Privilege Tree\n"; $cont = addContinuationsEntry('JSONprivnodelist'); print "

\n"; print "

\n"; #print " \n"; #print " \n"; print " \n"; print " \n"; print " \n"; print "

\n"; print "

\n"; if($hasNodeAdmin) { print "\n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print "

\n"; } print "

\n"; $cont = addContinuationsEntry('selectNode'); print "\n"; # privileges print "

Privileges at Selected Node

\n"; $node = $activeNode; $nodeInfo = getNodeInfo($node); $privs = getNodePrivileges($node); $cascadePrivs = getNodeCascadePrivileges($node); $usertypes = getTypes("users"); $i = 0; $hasUserGrant = checkUserHasPriv("userGrant", $user["id"], $node, $privs, $cascadePrivs); $hasResourceGrant = checkUserHasPriv("resourceGrant", $user["id"], $node, $privs, $cascadePrivs); print "

\n"; # users print "\n"; print "

\n"; print "

Users

\n"; print "

\n"; $users = array(); if(count($privs["users"]) || count($cascadePrivs["users"])) { print "\n"; print " \n"; print " \n"; print " \n"; print " \n"; foreach($usertypes["users"] as $type) { $img = getImageText($type); print " \n"; } print " \n"; $users = array_unique(array_merge(array_keys($privs["users"]), array_keys($cascadePrivs["users"]))); sort($users); foreach($users as $_user) { printUserPrivRow($_user, $i, $privs["users"], $usertypes["users"], $cascadePrivs["users"], 'user', ! $hasUserGrant); $i++; } print "

	Block Cascaded Rights	Cascade to Child Nodes	$img

\n"; print "\n"; if($hasUserGrant) { $cont = addContinuationsEntry('AJchangeUserPrivs'); print "\n"; } } else { print "There are no user privileges at the selected node.
\n"; } if($hasUserGrant) { print "\n"; } print "

\n"; print "

\n"; # groups print "\n"; print "

\n"; print "

User Groups

\n"; if(count($privs["usergroups"]) || count($cascadePrivs["usergroups"])) { print "

\n"; print ""; print "\n"; print " \n"; print " \n"; print " \n"; print " \n"; foreach($usertypes["users"] as $type) { $img = getImageText($type); print " \n"; } print " \n"; $groups = array_unique(array_merge(array_keys($privs["usergroups"]), array_keys($cascadePrivs["usergroups"]))); sort($groups); foreach($groups as $group) { printUserPrivRow($group, $i, $privs["usergroups"], $usertypes["users"], $cascadePrivs["usergroups"], 'group', ! $hasUserGrant); $i++; } print "

	Block Cascaded Rights	Cascade to Child Nodes	$img

\n"; print ""; if($hasUserGrant) { $cont = addContinuationsEntry('AJchangeUserGroupPrivs'); print "\n"; } $cont = addContinuationsEntry('jsonGetUserGroupMembers'); print "\n"; } else { print "There are no user group privileges at the selected node.
\n"; $groups = array(); } if($hasUserGrant) { print "\n"; } print "

\n"; print "

\n"; # resources $resourcetypes = array("available", "administer", "manageGroup"); print "\n"; print "

\n"; print "

Resources

\n"; print "

\n"; if(count($privs["resources"]) || count($cascadePrivs["resources"])) { print "\n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; foreach($resourcetypes as $type) { $img = getImageText("$type"); print " \n"; } print " \n"; $resources = array_unique(array_merge(array_keys($privs["resources"]), array_keys($cascadePrivs["resources"]))); sort($resources); $resourcegroups = getResourceGroups(); $resgroupmembers = getResourceGroupMembers(); foreach($resources as $resource) { printResourcePrivRow($resource, $i, $privs["resources"], $resourcetypes, $resourcegroups, $resgroupmembers, $cascadePrivs["resources"], ! $hasResourceGrant); $i++; } print "

Group Name	Group Type	Block Cascaded Rights	Cascade to Child Nodes	$img

\n"; if($hasResourceGrant) { $cont = addContinuationsEntry('AJchangeResourcePrivs'); print "\n"; } $cont = addContinuationsEntry('jsonGetResourceGroupMembers'); print "\n"; } else { print "There are no resource group privileges at the selected node.
\n"; $resources = array(); } if($hasResourceGrant) { print "\n"; } print "

\n"; print "

\n"; # ----------------------------- dialogs ---------------------------- print "

\n"; print " \n"; print "

Add User

\n"; print "

\n"; print "\n"; print " \n"; print " \n"; print " \n"; print " \n"; foreach($usertypes["users"] as $type) { $img = getImageText($type); print " \n"; } print " \n"; print " \n"; print " \n"; # block rights $count = count($usertypes) + 1; print " \n"; #cascade rights print " \n"; # normal rights $j = 1; foreach($usertypes["users"] as $type) { print " \n"; $j++; } print " \n"; print "

	Block Cascaded Rights	Cascade to Child Nodes	$img
		"; print "

\n"; print "

\n"; print "\n"; print "\n"; print "\n"; print "

\n"; print " \n"; print "

\n"; $cont = addContinuationsEntry('AJsubmitAddUserPriv'); print "\n"; print "

\n"; print "

\n"; print " \n"; print "

Add User Group

\n"; print "

\n"; print "\n"; print " \n"; print " \n"; print " \n"; print " \n"; foreach($usertypes["users"] as $type) { $img = getImageText($type); print " \n"; } print " \n"; print " \n"; print " \n"; # block rights print " \n"; #cascade rights print " \n"; # normal rights $j = 1; foreach($usertypes["users"] as $type) { print " \n"; $j++; } print " \n"; print "

	Block Cascaded Rights	Cascade to Child Nodes	$img
\n"; # FIXME should $groups be only the user's groups? $groups = getUserGroups(0, $user['affiliationid']); if(array_key_exists(82, $groups)) unset($groups[82]); # remove None group printSelectInput("newgroupid", $groups, -1, 0, 0, 'newgroupid'); print "		"; print "

\n"; print "

\n"; print "\n"; print "\n"; print "\n"; print "

\n"; print " \n"; print "

\n"; $cont = addContinuationsEntry('AJsubmitAddUserGroupPriv'); print "\n"; print "

\n"; print "

\n"; print " \n"; print "

Add Resource Group

\n"; print "

\n"; print "\n"; print " \n"; print " \n"; print " \n"; print " \n"; $resourcetypes = array("available", "administer", "manageGroup"); foreach($resourcetypes as $type) { $img = getImageText("$type"); print " \n"; } print " \n"; print " \n"; print " \n"; # block rights print " \n"; #cascade rights print " \n"; # normal rights print " \n"; print " \n"; print " \n"; print " \n"; print "

	Block Cascaded Rights	Cascade to Child Nodes	$img
\n"; $resources = array(); $privs = array("computerAdmin","mgmtNodeAdmin", "imageAdmin", "scheduleAdmin"); $resourcesgroups = getUserResources($privs, array("manageGroup"), 1); foreach(array_keys($resourcesgroups) as $type) { foreach($resourcesgroups[$type] as $id => $group) { $resources[$id] = $type . "/" . $group; } } printSelectInput("newresourcegroupid", $resources, -1, 0, 0, 'newresourcegroupid'); print "		"; print "

\n"; print "

\n"; print "\n"; print "\n"; print "\n"; print "

\n"; print " \n"; print "

\n"; $cont = addContinuationsEntry('AJsubmitAddResourcePriv'); print "\n"; print "

\n"; print "

Add Child Node

\n"; print "

\n"; print "New Node:\n"; print "\n"; print " \n"; print "\n"; print "

\n"; print "\n"; print "\n"; print "\n"; print "

\n"; print " \n"; print "

\n"; $cont = addContinuationsEntry('AJsubmitAddChildNode'); print ""; print "

\n"; print "

\n"; print "Delete the following node and all of its children?

