Index: lams_admin/conf/language/lams/ApplicationResources.properties
===================================================================
diff -u -r9ecda292b1506ae3b558454f565c15717d8eb5e8 -r5bcac6182758458fcd994b9bda8c6620a9493265
--- lams_admin/conf/language/lams/ApplicationResources.properties	(.../ApplicationResources.properties)	(revision 9ecda292b1506ae3b558454f565c15717d8eb5e8)
+++ lams_admin/conf/language/lams/ApplicationResources.properties	(.../ApplicationResources.properties)	(revision 5bcac6182758458fcd994b9bda8c6620a9493265)
@@ -588,6 +588,7 @@
 msg.delete.organisation.delete.lessons.confirm  =The course or one of its subcourses still contains lessons. They need to be permanently deleted first. You will be redirected to a page where you can do it.
 config.kumalive.enable  =Enable Kumalive
 audit.remarks  =Remarks
+config.allow.direct.access.for.integration.learners  =Allow direct access to main LAMS page for Integration Learners.
 
 
 #======= End labels: Exported 582 labels for en AU =====
Index: lams_build/lib/lams/lams.jar
===================================================================
diff -u -r57a0d71c06a535dbb678ecfcd15e62bc94ec8dbf -r5bcac6182758458fcd994b9bda8c6620a9493265
Binary files differ
Index: lams_central/conf/language/lams/ApplicationResources.properties
===================================================================
diff -u -r8f516ec9481b6ab34a5cd5e16fc3effc3115104e -r5bcac6182758458fcd994b9bda8c6620a9493265
--- lams_central/conf/language/lams/ApplicationResources.properties	(.../ApplicationResources.properties)	(revision 8f516ec9481b6ab34a5cd5e16fc3effc3115104e)
+++ lams_central/conf/language/lams/ApplicationResources.properties	(.../ApplicationResources.properties)	(revision 5bcac6182758458fcd994b9bda8c6620a9493265)
@@ -811,4 +811,5 @@
 authoring.tbl.desc.question=These questions are for iRA and tRA. Click "Create Question" to add more questions.	
 authoring.tbl.desc.ae=State the questions for AE. Click "Create Question" to add more questions.
 
+error.cannot.login.as.with.not.allow.direct.access=You cannot login as this user as they are an Integration Learner and 'Allow direct access to main LAMS page for Integration Learners' is turned off in the system configuration.
 #======= End labels: Exported 749 labels for en AU =====
Index: lams_central/src/java/org/lamsfoundation/lams/web/IndexAction.java
===================================================================
diff -u -r3617b812ba50ea59fd9991680ee73e5ee41357cf -r5bcac6182758458fcd994b9bda8c6620a9493265
--- lams_central/src/java/org/lamsfoundation/lams/web/IndexAction.java	(.../IndexAction.java)	(revision 3617b812ba50ea59fd9991680ee73e5ee41357cf)
+++ lams_central/src/java/org/lamsfoundation/lams/web/IndexAction.java	(.../IndexAction.java)	(revision 5bcac6182758458fcd994b9bda8c6620a9493265)
@@ -120,14 +120,20 @@
 	    return mapping.findForward("lessons");
 	}
 
-	boolean isIntegrationUser = getIntegrationService().isIntegrationUser(userDTO.getUserID());
-	//prevent integration users with mere learner rights from accessing index.do
-	if (isIntegrationUser && !request.isUserInRole(Role.AUTHOR) && !request.isUserInRole(Role.MONITOR)
-		&& !request.isUserInRole(Role.GROUP_MANAGER) && !request.isUserInRole(Role.GROUP_ADMIN)
-		&& !request.isUserInRole(Role.SYSADMIN)) {
-	    response.sendError(HttpServletResponse.SC_FORBIDDEN,
-		    "Integration users with learner right are not allowed to access this page");
-	    return null;
+	
+	// This test also appears in LoginAsAction
+	Boolean allowDirectAccessIntegrationLearner = Configuration
+		.getAsBoolean(ConfigurationKeys.ALLOW_DIRECT_ACCESS_FOR_INTEGRATION_LEARNERS);
+	if (!allowDirectAccessIntegrationLearner) {
+	    boolean isIntegrationUser = getIntegrationService().isIntegrationUser(userDTO.getUserID());
+	    //prevent integration users with mere learner rights from accessing index.do
+	    if (isIntegrationUser && !request.isUserInRole(Role.AUTHOR) && !request.isUserInRole(Role.MONITOR)
+		    && !request.isUserInRole(Role.GROUP_MANAGER) && !request.isUserInRole(Role.GROUP_ADMIN)
+		    && !request.isUserInRole(Role.SYSADMIN)) {
+		response.sendError(HttpServletResponse.SC_FORBIDDEN,
+			"Integration users with learner right are not allowed to access this page");
+		return null;
+	    }
 	}
 	
