approveuser.php3 15.3 KB
Newer Older
1
2
3
<?php
include("defs.php3");

4
5
6
7
8
#
# Standard Testbed Header
#
PAGEHEADER("New Users Approved");

9
10
11
#
# Only known and logged in users can be verified.
#
12
$uid = GETLOGIN();
13
14
LOGGEDINORDIE($uid);

15
16
17
18
$projectchecks = array();

ignore_user_abort(1);

19
20
21
22
#
# Walk the list of post variables, looking for the special post format.
# See approveuser_form.php3:
#
Leigh B. Stoller's avatar
Leigh B. Stoller committed
23
24
25
#             uid     menu     project/group
#	name=stoller$$approval-testbed/testbed value=approved,denied,postpone
#	name=stoller$$trust-testbed/testbed value=user,local_root
26
27
28
29
30
#
# We make two passes over the post vars. The first does a sanity check so
# that we can bail out without doing anything. This allows the user to
# back up and make changes without worrying about some stuff being done and
# other stuff not. 
31
32
33
34
35
36
37
38
39
40
# 
while (list ($header, $value) = each ($HTTP_POST_VARS)) {
    #echo "$header: $value<br>\n";

    $approval_string = strstr($header, "\$\$approval-");
    if (! $approval_string) {
	continue;
    }

    $user     = substr($header, 0, strpos($header, "\$\$", 0));
Leigh B. Stoller's avatar
Leigh B. Stoller committed
41
42
43
    $projgrp  = substr($approval_string, strlen("\$\$approval-"));
    $project  = substr($projgrp, 0, strpos($projgrp, "/", 0));
    $group    = substr($projgrp, strpos($projgrp, "/", 0) + 1);
44
45
46
47
48
49
50
51
    $approval = $value;

    if (!$user || strcmp($user, "") == 0) {
	TBERROR("Parse error finding user in approveuser.php3", 1);
    }
    if (!$project || strcmp($project, "") == 0) {
	TBERROR("Parse error finding project in approveuser.php3", 1);
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
52
53
54
    if (!$group || strcmp($group, "") == 0) {
	TBERROR("Parse error finding group in approveuser.php3", 1);
    }
55
56
57
58
59
60
61
62
    if (!$approval || strcmp($approval, "") == 0) {
	TBERROR("Parse error finding approval in approveuser.php3", 1);
    }

    #
    # There should be a corresponding trust variable in the POST vars.
    # Note that we construct the variable name and indirect to it.
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
63
    $foo      = "$user\$\$trust-$project/$group";
64
65
66
67
    $newtrust = $$foo;
    if (!$newtrust || strcmp($newtrust, "") == 0) {
	TBERROR("Parse error finding trust in approveuser.php3", 1);
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
68
69
70
71
72
73
    #echo "User $user, Project $project,
    #      Group $group, Approval $approval, Trust $newtrust<br>\n";
    
    if (strcmp($newtrust, "user") &&
	strcmp($newtrust, "local_root") &&
	strcmp($newtrust, "group_root")) {
74
75
76
77
	TBERROR("Invalid trust $newtrust for user $user approveuser.php3.", 1);
    }

    #
78
    # Verify an actual user that is being approved.
79
    #
80
81
    if (! TBCurrentUser($user)) {
	TBERROR("Trying to approve unknown user $user.", 1);
82
    }
83
    
84
    #
85
86
    # Check that the current uid has the necessary trust level
    # to approver users in the project/group. Also, only project leaders
Leigh B. Stoller's avatar
Leigh B. Stoller committed
87
88
    # can add someone as group_root. This should probably be encoded in
    # the permission stuff.
89
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
90
91
92
    if (! TBProjAccessCheck($uid, $project, $group, $TB_PROJECT_ADDUSER)) {
	USERERROR("You are not allowed to approve users in ".
		  "$project/$group!", 1);
93
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
94
95
96
97
98
    TBProjLeader($project, $projleader);
    if (strcmp($uid, $projleader) &&
	strcmp($newtrust, "group_root") == 0) {
	USERERROR("You do not have permission to add new users with group ".
		  "root status!", 1);
99
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
100
    
101
    #
102
103
    # Check if already approved in the project/group. If already an
    # approved member, something went wrong.
104
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
105
106
    TBGroupMember($user, $project, $group, $isapproved);
    if ($isapproved) {
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
	USERERROR("$user is already an approved member of ".
		  "$project/$group!", 1);
    }

