approveuser_form.php3 7.7 KB
Newer Older
1 2 3
<?php
include("defs.php3");

4 5 6 7 8
#
# Standard Testbed Header
#
PAGEHEADER("New Users Approval Form");

9 10 11
#
# Only known and logged in users can be verified.
#
12
$auth_usr = GETLOGIN();
13 14 15
LOGGEDINORDIE($auth_usr);

echo "
Leigh B. Stoller's avatar
Leigh B. Stoller committed
16 17 18
      <h2>Approve new users in your Project or Group</h2>
      Use this page to approve new members of your Project or Group.  Once
      approved, they will be able to log into machines in your Project's 
19
      experiments. Be sure to toggle the menu options appropriately for
20
      each pending user.
21 22 23 24 25 26 27 28 29 30 31

      <p>
      <table cellspacing=2 border=0>
        <tr>
            <td colspan=4>
                <h4>You have the following choices for <b>Action</b>:</td>
        <tr>
        <tr>
            <td>&nbsp</td>
            <td>Postpone</td>
            <td>-</td>
Jay Lepreau's avatar
nit  
Jay Lepreau committed
32
            <td>Do nothing; application remains, pending a decision.</td>
33 34 35 36 37
        </tr>
        <tr>
            <td>&nbsp</td>
            <td>Deny</td>
            <td>-</td>
Jay Lepreau's avatar
Jay Lepreau committed
38
            <td>Deny user application and so notify the user.</td>
39 40 41 42 43
        </tr>
        <tr>
            <td>&nbsp</td>
            <td>Nuke</td>
            <td>-</td>
Jay Lepreau's avatar
Jay Lepreau committed
44 45
            <td>Nuke user application.  Kills user account, without
		notice to user.  Useful for
46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69
                bogus project applications.</td>
        </tr>
        <tr>
            <td>&nbsp</td>
            <td>Approve</td>
            <td>-</td>
            <td>Approve the user</td>
        </tr>
      </table>
      </center>
      <p>
      <table cellspacing=2 border=0>
        <tr>
            <td colspan=4>
                <h4>You have the following choices for <b>Trust</b>:</td>
        <tr>
        <tr>
            <td>&nbsp</td>
            <td>User</td>
            <td>-</td>
            <td>User may log into machines in your experiments</td>
        </tr>
        <tr>
            <td>&nbsp</td>
Leigh B. Stoller's avatar
Leigh B. Stoller committed
70
            <td>Local Root</td>
71 72
            <td>-</td>
            <td>User may create/destroy experiments in your project and
Jay Lepreau's avatar
Jay Lepreau committed
73
                has root privileges on machines in your experiments</td>
74
        </tr>
Leigh B. Stoller's avatar
Leigh B. Stoller committed
75 76 77 78 79 80 81 82 83 84
        <tr>
            <td>&nbsp</td>
            <td>Group Root</td>
            <td>-</td>
            <td>In addition to Local Root privileges, user may also
                approve new group members and 
                modify user info for other users within the group. This
                level of trust is typically given only to TAs and the
                like.</td>
        </tr>
85
      </table>
86 87 88 89 90 91 92 93 94

      <center>
      <b>Important group
       <a href='docwrapper.php3?docname=groups.html#SECURITY'>
       security issues</a> are discussed in the
       <a href='docwrapper.php3?docname=groups.html'>Groups Tutorial</a>
      </b>
      </center><br>

95
      \n";
96 97

#
Leigh B. Stoller's avatar
Leigh B. Stoller committed
98 99 100
# Find all of the groups that this person has project/group root in, and 
# then in all of those groups, all of the people who are awaiting to be
# approved (status = none).
101
#
Leigh B. Stoller's avatar
Leigh B. Stoller committed
102
# First off, just determine if this person has group/project root anywhere.
103
#
Leigh B. Stoller's avatar
Leigh B. Stoller committed
104 105 106
$query_result =
    DBQueryFatal("SELECT pid FROM group_membership WHERE uid='$auth_usr' ".
		 "and (trust='group_root' or trust='project_root')");
107
if (mysql_num_rows($query_result) == 0) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
108
    USERERROR("You do not have Root permissions in any Project or Group.", 1);
109 110 111 112
}

#
# Okay, so this operation sucks out the right people by joining the
Leigh B. Stoller's avatar
Leigh B. Stoller committed
113
# group_membership table with itself. Kinda obtuse if you are not a natural
114 115
# DB guy. Sorry. Well, obtuse to me.
# 
Leigh B. Stoller's avatar
Leigh B. Stoller committed
116 117 118 119 120 121 122
$query_result =
    DBQueryFatal("SELECT g.* FROM group_membership as g ".
		 "LEFT JOIN group_membership as authed ".
		 "ON g.pid=authed.pid and g.gid=authed.gid and ".
		 "   g.uid!='$auth_usr' and g.trust='none' ".
		 "WHERE authed.uid='$auth_usr' and ".
		 "      (authed.trust='group_root' or ".
123 124
		 "       authed.trust='project_root') ".
		 "ORDER BY g.uid,g.pid,g.gid");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
125

126 127 128 129 130 131 132 133 134
if (mysql_num_rows($query_result) == 0) {
    USERERROR("You have no new project members who need approval.", 1);
}

