* No longer put the project leader into every subgroup. If the project

  leader wants to be in the subgroup, he has to do it via the editgroup
  page. This required minor changes in editgroup pages, since I was special
  casing the project leader to not allow removal/addition.

* Allow mere users to be the head of a group. This was previously not
  allowed, and is totally wrong since the entire group trust mechanism
  is based on giving subgroup members *more* privs then they have in
  the default (project) group.

* Change permission check in the showgroup page to allow non group members
  to look at the group if they have group_root or better in the default
  group. I noticed that once I took myself out of a group, I could no longer
  look at the group even though I had group_root in the project.

  Also change so that the edit/del menu does not appear unless the user
  has permission to do those things.

* Change consistency check when adding a group member. New test is simpler
  and makes sure that the user does not have root privs in the project and
  user privs in the subgroup. The reverse is of course okay, and the expected
  manner in which groups should be used.

* newgroup page now spits out a redirect to showgroup page, rather then
  printing the group info itself. Avoids duplication and gets rid of the
  form post from the history. Ditto for editgroup page.

www/dbdefs.php3.in

@@ -280,13 +280,13 @@ function TBProjAccessCheck($uid, $pid, $gid, $access_type)
     }
     elseif ($access_type == $TB_PROJECT_MAKEGROUP ||
 	    $access_type == $TB_PROJECT_DELGROUP) {
-	$mintrust = $TBDB_TRUST_PROJROOT;
+	$mintrust = $TBDB_TRUST_GROUPROOT;
     }
     elseif ($access_type == $TB_PROJECT_LEADGROUP) {
 	#
-	# Must be at least local root to lead a group.
+	# Allow mere user (in default group) to lead a subgroup.
 	# 
-	$mintrust = $TBDB_TRUST_LOCALROOT;
+	$mintrust = $TBDB_TRUST_USER;
     }
     elseif ($access_type == $TB_PROJECT_MAKEOSID ||
 	    $access_type == $TB_PROJECT_MAKEIMAGEID ||
@@ -304,6 +304,8 @@ function TBProjAccessCheck($uid, $pid, $gid, $access_type)
 	    $mintrust = $TBDB_TRUST_PROJROOT;
 	}
 	else {
+	    # Editing a group requires privs in the project, not group!
+	    $gid = $pid;
 	    $mintrust = $TBDB_TRUST_GROUPROOT;
 	}
     }

www/deletegroup.php3

@@ -39,7 +39,7 @@ if (strcmp($gid, $pid) == 0) {
 #
 # Verify permission.
 #
-if (! TBProjAccessCheck($uid, $pid, 0, $TB_PROJECT_DELGROUP)) {
+if (! TBProjAccessCheck($uid, $pid, $pid, $TB_PROJECT_DELGROUP)) {
     USERERROR("You do not have permission to delete groups in project $pid!",
 	      1);
 }

www/editgroup.php3

@@ -8,9 +8,9 @@ include("defs.php3");
 include("showstuff.php3");
 
 #
-# Standard Testbed Header
+# No testbed header since we spit out a redirect.
 #
-PAGEHEADER("Edit Group Membership");
+ignore_user_abort(1);
 
 #
 # Only known and logged in users.
@@ -18,8 +18,6 @@ PAGEHEADER("Edit Group Membership");
 $uid = GETLOGIN();
 LOGGEDINORDIE($uid);
 
-ignore_user_abort(1);
-
 #
 # First off, sanity check page args.
 #
@@ -50,17 +48,14 @@ if (! TBProjAccessCheck($uid, $pid, $gid, $TB_PROJECT_EDITGROUP)) {
 
 #
 # Grab the current user list for the group. The group leader cannot be
-# removed! Neither can the project leader. Do not include members that
-# have not been approved to main group either! This will force them to
-# go through the approval page first.
+# removed! Do not include members that have not been approved to main
+# group either! This will force them to go through the approval page first.
 #
 $curmembers_result =
     DBQueryFatal("select distinct m.uid from group_membership as m ".
 		 "left join groups as g on g.pid=m.pid and g.gid=m.gid ".
-		 "left join projects as p on p.pid=m.pid ".
 		 "where m.pid='$pid' and m.gid='$gid' and ".
-		 "      m.uid!=g.leader and m.uid!=p.head_uid ".
-		 "      and m.trust!='none'");
+		 "      m.uid!=g.leader and m.trust!='none'");
 
