{'request.course.id'}) {
         $context = 'course';
         $crstype = &Apache::loncommon::course_type();
@@ -4514,6 +4622,69 @@ sub handler {
         $context = 'domain';
     }
 
+    my ($permission,$allowed) =
+        &Apache::lonuserutils::get_permission($context,$crstype);
+
+    if ($allowed) {
+        my @allhelp;
+        if ($context eq 'course') {
+            $cid = $env{'request.course.id'};
+            $cdom = $env{'course.'.$cid.'.domain'};
+            $cnum = $env{'course.'.$cid.'.num'};
+
+            if ($permission->{'cusr'}) {
+                push(@allhelp,'Course_Create_Class_List');
+            }
+            if ($permission->{'view'} || $permission->{'cusr'}) {
+                push(@allhelp,('Course_Change_Privileges','Course_View_Class_List'));
+            }
+            if ($permission->{'custom'}) {
+                push(@allhelp,'Course_Editing_Custom_Roles');
+            }
+            if ($permission->{'cusr'}) {
+                push(@allhelp,('Course_Add_Student','Course_Drop_Student'));
+            }
+            unless ($permission->{'cusr_section'}) {
+                if (&Apache::lonnet::auto_run($cnum,$cdom) && (($permission->{'cusr'}) || ($permission->{'view'}))) {
+                    push(@allhelp,'Course_Automated_Enrollment');
+                }
+                if ($permission->{'selfenrolladmin'}) {
+                    push(@allhelp,'Course_Approve_Selfenroll');
+                }
+            }
+            if ($permission->{'grp_manage'}) {
+                push(@allhelp,'Course_Manage_Group');
+            }
+            if ($permission->{'view'} || $permission->{'cusr'}) {
+                push(@allhelp,'Course_User_Logs');
+            }
+        } elsif ($context eq 'author') {
+            push(@allhelp,('Author_Change_Privileges','Author_Create_Coauthor_List',
+                           'Author_View_Coauthor_List','Author_User_Logs'));
+        } else {
+            if ($permission->{'cusr'}) {
+                push(@allhelp,'Domain_Change_Privileges');
+                if ($permission->{'activity'}) {
+                    push(@allhelp,'Domain_User_Access_Logs');
+                }
+                push(@allhelp,('Domain_Create_Users','Domain_View_Users_List'));
+                if ($permission->{'custom'}) {
+                    push(@allhelp,'Domain_Editing_Custom_Roles');
+                }
+                push(@allhelp,('Domain_Role_Approvals','Domain_Username_Approvals','Domain_Change_Logs'));
+            } elsif ($permission->{'view'}) {
+                push(@allhelp,'Domain_View_Privileges');
+                if ($permission->{'activity'}) {
+                    push(@allhelp,'Domain_User_Access_Logs');
+                }
+                push(@allhelp,('Domain_View_Users_List','Domain_Change_Logs'));
+            }
+        }
+        if (@allhelp) {
+            $allhelpitems = join(',',@allhelp);
+        }
+    }
+
     &Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'},
         ['action','state','callingform','roletype','showrole','bulkaction','popup','phase',
          'username','domain','srchterm','srchdomain','srchin','srchby','srchtype','queue']);
@@ -4524,13 +4695,9 @@ sub handler {
     if (($env{'form.action'} ne 'dateselect') && ($env{'form.action'} ne 'displayuserreq')) {
         $brcrum = [{href=>"/adm/createuser",
                     text=>"User Management",
-                    help=>'Course_Create_Class_List,Course_Change_Privileges,Course_View_Class_List,Course_Editing_Custom_Roles,Course_Add_Student,Course_Drop_Student,Course_Automated_Enrollment,Course_Self_Enrollment,Course_Manage_Group'}
+                    help=>$allhelpitems}
                   ];
     }
-    #SD Following files not added to help, because the corresponding .tex-files seem to
-    #be missing: Course_Approve_Selfenroll,Course_User_Logs,
-    my ($permission,$allowed) = 
-        &Apache::lonuserutils::get_permission($context,$crstype);
     if (!$allowed) {
         if ($context eq 'course') {
             $r->internal_redirect('/adm/viewclasslist');
@@ -4562,10 +4729,16 @@ sub handler {
         $r->print(&header(undef,$args));
         $r->print(&print_main_menu($permission,$context,$crstype));
     } elsif ($env{'form.action'} eq 'upload' && $permission->{'cusr'}) {
+        my $helpitem = 'Course_Create_Class_List';
+        if ($context eq 'author') {
+            $helpitem = 'Author_Create_Coauthor_List';
+        } elsif ($context eq 'domain') {
+            $helpitem = 'Domain_Create_Users';
+        }
         push(@{$brcrum},
               { href => '/adm/createuser?action=upload&state=',
                 text => 'Upload Users List',
