--- loncom/interface/loncreateuser.pm	2009/11/18 20:01:36	1.326
+++ loncom/interface/loncreateuser.pm	2009/12/15 05:14:13	1.329.2.1
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Create a user
 #
-# $Id: loncreateuser.pm,v 1.326 2009/11/18 20:01:36 raeburn Exp $
+# $Id: loncreateuser.pm,v 1.329.2.1 2009/12/15 05:14:13 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -1028,10 +1028,24 @@ sub print_user_modification_page {
 <input type="hidden" name="pres_type"   value="" />
 <input type="hidden" name="pres_marker" value="" />
 ENDFORMINFO
-    my %inccourses;
-    foreach my $key (keys(%env)) {
-	if ($key=~/^user\.priv\.cm\.\/($match_domain)\/($match_username)/) {
-	    $inccourses{$1.'_'.$2}=1;
+    my (%inccourses,$roledom);
+    if ($context eq 'course') {
+        $inccourses{$env{'request.course.id'}}=1;
+        $roledom = $env{'course.'.$env{'request.course.id'}.'.domain'};
+    } elsif ($context eq 'author') {
+        $roledom = $env{'request.role.domain'};
+    } elsif ($context eq 'domain') {
+        foreach my $key (keys(%env)) {
+            $roledom = $env{'request.role.domain'};
+            if ($key=~/^user\.priv\.cm\.\/($roledom)\/($match_username)/) {
+                $inccourses{$1.'_'.$2}=1;
+            }
+        }
+    } else {
+        foreach my $key (keys(%env)) {
+	    if ($key=~/^user\.priv\.cm\.\/($match_domain)\/($match_username)/) {
+	        $inccourses{$1.'_'.$2}=1;
+            }
         }
     }
     if ($newuser) {
@@ -1268,10 +1282,10 @@ ENDNOTOOLSPRIV
         }
         $r->print('</div><div class="LC_clear_float_footer"></div>');
         if ($env{'form.action'} ne 'singlestudent') {
-            &display_existing_roles($r,$ccuname,$ccdomain,\%inccourses);
+            &display_existing_roles($r,$ccuname,$ccdomain,\%inccourses,$context,
+                                    $roledom,$crstype);
         }
     } ## End of new user/old user logic
-
     if ($env{'form.action'} eq 'singlestudent') {
         my $btntxt;
         if ($crstype eq 'Community') {
@@ -1389,13 +1403,9 @@ sub validation_javascript {
 }
 
 sub display_existing_roles {
-    my ($r,$ccuname,$ccdomain,$inccourses) = @_;
-    my %rolesdump=&Apache::lonnet::dump('roles',$ccdomain,$ccuname);
-    # Build up table of user roles to allow revocation and re-enabling of roles.
-    my ($tmp) = keys(%rolesdump);
-    if ($tmp !~ /^(con_lost|error)/i) {
-        my $now=time;
-        my %lt=&Apache::lonlocal::texthash(
+    my ($r,$ccuname,$ccdomain,$inccourses,$context,$roledom,$crstype) = @_;
+    my $now=time;
+    my %lt=&Apache::lonlocal::texthash(
                     'rer'  => "Existing Roles",
                     'rev'  => "Revoke",
                     'del'  => "Delete",
@@ -1405,198 +1415,255 @@ sub display_existing_roles {
                     'sta'  => "Start",
                     'end'  => "End",
                                        );
-        my (%roletext,%sortrole,%roleclass,%rolepriv);
-        foreach my $area (sort { my $a1=join('_',(split('_',$a))[1,0]);
-                                    my $b1=join('_',(split('_',$b))[1,0]);
-                                    return $a1 cmp $b1;
-                                } keys(%rolesdump)) {
-            next if ($area =~ /^rolesdef/);
-            my $envkey=$area;
-            my $role = $rolesdump{$area};
-            my $thisrole=$area;
-            $area =~ s/\_\w\w$//;
-            my ($role_code,$role_end_time,$role_start_time) =
-                split(/_/,$role);
+    my (%rolesdump,%roletext,%sortrole,%roleclass,%rolepriv);
+    if ($context eq 'course' || $context eq 'author') {
+        my @roles = &Apache::lonuserutils::roles_by_context($context,1,$crstype);
+        my %roleshash = 
+            &Apache::lonnet::get_my_roles($ccuname,$ccdomain,'userroles',
+                              ['active','previous','future'],\@roles,$roledom,1);
+        foreach my $key (keys(%roleshash)) {
+            my ($start,$end) = split(':',$roleshash{$key});
+            next if ($start eq '-1' || $end eq '-1');
+            my ($rnum,$rdom,$role,$sec) = split(':',$key);
+            if ($context eq 'course') {
+                next unless (($rnum eq $env{'course.'.$env{'request.course.id'}.'.num'})
+                             && ($rdom eq $env{'course.'.$env{'request.course.id'}.'.domain'}));
+            } elsif ($context eq 'author') {
+                next unless (($rnum eq $env{'user.name'}) && ($rdom eq $env{'request.role.domain'}));
+            }
+            my ($newkey,$newvalue,$newrole);
+            $newkey = '/'.$rdom.'/'.$rnum;
+            if ($sec ne '') {
+                $newkey .= '/'.$sec;
+            }
+            $newvalue = $role;
+            if ($role =~ /^cr/) {
+                $newrole = 'cr';
+            } else {
+                $newrole = $role;
+            }
+            $newkey .= '_'.$newrole;
+            if ($start ne '' && $end ne '') {
+                $newvalue .= '_'.$end.'_'.$start;
+            }
+            $rolesdump{$newkey} = $newvalue;
+        }
+    } else {
+        %rolesdump=&Apache::lonnet::dump('roles',$ccdomain,$ccuname);
+    }
+    # Build up table of user roles to allow revocation and re-enabling of roles.
