--- loncom/interface/portfolio.pm	2006/06/20 03:13:08	1.107
+++ loncom/interface/portfolio.pm	2006/06/27 15:37:17	1.122
@@ -31,7 +31,7 @@ use Apache::lonfeedback;
 use Apache::lonlocal;
 use Apache::lonnet;
 use Apache::longroup;
-use lib '/home/httpd/lib/perl';
+use HTML::Entities;
 use LONCAPA;
 
 # receives a file name and path stub from username/userfiles/portfolio/
@@ -40,65 +40,70 @@ sub make_anchor {
     my ($url, $filename, $current_path, $current_mode, $field_name,
         $continue_select,$group) = @_;
     if ($continue_select ne 'true') {$continue_select = 'false'};
-    my $anchor = '<a href="'.$url.'?selectfile='.$filename.'&currentpath='.$current_path.'&mode='.$current_mode.'&continue='.$continue_select.'&fieldname='.$field_name;
+    my $anchor = '<a href="'.$url.'?selectfile='.$filename.'&amp;currentpath='.$current_path.'&amp;mode='.$current_mode.'&amp;continue='.$continue_select.'&amp;fieldname='.$field_name;
     if (defined($group)) {
-        $anchor .= '&group='.$group;
+        $anchor .= '&amp;group='.$group;
     }
     $anchor .= '">'.$filename.'</a>';
     return $anchor;
 }
 my $dirptr=16384;
 sub display_common {
-    my ($r,$url,$current_path,$is_empty,$dir_list,$group)=@_;
-    my $groupitem;
+    my ($r,$url,$current_path,$is_empty,$dir_list,$group,$can_upload)=@_;
     my $namespace = &get_namespace($group);
     my $port_path = &get_port_path($group);
-    if (defined($group)) {
-        $groupitem = '<input type="hidden" name="group" value="'.$group.'" />';
-    } 
-    my $iconpath= $r->dir_config('lonIconsURL') . "/";
-    my %text=&Apache::lonlocal::texthash('upload' => 'Upload',
+    if ($can_upload) {
+        my $groupitem;
+        if (defined($group)) {
+            $groupitem = '<input type="hidden" name="group" value="'.$group.'" />';
+        } 
+        my $iconpath= $r->dir_config('lonIconsURL') . "/";
+        my %text=&Apache::lonlocal::texthash(
+					 'upload' => 'Upload',
 					 'upload_label' =>  
 					 'Upload file to current directory:',
 					 'createdir' => 'Create Subdirectory',
 					 'createdir_label' => 
 					 'Create subdirectory in current directory:');
-    $r->print(<<"TABLE"); 
-<table border="0" cellspacing="2" cellpadding="2">
-  <form method="post" enctype="multipart/form-data">
-    <tr valign="middle">
-      <td bgcolor="#ccddaa" align="right">
-        $text{'upload_label'}
-      </td>
-      <td bgcolor="#ccddaa" align="left">$groupitem
+        my $escuri = &HTML::Entities::encode($r->uri,'&<>"');
+        $r->print(<<"TABLE"); 
+<table id="LC_portfolio_actions">
+  <tr id="LC_portfolio_upload">
+    <td class="LC_label">
+      $text{'upload_label'}
+    </td>
+    <td class="LC_value">
+      <form method="post" enctype="multipart/form-data" action="$escuri">
+        $groupitem 
         <input name="uploaddoc" type="file" />
 	<input type="hidden" name="currentpath" value="$current_path" />
 	<input type="hidden" name="action" value="$env{"form.action"}" />
 	<input type="hidden" name="fieldname" value="$env{"form.fieldname"}" />
 	<input type="hidden" name="mode" value="$env{"form.mode"}" />
 	<input type="submit" name="storeupl" value="$text{'upload'}" />
-      </td>
-    </tr>
-  </form>
-  <form method="post">
-    <tr>
-      <td bgcolor="#ccddaa" align="right">
-        $text{'createdir_label'}
-      </td>
-      <td bgcolor="#ccddaa" align="left">
+      </form>
+    </td>
+  </tr>
+  <tr id="LC_portfolio_createdir">
+    <td class="LC_label">
+      $text{'createdir_label'}
+    </td>
+    <td class="LC_value">
+      <form method="post" action="$escuri">
         <input name="newdir" type="input" />$groupitem
         <input type="hidden" name="currentpath" value="$current_path" />
         <input type="hidden" name="action" value="$env{"form.action"}" />
         <input type="hidden" name="fieldname" value="$env{"form.fieldname"}" />
         <input type="hidden" name="mode" value="$env{"form.mode"}" />
         <input type="submit" name="createdir" value="$text{'createdir'}" />
-      </td>
-    </tr>
-  </form>
+      </form>
+    </td>
+  </tr>
 </table>
 TABLE
+    }
     my @tree = split (/\//,$current_path);
-    $r->print('<font size="+2">'.&make_anchor($url,$port_path,'/',$env{"form.mode"},$env{"form.fieldname"},$env{"form.continue"},$group).'/');
+    $r->print('<span class="LC_current_location">'.&make_anchor($url,$port_path,'/',$env{"form.mode"},$env{"form.fieldname"},$env{"form.continue"},$group).'/');
     if (@tree > 1){
         my $newCurrentPath = '';
         for (my $i = 1; $i< @tree; $i++){
@@ -106,11 +111,11 @@ TABLE
             $r->print(&make_anchor($url,$tree[$i],'/'.$newCurrentPath, $env{"form.mode"},$env{"form.fieldname"}, $env{"form.continue"},$group).'/');
         }
     }
-    $r->print('</font>');
+    $r->print('</span>');
     &Apache::lonhtmlcommon::store_recent($namespace,$current_path,$current_path);
-    $r->print('<br /><form method=post action="'.$url.'?mode='.$env{"form.mode"}.'&fieldname='.$env{"form.fieldname"});
+    $r->print('<br /><form method="post" action="'.$url.'?mode='.$env{"form.mode"}.'&amp;fieldname='.$env{"form.fieldname"});
     if (defined($group)) {
-        $r->print('&group='.$group);
+        $r->print('&amp;group='.$group);
     }
     $r->print('">'.
 	      &Apache::lonhtmlcommon::select_recent($namespace,'currentpath',
@@ -118,7 +123,8 @@ TABLE
     $r->print("</form>");
 }
 sub display_directory {
-    my ($r,$url,$current_path,$is_empty,$dir_list,$group)=@_;
+    my ($r,$url,$current_path,$is_empty,$dir_list,$group,$can_upload,
+        $can_modify,$can_delete,$can_setacl)=@_;
     my $iconpath= $r->dir_config('lonIconsURL') . "/";
     my ($groupitem,$groupecho);
     my $display_out;
@@ -126,10 +132,15 @@ sub display_directory {
     my $checked_files;
     my $port_path = &get_port_path($group);
     my ($uname,$udom) = &get_name_dom($group);
-    if (defined($group)) {
+    my $access_admin_text = &mt('View Status');
+    if ($can_setacl) {
+        $access_admin_text = &mt('View/Change Status');
+    }
+    if ((defined($group)) && (defined($env{'request.course.id'}))) {
        $groupitem = '<input type="hidden" name="group" value="'.$group.'" />'; 
        $groupecho = '&amp;group='.$group;
     }
+
     my $current_permissions = &Apache::lonnet::get_portfile_permissions($udom,
                                                                         $uname);
     my %locked_files = &Apache::lonnet::get_marked_as_readonly_hash(
@@ -141,7 +152,7 @@ sub display_directory {
 	$checked_files =&Apache::lonnet::files_in_path($uname,$env{'form.currentpath'});
 	$select_mode = 'true';
     } 
-    if ($is_empty && ($current_path ne '/')) {
+    if ($is_empty && ($current_path ne '/') && $can_delete) {
         $display_out = '<form method="post" action="'.$url.'">'.$groupitem.
         '<input type="hidden" name="action" value="deletedir" />'.
         '<input type="submit" name="deletedir" value="'.&mt("Delete Directory").'" />'.
@@ -153,13 +164,13 @@ sub display_directory {
 	return;
     }
     if ($select_mode eq 'true') {
-        $r->print('<table border="0" cellspacing="2" cellpadding="2">'.
-            '<tr><th>Select</th><th>&nbsp;</th><th>Name</th><th>Size</th><th>Last Modified</th></tr>');
         $r->print('<form method="post" name="checkselect" action="'.$url.'">');
+        $r->print('<table id="LC_browser">'.
+            '<tr><th>Select</th><th>&nbsp;</th><th>Name</th><th>Size</th><th>Last Modified</th></tr>');
     } else {
-        $r->print('<table border="0" cellspacing="2" cellpadding="2">'.
-            '<tr><th colspan="2">Actions</th><th>&nbsp;</th><th>Name</th><th>Size</th><th>Last Modified</th><th>Current Access Status</th></tr>');
         $r->print('<form method="post" action="'.$url.'">');
+        $r->print('<table id="LC_browser">'.
+            '<tr><th colspan="2">Actions</th><th>&nbsp;</th><th>Name</th><th>Size</th><th>Last Modified</th><th>Current Access Status</th></tr>');
     }
     if (defined($group)) {
         $r->print("\n".$groupitem."\n");
@@ -189,16 +200,17 @@ sub display_directory {
         my ($fname,$version,$extension) = &Apache::grades::file_name_version_ext($filename);
     	if (($filename ne '.') && ($filename ne '..') && ($filename !~ /\.meta$/ ) && ($filename !~ /(.*)\.(\d+)\.([^\.]*)$/)) {
             if ($dirptr&$testdir) {
+		my $colspan='colspan="2"';
                 if ($select_mode eq 'true'){
-                    $r->print('<tr bgcolor="#FFAA99"><td><img src="'.$iconpath.'folder_closed.gif"></td>');
-                } else {
-                    $r->print('<tr bgcolor="#FFAA99"><td colspan="2"><img src="'.$iconpath.'folder_closed.gif"></td>');
+		    undef($colspan);
                 }
+		$r->print('<tr class="LC_browser_folder"><td '.$colspan.'><img alt="'.&mt('closed folder').'" src="'.$iconpath.'folder_closed.gif" /></td>');
                 $r->print('<td>Go to ...</td>');
                 $r->print('<td>'.&make_anchor($url,$filename.'/',$current_path.$filename.'/',$env{'form.mode'},$env{"form.fieldname"},$env{'form.continue'},$group).'</td>'); 
                 $r->print('</tr>'); 
             } else {
-                $r->print('<tr bgcolor="#CCCCFF">');
+		my $css_class = 'LC_browser_file';
+		my $line;
                 my $version_flag;
                 if (exists($versioned{$fname})) {
                    $version_flag = "*";
@@ -208,48 +220,77 @@ sub display_directory {
                my $fullpath = $current_path.$filename;
                 $fullpath = &prepend_group($fullpath,$group);
                 if ($select_mode eq 'true'){
-                    $r->print('<td><input type="checkbox" name="checkfile" value="'.$filename.'"');
-                    if ($$checked_files{$filename} eq 'selected') {
-                        $r->print("CHECKED");
+                    $line='<td><input type="checkbox" name="checkfile" value="'.$filename.'"';
+		    if ($$checked_files{$filename} eq 'selected') {
+                        $line.=" checked ";
                     }
-                    $r->print('></td>');
+		    $line.=' /></td>';
                 } else {
                     if (exists $locked_files{$fullpath}) {
-                        $r->print('<td colspan="2"><a href="'.$url.'?lockinfo='.$current_path.$filename.$groupecho.'">Locked</a></td>');
+                        $line.='<td colspan="2"><a href="'.$url.'?lockinfo='.$current_path.$filename.$groupecho.'">Locked</a></td>';
+			$css_class= 'LC_browser_file_locked';
                     } else {
-			my $cat='<img alt="'.&mt('Catalog Information').
-			    '" src="'.&Apache::loncommon::lonhttpdurl('/res/adm/pages/catalog.gif').'" />';
-                        $r->print('<td><input type="checkbox" name="selectfile" value="'.$filename.'" />
-                            <a href="'.$url.'?rename='.$filename.'&amp;currentpath='.$current_path.$groupecho.'">Rename</a></td>
-                            <td><a href="'.$href_edit_location.$filename.'.meta">'.$cat.'</a>
-                            </td>');
+                        if (!$can_modify) {
+                            $line .= '<td colspan="2">';
+                        } else {
+                            $line .= '<td>';
+                        }
+                        if ($can_delete) {
+                            $line .= '<input type="checkbox" name="selectfile" value="'.$filename.'" />';
+                        }
+                        if ($can_modify) {
+                            my $cat='<img alt="'.&mt('Catalog Information').
+                            '" src="'.&Apache::loncommon::lonhttpdurl('/res/adm/pages/catalog.gif').'" />';
+                            $line .= '<a href="'.$url.'?rename='.$filename.'&amp;currentpath='.$current_path.$groupecho.'">Rename</a>';
+                            $line .= '</td><td><a href="'.$href_edit_location.$filename.'.meta">'.$cat.'</a>';
+                        }
+                        $line .= '</td>';
                     }
+		    $r->print('<tr class="'.$css_class.'">');
+		    $r->print($line);
                 }
                 my $curr_access;
                 my $pub_access = 0;
+                my $guest_access = 0;
+                my $cond_access = 0;
                 foreach my $key (sort(keys(%{$access_controls{$fullpath}}))) {
-                    my ($scope,$end,$start) = ($key =~ /^[^:]+:([a-z]+)_(\d*)_?(\d*)$/);
+                    my ($num,$scope,$end,$start) = &unpack_acc_key($key);
                     if (($now > $start) && (!$end || $end > $now)) {
                         if ($scope eq 'public')  {
                             $pub_access = 1;
+                        } elsif ($scope eq 'guest') {
+                            $guest_access = 1;
+                        } else {
+                            $cond_access = 1;
                         }
                     }
                 }
-                if (!$pub_access) {
-                    $curr_access = 'Private'
+                if (!$pub_access && !$guest_access && !$cond_access) {
+                    $curr_access = &mt('Private');
                 } else {
-                    $curr_access = 'Public';
+                    my @allaccesses; 
+                    if ($pub_access) {
+                        push(@allaccesses,&mt('Public'));
+                    }
+                    if ($guest_access) {
+                        push(@allaccesses,&mt('Passphrase-protected'));
+                    }
+                    if ($cond_access) {
+                        push(@allaccesses,&mt('Conditional'));
+                    }
+                    $curr_access = join('+ ',@allaccesses);
                 }
-                $r->print('<td><img src="'.&Apache::loncommon::icon($filename).'"></td>');
+                $r->print('<td><img alt="" src="'.&Apache::loncommon::icon($filename).'" /></td>');
                 $r->print('<td><a href="'.$href_location.$filename.'">'.
 			    $filename.'</a></td>'); 
                 $r->print('<td>'.$size.'</td>');
                 $r->print('<td>'.&Apache::lonlocal::locallocaltime($mtime).'</td>');
-                $r->print('<td><nobr>'.&mt($curr_access).'&nbsp;&nbsp;&nbsp;'.
-                          '<a href="'.$url.'?access='.$filename.
-                          '&amp;currentpath='.$current_path.$groupecho.
-                          '">'.&mt('View/Change').'</a></nobr></td>');
-                $r->print('</tr>'); 
+                $r->print('<td><span style="white-space: nowrap">'.
+                          &mt($curr_access).'&nbsp;&nbsp;&nbsp;');
+                $r->print('<a href="'.$url.'?access='.$filename.
+                              '&amp;currentpath='.$current_path.$groupecho.
+                              '">'.$access_admin_text.'</a>');
+                $r->print('</span></td></tr>');
             }
         }
     }
@@ -263,11 +304,15 @@ sub display_directory {
             <input type="hidden" name="currentpath" value="'.$current_path.'" />
         </form>');        
     } else {
-        $r->print('</table>
+        $r->print('</table>');
+        if ($can_delete) {
+            $r->print('
         <input type="submit" name="doit" value="Delete Checked Files" />
         <input type="hidden" name="action" value="delete" />
         <input type="hidden" name="currentpath" value="'.$current_path.'" />
-        </form>');
+        </form>'
+            );
+        }
     }
 }
 