-                help => 'Course_Create_Class_List',
+                help => $helpitem,
               });
         $bread_crumbs_component = 'Upload Users List';
         $args = {bread_crumbs           => $brcrum,
@@ -4587,6 +4760,7 @@ sub handler {
         } else {
             &Apache::lonuserutils::print_first_users_upload_form($r,$context);
         }
+        $r->print('</form>');
     } elsif (((($env{'form.action'} eq 'singleuser') || ($env{'form.action'}
               eq 'singlestudent')) && ($permission->{'cusr'})) ||
              (($env{'form.action'} eq 'singleuser') && ($permission->{'view'})) ||
@@ -4610,7 +4784,7 @@ sub handler {
                        .'</span>';
                     $env{'form.phase'} = '';
                     &print_username_entry_form($r,$context,$response,$srch,undef,
-                                               $crstype,$brcrum,$showcredits);
+                                               $crstype,$brcrum,$permission);
                 } else {
                     my $ccuname =&LONCAPA::clean_username($srch->{'srchterm'});
                     my $ccdomain=&LONCAPA::clean_domain($srch->{'srchdomain'});
@@ -4655,7 +4829,8 @@ sub handler {
                             #    }
                             #}
                             &print_username_entry_form($r,$context,$response,$srch,
-                                                       $forcenewuser,$crstype,$brcrum);
+                                                       $forcenewuser,$crstype,$brcrum,
+                                                       $permission);
                         } else {
                             &print_useraccesslogs_display($r,$ccuname,$ccdomain,$permission,$brcrum);
                         }
@@ -4672,7 +4847,8 @@ sub handler {
                 } else {
                     $env{'form.phase'} = '';
                     &print_username_entry_form($r,$context,$response,$srch,
-                                               $forcenewuser,$crstype,$brcrum);
+                                               $forcenewuser,$crstype,$brcrum,
+                                               $permission);
                 }
             } elsif ($env{'form.phase'} eq 'userpicked') {
                 my $ccuname = &LONCAPA::clean_username($env{'form.seluname'});
@@ -4693,14 +4869,14 @@ sub handler {
             &update_user_data($r,$context,$crstype,$brcrum,$showcredits);
         } else {
             &print_username_entry_form($r,$context,undef,$srch,undef,$crstype,
-                                       $brcrum);
+                                       $brcrum,$permission);
         }
     } elsif ($env{'form.action'} eq 'custom' && $permission->{'custom'}) {
         my $prefix;
         if ($env{'form.phase'} eq 'set_custom_roles') {
-            &set_custom_role($r,$context,$brcrum,$prefix);
+            &set_custom_role($r,$context,$brcrum,$prefix,$permission);
         } else {
-            &custom_role_editor($r,$brcrum,$prefix);
+            &custom_role_editor($r,$context,$brcrum,$prefix,$permission);
         }
     } elsif (($env{'form.action'} eq 'processauthorreq') &&
              ($permission->{'cusr'}) && 
@@ -4806,56 +4982,92 @@ sub handler {
                             unless ($usertype) {
                                 $usertype = 'default';
                             }
+                            my ($showstatus,$showemail,$pickstart);
+                            my $numextras = 0;
+                            my ($othertitle,$usertypes,$types) = &Apache::loncommon::sorted_inst_types($dom);
+                            if ((ref($types) eq 'ARRAY') && (@{$types} > 0)) {
+                                if (ref($usertypes) eq 'HASH') {
+                                    if ($usertypes->{$usertype}) {
+                                        $showstatus = $usertypes->{$usertype};
+                                    } else {
+                                        $showstatus = $othertitle;
+                                    }
+                                    if ($showstatus) {
+                                        $numextras ++;
+                                    }
+                                }
+                            }
+                            if (($info{$uname}{'email'} ne '') && ($info{$uname}{'email'} ne $uname)) {
+                                $showemail = $info{$uname}{'email'};
+                                $numextras ++;
+                            }
                             if (ref($domconfig{'usercreation'}{'cancreate'}{'emailusername'}{$usertype}) eq 'HASH') {
