approveuser_form.php3 7.29 KB
Newer Older
1
<?php
Leigh B. Stoller's avatar
Leigh B. Stoller committed
2 3
#
# EMULAB-COPYRIGHT
4
# Copyright (c) 2000-2003 University of Utah and the Flux Group.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
5 6
# All rights reserved.
#
7 8
include("defs.php3");

9 10 11 12 13
#
# Standard Testbed Header
#
PAGEHEADER("New Users Approval Form");

14 15 16
#
# Only known and logged in users can be verified.
#
17
$auth_usr = GETLOGIN();
18 19 20
LOGGEDINORDIE($auth_usr);

echo "
Leigh B. Stoller's avatar
Leigh B. Stoller committed
21
      <h2>Approve new users in your Project or Group</h2>
Chad Barb's avatar
 
Chad Barb committed
22
      <p>
Leigh B. Stoller's avatar
Leigh B. Stoller committed
23 24
      Use this page to approve new members of your Project or Group.  Once
      approved, they will be able to log into machines in your Project's 
25
      experiments. Be sure to toggle the menu options appropriately for
26
      each pending user.
Chad Barb's avatar
 
Chad Barb committed
27
      </p>
28

Chad Barb's avatar
 
Chad Barb committed
29 30
      <center>
      <h4>You have the following choices for <b>Action</b>:</h4>
31 32
      <table cellspacing=2 border=0>
        <tr>
Chad Barb's avatar
 
Chad Barb committed
33
            <td><b>Postpone</b></td>
Jay Lepreau's avatar
nit  
Jay Lepreau committed
34
            <td>Do nothing; application remains, pending a decision.</td>
35 36
        </tr>
        <tr>
Chad Barb's avatar
 
Chad Barb committed
37
            <td><b>Deny</b></td>
Jay Lepreau's avatar
Jay Lepreau committed
38
            <td>Deny user application and so notify the user.</td>
39 40
        </tr>
        <tr>
Chad Barb's avatar
 
Chad Barb committed
41
            <td><b>Nuke</b></td>
Jay Lepreau's avatar
Jay Lepreau committed
42 43
            <td>Nuke user application.  Kills user account, without
		notice to user.  Useful for
44 45 46
                bogus project applications.</td>
        </tr>
        <tr>
Chad Barb's avatar
 
Chad Barb committed
47
            <td><b>Approve</b></td>
48 49 50
            <td>Approve the user</td>
        </tr>
      </table>
Chad Barb's avatar
 
Chad Barb committed
51 52 53
      <br />
      <h4>You have the following choices for <b>Trust</b>:</h4>
      <table cellspacing=2 cellpadding=4 border=0>
54
        <tr>
Chad Barb's avatar
 
Chad Barb committed
55
            <td><b>User</b></td>
56 57 58
            <td>User may log into machines in your experiments</td>
        </tr>
        <tr>
Chad Barb's avatar
 
Chad Barb committed
59
            <td><b>Local Root</b></td>
60
            <td>User may create/destroy experiments in your project and
Jay Lepreau's avatar
Jay Lepreau committed
61
                has root privileges on machines in your experiments</td>
62
        </tr>
Leigh B. Stoller's avatar
Leigh B. Stoller committed
63
        <tr>
Chad Barb's avatar
 
Chad Barb committed
64
            <td><b>Group Root</b></td>
Leigh B. Stoller's avatar
Leigh B. Stoller committed
65 66 67 68 69 70
            <td>In addition to Local Root privileges, user may also
                approve new group members and 
                modify user info for other users within the group. This
                level of trust is typically given only to TAs and the
                like.</td>
        </tr>
71
      </table>
Chad Barb's avatar
 
Chad Barb committed
72
      <br />
73 74 75
      <b>Important group
       <a href='docwrapper.php3?docname=groups.html#SECURITY'>
       security issues</a> are discussed in the
Chad Barb's avatar
 
Chad Barb committed
76
       <a href='docwrapper.php3?docname=groups.html'>Groups Tutorial</a>.
77
      </b>
Chad Barb's avatar
 
Chad Barb committed
78
      </center><br />
79

80
      \n";
81 82

#
Leigh B. Stoller's avatar
Leigh B. Stoller committed
83 84 85
# Find all of the groups that this person has project/group root in, and 
# then in all of those groups, all of the people who are awaiting to be
# approved (status = none).
86
#
Leigh B. Stoller's avatar
Leigh B. Stoller committed
87
# First off, just determine if this person has group/project root anywhere.
88
#
Leigh B. Stoller's avatar
Leigh B. Stoller committed
89 90 91
$query_result =
    DBQueryFatal("SELECT pid FROM group_membership WHERE uid='$auth_usr' ".
		 "and (trust='group_root' or trust='project_root')");
92
if (mysql_num_rows($query_result) == 0) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
93
    USERERROR("You do not have Root permissions in any Project or Group.", 1);
94 95 96 97
}

#
# Okay, so this operation sucks out the right people by joining the
Leigh B. Stoller's avatar
Leigh B. Stoller committed
98
# group_membership table with itself. Kinda obtuse if you are not a natural
99 100
# DB guy. Sorry. Well, obtuse to me.
# 
Leigh B. Stoller's avatar
Leigh B. Stoller committed
101
$query_result =
102 103 104
    DBQueryFatal("select g.* from group_membership as authed ".
		 "left join group_membership as g on ".
		 " g.pid=authed.pid and g.gid=authed.gid ".
105
		 "left join users as u on u.uid=g.uid ".
106 107 108 109 110 111 112 113
		 "where u.status!='".
		 TBDB_USERSTATUS_UNVERIFIED . "' and ".
		 " u.status!='" . TBDB_USERSTATUS_NEWUSER . 
		 "' and g.uid!='$auth_usr' and ".
		 "  g.trust='". TBDB_TRUSTSTRING_NONE . "' ".
		 "  and authed.uid='$auth_usr' and ".
		 "  (authed.trust='group_root' or ".
		 "   authed.trust='project_root') ".
114
		 "ORDER BY g.uid,g.pid,g.gid");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
115