@@ -287,14 +332,20 @@ sub open_form {
 }
 
 sub close_form {
-    my ($r,$url,$group)=@_;
-    $r->print('<p><input type="submit" value="'.&mt('Continue').'" />');
+    my ($r,$url,$group,$button_text)=@_;
+    if (!defined($button_text)) {
+        $button_text = {
+                         'continue' => &mt('Continue'),
+                         'cancel'   => &mt('Cancel'),
+                       };
+    }
+    $r->print('<p><input type="submit" value="'.$button_text->{'continue'}.'" />');
     if (defined($group)) {
        $r->print("\n".'<input type="hidden" name="group" value="'.
               $group.'" />');
     }
     $r->print('</p></form>');
-    $r->print('<form action="'.$url.'" method="POST">
+    $r->print('<form action="'.$url.'" method="post">
                <p>
               <input type="hidden" name="currentpath" value="'.
 	      $env{'form.currentpath'}.'" />');
@@ -302,23 +353,27 @@ sub close_form {
        $r->print("\n".'<input type="hidden" name="group" value="'.
               $group.'" />');
     }
-    $r->print("\n".'   <input type="submit" value="'.&mt('Cancel').'" />
+    $r->print("\n".'   <input type="submit" value="'.$button_text->{'cancel'}.'" />
                </p></form>'); 
 }
 
 sub display_file {
     my ($path,$filename)=@_;
     my $display_file_text;
+    my $file_start='<span class="LC_filename">';
+    my $file_end='</span>';
     if (!defined($path)) { $path=$env{'form.currentpath'}; }
     if (!defined($filename)) { 
         $filename=$env{'form.selectfile'};
-        $display_file_text = '<tt>'.$path.$filename.'</tt>';
+        $display_file_text = $file_start.$path.$filename.$file_end;
     } elsif (ref($filename) eq "ARRAY") {
-        foreach (@$filename) {
-            $display_file_text .= '<tt>'.$path.$_.'</tt><br />';
+        foreach my $file (@$filename) {
+            $display_file_text .= $file_start.$path.$file.$file_end.'<br />';
         }
     } elsif (ref($filename) eq "SCALAR") {
-        $display_file_text = '<tt>'.$path.$filename.'</tt>';        
+        $display_file_text = $file_start.$path.$$filename.$file_end;
+    } else {
+	$display_file_text = $file_start.$path.$filename.$file_end;
     }
     return $display_file_text;
 }
@@ -372,8 +427,8 @@ sub delete_confirmed {
 					       $env{'form.currentpath'}.
 					       $delete_file);
         if ($result ne 'ok') {
-	$r->print('<font color="red"> An error occured ('.$result.
-		  ') while trying to delete '.&display_file(undef, $delete_file).'</font><br />');
+	$r->print('<span class="LC_error"> An error occured ('.$result.
+		  ') while trying to delete '.&display_file(undef, $delete_file).'</span><br />');
         }
     }
     $r->print(&done(undef,$url,$group));
@@ -397,8 +452,8 @@ sub delete_dir_confirmed {
 					       $directory_name);
 					       
     if ($result ne 'ok') {
-	$r->print('<font color="red"> An error occured (dir) ('.$result.
-		  ') while trying to delete '.$directory_name.'</font><br />');
+	$r->print('<span class="LC_error"> An error occured (dir) ('.$result.
+		  ') while trying to delete '.$directory_name.'</span><br />');
     } else {
         # now remove from recent
 #        $r->print('<br /> removing '.$directory_name.'<br /');
@@ -437,9 +492,9 @@ sub rename_confirmed {
     my ($uname,$udom) = &get_name_dom($group);
     my $port_path = &get_port_path($group);
     if ($filenewname eq '') {
-	$r->print('<font color="red">'.
+	$r->print('<span class="LC_error">'.
 		  &mt("Error: no valid filename was provided to rename to.").
-		  '</font><br />');
+		  '</span><br />');
 	$r->print(&done(undef,$url,$group));
 	return;
     } 
@@ -448,41 +503,206 @@ sub rename_confirmed {
             $port_path.$env{'form.currentpath'}.$env{'form.selectfile'},
             $port_path.$env{'form.currentpath'}.$filenewname);
     if ($result ne 'ok') {
-	$r->print('<font color="red"> An errror occured ('.$result.
-		  ') while trying to rename '.&display_file().' to '.
-		  &display_file(undef,$filenewname).'</font><br />');
+	$r->print('<span class="LC_error">'.
+		  &mt('An errror occured ([_1]) while trying to rename [_2]'
+		      .' to [_3]',$result,&display_file(),
+		      &display_file('',$filenewname)).'</span><br />');
     }
     if ($filenewname ne $env{'form.filenewname'}) {
-        $r->print("The new file name was changed from:<br /><strong>".$env{'form.filenewname'}."</strong> to <strong>$filenewname </strong>");
+        $r->print(&mt("The new file name was changed from:<br />[_1] to [_2]",
+		      '<strong>'.&display_file('',$env{'form.filenewname'}).'</strong>',
+		      '<strong>'.&display_file('',$filenewname).'</strong>'));
     }
     $r->print(&done(undef,$url,$group));
 }
 
