\n"; print "

\n"; } print "

Privilege Tree

\n"; $cont = addContinuationsEntry('JSONprivnodelist'); print "

\n"; print "

\n"; #print " \n"; #print " \n"; print " \n"; print " \n"; print " \n"; print "

\n"; print "

\n"; if($hasNodeAdmin) { print "\n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print "

\n"; } print "

\n"; $cont = addContinuationsEntry('selectNode'); print "\n"; # privileges print "

Privileges at Selected Node

\n"; $node = $activeNode; $nodeInfo = getNodeInfo($node); $privs = getNodePrivileges($node); $cascadePrivs = getNodeCascadePrivileges($node); $usertypes = getTypes("users"); $i = 0; $hasUserGrant = checkUserHasPriv("userGrant", $user["id"], $node, $privs, $cascadePrivs); $hasResourceGrant = checkUserHasPriv("resourceGrant", $user["id"], $node, $privs, $cascadePrivs); print "

\n"; # users print "\n"; print "

\n"; print "

Users

\n"; print "

\n"; $users = array(); if(count($privs["users"]) || count($cascadePrivs["users"])) { print "\n"; print " \n"; print " \n"; print " \n"; print " \n"; foreach($usertypes["users"] as $type) { $img = getImageText($type); print " \n"; } print " \n"; $users = array_unique(array_merge(array_keys($privs["users"]), array_keys($cascadePrivs["users"]))); sort($users); foreach($users as $_user) { printUserPrivRow($_user, $i, $privs["users"], $usertypes["users"], $cascadePrivs["users"], 'user', ! $hasUserGrant); $i++; } print "

	Block Cascaded Rights	Cascade to Child Nodes	$img

\n"; print "\n"; if($hasUserGrant) { $cont = addContinuationsEntry('AJchangeUserPrivs'); print "\n"; } } else { print "There are no user privileges at the selected node.
\n"; } if($hasUserGrant) { print "\n"; } print "

\n"; print "

\n"; # groups print "\n"; print "

\n"; print "

User Groups

\n"; if(count($privs["usergroups"]) || count($cascadePrivs["usergroups"])) { print "

\n"; print ""; print "\n"; print " \n"; print " \n"; print " \n"; print " \n"; foreach($usertypes["users"] as $type) { $img = getImageText($type); print " \n"; } print " \n"; $groups = array_unique(array_merge(array_keys($privs["usergroups"]), array_keys($cascadePrivs["usergroups"]))); sort($groups); foreach($groups as $group) { printUserPrivRow($group, $i, $privs["usergroups"], $usertypes["users"], $cascadePrivs["usergroups"], 'group', ! $hasUserGrant); $i++; } print "

	Block Cascaded Rights	Cascade to Child Nodes	$img

\n"; print ""; if($hasUserGrant) { $cont = addContinuationsEntry('AJchangeUserGroupPrivs'); print "\n"; } $cont = addContinuationsEntry('jsonGetUserGroupMembers'); print "\n"; } else { print "There are no user group privileges at the selected node.
\n"; $groups = array(); } if($hasUserGrant) { print "\n"; } print "

\n"; print "

\n"; # resources $resourcetypes = getResourcePrivs(); print "\n"; print "

\n"; print "

Resources

\n"; print "

\n"; if(count($privs["resources"]) || count($cascadePrivs["resources"])) { print "\n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; foreach($resourcetypes as $type) { if($type == 'block' || $type == 'cascade') continue; $img = getImageText("$type"); print " \n"; } print " \n"; $resources = array_unique(array_merge(array_keys($privs["resources"]), array_keys($cascadePrivs["resources"]))); sort($resources); $resourcegroups = getResourceGroups(); $resgroupmembers = getResourceGroupMembers(); foreach($resources as $resource) { $data = getResourcePrivRowHTML($resource, $i, $privs["resources"], $resourcetypes, $resourcegroups, $resgroupmembers, $cascadePrivs["resources"], ! $hasResourceGrant); print $data['html']; print "\n"; $i++; } print "

Group Name	Group Type	Block Cascaded Rights	Cascade to Child Nodes	$img

\n"; if($hasResourceGrant) { $cont = addContinuationsEntry('AJchangeResourcePrivs'); print "\n"; } $cont = addContinuationsEntry('jsonGetResourceGroupMembers'); print "\n"; } else { print "There are no resource group privileges at the selected node.
\n"; $resources = array(); } if($hasResourceGrant) { print "\n"; } print "

\n"; print "

\n"; # ----------------------------- dialogs ---------------------------- print "

\n"; print " \n"; print "

Add User

\n"; print "

\n"; print "\n"; print " \n"; print " \n"; print " \n"; print " \n"; foreach($usertypes["users"] as $type) { $img = getImageText($type); print " \n"; } print " \n"; print " \n"; print " \n"; # block rights $count = count($usertypes) + 1; print " \n"; #cascade rights print " \n"; # normal rights $j = 1; foreach($usertypes["users"] as $type) { print " \n"; $j++; } print " \n"; print "

	Block Cascaded Rights	Cascade to Child Nodes	$img
		"; print "

\n"; print "

\n"; print "\n"; print "\n"; print "\n"; print "

\n"; print " \n"; print "

\n"; $cont = addContinuationsEntry('AJsubmitAddUserPriv'); print "\n"; print "

\n"; print "

\n"; print " \n"; print "

Add User Group

\n"; print "

\n"; print "\n"; print " \n"; print " \n"; print " \n"; print " \n"; foreach($usertypes["users"] as $type) { $img = getImageText($type); print " \n"; } print " \n"; print " \n"; print " \n"; # block rights print " \n"; #cascade rights print " \n"; # normal rights $j = 1; foreach($usertypes["users"] as $type) { print " \n"; $j++; } print " \n"; print "

	Block Cascaded Rights	Cascade to Child Nodes	$img
\n"; # FIXME should $groups be only the user's groups? $groups = getUserGroups(0, $user['affiliationid']); printSelectInput("newgroupid", $groups, -1, 0, 0, 'newgroupid'); print "		"; print "

\n"; print "

\n"; print "\n"; print "\n"; print "\n"; print "

\n"; print " \n"; print "

\n"; $cont = addContinuationsEntry('AJsubmitAddUserGroupPriv'); print "\n"; print "

\n"; print "

\n"; print " \n"; print "

Add Resource Group

\n"; print "

\n"; print "\n"; print " \n"; print " \n"; print " \n"; print " \n"; foreach($resourcetypes as $type) { if($type == 'block' || $type == 'cascade') continue; $img = getImageText("$type"); print " \n"; } print " \n"; print " \n"; print " \n"; # block rights print " \n"; #cascade rights print " \n"; # normal rights $i = 1; foreach($resourcetypes as $type) { if($type == 'block' || $type == 'cascade') continue; print " \n"; $i++; } print " \n"; print "

	Block Cascaded Rights	Cascade to Child Nodes	$img
\n"; $resources = array(); $privs = array("computerAdmin", "mgmtNodeAdmin", "imageAdmin", "scheduleAdmin", "serverProfileAdmin"); $resourcesgroups = getUserResources($privs, array("manageGroup"), 1); foreach(array_keys($resourcesgroups) as $type) { foreach($resourcesgroups[$type] as $id => $group) { $resources[$id] = $type . "/" . $group; } } printSelectInput("newresourcegroupid", $resources, -1, 0, 0, 'newresourcegroupid'); print "		"; print "

\n"; print "

\n"; print "\n"; print "\n"; print "\n"; print "

\n"; print " \n"; print "

\n"; $cont = addContinuationsEntry('AJsubmitAddResourcePriv'); print "\n"; print "

\n"; print "

Add Child Node

\n"; print "

\n"; print "New Node:\n"; print "\n"; print " \n"; print "\n"; print "

\n"; print "\n"; print "\n"; print "\n"; print "

\n"; print " \n"; print "

\n"; $cont = addContinuationsEntry('AJsubmitAddChildNode'); print ""; print "

\n"; print "

\n"; print "Delete the following node and all of its children?

\n"; print "

\n"; print "

\n"; print "\n"; print "\n"; print "\n"; print "

\n"; print " \n"; print "

\n"; $cont = addContinuationsEntry('AJsubmitDeleteNode'); print ""; print "

\n"; print "

\n"; print "Enter a new name for the selected node:

\n"; print "

\n"; print "New Name:\n"; print "\n"; print " \n"; print "\n"; print "

\n"; print "

\n"; print "\n"; print "\n"; print "\n"; print "

\n"; print " \n"; print "

\n"; $cont = addContinuationsEntry('AJsubmitRenameNode'); print ""; print "

\n"; print "

\n"; print "Loading...\n"; print " \n"; print "

\n"; if(! $hasManagePerms) return; print "

\n"; # end privtree tab print "

\n"; print "

Additional User Group Permissions

\n"; print "There are additional permisssions that can be assigned to user
\n"; print "groups that are not specific to any nodes in the privilege tree.
\n"; print "Use this portion of the site to manage those permissions.