116 117 118 119 120 121 122 123 124
if (mysql_num_rows($query_result) == 0) {
    USERERROR("You have no new project members who need approval.", 1);
}

#
# Now build a table with a bunch of selections. The thing to note about the
# form inside this table is that the selection fields are constructed with
# name= on the fly, from the uid of the user to be approved. In other words:
#
Leigh B. Stoller's avatar
Leigh B. Stoller committed
125 126 127
#             uid     menu     project/group
#	name=stoller$$approval-testbed/testbed value=approved,denied,postpone
#	name=stoller$$trust-testbed/testbed value=user,local_root
128 129
#
# so that we can go through the entire list of post variables, looking
130
# for these. The alternative is to work backwards, and I do not like that.
131
# 
132 133
echo "<table width=\"100%\" border=2 cellpadding=2 cellspacing=2
       align=\"center\">\n";
134 135

echo "<tr>
136 137 138 139 140 141 142 143 144 145 146
          <th rowspan=2>User</th>
          <th rowspan=2>Project</th>
          <th rowspan=2>Group</th>
          <th rowspan=2>Date<br>Applied</th>
          <th rowspan=2>Action</th>
          <th rowspan=2>Trust</th>
          <th>Name</th>
          <th>Title</th>
          <th>Affil</th>
          <th>E-mail</th>
          <th>Phone</th>
147 148
      </tr>
      <tr>
149
          <th colspan=5>Addr</th>
150 151
      </tr>\n";

152
echo "<form action='approveuser.php3' method='post'>\n";
153 154

while ($usersrow = mysql_fetch_array($query_result)) {
155 156
    $newuid        = $usersrow[uid];
    $pid           = $usersrow[pid];
Leigh B. Stoller's avatar
Leigh B. Stoller committed
157
    $gid           = $usersrow[gid];
158 159 160 161 162 163 164 165
    $date_applied  = $usersrow[date_applied];

    #
    # Cause this field was added late and might be null.
    # 
    if (! $date_applied) {
	$date_applied = "--";
    }
166

Leigh B. Stoller's avatar
Leigh B. Stoller committed
167 168
    $userinfo_result =
	DBQueryFatal("SELECT * from users where uid='$newuid'");
169 170 171 172 173 174 175 176 177 178 179 180 181 182

    $row	= mysql_fetch_array($userinfo_result);
    $name	= $row[usr_name];
    $email	= $row[usr_email];
    $title	= $row[usr_title];
    $affil	= $row[usr_affil];
    $addr	= $row[usr_addr];
    $addr2	= $row[usr_addr2];
    $city	= $row[usr_city];
    $state	= $row[usr_state];
    $zip	= $row[usr_zip];
    $phone	= $row[usr_phone];

    echo "<tr>
183
              <td colspan=10> </td>
184 185 186 187
          </tr>
          <tr>
              <td rowspan=2>$newuid</td>
              <td rowspan=2>$pid</td>
Leigh B. Stoller's avatar
Leigh B. Stoller committed
188
              <td rowspan=2>$gid</td>
189
              <td rowspan=2>$date_applied</td>
190
              <td rowspan=2>
Leigh B. Stoller's avatar
Leigh B. Stoller committed
191
                  <select name=\"$newuid\$\$approval-$pid/$gid\">
192 193 194 195
                          <option value='postpone'>Postpone </option>
                          <option value='approve'>Approve </option>
                          <option value='deny'>Deny </option>
                          <option value='nuke'>Nuke </option>
196 197 198
                  </select>
              </td>
              <td rowspan=2>
Chad Barb's avatar
 
Chad Barb committed
199 200 201
                  <select name=\"$newuid\$\$trust-$pid/$gid\">\n";
    if (TBCheckGroupTrustConsistency($newuid, $pid, $gid, "user", 0)) {
	echo  "<option value='user'>User </option>\n";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
202
    }
Chad Barb's avatar
 
Chad Barb committed
203 204 205 206 207
    if (TBCheckGroupTrustConsistency($newuid, $pid, $gid, "local_root", 0)) {       
	# local_root means any root is valid.
        echo  "<option value='local_root'>Local Root </option>\n";
	echo  "<option value='group_root'>Group Root </option>\n";
    }	
Leigh B. Stoller's avatar
Leigh B. Stoller committed
208
    echo "        </select>
209 210 211 212 213 214 215 216 217
              </td>\n";

    echo "    <td>&nbsp;$name&nbsp;</td>
              <td>&nbsp;$title&nbsp;</td>
              <td>&nbsp;$affil&nbsp;</td>
              <td>&nbsp;$email&nbsp;</td>
              <td>&nbsp;$phone&nbsp;</td>
          </tr>\n";
    echo "<tr>
218
              <td colspan=5>&nbsp;$addr&nbsp;</td>
219 220 221
          </tr>\n";
}
echo "<tr>
Leigh B. Stoller's avatar
Leigh B. Stoller committed
222
          <td align=center colspan=11>
223 224 225
              <b><input type='submit' value='Submit' name='OK'></td>
      </tr>
      </form>
226 227 228 229 230 231
      </table>\n";

#
# Standard Testbed Footer
# 
PAGEFOOTER();
232
?>