--- loncom/interface/lonuserutils.pm	2023/10/02 21:01:21	1.217
+++ loncom/interface/lonuserutils.pm	2023/11/03 01:12:15	1.218
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Utility functions for managing LON-CAPA user accounts
 #
-# $Id: lonuserutils.pm,v 1.217 2023/10/02 21:01:21 raeburn Exp $
+# $Id: lonuserutils.pm,v 1.218 2023/11/03 01:12:15 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -115,7 +115,11 @@ sub modifyuserrole {
     } elsif ($context eq 'domain') {
         $scope = '/'.$env{'request.role.domain'}.'/';
     } elsif ($context eq 'author') {
-        $scope =  '/'.$env{'user.domain'}.'/'.$env{'user.name'};
+        if ($env{'request.role'} =~ m{^ca\.(/$match_domain/$match_username)$}) {
+            $scope = $1;
+        } else {
+            $scope =  '/'.$env{'user.domain'}.'/'.$env{'user.name'};
+        }
     }
     if ($context eq 'domain') {
         my $uhome = &Apache::lonnet::homeserver($uname,$udom);
@@ -2048,6 +2052,14 @@ sub construction_space_roles {
         foreach my $role (@allroles) {
             if (&Apache::lonnet::allowed('c'.$role,$env{'user.domain'}.'/'.$env{'user.name'})) { 
                 push(@roles,$role); 
+            } elsif ($env{'request.role'} =~ m{^ca\./($match_domain)/($match_username)$}) {
+                my ($audom,$auname) = ($1,$2);
+                if (($role eq 'ca') || ($role eq 'aa')) {
+                    if ((&Apache::lonnet::allowed('v'.$role,,$audom.'/'.$auname)) &&
+                        ($env{"environment.internal.manager./$audom/$auname"})) {
+                        push(@roles,$role);
+                    }
+                }
             }
         }
         return @roles;
@@ -2305,12 +2317,31 @@ sub print_userlist {
     } else {
         my (%cstr_roles,%dom_roles);
         if ($context eq 'author') {
-            # List co-authors and assistant co-authors
             my @possroles = &roles_by_context($context);
-            %cstr_roles = &Apache::lonnet::get_my_roles(undef,undef,undef,
-                                              \@statuses,\@possroles);
-            &gather_userinfo($context,$format,\%userlist,$indexhash,\%userinfo,
-                             \%cstr_roles,$permission);
+            my @allowedroles;
+            # List co-authors and assistant co-authors
+            my ($auname,$audom);
+            if ($env{'request.role'} =~ m{^ca\./($match_domain)/($match_username)$}) {
+                ($audom,$auname) = ($1,$2);
+                foreach my $role (@possroles) {
+                    if ((&Apache::lonnet::allowed('v'.$role,"$audom/$auname")) ||
+                        (&Apache::lonnet::allowed('c'.$role,"$audom/$auname"))) {
+                        push(@allowedroles,$role);
+                    }
+                }
+            } elsif ($env{'request.role'} =~ m{^au\./($match_domain)/}) {
+                if ($1 eq $env{'user.domain'}) {
+                    $auname = $env{'user.name'};
+                    $audom = $env{'user.domain'};
+                }
+                @allowedroles = @possroles;
+            }
+            if (($auname ne '') && ($audom ne '')) {
+                %cstr_roles = &Apache::lonnet::get_my_roles($auname,$audom,undef,
+                                                            \@statuses,\@allowedroles);
+                &gather_userinfo($context,$format,\%userlist,$indexhash,\%userinfo,
+                                 \%cstr_roles,$permission);
+            }
         } elsif ($context eq 'domain') {
             if ($env{'form.roletype'} eq 'domain') {
                 if (grep(/^authorusage$/,@cols)) {
@@ -6814,8 +6845,23 @@ sub get_permission {
             }
         }
     } elsif ($context eq 'author') {
-        $permission{'cusr'} = &authorpriv($env{'user.name'},$env{'request.role.domain'});
-        $permission{'view'} = $permission{'cusr'};
+        my $audom = $env{'request.role.domain'};
+        my $auname = $env{'user.name'};
+        if ((&Apache::lonnet::allowed('cca',"$audom/$auname")) ||
+            (&Apache::lonnet::allowed('caa',"$audom/$auname"))) {
+            $permission{'author'} = 1;
+            $permission{'cusr'} = 1;
+            $permission{'view'} = 1;
+        }
+    } elsif ($context eq 'coauthor') {
+        my ($audom,$auname) = ($env{'request.role'} =~ m{^ca\./($match_domain)/($match_username)$});
+        if ((&Apache::lonnet::allowed('vca',"$audom/$auname")) ||
+            (&Apache::lonnet::allowed('vaa',"$audom/$auname"))) {
+            if ($env{"environment.internal.manager./$audom/$auname"}) {
+                $permission{'cusr'} = 1;
+                $permission{'view'} = 1;
+            }
+        }
     } else {
         my @allroles = &roles_by_context($context);
         foreach my $role (@allroles) {
@@ -6844,7 +6890,7 @@ sub get_permission {
     }
     my $allowed = 0;
     foreach my $key (keys(%permission)) {
-        next if (($key eq 'owner') || ($key eq 'co-owner'));
+        next if (($key eq 'owner') || ($key eq 'co-owner') || ($key eq 'author'));
         if ($permission{$key}) { $allowed=1; last; }
     }
     return (\%permission,$allowed);
@@ -6858,6 +6904,18 @@ sub authorpriv {
          || (&Apache::lonnet::allowed('caa',$audom.'/'.$auname))) { return ''; }    return 1;
 }
 
+sub coauthorpriv {
+    my ($auname,$audom)=@_;
+    my $uname = $env{'user.name'};
+    my $udom = $env{'user.domain'};
+    if (((&Apache::lonnet::allowed('vca',"$udom/$uname")) ||
+         (&Apache::lonnet::allowed('vaa',"$udom/$uname"))) &&
+         ($env{"environment.internal.manager./$audom/$auname"})) {
+        return 1;
+    }
+    return '';
+}
+
 sub roles_on_upload {
     my ($context,$setting,$crstype,%customroles) = @_;
     my (@possible_roles,@permitted_roles);