 sub display_access {
-    my ($r,$url,$group) = @_;
+    my ($r,$url,$group,$can_setacl) = @_;
     my ($uname,$udom) = &get_name_dom($group);
     my $file_name = $env{'form.currentpath'}.$env{'form.access'};
     $file_name = &prepend_group($file_name,$group);
     my $current_permissions = &Apache::lonnet::get_portfile_permissions($udom,
                                                                         $uname);
     my %access_controls = &Apache::lonnet::get_access_controls($current_permissions,$group,$file_name);
-    &open_form($r,$url);
-    $r->print('<h3>'.&mt('Allowing others to retrieve portfolio file: [_1]',$env{'form.currentpath'}.$env{'form.access'}).'</h3>'."\n");
-    $r->print(&mt('Access to this file by others can be set to be one the following types: public.').'<br /><ul><li>'.&mt('Public files are available to anyone without the need for login.').'</li></ul><br />');
-    &access_setting_table($r,$access_controls{$file_name});
-    &close_form($r,$url,$group);
+    my $aclcount = keys(%access_controls);
+    my $header = '<h3>'.&mt('Allowing others to retrieve portfolio file: [_1]',$env{'form.currentpath'}.$env{'form.access'}).'</h3>';
+    my $info .= 
+	&mt('Access to this file by others can be set to be one or more of the following types: public, passphrase-protected or conditional.').
+	'<br /><ul><li>'.
+	&mt('Public files are available to anyone without the need for login.').
+	'</li><li>'.
+	&mt('Passphrase-protected files do not require log-in, but will require the viewer to enter the passphrase you set.').
+	'</li>'.
+	#'<li>'.
+	#&mt('Conditional files are accessible to logged-in users with accounts in the LON-CAPA network, who satisfy the conditions you set.').
+	#'<br />'.
+	#&mt('The conditions can include affiliation with a particular course or group, or a user account in a specific domain.').
+	#'<br />'.
+	#&mt('Alternatively access can be granted to people with specific LON-CAPA usernames and domains.').
+	'</li></ul>';
+    if ($can_setacl) {
+        &open_form($r,$url);
+        $r->print($header.$info);
+        &access_setting_table($r,$access_controls{$file_name});
+        my $button_text = {
+                        'continue' => &mt('Proceed'),
+                        'cancel' => &mt('Back to directory listing'),
+                      };
+        &close_form($r,$url,$group,$button_text);
+    } else {
+        $r->print($header);
+        if ($aclcount) {  
+            $r->print($info);
+        }
+        &view_access_settings($r,$url,$group,$access_controls{$file_name},
+                              $aclcount);
+    }
+}
+
+sub view_access_settings {
+    my ($r,$url,$group,$access_controls,$aclcount) = @_;
+    my ($showstart,$showend);
+    my %todisplay;
+    foreach my $key (sort(keys(%{$access_controls}))) {
+        my ($num,$scope,$end,$start) = &unpack_acc_key($key);
+        $todisplay{$scope}{$key} = $$access_controls{$key};
+    }
+    if ($aclcount) {
+        $r->print(&mt('<h4>Current access controls defined for this file:</h4>'));
+        $r->print(&Apache::loncommon::start_data_table());
+        $r->print(&Apache::loncommon::start_data_table_header_row());
+        $r->print('<th>'.&mt('Access control').'</th><th>'.&mt('Dates available').
+                  '</th><th>'.&mt('Additional information').'</th>');
+        $r->print(&Apache::loncommon::end_data_table_header_row());
+        my $count = 1;
+        my $chg = 'none';
+        &build_access_summary($r,$count,$chg,%todisplay);
+        $r->print(&Apache::loncommon::end_data_table());
+    } else {
+        $r->print(&mt('No access control settings currently exist for this file.<br />' ));
+    }
+    my $group_arg;
+    if ($group) {
+        $group_arg = '&amp;group='.$group;
+    }
+    $r->print('<br /><a href="'.$url.'?currentpath='.$env{'form.currentpath'}.
+              $group_arg.'">'.&mt('Return to directory listing').'</a>');
+    return;
+}
+
+sub build_access_summary {
+    my ($r,$count,$chg,%todisplay) = @_; 
+    my ($showstart,$showend);
+    my %scope_desc = (
+                      public => 'Public',
+                      guest => 'Passphrase-protected',
+                      domains => 'Conditional: domain-based',
+                      users => 'Conditional: user-based',
+                      course => 'Conditional: course-based',
+                      group => 'Conditional: group-based',
+                     );
+    my @allscopes = ('public','guest','domains','users','course','group');
+    foreach my $scope (@allscopes) {
+        if ((!(exists($todisplay{$scope}))) || (ref($todisplay{$scope}) ne 'HASH')) {
+            next;
+        }
+        foreach my $key (sort(keys(%{$todisplay{$scope}}))) {
+            if ($count) {
+                $r->print(&Apache::loncommon::start_data_table_row());
+            }
+            my ($num,$scope,$end,$start) = &unpack_acc_key($key);
+            my $content = $todisplay{$scope}{$key};
+            if ($chg eq 'delete') {
+                $showstart = &mt('Deleted');
+                $showend = $showstart;
+            } else {
+                $showstart = localtime($start);
+                if ($end == 0) {
+                    $showend = &mt('No end date');
+                } else {
+                    $showend = localtime($end);
+                }
+            }
+            $r->print('<td>'.&mt($scope_desc{$scope}));
+            if (($scope eq 'course') || ($scope eq 'group')) {
+                if ($chg ne 'delete') {
+                    my $cid = $content->{'domain'}.'_'.$content->{'number'};
+                    my %course_description = &Apache::lonnet::coursedescription($cid);
+                    $r->print('<br />('.$course_description{'description'}.')');
+                }
+            }
+            $r->print('</td><td>'.&mt('Start: ').$showstart.
+                  '<br />'.&mt('End: ').$showend.'</td><td>');
+            if ($chg ne 'delete') {
+                if ($scope eq 'guest') {
+                    $r->print(&mt('Passphrase').': '.$content->{'password'});
+                } elsif ($scope eq 'course' || $scope eq 'group') {
+                    $r->print('<table><tr>');
+                    $r->print('<th>'.&mt('Roles').'</th><th>'.
+                          &mt('Access').'</th><th>'.
+                                          &mt('Sections').'</th>');
+                    if ($scope eq 'course') {
+                        $r->print('<th>'.&mt('Groups').'</th>');
+                    } else {
+                        $r->print('<th>'.&mt('Teams').'</th>');
+                    }
+                    $r->print('</tr>');
+                    foreach my $id (sort(keys(%{$content->{'roles'}}))) {
+                        $r->print('<tr>');
+                        foreach my $item ('role','access','section','group') {
+                            $r->print('<td>');
+                            if ($item eq 'role') {
+                                my $ucscope = $scope;
+                                $ucscope =~ s/^(\w)/uc($1)/e;
+                                my $role_output;
+                                foreach my $role (@{$content->{'roles'}{$id}{$item}}) {
+                                    if ($role eq 'all') {
+                                        $role_output .= $role.',';
+                                    } elsif ($role =~ /^cr/) {
+                                        $role_output .= (split('/',$role))[3].',';
+                                    } else {
+                                        $role_output .= &Apache::lonnet::plaintext($role,$ucscope).',';
+                                    }
+                                }
+                                $role_output =~ s/,$//;
+                                $r->print($role_output);
+                            } else {
+                                $r->print(join(',',@{$content->{'roles'}{$id}{$item}}));
+                            }
+                            $r->print('</tr>');
+                        }
+			$r->print("</table>");
+                    }
+		    $r->print("</tr></table>");
+                } elsif ($scope eq 'domains') {
+                    $r->print(&mt('Domains: ').join(',',@{$content->{'dom'}}));
+                } elsif ($scope eq 'users') {
+                    my $curr_user_list = &sort_users($content->{'users'});
+                    $r->print(&mt('Users: ').$curr_user_list);
+                } else {
+                    $r->print('&nbsp;');
+                }
+            } else {
+                $r->print('&nbsp;');
+            }
+            $r->print('</td>');
+            $r->print(&Apache::loncommon::end_data_table_row());
+            $count ++;
+        }
+    }
 }
 
