approveuser_form.php3 7.7 KB
Newer Older
1
2
3
<?php
include("defs.php3");

4
5
6
7
8
#
# Standard Testbed Header
#
PAGEHEADER("New Users Approval Form");

9
10
11
#
# Only known and logged in users can be verified.
#
12
$auth_usr = GETLOGIN();
13
14
15
LOGGEDINORDIE($auth_usr);

echo "
Leigh B. Stoller's avatar
Leigh B. Stoller committed
16
17
18
      <h2>Approve new users in your Project or Group</h2>
      Use this page to approve new members of your Project or Group.  Once
      approved, they will be able to log into machines in your Project's 
19
      experiments. Be sure to toggle the menu options appropriately for
20
      each pending user.
21
22
23
24
25
26
27
28
29
30
31

      <p>
      <table cellspacing=2 border=0>
        <tr>
            <td colspan=4>
                <h4>You have the following choices for <b>Action</b>:</td>
        <tr>
        <tr>
            <td>&nbsp</td>
            <td>Postpone</td>
            <td>-</td>
Jay Lepreau's avatar
nit    
Jay Lepreau committed
32
            <td>Do nothing; application remains, pending a decision.</td>
33
34
35
36
37
        </tr>
        <tr>
            <td>&nbsp</td>
            <td>Deny</td>
            <td>-</td>
Jay Lepreau's avatar
Jay Lepreau committed
38
            <td>Deny user application and so notify the user.</td>
39
40
41
42
43
        </tr>
        <tr>
            <td>&nbsp</td>
            <td>Nuke</td>
            <td>-</td>
Jay Lepreau's avatar
Jay Lepreau committed
44
45
            <td>Nuke user application.  Kills user account, without
		notice to user.  Useful for
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
                bogus project applications.</td>
        </tr>
        <tr>
            <td>&nbsp</td>
            <td>Approve</td>
            <td>-</td>
            <td>Approve the user</td>
        </tr>
      </table>
      </center>
      <p>
      <table cellspacing=2 border=0>
        <tr>
            <td colspan=4>
                <h4>You have the following choices for <b>Trust</b>:</td>
        <tr>
        <tr>
            <td>&nbsp</td>
            <td>User</td>
            <td>-</td>
            <td>User may log into machines in your experiments</td>
        </tr>
        <tr>
            <td>&nbsp</td>
Leigh B. Stoller's avatar
Leigh B. Stoller committed
70
            <td>Local Root</td>
71
72
            <td>-</td>
            <td>User may create/destroy experiments in your project and
Jay Lepreau's avatar
Jay Lepreau committed
73
                has root privileges on machines in your experiments</td>
74
        </tr>
Leigh B. Stoller's avatar
Leigh B. Stoller committed
75
76
77
78
79
80
81
82
83
84
        <tr>
            <td>&nbsp</td>
            <td>Group Root</td>
            <td>-</td>
            <td>In addition to Local Root privileges, user may also
                approve new group members and 
                modify user info for other users within the group. This
                level of trust is typically given only to TAs and the
                like.</td>
        </tr>
85
      </table>
86
87
88
89
90
91
92
93
94

      <center>
      <b>Important group
       <a href='docwrapper.php3?docname=groups.html#SECURITY'>
       security issues</a> are discussed in the
       <a href='docwrapper.php3?docname=groups.html'>Groups Tutorial</a>
      </b>
      </center><br>

95
      \n";
96
97

#
Leigh B. Stoller's avatar
Leigh B. Stoller committed
98
99
100
# Find all of the groups that this person has project/group root in, and 
# then in all of those groups, all of the people who are awaiting to be
# approved (status = none).
101
#
Leigh B. Stoller's avatar
Leigh B. Stoller committed
102
# First off, just determine if this person has group/project root anywhere.
103
#
Leigh B. Stoller's avatar
Leigh B. Stoller committed
104
105
106
$query_result =
    DBQueryFatal("SELECT pid FROM group_membership WHERE uid='$auth_usr' ".
		 "and (trust='group_root' or trust='project_root')");
107
if (mysql_num_rows($query_result) == 0) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
108
    USERERROR("You do not have Root permissions in any Project or Group.", 1);
109
110
111
112
}

#
# Okay, so this operation sucks out the right people by joining the
Leigh B. Stoller's avatar
Leigh B. Stoller committed
113
# group_membership table with itself. Kinda obtuse if you are not a natural
114
115
# DB guy. Sorry. Well, obtuse to me.
# 
Leigh B. Stoller's avatar
Leigh B. Stoller committed
116
117
118
119
120
121
122
$query_result =
    DBQueryFatal("SELECT g.* FROM group_membership as g ".
		 "LEFT JOIN group_membership as authed ".
		 "ON g.pid=authed.pid and g.gid=authed.gid and ".
		 "   g.uid!='$auth_usr' and g.trust='none' ".
		 "WHERE authed.uid='$auth_usr' and ".
		 "      (authed.trust='group_root' or ".
123
124
		 "       authed.trust='project_root') ".
		 "ORDER BY g.uid,g.pid,g.gid");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
125

126
127
128
129
130
131
132
133
134
if (mysql_num_rows($query_result) == 0) {
    USERERROR("You have no new project members who need approval.", 1);
}