                                 if ((ref($infofields) eq 'ARRAY') && (ref($infotitles) eq 'HASH')) {
+                                    $pickstart = 1;
                                     $r->print('<div>'.&Apache::lonhtmlcommon::start_pick_box());
-                                    my ($num,$count,$showstatus);
+                                    my ($num,$count);
                                     $count = scalar(keys(%{$domconfig{'usercreation'}{'cancreate'}{'emailusername'}{$usertype}}));
-                                    unless ($usertype eq 'default') {
-                                        my ($othertitle,$usertypes,$types) = 
-                                            &Apache::loncommon::sorted_inst_types($dom);
-                                        if (ref($usertypes) eq 'HASH') {
-                                            if ($usertypes->{$usertype}) {
-                                                $showstatus = $usertypes->{$usertype};
-                                                $count ++;
-                                            }
-                                        }
-                                    }
+                                    $count += $numextras;
                                     foreach my $field (@{$infofields}) {
                                         next unless ($domconfig{'usercreation'}{'cancreate'}{'emailusername'}{$usertype}{$field});
                                         next unless ($infotitles->{$field});
                                         $r->print(&Apache::lonhtmlcommon::row_title($infotitles->{$field}).
                                                   $info{$uname}{$field});
                                         $num ++;
-                                        if ($count == $num) {
-                                            $r->print(&Apache::lonhtmlcommon::row_closure(1));
-                                        } else {
+                                        unless ($count == $num) {
                                             $r->print(&Apache::lonhtmlcommon::row_closure());
                                         }
                                     }
-                                    if ($showstatus) {
-                                        $r->print(&Apache::lonhtmlcommon::row_title(&mt('Status type (self-reported)')).
-                                                  $showstatus.
-                                                  &Apache::lonhtmlcommon::row_closure(1));
+                                }
+                            }
+                            if ($numextras) {
+                                unless ($pickstart) {
+                                    $r->print('<div>'.&Apache::lonhtmlcommon::start_pick_box());
+                                    $pickstart = 1;
+                                }
+                                if ($showemail) {
+                                    my $closure = '';
+                                    unless ($showstatus) {
+                                        $closure = 1;
                                     }
-                                    $r->print(&Apache::lonhtmlcommon::end_pick_box().'</div>');
+                                    $r->print(&Apache::lonhtmlcommon::row_title(&mt('E-mail address')).
+                                              $showemail.
+                                              &Apache::lonhtmlcommon::row_closure($closure));
+                                }
+                                if ($showstatus) {
+                                    $r->print(&Apache::lonhtmlcommon::row_title(&mt('Status type[_1](self-reported)','<br />')).
+                                              $showstatus.
+                                              &Apache::lonhtmlcommon::row_closure(1));
                                 }
                             }
+                            if ($pickstart) { 
+                                $r->print(&Apache::lonhtmlcommon::end_pick_box().'</div>');
+                            } else {
+                                $r->print('<div>'.&mt('No information to display for this account request.').'</div>');
+                            }
+                        } else {
+                            $r->print('<div>'.&mt('No information available for this account request.').'</div>');
                         }
                     }
                 }
             }
-            $r->print(&close_popup_form());
         }
+        $r->print(&close_popup_form());
     } elsif (($env{'form.action'} eq 'listusers') && 
              ($permission->{'view'} || $permission->{'cusr'})) {