 #
 # Grab the user list from the project. These are the people who can be
@@ -77,14 +72,18 @@ $nonmembers_result =
 
 function TBCheckTrustConsistency($user, $pid, $gid, $newtrust)
 {
+    global $TBDB_TRUST_USER;
+    
     #
     # If changing default group trust level, then compare levels.
-    # A user may not have greater permission in the default group than
-    # in a subgroup.
+    # A user may not have root privs in the project and user privs
+    # in the group; make no sense to do that and can violate trust.
     #
     if (strcmp($pid, $gid)) {
 	$projtrust = TBProjTrust($user, $pid);
-	if ($projtrust > TBTrustConvert($newtrust)) {
+
+	if (TBTrustConvert($newtrust) == $TBDB_TRUST_USER &&
+	    $projtrust > $TBDB_TRUST_USER) {
 	    USERERROR("User $user may not have a higher trust level in ".
 		      "the default group of $pid, than in subgroup $gid!", 1);
 	}
@@ -275,13 +274,6 @@ if (!$defaultgroup && mysql_num_rows($nonmembers_result)) {
 #
 TBGroupUnixInfo($pid, $pid, $unix_gid, $unix_name);
 
-echo "<br>
-      Group '$gid' in project '$pid' is being updated!<br><br>
-      This will take a minute or two. <b>Please</b> do not click the Stop
-      button during this time. If you do not receive notification within
-      a reasonable amount of time, please contact $TBMAILADDR.\n";
-flush();
-
 #
 # Run the script. This will do the account stuff for all the people
 # in the group. This is the same script that gets run when the group
@@ -289,25 +281,11 @@ flush();
 #
 SUEXEC($uid, $unix_gid, "websetgroups -p $pid $modusers", 1);
 
-echo "<br><br>
-      <b>Done!</b>
-      <br>\n";
-
-#
-# Show it again!
 #
-SHOWGROUP($pid, $gid);
-
-SHOWGROUPMEMBERS($pid, $gid);
-
-#
-# Back to ...
+# Spit out a redirect so that the history does not include a post
+# in it. The back button skips over the post and to the form.
 # 
-echo "<br>
-       <A href='showgroup.php3?pid=$pid&gid=$gid'>Back to Group page</a>\n";
+header("Location: showgroup.php3?pid=$pid&gid=$gid");
 
-#
-# Standard Testbed Footer
-# 
-PAGEFOOTER();
+# No Testbed footer.
 ?>

www/editgroup_form.php3

@@ -48,18 +48,16 @@ if (! TBProjAccessCheck($uid, $pid, $gid, $TB_PROJECT_EDITGROUP)) {
 
 #
 # Grab the user list for the group. Provide a button selection of people
-# that can be removed. The group leader cannot be removed! Neither can
-# the project leader.  Do not include members that have not been approved
+# that can be removed. The group leader cannot be removed!
+# Do not include members that have not been approved
 # to main group either! This will force them to go through the approval
 # page first.
 #
 $curmembers_result =
     DBQueryFatal("select m.uid,m.trust from group_membership as m ".
 		 "left join groups as g on g.pid=m.pid and g.gid=m.gid ".
-		 "left join projects as p on p.pid=m.pid ".
 		 "where m.pid='$pid' and m.gid='$gid' and ".
-		 "      m.uid!=g.leader and m.uid!=p.head_uid ".
-		 "      and m.trust!='none'");
+		 "      m.uid!=g.leader and m.trust!='none'");
 
 #
 # Grab the user list from the project. These are the people who can be

www/newgroup.php3

@@ -8,12 +8,8 @@ include("defs.php3");
 include("showstuff.php3");
 
 #
-# Standard Testbed Header
+# No header since we issue a redirect later.
 #
-PAGEHEADER("Create a Project Group");
-
-$mydebug = 0;
-
 ignore_user_abort(1);
 
 #
@@ -73,14 +69,11 @@ if (! TBProjAccessCheck($uid, $group_pid, 0, $TB_PROJECT_MAKEGROUP)) {
 }
 
 #
-# Verify project and leader. That is, the leader choosen has to be a member
-# of the default group for the project and must already possess a
-# minimum level of trust since it would make no sense to make "user" a
-# group leader.
+# Verify project and leader. Any user can lead a group.
 #
 if (! TBProjAccessCheck($group_leader, $group_pid, 0, $TB_PROJECT_LEADGROUP)) {
-    USERERROR("$group_leader is not a trusted (local root or better) member ".
-	      "of the project $group_pid!", 1);
+    USERERROR("$group_leader does not have enough permission to lead a group ".
+	      "in project $group_pid!", 1);
 }
 	       
 #
@@ -132,22 +125,9 @@ DBQueryFatal("insert into group_membership ".
 	     "        'group_root', now(), now())");
 
 #
-# Grab the project head uid for the project. If its different than the
-# the leader for the group, insert the project head also. This is polite.
+# Note, if the project leader wants to be in the subgroup, he/she has to
+# add themself via the edit page. 
 #
-$query_result =
-    DBQueryFatal("select head_uid from projects where pid='$group_pid'");
-if (($row = mysql_fetch_row($query_result)) == 0) {
-    DBFatal("Getting head_uid for project $group_pid.");
-}
-$head_uid = $row[0];
-
-if (strcmp($head_uid, $group_leader)) {
-    DBQueryFatal("insert into group_membership ".
-		 "(uid, pid, gid, trust, date_applied, date_approved) ".
-		 "values ('$head_uid','$group_pid','$group_id', ".
-		 "        'group_root', now(), now())");
-}
 