\n"; printSelectInput("editusergroupid", $groups, -1, 0, 0, 'editusergroupid', 'onChange="hideUserGroupPrivs();"'); $cont = addContinuationsEntry('AJpermSelectUserGroup'); print "\n"; print "

\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "

\n"; print "

\n"; $privtypes = getUserGroupPrivTypes(); foreach($privtypes as $id => $type) { print "\n"; print "{$type['name']}"; print "
\n"; } print "

\n"; print "

\n"; print "Permission Description\n"; print "

\n"; print "

\n"; print "Copy permissions from user group: "; printSelectInput("copyusergroupid", $groups, -1, 0, 0, 'copyusergroupid'); $cont = addContinuationsEntry('AJpermSelectUserGroup'); print "

\n"; $cont = addContinuationsEntry('AJsaveUserGroupPrivs'); print "
\n"; print "\n"; print "

\n"; print "

\n"; # end userperm tab print "\n"; # end tab container } //////////////////////////////////////////////////////////////////////////////// /// /// \fn selectNode() /// /// \brief generates html for ajax update to privileges page when a node is /// clicked /// //////////////////////////////////////////////////////////////////////////////// function selectNode() { global $user; $node = processInputVar("node", ARG_NUMERIC); if(empty($node)) return; $return = ""; $text = ""; $js = ""; $privs = getNodePrivileges($node); $cascadePrivs = getNodeCascadePrivileges($node); $usertypes = getTypes("users"); $i = 0; $hasUserGrant = checkUserHasPriv("userGrant", $user["id"], $node, $privs, $cascadePrivs); $hasResourceGrant = checkUserHasPriv("resourceGrant", $user["id"], $node, $privs, $cascadePrivs); $hasNodeAdmin = checkUserHasPriv("nodeAdmin", $user["id"], $node, $privs, $cascadePrivs); if($hasNodeAdmin) { $text .= ""; $text .= " "; $text .= " "; $text .= " "; $text .= " "; $text .= " "; $text .= "

"; } $return .= "if(dijit.byId('addNodeBtn')) dijit.byId('addNodeBtn').destroy();"; $return .= "if(dijit.byId('deleteNodeBtn')) dijit.byId('deleteNodeBtn').destroy();"; $return .= "if(dijit.byId('renameNodeBtn')) dijit.byId('renameNodeBtn').destroy();"; $return .= setAttribute('treebuttons', 'innerHTML', $text); $return .= "AJdojoCreate('treebuttons');"; # privileges $return .= "dojo.query('*', 'nodePerms').forEach(function(item){if(dijit.byId(item.id)) dijit.byId(item.id).destroy();});"; $text = ""; $text .= "

Users

"; $users = array(); if(count($privs["users"]) || count($cascadePrivs["users"])) { $text .= "

"; $text .= ""; $text .= " "; $text .= " "; $text .= " "; $text .= " "; foreach($usertypes["users"] as $type) { $img = getImageText($type); $text .= " "; } $text .= " "; $users = array_unique(array_merge(array_keys($privs["users"]), array_keys($cascadePrivs["users"]))); sort($users); foreach($users as $_user) { $tmpArr = getUserPrivRowHTML($_user, $i, $privs["users"], $usertypes["users"], $cascadePrivs["users"], 'user', ! $hasUserGrant); $text .= $tmpArr['html']; $js .= $tmpArr['javascript']; $i++; } $text .= "

	Block Cascaded Rights	Cascade to Child Nodes	$img

"; $text .= ""; if($hasUserGrant) { $cont = addContinuationsEntry('AJchangeUserPrivs'); $text .= ""; } } else { $text .= "There are no user privileges at the selected node.
"; } if($hasUserGrant) { $text .= ""; } $text .= "

"; $return .= setAttribute('usersDiv', 'innerHTML', $text); $return .= "AJdojoCreate('usersDiv');"; # groups $text = ""; $text .= "

User Groups

"; if(count($privs["usergroups"]) || count($cascadePrivs["usergroups"])) { $text .= "

"; $text .= ""; $text .= ""; $text .= " "; $text .= " "; $text .= " "; $text .= " "; foreach($usertypes["users"] as $type) { $img = getImageText($type); $text .= " "; } $text .= " "; $groups = array_unique(array_merge(array_keys($privs["usergroups"]), array_keys($cascadePrivs["usergroups"]))); sort($groups); foreach($groups as $group) { $tmpArr = getUserPrivRowHTML($group, $i, $privs["usergroups"], $usertypes["users"], $cascadePrivs["usergroups"], 'group', ! $hasUserGrant); $text .= $tmpArr['html']; $js .= $tmpArr['javascript']; $i++; } $text .= "

	Block Cascaded Rights	Cascade to Child Nodes	$img

"; $text .= ""; if($hasUserGrant) { $cont = addContinuationsEntry('AJchangeUserGroupPrivs'); $text .= ""; } $cont = addContinuationsEntry('jsonGetUserGroupMembers'); $text .= ""; } else { $text .= "There are no user group privileges at the selected node.
"; $groups = array(); } if($hasUserGrant) { $text .= ""; } $text .= "

"; $return .= setAttribute('usergroupsDiv', 'innerHTML', $text); $return .= "AJdojoCreate('usergroupsDiv');"; # resources $text = ""; $resourcetypes = getResourcePrivs(); $text .= "

Resources

"; $text .= "

"; if(count($privs["resources"]) || count($cascadePrivs["resources"])) { $text .= ""; $text .= " "; $text .= " "; $text .= " "; $text .= " "; $text .= " "; foreach($resourcetypes as $type) { if($type == 'block' || $type == 'cascade') continue; $img = getImageText("$type"); $text .= " "; } $text .= " "; $resources = array_unique(array_merge(array_keys($privs["resources"]), array_keys($cascadePrivs["resources"]))); sort($resources); $resourcegroups = getResourceGroups(); $resgroupmembers = getResourceGroupMembers(); foreach($resources as $resource) { $tmpArr = getResourcePrivRowHTML($resource, $i, $privs["resources"], $resourcetypes, $resourcegroups, $resgroupmembers, $cascadePrivs["resources"], ! $hasResourceGrant); $html = str_replace("\n", '', $tmpArr['html']); $html = str_replace("'", "\'", $html); $html = preg_replace("/>\s*<", $html); $text .= $html; $js .= $tmpArr['javascript']; $i++; } $text .= "

Group Name	Group Type	Block Cascaded Rights	Cascade to Child Nodes	$img

"; if($hasResourceGrant) { $cont = addContinuationsEntry('AJchangeResourcePrivs'); $text .= ""; } $cont = addContinuationsEntry('jsonGetResourceGroupMembers'); $text .= ""; } else { $text .= "There are no resource group privileges at the selected node.
"; $resources = array(); } if($hasResourceGrant) { $text .= ""; } $text .= "

