approveuser_form.php3 7.34 KB
Newer Older
1
<?php
Leigh B. Stoller's avatar
Leigh B. Stoller committed
2 3 4 5 6
#
# EMULAB-COPYRIGHT
# Copyright (c) 2000-2002 University of Utah and the Flux Group.
# All rights reserved.
#
7 8
include("defs.php3");

9 10 11 12 13
#
# Standard Testbed Header
#
PAGEHEADER("New Users Approval Form");

14 15 16
#
# Only known and logged in users can be verified.
#
17
$auth_usr = GETLOGIN();
18 19 20
LOGGEDINORDIE($auth_usr);

echo "
Leigh B. Stoller's avatar
Leigh B. Stoller committed
21
      <h2>Approve new users in your Project or Group</h2>
Chad Barb's avatar
 
Chad Barb committed
22
      <p>
Leigh B. Stoller's avatar
Leigh B. Stoller committed
23 24
      Use this page to approve new members of your Project or Group.  Once
      approved, they will be able to log into machines in your Project's 
25
      experiments. Be sure to toggle the menu options appropriately for
26
      each pending user.
Chad Barb's avatar
 
Chad Barb committed
27
      </p>
28

Chad Barb's avatar
 
Chad Barb committed
29 30
      <center>
      <h4>You have the following choices for <b>Action</b>:</h4>
31 32
      <table cellspacing=2 border=0>
        <tr>
Chad Barb's avatar
 
Chad Barb committed
33
            <td><b>Postpone</b></td>
Jay Lepreau's avatar
nit  
Jay Lepreau committed
34
            <td>Do nothing; application remains, pending a decision.</td>
35 36
        </tr>
        <tr>
Chad Barb's avatar
 
Chad Barb committed
37
            <td><b>Deny</b></td>
Jay Lepreau's avatar
Jay Lepreau committed
38
            <td>Deny user application and so notify the user.</td>
39 40
        </tr>
        <tr>
Chad Barb's avatar
 
Chad Barb committed
41
            <td><b>Nuke</b></td>
Jay Lepreau's avatar
Jay Lepreau committed
42 43
            <td>Nuke user application.  Kills user account, without
		notice to user.  Useful for
44 45 46
                bogus project applications.</td>
        </tr>
        <tr>
Chad Barb's avatar
 
Chad Barb committed
47
            <td><b>Approve</b></td>
48 49 50
            <td>Approve the user</td>
        </tr>
      </table>
Chad Barb's avatar
 
Chad Barb committed
51 52 53
      <br />
      <h4>You have the following choices for <b>Trust</b>:</h4>
      <table cellspacing=2 cellpadding=4 border=0>
54
        <tr>
Chad Barb's avatar
 
Chad Barb committed
55
            <td><b>User</b></td>
56 57 58
            <td>User may log into machines in your experiments</td>
        </tr>
        <tr>
Chad Barb's avatar
 
Chad Barb committed
59
            <td><b>Local Root</b></td>
60
            <td>User may create/destroy experiments in your project and
Jay Lepreau's avatar
Jay Lepreau committed
61
                has root privileges on machines in your experiments</td>
62
        </tr>
Leigh B. Stoller's avatar
Leigh B. Stoller committed
63
        <tr>
Chad Barb's avatar
 
Chad Barb committed
64
            <td><b>Group Root</b></td>
Leigh B. Stoller's avatar
Leigh B. Stoller committed
65 66 67 68 69 70
            <td>In addition to Local Root privileges, user may also
                approve new group members and 
                modify user info for other users within the group. This
                level of trust is typically given only to TAs and the
                like.</td>
        </tr>
71
      </table>
Chad Barb's avatar
 
Chad Barb committed
72
      <br />
73 74 75
      <b>Important group
       <a href='docwrapper.php3?docname=groups.html#SECURITY'>
       security issues</a> are discussed in the
Chad Barb's avatar
 
Chad Barb committed
76
       <a href='docwrapper.php3?docname=groups.html'>Groups Tutorial</a>.
77
      </b>
Chad Barb's avatar
 
Chad Barb committed
78
      </center><br />
79

80
      \n";
81 82

#
Leigh B. Stoller's avatar
Leigh B. Stoller committed
83 84 85
# Find all of the groups that this person has project/group root in, and 
# then in all of those groups, all of the people who are awaiting to be
# approved (status = none).
86
#
Leigh B. Stoller's avatar
Leigh B. Stoller committed
87
# First off, just determine if this person has group/project root anywhere.
88
#
Leigh B. Stoller's avatar
Leigh B. Stoller committed
89 90 91
$query_result =
    DBQueryFatal("SELECT pid FROM group_membership WHERE uid='$auth_usr' ".
		 "and (trust='group_root' or trust='project_root')");
92
if (mysql_num_rows($query_result) == 0) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
93
    USERERROR("You do not have Root permissions in any Project or Group.", 1);
94 95 96 97
}

#
# Okay, so this operation sucks out the right people by joining the
Leigh B. Stoller's avatar
Leigh B. Stoller committed
98
# group_membership table with itself. Kinda obtuse if you are not a natural
99 100
# DB guy. Sorry. Well, obtuse to me.
# 
Leigh B. Stoller's avatar
Leigh B. Stoller committed
101 102 103 104 105
$query_result =
    DBQueryFatal("SELECT g.* FROM group_membership as g ".
		 "LEFT JOIN group_membership as authed ".
		 "ON g.pid=authed.pid and g.gid=authed.gid and ".
		 "   g.uid!='$auth_usr' and g.trust='none' ".
106
		 "left join users as u on u.uid=g.uid ".
107 108
		 "WHERE u.status!='" . TBDB_USERSTATUS_UNVERIFIED . "' and ".
		 "u.status!='" . TBDB_USERSTATUS_NEWUSER . "' and ".
109
		 "      authed.uid='$auth_usr' and ".
Leigh B. Stoller's avatar
Leigh B. Stoller committed
110
		 "      (authed.trust='group_root' or ".
111 112
		 "       authed.trust='project_root') ".
		 "ORDER BY g.uid,g.pid,g.gid");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
113