 	// only show the growl warning the first time after a user has logged in & if turned on in configuration
Index: lams_central/src/java/org/lamsfoundation/lams/web/LoginAsAction.java
===================================================================
diff -u -rabec15cb11997b230dbd727164e6a0b4faff5e68 -r5bcac6182758458fcd994b9bda8c6620a9493265
--- lams_central/src/java/org/lamsfoundation/lams/web/LoginAsAction.java	(.../LoginAsAction.java)	(revision abec15cb11997b230dbd727164e6a0b4faff5e68)
+++ lams_central/src/java/org/lamsfoundation/lams/web/LoginAsAction.java	(.../LoginAsAction.java)	(revision 5bcac6182758458fcd994b9bda8c6620a9493265)
@@ -23,6 +23,9 @@
 
 package org.lamsfoundation.lams.web;
 
+import java.util.Map;
+import java.util.Set;
+
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
@@ -31,12 +34,16 @@
 import org.apache.struts.action.ActionForward;
 import org.apache.struts.action.ActionMapping;
 import org.lamsfoundation.lams.integration.security.RandomPasswordGenerator;
+import org.lamsfoundation.lams.integration.service.IntegrationService;
 import org.lamsfoundation.lams.logevent.LogEvent;
 import org.lamsfoundation.lams.logevent.service.ILogEventService;
 import org.lamsfoundation.lams.security.UniversalLoginModule;
+import org.lamsfoundation.lams.usermanagement.Role;
 import org.lamsfoundation.lams.usermanagement.User;
 import org.lamsfoundation.lams.usermanagement.dto.UserDTO;
 import org.lamsfoundation.lams.usermanagement.service.IUserManagementService;
+import org.lamsfoundation.lams.util.Configuration;
+import org.lamsfoundation.lams.util.ConfigurationKeys;
 import org.lamsfoundation.lams.util.MessageService;
 import org.lamsfoundation.lams.util.WebUtil;
 import org.lamsfoundation.lams.web.session.SessionManager;
@@ -60,12 +67,27 @@
 		.getRequiredWebApplicationContext(getServlet().getServletContext());
 	IUserManagementService service = (IUserManagementService) ctx.getBean("userManagementService");
 	MessageService messageService = (MessageService) ctx.getBean("centralMessageService");
+	IntegrationService integrationService = (IntegrationService) ctx.getBean("integrationService");
+
 	String login = WebUtil.readStrParam(request, "login", false);
 
 	if (service.isUserSysAdmin()) {
 	    if ((login != null) && (login.trim().length() > 0)) {
 		User user = service.getUserByLogin(login);
 		if (user != null) {
+		    
+		    // If the user is an integration learner and ALLOW_DIRECT_ACCESS_FOR_INTEGRATION_LEARNERS if off do not let syadmin log in
+		    // as they will not be able to access the index page. This test should be the same test as found in IndexAction.
+		    Boolean allowDirectAccessIntegrationLearner = Configuration.getAsBoolean(ConfigurationKeys.ALLOW_DIRECT_ACCESS_FOR_INTEGRATION_LEARNERS);
+		    if (!allowDirectAccessIntegrationLearner) {
+			boolean isIntegrationUser = integrationService.isIntegrationUser(user.getUserId());
+			if (isIntegrationUser && isOnlyLearner(service, user.getUserId())) {
+			    request.setAttribute("errorName", "Login As");
+			    request.setAttribute("errorMessage", messageService.getMessage("error.cannot.login.as.with.not.allow.direct.access"));
+			    return mapping.findForward("error");
+			}
+		    }
+		    
 		    // audit log when loginas
 		    UserDTO sysadmin = (UserDTO) SessionManager.getSession().getAttribute(AttributeNames.USER);
 		    ILogEventService logEventService = (ILogEventService) ctx.getBean("logEventService");
@@ -84,12 +106,25 @@
 		}
 	    }
 	} else {
-	    request.setAttribute("errorName", "LoginAsAction");
+	    request.setAttribute("errorName", "Login As");
 	    request.setAttribute("errorMessage", messageService.getMessage("error.authorisation"));
 	    return mapping.findForward("error");
 	}
 