"; $return .= setAttribute('resourcesDiv', 'innerHTML', $text); $return .= "AJdojoCreate('resourcesDiv');"; print $return; print $js; } //////////////////////////////////////////////////////////////////////////////// /// /// \fn JSONprivnodelist() /// /// \brief prints a json list of privilege nodes /// //////////////////////////////////////////////////////////////////////////////// function JSONprivnodelist() { $nodes = getChildNodes(); $data = JSONprivnodelist2($nodes); header('Content-Type: text/json; charset=utf-8'); $data = "{} && {label:'display',identifier:'name',items:[$data]}"; print $data; } //////////////////////////////////////////////////////////////////////////////// /// /// \fn JSONprivnodelist2($nodelist) /// /// \param $nodelist - an array of nodes as returned from getChildNodes /// /// \return partial json data to build list for JSONprivnodelist /// /// \brief sub function for JSONprivnodelist to help build json node data /// //////////////////////////////////////////////////////////////////////////////// function JSONprivnodelist2($nodelist) { $data = ''; foreach(array_keys($nodelist) as $id) { $data .= "{name:'$id', display:'{$nodelist[$id]['name']}' "; $children = getChildNodes($id); if(count($children)) $data .= ", children: [ " . JSONprivnodelist2($children) . "]},"; else $data .= "},"; } $data = rtrim($data, ','); return $data; } //////////////////////////////////////////////////////////////////////////////// /// /// \fn AJsubmitAddChildNode() /// /// \brief processes input for adding a child node; if all is ok, adds node /// to privnode table; checks to see if submitting user has nodeAdmin, /// userGrant, and resourceGrant cascaded to the node; adds any of the privs /// that aren't cascaded; calls viewNodes when finished /// //////////////////////////////////////////////////////////////////////////////// function AJsubmitAddChildNode() { global $user; $parent = processInputVar("activeNode", ARG_NUMERIC); if(! checkUserHasPriv("nodeAdmin", $user["id"], $parent)) { $text = "You do not have rights to add children to this node."; print "dojo.byId('childNodeName').value = ''; "; print "dijit.byId('addNodePane').hide(); "; print "alert('$text');"; return; } $newnode = processInputVar("newnode", ARG_STRING); $errmsg = ''; if(! validateNodeName($newnode, $errmsg)) { print "dojo.byId('addChildNodeStatus').innerHTML = '$errmsg';"; return; } $nodeInfo = getNodeInfo($parent); # check to see if a node with the submitted name already exists $query = "SELECT id " . "FROM privnode " . "WHERE name = '$newnode' AND " . "parent = $parent"; $qh = doQuery($query, 335); if(mysql_num_rows($qh)) { $text = "A node of that name already exists " . "under " . $nodeInfo["name"]; print "dojo.byId('addChildNodeStatus').innerHTML = '$text';"; return; } $query = "INSERT INTO privnode " . "(parent, " . "name) " . "VALUES " . "($parent, " . "'$newnode')"; doQuery($query, 336); $qh = doQuery("SELECT LAST_INSERT_ID() FROM privnode", 101); if(! $row = mysql_fetch_row($qh)) abort(101); $nodeid = $row[0]; $privs = array(); foreach(array("nodeAdmin", "userGrant", "resourceGrant") as $type) { if(! checkUserHasPriv($type, $user["id"], $nodeid)) array_push($privs, $type); } if(count($privs)) { array_push($privs, "cascade"); updateUserOrGroupPrivs($user["id"], $nodeid, $privs, array(), "user"); } print "addChildNode('$newnode', $nodeid);"; } //////////////////////////////////////////////////////////////////////////////// /// /// \fn nodeExists($node) /// /// \param $node - the id of a node /// /// \return 1 if exists, 0 if not /// /// \brief checks to see if $node exists /// //////////////////////////////////////////////////////////////////////////////// function nodeExists($node) { $query = "SELECT id FROM privnode WHERE id = $node"; $qh = doQuery($query, 101); if(mysql_num_rows($qh)) return 1; else return 0; } //////////////////////////////////////////////////////////////////////////////// /// /// \fn validateNodeName($name, &$errmsg) /// /// \param $name - name for a node /// \param $errmsg - variable into which an error message will be placed if /// $name is not valid /// /// \return 1 if name is okay, 0 if not; if 0, $errmsg is populated with an /// error message /// /// \brief validates that a name for a node is okay /// //////////////////////////////////////////////////////////////////////////////// function validateNodeName($name, &$errmsg) { if(preg_match('/^[-A-Za-z0-9_\. ]+$/', $name)) return 1; $errmsg = _("Node names can only contain letters, numbers, spaces,
dashes(-), dots(.), and underscores(_)."); return 0; } //////////////////////////////////////////////////////////////////////////////// /// /// \fn AJsubmitDeleteNode() /// /// \brief deletes a node and its children; calls viewNodes when finished /// //////////////////////////////////////////////////////////////////////////////// function AJsubmitDeleteNode() { global $user; $activeNode = processInputVar("activeNode", ARG_NUMERIC); if(empty($activeNode)) return; if(! checkUserHasPriv("nodeAdmin", $user["id"], $activeNode)) { $text = "You do not have rights to delete this node."; print "alert('$text');"; return; } clearPrivCache(); $nodes = recurseGetChildren($activeNode); $parents = getParentNodes($activeNode); $parent = $parents[0]; array_push($nodes, $activeNode); $deleteNodes = implode(',', $nodes); $query = "DELETE FROM privnode " . "WHERE id IN ($deleteNodes)"; doQuery($query, 345); print "setSelectedPrivNode('$parent'); "; print "removeNodesFromTree('$activeNode'); "; print "dijit.byId('deleteDialog').hide(); "; print "var workingobj = dijit.byId('workingDialog'); "; print "dojo.connect(workingobj._fadeOut, 'onEnd', dijit.byId('deleteDialog'), 'hide'); "; } //////////////////////////////////////////////////////////////////////////////// /// /// \fn AJsubmitRenameNode() /// /// \brief deletes a node and its children; calls viewNodes when finished /// //////////////////////////////////////////////////////////////////////////////// function AJsubmitRenameNode() { global $user; $activeNode = processInputVar("activeNode", ARG_NUMERIC); if(empty($activeNode)) return; if(! checkUserHasPriv("nodeAdmin", $user["id"], $activeNode)) { $msg = "You do not have rights to rename this node."; $arr = array('error' => 1, 'message' => $msg); sendJSON($arr); return; } $newname = processInputVar('newname', ARG_STRING); $errmsg = ''; if(! validateNodeName($newname, $errmsg)) { $arr = array('error' => 2, 'message' => $errmsg); sendJSON($arr); return; } # check if node matching new name already exists at parent $_newname = mysql_real_escape_string($newname); $query = "SELECT id " . "FROM privnode " . "WHERE parent = (SELECT parent FROM privnode WHERE id = $activeNode) AND " . "name = '$_newname'"; $qh = doQuery($query, 101); if(mysql_num_rows($qh)) { $msg = _("A sibling node of that name currently exists"); $arr = array('error' => 2, 'message' => $msg); sendJSON($arr); return; } $query = "UPDATE privnode " . "SET name = '$_newname' " . "WHERE id = $activeNode"; doQuery($query, 101); $arr = array('newname' => $newname, 'node' => $activeNode); sendJSON($arr); } //////////////////////////////////////////////////////////////////////////////// /// /// \fn userLookup() /// /// \brief prints a page to display a user's privileges /// //////////////////////////////////////////////////////////////////////////////// function userLookup() { global $user; $userid = processInputVar("userid", ARG_STRING); if(get_magic_quotes_gpc()) $userid = stripslashes($userid); $affilid = processInputVar('affiliationid', ARG_NUMERIC, $user['affiliationid']); $force = processInputVar('force', ARG_NUMERIC, 0); print "

\n"; print "

User Lookup

\n"; print "

\n"; print "\n"; print " \n"; print " \n"; print " \n"; if(checkUserHasPerm('User Lookup (global)')) { $affils = getAffiliations(); print " \n"; } print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print "

Name (last, first) or User ID:		\n"; print "@"; printSelectInput("affiliationid", $affils, $affilid); print "
\n"; print " \n"; print " Attempt forcing an update from LDAP (User ID only)\n"; print "
\n"; print "

\n"; $cont = addContinuationsEntry('submitUserLookup'); print "\n"; print "

\n"; if(! empty($userid)) { $esc_userid = mysql_real_escape_string($userid); if(preg_match('/,/', $userid)) { $mode = 'name'; $force = 0; } else $mode = 'userid'; if(! checkUserHasPerm('User Lookup (global)') && $user['affiliationid'] != $affilid) { print "$userid not found
\n"; return; } if($mode == 'userid') { $query = "SELECT id " . "FROM user " . "WHERE unityid = '$esc_userid' AND " . "affiliationid = $affilid"; $affilname = getAffiliationName($affilid); $userid = "$userid@$affilname"; $esc_userid = "$esc_userid@$affilname"; } else { $tmp = explode(',', $userid); $last = mysql_real_escape_string(trim($tmp[0])); $first = mysql_real_escape_string(trim($tmp[1])); $query = "SELECT CONCAT(u.unityid, '@', a.name) AS unityid " . "FROM user u, " . "affiliation a " . "WHERE u.firstname = '$first' AND " . "u.lastname = '$last' AND " . "u.affiliationid = $affilid AND " . "a.id = $affilid"; } $qh = doQuery($query, 101); if(! mysql_num_rows($qh)) { if($mode == 'name') { print "User not found
\n"; return; } else print "$userid not currently found in VCL user database, will try to add...
\n"; } elseif($force) { $_SESSION['userresources'] = array(); $row = mysql_fetch_assoc($qh); $newtime = unixToDatetime(time() - SECINDAY - 5); $query = "UPDATE user SET lastupdated = '$newtime' WHERE id = {$row['id']}"; doQuery($query, 101); } elseif($mode == 'name') { $row = mysql_fetch_assoc($qh); $userid = $row['unityid']; $esc_userid = $row['unityid']; } $userdata = getUserInfo($esc_userid); if(is_null($userdata)) { $userdata = getUserInfo($esc_userid, 1); if(is_null($userdata)) { print "$userid not found
\n"; return; } } $userdata["groups"] = getUsersGroups($userdata["id"], 1, 1); print "\n"; if(! empty($userdata['unityid'])) { print " \n"; print " \n"; print " \n"; print " \n"; } if(! empty($userdata['firstname'])) { print " \n"; print " \n"; print " \n"; print " \n"; } if(! empty($userdata['lastname'])) { print " \n"; print " \n"; print " \n"; print " \n"; } if(! empty($userdata['preferredname'])) { print " \n"; print " \n"; print " \n"; print " \n"; } if(! empty($userdata['affiliation'])) { print " \n"; print " \n"; print " \n"; print " \n"; } if(! empty($userdata['email'])) { print " \n"; print " \n"; print " \n"; print " \n"; } print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print "

User ID:	{$userdata["unityid"]}
First Name:	{$userdata["firstname"]}
Last Name:	{$userdata["lastname"]}
Preferred Name:	{$userdata["preferredname"]}
Affiliation:	{$userdata["affiliation"]}
Email:	{$userdata["email"]}
Groups:	\n"; uasort($userdata["groups"], "sortKeepIndex"); foreach($userdata["groups"] as $group) { print " $group \n"; } print "
User Group Permissions:	\n"; if(count($userdata['groupperms'])) { foreach($userdata['groupperms'] as $perm) print " $perm \n"; } else print " No additional user group permissions\n"; print "
Privileges (found somewhere in the tree):	\n"; uasort($userdata["privileges"], "sortKeepIndex"); foreach($userdata["privileges"] as $priv) { if($priv == "block" \|\| $priv == "cascade") continue; print " $priv \n"; } print "

