\n";
print "There are additional permisssions that can be assigned to user \n";
print "groups that are not specific to any nodes in the privilege tree. \n";
print "Use this portion of the site to manage those permissions.
";
$text .= "";
$return .= setAttribute('resourcesDiv', 'innerHTML', $text);
$return .= "AJdojoCreate('resourcesDiv');";
print $return;
print $js;
}
////////////////////////////////////////////////////////////////////////////////
///
/// \fn JSONprivnodelist()
///
/// \brief prints a json list of privilege nodes
///
////////////////////////////////////////////////////////////////////////////////
function JSONprivnodelist() {
$nodes = getChildNodes();
$data = JSONprivnodelist2($nodes);
header('Content-Type: text/json; charset=utf-8');
$data = "{} && {label:'display',identifier:'name',items:[$data]}";
print $data;
}
////////////////////////////////////////////////////////////////////////////////
///
/// \fn JSONprivnodelist2($nodelist)
///
/// \param $nodelist - an array of nodes as returned from getChildNodes
///
/// \return partial json data to build list for JSONprivnodelist
///
/// \brief sub function for JSONprivnodelist to help build json node data
///
////////////////////////////////////////////////////////////////////////////////
function JSONprivnodelist2($nodelist) {
$data = '';
foreach(array_keys($nodelist) as $id) {
$data .= "{name:'$id', display:'{$nodelist[$id]['name']}' ";
$children = getChildNodes($id);
if(count($children))
$data .= ", children: [ " . JSONprivnodelist2($children) . "]},";
else
$data .= "},";
}
$data = rtrim($data, ',');
return $data;
}
////////////////////////////////////////////////////////////////////////////////
///
/// \fn AJsubmitAddChildNode()
///
/// \brief processes input for adding a child node; if all is ok, adds node
/// to privnode table; checks to see if submitting user has nodeAdmin,
/// userGrant, and resourceGrant cascaded to the node; adds any of the privs
/// that aren't cascaded; calls viewNodes when finished
///
////////////////////////////////////////////////////////////////////////////////
function AJsubmitAddChildNode() {
global $user;
$parent = processInputVar("activeNode", ARG_NUMERIC);
if(! checkUserHasPriv("nodeAdmin", $user["id"], $parent)) {
$text = "You do not have rights to add children to this node.";
print "dojo.byId('childNodeName').value = ''; ";
print "dijit.byId('addNodePane').hide(); ";
print "alert('$text');";
return;
}
$newnode = processInputVar("newnode", ARG_STRING);
$errmsg = '';
if(! validateNodeName($newnode, $errmsg)) {
print "dojo.byId('addChildNodeStatus').innerHTML = '$errmsg';";
return;
}
$nodeInfo = getNodeInfo($parent);
# check to see if a node with the submitted name already exists
$query = "SELECT id "
. "FROM privnode "
. "WHERE name = '$newnode' AND "
. "parent = $parent";
$qh = doQuery($query, 335);
if(mysql_num_rows($qh)) {
$text = "A node of that name already exists "
. "under " . $nodeInfo["name"];
print "dojo.byId('addChildNodeStatus').innerHTML = '$text';";
return;
}
$query = "INSERT INTO privnode "
. "(parent, "
. "name) "
. "VALUES "
. "($parent, "
. "'$newnode')";
doQuery($query, 336);
$qh = doQuery("SELECT LAST_INSERT_ID() FROM privnode", 101);
if(! $row = mysql_fetch_row($qh))
abort(101);
$nodeid = $row[0];
$privs = array();
foreach(array("nodeAdmin", "userGrant", "resourceGrant") as $type) {
if(! checkUserHasPriv($type, $user["id"], $nodeid))
array_push($privs, $type);
}
if(count($privs)) {
array_push($privs, "cascade");
updateUserOrGroupPrivs($user["id"], $nodeid, $privs, array(), "user");
}
print "addChildNode('$newnode', $nodeid);";
}
////////////////////////////////////////////////////////////////////////////////
///
/// \fn nodeExists($node)
///
/// \param $node - the id of a node
///
/// \return 1 if exists, 0 if not
///
/// \brief checks to see if $node exists
///
////////////////////////////////////////////////////////////////////////////////
function nodeExists($node) {
$query = "SELECT id FROM privnode WHERE id = $node";
$qh = doQuery($query, 101);
if(mysql_num_rows($qh))
return 1;
else
return 0;
}
////////////////////////////////////////////////////////////////////////////////
///
/// \fn validateNodeName($name, &$errmsg)
///