+        my $helpitem = 'Course_View_Class_List';
+        if ($context eq 'author') {
+            $helpitem = 'Author_View_Coauthor_List';
+        } elsif ($context eq 'domain') {
+            $helpitem = 'Domain_View_Users_List';
+        }
         if ($env{'form.phase'} eq 'bulkchange') {
             push(@{$brcrum},
                     {href => '/adm/createuser?action=listusers',
                      text => "List Users"},
                     {href => "/adm/createuser",
                      text => "Result",
-                     help => 'Course_View_Class_List'});
+                     help => $helpitem});
             $bread_crumbs_component = 'Update Users';
             $args = {bread_crumbs           => $brcrum,
                      bread_crumbs_component => $bread_crumbs_component};
@@ -4872,7 +5084,7 @@ sub handler {
             push(@{$brcrum},
                     {href => '/adm/createuser?action=listusers',
                      text => "List Users",
-                     help => 'Course_View_Class_List'});
+                     help => $helpitem});
             $bread_crumbs_component = 'List Users';
             $args = {bread_crumbs           => $brcrum,
                      bread_crumbs_component => $bread_crumbs_component};
@@ -4953,9 +5165,6 @@ sub handler {
         }
     } elsif ($env{'form.action'} eq 'selfenroll') {
         if ($permission->{selfenrolladmin}) {
-            my $cid = $env{'request.course.id'};
-            my $cdom = $env{'course.'.$cid.'.domain'};
-            my $cnum = $env{'course.'.$cid.'.num'};
             my %currsettings = (
                 selfenroll_types              => $env{'course.'.$cid.'.internal.selfenroll_types'},
                 selfenroll_registered         => $env{'course.'.$cid.'.internal.selfenroll_registered'},
@@ -5001,21 +5210,18 @@ sub handler {
             push(@{$brcrum},
                      {href => '/adm/createuser?action=selfenrollqueue',
                       text => 'Enrollment requests',
-                      help => 'Course_Self_Enrollment'});
+                      help => 'Course_Approve_Selfenroll'});
             $bread_crumbs_component = 'Enrollment requests';
             if ($env{'form.state'} eq 'done') {
                 push(@{$brcrum},
                          {href => '/adm/createuser?action=selfenrollqueue',
                           text => 'Result',
-                          help => 'Course_Self_Enrollment'});
+                          help => 'Course_Approve_Selfenroll'});
                 $bread_crumbs_component = 'Enrollment result';
             }
             $args = { bread_crumbs           => $brcrum,
                       bread_crumbs_component => $bread_crumbs_component};
             $r->print(&header(undef,$args));
-            my $cid = $env{'request.course.id'};
-            my $cdom = $env{'course.'.$cid.'.domain'};
-            my $cnum = $env{'course.'.$cid.'.num'};
             my $coursedesc = $env{'course.'.$cid.'.description'};
             if (!exists($env{'form.state'})) {
                 $r->print('<h3>'.&mt('Pending enrollment requests').'</h3>'."\n");
@@ -5716,12 +5922,13 @@ function validate_types(form) {
 }
 
 function check_types(num,countfail,needaction) {
-    var typeidx = getIndexByName('selfenroll_types_'+num);
+    var boxname = 'selfenroll_types_'+num;
+    var typeidx = getIndexByName(boxname);
     var count = 0;
     if (typeidx != -1) {
-        if (document.$formname.elements[typeidx].length) {
-            for (var k=0; k<document.$formname.elements[typeidx].length; k++) {
-                if (document.$formname.elements[typeidx][k].checked) {
+        if (document.$formname.elements[boxname].length) {
+            for (var k=0; k<document.$formname.elements[boxname].length; k++) {
+                if (document.$formname.elements[boxname][k].checked) {
                     count ++;
                 }
             }
@@ -5942,10 +6149,11 @@ ENDSCRIPT
                 } elsif ($curr_types eq '') {
                     $add_domtitle = &mt('Users in other domain:');
                 }
+                my ($trusted,$untrusted) = &Apache::lonnet::trusted_domains('enroll',$cdom);
                 $output .= &Apache::loncommon::start_data_table_row()
                            .'<td colspan="2"><span class="LC_nobreak">'.$add_domtitle.'</span><br />'
                            .&Apache::loncommon::select_dom_form('','selfenroll_newdom',
-                                                                $includeempty,$showdomdesc,'','','',$readonly)
+                                                                $includeempty,$showdomdesc,'',$trusted,$untrusted,$readonly)