    #
    # Verify approval value. 
    #
    if (strcmp($approval, "postpone") &&
	strcmp($approval, "deny") &&
	strcmp($approval, "nuke") &&
	strcmp($approval, "approve")) {
	TBERROR("Invalid approval value $approval in approveuser.php3.", 1);
    }

    #
    # If denying project membership, then there must be equivalent denial
    # for all subgroups. We can either do it for the user, or require that the
    # user understand whats happening. I prefer the latter, so look for this
    # and spit back an error. Note that we cannot rely on the post vars for
    # this, but must look in the DB for the group set, and then check to make
    # sure there are post vars for *all* of them.
    #
    if (strcmp($project, $group) == 0 &&
	(strcmp($approval, "deny") == 0 ||
	 strcmp($approval, "nuke") == 0)) {
	$query_result =
	    DBQueryFatal("select gid from group_membership ".
			 "where uid='$user' and pid='$project' and pid!=gid");
	
	while ($row = mysql_fetch_array($query_result)) {
	    $gid = $row[gid];

            #
            # Create and indirect through post var for subgroup approval value.
            #
	    $foo = "$user\$\$approval-$project/$gid";
	    $subgroup_approval = $$foo;

	    if (!$subgroup_approval ||
		(strcmp($subgroup_approval, "deny") &&
		 strcmp($subgroup_approval, "nuke"))) {
		USERERROR("If you wish to deny/nuke user $user in project ".
			  "$project then you must deny/nuke in all of the ".
			  "subgroups $user is attempting to join.", 1);
	    }
	}
    }

    if (strcmp($approval, "approve") == 0)
	$projectchecks[$user][] = array($project, $group, $newtrust);

    #
    # When operating on a user for a subgroup, the user must already be in the
    # default group, or there must be an appropriate default group operation
    # in the POST vars. In other words, we do not allow users to be
    # approved/denied/postponed to a subgroup without a default group
    # operation as well. At present, all users must be in the default group
    # in addition to subgroups.
    #
    if (strcmp($project, $group) == 0)
	continue;

    TBGroupMember($user, $project, $project, $isapproved);
    if ($isapproved)
	continue;

    #
    # Create and indirect through post var for project approval value.
    #
    $foo = "$user\$\$approval-$project/$project";
    $default_approval = $$foo;
    
    if (!$default_approval || strcmp($default_approval, "") == 0) {
	USERERROR("You must specify an action for $user in the default group ".
		  "as well as the subgroup!", 1);
    }
    if (strcmp($approval, "approve") == 0 &&
	strcmp($default_approval, "approve")) {
	USERERROR("You cannot approve $user in $project/$group without ".
		  "approval in the default group ($project/$project)!", 1);
    }
}

#
# Sanity check. I hate this stuff.
# 
while (list ($user, $value) = each ($projectchecks)) {
    $projtrust   = array();
    $grouptrust  = array();
    $pidlist     = array();
    
    while (list ($a, $b) = each ($value)) {
	$pid   = $b[0];
	$gid   = $b[1];
	$trust = $b[2];
	$foo   = $projtrust[$pid];
	$bar   = $grouptrust[$pid];

	#echo "$user $pid $gid $trust $foo $bar<br>\n";

	#
	# This looks for different trust levels in different subgroups
	# of the same project. We are only checking the form arguments
	# here; we will do a check against the DB below. 
	# 
	if (strcmp($pid, $gid)) {
	    if (isset($grouptrust[$pid]) &&
		strcmp($grouptrust[$pid], $trust)) {
		USERERROR("User $user may not have different trust levels in ".
			  "different subgroups of $pid!", 1);
	    }
	    $grouptrust[$pid] = $trust;
	}
	else {
	    #
	    # Stash the project default group trust so that we can also
	    # do a consistency check against it.
	    #
	    $projtrust[$pid] = $trust;
	}
	$pidlist[$pid] = $pid;
    }
    
    reset($value);

    while (list ($pid, $foo) = each ($pidlist)) {
	# Skip if no subgroups were being approved.
	if (! isset($grouptrust[$pid]))
	    continue;

	#
	# This does a consistency check against subgroups in the DB.
	# If we are approving to any subgroups in the form submittal,
	# make sure that the user is not in any other subgroups of the
	# project with a different trust level.
	#
	$query_result =
	    DBQueryFatal("select trust from group_membership ".
			 "where uid='$user' and pid='$pid' ".
			 " and pid!=gid and trust!='none' ".
			 " and trust!='$grouptrust[$pid]'");

	if (mysql_num_rows($query_result)) {	    
	    USERERROR("User $user may not have different trust levels in ".
		      "different subgroups of $pid!", 1);
	}