/// \param $name - name for a node
/// \param $errmsg - variable into which an error message will be placed if
/// $name is not valid
///
/// \return 1 if name is okay, 0 if not; if 0, $errmsg is populated with an
/// error message
///
/// \brief validates that a name for a node is okay
///
////////////////////////////////////////////////////////////////////////////////
function validateNodeName($name, &$errmsg) {
if(preg_match('/^[-A-Za-z0-9_\. ]+$/', $name))
return 1;
$errmsg = "Node names can only contain letters, numbers, spaces, dashes(-), dots(.), and underscores(_).";
return 0;
}
////////////////////////////////////////////////////////////////////////////////
///
/// \fn AJsubmitDeleteNode()
///
/// \brief deletes a node and its children; calls viewNodes when finished
///
////////////////////////////////////////////////////////////////////////////////
function AJsubmitDeleteNode() {
global $user;
$activeNode = processInputVar("activeNode", ARG_NUMERIC);
if(empty($activeNode))
return;
if(! checkUserHasPriv("nodeAdmin", $user["id"], $activeNode)) {
$text = "You do not have rights to delete this node.";
print "alert('$text');";
return;
}
clearPrivCache();
$nodes = recurseGetChildren($activeNode);
$parents = getParentNodes($activeNode);
$parent = $parents[0];
array_push($nodes, $activeNode);
$deleteNodes = implode(',', $nodes);
$query = "DELETE FROM privnode "
. "WHERE id IN ($deleteNodes)";
doQuery($query, 345);
print "setSelectedPrivNode('$parent'); ";
print "removeNodesFromTree('$activeNode'); ";
print "dijit.byId('deleteDialog').hide(); ";
print "var workingobj = dijit.byId('workingDialog'); ";
print "dojo.connect(workingobj._fadeOut, 'onEnd', dijit.byId('deleteDialog'), 'hide'); ";
}
////////////////////////////////////////////////////////////////////////////////
///
/// \fn AJsubmitRenameNode()
///
/// \brief deletes a node and its children; calls viewNodes when finished
///
////////////////////////////////////////////////////////////////////////////////
function AJsubmitRenameNode() {
global $user;
$activeNode = processInputVar("activeNode", ARG_NUMERIC);
if(empty($activeNode))
return;
if(! checkUserHasPriv("nodeAdmin", $user["id"], $activeNode)) {
$msg = "You do not have rights to rename this node.";
$arr = array('error' => 1, 'message' => $msg);
sendJSON($arr);
return;
}
$newname = processInputVar('newname', ARG_STRING);
$errmsg = '';
if(! validateNodeName($newname, $errmsg)) {
$arr = array('error' => 2, 'message' => $errmsg);
sendJSON($arr);
return;
}
# check if node matching new name already exists at parent
$_newname = mysql_real_escape_string($newname);
$query = "SELECT id "
. "FROM privnode "
. "WHERE parent = (SELECT parent FROM privnode WHERE id = $activeNode) AND "
. "name = '$_newname'";
$qh = doQuery($query, 101);
if(mysql_num_rows($qh)) {
$msg = "A sibling node of that name currently exists";
$arr = array('error' => 2, 'message' => $msg);
sendJSON($arr);
return;
}
$query = "UPDATE privnode "
. "SET name = '$_newname' "
. "WHERE id = $activeNode";
doQuery($query, 101);
$arr = array('newname' => $newname, 'node' => $activeNode);
sendJSON($arr);
}
////////////////////////////////////////////////////////////////////////////////
///
/// \fn userLookup()
///
/// \brief prints a page to display a user's privileges
///
////////////////////////////////////////////////////////////////////////////////
function userLookup() {
global $user;
$userid = processInputVar("userid", ARG_STRING);
$force = processInputVar('force', ARG_NUMERIC, 0);
print "
\n";
print "
User Lookup
\n";
print "\n";
if(! empty($userid)) {
$loginid = $userid;
getAffilidAndLogin($loginid, $affilid);
if(empty($affilid)) {
print "specified affiliation is unknown \n";
return;
}
if(! checkUserHasPerm('User Lookup (global)') &&
$user['affiliationid'] != $affilid) {
print "You are only allowed to look up users from your own affiliation. \n";
return;
}
$query = "SELECT id "
. "FROM user "
. "WHERE unityid = '$loginid' AND "
. "affiliationid = $affilid";
$qh = doQuery($query, 101);
if(! mysql_num_rows($qh))
print "$userid not currently found in VCL user database, will try to add... \n";
elseif($force) {
$row = mysql_fetch_assoc($qh);
$newtime = unixToDatetime(time() - SECINDAY - 5);