\n"; print "

\n"; print "

\n"; print "\n"; print "\n"; print "\n"; print "

\n"; print " \n"; print "

\n"; $cont = addContinuationsEntry('AJsubmitDeleteNode'); print ""; print "

\n"; print "

\n"; print "Enter a new name for the selected node:

\n"; print "

\n"; print "New Name:\n"; print "\n"; print " \n"; print "\n"; print "

\n"; print "

\n"; print "\n"; print "\n"; print "\n"; print "

\n"; print " \n"; print "

\n"; $cont = addContinuationsEntry('AJsubmitRenameNode'); print ""; print "

\n"; print "

\n"; print "Loading...\n"; print " \n"; print "

\n"; } //////////////////////////////////////////////////////////////////////////////// /// /// \fn selectNode() /// /// \brief generates html for ajax update to privileges page when a node is /// clicked /// //////////////////////////////////////////////////////////////////////////////// function selectNode() { global $user; $node = processInputVar("node", ARG_NUMERIC); if(empty($node)) return; $return = ""; $text = ""; $js = ""; $privs = getNodePrivileges($node); $cascadePrivs = getNodeCascadePrivileges($node); $usertypes = getTypes("users"); $i = 0; $hasUserGrant = checkUserHasPriv("userGrant", $user["id"], $node, $privs, $cascadePrivs); $hasResourceGrant = checkUserHasPriv("resourceGrant", $user["id"], $node, $privs, $cascadePrivs); $hasNodeAdmin = checkUserHasPriv("nodeAdmin", $user["id"], $node, $privs, $cascadePrivs); if($hasNodeAdmin) { $text .= ""; $text .= " "; $text .= " "; $text .= " "; $text .= " "; $text .= " "; $text .= "

"; } $return .= "if(dijit.byId('addNodeBtn')) dijit.byId('addNodeBtn').destroy();"; $return .= "if(dijit.byId('deleteNodeBtn')) dijit.byId('deleteNodeBtn').destroy();"; $return .= "if(dijit.byId('renameNodeBtn')) dijit.byId('renameNodeBtn').destroy();"; $return .= setAttribute('treebuttons', 'innerHTML', $text); $return .= "AJdojoCreate('treebuttons');"; # privileges $return .= "dojo.query('*', 'nodePerms').forEach(function(item){if(dijit.byId(item.id)) dijit.byId(item.id).destroy();});"; $text = ""; $text .= "

Users

"; $users = array(); if(count($privs["users"]) || count($cascadePrivs["users"])) { $text .= "

"; $text .= ""; $text .= " "; $text .= " "; $text .= " "; $text .= " "; foreach($usertypes["users"] as $type) { $img = getImageText($type); $text .= " "; } $text .= " "; $users = array_unique(array_merge(array_keys($privs["users"]), array_keys($cascadePrivs["users"]))); sort($users); foreach($users as $_user) { $tmpArr = getUserPrivRowHTML($_user, $i, $privs["users"], $usertypes["users"], $cascadePrivs["users"], 'user', ! $hasUserGrant); $text .= $tmpArr['html']; $js .= $tmpArr['javascript']; $i++; } $text .= "

	Block Cascaded Rights	Cascade to Child Nodes	$img

"; $text .= ""; if($hasUserGrant) { $cont = addContinuationsEntry('AJchangeUserPrivs'); $text .= ""; } } else { $text .= "There are no user privileges at the selected node.
"; } if($hasUserGrant) { $text .= ""; } $text .= "

"; $return .= setAttribute('usersDiv', 'innerHTML', $text); $return .= "AJdojoCreate('usersDiv');"; # groups $text = ""; $text .= "

User Groups

"; if(count($privs["usergroups"]) || count($cascadePrivs["usergroups"])) { $text .= "

"; $text .= ""; $text .= ""; $text .= " "; $text .= " "; $text .= " "; $text .= " "; foreach($usertypes["users"] as $type) { $img = getImageText($type); $text .= " "; } $text .= " "; $groups = array_unique(array_merge(array_keys($privs["usergroups"]), array_keys($cascadePrivs["usergroups"]))); sort($groups); foreach($groups as $group) { $tmpArr = getUserPrivRowHTML($group, $i, $privs["usergroups"], $usertypes["users"], $cascadePrivs["usergroups"], 'group', ! $hasUserGrant); $text .= $tmpArr['html']; $js .= $tmpArr['javascript']; $i++; } $text .= "

	Block Cascaded Rights	Cascade to Child Nodes	$img

"; $text .= ""; if($hasUserGrant) { $cont = addContinuationsEntry('AJchangeUserGroupPrivs'); $text .= ""; } $cont = addContinuationsEntry('jsonGetUserGroupMembers'); $text .= ""; } else { $text .= "There are no user group privileges at the selected node.
"; $groups = array(); } if($hasUserGrant) { $text .= ""; } $text .= "

"; $return .= setAttribute('usergroupsDiv', 'innerHTML', $text); $return .= "AJdojoCreate('usergroupsDiv');"; # resources $text = ""; $resourcetypes = array("available", "administer", "manageGroup"); $text .= "

Resources

"; $text .= "

"; if(count($privs["resources"]) || count($cascadePrivs["resources"])) { $text .= ""; $text .= " "; $text .= " "; $text .= " "; $text .= " "; $text .= " "; foreach($resourcetypes as $type) { $img = getImageText("$type"); $text .= " "; } $text .= " "; $resources = array_unique(array_merge(array_keys($privs["resources"]), array_keys($cascadePrivs["resources"]))); sort($resources); $resourcegroups = getResourceGroups(); $resgroupmembers = getResourceGroupMembers(); foreach($resources as $resource) { $tmpArr = getResourcePrivRowHTML($resource, $i, $privs["resources"], $resourcetypes, $resourcegroups, $resgroupmembers, $cascadePrivs["resources"], ! $hasResourceGrant); $text .= $tmpArr['html']; $js .= $tmpArr['javascript']; $i++; } $text .= "

Group Name	Group Type	Block Cascaded Rights	Cascade to Child Nodes	$img

"; if($hasResourceGrant) { $cont = addContinuationsEntry('AJchangeResourcePrivs'); $text .= ""; } $cont = addContinuationsEntry('jsonGetResourceGroupMembers'); $text .= ""; } else { $text .= "There are no resource group privileges at the selected node.
"; $resources = array(); } if($hasResourceGrant) { $text .= ""; } $text .= "