+
 sub update_access {
     my ($r,$url,$group) = @_;
     my $totalprocessed = 0;
     my %processing;
     my %title  = (
-                         'activate' => 'New controls added',
-                         'delete'   => 'Existing controls deleted',
-                         'update'   => 'Existing controls modified',
+                         'activate' => 'New control(s) added',
+                         'delete'   => 'Existing control(s) deleted',
+                         'update'   => 'Existing control(s) modified',
                      );
-    my $changes;   
+    my $changes;
     foreach my $chg (sort(keys(%title))) {     
         @{$processing{$chg}} = &Apache::loncommon::get_env_multiple('form.'.$chg);
         $totalprocessed += @{$processing{$chg}};
@@ -494,89 +714,182 @@ sub update_access {
                 $$changes{$chg}{$newkey} = 1;
             } else {
                 $$changes{$chg}{$newkey} = 
-                                 &build_access_record($num,$scope,$start,$end);
+                            &build_access_record($num,$scope,$start,$end,$chg);
             }
         }
     }
     my $file_name = $env{'form.currentpath'}.$env{'form.selectfile'};
-    $r->print('<h3>'.&mt('Allowing others to retrieve portfolio file: [_1]',$file_name).'</h3>'."\n");
+    $r->print('<h3>'.&mt('Allowing others to retrieve portfolio file: [_1]',
+              $file_name).'</h3>'."\n");
     $file_name = &prepend_group($file_name,$group);
     my ($uname,$udom) = &get_name_dom($group);
     my ($errors,$outcome,$deloutcome,$new_values,$translation);
     if ($totalprocessed) {
         ($outcome,$deloutcome,$new_values,$translation) =
-        &Apache::lonnet::modify_access_controls($file_name,$changes,$udom,$uname);
+        &Apache::lonnet::modify_access_controls($file_name,$changes,$udom,
+                                                $uname);
     }
-    my $current_permissions = &Apache::lonnet::get_portfile_permissions($udom,                                                                    $uname);
-    my %access_controls = &Apache::lonnet::get_access_controls($current_permissions,$group,$file_name);
+    my $current_permissions = &Apache::lonnet::get_portfile_permissions($udom,
+                                                                       $uname);
+    my %access_controls = 
+	&Apache::lonnet::get_access_controls($current_permissions,
+					     $group,$file_name);
     if ($totalprocessed) {
         if ($outcome eq 'ok') {
             my $updated_controls = $access_controls{$file_name};
             my ($showstart,$showend);
             $r->print(&Apache::loncommon::start_data_table());
-            $r->print(&Apache::loncommon::start_data_table_row());
-            $r->print('<th>'.&mt('Type of change').'</th><th>'.&mt('Access control').'</th><th>'.&mt('Start date').'</th><th>'.&mt('End date').'</th>');
-            $r->print(&Apache::loncommon::end_data_table_row());
+            $r->print(&Apache::loncommon::start_data_table_header_row());
+            $r->print('<th>'.&mt('Type of change').'</th><th>'.
+                      &mt('Access control').'</th><th>'.&mt('Dates available').
+                      '</th><th>'.&mt('Additional information').'</th>');
+            $r->print(&Apache::loncommon::end_data_table_header_row());
             foreach my $chg (sort(keys(%processing))) {
                 if (@{$processing{$chg}} > 0) {
                     if ($chg eq 'delete') {
                         if (!($deloutcome eq 'ok')) {
-                            $errors .= &mt('A problem occurred deleting access controls: [_1]',$deloutcome);
+                            $errors .='<span class="LC_error">'.
+				&mt('A problem occurred deleting access controls: [_1]',$deloutcome).
+				'</span>';
                             next;
                         }
                     }
                     my $numchgs = @{$processing{$chg}};
                     $r->print(&Apache::loncommon::start_data_table_row());
-                    $r->print('<td rowspan="'.$numchgs.'">'.&mt($title{$chg}).'.</td>');
+                    $r->print('<td rowspan="'.$numchgs.'">'.&mt($title{$chg}).
+                              '.</td>');
                     my $count = 0;
+                    my %todisplay;
                     foreach my $key (sort(keys(%{$$changes{$chg}}))) {
-                        if ($count) {
-                            $r->print(&Apache::loncommon::start_data_table_row());
-                        }
-                        my ($num,$scope,$end,$start) = 
-                                   ($key =~ /^([^:]+):([a-z]+)_(\d*)_?(\d*)$/);
+                        my ($num,$scope,$end,$start) = &unpack_acc_key($key);
                         my $newkey = $key;
                         if ($chg eq 'activate') {
                             $newkey =~ s/^(\d+)/$$translation{$1}/;
                         }
-                        my %content = &Apache::lonnet::parse_access_controls(
-                                                     $$updated_controls{$newkey});
-                        if ($chg eq 'delete') {
-                            $showstart = &mt('Deleted');
-                            $showend = $showstart;
-                        } else {
-                            $showstart = localtime($start);
-                            if ($end == 0) {
-                                $showend = &mt('No end date');
-                            } else {
-                                $showend = localtime($end);
-                            }
-                        }
-                        $r->print('<td>'.&mt($scope).'</td><td>'.$showstart.
-                                  '</td><td>'. $showend.'</td>');
-                        $r->print(&Apache::loncommon::end_data_table_row());
-                        $count ++;
+                        $todisplay{$scope}{$newkey} = $$updated_controls{$newkey};
                     }
+                    &build_access_summary($r,$count,$chg,%todisplay);  
                 }
             }
             $r->print(&Apache::loncommon::end_data_table());
         } else {
             if ((@{$processing{'activate'}} > 0) || (@{$processing{'update'}} > 0)) {
-                $errors .= &mt('A problem occurred storing access control settings: [_1]',$outcome);
+                $errors .= '<span class="LC_error">'.
+		    &mt('A problem occurred storing access control settings: [_1]',$outcome).
+		    '</span>';
             }
         }
         if ($errors) { 
             $r->print($errors);
         }
     }
-    $r->print('<br /><a href="'.$url.'?access='.$env{'form.selectfile'}.'&currentpath='.$env{'form.currentpath'}.'">'.&mt('Display all access settings for this file').'</a>');
+    my $allnew = 0;
+    my $totalnew = 0;
+    my $status = 'new';
+    my ($firstitem,$lastitem);
+    foreach my $newitem ('course','group','domains','users') {
+        $allnew += $env{'form.new'.$newitem};
+    }
+    if ($allnew > 0) {
+        my $now = time;
+        my $then = $now + (60*60*24*180); # six months approx.
+        &open_form($r,$url,$group);
+        foreach my $newitem ('course','group','domains','users') {
+            if ($env{'form.new'.$newitem} > 0) {
+                $r->print('<br />'.&mt('Add new <b>[_1]-based</b> access control for portfolio file: <b>[_2]</b>',$newitem,$env{'form.currentpath'}.$env{'form.selectfile'}).'<br /><br />');
+                $firstitem = $totalnew;
+                $lastitem = $totalnew + $env{'form.new'.$newitem};
+                $totalnew = $lastitem;
+                my @numbers;   
+                for (my $i=$firstitem; $i<$lastitem; $i++) {
+                    push (@numbers,$i);
+                }
+                &display_access_row($r,$status,$newitem,\@numbers,
+                                    $access_controls{$file_name},$now,$then);
+            }
+        }
+        &close_form($r,$url,$group);
+    } else {
+        my $group_arg;
+        if ($group) {
+            $group_arg = '&amp;group='.$group;
+        }
+        $r->print('<br /><a href="'.$url.'?access='.$env{'form.selectfile'}.
+                  '&amp;currentpath='.$env{'form.currentpath'}.$group_arg.'">'.
+                   &mt('Display all access settings for this file').'</a>');
+    }
     return;
 }
 
 sub build_access_record {
-    my ($num,$scope,$start,$end) = @_;
-    my $record = '<scope type="'.$scope.'"><start>'.$start.'</start><end>'.$end.
-                 '</end></scope>';
+    my ($num,$scope,$start,$end,$chg) = @_;
+    my $record = {
+	type => $scope,
+	time => {
+	    start => $start,
+	    end   => $end
+	    },
+	    };
+		
+    if ($scope eq 'guest') {	
+        $record->{'password'} = $env{'form.password'};
+    } elsif (($scope eq 'course') || ($scope eq 'group')) {
+        $record->{'domain'} = $env{'form.crsdom_'.$num};
+	$record->{'number'} = $env{'form.crsnum_'.$num};
+        my @role_ids;
+        my @delete_role_ids =
+            &Apache::loncommon::get_env_multiple('form.delete_role_'.$num);
+	my @preserves =
+	    &Apache::loncommon::get_env_multiple('form.preserve_role_'.$num);
+	if (@delete_role_ids) {
+	    foreach my $id (@preserves) {
+		if (grep {$_ = $id} (@delete_role_ids)) {
+		    next;
+		}
+		push(@role_ids,$id); 
+	    }
+	} else {
+	    push(@role_ids,@preserves);
+	}
+
+	my $next_id = $env{'form.add_role_'.$num};
+	if ($next_id) {
+	    push(@role_ids,$next_id);
+	}
+
+        foreach my $id (@role_ids) {
+            my (@roles,@accesses,@sections,@groups);
+            if (($id == $next_id) && ($chg eq 'update')) {
+                @roles    = split(/,/,$env{'form.role_'.$num.'_'.$next_id});
+                @accesses = split(/,/,$env{'form.access_'.$num.'_'.$next_id});
+                @sections = split(/,/,$env{'form.section_'.$num.'_'.$next_id});
+                @groups   = split(/,/,$env{'form.group_'.$num.'_'.$next_id});
+            } else {
+                @roles = &Apache::loncommon::get_env_multiple('form.role_'.$num.'_'.$id);
+                @accesses = &Apache::loncommon::get_env_multiple('form.access_'.$num.'_'.$id);
+                @sections = &Apache::loncommon::get_env_multiple('form.section_'.$num.'_'.$id);
+                @groups = &Apache::loncommon::get_env_multiple('form.group_'.$num.'_'.$id);
+            }
+	    $record->{'roles'}{$id}{'role'}    = \@roles;
+	    $record->{'roles'}{$id}{'access'}  = \@accesses;
+	    $record->{'roles'}{$id}{'section'} = \@sections;
+	    $record->{'roles'}{$id}{'group'}   = \@groups;
+        }
+    } elsif ($scope eq 'domains') {
+        my @doms = &Apache::loncommon::get_env_multiple('form.dom_'.$num);
+	$record->{'dom'} = \@doms;
+    } elsif ($scope eq 'users') {
+        my $userlist = $env{'form.users_'.$num};
+        $userlist =~ s/\s+//sg;
+	my %userhash = map { ($_,1) } (split(/,/,$userlist));
+        foreach my $user (keys(%userhash)) {
+            my ($uname,$udom) = split(/:/,$user);
+	    push(@{$record->{'users'}}, {
+		'uname' => $uname,
+		'udom'  => $udom
+		});
+	}
+    }
     return $record;
 }
 
@@ -592,82 +905,483 @@ sub get_dates_from_form {
     return ($startdate,$enddate);
 }
 