                            .'<input type="hidden" name="selfenroll_types_total" value="'.$num.'" />'
                            .'</td>'.&Apache::loncommon::end_data_table_row()
                            .&Apache::loncommon::end_data_table();
@@ -6484,6 +6692,10 @@ sub print_userchangelogs_display {
     my $helpitem;
     if ($context eq 'course') {
         $helpitem = 'Course_User_Logs';
+    } elsif ($context eq 'domain') {
+        $helpitem = 'Domain_Role_Logs';
+    } elsif ($context eq 'author') {
+        $helpitem = 'Author_User_Logs';
     }
     push (@{$brcrum},
              {href => '/adm/createuser?action=changelogs',
@@ -6765,6 +6977,24 @@ ENDSCRIPT
         return;
     }
 
+    if (&Apache::lonnet::privileged($uname,$udom,
+                                    [$env{'request.role.domain'}],['dc','su'])) {
+        unless (&Apache::lonnet::privileged($env{'user.name'},$env{'user.domain'},
+                                            [$env{'request.role.domain'}],['dc','su'])) {
+            $r->print('<p class="LC_warning">'
+                 .&mt('You need to be a privileged user to display user access logs for [_1]',
+                      &Apache::loncommon::aboutmewrapper(&Apache::loncommon::plainname($uname,$udom),
+                                                         $uname,$udom))
+                 .'</p>');
+            if ($env{'form.popup'}) {
+                $r->print('<p><a href="javascript:window.close()">'.&mt('Close window').'</a></p>');
+            } else {
+                $r->print(&earlyout_accesslog_form($formname,$prevphasestr,$udom));
+            }
+            return;
+        }
+    }
+
 # set defaults
     my $now = time();
     my $defstart = $now - (7*24*3600);
@@ -6851,7 +7081,7 @@ ENDSCRIPT
                 $showntableheader = 1;
             }
             my ($shown,$extra);
-            my ($event,$data) = split(/\s+/,&unescape($event));
+            my ($event,$data) = split(/\s+/,&unescape($event),2);
             if ($event eq 'Role') {
                 my ($rolecode,$extent) = split(/\./,$data,2);
                 next if ($extent eq '');
@@ -6903,8 +7133,17 @@ ENDSCRIPT
                 $shown = &mt('Role selection: [_1]',$rolename);
             } else {
                 $shown = &mt($event);
-                if ($data ne '') {
-                   $extra = &mt('Client IP address: [_1]',$data);
+                if ($data =~ /^webdav/) {
+                    my ($path,$clientip) = split(/\s+/,$data,2);
+                    $path =~ s/^webdav//;
+                    if ($clientip ne '') {
+                        $extra = &mt('Client IP address: [_1]',$clientip);
+                    }
+                    if ($path ne '') {
+                        $shown .= ' '.&mt('(WebDAV access to [_1])',$path);
+                    }
+                } elsif ($data ne '') {
+                    $extra = &mt('Client IP address: [_1]',$data);
                 }
             }
             $r->print(
@@ -7207,7 +7446,7 @@ sub print_helpdeskaccess_display {
     my $confname = $cdom.'-domainconfig';
     my $crstype = &Apache::loncommon::course_type();
 
-    my @accesstypes = ('all','none');
+    my @accesstypes = ('all','dh','da','none');
     my ($numstatustypes,@jsarray);
     my ($othertitle,$usertypes,$types) = &Apache::loncommon::sorted_inst_types($cdom);
     if (ref($types) eq 'ARRAY') {
@@ -7416,7 +7655,9 @@ ENDJS
                     'rou'    => 'Role usage',
                     'whi'    => 'Which helpdesk personnel may use this role?',
                     'udd'    => 'Use domain default',
-                    'all'    => 'All',
+                    'all'    => 'All with domain helpdesk or helpdesk assistant role',
+                    'dh'     => 'All with domain helpdesk role',
+                    'da'     => 'All with domain helpdesk assistant role',
                     'none'   => 'None',
                     'status' => 'Determined based on institutional status',
                     'inc'    => 'Include all, but exclude specific personnel',
@@ -7659,6 +7900,10 @@ sub domain_adhoc_access {
                 }
             } elsif ($access eq 'none') {
                 $domusage{$role} = &mt('No one in the domain');
+            } elsif ($access eq 'dh') {
+                $domusage{$role} = &mt('Any user in domain with active [_1] role',&Apache::lonnet::plaintext('dh'));
+            } elsif ($access eq 'da') {
+                $domusage{$role} = &mt('Any user in domain with active [_1] role',&Apache::lonnet::plaintext('da'));
             } elsif ($access eq 'all') {
                 $domusage{$role} = &mt('Any user in domain with active [_1] or [_2] role',