+    my ($tmp) = keys(%rolesdump);
+    return if ($tmp =~ /^(con_lost|error)/i);
+    foreach my $area (sort { my $a1=join('_',(split('_',$a))[1,0]);
+                                my $b1=join('_',(split('_',$b))[1,0]);
+                                return $a1 cmp $b1;
+                            } keys(%rolesdump)) {
+        next if ($area =~ /^rolesdef/);
+        my $envkey=$area;
+        my $role = $rolesdump{$area};
+        my $thisrole=$area;
+        $area =~ s/\_\w\w$//;
+        my ($role_code,$role_end_time,$role_start_time) =
+            split(/_/,$role);
 # Is this a custom role? Get role owner and title.
-            my ($croleudom,$croleuname,$croletitle)=
-                ($role_code=~m{^cr/($match_domain)/($match_username)/(\w+)$});
-            my $allowed=0;
-            my $delallowed=0;
-            my $sortkey=$role_code;
-            my $class='Unknown';
-            if ($area =~ m{^/($match_domain)/($match_courseid)} ) {
-                $class='Course';
-                my ($coursedom,$coursedir) = ($1,$2);
-                $sortkey.="\0$coursedom";
-                # $1.'_'.$2 is the course id (eg. 103_12345abcef103l3).
-                my %coursedata=
-                    &Apache::lonnet::coursedescription($1.'_'.$2);
-                my $carea;
-                if (defined($coursedata{'description'})) {
-                    $carea=$coursedata{'description'}.
-                        '<br />'.&mt('Domain').': '.$coursedom.('&nbsp;'x8).
-     &Apache::loncommon::syllabuswrapper(&mt('Syllabus'),$coursedir,$coursedom);
-                    $sortkey.="\0".$coursedata{'description'};
-                    $class=$coursedata{'type'};
+        my ($croleudom,$croleuname,$croletitle)=
+            ($role_code=~m{^cr/($match_domain)/($match_username)/(\w+)$});
+        my $allowed=0;
+        my $delallowed=0;
+        my $sortkey=$role_code;
+        my $class='Unknown';
+        if ($area =~ m{^/($match_domain)/($match_courseid)} ) {
+            $class='Course';
+            my ($coursedom,$coursedir) = ($1,$2);
+            my $cid = $1.'_'.$2;
+            # $1.'_'.$2 is the course id (eg. 103_12345abcef103l3).
+            my %coursedata=
+                &Apache::lonnet::coursedescription($cid);
+            if ($coursedir =~ /^$match_community$/) {
+                $class='Community';
+            }
+            $sortkey.="\0$coursedom";
+            my $carea;
+            if (defined($coursedata{'description'})) {
+                $carea=$coursedata{'description'}.
+                    '<br />'.&mt('Domain').': '.$coursedom.('&nbsp;'x8).