+sub sort_users {
+    my ($users) = @_; 
+    my @curr_users = map {
+	$_->{'uname'}.':'.$_->{'udom'}
+    } (@{$users});
+    my $curr_user_list = join(",\n",sort(@curr_users));
+    return $curr_user_list;
+}
+
 sub access_setting_table {
     my ($r,$access_controls) = @_;
     my ($public,$publictext);
-    $publictext = '<b>'.&mt('Off').'</b>';
+    $publictext = &mt('Off');
     my ($guest,$guesttext);
-    $guesttext = '<b>'.&mt('Off').'</b>';
+    $guesttext = &mt('Off');
     my @courses = ();
     my @groups = ();
     my @domains = ();
     my @users = ();
     my $now = time;
     my $then = $now + (60*60*24*180); # six months approx.
+    my ($num,$scope,$publicnum,$guestnum);
+    my (%acl_count,%end,%start);
     foreach my $key (sort(keys(%{$access_controls}))) {
-        my ($scope) = ($key =~ /^[^:]+:([a-z]+)_\d*_?\d*$/);
+        ($num,$scope,$end{$key},$start{$key}) = &unpack_acc_key($key);
         if ($scope eq 'public') {
             $public = $key;
-            $publictext = '<b>'.&mt('On').'</b>';
+            $publicnum = $num;
+            $publictext = &acl_status($start{$key},$end{$key},$now);
+        } elsif ($scope eq 'guest') {
+            $guest=$key;
+            $guestnum = $num;  
+            $guesttext = &acl_status($start{$key},$end{$key},$now);
+        } elsif ($scope eq 'course') {
+            push(@courses,$key);
+        } elsif ($scope eq 'group') {
+            push(@groups,$key);
+        } elsif ($scope eq 'domains') {
+            push(@domains,$key);
+        } elsif ($scope eq 'users') {
+            push(@users,$key);
         }
+        $acl_count{$scope} ++;
     }
+    $r->print('<table border="0"><tr><td valign="top">');
+    $r->print('<h3>'.&mt('Public access:').' '.$publictext.'</h3>');
     $r->print(&Apache::loncommon::start_data_table());
+    $r->print(&Apache::loncommon::start_data_table_header_row());
+    $r->print('<th>'.&mt('Action').'</th><th>'.&mt('Dates available').'</th>');
+    $r->print(&Apache::loncommon::end_data_table_header_row());
     $r->print(&Apache::loncommon::start_data_table_row());
-    $r->print('<th>'.&mt('Access Type').'</th><th colspan="3">'.
-              &mt('Settings').'</th>'."\n");
-    $r->print(&Apache::loncommon::end_data_table_row());
-    $r->print(&Apache::loncommon::start_data_table_row());
-    $r->print('<td><b>Public</b><br />'.$publictext.'</td><td colspan="3">');
-    $r->print(&Apache::loncommon::start_data_table());
-    $r->print(&Apache::loncommon::start_data_table_row());
-    my ($pub_startdate,$pub_enddate,$pub_action,$pub_noend);
     if ($public) {
-        my ($num,$end,$start) = ($public =~ /^([^:]+):[a-z]+_(\d*)_?(\d*)$/);
-        if ($end == 0) {
-            $pub_noend = 'checked="checked"';
-        }
-        $pub_action = '<td><label>
-                         <input type="checkbox" name="delete" value="'.$num.
-                      '" />'.&mt('Delete').'
-                      </label> <br />
-                      <label><input type="checkbox" name="update" value="'.
-		      $num.'" />'.&mt('Update').
-		      '</label>'.
-                      '<input type="hidden" name="scope_'.$num.'"'.
-                      ' value="public" /></td>';
-        $pub_startdate = &Apache::lonhtmlcommon::date_setter('portform',
-                          'startdate_'.$num,$start,undef,undef,undef,1,undef,
-                          undef,undef,1);
-        $pub_enddate = &Apache::lonhtmlcommon::date_setter('portform',
-                          'enddate_'.$num,$end,undef,undef,undef,1,undef,
-                          undef,undef,1).
-                       '&nbsp;&nbsp;<nobr><label>
-                       <input type="checkbox" name="noend_'.
-                       $num.'" '.$pub_noend.' />'.&mt('No end date').
-		       '</label></nobr>';
-    } else {
-        $pub_action = '<label>'.
-	              '<input type="checkbox" name="activate" value="0" />'.
-                      &mt('Activate').'</label>'.
-                      '<input type="hidden" name="scope_0" value="public" />';
-        $pub_startdate = &Apache::lonhtmlcommon::date_setter('portform',
-                          'startdate_0',$now,undef,undef,undef,1,undef,
-                          undef,undef,1);
-        $pub_enddate = &Apache::lonhtmlcommon::date_setter('portform',
-                          'enddate_0',$then,,undef,undef,undef,1,undef,
-                          undef,undef,1).
-                       '&nbsp;&nbsp<nobr><label><input type="checkbox" '.
-                       'name="noend_0" />'.&mt('No end date').
-                       '</label></nobr>';
-
+        $r->print('<td>'.&actionbox('old',$publicnum,'public').'</td><td>'.
+                  &dateboxes($publicnum,$start{$public},$end{$public}).'</td>');
+    } else {
+        $r->print('<td>'.&actionbox('new','0','public').'</td><td>'.
+                  &dateboxes('0',$now,$then).'</td>');
     }
-    $r->print('<td>'.$pub_action.'</td><td>'.&mt('Start: ').$pub_startdate.
-              '<br />'.&mt('End: ').$pub_enddate.'</td>');
     $r->print(&Apache::loncommon::end_data_table_row());
     $r->print(&Apache::loncommon::end_data_table());
-    $r->print('</td>');
+    $r->print('</td><td width="40">&nbsp;</td><td valign="top">');
+    $r->print('<h3>'.&mt('Passphrase-protected access:').' '.$guesttext.'</h3>');
+    $r->print(&Apache::loncommon::start_data_table());
+    $r->print(&Apache::loncommon::start_data_table_header_row());
+    $r->print('<th>'.&mt('Action').'</th><th>'.&mt('Dates available').
+              '</th><th>'. &mt('Passphrase').'</th>');
+    $r->print(&Apache::loncommon::end_data_table_header_row());
+    $r->print(&Apache::loncommon::start_data_table_row());
+    my $passwd;
+    if ($guest) {
+        $passwd = $$access_controls{$guest}{'password'};
+        $r->print('<td>'.&actionbox('old',$guestnum,'guest').'</td><td>'.
+                  &dateboxes($guestnum,$start{$guest},$end{$guest}).'</td>');
+    } else {
+        $r->print('<td>'.&actionbox('new','1','guest').'</td><td>'.
+                  &dateboxes('1',$now,$then).'</td>');
+    }
+    $r->print('<td><input type="text" size="15" name="password" value="'.
+              $passwd.'" /></td>');
     $r->print(&Apache::loncommon::end_data_table_row());
     $r->print(&Apache::loncommon::end_data_table());
+
+    #$r->print('</td></tr><tr><td colspan="3">&nbsp;</td></tr><tr><td valign="top">');
+    #&access_element($r,'domains',\%acl_count,\@domains,$access_controls,$now,$then);
+    #$r->print('</td><td>&nbsp;</td><td valign="top">');
+    #&access_element($r,'users',\%acl_count,\@users,$access_controls,$now,$then);
+    #$r->print('</td></tr><tr><td colspan="3"></td></tr><tr>');
+    #if (@courses > 0 || @groups > 0) {
+    #    $r->print('<td colspan="3" valign="top">');
+    #} else {
+    #    $r->print('<td valign="top">');
+    #}
+    #&access_element($r,'course',\%acl_count,\@courses,$access_controls,$now,$then);
+    #$r->print('</td>');
+    #if (@courses > 0 || @groups > 0) {
+    #    $r->print('</tr><tr><td colspan="3">&nbsp;</td></tr><tr><td colspan="3" valign="top">');
+    #} else {
+    #    $r->print('<td>&nbsp;</td><td valign="top">');
+    #}
+    #&access_element($r,'group',\%acl_count,\@groups,$access_controls,$now,$then);
+    $r->print('</td></tr></table>');
+}
+
+sub acl_status {
+    my ($start,$end,$now) = @_;
+    if ($start > $now) {
+        return &mt('Inactive');
+    }
+    if ($end && $end<$now) {
+        return &mt('Inactive');
+    }
+    return &mt('Active');
+}
+
+sub access_element {
+    my ($r,$type,$acl_count,$items,$access_controls,$now,$then) = @_;
+    my $title = $type;
+    $title =~ s/s$//;
+    $title =~ s/^(\w)/uc($1)/e;
+    $r->print('<h3>'.&mt('[_1]-based conditional access: ',$title));
+    if ($$acl_count{$type}) {
+        $r->print($$acl_count{$type}.' ');
+        if ($$acl_count{$type} > 1) {
+            $r->print(&mt('conditions'));
+        } else {
+            $r->print(&mt('condition'));
+        }
+    } else {
+        $r->print(&mt('Off'));
+    }
+    $r->print('</h3>');
+    &display_access_row($r,'old',$type,$items,$access_controls,$now,$then);
+    return;
+}
+
+sub display_access_row {
+    my ($r,$status,$type,$items,$access_controls,$now,$then) = @_;
+    if (@{$items} > 0) {
+        my @all_doms;
+        my $colspan = 3;
+        my $uctype = $type;
+        $uctype =~ s/^(\w)/uc($1)/e;
+        $r->print(&Apache::loncommon::start_data_table());
+        $r->print(&Apache::loncommon::start_data_table_header_row());
+        $r->print('<th>'.&mt('Action?').'</th><th>'.&mt($uctype).'</th><th>'.
+              &mt('Dates available').'</th>');
+        if (($type eq 'course') || ($type eq 'group')) {
+            $r->print('<th>'.&mt('Allowed [_1] member affiliations',$type).
+                      '</th>');
+            $colspan ++;
+        } elsif ($type eq 'domains') {
+            @all_doms = &Apache::loncommon::get_domains();
+        }
+        $r->print(&Apache::loncommon::end_data_table_header_row());
+        foreach my $key (@{$items}) {
+	    $r->print(&Apache::loncommon::start_data_table_row());
+            if (($type eq 'course') || ($type eq 'group')) {
+                &course_row($r,$status,$type,$key,$access_controls,$now,$then);
+            } elsif ($type eq 'domains') {
+                &domains_row($r,$status,$key,\@all_doms,$access_controls,$now,
+                            $then);
+            } elsif ($type eq 'users') {
+                &users_row($r,$status,$key,$access_controls,$now,$then);
+            }
+	    $r->print(&Apache::loncommon::end_data_table_row());
+        }
+        if ($status eq 'old') {
+	    $r->print(&Apache::loncommon::start_data_table_row());
+            $r->print('<td colspan="',$colspan.'">'.&additional_item($type).
+                      '</td>');
+	    $r->print(&Apache::loncommon::end_data_table_row());
+        }
+        $r->print(&Apache::loncommon::end_data_table());
+    } else {
+        $r->print(&mt('No [_1]-based conditions defined.<br />',$type).
+                  &additional_item($type));
+    }
+    return;
+}
+
+sub course_js {
+    return qq|
+<script type="text/javascript">
+function setRoleOptions(caller,num,cdom,cnum,type) {
+    addIndexnum = getCallerIndex(caller);
+    updateIndexnum = getIndex('update',num);
+    if (caller.checked) {
+        document.portform.elements[updateIndexnum].checked = true;
+        var url = '/adm/portfolio?action=rolepicker&setroles='+addIndexnum+'&cnum='+cnum+'&cdom='+cdom+'&type='+type;
+        var title = 'Roles_Chooser';
+        var options = 'scrollbars=1,resizable=1,menubar=0';
+        options += ',width=700,height=600';
+        rolebrowser = open(url,title,options,'1');
+        rolebrowser.focus();
+    } else {
+        for (var j=0;j<5;j++) {
+            document.portform.elements[addIndexnum+j].value = '';
+        }
+    }
+}
+
+function getCallerIndex(caller) {
+    for (var i=0;i<document.portform.elements.length;i++) {
+        if (document.portform.elements[i] == caller) {
+            return i;
+        }
+    }
+    return -1;
+}
+
+function getIndex(name,value) {
+    for (var i=0;i<document.portform.elements.length;i++) {
+        if (document.portform.elements[i].name == name && document.portform.elements[i].value == value) {
+            return i;
+        }
+    }
+    return -1;
+}
+
+</script>
+|;
+}
+
+sub course_row {
+    my ($r,$status,$type,$item,$access_controls,$now,$then) = @_;
+    my $content;
+    my $defdom = $env{'user.domain'};
+    if ($status eq 'old') {
+        $content = $$access_controls{$item}; 
+        $defdom =  $content->{'domain'};
+    }
+    my $js = &Apache::loncommon::coursebrowser_javascript($defdom)
+	.&course_js();
+    my $crsgrptext = 'Groups';
+    if ($type eq 'group') {
+        $crsgrptext = 'Teams';
+    }
+    my $uctype = $type;
+    $uctype =~ s/^(\w)/uc($1)/e;
+    my ($num,$scope,$end,$start) = &set_identifiers($status,$item,$now,$then,
+                                                    $type);
+    $r->print('<td>'.$js.&actionbox($status,$num,$scope).'</td>');
+    if ($status eq 'old') {
+        my $cid = $content->{'domain'}.'_'.$content->{'number'};
+        my %course_description = &Apache::lonnet::coursedescription($cid);
+        $r->print('<td><input type="hidden" name="crsdom_'.$num.'" value="'.$content->{'domain'}.'" /><input type="hidden" name="crsnum_'.$num.'" value="'.$content->{'number'}.'" />'.$course_description{'description'}.'</td>');
+    } elsif ($status eq 'new') {
+        $r->print('<td>'.&Apache::loncommon::selectcourse_link('portform','crsnum_'.$num,'crsdom_'.$num,'description_'.$num,undef,undef,$uctype).'&nbsp;&nbsp;<input type="text" name="description_'.$num.'" size="30" /><input type="hidden" name="crsdom_'.$num.'" /><input type="hidden" name="crsnum_'.$num.'" /></td>');
+    }
+    $r->print('<td>'.&dateboxes($num,$start,$end).'</td>');
+    $r->print('<td><table><tr>');
+    $r->print('<th>'.&mt('Action').'</th><th>'.&mt('Roles').'</th><th>'.
+              &mt('Access').'</th><th>'.&mt('Sections').'</th><th>'.
+              &mt($crsgrptext).'</th></tr>');
+    if ($status eq 'old') {
+        my $max_id = 0;
+        foreach my $role_id (sort(keys(%{$content->{'roles'}}))) {
+            if ($role_id > $max_id) {
+                $max_id = $role_id;
+            }
+            $max_id ++;
+            my $role_selects = &role_selectors($num,$role_id,$status,$type,$content,'display');
+            $r->print('<tr><td><span style="white-space: nowrap"><label><input type="checkbox" name="delete_role_'.$num.'" value="'.$role_id.'" />'.&mt('Delete').'</label></span><br /><input type="hidden" name="preserve_role_'.$num.'" value="'.$role_id.'" /></td>'.$role_selects.'</tr>');
+        }
+        $r->print('</table><br />'.&mt('Add a roles-based condition').'&nbsp;<input type="checkbox" name ="add_role_'.$num.'" onClick="javascript:setRoleOptions(this,'."'$num','$content->{'domain'}','$content->{'number'}','$uctype'".')" value="'.$max_id.'" /><input type="hidden" name="role_'.$num.'_'.$max_id.'" /><input type="hidden" name="access_'.$num.'_'.$max_id.'" /><input type="hidden" name="section_'.$num.'_'.$max_id.'" /><input type="hidden" name="group_'.$num.'_'.$max_id.'" /></td>');
+    } elsif ($status eq 'new') {
+        my $role_id = 1;
+        my $role_selects = &role_selectors($num,$role_id,$status,$type,undef,'display');
+        $r->print('<tr><td><input type="checkbox" name="add_role_'.$num.'" value="'.$role_id.'" checked="checked" />'.&mt('Add').'<input type="hidden" name="grplist_'.$num.'_'.$role_id.'" /></td>'.$role_selects);
+        $r->print('</tr></table></td>');
+    }
+    return;
+}
+
+sub domains_row {
+    my ($r,$status,$item,$all_doms,$access_controls,$now,$then) = @_;
+    my ($num,$scope,$end,$start) = &set_identifiers($status,$item,$now,$then,
+                                                    'domains');
+    my $dom_select = '<select name="dom_'.$num.'" size="4" multiple="true">'.
+                     ' <option value="">'.&mt('Please select').'</option>';
+    if ($status eq 'old') {
+        my $content =  $$access_controls{$item};
+	foreach my $dom (@{$all_doms}) {
+            if ((@{$content->{'dom'}} > 0) 
+		&& (grep(/^\Q$dom\E$/,@{$content->{'dom'}}))) {
+                $dom_select .= '<option value="'.$dom.'" selected>'.
+                               $dom.'</option>';
+            } else {
+                $dom_select .= '<option value="'.$dom.'">'.$dom.'</option>';
+            }
+        }
+    } else {
+        foreach my $dom (@{$all_doms}) {
+            $dom_select .= '<option value="'.$dom.'">'.$dom.'</option>';
+        }
+    }
+    $dom_select .= '</select>';
+    $r->print('<td>'.&actionbox($status,$num,$scope).'</td><td>'.$dom_select.
+              '</td><td>'.&dateboxes($num,$start,$end).'</td>');
+}
+
+sub users_row {
+    my ($r,$status,$item,$access_controls,$now,$then) = @_;
+    my ($num,$scope,$end,$start) = &set_identifiers($status,$item,$now,$then,
+                                                    'users');
+    my $curr_user_list;
+    if ($status eq 'old') {
+        my $content = $$access_controls{$item};
+        $curr_user_list = &sort_users($content->{'users'});
+    }
+    $r->print('<td>'.&actionbox($status,$num,$scope).'</td><td>'.&mt("Format for users' username:domain information:").'<br /><tt>sparty:msu,illini:uiuc  ... etc.</tt><br /><textarea name="users_'.$num.'" cols="30"  rows="5">'.$curr_user_list.'</textarea></td><td>'.&dateboxes($num,$start,$end).'</td>');
+}
+
+sub additional_item {
+    my ($type) = @_;
+    my $output = &mt('Add new [_1] condition(s)?',$type).'&nbsp;'.&mt('Number to add: ').'<input type="text" name="new'.$type.'" size="3" value="0" />';
+    return $output;
+}
+
+sub actionbox {
+    my ($status,$num,$scope) = @_;
+    my $output = '<span style="white-space: nowrap"><label>';
+    if ($status eq 'new') {
+        $output .= '<input type="checkbox" name="activate" value="'.$num.'" />'.
+        &mt('Activate');
+    } else {
+        $output .= '<input type="checkbox" name="delete" value="'.$num.
+                   '" />'.&mt('Delete').'</label></span><br /><span style="white-space: nowrap">'.
+                   '<label><input type="checkbox" name="update" value="'.
+                   $num.'" />'.&mt('Update');
+    }
+    $output .= '</label></span><input type="hidden" name="scope_'.$num.                '" value="'.$scope.'" />';
+    return $output;
+}
+                                                                                   
+sub dateboxes {
+    my ($num,$start,$end) = @_;
+    my $noend;
+    if ($end == 0) {
+        $noend = 'checked="checked"';
+    }
+    my $startdate = &Apache::lonhtmlcommon::date_setter('portform',
+                           'startdate_'.$num,$start,undef,undef,undef,1,undef,
+                            undef,undef,1);
+    my $enddate = &Apache::lonhtmlcommon::date_setter('portform',
+                               'enddate_'.$num,$end,undef,undef,undef,1,undef,
+                                undef,undef,1). '&nbsp;&nbsp;<span style="white-space: nowrap"><label>'.
+                                '<input type="checkbox" name="noend_'.
+                                $num.'" '.$noend.' />'.&mt('No end date').
+                                '</label></span>';
+                                                                                   
+    my $output = &mt('Start: ').$startdate.'<br />'.&mt('End: ').$enddate;
+    return $output;
+}
+
+sub unpack_acc_key {
+    my ($acc_key) = @_;
+    my ($num,$scope,$end,$start) = ($acc_key =~ /^([^:]+):([a-z]+)_(\d*)_?(\d*)$/);
+    return ($num,$scope,$end,$start);
+}
+
+sub set_identifiers {
+    my ($status,$item,$now,$then,$scope) = @_;
+    if ($status eq 'old') {
+        return(&unpack_acc_key($item));
+    } else {
+        return($item,$scope,$then,$now);
+    }
+} 
+
+sub role_selectors {
+    my ($num,$role_id,$status,$type,$content,$caller) = @_;
+    my ($output,$cdom,$cnum,$longid);
+    if ($caller eq 'display') {
+        $longid = '_'.$num.'_'.$role_id;
+        if ($status eq 'new') {
+            foreach my $item ('role','access','section','group') {
+                $output .= '<td><select name="'.$item.$longid.'">'.
+                           '<option value="">'.&mt('Pick [_1] first',$type).
+                           '</option></select></td>';
+            }
+            return $output;
+        } else {
+            $cdom = $$content{'domain'};
+            $cnum = $$content{'number'};
+        }
+    } elsif ($caller eq 'rolepicker') {
+         $cdom = $env{'form.cdom'};
+         $cnum = $env{'form.cnum'};
+    }
+    my $uctype = $type;
+    $uctype =~ s/^(\w)/uc($1)/e;
+    my ($sections,$groups,$allroles,$rolehash,$accesshash) =
+            &Apache::loncommon::get_secgrprole_info($cdom,$cnum,1,$uctype);
+    if (!@{$sections}) {
+        @{$sections} = ('none');
+    } else {
+        unshift(@{$sections},('all','none'));
+    }
+    if (!@{$groups}) {
+        @{$groups} = ('none');
+    } else {
+        unshift(@{$groups},('all','none'));
+    }
+    my @allacesses = sort(keys(%{$accesshash}));
+    my (%sectionhash,%grouphash);
+    foreach my $sec (@{$sections}) {
+        $sectionhash{$sec} = $sec;
+    }
+    foreach my $grp (@{$groups}) {
+        $grouphash{$grp} = $grp;
+    }
+    my %lookup = (
+                   'role' => $rolehash,
+                   'access' => $accesshash,
+                   'section' => \%sectionhash,
+                   'group' => \%grouphash,
+                 );
+    my @allaccesses = sort(keys(%{$accesshash}));
+    my %allitems = (
+                    'role' => $allroles,
+                    'access' => \@allaccesses,
+                    'section' => $sections,
+                    'group' => $groups, 
+                   );
+    foreach my $item ('role','access','section','group') {
+        $output .= '<td><select name="'.$item.$longid.'" multiple="true" size="4">'."\n";
+        foreach my $entry (@{$allitems{$item}}) {
+            if ($caller eq 'display') {
+                if ((@{$$content{'roles'}{$role_id}{$item}} > 0) && 
+                    (grep(/^\Q$entry\E$/,@{$$content{'roles'}{$role_id}{$item}}))) {
+                    $output .= '  <option value="'.$entry.'" selected>'.
+                                  $lookup{$item}{$entry}.'</option>';
+                    next;
+                }
+            }
+            $output .= '  <option value="'.$entry.'">'.
+                       $lookup{$item}{$entry}.'</option>';
+        }
+        $output .= '</select>';
+    }
+    $output .= '</td>';
+    return $output;
+}
+
+sub role_options_window {
+    my ($r) = @_;
+    my $cdom = $env{'form.cdom'};
+    my $cnum = $env{'form.cnum'};
+    my $type = $env{'form.type'};
+    my $addindex = $env{'form.setroles'};
+    my $grouptitle = 'Groups';
+    if ($type eq 'Group') {
+         $grouptitle = 'Teams';
+    } 
+    my $role_selects = &role_selectors(1,1,'new',$type,undef,'rolepicker');
+    $r->print(<<"END_SCRIPT");
+<script type="text/javascript">
+function setRoles() {
+    var addidx = $addindex+1;
+    for (var i=0; i<4; i++) {
+        var copylist = '';
+        for (var j=0; j<document.rolepicker.elements[i].length; j++) {
+            if (document.rolepicker.elements[i].options[j].selected) {
+                copylist = copylist + document.rolepicker.elements[i].options[j].value + ',';
+            }
+        }
+        copylist = copylist.substr(0,copylist.length-1);
+        opener.document.portform.elements[addidx+i].value = copylist;
+    }
+    self.close();
+}
+</script>
+END_SCRIPT
+    $r->print(&mt('Select roles, course status, section(s) and group(s) for users who will be able to access the portfolio file.'));
+    $r->print('<form name="rolepicker" action="/adm/portfolio" method="post"><table><tr><th>'.&mt('Roles').'</th><th>'.&mt('[_1] status',$type).'</th><th>'.&mt('Sections').'</th><th>'.&mt($grouptitle).'</th></tr><tr>'.$role_selects.'</tr></table><br /><input type="button" name="rolepickbutton" value="Save selections" onclick="setRoles()" />');
+    return;
 }
 