	#
	# This does a level check between the subgroups and the project.
	# Do not allow a higher trust level in the default group than in
	# the subgroups.
	# 
	if (isset($projtrust[$pid]))
	    $ptrust = TBTrustConvert($projtrust[$pid]);
	else
	    $ptrust = TBProjTrust($user, $pid);
	
	$bad = 0;

	$query_result =
	    DBQueryFatal("select trust from group_membership ".
			 "where uid='$user' and trust!='none' ".
			 " and pid='$pid' and gid!=pid");

	while ($row = mysql_fetch_array($query_result)) {
	    if ($ptrust > TBTrustConvert($row[0])) {
		$bad = 1;
		break;
	    }
	}
	#echo "F $user $bad $ptrust $pid $grouptrust[$pid]<br>\n";

	if ($bad ||
	    $ptrust > TBTrustConvert($grouptrust[$pid])) {
	    USERERROR("User $user may not have a higher trust level in ".
		      "the default group of $pid, than in a subgroup!", 1);
	}
    }
}

reset($HTTP_POST_VARS);

#
# Okay, all sanity tests passed for all post vars. Now do the actual work.
# 
while (list ($header, $value) = each ($HTTP_POST_VARS)) {
    #echo "$header: $value<br>\n";

    $approval_string = strstr($header, "\$\$approval-");
    if (! $approval_string) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
297
	continue;
298
299
    }

300
301
302
303
304
305
    $user     = substr($header, 0, strpos($header, "\$\$", 0));
    $projgrp  = substr($approval_string, strlen("\$\$approval-"));
    $project  = substr($projgrp, 0, strpos($projgrp, "/", 0));
    $group    = substr($projgrp, strpos($projgrp, "/", 0) + 1);
    $approval = $value;

306
    #
307
308
309
310
311
312
313
314
315
316
317
318
    # Corresponding trust value.
    #
    $foo      = "$user\$\$trust-$project/$group";
    $newtrust = $$foo;

    #
    # Get the current status for the user, which we might need to change.
    #
    # We change the status only if this person is joining his first project.
    # In this case, the status will be either "newuser" or "unapproved",
    # and we will change it to "unapproved" or "active", respectively.
    # If the status is "active", we leave it alone. 
319
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
320
    $query_result =
321
322
        DBQueryFatal("SELECT status,usr_email,usr_name from users where ".
		     "uid='$user'");
323
    if (mysql_num_rows($query_result) == 0) {
324
	TBERROR("Unknown user $user", 1);
325
326
    }
    $row = mysql_fetch_row($query_result);
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
    $curstatus  = $row[0];
    $user_email = $row[1];
    $user_name  = $row[2];
    #echo "Status = $curstatus, Email = $user_email<br>\n";

    #
    # Email info for current user.
    # 
    TBUserInfo($uid, $uid_name, $uid_email);

    #
    # Email info for the group leader too.
    #
    TBGroupLeader($project, $group, $groupleader);
    TBUserInfo($groupleader, $phead_name, $phead_email);
    
343
344
345
346
347
    #
    # Well, looks like everything is okay. Change the project membership
    # value appropriately.
    #
    if (strcmp($approval, "postpone") == 0) {
348
349
350
	echo "<p>
                  Membership status for user $user in $project/$group was
                  <b>postponed</b> for later decision.\n";
351
352
353
354
        continue;
    }
    if (strcmp($approval, "deny") == 0) {
        #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
355
356
        # Must delete the group_membership record since we require that the 
        # user reapply once denied. Send the luser email to let him know.
357
        #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
358
359
360
361
362
        $query_result =
	    DBQueryFatal("delete from group_membership ".
			 "where uid='$user' and pid='$project' and ".
			 "      gid='$group'");

363
        mail("$user_name '$user' <$user_email>",
364
             "TESTBED: Membership Denied in '$project/$group'",
365
366
	     "\n".
             "This message is to notify you that you have been denied\n".
367
	     "membership in project/group $project/$group.\n".
368
369
370
371
             "\n\n".
             "Thanks,\n".
             "Testbed Ops\n".
             "Utah Network Testbed\n",
372
             "From: $uid_name <$uid_email>\n".
373
             "Cc:  $phead_name <$phead_email>\n".
374
             "Bcc: $TBMAIL_AUDIT\n".
375
376
             "Errors-To: $TBMAIL_WWW");