+    &Apache::loncommon::syllabuswrapper(&mt('Syllabus'),$coursedir,$coursedom);
+                $sortkey.="\0".$coursedata{'description'};
+            } else {
+                if ($class eq 'Community') {
+                    $carea=&mt('Unavailable community').': '.$area;
+                    $sortkey.="\0".&mt('Unavailable community').': '.$area;
                 } else {
                     $carea=&mt('Unavailable course').': '.$area;
                     $sortkey.="\0".&mt('Unavailable course').': '.$area;
                 }
-                $sortkey.="\0$coursedir";
-                $inccourses->{$1.'_'.$2}=1;
-                if ((&Apache::lonnet::allowed('c'.$role_code,$1.'/'.$2)) ||
-                    (&Apache::lonnet::allowed('c'.$role_code,$ccdomain))) {
-                    $allowed=1;
-                }
-                if ((&Apache::lonnet::allowed('dro',$1)) ||
-                    (&Apache::lonnet::allowed('dro',$ccdomain))) {
-                    $delallowed=1;
+            }
+            $sortkey.="\0$coursedir";
+            $inccourses->{$cid}=1;
+            if ((&Apache::lonnet::allowed('c'.$role_code,$coursedom.'/'.$coursedir)) ||
+                (&Apache::lonnet::allowed('c'.$role_code,$ccdomain))) {
+                $allowed=1;
+            }
+            unless ($allowed) {
+                my $isowner = &is_courseowner($cid,$coursedata{'internal.courseowner'});
+                if ($isowner) {
+                    if (($role_code eq 'co') && ($class eq 'Community')) {
+                        $allowed = 1;
+                    } elsif (($role_code eq 'cc') && ($class eq 'Course')) {
+                        $allowed = 1;
+                    }
                 }
+            } 
+            if ((&Apache::lonnet::allowed('dro',$coursedom)) ||
+                (&Apache::lonnet::allowed('dro',$ccdomain))) {
+                $delallowed=1;
+            }
 # - custom role. Needs more info, too
-                if ($croletitle) {
-                    if (&Apache::lonnet::allowed('ccr',$1.'/'.$2)) {
-                        $allowed=1;
-                        $thisrole.='.'.$role_code;
-                    }
+            if ($croletitle) {
+                if (&Apache::lonnet::allowed('ccr',$coursedom.'/'.$coursedir)) {
+                    $allowed=1;
+                    $thisrole.='.'.$role_code;
                 }
-                # Compute the background color based on $area
-                if ($area=~m{^/($match_domain)/($match_courseid)/(\w+)}) {
-                    $carea.='<br />Section: '.$3;
-                    $sortkey.="\0$3";
-                    if (!$allowed) {
-                        if ($env{'request.course.sec'} eq $3) {
-                            if (&Apache::lonnet::allowed('c'.$role_code,$1.'/'.$2.'/'.$3)) {
-                                $allowed = 1;
-                            }
+            }
+            if ($area=~m{^/($match_domain)/($match_courseid)/(\w+)}) {
+                $carea.='<br />Section: '.$3;
+                $sortkey.="\0$3";
+                if (!$allowed) {
+                    if ($env{'request.course.sec'} eq $3) {
+                        if (&Apache::lonnet::allowed('c'.$role_code,$1.'/'.$2.'/'.$3)) {
+                            $allowed = 1;
                         }
                     }
                 }
-                $area=$carea;
-            } else {
-                $sortkey.="\0".$area;
-                # Determine if current user is able to revoke privileges
-                if ($area=~m{^/($match_domain)/}) {
-                    if ((&Apache::lonnet::allowed('c'.$role_code,$1)) ||
-                       (&Apache::lonnet::allowed('c'.$role_code,$ccdomain))) {
-                        $allowed=1;
-                    }
-                    if (((&Apache::lonnet::allowed('dro',$1))  ||
-                         (&Apache::lonnet::allowed('dro',$ccdomain))) &&
-                        ($role_code ne 'dc')) {
-                        $delallowed=1;
-                    }
-                } else {
-                    if (&Apache::lonnet::allowed('c'.$role_code,'/')) {
-                        $allowed=1;
-                    }
+            }
+            $area=$carea;
+        } else {
+            $sortkey.="\0".$area;
+            # Determine if current user is able to revoke privileges
+            if ($area=~m{^/($match_domain)/}) {
+                if ((&Apache::lonnet::allowed('c'.$role_code,$1)) ||
+                   (&Apache::lonnet::allowed('c'.$role_code,$ccdomain))) {
+                   $allowed=1;
                 }
-                if ($role_code eq 'ca' || $role_code eq 'au') {
-                    $class='Construction Space';
-                } elsif ($role_code eq 'su') {
-                    $class='System';