"; $return .= setAttribute('resourcesDiv', 'innerHTML', $text); $return .= "AJdojoCreate('resourcesDiv');"; print $return; print $js; } //////////////////////////////////////////////////////////////////////////////// /// /// \fn JSONprivnodelist() /// /// \brief prints a json list of privilege nodes /// //////////////////////////////////////////////////////////////////////////////// function JSONprivnodelist() { $nodes = getChildNodes(); $data = JSONprivnodelist2($nodes); header('Content-Type: text/json; charset=utf-8'); $data = "{} && {label:'display',identifier:'name',items:[$data]}"; print $data; } //////////////////////////////////////////////////////////////////////////////// /// /// \fn JSONprivnodelist2($nodelist) /// /// \param $nodelist - an array of nodes as returned from getChildNodes /// /// \return partial json data to build list for JSONprivnodelist /// /// \brief sub function for JSONprivnodelist to help build json node data /// //////////////////////////////////////////////////////////////////////////////// function JSONprivnodelist2($nodelist) { $data = ''; foreach(array_keys($nodelist) as $id) { $data .= "{name:'$id', display:'{$nodelist[$id]['name']}' "; $children = getChildNodes($id); if(count($children)) $data .= ", children: [ " . JSONprivnodelist2($children) . "]},"; else $data .= "},"; } $data = rtrim($data, ','); return $data; } //////////////////////////////////////////////////////////////////////////////// /// /// \fn AJsubmitAddChildNode() /// /// \brief processes input for adding a child node; if all is ok, adds node /// to privnode table; checks to see if submitting user has nodeAdmin, /// userGrant, and resourceGrant cascaded to the node; adds any of the privs /// that aren't cascaded; calls viewNodes when finished /// //////////////////////////////////////////////////////////////////////////////// function AJsubmitAddChildNode() { global $user; $parent = processInputVar("activeNode", ARG_NUMERIC); if(! checkUserHasPriv("nodeAdmin", $user["id"], $parent)) { $text = "You do not have rights to add children to this node."; print "dojo.byId('childNodeName').value = ''; "; print "dijit.byId('addNodePane').hide(); "; print "alert('$text');"; return; } $nodeInfo = getNodeInfo($parent); $newnode = processInputVar("newnode", ARG_STRING); if(! preg_match('/^[-A-Za-z0-9_. ]+$/', $newnode)) { $text = "You can only use letters, numbers, spaces,
" . "dashes(-), dots(.), and underscores(_)."; print "dojo.byId('addChildNodeStatus').innerHTML = '$text';"; return; } # check to see if a node with the submitted name already exists $query = "SELECT id " . "FROM privnode " . "WHERE name = '$newnode' AND " . "parent = $parent"; $qh = doQuery($query, 335); if(mysql_num_rows($qh)) { $text = "A node of that name already exists " . "under " . $nodeInfo["name"]; print "dojo.byId('addChildNodeStatus').innerHTML = '$text';"; return; } $query = "INSERT INTO privnode " . "(parent, " . "name) " . "VALUES " . "($parent, " . "'$newnode')"; doQuery($query, 336); $qh = doQuery("SELECT LAST_INSERT_ID() FROM privnode", 101); if(! $row = mysql_fetch_row($qh)) abort(101); $nodeid = $row[0]; $privs = array(); foreach(array("nodeAdmin", "userGrant", "resourceGrant") as $type) { if(! checkUserHasPriv($type, $user["id"], $nodeid)) array_push($privs, $type); } if(count($privs)) array_push($privs, "cascade"); updateUserOrGroupPrivs($user["id"], $nodeid, $privs, array(), "user"); print "addChildNode('$newnode', $nodeid);"; } //////////////////////////////////////////////////////////////////////////////// /// /// \fn nodeExists($node) /// /// \param $node - the id of a node /// /// \return 1 if exists, 0 if not /// /// \brief checks to see if $node exists /// //////////////////////////////////////////////////////////////////////////////// function nodeExists($node) { $query = "SELECT id FROM privnode WHERE id = $node"; $qh = doQuery($query, 101); if(mysql_num_rows($qh)) return 1; else return 0; } //////////////////////////////////////////////////////////////////////////////// /// /// \fn AJsubmitDeleteNode() /// /// \brief deletes a node and its children; calls viewNodes when finished /// //////////////////////////////////////////////////////////////////////////////// function AJsubmitDeleteNode() { global $user; $activeNode = processInputVar("activeNode", ARG_NUMERIC); if(empty($activeNode)) return; if(! checkUserHasPriv("nodeAdmin", $user["id"], $activeNode)) { $text = "You do not have rights to delete this node."; print "alert('$text');"; return; } clearPrivCache(); $nodes = recurseGetChildren($activeNode); $parents = getParentNodes($activeNode); $parent = $parents[0]; array_push($nodes, $activeNode); $deleteNodes = implode(',', $nodes); $query = "DELETE FROM privnode " . "WHERE id IN ($deleteNodes)"; doQuery($query, 345); print "setSelectedPrivNode('$parent'); "; print "removeNodesFromTree('$deleteNodes'); "; print "dijit.byId('deleteDialog').hide(); "; print "var workingobj = dijit.byId('workingDialog'); "; print "dojo.connect(workingobj._fadeOut, 'onEnd', dijit.byId('deleteDialog'), 'hide'); "; } //////////////////////////////////////////////////////////////////////////////// /// /// \fn AJsubmitRenameNode() /// /// \brief deletes a node and its children; calls viewNodes when finished /// //////////////////////////////////////////////////////////////////////////////// function AJsubmitRenameNode() { global $user; $activeNode = processInputVar("activeNode", ARG_NUMERIC); if(empty($activeNode)) return; if(! checkUserHasPriv("nodeAdmin", $user["id"], $activeNode)) { $msg = "You do not have rights to rename this node."; $arr = array('error' => 1, 'message' => $msg); sendJSON($arr); return; } # check if node matching new name already exists at parent $newname = processInputVar('newname', ARG_STRING); $query = "SELECT id " . "FROM privnode " . "WHERE parent = (SELECT parent FROM privnode WHERE id = $activeNode) AND " . "name = '$newname'"; $qh = doQuery($query, 101); if(mysql_num_rows($qh)) { $msg = "A sibling node of that name currently exists"; $arr = array('error' => 2, 'message' => $msg); sendJSON($arr); return; } $query = "UPDATE privnode " . "SET name = '$newname' " . "WHERE id = $activeNode"; doQuery($query, 101); $arr = array('newname' => $newname, 'node' => $activeNode); sendJSON($arr); } //////////////////////////////////////////////////////////////////////////////// /// /// \fn userLookup() /// /// \brief prints a page to display a user's privileges /// //////////////////////////////////////////////////////////////////////////////// function userLookup() { global $user, $viewmode; $userid = processInputVar("userid", ARG_STRING); $force = processInputVar('force', ARG_NUMERIC, 0); print "

\n"; print "

User Lookup

\n"; print "

\n"; print "\n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print "

User ID:
\n"; print " \n"; print " Attempt forcing an update from LDAP\n"; print "
	\n"; print "

\n"; $cont = addContinuationsEntry('submitUserLookup'); print "\n"; print "

\n"; if(! empty($userid)) { $loginid = $userid; getAffilidAndLogin($loginid, $affilid); if(empty($affilid)) { print "specified affiliation is unknown
\n"; return; } if($viewmode != ADMIN_DEVELOPER && $user['affiliationid'] != $affilid) { print "You are only allowed to look up users from your own affiliation.
\n"; return; } $query = "SELECT id " . "FROM user " . "WHERE unityid = '$loginid' AND " . "affiliationid = $affilid"; $qh = doQuery($query, 101); if(! mysql_num_rows($qh)) print "$userid not currently found in VCL user database, will try to add...
\n"; elseif($force) { $row = mysql_fetch_assoc($qh); $newtime = unixToDatetime(time() - SECINDAY - 5); $query = "UPDATE user SET lastupdated = '$newtime' WHERE id = {$row['id']}"; doQuery($query, 101); } $userdata = getUserInfo($userid); if(is_null($userdata)) { $userdata = getUserInfo($userid, 1); if(is_null($userdata)) { print "$userid not found in any known systems
\n"; return; } } print "\n"; if(! empty($userdata['firstname'])) { print " \n"; print " \n"; print " \n"; print " \n"; } if(! empty($userdata['lastname'])) { print " \n"; print " \n"; print " \n"; print " \n"; } if(! empty($userdata['preferredname'])) { print " \n"; print " \n"; print " \n"; print " \n"; } if(! empty($userdata['email'])) { print " \n"; print " \n"; print " \n"; print " \n"; } print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print "

First Name:	{$userdata["firstname"]}
Last Name:	{$userdata["lastname"]}
Preferred Name:	{$userdata["preferredname"]}
Email:	{$userdata["email"]}
Admin Level:	{$userdata["adminlevel"]}
Groups:	\n"; uasort($userdata["groups"], "sortKeepIndex"); foreach($userdata["groups"] as $group) { print " $group \n"; } print "
Privileges (found somewhere in the tree):	\n"; uasort($userdata["privileges"], "sortKeepIndex"); foreach($userdata["privileges"] as $priv) { if($priv == "block" \|\| $priv == "cascade") continue; print " $priv \n"; } print "

\n"; # get user's resources $userResources = getUserResources(array("imageCheckOut"), array("available"), 0, 0, $userdata['id']); # find nodes where user has privileges $query = "SELECT p.name AS privnode, " . "upt.name AS userprivtype, " . "up.privnodeid " . "FROM userpriv up, " . "privnode p, " . "userprivtype upt " . "WHERE up.privnodeid = p.id AND " . "up.userprivtypeid = upt.id AND " . "up.userid = {$userdata['id']} " . "ORDER BY p.name, " . "upt.name"; $qh = doQuery($query, 101); if(mysql_num_rows($qh)) { print "Nodes where user is granted privileges:
\n"; print "\n"; $privnodeid = 0; while($row = mysql_fetch_assoc($qh)) { if($privnodeid != $row['privnodeid']) { if($privnodeid) { print " \n"; print " \n"; } print " \n"; $privnodeid = $row['privnodeid']; print " \n"; print " \n"; print " \n"; print "

{$row['privnode']}	\n"; } print " {$row['userprivtype']} \n"; } print "