377
378
379
380
	echo "<p>
                User $user was <b>denied</b> membership in $project/$group.
                <br>
                The user will need to reapply again if this was in error.\n";
381
382
383

	continue;
    }
384
385
    if (strcmp($approval, "nuke") == 0) {
        #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
386
387
        # Must delete the group_membership record since we require that the 
        # user reapply once denied. Send the luser email to let him know.
388
        #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
389
390
391
392
        $query_result =
	    DBQueryFatal("delete from group_membership ".
			 "where uid='$user' and pid='$project' and ".
			 "      gid='$group'");
393
394
395

	#
	# See if user is in any other projects (even unapproved).
Leigh B. Stoller's avatar
Leigh B. Stoller committed
396
397
398
	#
        $query_result =
	    DBQueryFatal("select * from group_membership where uid='$user'");
399
400
401
402
403

	#
	# If yes, then we cannot safely delete the user account.
	#
	if (mysql_num_rows($query_result)) {
404
405
406
	    echo "<p>
                  User $user was <b>denied</b> membership in $project/$group.
                  <br>
407
                  Since the user is a member (or requesting membership)
408
		  in other projects, the account cannot be safely removed.\n";
409
410
411
412
413
414
415
416
417
418
419
420
	    
	    continue;
	}

	#
	# No other project membership. If the user is unapproved/newuser, 
	# it means he was never approved in any project, and so will
	# likely not be missed. He will be unapproved if he did his
	# verification.
	#
	if (strcmp($curstatus, "newuser") &&
	    strcmp($curstatus, "unapproved")) {
421
422
423
	    echo "<p>
                  User $user was <b>denied</b> membership in $project/$group.
                  <br>
424
425
                  Since the user has been approved by, or was active in other
		  projects in the past, the account cannot be safely removed.
426
                  \n";
427
428
429
	    continue;
	}
	
Leigh B. Stoller's avatar
Leigh B. Stoller committed
430
	$query_result = DBQueryFatal("delete FROM users where uid='$user'");
431
	
432
433
434
435
	echo "<p>
                User $user was <b>denied</b> membership in $project/$group.
                <br>
		The account has also been <b>terminated</b> with prejudice!\n";
436
437
438

	continue;
    }
439
440
    if (strcmp($approval, "approve") == 0) {
        #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
441
        # Change the trust value in group_membership accordingly.
442
        #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
443
444
445
446
447
448
        $query_result =
	    DBQueryFatal("UPDATE group_membership ".
			 "set trust='$newtrust',date_approved=now() ".
			 "WHERE uid='$user' and pid='$project' and ".
			 "      gid='$group'");

449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
        #
        # Change the status if necessary. This only happens for new
	# users being added to their first project. After this, the status is
        # going to be "active", and we just leave it that way.
	#
        if (strcmp($curstatus, "active")) {
	    if (strcmp($curstatus, "newuser") == 0) {
		$newstatus = "unverified";
            }
	    elseif (strcmp($curstatus, "unapproved") == 0) {
		$newstatus = "active";
	    }
	    else {
	        TBERROR("Invalid $user status $curstatus in approveuser.php3",
                         1);
	    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
465
466
467
	    $query_result =
		DBQueryFatal("UPDATE users set status='$newstatus' ".
			     "WHERE uid='$user'");
468
469
	}

470
        mail("$user_name '$user' <$user_email>",
471
             "TESTBED: Membership Approved in '$project/$group' ",
472
473
	     "\n".
	     "This message is to notify you that you have been approved\n".
474
475
	     "as a member of project/group $project/$group with\n".
	     "$newtrust permissions.\n".
476
477
478
479
             "\n\n".
             "Thanks,\n".
             "Testbed Ops\n".
             "Utah Network Testbed\n",
480
             "From: $uid_name <$uid_email>\n".
481
             "Cc:  $phead_name <$phead_email>\n".
482
             "Bcc: $TBMAIL_AUDIT\n".
483
484
             "Errors-To: $TBMAIL_WWW");

485
486
487
488
	echo "<p>
                  User $user was <b>granted</b> membership in $project/$group
                  with $newtrust permissions.\n";

489
490
491
	#
        # Create user account on control node.
        #
492
	SUEXEC($uid, "flux", "mkacct-ctrl $user", 0);
493
		
494
495
496
497
	continue;
    }
}

498
499
500
501
#
# Standard Testbed Footer
# 
PAGEFOOTER();
502
?>