-                } else {
-                    $class='Domain';
+                if (((&Apache::lonnet::allowed('dro',$1))  ||
+                    (&Apache::lonnet::allowed('dro',$ccdomain))) &&
+                    ($role_code ne 'dc')) {
+                    $delallowed=1;
                 }
-            }
-            if (($role_code eq 'ca') || ($role_code eq 'aa')) {
-                $area=~m{/($match_domain)/($match_username)};
-                if (&Apache::lonuserutils::authorpriv($2,$1)) {
+            } else {
+                if (&Apache::lonnet::allowed('c'.$role_code,'/')) {
                     $allowed=1;
-                } else {
-                    $allowed=0;
                 }
             }
-            my $row = '';
-            $row.= '<td>';
-            my $active=1;
-            $active=0 if (($role_end_time) && ($now>$role_end_time));
-            if (($active) && ($allowed)) {
-                $row.= '<input type="checkbox" name="rev:'.$thisrole.'" />';
+            if ($role_code eq 'ca' || $role_code eq 'au') {
+                $class='Construction Space';
+            } elsif ($role_code eq 'su') {
+                $class='System';
             } else {
-                if ($active) {
-                   $row.='&nbsp;';
-                } else {
-                   $row.=&mt('expired or revoked');
-                }
+                $class='Domain';
             }
-            $row.='</td><td>';
-            if ($allowed && !$active) {
-                $row.= '<input type="checkbox" name="ren:'.$thisrole.'" />';
+        }
+        if (($role_code eq 'ca') || ($role_code eq 'aa')) {
+            $area=~m{/($match_domain)/($match_username)};
+            if (&Apache::lonuserutils::authorpriv($2,$1)) {
+                $allowed=1;
             } else {
-                $row.='&nbsp;';
+                $allowed=0;
             }
-            $row.='</td><td>';
-            if ($delallowed) {
-                $row.= '<input type="checkbox" name="del:'.$thisrole.'" />';
+        }
+        my $row = '';
+        $row.= '<td>';
+        my $active=1;
+        $active=0 if (($role_end_time) && ($now>$role_end_time));
+        if (($active) && ($allowed)) {
+            $row.= '<input type="checkbox" name="rev:'.$thisrole.'" />';
+        } else {
+            if ($active) {
+               $row.='&nbsp;';
             } else {
-                $row.='&nbsp;';
+               $row.=&mt('expired or revoked');
             }
-            my $plaintext='';
-            if (!$croletitle) {
-                $plaintext=&Apache::lonnet::plaintext($role_code,$class)
-            } else {
-                $plaintext=
+        }
+        $row.='</td><td>';
+        if ($allowed && !$active) {
+            $row.= '<input type="checkbox" name="ren:'.$thisrole.'" />';
+        } else {
+            $row.='&nbsp;';
+        }
+        $row.='</td><td>';
+        if ($delallowed) {
+            $row.= '<input type="checkbox" name="del:'.$thisrole.'" />';
+        } else {
+            $row.='&nbsp;';
+        }
+        my $plaintext='';
+        if (!$croletitle) {
+            $plaintext=&Apache::lonnet::plaintext($role_code,$class)
+        } else {
+            $plaintext=
         "Customrole '$croletitle'<br />defined by $croleuname\@$croleudom";
+        }
+        $row.= '</td><td>'.$plaintext.
+               '</td><td>'.$area.
+               '</td><td>'.($role_start_time?&Apache::lonlocal::locallocaltime($role_start_time)
+                                            : '&nbsp;' ).
+               '</td><td>'.($role_end_time  ?&Apache::lonlocal::locallocaltime($role_end_time)
+                                            : '&nbsp;' )
+               ."</td>";
+        $sortrole{$sortkey}=$envkey;
+        $roletext{$envkey}=$row;
+        $roleclass{$envkey}=$class;
+        $rolepriv{$envkey}=$allowed;
+    } # end of foreach        (table building loop)
+
+    my $rolesdisplay = 0;
+    my %output = ();
+    foreach my $type ('Construction Space','Course','Community','Domain','System','Unknown') {
+        $output{$type} = '';
+        foreach my $which (sort {uc($a) cmp uc($b)} (keys(%sortrole))) {
+            if ( ($roleclass{$sortrole{$which}} =~ /^\Q$type\E/ ) && ($rolepriv{$sortrole{$which}}) ) {
+                 $output{$type}.=
+                      &Apache::loncommon::start_data_table_row().
+                      $roletext{$sortrole{$which}}.
+                      &Apache::loncommon::end_data_table_row();
             }
-            $row.= '</td><td>'.$plaintext.
-                   '</td><td>'.$area.
-                   '</td><td>'.($role_start_time?&Apache::lonlocal::locallocaltime($role_start_time)
-                                                : '&nbsp;' ).