 sub select_files {
@@ -689,7 +1403,7 @@ sub select_files {
         $java_files.=',';
     }
     my $javascript =(<<ENDSMP);
-        <script language='javascript'>
+        <script type="text/javascript">
         function finishSelect() {
 ENDSMP
     $javascript .= 'fileList = "'.$java_files.'";';
@@ -749,17 +1463,17 @@ sub upload {
     }
     my $current_disk_usage = &Apache::lonnet::diskusage($udom,$uname,$portfolio_root);
     if (($current_disk_usage + $filesize) > $disk_quota){
-        $r->print('<font color="red">Unable to upload <strong>'.$fname.' (size = '.$filesize.' kilobytes)</strong>. Disk quota will be exceeded.'.
+        $r->print('<span class="LC_error">Unable to upload <strong>'.$fname.' (size = '.$filesize.' kilobytes)</strong>. Disk quota will be exceeded.</span>'.
                   '<br />Disk quota is '.$disk_quota.' kilobytes. Your current disk usage is '.$current_disk_usage.' kilobytes.');
         $r->print(&done('Back',$url,$group));
     } 
     elsif ($found_file){
         if ($locked_file){
-            $r->print('<font color="red">Unable to upload <strong>'.$fname.'</strong>, a <strong>locked</strong> file by that name was found in <strong>'.$port_path.$env{'form.currentpath'}.'</strong></font>'.
+            $r->print('<span class="LC_error">'.'Unable to upload <strong>'.$fname.'</strong>, a <strong>locked</strong> file by that name was found in <strong>'.$port_path.$env{'form.currentpath'}.'</strong></span>'.
                   '<br />You will be able to rename or delete existing '.$fname.' after a grade has been assigned.');
             $r->print(&done('Back',$url,$group));      
         } else {   
-            $r->print('<font color="red">Unable to upload <strong>'.$fname.'</strong>, a file by that name was found in <strong>'.$port_path.$env{'form.currentpath'}.'</strong></font>'.
+            $r->print('<span class="LC_error">'.'Unable to upload <strong>'.$fname.'</strong>, a file by that name was found in <strong>'.$port_path.$env{'form.currentpath'}.'</strong></span>'.
                   '<br />To upload, rename or delete existing '.$fname.' in '.$port_path.$env{'form.currentpath'});
             $r->print(&done('Back',$url,$group));
         }
@@ -767,8 +1481,8 @@ sub upload {
         my $result=&Apache::lonnet::userfileupload('uploaddoc','',
 	        	 $port_path.$env{'form.currentpath'});
         if ($result !~ m|^/uploaded/|) {
-            $r->print('<font color="red"> An errror occured ('.$result.
-	              ') while trying to upload '.&display_file().'</font><br />');
+            $r->print('<span class="LC_error">'.'An errror occured ('.$result.
+	              ') while trying to upload '.&display_file().'</span><br />');
 	    $r->print(&done('Back',$url,$group));
         } else {
             $r->print(&done(undef,$url,$group));
@@ -811,9 +1525,9 @@ sub createdir {
     my ($r,$url,$group)=@_;
     my $newdir=&Apache::lonnet::clean_filename($env{'form.newdir'});
     if ($newdir eq '') {
-    	$r->print('<font color="red">'.
+    	$r->print('<span class="LC_error">'.
 	    	  &mt("Error: no directory name was provided.").
-		      '</font><br />');
+		      '</span><br />');
 	    $r->print(&done(undef,$url,$group));
 	    return;
     }
@@ -827,16 +1541,16 @@ sub createdir {
         }
     }
     if ($found_file){
-    	    $r->print('<font color="red"> Unable to create a directory named <strong>'.$newdir.
-    	            ' </strong>a file or directory by that name already exists.</font><br />');
+    	    $r->print('<span class="LC_error">'.'Unable to create a directory named <strong>'.$newdir.
+    	            ' </strong>a file or directory by that name already exists.</span><br />');
     } else {
         my ($uname,$udom) = &get_name_dom($group);
         my $port_path = &get_port_path($group);
         my $result=&Apache::lonnet::mkdiruserfile($uname,$udom,
 	         $port_path.$env{'form.currentpath'}.$newdir);
         if ($result ne 'ok') {
-    	    $r->print('<font color="red"> An errror occured ('.$result.
-	    	      ') while trying to create a new directory '.&display_file().'</font><br />');
+    	    $r->print('<span class="LC_error">'.'An errror occured ('.$result.
+	    	      ') while trying to create a new directory '.&display_file().'</span><br />');
         }
     }
     if ($newdir ne $env{'form.newdir'}) {
@@ -880,7 +1594,7 @@ sub get_name_dom {
 sub prepend_group {
     my ($filename,$group) = @_;
     if (defined($group)) {
-        $filename = $group.'/'.$filename;
+        $filename = $group.$filename;
     }
     return $filename;
 }
@@ -906,17 +1620,50 @@ sub get_port_path {
     return $port_path;
 }
 