\n"; } # find nodes where user's groups have privileges if(! empty($userdata['groups'])) { $query = "SELECT DISTINCT p.name AS privnode, " . "upt.name AS userprivtype, " . "up.privnodeid " . "FROM userpriv up, " . "privnode p, " . "userprivtype upt " . "WHERE up.privnodeid = p.id AND " . "up.userprivtypeid = upt.id AND " . "upt.name != 'cascade' AND " . "upt.name != 'block' AND " . "up.usergroupid IN (" . implode(',', array_keys($userdata['groups'])) . ") " . "ORDER BY p.name, " . "upt.name"; $qh = doQuery($query, 101); if(mysql_num_rows($qh)) { print "Nodes where user's groups are granted privileges:
\n"; print "\n"; $privnodeid = 0; while($row = mysql_fetch_assoc($qh)) { if($privnodeid != $row['privnodeid']) { if($privnodeid) { print " \n"; print " \n"; } print " \n"; $privnodeid = $row['privnodeid']; print " \n"; print " \n"; print " \n"; print "

{$row['privnode']}	\n"; } print " {$row['userprivtype']} \n"; } print "

\n"; } } print "\n"; print " \n"; print " \n"; print " \n"; print "

Images User Has Access To:	\n"; print "	\n"; foreach($userResources['image'] as $img) print " $img \n"; print "

\n"; $requests = array(); $query = "SELECT DATE_FORMAT(l.start, '%W, %b %D, %Y, %h:%i %p') AS start, " . "DATE_FORMAT(l.finalend, '%W, %b %D, %Y, %h:%i %p') AS end, " . "c.hostname, " . "i.prettyname AS prettyimage, " . "l.ending " . "FROM log l, " . "image i, " . "computer c, " . "sublog s " . "WHERE l.userid = {$userdata["id"]} AND " . "s.logid = l.id AND " . "i.id = s.imageid AND " . "c.id = s.computerid " . "ORDER BY l.start DESC " . "LIMIT 5"; $qh = doQuery($query, 290); while($row = mysql_fetch_assoc($qh)) array_push($requests, $row); $requests = array_reverse($requests); if(! empty($requests)) { print "

User's last " . count($requests) . " reservations:

\n"; print "\n"; $first = 1; foreach($requests as $req) { if($first) $first = 0; else { print " \n"; print " \n"; print " \n"; } print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; } print "


Image:	{$req['prettyimage']}
Computer:	{$req['hostname']}
Start:	{$req['start']}
End:	{$req['end']}
Ending:	{$req['ending']}

\n"; } else print "User made no reservations in the past week.
\n"; } print "

\n"; } //////////////////////////////////////////////////////////////////////////////// /// /// \fn recurseGetChildren($node) /// /// \param $node - a node id /// /// \return an array of nodes that are children of $node /// /// \brief foreach child node of $node, adds it to an array and calls /// self to add that child's children /// //////////////////////////////////////////////////////////////////////////////// function recurseGetChildren($node) { $children = array(); $qh = doQuery("SELECT id FROM privnode WHERE parent = $node", 340); while($row = mysql_fetch_row($qh)) { array_push($children, $row[0]); $children = array_merge($children, recurseGetChildren($row[0])); } return $children; } //////////////////////////////////////////////////////////////////////////////// /// /// \fn printUserPrivRow($privname, $rownum, $privs, $types, /// $cascadeprivs, $usergroup, $disabled) /// /// \param $privname - privilege name /// \param $rownum - number of the privilege row on this page /// \param $privs - an array of user's privileges /// \param $types - an array of privilege types /// \param $cascadeprivs - an array of user's cascaded privileges /// \param $usergroup - 'user' if this is a user row, or 'group' if this is a /// group row /// \param $disabled - 0 or 1; whether or not the checkboxes should be disabled /// /// \brief prints a table row for this $privname /// //////////////////////////////////////////////////////////////////////////////// function printUserPrivRow($privname, $rownum, $privs, $types, $cascadeprivs, $usergroup, $disabled) { $allprivs = $cascadeprivs + $privs; print " \n"; if($usergroup == 'group') { $id = $allprivs[$privname]['id']; print " $privname"; if($usergroup == 'group' && ! empty($allprivs[$privname]['affiliation'])) print "@{$allprivs[$privname]['affiliation']}"; print "\n"; } else print "$privname\n"; if($disabled) $disabled = 'disabled=disabled'; else $disabled = ''; # block rights if(array_key_exists($privname, $privs) && (($usergroup == 'user' && in_array("block", $privs[$privname])) || ($usergroup == 'group' && in_array("block", $privs[$privname]['privs'])))) { $checked = "checked"; $blocked = 1; } else { $checked = ""; $blocked = 0; } $count = count($types) + 1; if($usergroup == 'user') { $usergroup = 1; $name = "privrow[$privname:block]"; } elseif($usergroup == 'group') { $usergroup = 2; $name = "privrow[{$allprivs[$privname]['id']}:block]"; } print " \n"; print "\n"; #cascade rights if(array_key_exists($privname, $privs) && (($usergroup == 1 && in_array("cascade", $privs[$privname])) || ($usergroup == 2 && in_array("cascade", $privs[$privname]['privs'])))) $checked = "checked"; else $checked = ""; if($usergroup == 1) $name = "privrow[$privname:cascade]"; else $name = "privrow[{$allprivs[$privname]['id']}:cascade]"; print " "; print "\n"; # normal rights $j = 1; foreach($types as $type) { $bgcolor = ""; $checked = ""; $value = ""; $cascaded = 0; if(array_key_exists($privname, $cascadeprivs) && (($usergroup == 1 && in_array($type, $cascadeprivs[$privname])) || ($usergroup == 2 && in_array($type, $cascadeprivs[$privname]['privs'])))) { $bgcolor = "bgcolor=\"#008000\""; $checked = "checked"; $value = "value=cascade"; $cascaded = 1; } if(array_key_exists($privname, $privs) && (($usergroup == 1 && in_array($type, $privs[$privname])) || ($usergroup == 2 && in_array($type, $privs[$privname]['privs'])))) { if($cascaded) { $value = "value=cascadesingle"; } else { $checked = "checked"; $value = "value=single"; } } if($usergroup == 1) $name = "privrow[$privname:$type]"; else $name = "privrow[{$allprivs[$privname]['id']}:$type]"; print " "; #print "onBlur=\"nodeCheck(this.checked, $rownum, $j, $usergroup)\">"; print "\n"; $j++; } print " \n"; $count = count($types) + 1; if($blocked) { print "\n"; } } //////////////////////////////////////////////////////////////////////////////// /// /// \fn getUserPrivRowHTML($privname, $rownum, $privs, $types, /// $cascadeprivs, $usergroup, $disabled) /// /// \param $privname - privilege name /// \param $rownum - number of the privilege row on this page /// \param $privs - an array of user's privileges /// \param $types - an array of privilege types /// \param $cascadeprivs - an array of user's cascaded privileges /// \param $usergroup - 'user' if this is a user row, or 'group' if this is a /// group row /// \param $disabled - 0 or 1; whether or not the checkboxes should be disabled /// /// \return a string of HTML code for a user privilege row /// /// \brief creates HTML for a user privilege row and returns it /// //////////////////////////////////////////////////////////////////////////////// function getUserPrivRowHTML($privname, $rownum, $privs, $types, $cascadeprivs, $usergroup, $disabled) { $allprivs = $cascadeprivs + $privs; $text = ""; $js = ""; $text .= ""; if($usergroup == 'group') { $id = $allprivs[$privname]['id']; $text .= "$privname"; if($usergroup == 'group' && ! empty($allprivs[$privname]['affiliation'])) $text .= "@{$allprivs[$privname]['affiliation']}"; $text .= ""; } else $text .= "$privname"; if($disabled) $disabled = 'disabled=disabled'; else $disabled = ''; # block rights if(array_key_exists($privname, $privs) && (($usergroup == 'user' && in_array("block", $privs[$privname])) || ($usergroup == 'group' && in_array("block", $privs[$privname]['privs'])))) { $checked = "checked"; $blocked = 1; } else { $checked = ""; $blocked = 0; } $count = count($types) + 1; if($usergroup == 'user') { $usergroup = 1; $name = "privrow[$privname:block]"; } elseif($usergroup == 'group') { $usergroup = 2; $name = "privrow[{$allprivs[$privname]['id']}:block]"; } $text .= " "; #cascade rights if(array_key_exists($privname, $privs) && (($usergroup == 1 && in_array("cascade", $privs[$privname])) || ($usergroup == 2 && in_array("cascade", $privs[$privname]['privs'])))) $checked = "checked"; else $checked = ""; if($usergroup == 1) $name = "privrow[$privname:cascade]"; else $name = "privrow[{$allprivs[$privname]['id']}:cascade]"; $text .= " "; $text .= ""; # normal rights $j = 1; foreach($types as $type) { $bgcolor = ""; $checked = ""; $value = ""; $cascaded = 0; if(array_key_exists($privname, $cascadeprivs) && (($usergroup == 1 && in_array($type, $cascadeprivs[$privname])) || ($usergroup == 2 && in_array($type, $cascadeprivs[$privname]['privs'])))) { $bgcolor = "bgcolor=\"#008000\""; $checked = "checked"; $value = "value=cascade"; $cascaded = 1; } if(array_key_exists($privname, $privs) && (($usergroup == 1 && in_array($type, $privs[$privname])) || ($usergroup == 2 && in_array($type, $privs[$privname]['privs'])))) { if($cascaded) { $value = "value=cascadesingle"; } else { $checked = "checked"; $value = "value=single"; } } if($usergroup == 1) $name = "privrow[$privname:$type]"; else $name = "privrow[{$allprivs[$privname]['id']}:$type]"; $text .= " "; #$text .= "onBlur=\"nodeCheck(this.checked, $rownum, $j, $usergroup)\">"; $text .= ""; $j++; } $text .= " "; $count = count($types) + 1; if($blocked) { $js .= "changeCascadedRights(true, $rownum, $count, 0, 0);"; } return array('html' => $text, 'javascript' => $js); } //////////////////////////////////////////////////////////////////////////////// /// /// \fn jsonGetUserGroupMembers() /// /// \brief accepts a user group id and dom id and prints a json array with 2 /// elements: members - a
separated string of user group members, and /// domid - the passed in domid /// //////////////////////////////////////////////////////////////////////////////// function jsonGetUserGroupMembers() { global $user; $usergrpid = processInputVar('groupid', ARG_NUMERIC); $domid = processInputVar('domid', ARG_STRING); $query = "SELECT g.ownerid, " . "g2.name AS editgroup " . "FROM usergroup g " . "LEFT JOIN usergroup g2 ON (g.editusergroupid = g2.id) " . "WHERE g.id = $usergrpid"; $qh = doQuery($query, 101); if(! ($grpdata = mysql_fetch_assoc($qh))) { # problem getting group members $msg = 'failed to fetch group members'; $arr = array('members' => $msg, 'domid' => $domid); sendJSON($arr); return; } if($grpdata["ownerid"] != $user["id"] && ! (in_array($grpdata["editgroup"], $user["groups"]))) { # user doesn't have access to view membership $msg = '(not authorized to view membership)'; $arr = array('members' => $msg, 'domid' => $domid); sendJSON($arr); return; } $grpmembers = getUserGroupMembers($usergrpid); $members = ''; foreach($grpmembers as $group) $members .= "$group
"; if($members == '') $members = '(empty group)'; $arr = array('members' => $members, 'domid' => $domid); sendJSON($arr); } //////////////////////////////////////////////////////////////////////////////// /// /// \fn printResourcePrivRow($privname, $rownum, $privs, $types, /// $resourcegroups, $resgroupmembers, $cascadeprivs, /// $disabled) /// /// \param $privname - privilege name /// \param $rownum - number of the privilege row on this page /// \param $privs - an array of user's privileges /// \param $types - an array of privilege types /// \param $resourcegroups - array from getResourceGroups() /// \param $resgroupmembers - array from getResourceGroupMembers() /// \param $cascadeprivs - an array of user's cascaded privileges /// \param $disabled - 0 or 1; whether or not the checkboxes should be disabled /// /// \brief prints a table row for this $privname /// //////////////////////////////////////////////////////////////////////////////// function printResourcePrivRow($privname, $rownum, $privs, $types, $resourcegroups, $resgroupmembers, $cascadeprivs, $disabled) { global $user; print " \n"; list($type, $name, $id) = explode('/', $privname); print " \n"; print " $name\n"; print " \n"; print " $type\n"; if($disabled) $disabled = 'disabled=disabled'; else $disabled = ''; # block rights if(array_key_exists($privname, $privs) && in_array("block", $privs[$privname])) { $checked = "checked"; $blocked = 1; } else { $checked = ""; $blocked = 0; } $count = count($types) + 1; $name = "privrow[" . $privname . ":block]"; print " \n"; #cascade rights if(array_key_exists($privname, $privs) && in_array("cascade", $privs[$privname])) $checked = "checked"; else $checked = ""; $name = "privrow[" . $privname . ":cascade]"; print " "; print "\n"; # normal rights $j = 1; foreach($types as $type) { $bgcolor = ""; $checked = ""; $value = ""; $cascaded = 0; if(array_key_exists($privname, $cascadeprivs) && in_array($type, $cascadeprivs[$privname])) { $bgcolor = "bgcolor=\"#008000\""; $checked = "checked"; $value = "value=cascade"; $cascaded = 1; } if(array_key_exists($privname, $privs) && in_array($type, $privs[$privname])) { if($cascaded) { $value = "value=cascadesingle"; } else { $checked = "checked"; $value = "value=single"; } } // if $type is administer or manageGroup, and it is not checked, and the # user is not in the resource owner group, don't print the checkbox if(($type == "administer" || $type == "manageGroup") && $checked != "checked" && ! array_key_exists($resourcegroups[$id]["ownerid"], $user["groups"])) { print "