-                   '</td><td>'.($role_end_time  ?&Apache::lonlocal::locallocaltime($role_end_time)
-                                                : '&nbsp;' )
-                   ."</td>";
-            $sortrole{$sortkey}=$envkey;
-            $roletext{$envkey}=$row;
-            $roleclass{$envkey}=$class;
-            $rolepriv{$envkey}=$allowed;
-            #$r->print($row);
-        } # end of foreach        (table building loop)
-        my $rolesdisplay = 0;
-        my %output = ();
-        foreach my $type ('Construction Space','Course','Community','Domain','System','Unknown') {
-            $output{$type} = '';
-            foreach my $which (sort {uc($a) cmp uc($b)} (keys(%sortrole))) {
-                if ( ($roleclass{$sortrole{$which}} =~ /^\Q$type\E/ ) && ($rolepriv{$sortrole{$which}}) ) {
-                    $output{$type}.=
-                          &Apache::loncommon::start_data_table_row().
-                          $roletext{$sortrole{$which}}.
-                          &Apache::loncommon::end_data_table_row();
-                }
-            }
-            unless($output{$type} eq '') {
-                $output{$type} = '<tr class="LC_info_row">'.
-                          "<td align='center' colspan='7'>".&mt($type)."</td></tr>".
-                           $output{$type};
-                $rolesdisplay = 1;
-            }
-        }
-        if ($rolesdisplay == 1) {
-            my $contextrole='';
-            if ($env{'request.course.id'}) {
-                my $crstype = &Apache::loncommon::course_type();
-                $contextrole = "Existing Roles in this $crstype";
-            } elsif ($env{'request.role'} =~ /^au\./) {
-                $contextrole = 'Existing Co-Author Roles in your Construction Space';
+        }
+        unless($output{$type} eq '') {
+            $output{$type} = '<tr class="LC_info_row">'.
+                      "<td align='center' colspan='7'>".&mt($type)."</td></tr>".
+                      $output{$type};
+            $rolesdisplay = 1;
+        }
+    }
+    if ($rolesdisplay == 1) {
+        my $contextrole='';
+        if ($env{'request.course.id'}) {
+            if (&Apache::loncommon::course_type() eq 'Community') {
+                $contextrole = &mt('Existing Roles in this Community');
             } else {
-                $contextrole = 'Existing Roles in this Domain';
+                $contextrole = &mt('Existing Roles in this Course');
             }
-            $r->print('
+        } elsif ($env{'request.role'} =~ /^au\./) {
+            $contextrole = &mt('Existing Co-Author Roles in your Construction Space');
+        } else {
+            $contextrole = &mt('Existing Roles in this Domain');
+        }
+        $r->print('
 <h3>'.$lt{'rer'}.'</h3>'.
-'<div>'.&mt($contextrole).'</div>'.
+'<div>'.$contextrole.'</div>'.
 &Apache::loncommon::start_data_table("LC_createuser").
 &Apache::loncommon::start_data_table_header_row().
 '<th>'.$lt{'rev'}.'</th><th>'.$lt{'ren'}.'</th><th>'.$lt{'del'}.
 '</th><th>'.$lt{'rol'}.'</th><th>'.$lt{'ext'}.
 '</th><th>'.$lt{'sta'}.'</th><th>'.$lt{'end'}.'</th>'.
 &Apache::loncommon::end_data_table_header_row());
-           foreach my $type ('Construction Space','Course','Community','Domain','System','Unknown') {
-                if ($output{$type}) {
-                    $r->print($output{$type}."\n");
-                }
+        foreach my $type ('Construction Space','Course','Community','Domain','System','Unknown') {
+            if ($output{$type}) {
+                $r->print($output{$type}."\n");
             }
-            $r->print(&Apache::loncommon::end_data_table());
         }
-    }  # End of check for keys in rolesdump
+        $r->print(&Apache::loncommon::end_data_table());
+    }
     return;
 }
 
@@ -4251,6 +4318,9 @@ END
 #  Menu Phase One
 sub print_main_menu {
     my ($permission,$context,$crstype) = @_;
+    if (($context eq 'course') && (&Apache::loncommon::needs_gci_custom())) {
+        return &print_gci_main_menu($permission,$context,$crstype)
+    }
     my $linkcontext = $context;
     my $stuterm = lc(&Apache::lonnet::plaintext('st',$crstype));
     if (($context eq 'course') && ($crstype eq 'Community')) {
@@ -4417,7 +4487,7 @@ sub print_main_menu {
              linktitle => $linktitle{$crstype}{'groups'},
             },
             {
-             linktext => 'Change Logs',
+             linktext => 'Change Log',