 	return mapping.findForward("usersearch");
     }
 
+    private boolean isOnlyLearner(IUserManagementService service, Integer userId) {
+	Map<Integer, Set<Integer>> orgRoleSets = service.getRolesForUser(userId);
+	for (Set<Integer> orgRoleSet : orgRoleSets.values()) {
+	    for (Integer role : orgRoleSet) {
+		if (role.equals(Role.ROLE_AUTHOR) || role.equals(Role.ROLE_MONITOR)
+			|| role.equals(Role.ROLE_GROUP_MANAGER) || role.equals(Role.ROLE_GROUP_ADMIN)
+			|| role.equals(Role.ROLE_SYSADMIN))
+		    return false;
+	    }
+	}
+	return true;
+    }    
+
 }
Index: lams_central/web/WEB-INF/struts-config.xml
===================================================================
diff -u -rba6d2394558dc6e82f56561d0913c9e75d000e89 -r5bcac6182758458fcd994b9bda8c6620a9493265
--- lams_central/web/WEB-INF/struts-config.xml	(.../struts-config.xml)	(revision ba6d2394558dc6e82f56561d0913c9e75d000e89)
+++ lams_central/web/WEB-INF/struts-config.xml	(.../struts-config.xml)	(revision 5bcac6182758458fcd994b9bda8c6620a9493265)
@@ -197,6 +197,12 @@
         path="/admin/usersearch.do"
         redirect="false"
       />
+      <forward
+        name="error"
+        path="/errorpages/errorWithMessage.jsp"
+        redirect="false"
+      />
+
     </action>
     <action
       path="/Paint"
Index: lams_central/web/errorpages/errorWithMessage.jsp
===================================================================
diff -u
--- lams_central/web/errorpages/errorWithMessage.jsp	(revision 0)
+++ lams_central/web/errorpages/errorWithMessage.jsp	(revision 5bcac6182758458fcd994b9bda8c6620a9493265)
@@ -0,0 +1,37 @@
+<%@ page language="java" pageEncoding="UTF-8" contentType="text/html;charset=utf-8"%>
+<%@ taglib uri="tags-lams" prefix="lams"%>
+<%@ taglib uri="tags-core" prefix="c"%>
+<%@ taglib uri="tags-fmt" prefix="fmt"%>
+
+<c:set var="lams">
+	<lams:LAMSURL />
+</c:set>
+
+<%-- Same layout as error.jsp but assumes the error details have been supplied in the request by an Action (e.g. LoginAs) and not from a stacktrace --%>
+
+<!DOCTYPE html>
+<lams:html>
+<lams:head>
+	<title><fmt:message key="heading.general.error" /></title>
+	<lams:css />
+</lams:head>
+
+<body class="stripes">
+
+	<lams:Page type="admin" title="${errorName}">
+		<%-- Error Messages --%>
+
+		<div class="voffset10">
+		<lams:Alert id="errors" type="danger" close="false">
+			
+				<c:out value="${errorMessage}" escapeXml="true" />
+
+		</lams:Alert>
+		</div>
+		
+
+		<div id="footer"></div>
+		<!--closes footer-->
+	</lams:Page>
+</body>
+</lams:html>
Fisheye: Tag 2e2707ff81eef6dc9c24d28396b079883868972c refers to a dead (removed) revision in file `lams_common/src/java/org/lamsfoundation/lams/dbupdates/patch20180601.sql'.
Fisheye: No comparison available.  Pass `N' to diff?
Index: lams_common/src/java/org/lamsfoundation/lams/util/ConfigurationKeys.java
===================================================================
diff -u -rdf0635da539415b89e42b4ce83da50f8fe3b272e -r5bcac6182758458fcd994b9bda8c6620a9493265
--- lams_common/src/java/org/lamsfoundation/lams/util/ConfigurationKeys.java	(.../ConfigurationKeys.java)	(revision df0635da539415b89e42b4ce83da50f8fe3b272e)
+++ lams_common/src/java/org/lamsfoundation/lams/util/ConfigurationKeys.java	(.../ConfigurationKeys.java)	(revision 5bcac6182758458fcd994b9bda8c6620a9493265)
@@ -276,4 +276,7 @@
     // LDEV-4144
     public static String SHOW_TIMEZONE_WARNING = "ShowTimezoneWarning";
 
+    // LDEV-4594 / LDEV-4583 Allow/Block access to index.do for integration learners. Default to false - do not allow direct access.
+    public static String ALLOW_DIRECT_ACCESS_FOR_INTEGRATION_LEARNERS = "AllowDirectAccessIntgrtnLrnr";
+
 }