\n"; # get user's resources $userResources = getUserResources(array("imageCheckOut"), array("available"), 0, 0, $userdata['id']); # find nodes where user has privileges $query = "SELECT p.name AS privnode, " . "upt.name AS userprivtype, " . "up.privnodeid " . "FROM userpriv up, " . "privnode p, " . "userprivtype upt " . "WHERE up.privnodeid = p.id AND " . "up.userprivtypeid = upt.id AND " . "up.userid = {$userdata['id']} " . "ORDER BY p.name, " . "upt.name"; $qh = doQuery($query, 101); if(mysql_num_rows($qh)) { print "Nodes where user is granted privileges:
\n"; print "\n"; $privnodeid = 0; while($row = mysql_fetch_assoc($qh)) { if($privnodeid != $row['privnodeid']) { if($privnodeid) { print " \n"; print " \n"; } print " \n"; $privnodeid = $row['privnodeid']; print " \n"; print " \n"; print " \n"; print "

{$row['privnode']}	\n"; } print " {$row['userprivtype']} \n"; } print "

\n"; } # find nodes where user's groups have privileges if(! empty($userdata['groups'])) { $query = "SELECT DISTINCT p.name AS privnode, " . "upt.name AS userprivtype, " . "up.privnodeid " . "FROM userpriv up, " . "privnode p, " . "userprivtype upt " . "WHERE up.privnodeid = p.id AND " . "up.userprivtypeid = upt.id AND " . "upt.name != 'cascade' AND " . "upt.name != 'block' AND " . "up.usergroupid IN (" . implode(',', array_keys($userdata['groups'])) . ") " . "ORDER BY p.name, " . "upt.name"; $qh = doQuery($query, 101); if(mysql_num_rows($qh)) { print "Nodes where user's groups are granted privileges:
\n"; print "\n"; $privnodeid = 0; while($row = mysql_fetch_assoc($qh)) { if($privnodeid != $row['privnodeid']) { if($privnodeid) { print " \n"; print " \n"; } print " \n"; $privnodeid = $row['privnodeid']; print " \n"; print " \n"; print " \n"; print "

{$row['privnode']}	\n"; } print " {$row['userprivtype']} \n"; } print "

\n"; } } print "\n"; print " \n"; print " \n"; print " \n"; print "

Images User Has Access To:	\n"; print "	\n"; foreach($userResources['image'] as $img) print " $img \n"; print "

\n"; # login history $query = "SELECT authmech, " . "timestamp, " . "passfail, " . "remoteIP, " . "code " . "FROM loginlog " . "WHERE user = '{$userdata['unityid']}' AND " . "affiliationid = {$userdata['affiliationid']} " . "ORDER BY timestamp DESC " . "LIMIT 8"; $logins = array(); $qh = doQuery($query); while($row = mysql_fetch_assoc($qh)) $logins[] = $row; if(count($logins)) { $logins = array_reverse($logins); print "

Login History (last 8 attempts)

\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; foreach($logins as $login) { print " \n"; print " \n"; $ts = prettyDatetime($login['timestamp'], 1); print " \n"; if($login['passfail']) print " \n"; else print " \n"; print " \n"; print " \n"; print " \n"; } print "

Authentication Method	Timestamp	Result	Remote IP	Extra Info
{$login['authmech']}	$ts	Pass	Fail	{$login['remoteIP']}	{$login['code']}

\n"; } else { print "

Login History

\n"; print "There are no login attempts by this user.
\n"; } # reservation history $requests = array(); $query = "SELECT DATE_FORMAT(l.start, '%W, %b %D, %Y, %h:%i %p') AS start, " . "DATE_FORMAT(l.finalend, '%W, %b %D, %Y, %h:%i %p') AS end, " . "c.hostname, " . "i.prettyname AS prettyimage, " . "l.ending " . "FROM log l, " . "image i, " . "computer c, " . "sublog s " . "WHERE l.userid = {$userdata['id']} AND " . "s.logid = l.id AND " . "i.id = s.imageid AND " . "c.id = s.computerid " . "ORDER BY l.start DESC " . "LIMIT 5"; $qh = doQuery($query, 290); while($row = mysql_fetch_assoc($qh)) array_push($requests, $row); $requests = array_reverse($requests); if(! empty($requests)) { print "

User's last " . count($requests) . " reservations:

\n"; print "\n"; $first = 1; foreach($requests as $req) { if($first) $first = 0; else { print " \n"; print " \n"; print " \n"; } print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; } print "


Image:	{$req['prettyimage']}
Computer:	{$req['hostname']}
Start:	{$req['start']}
End:	{$req['end']}
Ending:	{$req['ending']}

\n"; } else print "User made no reservations in the past week.
\n"; } print "