              icon => 'document-properties.png',
              #help => 'Course_User_Logs',
              url => '/adm/createuser?action=changelogs',
@@ -4472,6 +4542,82 @@ return Apache::lonhtmlcommon::generate_m
 #               });
 }
 
+sub print_gci_main_menu {
+    my ($permission,$context,$crstype) = @_;
+    my $stuterm = lc(&Apache::lonnet::plaintext('st',$crstype));
+    my ($cnum,$cdom) = &Apache::lonuserutils::get_course_identity();
+    my %links = (
+        course => {
+                    single     => 'Add/Modify a Student',
+                    drop       => 'Drop Students',
+                    upload     => 'Upload a File of Course Users',
+                    singleuser => 'Add/Modify a Course User',
+                    listusers  => 'Manage Course Users',
+                  },
+     );
+     my %linktitles = (
+        course => {
+                    singleuser => 'Add a user with a certain role to this course.',
+                    listusers  => 'Show and manage users in this course.',
+                    single     => 'Add a user with the role of student to this course',
+                    drop       => 'Remove a student from this course.',
+                    upload     => 'Upload a CSV or a text file containing users.', 
+                  },
+    );
+    my @menu = ( {categorytitle => 'Manage Users',
+         items =>
+         [
+            {
+             linktext => $links{$context}{'single'},
+             #help => 'Course_Add_Student',
+             icon => 'list-add.png',
+             url => '/adm/createuser?action=singlestudent',
+             permission => $permission->{'cusr'},
+             linktitle => $linktitles{$context}{'single'},
+
+            },
+            {
+             linktext => $links{$context}{'drop'},
+             icon => 'edit-undo.png',
+             #help => 'Course_Drop_Student',
+             url => '/adm/createuser?action=drop',
+             permission => $permission->{'cusr'},
+             linktitle => $linktitles{$context}{'drop'},
+            },
+            {
+             linktext => $links{$context}{'upload'},
+             icon => 'sctr.png',
+             #help => 'Course_Create_Class_List',
+             url => '/adm/createuser?action=upload',
+             permission => $permission->{'cusr'},
+             linktitle => $linktitles{$context}{'upload'},
+            },
+            {
+             linktext => $links{$context}{'listusers'},
+             icon => 'edit-find.png',
+             #help => 'Course_View_Class_List',
+             url => '/adm/createuser?action=listusers',
+             permission => ($permission->{'view'} || $permission->{'cusr'}),
+             linktitle => $linktitles{$context}{'listusers'},
+            },
+         ]},
+         {categorytitle => 'Administration',
+         items => [ ]},
+    );
+
+    push(@{ $menu[1]->{items} }, #Category: Administration
+        {
+           linktext => 'Change Log',
+           icon => 'document-properties.png',
+           #help => 'Course_User_Logs',
+           url => '/adm/createuser?action=changelogs',
+           permission => $permission->{'cusr'},
+           linktitle => 'View change log.',
+         },
+    );
+    return Apache::lonhtmlcommon::generate_menu(@menu);
+}
+
 sub restore_prev_selections {
     my %saveable_parameters = ('srchby'   => 'scalar',
 			       'srchin'   => 'scalar',
@@ -5161,7 +5307,6 @@ sub print_userchangelogs_display {
     my %roleslog=&Apache::lonnet::dump('nohist_rolelog',$cdom,$cnum);
     if ((keys(%roleslog))[0]=~/^error\:/) { undef(%roleslog); }
 
-    $r->print('<form action="/adm/createuser" method="post" name="'.$formname.'">');
     my %saveable_parameters = ('show' => 'scalar',);
     &Apache::loncommon::store_course_settings('roles_log',
                                               \%saveable_parameters);
@@ -5196,7 +5341,6 @@ sub print_userchangelogs_display {
     }
     my (%whodunit,%changed,$version);
     ($version) = ($r->dir_config('lonVersion') =~ /^([\d\.]+)\-/);
-    $r->print(&role_display_filter($formname,$cdom,$cnum,\%curr,$version,$crstype));
     my ($minshown,$maxshown);
     $minshown = 1;
     my $count = 0;
@@ -5207,8 +5351,29 @@ sub print_userchangelogs_display {
         }
     }
 
-    # Collect user change log data
-    my $content = '';
+    # Form Header
+    $r->print('<form action="/adm/createuser" method="post" name="'.$formname.'">'.