+sub missing_priv {
+    my ($r,$url,$priv,$group) = @_;
+    my $longtext = {
+                      upload => 'upload files',
+                      delete => 'delete files',
+                      rename => 'rename files',
+                      setacl => 'set access controls for files',
+                   };
+    my $escpath = &HTML::Entities::encode($env{'form.currentpath'},'&<>"');
+    my $rtnlink = '<a href="'.$url;
+    if ($url =~ /\?/) {
+        $rtnlink .= '&';
+    } else {
+        $rtnlink .= '?';
+    }
+    $rtnlink .= 'currentpath='.$escpath;
+    $r->print(&mt('<h3>Action disallowed</h3>'));
+    $r->print(&mt('You do not have sufficient privileges to [_1] ',
+                  $longtext->{$priv}));
+    if ($group) {
+        $r->print(&mt("in the group's file repository."));
+        $rtnlink .= '&group='.$group;
+    } else {
+        $r->print(&mt('in this portfolio.'));
+    }
+    $rtnlink .= '">'.&mt('Return to directory listing page').'</a>';
+    $r->print('<br />'.$rtnlink);
+    $r->print(&Apache::loncommon::end_page());
+    return;
+}
+
 sub handler {
     # this handles file management
     my $r = shift;
     &Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'},
-         ['selectfile','currentpath','meta','lockinfo','currentfile',
-	  'action','fieldname','mode','rename','continue','group','access']);
+         ['selectfile','currentpath','meta','lockinfo','currentfile','action',
+	  'fieldname','mode','rename','continue','group','access','setnum',
+          'cnum','cdom','type','setroles']);
     my ($uname,$udom,$portfolio_root,$url,$group,$caller,$title);
     if ($r->uri =~ m|^(/adm/)([^/]+)|) {
         $url = $1.$2;
         $caller = $2;
     }
+    my ($can_modify,$can_delete,$can_upload,$can_setacl);
     if ($caller eq 'coursegrp_portfolio') {
     #  Needs to be in a course
         if (! ($env{'request.course.fn'})) {
@@ -939,7 +1686,7 @@ sub handler {
                                       $env{'request.course.id'}.'/'.$group))) {
                     $portfolio_root = &get_portfolio_root($group);
                 } else {
-                    $r->print('You do not have the privileges required to access the shared files space for this group');
+                    $r->print('You do not have the privileges required to access the shared files space for this group.');
                     $earlyout = 1;
                 }
             } else {
@@ -952,10 +1699,26 @@ sub handler {
             $earlyout = 1;
         }
         if ($earlyout) { return OK; }
+        if (&Apache::lonnet::allowed('agf',$env{'request.course.id'}.'/'.$group)) {
+            $can_setacl = 1;
+        }
+        if (&Apache::lonnet::allowed('ugf',$env{'request.course.id'}.'/'.$group)) {
+            $can_upload = 1;
+        }
+        if (&Apache::lonnet::allowed('mgf',$env{'request.course.id'}.'/'.$group)) {
+            $can_modify = 1;
+        }
+        if (&Apache::lonnet::allowed('dgf',$env{'request.course.id'}.'/'.$group)) {
+            $can_delete = 1;
+        }
     } else {
         ($uname,$udom) = &get_name_dom();
         $portfolio_root = &get_portfolio_root();
         $title = &mt('Portfolio Manager');
+        $can_modify = 1;
+        $can_delete = 1;
+        $can_upload = 1;
+        $can_setacl = 1;
     }
 