                                        &Apache::lonnet::plaintext('dh'),&Apache::lonnet::plaintext('da'));
@@ -7846,7 +8091,7 @@ sub update_helpdeskaccess {
         $r->print('<p class="LC_error">'.&mt('You do not have permission to change helpdesk access.').'</p>');
         return;
     }
-    my @accesstypes = ('all','none','status','inc','exc');
+    my @accesstypes = ('all','dh','da','none','status','inc','exc');
     my $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'};
     my $cnum = $env{'course.'.$env{'request.course.id'}.'.num'};
     my $confname = $cdom.'-domainconfig';
@@ -8097,6 +8342,12 @@ sub update_helpdeskaccess {
                         if ($env{'form.'.$role.'_incrs'}) {
                             if ($newsettings{$role}{'access'} eq 'all') {
                                 $r->print(&mt('All helpdesk staff can access '.lc($crstype).' with this role.'));
+                            } elsif ($newsettings{$role}{'access'} eq 'dh') {
+                                $r->print(&mt('Helpdesk staff can use this role if they have an active [_1] role',
+                                              &Apache::lonnet::plaintext('dh')));
+                            } elsif ($newsettings{$role}{'access'} eq 'da') {
+                                $r->print(&mt('Helpdesk staff can use this role if they have an active [_1] role',
+                                              &Apache::lonnet::plaintext('da')));
                             } elsif ($newsettings{$role}{'access'} eq 'none') {
                                 $r->print(&mt('No helpdesk staff can access '.lc($crstype).' with this role.'));
                             } elsif ($newsettings{$role}{'access'} eq 'status') {
@@ -8212,18 +8463,18 @@ sub user_search_result {
             my $domd_chk = &domdirectorysrch_check($srch);
             $response .= '<span class="LC_warning">'.$instd_chk.'</span><br />';
             if ($domd_chk eq 'ok') {
-                $response .= &mt('You may want to search in the LON-CAPA domain instead of the institutional directory.');
+                $response .= &mt('You may want to search in the LON-CAPA domain instead of in the institutional directory.');
             }
             $response .= '<br />';
         }
     } else {
         unless (($context eq 'requestcrs') && ($srch->{'srchtype'} eq 'exact')) {
             my $domd_chk = &domdirectorysrch_check($srch);
-            if ($domd_chk ne 'ok') {
+            if (($domd_chk ne 'ok') && ($env{'form.action'} ne 'accesslogs')) {
                 my $instd_chk = &instdirectorysrch_check($srch);
                 $response .= '<span class="LC_warning">'.$domd_chk.'</span><br />';
                 if ($instd_chk eq 'ok') {
-                    $response .= &mt('You may want to search in the institutional directory instead of the LON-CAPA domain.');
+                    $response .= &mt('You may want to search in the institutional directory instead of in the LON-CAPA domain.');
                 }
                 $response .= '<br />';
             }
@@ -8324,7 +8575,7 @@ sub user_search_result {
                 $response = '<span class="LC_warning">'.
                     &mt('Institutional directory search is not available in domain: [_1]',$showdom).
                     '</span><br />'.
-                    &mt('You may want to search in the LON-CAPA domain instead of the institutional directory.').
+                    &mt('You may want to search in the LON-CAPA domain instead of in the institutional directory.').
                     '<br />'; 
             }
         }
@@ -8397,7 +8648,7 @@ sub user_search_result {
                 $response = '<span class="LC_warning">'.
                     &mt('Institutional directory search is not available in domain: [_1]',$showdom).
                     '</span><br />'.
-                    &mt('You may want to search in the LON-CAPA domain instead of the institutional directory.').
+                    &mt('You may want to search in the LON-CAPA domain instead of in the institutional directory.').
                     '<br />';
             }
         }
@@ -8570,7 +8821,7 @@ sub build_search_response {
             if ($srch->{'srchin'} ne 'alc') {
                 $forcenewuser = 1;
                 my $cansrchinst = 0; 
-                if ($srch->{'srchdomain'}) {
+                if (($srch->{'srchdomain'}) && ($env{'form.action'} ne 'accesslogs')) {
                     my %domconfig = &Apache::lonnet::get_dom('configuration',['directorysrch'],$srch->{'srchdomain'});
                     if (ref($domconfig{'directorysrch'}) eq 'HASH') {
                         if ($domconfig{'directorysrch'}{'available'}) {