114 115 116 117 118 119 120 121 122
if (mysql_num_rows($query_result) == 0) {
    USERERROR("You have no new project members who need approval.", 1);
}

#
# Now build a table with a bunch of selections. The thing to note about the
# form inside this table is that the selection fields are constructed with
# name= on the fly, from the uid of the user to be approved. In other words:
#
Leigh B. Stoller's avatar
Leigh B. Stoller committed
123 124 125
#             uid     menu     project/group
#	name=stoller$$approval-testbed/testbed value=approved,denied,postpone
#	name=stoller$$trust-testbed/testbed value=user,local_root
126 127
#
# so that we can go through the entire list of post variables, looking
128
# for these. The alternative is to work backwards, and I do not like that.
129
# 
130 131
echo "<table width=\"100%\" border=2 cellpadding=2 cellspacing=2
       align=\"center\">\n";
132 133

echo "<tr>
134 135 136 137 138 139 140 141 142 143 144
          <th rowspan=2>User</th>
          <th rowspan=2>Project</th>
          <th rowspan=2>Group</th>
          <th rowspan=2>Date<br>Applied</th>
          <th rowspan=2>Action</th>
          <th rowspan=2>Trust</th>
          <th>Name</th>
          <th>Title</th>
          <th>Affil</th>
          <th>E-mail</th>
          <th>Phone</th>
145 146
      </tr>
      <tr>
147
          <th colspan=5>Addr</th>
148 149
      </tr>\n";

150
echo "<form action='approveuser.php3' method='post'>\n";
151 152

while ($usersrow = mysql_fetch_array($query_result)) {
153 154
    $newuid        = $usersrow[uid];
    $pid           = $usersrow[pid];
Leigh B. Stoller's avatar
Leigh B. Stoller committed
155
    $gid           = $usersrow[gid];
156 157 158 159 160 161 162 163
    $date_applied  = $usersrow[date_applied];

    #
    # Cause this field was added late and might be null.
    # 
    if (! $date_applied) {
	$date_applied = "--";
    }
164

Leigh B. Stoller's avatar
Leigh B. Stoller committed
165 166 167 168 169 170 171 172 173 174 175 176 177
    #
    # Only project leaders get to add someone as group root.
    # 
    TBProjLeader($pid, $projleader);
    if (strcmp($auth_usr, $projleader) == 0) {
	    $isleader = 1;
    }
    else {
	    $isleader = 0;
    }

    $userinfo_result =
	DBQueryFatal("SELECT * from users where uid='$newuid'");
178 179 180 181 182 183 184 185 186 187 188 189 190 191

    $row	= mysql_fetch_array($userinfo_result);
    $name	= $row[usr_name];
    $email	= $row[usr_email];
    $title	= $row[usr_title];
    $affil	= $row[usr_affil];
    $addr	= $row[usr_addr];
    $addr2	= $row[usr_addr2];
    $city	= $row[usr_city];
    $state	= $row[usr_state];
    $zip	= $row[usr_zip];
    $phone	= $row[usr_phone];

    echo "<tr>
192
              <td colspan=10> </td>
193 194 195 196
          </tr>
          <tr>
              <td rowspan=2>$newuid</td>
              <td rowspan=2>$pid</td>
Leigh B. Stoller's avatar
Leigh B. Stoller committed
197
              <td rowspan=2>$gid</td>
198
              <td rowspan=2>$date_applied</td>
199
              <td rowspan=2>
Leigh B. Stoller's avatar
Leigh B. Stoller committed
200
                  <select name=\"$newuid\$\$approval-$pid/$gid\">
201 202 203 204
                          <option value='postpone'>Postpone </option>
                          <option value='approve'>Approve </option>
                          <option value='deny'>Deny </option>
                          <option value='nuke'>Nuke </option>
205 206 207
                  </select>
              </td>
              <td rowspan=2>
Leigh B. Stoller's avatar
Leigh B. Stoller committed
208
                  <select name=\"$newuid\$\$trust-$pid/$gid\">
209 210
                          <option value='user'>User </option>
                          <option value='local_root'>Local Root </option>\n";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
211
    if ($isleader) {
212
	    echo "        <option value='group_root'>Group Root </option>\n";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
213 214
    }
    echo "        </select>
215 216 217 218 219 220 221 222 223
              </td>\n";

    echo "    <td>&nbsp;$name&nbsp;</td>
              <td>&nbsp;$title&nbsp;</td>
              <td>&nbsp;$affil&nbsp;</td>
              <td>&nbsp;$email&nbsp;</td>
              <td>&nbsp;$phone&nbsp;</td>
          </tr>\n";
    echo "<tr>
224
              <td colspan=5>&nbsp;$addr&nbsp;</td>
225 226 227
          </tr>\n";
}
echo "<tr>
Leigh B. Stoller's avatar
Leigh B. Stoller committed
228
          <td align=center colspan=11>
229 230 231
              <b><input type='submit' value='Submit' name='OK'></td>
      </tr>
      </form>
232 233 234 235 236 237
      </table>\n";

#
# Standard Testbed Footer
# 
PAGEFOOTER();
238
?>