 #
 # Grab the unix GID for running scripts.
@@ -167,25 +147,13 @@ flush();
 # is the same script that gets run when the group membership changes.
 #
 SUEXEC($uid, $unix_gid, "webmkgroup $group_pid $group_id", 1);
-SUEXEC($uid, $unix_gid, "websetgroups $head_uid $group_leader", 1);
-
-echo "<br><br>
-      <b>Done!</b>
-      <br>\n";
+SUEXEC($uid, $unix_gid, "websetgroups $group_leader", 1);
 
 #
-# Show it!
-#
-SHOWGROUP($group_pid, $group_id);
-
-#
-# Back to ...
+# Spit out a redirect so that the history does not include a post
+# in it. The back button skips over the post and to the form.
 # 
-echo "<br>
-       <A href='showproject.php3?pid=$group_pid'>Back to Project page</a>\n";
+header("Location: showgroup.php3?pid=$group_pid&gid=$group_id");
 
-#
-# Standard Testbed Footer
-# 
-PAGEFOOTER();
+# No Testbed footer.
 ?>

www/showgroup.php3

@@ -51,15 +51,14 @@ if (mysql_num_rows($query_result) == 0) {
 }
 
 #
-# Verify that this uid is a member of the project being displayed. 
-#
-if (!$isadmin) {
-    $query_result = 
-        DBQueryFatal("SELECT trust FROM group_membership ".
-		     "WHERE uid='$uid' and pid='$pid' and gid='$gid'");
-    if (mysql_num_rows($query_result) == 0) {
-        USERERROR("You are not a member of Project $pid.", 1);
-    }
+# Verify permission to look at the group. This is a little different,
+# since the standard test would look for permission in just the group,
+# but we also want to allow user from the project with appropriate
+# privs to look at the group.
+#
+if (! TBProjAccessCheck($uid, $pid, $gid, $TB_PROJECT_READINFO) &&
+    ! TBMinTrust(TBGrpTrust($uid, $pid, $pid), $TBDB_TRUST_GROUPROOT)) {
+    USERERROR("You are not a member of group $gid in project $pid!", 1);
 }
 
 #
@@ -70,23 +69,38 @@ if ($isadmin || TBProjAccessCheck($uid, $pid, $pid, $TB_PROJECT_DELUSER)) {
     $prived = 1;
 }
 
-SUBPAGESTART();
-SUBMENUSTART("Group Options");
-WRITESUBMENUBUTTON("Edit this Group",
-		   "editgroup_form.php3?pid=$pid&gid=$gid");
-
 #
-# A delete option, but not for the default group!
+# This menu only makes sense for people with privs to use them.
 #
-if (strcmp($gid, $pid)) {
-    WRITESUBMENUBUTTON("Delete this Group",
-		       "deletegroup.php3?pid=$pid&gid=$gid");
+if (TBProjAccessCheck($uid, $pid, $gid, $TB_PROJECT_EDITGROUP) ||
+    TBProjAccessCheck($uid, $pid, $pid, $TB_PROJECT_DELGROUP)) {
+
+    SUBPAGESTART();
+    SUBMENUSTART("Group Options");
+
+    if (TBProjAccessCheck($uid, $pid, $gid, $TB_PROJECT_EDITGROUP)) {
+	WRITESUBMENUBUTTON("Edit this Group",
+			   "editgroup_form.php3?pid=$pid&gid=$gid");
+    }
+
+    #
+    # A delete option, but not for the default group!
+    #
+    if (strcmp($gid, $pid) &&
+	TBProjAccessCheck($uid, $pid, $pid, $TB_PROJECT_DELGROUP)) {
+	WRITESUBMENUBUTTON("Delete this Group",
+			   "deletegroup.php3?pid=$pid&gid=$gid");
+    }
+    SUBMENUEND();
 }
-SUBMENUEND();
 
 SHOWGROUP($pid, $gid);
 SHOWGROUPMEMBERS($pid, $gid, $prived);
-SUBPAGEEND();
+
+if (TBProjAccessCheck($uid, $pid, $gid, $TB_PROJECT_EDITGROUP) ||
+    TBProjAccessCheck($uid, $pid, $pid, $TB_PROJECT_DELGROUP)) {
+    SUBPAGEEND();
+}
 
 #
 # A list of Group experiments.