+              &role_display_filter($formname,$cdom,$cnum,\%curr,$version,$crstype));
+
+    # Create navigation
+    my ($nav_script,$nav_links) = &userlogdisplay_nav($formname,\%curr,$more_records);
+    my $showntableheader = 0;
+
+    # Table Header
+    my $tableheader = 
+        &Apache::loncommon::start_data_table_header_row()
+       .'<th>&nbsp;</th>'
+       .'<th>'.&mt('When').'</th>'
+       .'<th>'.&mt('Who made the change').'</th>'
+       .'<th>'.&mt('Changed User').'</th>'
+       .'<th>'.&mt('Role').'</th>'
+       .'<th>'.&mt('Section').'</th>'
+       .'<th>'.&mt('Context').'</th>'
+       .'<th>'.&mt('Start').'</th>'
+       .'<th>'.&mt('End').'</th>'
+       .&Apache::loncommon::end_data_table_header_row();
+
+    # Display user change log data
     foreach my $id (sort { $roleslog{$b}{'exe_time'}<=>$roleslog{$a}{'exe_time'} } (keys(%roleslog))) {
         next if (($roleslog{$id}{'exe_time'} < $curr{'rolelog_start_date'}) ||
                  ($roleslog{$id}{'exe_time'} > $curr{'rolelog_end_date'}));
@@ -5230,7 +5395,14 @@ sub print_userchangelogs_display {
         }
         $count ++;
         next if ($count < $minshown);
-
+        unless ($showntableheader) {
+            $r->print($nav_script
+                     .$nav_links
+                     .&Apache::loncommon::start_data_table()
+                     .$tableheader);
+            $r->rflush();
+            $showntableheader = 1;
+        }
         if ($whodunit{$roleslog{$id}{'exe_uname'}.':'.$roleslog{$id}{'exe_udom'}} eq '') {
             $whodunit{$roleslog{$id}{'exe_uname'}.':'.$roleslog{$id}{'exe_udom'}} =
                 &Apache::loncommon::plainname($roleslog{$id}{'exe_uname'},$roleslog{$id}{'exe_udom'});
@@ -5269,7 +5441,7 @@ sub print_userchangelogs_display {
         if ($chgcontext ne '' && $lt{$chgcontext} ne '') {
             $chgcontext = $lt{$chgcontext};
         }
-        $content .=
+        $r->print(
             &Apache::loncommon::start_data_table_row()
            .'<td>'.$count.'</td>'
            .'<td>'.&Apache::lonlocal::locallocaltime($roleslog{$id}{'exe_time'}).'</td>'
@@ -5280,30 +5452,34 @@ sub print_userchangelogs_display {
            .'<td>'.$chgcontext.'</td>'
            .'<td>'.$rolestart.'</td>'
            .'<td>'.$roleend.'</td>'
-           .&Apache::loncommon::end_data_table_row();
+           .&Apache::loncommon::end_data_table_row()."\n");
     }
 
-    # Form Footer
-    my $form_footer =
-        '<input type="hidden" name="page" value="'.$curr{'page'}.'" />'
-       .'<input type="hidden" name="action" value="changelogs" />'
-       .'</form>';
-
-    # Only display table, if content is available (has been collected above)
-    if (!$content) {
+    if ($showntableheader) { # Table footer, if content displayed above
+        $r->print(&Apache::loncommon::end_data_table()
+                 .$nav_links);
+    } else { # No content displayed above
         $r->print('<p class="LC_info">'
                  .&mt('There are no records to display.')
                  .'</p>'
         );
-        $r->print($form_footer);
-        return;
     }
 
-    # Content to display, so create navigation and display table
+    # Form Footer
+    $r->print( 
+        '<input type="hidden" name="page" value="'.$curr{'page'}.'" />'
+       .'<input type="hidden" name="action" value="changelogs" />'
+       .'</form>');
+    return;
+}
 
-    # Create Navigation:
-    # Navigation Script
-    my $nav_script = <<"ENDSCRIPT";
+sub userlogdisplay_nav {
+    my ($formname,$curr,$more_records) = @_;
+    my ($nav_script,$nav_links);
+    if (ref($curr) eq 'HASH') {
+        # Create Navigation:
+        # Navigation Script
+        $nav_script = <<"ENDSCRIPT";
 <script type="text/javascript">
 // <![CDATA[
 function chgPage(caller) {
@@ -5313,57 +5489,31 @@ function chgPage(caller) {
     if (caller == 'next') {
         document.$formname.page.value ++;
     }
-    document.$formname.submit(); 
+    document.$formname.submit();
     return;
 }
 // ]]>
 </script>
 ENDSCRIPT
-    # Navigation Buttons
-    my $nav_links;
-    $nav_links = '<p>';
-    if (($curr{'page'} > 1) || ($more_records)) {
-        if ($curr{'page'} > 1) {
-            $nav_links .= '<input type="button"'