\n"; } //////////////////////////////////////////////////////////////////////////////// /// /// \fn recurseGetChildren($node) /// /// \param $node - a node id /// /// \return an array of nodes that are children of $node /// /// \brief foreach child node of $node, adds it to an array and calls /// self to add that child's children /// //////////////////////////////////////////////////////////////////////////////// function recurseGetChildren($node) { $children = array(); $qh = doQuery("SELECT id FROM privnode WHERE parent = $node", 340); while($row = mysql_fetch_row($qh)) { array_push($children, $row[0]); $children = array_merge($children, recurseGetChildren($row[0])); } return $children; } //////////////////////////////////////////////////////////////////////////////// /// /// \fn printUserPrivRow($privname, $rownum, $privs, $types, /// $cascadeprivs, $usergroup, $disabled) /// /// \param $privname - privilege name /// \param $rownum - number of the privilege row on this page /// \param $privs - an array of user's privileges /// \param $types - an array of privilege types /// \param $cascadeprivs - an array of user's cascaded privileges /// \param $usergroup - 'user' if this is a user row, or 'group' if this is a /// group row /// \param $disabled - 0 or 1; whether or not the checkboxes should be disabled /// /// \brief prints a table row for this $privname /// //////////////////////////////////////////////////////////////////////////////// function printUserPrivRow($privname, $rownum, $privs, $types, $cascadeprivs, $usergroup, $disabled) { $allprivs = $cascadeprivs + $privs; print " \n"; if($usergroup == 'group') { $id = $allprivs[$privname]['id']; print " $privname"; if($usergroup == 'group' && ! empty($allprivs[$privname]['affiliation'])) print "@{$allprivs[$privname]['affiliation']}"; print "\n"; } else print "$privname\n"; if($disabled) $disabled = 'disabled=disabled'; else $disabled = ''; # block rights if(array_key_exists($privname, $privs) && (($usergroup == 'user' && in_array("block", $privs[$privname])) || ($usergroup == 'group' && in_array("block", $privs[$privname]['privs'])))) { $checked = "checked"; $blocked = 1; } else { $checked = ""; $blocked = 0; } $count = count($types) + 1; if($usergroup == 'user') { $usergroup = 1; $name = "privrow[$privname:block]"; } elseif($usergroup == 'group') { $usergroup = 2; $name = "privrow[{$allprivs[$privname]['id']}:block]"; } print " \n"; print "\n"; #cascade rights if(array_key_exists($privname, $privs) && (($usergroup == 1 && in_array("cascade", $privs[$privname])) || ($usergroup == 2 && in_array("cascade", $privs[$privname]['privs'])))) $checked = "checked"; else $checked = ""; if($usergroup == 1) $name = "privrow[$privname:cascade]"; else $name = "privrow[{$allprivs[$privname]['id']}:cascade]"; print " "; print "\n"; # normal rights $j = 1; foreach($types as $type) { $bgcolor = ""; $checked = ""; $value = ""; $cascaded = 0; if(array_key_exists($privname, $cascadeprivs) && (($usergroup == 1 && in_array($type, $cascadeprivs[$privname])) || ($usergroup == 2 && in_array($type, $cascadeprivs[$privname]['privs'])))) { $bgcolor = "bgcolor=\"#008000\""; $checked = "checked"; $value = "value=cascade"; $cascaded = 1; } if(array_key_exists($privname, $privs) && (($usergroup == 1 && in_array($type, $privs[$privname])) || ($usergroup == 2 && in_array($type, $privs[$privname]['privs'])))) { if($cascaded) { $value = "value=cascadesingle"; } else { $checked = "checked"; $value = "value=single"; } } if($usergroup == 1) $name = "privrow[$privname:$type]"; else $name = "privrow[{$allprivs[$privname]['id']}:$type]"; print " "; #print "onBlur=\"nodeCheck(this.checked, $rownum, $j, $usergroup)\">"; print "\n"; $j++; } print " \n"; $count = count($types) + 1; if($blocked) { print "\n"; } } //////////////////////////////////////////////////////////////////////////////// /// /// \fn getUserPrivRowHTML($privname, $rownum, $privs, $types, /// $cascadeprivs, $usergroup, $disabled) /// /// \param $privname - privilege name /// \param $rownum - number of the privilege row on this page /// \param $privs - an array of user's privileges /// \param $types - an array of privilege types /// \param $cascadeprivs - an array of user's cascaded privileges /// \param $usergroup - 'user' if this is a user row, or 'group' if this is a /// group row /// \param $disabled - 0 or 1; whether or not the checkboxes should be disabled /// /// \return a string of HTML code for a user privilege row /// /// \brief creates HTML for a user privilege row and returns it /// //////////////////////////////////////////////////////////////////////////////// function getUserPrivRowHTML($privname, $rownum, $privs, $types, $cascadeprivs, $usergroup, $disabled) { $allprivs = $cascadeprivs + $privs; $text = ""; $js = ""; $text .= ""; if($usergroup == 'group') { $id = $allprivs[$privname]['id']; $text .= "$privname"; if($usergroup == 'group' && ! empty($allprivs[$privname]['affiliation'])) $text .= "@{$allprivs[$privname]['affiliation']}"; $text .= ""; } else $text .= "$privname"; if($disabled) $disabled = 'disabled=disabled'; else $disabled = ''; # block rights if(array_key_exists($privname, $privs) && (($usergroup == 'user' && in_array("block", $privs[$privname])) || ($usergroup == 'group' && in_array("block", $privs[$privname]['privs'])))) { $checked = "checked"; $blocked = 1; } else { $checked = ""; $blocked = 0; } $count = count($types) + 1; if($usergroup == 'user') { $usergroup = 1; $name = "privrow[$privname:block]"; } elseif($usergroup == 'group') { $usergroup = 2; $name = "privrow[{$allprivs[$privname]['id']}:block]"; } $text .= " "; #cascade rights if(array_key_exists($privname, $privs) && (($usergroup == 1 && in_array("cascade", $privs[$privname])) || ($usergroup == 2 && in_array("cascade", $privs[$privname]['privs'])))) $checked = "checked"; else $checked = ""; if($usergroup == 1) $name = "privrow[$privname:cascade]"; else $name = "privrow[{$allprivs[$privname]['id']}:cascade]"; $text .= " "; $text .= ""; # normal rights $j = 1; foreach($types as $type) { $bgcolor = ""; $checked = ""; $value = ""; $cascaded = 0; if(array_key_exists($privname, $cascadeprivs) && (($usergroup == 1 && in_array($type, $cascadeprivs[$privname])) || ($usergroup == 2 && in_array($type, $cascadeprivs[$privname]['privs'])))) { $bgcolor = "bgcolor=\"#008000\""; $checked = "checked"; $value = "value=cascade"; $cascaded = 1; } if(array_key_exists($privname, $privs) && (($usergroup == 1 && in_array($type, $privs[$privname])) || ($usergroup == 2 && in_array($type, $privs[$privname]['privs'])))) { if($cascaded) { $value = "value=cascadesingle"; } else { $checked = "checked"; $value = "value=single"; } } if($usergroup == 1) $name = "privrow[$privname:$type]"; else $name = "privrow[{$allprivs[$privname]['id']}:$type]"; $text .= " "; #$text .= "onBlur=\"nodeCheck(this.checked, $rownum, $j, $usergroup)\">"; $text .= ""; $j++; } $text .= " "; $count = count($types) + 1; if($blocked) { $js .= "changeCascadedRights(true, $rownum, $count, 0, 0);"; } return array('html' => $text, 'javascript' => $js); } //////////////////////////////////////////////////////////////////////////////// /// /// \fn jsonGetUserGroupMembers() /// /// \brief accepts a user group id and dom id and prints a json array with 2 /// elements: members - a
separated string of user group members, and /// domid - the passed in domid /// //////////////////////////////////////////////////////////////////////////////// function jsonGetUserGroupMembers() { global $user; $usergrpid = processInputVar('groupid', ARG_NUMERIC); $domid = processInputVar('domid', ARG_STRING); $query = "SELECT g.ownerid, " . "g2.name AS editgroup, " . "g2.editusergroupid AS editgroupid " . "FROM usergroup g " . "LEFT JOIN usergroup g2 ON (g.editusergroupid = g2.id) " . "WHERE g.id = $usergrpid"; $qh = doQuery($query, 101); if(! ($grpdata = mysql_fetch_assoc($qh))) { # problem getting group members $msg = 'failed to fetch group members'; $arr = array('members' => $msg, 'domid' => $domid); sendJSON($arr); return; } if($grpdata["ownerid"] != $user["id"] && ! (array_key_exists($grpdata["editgroupid"], $user["groups"]))) { # user doesn't have access to view membership $msg = '(not authorized to view membership)'; $arr = array('members' => $msg, 'domid' => $domid); sendJSON($arr); return; } $grpmembers = getUserGroupMembers($usergrpid); $members = ''; foreach($grpmembers as $group) $members .= "$group
"; if($members == '') $members = '(empty group)'; $arr = array('members' => $members, 'domid' => $domid); sendJSON($arr); } //////////////////////////////////////////////////////////////////////////////// /// /// \fn getResourcePrivRowHTML($privname, $rownum, $privs, $types, /// $resourcegroups, $resgroupmembers, /// $cascadeprivs, $disabled) /// /// \param $privname - privilege name /// \param $rownum - number of the privilege row on this page /// \param $privs - an array of user's privileges /// \param $types - an array of privilege types /// \param $resourcegroups - array from getResourceGroups() /// \param $resgroupmembers - array from getResourceGroupMembers() /// \param $cascadeprivs - an array of user's cascaded privileges /// \param $disabled - 0 or 1; whether or not the checkboxes should be disabled /// /// \return a string of HTML code for a resource row /// /// \brief creates HTML for a resource privilege row and returns it /// //////////////////////////////////////////////////////////////////////////////// function getResourcePrivRowHTML($privname, $rownum, $privs, $types, $resourcegroups, $resgroupmembers, $cascadeprivs, $disabled) { global $user; $text = ""; $js = ""; $text .= " \n"; list($grptype, $name, $id) = explode('/', $privname); $text .= " \n"; $text .= " $name\n"; $text .= " \n"; $text .= " $grptype\n"; if($disabled) $disabled = 'disabled=disabled'; else $disabled = ''; # block rights if(array_key_exists($privname, $privs) && in_array("block", $privs[$privname])) { $checked = "checked"; $blocked = 1; } else { $checked = ""; $blocked = 0; } $count = count($types) + 1; $name = "privrow[" . $privname . ":block]"; $text .= " \n"; #cascade rights if(array_key_exists($privname, $privs) && in_array("cascade", $privs[$privname])) $checked = "checked"; else $checked = ""; $name = "privrow[" . $privname . ":cascade]"; $text .= " "; $text .= "\n"; # normal rights $j = 1; foreach($types as $type) { if($type == 'block' || $type == 'cascade') continue; $bgcolor = ""; $checked = ""; $value = ""; $cascaded = 0; if(array_key_exists($privname, $cascadeprivs) && in_array($type, $cascadeprivs[$privname])) { $bgcolor = "bgcolor=\"#008000\""; $checked = "checked"; $value = "value=cascade"; $cascaded = 1; } if(array_key_exists($privname, $privs) && in_array($type, $privs[$privname])) { if($cascaded) { $value = "value=cascadesingle"; } else { $checked = "checked"; $value = "value=single"; } } // if $type is administer, manageGroup, or manageMapping, and it is not # checked, and the user is not in the resource owner group, don't print # the checkbox if(($type == "administer" || $type == "manageGroup" || $type == "manageMapping") && $checked != "checked" && ! array_key_exists($resourcegroups[$id]["ownerid"], $user["groups"])) { $text .= "

\n"; } // if group type is schedule, don't print available or manageMapping checkboxes // if group type is managementnode, don't print available checkbox // if group type is serverprofile, don't print manageMapping checkbox elseif(($grptype == 'schedule' && ($type == 'available' || $type == 'manageMapping')) || ($grptype == 'managementnode' && $type == 'available') || ($grptype == 'serverprofile' && $type == 'manageMapping')) { $text .= "