\n"; } else { $name = "privrow[" . $privname . ":" . $type . "]"; print " "; #print "onBlur=\"nodeCheck(this.checked, $rownum, $j, 3);\">"; print "\n"; } $j++; } print " \n"; $count = count($types) + 1; if($blocked) { print "\n"; } } //////////////////////////////////////////////////////////////////////////////// /// /// \fn getResourcePrivRowHTML($privname, $rownum, $privs, $types, /// $resourcegroups, $resgroupmembers, /// $cascadeprivs, $disabled) /// /// \param $privname - privilege name /// \param $rownum - number of the privilege row on this page /// \param $privs - an array of user's privileges /// \param $types - an array of privilege types /// \param $resourcegroups - array from getResourceGroups() /// \param $resgroupmembers - array from getResourceGroupMembers() /// \param $cascadeprivs - an array of user's cascaded privileges /// \param $disabled - 0 or 1; whether or not the checkboxes should be disabled /// /// \return a string of HTML code for a resource row /// /// \brief creates HTML for a resource privilege row and returns it /// //////////////////////////////////////////////////////////////////////////////// function getResourcePrivRowHTML($privname, $rownum, $privs, $types, $resourcegroups, $resgroupmembers, $cascadeprivs, $disabled) { global $user; $text = ""; $js = ""; $text .= " "; list($type, $name, $id) = explode('/', $privname); $text .= " "; $text .= " $name"; $text .= " "; //$text .= " $name"; $text .= " $type"; if($disabled) $disabled = 'disabled=disabled'; else $disabled = ''; # block rights if(array_key_exists($privname, $privs) && in_array("block", $privs[$privname])) { $checked = "checked"; $blocked = 1; } else { $checked = ""; $blocked = 0; } $count = count($types) + 1; $name = "privrow[" . $privname . ":block]"; $text .= " "; #cascade rights if(array_key_exists($privname, $privs) && in_array("cascade", $privs[$privname])) $checked = "checked"; else $checked = ""; $name = "privrow[" . $privname . ":cascade]"; $text .= " "; $text .= ""; # normal rights $j = 1; foreach($types as $type) { $bgcolor = ""; $checked = ""; $value = ""; $cascaded = 0; if(array_key_exists($privname, $cascadeprivs) && in_array($type, $cascadeprivs[$privname])) { $bgcolor = "bgcolor=\"#008000\""; $checked = "checked"; $value = "value=cascade"; $cascaded = 1; } if(array_key_exists($privname, $privs) && in_array($type, $privs[$privname])) { if($cascaded) { $value = "value=cascadesingle"; } else { $checked = "checked"; $value = "value=single"; } } // if $type is administer or manageGroup, and it is not checked, and the # user is not in the resource owner group, don't print the checkbox if(($type == "administer" || $type == "manageGroup") && $checked != "checked" && ! array_key_exists($resourcegroups[$id]["ownerid"], $user["groups"])) { $text .= "