-                         .' onclick="javascript:chgPage('."'previous'".');"'
-                         .' value="'.&mt('Previous [_1] changes',$curr{'show'})
-                         .'" /> ';
-        }
-        if ($more_records) {
-            $nav_links .= '<input type="button"'
-                         .' onclick="javascript:chgPage('."'next'".');"'
-                         .' value="'.&mt('Next [_1] changes',$curr{'show'})
-                         .'" />';
+        # Navigation Buttons
+        $nav_links = '<p>';
+        if (($curr->{'page'} > 1) || ($more_records)) {
+            if ($curr->{'page'} > 1) {
+                $nav_links .= '<input type="button"'
+                             .' onclick="javascript:chgPage('."'previous'".');"'
+                             .' value="'.&mt('Previous [_1] changes',$curr->{'show'})
+                             .'" /> ';
+            }
+            if ($more_records) {
+                $nav_links .= '<input type="button"'
+                             .' onclick="javascript:chgPage('."'next'".');"'
+                             .' value="'.&mt('Next [_1] changes',$curr->{'show'})
+                             .'" />';
+            }
         }
+        $nav_links .= '</p>';
     }
-    $nav_links .= '</p>';
-
-    # Table Header
-    my $tableheader =
-        &Apache::loncommon::start_data_table_header_row()
-       .'<th>&nbsp;</th>'
-       .'<th>'.&mt('When').'</th>'
-       .'<th>'.&mt('Who made the change').'</th>'
-       .'<th>'.&mt('Changed User').'</th>'
-       .'<th>'.&mt('Role').'</th>'
-       .'<th>'.&mt('Section').'</th>'
-       .'<th>'.&mt('Context').'</th>'
-       .'<th>'.&mt('Start').'</th>'
-       .'<th>'.&mt('End').'</th>'
-       .&Apache::loncommon::end_data_table_header_row();
-
-    # Print Content
-    $r->print(
-        $nav_script
-       .$nav_links
-       .&Apache::loncommon::start_data_table()
-       .$tableheader
-       .$content
-       .&Apache::loncommon::end_data_table()
-       .$nav_links
-       .$form_footer
-    );
-    return;
+    return ($nav_script,$nav_links);
 }
 
 sub role_display_filter {
@@ -5972,10 +6122,11 @@ sub course_level_table {
             'end'  => "End"
     );
 
-    foreach my $protectedcourse (sort( keys(%inccourses))) {
+    foreach my $protectedcourse (sort(keys(%inccourses))) {
 	my $thiscourse=$protectedcourse;
 	$thiscourse=~s:_:/:g;
 	my %coursedata=&Apache::lonnet::coursedescription($thiscourse);
+        my $isowner = &is_courseowner($protectedcourse,$coursedata{'internal.courseowner'});
 	my $area=$coursedata{'description'};
         my $crstype=$coursedata{'type'};
 	if (!defined($area)) { $area=&mt('Unavailable course').': '.$protectedcourse; }
@@ -5990,9 +6141,10 @@ sub course_level_table {
         my @roles = &Apache::lonuserutils::roles_by_context('course','',$crstype);
 	foreach my $role (@roles) {
             my $plrole=&Apache::lonnet::plaintext($role,$crstype);
-	    if (&Apache::lonnet::allowed('c'.$role,$thiscourse)) {
+	    if ((&Apache::lonnet::allowed('c'.$role,$thiscourse)) ||
+                ((($role eq 'cc') || ($role eq 'co')) && ($isowner))) {
                 $table .= &course_level_row($protectedcourse,$role,$area,$domain,
-                                            $plrole,\%sections_count,\%lt);    
+                                            $plrole,\%sections_count,\%lt);
             } elsif ($env{'request.course.sec'} ne '') {
                 if (&Apache::lonnet::allowed('c'.$role,$thiscourse.'/'.
                                              $env{'request.course.sec'})) {
@@ -6495,6 +6647,21 @@ sub get_selfenroll_titles {
     return (\@row,\%lt);
 }
 
+sub is_courseowner {
+    my ($thiscourse,$courseowner) = @_;
+    if ($courseowner eq '') {
+        if ($env{'request.course.id'} eq $thiscourse) {
+            $courseowner = $env{'course.'.$env{'request.course.id'}.'.internal.courseowner'};
+        }
+    }
+    if ($courseowner ne '') {
+        if ($courseowner eq $env{'user.name'}.':'.$env{'user.domain'}) {
+                return 1;
+        }
+    }
+    return;
+}
+
 #---------------------------------------------- end functions for &phase_two
 
 #--------------------------------- functions for &phase_two and &phase_three