\n"; } else { $name = "privrow[" . $privname . ":" . $type . "]"; $text .= " "; $text .= "\n"; } $j++; } $text .= " \n"; $count = count($types) + 1; if($blocked) { $js .= "changeCascadedRights(true, $rownum, $count, 0, 0);"; } return array('html' => $text, 'javascript' => $js); } //////////////////////////////////////////////////////////////////////////////// /// /// \fn jsonGetResourceGroupMembers() /// /// \brief accepts a resource group id and dom id and prints a json array with 2 /// elements: members - a
separated string of resource group members, and /// domid - the passed in domid /// //////////////////////////////////////////////////////////////////////////////// function jsonGetResourceGroupMembers() { $resgrpid = processInputVar('groupid', ARG_NUMERIC); $domid = processInputVar('domid', ARG_STRING); $query = "SELECT rt.name " . "FROM resourcegroup rg, " . "resourcetype rt " . "WHERE rg.id = $resgrpid AND " . "rg.resourcetypeid = rt.id"; $qh = doQuery($query, 101); if($row = mysql_fetch_assoc($qh)) { $type = $row['name']; if($type == 'computer' || $type == 'managementnode') $field = 'hostname'; elseif($type == 'image') $field = 'prettyname'; elseif($type == 'schedule') $field = 'name'; elseif($type == 'serverprofile') $field = 'name'; $query = "SELECT t.$field AS item " . "FROM $type t, " . "resource r, " . "resourcegroupmembers rgm " . "WHERE rgm.resourcegroupid = $resgrpid AND " . "rgm.resourceid = r.id AND " . "r.subid = t.id"; $qh = doQuery($query, 101); $members = ''; while($row = mysql_fetch_assoc($qh)) $members .= "{$row['item']}
"; if($members == '') $members = '(empty group)'; $arr = array('members' => $members, 'domid' => $domid); sendJSON($arr); } else { $members = '(failed to lookup members)'; $arr = array('members' => $members, 'domid' => $domid); sendJSON($arr); } } //////////////////////////////////////////////////////////////////////////////// /// /// \fn getNodePrivileges($node, $type, $privs) /// /// \param $node - id of node /// \param $type - (optional) resources, users, usergroups, or all /// \param $privs - (optional) privilege array as returned by this function or /// getNodeCascadePrivileges /// /// \return an array of privileges at the node:\n ///\pre ///Array\n ///(\n /// [resources] => Array\n /// (\n /// )\n /// [users] => Array\n /// (\n /// [userid0] => Array\n /// (\n /// [0] => priv0\n /// ...\n /// [N] => privN\n /// )\n /// ...\n /// [useridN] => Array()\n /// )\n /// [usergroups] => Array\n /// (\n /// [group0] => Array\n /// (\n /// [0] => priv0\n /// ...\n /// [N] => privN\n /// )\n /// ...\n /// [groupN] => Array()\n /// )\n ///) /// /// \brief gets the requested privileges at the specified node /// //////////////////////////////////////////////////////////////////////////////// function getNodePrivileges($node, $type="all", $privs=0) { global $user; $key = getKey(array($node, $type, $privs)); if(array_key_exists($key, $_SESSION['nodeprivileges'])) return $_SESSION['nodeprivileges'][$key]; if(! $privs) $privs = array("resources" => array(), "users" => array(), "usergroups" => array()); static $resourcedata = array(); if(empty($resourcedata)) { $query = "SELECT g.id AS id, " . "p.type AS privtype, " . "g.name AS name, " . "t.name AS type, " . "p.privnodeid " . "FROM resourcepriv p, " . "resourcetype t, " . "resourcegroup g " . "WHERE p.resourcegroupid = g.id AND " . "g.resourcetypeid = t.id " . "ORDER BY p.privnodeid"; $qh = doQuery($query, 350); while($row = mysql_fetch_assoc($qh)) { if(! array_key_exists($row['privnodeid'], $resourcedata)) $resourcedata[$row['privnodeid']] = array(); $resourcedata[$row['privnodeid']][] = $row; } } if($type == "resources" || $type == "all") { if(array_key_exists($node, $resourcedata)) { foreach($resourcedata[$node] as $data) { $name = "{$data["type"]}/{$data["name"]}/{$data["id"]}"; if(! array_key_exists($name, $privs["resources"])) $privs["resources"][$name] = array(); $privs["resources"][$name][] = $data["privtype"]; } } } if($type == "users" || $type == "all") { $query = "SELECT t.name AS name, " . "CONCAT(u.unityid, '@', a.name) AS unityid " . "FROM user u, " . "userpriv up, " . "userprivtype t, " . "affiliation a " . "WHERE up.privnodeid = $node AND " . "up.userprivtypeid = t.id AND " . "up.userid = u.id AND " . "up.userid IS NOT NULL AND " . "u.affiliationid = a.id " . "ORDER BY u.unityid"; $qh = doQuery($query, 351); while($row = mysql_fetch_assoc($qh)) { if(array_key_exists($row["unityid"], $privs["users"])) { array_push($privs["users"][$row["unityid"]], $row["name"]); } else { $privs["users"][$row["unityid"]] = array($row["name"]); } } } if($type == "usergroups" || $type == "all") { $query = "SELECT t.name AS priv, " . "g.name AS groupname, " . "g.affiliationid, " . "a.name AS affiliation, " . "g.id " . "FROM userpriv up, " . "userprivtype t, " . "usergroup g " . "LEFT JOIN affiliation a ON (g.affiliationid = a.id) " . "WHERE up.privnodeid = $node AND " . "up.userprivtypeid = t.id AND " . "up.usergroupid = g.id AND " . "up.usergroupid IS NOT NULL " . "ORDER BY g.name"; $qh = doQuery($query, 352); while($row = mysql_fetch_assoc($qh)) { if(array_key_exists($row["groupname"], $privs["usergroups"])) array_push($privs["usergroups"][$row["groupname"]]['privs'], $row["priv"]); else $privs["usergroups"][$row["groupname"]] = array('id' => $row['id'], 'affiliationid' => $row['affiliationid'], 'affiliation' => $row['affiliation'], 'privs' => array($row['priv'])); } } $_SESSION['nodeprivileges'][$key] = $privs; return $privs; } //////////////////////////////////////////////////////////////////////////////// /// /// \fn getNodeCascadePrivileges($node, $type="all", $privs=0) /// /// \param $node - id of node /// \param $type - (optional) resources, users, usergroups, or all /// \param $privs - (optional) privilege array as returned by this function or /// getNodePrivileges /// /// \return an array of privileges cascaded to the node:\n ///Array\n ///(\n /// [resources] => Array\n /// (\n /// )\n /// [users] => Array\n /// (\n /// [userid0] => Array\n /// (\n /// [0] => priv0\n /// ...\n /// [N] => privN\n /// )\n /// ...\n /// [useridN] => Array()\n /// )\n /// [usergroups] => Array\n /// (\n /// [group0] => Array\n /// (\n /// [0] => priv0\n /// ...\n /// [N] => privN\n /// )\n /// ...\n /// [groupN] => Array()\n /// )\n ///) /// /// \brief gets the requested cascaded privileges for the specified node /// //////////////////////////////////////////////////////////////////////////////// function getNodeCascadePrivileges($node, $type="all", $privs=0) { $key = getKey(array($node, $type, $privs)); if(array_key_exists($key, $_SESSION['cascadenodeprivileges'])) return $_SESSION['cascadenodeprivileges'][$key]; if(! $privs) $privs = array("resources" => array(), "users" => array(), "usergroups" => array()); # get node's parents $nodelist = getParentNodes($node); # get all block data static $allblockdata = array(); if(empty($allblockdata)) { $query = "SELECT g.id, " . "g.name, " . "t.name AS type, " . "p.privnodeid " . "FROM resourcepriv p, " . "resourcetype t, " . "resourcegroup g " . "WHERE p.resourcegroupid = g.id AND " . "g.resourcetypeid = t.id AND " . "p.type = 'block'"; $qh = doQuery($query); while($row = mysql_fetch_assoc($qh)) { if(! array_key_exists($row['privnodeid'], $allblockdata)) $allblockdata[$row['privnodeid']] = array(); # TODO adding the id at the end will fix the bug where blocking cascaded resource # privileges are only blocked at the node and the block is not cascaded to # child nodes $allblockdata[$row['privnodeid']][] = "{$row["type"]}/{$row["name"]}"; #$allblockdata[$row['privnodeid']][] = "{$row["type"]}/{$row["name"]}/{$row['id']}"; } } # get resource group block data $inlist = implode(',', $nodelist); $blockdata = array(); foreach($nodelist as $nodeid) { if(array_key_exists($nodeid, $allblockdata)) $blockdata[$nodeid] = $allblockdata[$nodeid]; } # get all cascade data static $allcascadedata = array(); if(empty($allcascadedata)) { $query = "SELECT g.id AS id, " . "p.type AS privtype, " . "g.name AS name, " . "t.name AS type, " . "p.privnodeid " . "FROM resourcepriv p, " . "resourcetype t, " . "resourcegroup g, " . "resourcepriv p2 " . "WHERE p.resourcegroupid = g.id AND " . "g.resourcetypeid = t.id AND " . "p.type != 'block' AND " . "p.type != 'cascade' AND " . "p.resourcegroupid = p2.resourcegroupid AND " . "p.privnodeid = p2.privnodeid AND " . "p2.type = 'cascade'"; $qh = doQuery($query); while($row = mysql_fetch_assoc($qh)) { if(! array_key_exists($row['privnodeid'], $allcascadedata)) $allcascadedata[$row['privnodeid']] = array(); $allcascadedata[$row['privnodeid']][] = array('name' => "{$row["type"]}/{$row["name"]}/{$row["id"]}", 'type' => $row['privtype']); } } # get all privs for users with cascaded privs $cascadedata = array(); foreach($nodelist as $nodeid) { if(array_key_exists($nodeid, $allcascadedata)) $cascadedata[$nodeid] = $allcascadedata[$nodeid]; } if($type == "resources" || $type == "all") { $mynodelist = $nodelist; # loop through each node, starting at the root while(count($mynodelist)) { $node = array_pop($mynodelist); # get all resource groups with block set at this node and remove any cascaded privs if(array_key_exists($node, $blockdata)) { foreach($blockdata[$node] as $name) unset($privs["resources"][$name]); } # get all privs for users with cascaded privs