"; } else { $name = "privrow[" . $privname . ":" . $type . "]"; $text .= " "; #$text .= "onBlur=\"nodeCheck(this.checked, $rownum, $j, 3)\">"; $text .= ""; } $j++; } $text .= " "; $count = count($types) + 1; if($blocked) { $js .= "changeCascadedRights(true, $rownum, $count, 0, 0);"; } $text = preg_replace("/'/", ''', $text); return array('html' => $text, 'javascript' => $js); } //////////////////////////////////////////////////////////////////////////////// /// /// \fn jsonGetResourceGroupMembers() /// /// \brief accepts a resource group id and dom id and prints a json array with 2 /// elements: members - a
separated string of resource group members, and /// domid - the passed in domid /// //////////////////////////////////////////////////////////////////////////////// function jsonGetResourceGroupMembers() { $resgrpid = processInputVar('groupid', ARG_NUMERIC); $domid = processInputVar('domid', ARG_STRING); $query = "SELECT rt.name " . "FROM resourcegroup rg, " . "resourcetype rt " . "WHERE rg.id = $resgrpid AND " . "rg.resourcetypeid = rt.id"; $qh = doQuery($query, 101); if($row = mysql_fetch_assoc($qh)) { $type = $row['name']; if($type == 'computer' || $type == 'managementnode') $field = 'hostname'; elseif($type == 'image') $field = 'prettyname'; elseif($type == 'schedule') $field = 'name'; $query = "SELECT t.$field AS item " . "FROM $type t, " . "resource r, " . "resourcegroupmembers rgm " . "WHERE rgm.resourcegroupid = $resgrpid AND " . "rgm.resourceid = r.id AND " . "r.subid = t.id"; $qh = doQuery($query, 101); $members = ''; while($row = mysql_fetch_assoc($qh)) $members .= "{$row['item']}
"; if($members == '') $members = '(empty group)'; $arr = array('members' => $members, 'domid' => $domid); sendJSON($arr); } else { $members = '(failed to lookup members)'; $arr = array('members' => $members, 'domid' => $domid); sendJSON($arr); } } //////////////////////////////////////////////////////////////////////////////// /// /// \fn getNodePrivileges($node, $type, $privs) /// /// \param $node - id of node /// \param $type - (optional) resources, users, usergroups, or all /// \param $privs - (optional) privilege array as returned by this function or /// getNodeCascadePrivileges /// /// \return an array of privileges at the node:\n ///\pre ///Array\n ///(\n /// [resources] => Array\n /// (\n /// )\n /// [users] => Array\n /// (\n /// [userid0] => Array\n /// (\n /// [0] => priv0\n /// ...\n /// [N] => privN\n /// )\n /// ...\n /// [useridN] => Array()\n /// )\n /// [usergroups] => Array\n /// (\n /// [group0] => Array\n /// (\n /// [0] => priv0\n /// ...\n /// [N] => privN\n /// )\n /// ...\n /// [groupN] => Array()\n /// )\n ///) /// /// \brief gets the requested privileges at the specified node /// //////////////////////////////////////////////////////////////////////////////// function getNodePrivileges($node, $type="all", $privs=0) { global $user; $key = getKey(array($node, $type, $privs)); if(array_key_exists($key, $_SESSION['nodeprivileges'])) return $_SESSION['nodeprivileges'][$key]; if(! $privs) $privs = array("resources" => array(), "users" => array(), "usergroups" => array()); if($type == "resources" || $type == "all") { $query = "SELECT g.id AS id, " . "p.type AS privtype, " . "g.name AS name, " . "t.name AS type " . "FROM resourcepriv p, " . "resourcetype t, " . "resourcegroup g " . "WHERE p.privnodeid = $node AND " . "p.resourcegroupid = g.id AND " . "g.resourcetypeid = t.id"; $qh = doQuery($query, 350); while($row = mysql_fetch_assoc($qh)) { $name = $row["type"] . "/" . $row["name"] . "/" . $row["id"]; if(array_key_exists($name, $privs["resources"])) array_push($privs["resources"][$name], $row["privtype"]); else $privs["resources"][$name] = array($row["privtype"]); } } if($type == "users" || $type == "all") { $query = "SELECT t.name AS name, " . "CONCAT(u.unityid, '@', a.name) AS unityid " . "FROM user u, " . "userpriv up, " . "userprivtype t, " . "affiliation a " . "WHERE up.privnodeid = $node AND " . "up.userprivtypeid = t.id AND " . "up.userid = u.id AND " . "up.userid IS NOT NULL AND " . "u.affiliationid = a.id " . "ORDER BY u.unityid"; $qh = doQuery($query, 351); while($row = mysql_fetch_assoc($qh)) { if(array_key_exists($row["unityid"], $privs["users"])) { array_push($privs["users"][$row["unityid"]], $row["name"]); } else { $privs["users"][$row["unityid"]] = array($row["name"]); } } } if($type == "usergroups" || $type == "all") { $query = "SELECT t.name AS priv, " . "g.name AS groupname, " . "g.affiliationid, " . "a.name AS affiliation, " . "g.id " . "FROM userpriv up, " . "userprivtype t, " . "usergroup g " . "LEFT JOIN affiliation a ON (g.affiliationid = a.id) " . "WHERE up.privnodeid = $node AND " . "up.userprivtypeid = t.id AND " . "up.usergroupid = g.id AND " . "up.usergroupid IS NOT NULL " . "ORDER BY g.name"; $qh = doQuery($query, 352); while($row = mysql_fetch_assoc($qh)) { if(array_key_exists($row["groupname"], $privs["usergroups"])) array_push($privs["usergroups"][$row["groupname"]]['privs'], $row["priv"]); else $privs["usergroups"][$row["groupname"]] = array('id' => $row['id'], 'affiliationid' => $row['affiliationid'], 'affiliation' => $row['affiliation'], 'privs' => array($row['priv'])); } } $_SESSION['nodeprivileges'][$key] = $privs; return $privs; } //////////////////////////////////////////////////////////////////////////////// /// /// \fn getNodeCascadePrivileges($node, $type="all", $privs=0) /// /// \param $node - id of node /// \param $type - (optional) resources, users, usergroups, or all /// \param $privs - (optional) privilege array as returned by this function or /// getNodeCascadePrivileges /// /// \return an array of privileges cascaded to the node:\n ///Array\n ///(\n /// [resources] => Array\n /// (\n /// )\n /// [users] => Array\n /// (\n /// [userid0] => Array\n /// (\n /// [0] => priv0\n /// ...\n /// [N] => privN\n /// )\n /// ...\n /// [useridN] => Array()\n /// )\n /// [usergroups] => Array\n /// (\n /// [group0] => Array\n /// (\n /// [0] => priv0\n /// ...\n /// [N] => privN\n /// )\n /// ...\n /// [groupN] => Array()\n /// )\n ///) /// /// \brief gets the requested cascaded privileges for the specified node /// //////////////////////////////////////////////////////////////////////////////// function getNodeCascadePrivileges($node, $type="all", $privs=0) { $key = getKey(array($node, $type, $privs)); if(array_key_exists($key, $_SESSION['cascadenodeprivileges'])) return $_SESSION['cascadenodeprivileges'][$key]; if(! $privs) $privs = array("resources" => array(), "users" => array(), "usergroups" => array()); # get node's parents $nodelist = getParentNodes($node); if($type == "resources" || $type == "all") { $mynodelist = $nodelist; # loop through each node, starting at the root while(count($mynodelist)) { $node = array_pop($mynodelist); # get all resource groups with block set at this node and remove any cascaded privs $query = "SELECT g.name AS name, " . "t.name AS type " . "FROM resourcepriv p, " . "resourcetype t, " . "resourcegroup g " . "WHERE p.privnodeid = $node AND " . "p.resourcegroupid = g.id AND " . "g.resourcetypeid = t.id AND " . "p.type = 'block'"; $qh = doQuery($query, 353); while($row = mysql_fetch_assoc($qh)) { $name = $row["type"] . "/" . $row["name"]; unset($privs["resources"][$name]); } # get all privs for users with cascaded privs $query = "SELECT g.id AS id, " . "p.type AS privtype, " . "g.name AS name, " . "t.name AS type " . "FROM resourcepriv p, " . "resourcetype t, " . "resourcegroup g " . "WHERE p.privnodeid = $node AND " . "p.resourcegroupid = g.id AND " . "g.resourcetypeid = t.id AND " . "p.type != 'block' AND " . "p.type != 'cascade' AND " . "p.resourcegroupid IN (SELECT resourcegroupid " . "FROM resourcepriv " . "WHERE type = 'cascade' AND " . "privnodeid = $node)"; $qh = doQuery($query, 354); while($row = mysql_fetch_assoc($qh)) { $name = $row["type"] . "/" . $row["name"] . "/" . $row["id"]; // if we've already seen this resource group, add it to the # resource group's privs if(array_key_exists($name, $privs["resources"])) array_push($privs["resources"][$name], $row["privtype"]); // if we haven't seen this resource group, create an array containing # this priv else $privs["resources"][$name] = array($row["privtype"]); } } } if($type == "users" || $type == "all") { $mynodelist = $nodelist; # loop through each node, starting at the root while(count($mynodelist)) { $node = array_pop($mynodelist); # get all users with block set at this node and remove any cascaded privs $query = "SELECT CONCAT(u.unityid, '@', a.name) AS unityid " . "FROM user u, " . "userpriv up, " . "userprivtype t, " . "affiliation a " . "WHERE up.privnodeid = $node AND " . "up.userprivtypeid = t.id AND " . "up.userid = u.id AND " . "up.userid IS NOT NULL AND " . "t.name = 'block' AND " . "u.affiliationid = a.id"; $qh = doQuery($query, 355); while($row = mysql_fetch_assoc($qh)) { unset($privs["users"][$row["unityid"]]); } # get all privs for users with cascaded privs $query = "SELECT t.name AS name, " . "CONCAT(u.unityid, '@', a.name) AS unityid " . "FROM user u, " . "userpriv up, " . "userprivtype t, " . "affiliation a " . "WHERE up.privnodeid = $node AND " . "up.userprivtypeid = t.id AND " . "up.userid = u.id AND " . "u.affiliationid = a.id AND " . "up.userid IS NOT NULL AND " . "t.name != 'cascade' AND " . "t.name != 'block' AND " . "up.userid IN (SELECT up.userid " . "FROM userpriv up, " . "userprivtype t " . "WHERE up.userprivtypeid = t.id AND " . "t.name = 'cascade' AND " . "up.privnodeid = $node) " . "ORDER BY u.unityid"; $qh = doQuery($query, 356); while($row = mysql_fetch_assoc($qh)) { // if we've already seen this user, add it to the user's privs if(array_key_exists($row["unityid"], $privs["users"])) { array_push($privs["users"][$row["unityid"]], $row["name"]); } // if we haven't seen this user, create an array containing this priv else { $privs["users"][$row["unityid"]] = array($row["name"]); } } } } if($type == "usergroups" || $type == "all") { $mynodelist = $nodelist; # loop through each node, starting at the root while(count($mynodelist)) { $node = array_pop($mynodelist); # get all groups with block set at this node and remove any cascaded privs $query = "SELECT g.name AS groupname " . "FROM usergroup g, " . "userpriv up, " . "userprivtype t " . "WHERE up.privnodeid = $node AND " . "up.userprivtypeid = t.id AND " . "up.usergroupid = g.id AND " . "up.usergroupid IS NOT NULL AND " . "t.name = 'block'"; $qh = doQuery($query, 357); while($row = mysql_fetch_assoc($qh)) { unset($privs["usergroups"][$row["groupname"]]); } # get all privs for groups with cascaded privs $query = "SELECT t.name AS priv, " . "g.name AS groupname, " . "g.affiliationid, " . "a.name AS affiliation, " . "g.id " . "FROM userpriv up, " . "userprivtype t, " . "usergroup g " . "LEFT JOIN affiliation a ON (g.affiliationid = a.id) " . "WHERE up.privnodeid = $node AND " . "up.userprivtypeid = t.id AND " . "up.usergroupid = g.id AND " . "up.usergroupid IS NOT NULL AND " . "t.name != 'cascade' AND " . "t.name != 'block' AND " . "up.usergroupid IN (SELECT up.usergroupid " . "FROM userpriv up, " . "userprivtype t " . "WHERE up.userprivtypeid = t.id AND " . "t.name = 'cascade' AND " . "up.privnodeid = $node) " . "ORDER BY g.name"; $qh = doQuery($query, 358); while($row = mysql_fetch_assoc($qh)) { // if we've already seen this group, add it to the user's privs if(array_key_exists($row["groupname"], $privs["usergroups"])) array_push($privs["usergroups"][$row["groupname"]]['privs'], $row["priv"]); // if we haven't seen this group, create an array containing this priv else $privs["usergroups"][$row["groupname"]] = array('id' => $row['id'], 'affiliationid' => $row['affiliationid'], 'affiliation' => $row['affiliation'], 'privs' => array($row['priv'])); } } } $_SESSION['cascadenodeprivileges'][$key] = $privs; return $privs; } //////////////////////////////////////////////////////////////////////////////// /// /// \fn AJchangeUserPrivs() /// /// \brief processes input for changes in users' privileges at a specific node, /// submits the changes to the database /// //////////////////////////////////////////////////////////////////////////////// function AJchangeUserPrivs() { global $user; $node = processInputVar("activeNode", ARG_NUMERIC); if(! checkUserHasPriv("userGrant", $user["id"], $node)) { $text = "You do not have rights to modify user privileges at this node."; print "alert('$text');"; return; } $newuser = processInputVar("item", ARG_STRING); $newpriv = processInputVar('priv', ARG_STRING); $newprivval = processInputVar('value', ARG_STRING); //print "alert('node: $node; newuser: $newuser; newpriv: $newpriv; newprivval: $newprivval');"; # get cascade privs at this node $cascadePrivs = getNodeCascadePrivileges($node, "users"); // if $newprivval is true and $newuser already has $newpriv // cascaded to it, do nothing if($newprivval == 'true') { if(array_key_exists($newuser, $cascadePrivs['users']) && in_array($newpriv, $cascadePrivs['users'][$newuser])) return; // add priv $adds = array($newpriv); $removes = array(); } else { // remove priv $adds = array(); $removes = array($newpriv); } updateUserOrGroupPrivs($newuser, $node, $adds, $removes, "user"); $_SESSION['dirtyprivs'] = 1; } //////////////////////////////////////////////////////////////////////////////// /// /// \fn AJchangeUserGroupPrivs() /// /// \brief processes input for changes in user group privileges at a specific /// node, submits the changes to the database and calls viewNodes /// //////////////////////////////////////////////////////////////////////////////// function AJchangeUserGroupPrivs() { global $user; $node = processInputVar("activeNode", ARG_NUMERIC); if(! checkUserHasPriv("userGrant", $user["id"], $node)) { $text = "You do not have rights to modify user privileges at this node."; print "alert('$text');"; return; } $newusergrpid = processInputVar("item", ARG_NUMERIC); $newusergrp = getUserGroupName($newusergrpid); $newpriv = processInputVar('priv', ARG_STRING); $newprivval = processInputVar('value', ARG_STRING); //print "alert('node: $node; newuser:grp $newuser;grp newpriv: $newpriv; newprivval: $newprivval');"; # get cascade privs at this node $cascadePrivs = getNodeCascadePrivileges($node, "usergroups"); // if $newprivval is true and $newusergrp already has $newpriv // cascaded to it, do nothing if($newprivval == 'true') { if(array_key_exists($newusergrp, $cascadePrivs['usergroups']) && in_array($newpriv, $cascadePrivs['usergroups'][$newusergrp]['privs'])) return; // add priv $adds = array($newpriv); $removes = array(); } else { // remove priv $adds = array(); $removes = array($newpriv); } updateUserOrGroupPrivs($newusergrpid, $node, $adds, $removes, "group"); $_SESSION['dirtyprivs'] = 1; } //////////////////////////////////////////////////////////////////////////////// /// /// \fn AJchangeResourcePrivs() /// /// \brief processes input for changes in resource group privileges at a /// specific node and submits the changes to the database /// //////////////////////////////////////////////////////////////////////////////// function AJchangeResourcePrivs() { global $user; $node = processInputVar("activeNode", ARG_NUMERIC); if(! checkUserHasPriv("resourceGrant", $user["id"], $node)) { $text = "You do not have rights to modify resource privileges at this node."; print "alert('$text');"; return; } $resourcegrp = processInputVar("item", ARG_STRING); $newpriv = processInputVar('priv', ARG_STRING); $newprivval = processInputVar('value', ARG_STRING); //print "alert('node: $node; resourcegrp: $resourcegrp; newpriv: $newpriv; newprivval: $newprivval');"; # get cascade privs at this