     &Apache::loncommon::no_cache($r);
@@ -965,14 +1728,19 @@ sub handler {
     if ($env{"form.mode"} eq 'selectfile'){
         $r->print(&Apache::loncommon::start_page($title,undef,
 						 {'only_body' => 1}));
+    } elsif ($env{'form.action'} eq 'rolepicker') {
+        $r->print(&Apache::loncommon::start_page('New role-based condition',undef,
+                                                 {'no_nav_bar'  => 1, }));
     } else {
         $r->print(&Apache::loncommon::start_page($title));
     }
     $r->rflush();
 	if (($env{'form.storeupl'}) & (!$env{'form.uploaddoc.filename'})){
-   	    $r->print('<font color="red"> No file was selected to upload.'.
-   	            'To upload a file, click <strong>Browse...</strong>'.
-   	            ', select a file, then click <strong>Upload</strong>,</font>');
+   	    $r->print('<span class="LC_error">'.
+		      'No file was selected to upload.'.
+		      'To upload a file, click <strong>Browse...</strong>'.
+		      ', select a file, then click <strong>Upload</strong>.'.
+		      '</span>');
 	}
     if ($env{'form.meta'}) {
         &open_form($r,$url);
@@ -984,29 +1752,71 @@ sub handler {
     }
 
     if ($env{'form.uploaddoc.filename'}) {
-	&upload($r,$url,$group);
+        if ($can_upload) {
+	    &upload($r,$url,$group);
+        } else {
+            &missing_priv($r,$url,'upload',$group),
+        }
     } elsif ($env{'form.action'} eq 'delete' && $env{'form.confirmed'}) {
-	&delete_confirmed($r,$url,$group);
+        if ($can_delete) {
+	    &delete_confirmed($r,$url,$group);
+        } else {
+            &missing_priv($r,$url,'delete',$group);
+        }
     } elsif ($env{'form.action'} eq 'delete') {
-	&delete($r,$url,$group);
+        if ($can_delete) {
+	    &delete($r,$url,$group);
+        } else {
+            &missing_priv($r,$url,'delete',$group);
+        }
     } elsif ($env{'form.action'} eq 'deletedir' && $env{'form.confirmed'}) {
-	&delete_dir_confirmed($r,$url,$group);
-    } elsif ($env{'form.action'} eq 'deletedir'){
-	&delete_dir($r,$url,$group);
+        if ($can_delete) {
+	    &delete_dir_confirmed($r,$url,$group);
+        } else {
+            &missing_priv($r,$url,'delete',$group);
+        }
+    } elsif ($env{'form.action'} eq 'deletedir') {
+        if ($can_delete) {
+	    &delete_dir($r,$url,$group);
+        } else {
+            &missing_priv($r,$url,'delete',$group);
+        }
     } elsif ($env{'form.action'} eq 'rename' && $env{'form.confirmed'}) {
-	&rename_confirmed($r,$url,$group);
+        if ($can_modify) {
+	    &rename_confirmed($r,$url,$group);
+        } else {
+            &missing_priv($r,$url,'rename',$group);
+        }
     } elsif ($env{'form.rename'}) {
         $env{'form.selectfile'} = $env{'form.rename'};
         $env{'form.action'} = 'rename';
-	&rename($r,$url,$group);
+        if ($can_modify) {
+	    &rename($r,$url,$group);
+        } else {
+            &missing_priv($r,$url,'rename',$group);
+        }
     } elsif ($env{'form.access'}) {
         $env{'form.selectfile'} = $env{'form.access'};
         $env{'form.action'} = 'chgaccess';
-        &display_access($r,$url,$group);
+        &display_access($r,$url,$group,$can_setacl);
     } elsif ($env{'form.action'} eq 'chgaccess') {
-        &update_access($r,$url,$group);
+        if ($can_setacl) {
+            &update_access($r,$url,$group);
+        } else {
+            &missing_priv($r,$url,'setacl',$group);
+        }
+    } elsif ($env{'form.action'} eq 'rolepicker') {
+        if ($can_setacl) { 
+            &role_options_window($r);
+        } else {
+            &missing_priv($r,$url,'setacl',$group);
+        }
     } elsif ($env{'form.createdir'}) {
-	&createdir($r,$url,$group);
+        if ($can_upload) {
+	    &createdir($r,$url,$group);
+        } else {
+            &missing_priv($r,$url,'upload',$group);
+        }
     } elsif ($env{'form.lockinfo'}) {
         &lock_info($r,$url,$group);
     } else {
@@ -1035,11 +1845,14 @@ sub handler {
         }
 	# need to know if directory is empty so it can be removed if desired
 	my $is_empty=(@dir_list == 2);
-	&display_common($r,$url,$current_path,$is_empty,\@dir_list,$group);
-        &display_directory($r,$url,$current_path,$is_empty,\@dir_list,$group);
+	&display_common($r,$url,$current_path,$is_empty,\@dir_list,$group,
+                        $can_upload);
+        &display_directory($r,$url,$current_path,$is_empty,\@dir_list,$group,
+                           $can_upload,$can_modify,$can_delete,$can_setacl);
 	$r->print(&Apache::loncommon::end_page());
     }
     return OK;
 }
+
 1;
 __END__

'); + $r->print(' '.&mt('Public access:').' '.$publictext.' '); $r->print(&Apache::loncommon::start_data_table()); + $r->print(&Apache::loncommon::start_data_table_header_row()); + $r->print('	'.&mt('Action').'	'.&mt('Dates available').'	'.&mt('Access Type').'	'. - &mt('Settings').'	Public '.$publictext.'	'); - $r->print(&Apache::loncommon::start_data_table()); - $r->print(&Apache::loncommon::start_data_table_row()); - my ($pub_startdate,$pub_enddate,$pub_action,$pub_noend); if ($public) { - my ($num,$end,$start) = ($public =~ /^([^:]+):[a-z]+_(\d)_?(\d)$/); - if ($end == 0) { - $pub_noend = 'checked="checked"'; - } - $pub_action = '	- '.&mt('Delete').' - - '.&mt('Update'). - ''. - '	'.&actionbox('old',$publicnum,'public').'	'. + &dateboxes($publicnum,$start{$public},$end{$public}).'	'.&actionbox('new','0','public').'	'. + &dateboxes('0',$now,$then).'	'.$pub_action.'	'.&mt('Start: ').$pub_startdate. - ' '.&mt('End: ').$pub_enddate.'	'); + $r->print(' '.&mt('Passphrase-protected access:').' '.$guesttext.' '); + $r->print(&Apache::loncommon::start_data_table()); + $r->print(&Apache::loncommon::start_data_table_header_row()); + $r->print('	'.&mt('Action').'	'.&mt('Dates available'). + '	'. &mt('Passphrase').'	'.&actionbox('old',$guestnum,'guest').'	'. + &dateboxes($guestnum,$start{$guest},$end{$guest}).'	'.&actionbox('new','1','guest').'	'. + &dateboxes('1',$now,$then).'

'); + #&access_element($r,'domains',\%acl_count,\@domains,$access_controls,$now,$then); + #$r->print('		'); + #&access_element($r,'users',\%acl_count,\@users,$access_controls,$now,$then); + #$r->print('

'); + #} else { + # $r->print('			'); + #} + #&access_element($r,'course',\%acl_count,\@courses,$access_controls,$now,$then); + #$r->print('

'); + #} else { + # $r->print('				'); + #} + #&access_element($r,'group',\%acl_count,\@groups,$access_controls,$now,$then); + $r->print('