#
# Now build a table with a bunch of selections. The thing to note about the
# form inside this table is that the selection fields are constructed with
# name= on the fly, from the uid of the user to be approved. In other words:
#
Leigh B. Stoller's avatar
Leigh B. Stoller committed
135
136
137
#             uid     menu     project/group
#	name=stoller$$approval-testbed/testbed value=approved,denied,postpone
#	name=stoller$$trust-testbed/testbed value=user,local_root
138
139
#
# so that we can go through the entire list of post variables, looking
140
# for these. The alternative is to work backwards, and I do not like that.
141
# 
142
143
echo "<table width=\"100%\" border=2 cellpadding=2 cellspacing=2
       align=\"center\">\n";
144
145
146
147

echo "<tr>
          <td rowspan=2>User</td>
          <td rowspan=2>Project</td>
Leigh B. Stoller's avatar
Leigh B. Stoller committed
148
          <td rowspan=2>Group</td>
149
          <td rowspan=2>Date<br>Applied</td>
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
          <td rowspan=2>Action</td>
          <td rowspan=2>Trust</td>
          <td>Name</td>
          <td>Title</td>
          <td>Affil</td>
          <td>E-mail</td>
          <td>Phone</td>
      </tr>
      <tr>
          <td>Addr</td>
          <td>Addr2</td>
          <td>City</td>
          <td>State</td>
          <td>Zip</td>
      </tr>\n";

166
echo "<form action='approveuser.php3' method='post'>\n";
167
168

while ($usersrow = mysql_fetch_array($query_result)) {
169
170
    $newuid        = $usersrow[uid];
    $pid           = $usersrow[pid];
Leigh B. Stoller's avatar
Leigh B. Stoller committed
171
    $gid           = $usersrow[gid];
172
173
174
175
176
177
178
179
    $date_applied  = $usersrow[date_applied];

    #
    # Cause this field was added late and might be null.
    # 
    if (! $date_applied) {
	$date_applied = "--";
    }
180

Leigh B. Stoller's avatar
Leigh B. Stoller committed
181
182
183
184
185
186
187
188
189
190
191
192
193
    #
    # Only project leaders get to add someone as group root.
    # 
    TBProjLeader($pid, $projleader);
    if (strcmp($auth_usr, $projleader) == 0) {
	    $isleader = 1;
    }
    else {
	    $isleader = 0;
    }

    $userinfo_result =
	DBQueryFatal("SELECT * from users where uid='$newuid'");
194
195
196
197
198
199
200
201
202
203
204
205
206
207

    $row	= mysql_fetch_array($userinfo_result);
    $name	= $row[usr_name];
    $email	= $row[usr_email];
    $title	= $row[usr_title];
    $affil	= $row[usr_affil];
    $addr	= $row[usr_addr];
    $addr2	= $row[usr_addr2];
    $city	= $row[usr_city];
    $state	= $row[usr_state];
    $zip	= $row[usr_zip];
    $phone	= $row[usr_phone];

    echo "<tr>
208
              <td colspan=10> </td>
209
210
211
212
          </tr>
          <tr>
              <td rowspan=2>$newuid</td>
              <td rowspan=2>$pid</td>
Leigh B. Stoller's avatar
Leigh B. Stoller committed
213
              <td rowspan=2>$gid</td>
214
              <td rowspan=2>$date_applied</td>
215
              <td rowspan=2>
Leigh B. Stoller's avatar
Leigh B. Stoller committed
216
                  <select name=\"$newuid\$\$approval-$pid/$gid\">
217
218
219
220
                          <option value='postpone'>Postpone </option>
                          <option value='approve'>Approve </option>
                          <option value='deny'>Deny </option>
                          <option value='nuke'>Nuke </option>
221
222
223
                  </select>
              </td>
              <td rowspan=2>
Leigh B. Stoller's avatar
Leigh B. Stoller committed
224
                  <select name=\"$newuid\$\$trust-$pid/$gid\">
225
226
                          <option value='user'>User </option>
                          <option value='local_root'>Local Root </option>\n";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
227
    if ($isleader) {
228
	    echo "        <option value='group_root'>Group Root </option>\n";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
229
230
    }
    echo "        </select>
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
              </td>\n";

    echo "    <td>&nbsp;$name&nbsp;</td>
              <td>&nbsp;$title&nbsp;</td>
              <td>&nbsp;$affil&nbsp;</td>
              <td>&nbsp;$email&nbsp;</td>
              <td>&nbsp;$phone&nbsp;</td>
          </tr>\n";
    echo "<tr>
              <td>&nbsp;$addr&nbsp;</td>
              <td>&nbsp;$addr2&nbsp;</td>
              <td>&nbsp;$city&nbsp;</td>
              <td>&nbsp;$state&nbsp;</td>
              <td>&nbsp;$zip&nbsp;</td>
          </tr>\n";
}
echo "<tr>
Leigh B. Stoller's avatar
Leigh B. Stoller committed
248
          <td align=center colspan=11>
249
250
251
              <b><input type='submit' value='Submit' name='OK'></td>
      </tr>
      </form>
252
253
254
255
256
257
      </table>\n";

#
# Standard Testbed Footer
# 
PAGEFOOTER();
258
?>