node $cascadePrivs = getNodeCascadePrivileges($node, "resources"); // if $newprivval is true and $resourcegrp already has $newpriv // cascaded to it, do nothing if($newprivval == 'true') { if(array_key_exists($resourcegrp, $cascadePrivs['resources']) && in_array($newpriv, $cascadePrivs['resources'][$resourcegrp])) return; // add priv $adds = array($newpriv); $removes = array(); } else { // remove priv $adds = array(); $removes = array($newpriv); } $tmpArr = explode('/', $resourcegrp); updateResourcePrivs($tmpArr[2], $node, $adds, $removes); $_SESSION['dirtyprivs'] = 1; } //////////////////////////////////////////////////////////////////////////////// /// /// \fn AJsubmitAddUserPriv() /// /// \brief processes input for adding privileges to a node for a user; adds the /// privileges /// //////////////////////////////////////////////////////////////////////////////// function AJsubmitAddUserPriv() { global $user; $node = processInputVar("activeNode", ARG_NUMERIC); if(! checkUserHasPriv("userGrant", $user["id"], $node)) { $text = "You do not have rights to add new users at this node."; print "addUserPaneHide(); "; print "alert('$text');"; return; } $newuser = processInputVar("newuser", ARG_STRING); if(! validateUserid($newuser)) { $text = "$newuser is not a valid userid"; print setAttribute('addUserPrivStatus', 'innerHTML', $text); return; } $perms = explode(':', processInputVar('perms', ARG_STRING)); $usertypes = getTypes("users"); array_push($usertypes["users"], "block"); array_push($usertypes["users"], "cascade"); $newuserprivs = array(); foreach($usertypes["users"] as $type) { if(in_array($type, $perms)) array_push($newuserprivs, $type); } if(empty($newuserprivs) || (count($newuserprivs) == 1 && in_array("cascade", $newuserprivs))) { $text = "No user privileges were specified"; print setAttribute('addUserPrivStatus', 'innerHTML', $text); return; } updateUserOrGroupPrivs($newuser, $node, $newuserprivs, array(), "user"); clearPrivCache(); print "refreshPerms(); "; print "addUserPaneHide(); "; } //////////////////////////////////////////////////////////////////////////////// /// /// \fn AJsubmitAddUserGroupPriv() /// /// \brief processes input for adding privileges to a node for a user group; /// adds the privileges; calls viewNodes /// //////////////////////////////////////////////////////////////////////////////// function AJsubmitAddUserGroupPriv() { global $user; $node = processInputVar("activeNode", ARG_NUMERIC); if(! checkUserHasPriv("userGrant", $user["id"], $node)) { $text = "You do not have rights to add new user groups at this node."; print "addUserGroupPaneHide(); "; print "alert('$text');"; return; } $newgroupid = processInputVar("newgroupid", ARG_NUMERIC); # FIXME validate newgroupid $perms = explode(':', processInputVar('perms', ARG_STRING)); $usertypes = getTypes("users"); array_push($usertypes["users"], "block"); array_push($usertypes["users"], "cascade"); $newgroupprivs = array(); foreach($usertypes["users"] as $type) { if(in_array($type, $perms)) array_push($newgroupprivs, $type); } if(empty($newgroupprivs) || (count($newgroupprivs) == 1 && in_array("cascade", $newgroupprivs))) { $text = "No user group privileges were specified"; print setAttribute('addUserGroupPrivStatus', 'innerHTML', $text); return; } updateUserOrGroupPrivs($newgroupid, $node, $newgroupprivs, array(), "group"); clearPrivCache(); print "refreshPerms(); "; print "addUserGroupPaneHide(); "; } //////////////////////////////////////////////////////////////////////////////// /// /// \fn AJsubmitAddResourcePriv() /// /// \brief processes input for adding privileges to a node for a resource group; /// adds the privileges /// //////////////////////////////////////////////////////////////////////////////// function AJsubmitAddResourcePriv() { global $user; $node = processInputVar("activeNode", ARG_NUMERIC); if(! checkUserHasPriv("resourceGrant", $user["id"], $node)) { $text = "You do not have rights to add new resource groups at this node."; print "addResourceGroupPaneHide(); "; print "alert('$text');"; return; } $newgroupid = processInputVar("newgroupid", ARG_NUMERIC); $privs = array("computerAdmin","mgmtNodeAdmin", "imageAdmin", "scheduleAdmin"); $resourcesgroups = getUserResources($privs, array("manageGroup"), 1); if(! array_key_exists($newgroupid, $resourcesgroups['image']) && ! array_key_exists($newgroupid, $resourcesgroups['computer']) && ! array_key_exists($newgroupid, $resourcesgroups['managementnode']) && ! array_key_exists($newgroupid, $resourcesgroups['schedule'])) { $text = "You do not have rights manage the specified resource group."; print "addResourceGroupPaneHide(); "; print "alert('$text');"; return; } $perms = explode(':', processInputVar('perms', ARG_STRING)); $privtypes = array("block", "cascade", "available", "administer", "manageGroup"); $newgroupprivs = array(); foreach($privtypes as $type) { if(in_array($type, $perms)) array_push($newgroupprivs, $type); } if(empty($newgroupprivs) || (count($newgroupprivs) == 1 && in_array("cascade", $newgroupprivs))) { $text = "No resource group privileges were specified"; print setAttribute('addResourceGroupPrivStatus', 'innerHTML', $text); return; } updateResourcePrivs($newgroupid, $node, $newgroupprivs, array()); clearPrivCache(); print "refreshPerms(); "; print "addResourceGroupPaneHide(); "; } //////////////////////////////////////////////////////////////////////////////// /// /// \fn checkUserHasPriv($priv, $uid, $node, $privs, /// $cascadePrivs) /// /// \param $priv - privilege to check for /// \param $uid - numeric id of user /// \param $node - id of node /// \param $privs - (optional) privileges at node /// \param $cascadePrivs - (optional) privileges cascaded to node /// /// \return 1 if the user has $priv at $node, 0 if not /// /// \brief checks to see if the user has $priv at $node; if $privs /// and $cascadePrivs are not passed in, they are looked up for $node /// //////////////////////////////////////////////////////////////////////////////// function checkUserHasPriv($priv, $uid, $node, $privs=0, $cascadePrivs=0) { global $user; $key = getKey(array($priv, $uid, $node, $privs, $cascadePrivs)); if(array_key_exists($key, $_SESSION['userhaspriv'])) return $_SESSION['userhaspriv'][$key]; if($user["id"] != $uid) { $_user = getUserInfo($uid, 0, 1); if(is_null($user)) return 0; } else $_user = $user; $affilUserid = "{$_user['unityid']}@{$_user['affiliation']}"; if(! is_array($privs)) { $privs = getNodePrivileges($node, 'users'); $privs = getNodePrivileges($node, 'usergroups', $privs); } if(! is_array($cascadePrivs)) { $cascadePrivs = getNodeCascadePrivileges($node, 'users'); $cascadePrivs = getNodeCascadePrivileges($node, 'usergroups', $cascadePrivs); } // if user (has $priv at this node) || # (has cascaded $priv && ! have block at this node) return 1 if((array_key_exists($affilUserid, $privs["users"]) && in_array($priv, $privs["users"][$affilUserid])) || ((array_key_exists($affilUserid, $cascadePrivs["users"]) && in_array($priv, $cascadePrivs["users"][$affilUserid])) && (! array_key_exists($affilUserid, $privs["users"]) || ! in_array("block", $privs["users"][$affilUserid])))) { $_SESSION['userhaspriv'][$key] = 1; return 1; } foreach($_user["groups"] as $groupname) { // if group (has $priv at this node) || # (has cascaded $priv && ! have block at this node) return 1 if((array_key_exists($groupname, $privs["usergroups"]) && in_array($priv, $privs["usergroups"][$groupname]['privs'])) || ((array_key_exists($groupname, $cascadePrivs["usergroups"]) && in_array($priv, $cascadePrivs["usergroups"][$groupname]['privs'])) && (! array_key_exists($groupname, $privs["usergroups"]) || ! in_array("block", $privs["usergroups"][$groupname]['privs'])))) { $_SESSION['userhaspriv'][$key] = 1; return 1; } } $_SESSION['userhaspriv'][$key] = 0; return 0; } ?>