if(array_key_exists($node, $cascadedata)) { foreach($cascadedata[$node] as $data) { if(! array_key_exists($data['name'], $privs["resources"])) $privs["resources"][$data['name']] = array(); $privs["resources"][$data['name']][] = $data["type"]; } } } } if($type == "users" || $type == "all") { $mynodelist = $nodelist; # loop through each node, starting at the root while(count($mynodelist)) { $node = array_pop($mynodelist); # get all users with block set at this node and remove any cascaded privs $query = "SELECT CONCAT(u.unityid, '@', a.name) AS unityid " . "FROM user u, " . "userpriv up, " . "userprivtype t, " . "affiliation a " . "WHERE up.privnodeid = $node AND " . "up.userprivtypeid = t.id AND " . "up.userid = u.id AND " . "up.userid IS NOT NULL AND " . "t.name = 'block' AND " . "u.affiliationid = a.id"; $qh = doQuery($query, 355); while($row = mysql_fetch_assoc($qh)) { unset($privs["users"][$row["unityid"]]); } # get all privs for users with cascaded privs $query = "SELECT t.name AS name, " . "CONCAT(u.unityid, '@', a.name) AS unityid " . "FROM user u, " . "userpriv up, " . "userprivtype t, " . "affiliation a " . "WHERE up.privnodeid = $node AND " . "up.userprivtypeid = t.id AND " . "up.userid = u.id AND " . "u.affiliationid = a.id AND " . "up.userid IS NOT NULL AND " . "t.name != 'cascade' AND " . "t.name != 'block' AND " . "up.userid IN (SELECT up.userid " . "FROM userpriv up, " . "userprivtype t " . "WHERE up.userprivtypeid = t.id AND " . "t.name = 'cascade' AND " . "up.privnodeid = $node) " . "ORDER BY u.unityid"; $qh = doQuery($query, 356); while($row = mysql_fetch_assoc($qh)) { // if we've already seen this user, add it to the user's privs if(array_key_exists($row["unityid"], $privs["users"])) { array_push($privs["users"][$row["unityid"]], $row["name"]); } // if we haven't seen this user, create an array containing this priv else { $privs["users"][$row["unityid"]] = array($row["name"]); } } } } if($type == "usergroups" || $type == "all") { $mynodelist = $nodelist; # loop through each node, starting at the root while(count($mynodelist)) { $node = array_pop($mynodelist); # get all groups with block set at this node and remove any cascaded privs $query = "SELECT g.name AS groupname " . "FROM usergroup g, " . "userpriv up, " . "userprivtype t " . "WHERE up.privnodeid = $node AND " . "up.userprivtypeid = t.id AND " . "up.usergroupid = g.id AND " . "up.usergroupid IS NOT NULL AND " . "t.name = 'block'"; $qh = doQuery($query, 357); while($row = mysql_fetch_assoc($qh)) { unset($privs["usergroups"][$row["groupname"]]); } # get all privs for groups with cascaded privs $query = "SELECT t.name AS priv, " . "g.name AS groupname, " . "g.affiliationid, " . "a.name AS affiliation, " . "g.id " . "FROM userpriv up, " . "userprivtype t, " . "usergroup g " . "LEFT JOIN affiliation a ON (g.affiliationid = a.id) " . "WHERE up.privnodeid = $node AND " . "up.userprivtypeid = t.id AND " . "up.usergroupid = g.id AND " . "up.usergroupid IS NOT NULL AND " . "t.name != 'cascade' AND " . "t.name != 'block' AND " . "up.usergroupid IN (SELECT up.usergroupid " . "FROM userpriv up, " . "userprivtype t " . "WHERE up.userprivtypeid = t.id AND " . "t.name = 'cascade' AND " . "up.privnodeid = $node) " . "ORDER BY g.name"; $qh = doQuery($query, 358); while($row = mysql_fetch_assoc($qh)) { // if we've already seen this group, add it to the user's privs if(array_key_exists($row["groupname"], $privs["usergroups"])) array_push($privs["usergroups"][$row["groupname"]]['privs'], $row["priv"]); // if we haven't seen this group, create an array containing this priv else $privs["usergroups"][$row["groupname"]] = array('id' => $row['id'], 'affiliationid' => $row['affiliationid'], 'affiliation' => $row['affiliation'], 'privs' => array($row['priv'])); } } } $_SESSION['cascadenodeprivileges'][$key] = $privs; return $privs; } //////////////////////////////////////////////////////////////////////////////// /// /// \fn AJchangeUserPrivs() /// /// \brief processes input for changes in users' privileges at a specific node, /// submits the changes to the database /// //////////////////////////////////////////////////////////////////////////////// function AJchangeUserPrivs() { global $user; $node = processInputVar("activeNode", ARG_NUMERIC); if(! checkUserHasPriv("userGrant", $user["id"], $node)) { $text = "You do not have rights to modify user privileges at this node."; print "alert('$text');"; return; } $newuser = processInputVar("item", ARG_STRING); $newpriv = processInputVar('priv', ARG_STRING); $newprivval = processInputVar('value', ARG_STRING); if(! validateUserid($newuser)) { $text = "Invalid user submitted."; print "alert('$text');"; return; } $privid = getUserPrivTypeID($newpriv); if(is_null($privid)) { $text = "Invalid user privilege submitted."; print "alert('$text');"; return; } # get cascade privs at this node $cascadePrivs = getNodeCascadePrivileges($node, "users"); if($newprivval == 'true') { // if $newuser already has $newpriv cascaded to it, do nothing if(array_key_exists($newuser, $cascadePrivs['users']) && in_array($newpriv, $cascadePrivs['users'][$newuser])) return; // add priv $adds = array($newpriv); $removes = array(); } else { // remove priv $adds = array(); $removes = array($newpriv); } updateUserOrGroupPrivs($newuser, $node, $adds, $removes, "user"); $_SESSION['dirtyprivs'] = 1; } //////////////////////////////////////////////////////////////////////////////// /// /// \fn AJchangeUserGroupPrivs() /// /// \brief processes input for changes in user group privileges at a specific /// node, submits the changes to the database and calls viewNodes /// //////////////////////////////////////////////////////////////////////////////// function AJchangeUserGroupPrivs() { global $user; $node = processInputVar("activeNode", ARG_NUMERIC); if(! checkUserHasPriv("userGrant", $user["id"], $node)) { $text = "You do not have rights to modify user privileges at this node."; print "alert('$text');"; return; } $newusergrpid = processInputVar("item", ARG_NUMERIC); $newpriv = processInputVar('priv', ARG_STRING); $newprivval = processInputVar('value', ARG_STRING); $newusergrp = getUserGroupName($newusergrpid); if($newusergrp === 0) { $text = "Invalid user group submitted."; print "alert('$text');"; return; } $privid = getUserPrivTypeID($newpriv); if(is_null($privid)) { $text = "Invalid user privilege submitted."; print "alert('$text');"; return; } # get cascade privs at this node $cascadePrivs = getNodeCascadePrivileges($node, "usergroups"); if($newprivval == 'true') { // if $newusergrp already has $newpriv cascaded to it, do nothing if(array_key_exists($newusergrp, $cascadePrivs['usergroups']) && in_array($newpriv, $cascadePrivs['usergroups'][$newusergrp]['privs'])) return; // add priv $adds = array($newpriv); $removes = array(); } else { // remove priv $adds = array(); $removes = array($newpriv); } updateUserOrGroupPrivs($newusergrpid, $node, $adds, $removes, "group"); $_SESSION['dirtyprivs'] = 1; } //////////////////////////////////////////////////////////////////////////////// /// /// \fn AJchangeResourcePrivs() /// /// \brief processes input for changes in resource group privileges at a /// specific node and submits the changes to the database /// //////////////////////////////////////////////////////////////////////////////// function AJchangeResourcePrivs() { global $user; $node = processInputVar("activeNode", ARG_NUMERIC); if(! checkUserHasPriv("resourceGrant", $user["id"], $node)) { $text = "You do not have rights to modify resource privileges at this node."; print "alert('$text');"; return; } $resourcegrp = processInputVar("item", ARG_STRING); $newpriv = processInputVar('priv', ARG_STRING); $newprivval = processInputVar('value', ARG_STRING); $allprivs = getResourcePrivs(); if(! in_array($newpriv, $allprivs)) { $text = "Invalid resource privilege submitted."; print "alert('$text');"; return; } $resourcetypes = getTypes('resources'); $types = implode('|', $resourcetypes['resources']); if(! preg_match("@($types)/([^/]+)/([0-9]+)@", $resourcegrp, $matches)) { $text = "Invalid resource group submitted."; print "alert('$text');"; return; } $type = $matches[1]; $groupid = $matches[3]; $groupdata = getResourceGroups($type, $groupid); if(empty($groupdata)) { $text = "Invalid resource group submitted."; print "alert('$text');"; return; } // if $type is administer, manageGroup, or manageMapping, and it is not # checked, and the user is not in the resource owner group, don't allow # the change if($newpriv != "block" && $newpriv != "cascade" && $newpriv != "available" && ! array_key_exists($groupdata[$groupid]["ownerid"], $user["groups"])) { $text = "You do not have rights to modify the submitted privilege for the submitted group."; print "alert('$text');"; return; } # get cascade privs at this node $cascadePrivs = getNodeCascadePrivileges($node, "resources"); if($newprivval == 'true') { // if $resourcegrp already has $newpriv cascaded to it, do nothing if(array_key_exists($resourcegrp, $cascadePrivs['resources']) && in_array($newpriv, $cascadePrivs['resources'][$resourcegrp])) return; // add priv $adds = array($newpriv); $removes = array(); } else { // remove priv $adds = array(); $removes = array($newpriv); } updateResourcePrivs($groupid, $node, $adds, $removes); $_SESSION['dirtyprivs'] = 1; } //////////////////////////////////////////////////////////////////////////////// /// /// \fn