$query = "UPDATE user SET lastupdated = '$newtime' WHERE id = {$row['id']}";
doQuery($query, 101);
}
$userdata = getUserInfo($userid);
if(is_null($userdata)) {
$userdata = getUserInfo($userid, 1);
if(is_null($userdata)) {
print "$userid not found in any known systems \n";
return;
}
}
print "
\n";
}
else
print "User made no reservations in the past week. \n";
}
print "
\n";
}
////////////////////////////////////////////////////////////////////////////////
///
/// \fn recurseGetChildren($node)
///
/// \param $node - a node id
///
/// \return an array of nodes that are children of $node
///
/// \brief foreach child node of $node, adds it to an array and calls
/// self to add that child's children
///
////////////////////////////////////////////////////////////////////////////////
function recurseGetChildren($node) {
$children = array();
$qh = doQuery("SELECT id FROM privnode WHERE parent = $node", 340);
while($row = mysql_fetch_row($qh)) {
array_push($children, $row[0]);
$children = array_merge($children, recurseGetChildren($row[0]));
}
return $children;
}
////////////////////////////////////////////////////////////////////////////////
///
/// \fn printUserPrivRow($privname, $rownum, $privs, $types,
/// $cascadeprivs, $usergroup, $disabled)
///
/// \param $privname - privilege name
/// \param $rownum - number of the privilege row on this page
/// \param $privs - an array of user's privileges
/// \param $types - an array of privilege types
/// \param $cascadeprivs - an array of user's cascaded privileges
/// \param $usergroup - 'user' if this is a user row, or 'group' if this is a
/// group row
/// \param $disabled - 0 or 1; whether or not the checkboxes should be disabled
///
/// \brief prints a table row for this $privname
///
////////////////////////////////////////////////////////////////////////////////
function printUserPrivRow($privname, $rownum, $privs, $types,
$cascadeprivs, $usergroup, $disabled) {
$allprivs = $cascadeprivs + $privs;
print "
\n";
$count = count($types) + 1;
if($blocked) {
print "\n";
}
}
////////////////////////////////////////////////////////////////////////////////
///
/// \fn getUserPrivRowHTML($privname, $rownum, $privs, $types,
/// $cascadeprivs, $usergroup, $disabled)
///
/// \param $privname - privilege name
/// \param $rownum - number of the privilege row on this page
/// \param $privs - an array of user's privileges
/// \param $types - an array of privilege types
/// \param $cascadeprivs - an array of user's cascaded privileges
/// \param $usergroup - 'user' if this is a user row, or 'group' if this is a
/// group row
/// \param $disabled - 0 or 1; whether or not the checkboxes should be disabled
///
/// \return a string of HTML code for a user privilege row
///
/// \brief creates HTML for a user privilege row and returns it
///
////////////////////////////////////////////////////////////////////////////////
function getUserPrivRowHTML($privname, $rownum, $privs, $types,
$cascadeprivs, $usergroup, $disabled) {
$allprivs = $cascadeprivs + $privs;
$text = "";
$js = "";
$text .= "
\n";
# normal rights
$j = 1;
foreach($types as $type) {
if($type == 'block' || $type == 'cascade')
continue;
$bgcolor = "";
$checked = "";
$value = "";
$cascaded = 0;
if(array_key_exists($privname, $cascadeprivs) &&
in_array($type, $cascadeprivs[$privname])) {
$bgcolor = "bgcolor=\"#008000\"";
$checked = "checked";
$value = "value=cascade";
$cascaded = 1;
}
if(array_key_exists($privname, $privs) &&
in_array($type, $privs[$privname])) {
if($cascaded) {
$value = "value=cascadesingle";
}
else {
$checked = "checked";
$value = "value=single";
}
}
// if $type is administer, manageGroup, or manageMapping, and it is not
# checked, and the user is not in the resource owner group, don't print
# the checkbox
if(($type == "administer" || $type == "manageGroup" || $type == "manageMapping") &&
$checked != "checked" &&
! array_key_exists($resourcegroups[$id]["ownerid"], $user["groups"])) {
$text .= "
\n";
}
// if group type is schedule, don't print available or manageMapping checkboxes
// if group type is managementnode, don't print available checkbox
elseif(($grptype == 'schedule' && ($type == 'available' || $type == 'manageMapping')) ||
($grptype == 'managementnode' && $type == 'available')) {
$text .= "