#
# Now build a table with a bunch of selections. The thing to note about the
# form inside this table is that the selection fields are constructed with
# name= on the fly, from the uid of the user to be approved. In other words:
#
Leigh B. Stoller's avatar
Leigh B. Stoller committed
135 136 137
#             uid     menu     project/group
#	name=stoller$$approval-testbed/testbed value=approved,denied,postpone
#	name=stoller$$trust-testbed/testbed value=user,local_root
138 139
#
# so that we can go through the entire list of post variables, looking
140
# for these. The alternative is to work backwards, and I do not like that.
141
# 
142 143
echo "<table width=\"100%\" border=2 cellpadding=2 cellspacing=2
       align=\"center\">\n";
144 145 146 147

echo "<tr>
          <td rowspan=2>User</td>
          <td rowspan=2>Project</td>
Leigh B. Stoller's avatar
Leigh B. Stoller committed
148
          <td rowspan=2>Group</td>
149
          <td rowspan=2>Date<br>Applied</td>
150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165
          <td rowspan=2>Action</td>
          <td rowspan=2>Trust</td>
          <td>Name</td>
          <td>Title</td>
          <td>Affil</td>
          <td>E-mail</td>
          <td>Phone</td>
      </tr>
      <tr>
          <td>Addr</td>
          <td>Addr2</td>
          <td>City</td>
          <td>State</td>
          <td>Zip</td>
      </tr>\n";

166
echo "<form action='approveuser.php3' method='post'>\n";
167 168

while ($usersrow = mysql_fetch_array($query_result)) {
169 170
    $newuid        = $usersrow[uid];
    $pid           = $usersrow[pid];
Leigh B. Stoller's avatar
Leigh B. Stoller committed
171
    $gid           = $usersrow[gid];
172 173 174 175 176 177 178 179
    $date_applied  = $usersrow[date_applied];

    #
    # Cause this field was added late and might be null.
    # 
    if (! $date_applied) {
	$date_applied = "--";
    }
180

Leigh B. Stoller's avatar
Leigh B. Stoller committed
181 182 183 184 185 186 187 188 189 190 191 192 193
    #
    # Only project leaders get to add someone as group root.
    # 
    TBProjLeader($pid, $projleader);
    if (strcmp($auth_usr, $projleader) == 0) {
	    $isleader = 1;
    }
    else {
	    $isleader = 0;
    }

    $userinfo_result =
	DBQueryFatal("SELECT * from users where uid='$newuid'");
194 195 196 197 198 199 200 201 202 203 204 205 206 207

    $row	= mysql_fetch_array($userinfo_result);
    $name	= $row[usr_name];
    $email	= $row[usr_email];
    $title	= $row[usr_title];
    $affil	= $row[usr_affil];
    $addr	= $row[usr_addr];
    $addr2	= $row[usr_addr2];
    $city	= $row[usr_city];
    $state	= $row[usr_state];
    $zip	= $row[usr_zip];
    $phone	= $row[usr_phone];

    echo "<tr>
208
              <td colspan=10> </td>
209 210 211 212
          </tr>
          <tr>
              <td rowspan=2>$newuid</td>
              <td rowspan=2>$pid</td>
Leigh B. Stoller's avatar
Leigh B. Stoller committed
213
              <td rowspan=2>$gid</td>
214
              <td rowspan=2>$date_applied</td>
215
              <td rowspan=2>
Leigh B. Stoller's avatar
Leigh B. Stoller committed
216
                  <select name=\"$newuid\$\$approval-$pid/$gid\">
217 218 219 220
                          <option value='postpone'>Postpone </option>
                          <option value='approve'>Approve </option>
                          <option value='deny'>Deny </option>
                          <option value='nuke'>Nuke </option>
221 222 223
                  </select>
              </td>
              <td rowspan=2>
Leigh B. Stoller's avatar
Leigh B. Stoller committed
224
                  <select name=\"$newuid\$\$trust-$pid/$gid\">
225 226
                          <option value='user'>User </option>
                          <option value='local_root'>Local Root </option>\n";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
227
    if ($isleader) {
228
	    echo "        <option value='group_root'>Group Root </option>\n";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
229 230
    }
    echo "        </select>
231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247
              </td>\n";

    echo "    <td>&nbsp;$name&nbsp;</td>
              <td>&nbsp;$title&nbsp;</td>
              <td>&nbsp;$affil&nbsp;</td>
              <td>&nbsp;$email&nbsp;</td>
              <td>&nbsp;$phone&nbsp;</td>
          </tr>\n";
    echo "<tr>
              <td>&nbsp;$addr&nbsp;</td>
              <td>&nbsp;$addr2&nbsp;</td>
              <td>&nbsp;$city&nbsp;</td>
              <td>&nbsp;$state&nbsp;</td>
              <td>&nbsp;$zip&nbsp;</td>
          </tr>\n";
}
echo "<tr>
Leigh B. Stoller's avatar
Leigh B. Stoller committed
248
          <td align=center colspan=11>
249 250 251
              <b><input type='submit' value='Submit' name='OK'></td>
      </tr>
      </form>
252 253 254 255 256 257
      </table>\n";

#
# Standard Testbed Footer
# 
PAGEFOOTER();
258
?>