AJsubmitAddUserPriv() /// /// \brief processes input for adding privileges to a node for a user; adds the /// privileges /// //////////////////////////////////////////////////////////////////////////////// function AJsubmitAddUserPriv() { global $user; $node = processInputVar("activeNode", ARG_NUMERIC); if(! checkUserHasPriv("userGrant", $user["id"], $node)) { $text = "You do not have rights to add new users at this node."; print "addUserPaneHide(); "; print "alert('$text');"; return; } $newuser = processInputVar("newuser", ARG_STRING); if(! validateUserid($newuser)) { $text = "$newuser is not a valid userid"; print setAttribute('addUserPrivStatus', 'innerHTML', $text); return; } $perms = explode(':', processInputVar('perms', ARG_STRING)); $usertypes = getTypes("users"); array_push($usertypes["users"], "block"); array_push($usertypes["users"], "cascade"); $newuserprivs = array(); foreach($usertypes["users"] as $type) { if(in_array($type, $perms)) array_push($newuserprivs, $type); } if(empty($newuserprivs) || (count($newuserprivs) == 1 && in_array("cascade", $newuserprivs))) { $text = "No user privileges were specified"; print setAttribute('addUserPrivStatus', 'innerHTML', $text); return; } updateUserOrGroupPrivs($newuser, $node, $newuserprivs, array(), "user"); clearPrivCache(); print "refreshPerms(); "; print "addUserPaneHide(); "; } //////////////////////////////////////////////////////////////////////////////// /// /// \fn AJsubmitAddUserGroupPriv() /// /// \brief processes input for adding privileges to a node for a user group; /// adds the privileges; calls viewNodes /// //////////////////////////////////////////////////////////////////////////////// function AJsubmitAddUserGroupPriv() { global $user; $node = processInputVar("activeNode", ARG_NUMERIC); if(! checkUserHasPriv("userGrant", $user["id"], $node)) { $text = "You do not have rights to add new user groups at this node."; print "addUserGroupPaneHide(); "; print "alert('$text');"; return; } $newgroupid = processInputVar("newgroupid", ARG_NUMERIC); $newgroup = getUserGroupName($newgroupid); if($newgroup === 0) { $text = "Invalid user group submitted."; print "alert('$text');"; return; } $perms = explode(':', processInputVar('perms', ARG_STRING)); $usertypes = getTypes("users"); array_push($usertypes["users"], "block"); array_push($usertypes["users"], "cascade"); $newgroupprivs = array(); foreach($usertypes["users"] as $type) { if(in_array($type, $perms)) array_push($newgroupprivs, $type); } if(empty($newgroupprivs) || (count($newgroupprivs) == 1 && in_array("cascade", $newgroupprivs))) { $text = "No user group privileges were specified"; print setAttribute('addUserGroupPrivStatus', 'innerHTML', $text); return; } updateUserOrGroupPrivs($newgroupid, $node, $newgroupprivs, array(), "group"); clearPrivCache(); print "refreshPerms(); "; print "addUserGroupPaneHide(); "; } //////////////////////////////////////////////////////////////////////////////// /// /// \fn AJsubmitAddResourcePriv() /// /// \brief processes input for adding privileges to a node for a resource group; /// adds the privileges /// //////////////////////////////////////////////////////////////////////////////// function AJsubmitAddResourcePriv() { global $user; $node = processInputVar("activeNode", ARG_NUMERIC); if(! checkUserHasPriv("resourceGrant", $user["id"], $node)) { $text = "You do not have rights to add new resource groups at this node."; print "addResourceGroupPaneHide(); "; print "alert('$text');"; return; } $newgroupid = processInputVar("newgroupid", ARG_NUMERIC); $privs = array("computerAdmin", "mgmtNodeAdmin", "imageAdmin", "scheduleAdmin", "serverProfileAdmin"); $resourcegroups = getUserResources($privs, array("manageGroup"), 1); $groupdata = getResourceGroups('', $newgroupid); if(empty($groupdata)) { $text = "Invalid resource group submitted."; print "addResourceGroupPaneHide(); "; print "alert('$text');"; return; } list($newtype, $tmp) = explode('/', $groupdata[$newgroupid]['name']); if(! array_key_exists($newgroupid, $resourcegroups[$newtype])) { $text = "You do not have rights to manage the specified resource group."; print "addResourceGroupPaneHide(); "; print "alert('$text');"; return; } $perms = explode(':', processInputVar('perms', ARG_STRING)); $privtypes = getResourcePrivs(); $newgroupprivs = array(); foreach($privtypes as $type) { if(in_array($type, $perms)) array_push($newgroupprivs, $type); } if(empty($newgroupprivs) || (count($newgroupprivs) == 1 && in_array("cascade", $newgroupprivs))) { $text = "No resource group privileges were specified"; print setAttribute('addResourceGroupPrivStatus', 'innerHTML', $text); return; } updateResourcePrivs($newgroupid, $node, $newgroupprivs, array()); clearPrivCache(); print "refreshPerms(); "; print "addResourceGroupPaneHide(); "; } //////////////////////////////////////////////////////////////////////////////// /// /// \fn checkUserHasPriv($priv, $uid, $node, $privs, /// $cascadePrivs) /// /// \param $priv - privilege to check for /// \param $uid - numeric id of user /// \param $node - id of node /// \param $privs - (optional) privileges at node /// \param $cascadePrivs - (optional) privileges cascaded to node /// /// \return 1 if the user has $priv at $node, 0 if not /// /// \brief checks to see if the user has $priv at $node; if $privs /// and $cascadePrivs are not passed in, they are looked up for $node /// //////////////////////////////////////////////////////////////////////////////// function checkUserHasPriv($priv, $uid, $node, $privs=0, $cascadePrivs=0) { global $user; $key = getKey(array($priv, $uid, $node, $privs, $cascadePrivs)); if(array_key_exists($key, $_SESSION['userhaspriv'])) return $_SESSION['userhaspriv'][$key]; if($user["id"] != $uid) { $_user = getUserInfo($uid, 0, 1); if(is_null($user)) return 0; } else $_user = $user; $affilUserid = "{$_user['unityid']}@{$_user['affiliation']}"; if(! is_array($privs)) { $privs = getNodePrivileges($node, 'users'); $privs = getNodePrivileges($node, 'usergroups', $privs); } if(! is_array($cascadePrivs)) { $cascadePrivs = getNodeCascadePrivileges($node, 'users'); $cascadePrivs = getNodeCascadePrivileges($node, 'usergroups', $cascadePrivs); } // if user (has $priv at this node) || # (has cascaded $priv && ! have block at this node) return 1 if((array_key_exists($affilUserid, $privs["users"]) && in_array($priv, $privs["users"][$affilUserid])) || ((array_key_exists($affilUserid, $cascadePrivs["users"]) && in_array($priv, $cascadePrivs["users"][$affilUserid])) && (! array_key_exists($affilUserid, $privs["users"]) || ! in_array("block", $privs["users"][$affilUserid])))) { $_SESSION['userhaspriv'][$key] = 1; return 1; } foreach($_user["groups"] as $groupid => $groupname) { // if group (has $priv at this node) || # (has cascaded $priv && ! have block at this node) return 1 if((array_key_exists($groupname, $privs["usergroups"]) && $groupid == $privs['usergroups'][$groupname]['id'] && in_array($priv, $privs["usergroups"][$groupname]['privs'])) || ((array_key_exists($groupname, $cascadePrivs["usergroups"]) && $groupid == $cascadePrivs['usergroups'][$groupname]['id'] && in_array($priv, $cascadePrivs["usergroups"][$groupname]['privs'])) && (! array_key_exists($groupname, $privs["usergroups"]) || (! in_array("block", $privs["usergroups"][$groupname]['privs']) && $groupid == $privs['usergroups'][$groupname]['id'])))) { $_SESSION['userhaspriv'][$key] = 1; return 1; } } $_SESSION['userhaspriv'][$key] = 0; return 0; } //////////////////////////////////////////////////////////////////////////////// /// /// \fn AJpermSelectUserGroup() /// /// \brief gets permissions granted to a user group and sends it in JSON format /// //////////////////////////////////////////////////////////////////////////////// function AJpermSelectUserGroup() { global $user; $groups = getUserGroups(0, $user['affiliationid']); $groupid = processInputVar('groupid', ARG_NUMERIC); if(! array_key_exists($groupid, $groups)) { sendJSON(array('failed' => 'noaccess')); return; } $permdata = getUserGroupPrivs($groupid); $perms = array(); foreach($permdata as $perm) $perms[] = $perm['permid']; sendJSON(array('perms' => $perms)); } //////////////////////////////////////////////////////////////////////////////// /// /// \fn AJsaveUserGroupPrivs() /// /// \brief saves submitted permissions for user group /// //////////////////////////////////////////////////////////////////////////////// function AJsaveUserGroupPrivs() { global $user; $groups = getUserGroups(0, $user['affiliationid']); $groupid = processInputVar('groupid', ARG_NUMERIC); if(! array_key_exists($groupid, $groups)) { sendJSON(array('failed' => 'noaccess')); return; } $permids = processInputVar('permids', ARG_STRING); if(! preg_match('/^[0-9,]*$/', $permids)) { sendJSON(array('failed' => 'invalid input')); return; } $perms = explode(',', $permids); $query = "DELETE FROM usergrouppriv WHERE usergroupid = $groupid"; doQuery($query, 101); if(empty($perms[0])) { sendJSON(array('success' => 1)); return; } $values = array(); foreach($perms as $permid) $values[] = "($groupid, $permid)"; $allvals = implode(',', $values); $query = "INSERT INTO usergrouppriv " . "(usergroupid, " . "userprivtypeid) " . "VALUES $allvals"; doQuery($query, 101); sendJSON(array('success' => 1)); $_SESSION['user']["groupperms"] = getUsersGroupPerms(array_keys($user['groups'])); } ?>