All new accounts created on Gitlab now require administrator approval. If you invite any collaborators, please let Flux staff know so they can approve the accounts.

Commit 532816b2 authored by Leigh B Stoller's avatar Leigh B Stoller

Allow foreign admins to see the experiment status pages and the

extension history, All buttons disabled/hidden.
parent 05b1134b
......@@ -34,7 +34,8 @@ $page_title = "Dash Board";
#
RedirectSecure();
$this_user = CheckLoginOrRedirect();
$isadmin = (ISADMIN() ? 1 : 0);
$isadmin = (ISADMIN() ? 1 : 0);
$isfadmin = (ISFOREIGN_ADMIN() ? 1 : 0);
if (! (ISADMIN() || ISFOREIGN_ADMIN())) {
SPITUSERERROR("You do not have permission to view the dashboard");
......@@ -46,6 +47,7 @@ echo "<div id='page-body'></div>\n";
echo "<script type='text/javascript'>\n";
echo " window.ISADMIN = $isadmin;\n";
echo " window.ISFADMIN = $isfadmin;\n";
echo "</script>\n";
echo "<script src='js/lib/bootstrap.js'></script>\n";
......
......@@ -22,6 +22,7 @@ function (_, sup, moment, marked, UriTemplate, ShowImagingModal,
var uuid = null;
var oneonly = 0;
var isadmin = 0;
var isfadmin = 0;
var isguest = 0;
var ispprofile = 0;
var dossh = 1;
......@@ -47,6 +48,7 @@ function (_, sup, moment, marked, UriTemplate, ShowImagingModal,
uuid = window.APT_OPTIONS.uuid;
oneonly = window.APT_OPTIONS.oneonly;
isadmin = window.APT_OPTIONS.isadmin;
isfadmin= window.APT_OPTIONS.isfadmin;
isguest = (window.APT_OPTIONS.registered ? false : true);
dossh = window.APT_OPTIONS.dossh;
extend = window.APT_OPTIONS.extend || null;
......@@ -74,6 +76,7 @@ function (_, sup, moment, marked, UriTemplate, ShowImagingModal,
creatorEmail: window.APT_OPTIONS.creatorEmail,
registered: window.APT_OPTIONS.registered,
isadmin: window.APT_OPTIONS.isadmin,
isfadmin: window.APT_OPTIONS.isfadmin,
errorURL: errorURL,
lockout: lockout,
lockdown: lockdown,
......@@ -154,6 +157,13 @@ function (_, sup, moment, marked, UriTemplate, ShowImagingModal,
// Setup the extend modal.
$('button#extend_button').click(function (event) {
event.preventDefault();
if (isfadmin) {
if ($('#extension_history').length) {
$("#extend_history").text($('#extension_history').text());
sup.ShowModal("#extend_history_modal");
}
return;
}
ShowExtendModal(uuid, RequestExtensionCallback, isadmin,
isguest, null, window.APT_OPTIONS.freenodesurl,
window.APT_OPTIONS.extension_requested,
......@@ -1072,6 +1082,10 @@ function (_, sup, moment, marked, UriTemplate, ShowImagingModal,
//
function ContextMenuShow(jacksevent)
{
// Foreign admins have no permission for anything.
if (isfadmin) {
return;
}
var event = jacksevent.event;
var client_id = jacksevent.client_id;
var cid = "context-menu-" + client_id;
......@@ -1279,6 +1293,15 @@ function (_, sup, moment, marked, UriTemplate, ShowImagingModal,
});
}
//
// Foreign admins do not get a menu, but easier to just
// hide it.
//
if (isfadmin) {
$('#listview-row-' + node + ' [name=action-menu]')
.addClass("invisible");
}
//
// Now a handler for the console action.
//
......@@ -1311,7 +1334,7 @@ function (_, sup, moment, marked, UriTemplate, ShowImagingModal,
consolenodes[node] = node;
}
else {
// Need to the context menu too. painful.
// Need to do this on the context menu too, but painful.
$('#listview-row-' + node + ' [name=consolelog]')
.parent().addClass('disabled');
$('#listview-row-' + node + ' [name=console]')
......@@ -1413,7 +1436,10 @@ function (_, sup, moment, marked, UriTemplate, ShowImagingModal,
if (xml != null) {
UpdateInstructions(xml,uridata);
FindEncryptionBlocks(xml);
// Do not show secrets if viewing using foreign admin creds
if (!isfadmin) {
FindEncryptionBlocks(xml);
}
}
/*
......
......@@ -237,7 +237,7 @@ function SPITROWS($showall, $name, $result)
echo " <tr><td>\n";
if ($all || $extend) {
if (ISADMIN()) {
if (ISADMIN() || ISFOREIGN_ADMIN()) {
echo "<a href='status.php?uuid=$uuid'>$name</a>";
}
else {
......
......@@ -62,6 +62,10 @@ function StatusSetupAjax($needmodify)
if (isset($this_user) && ISADMIN()) {
return 0;
}
# Foreign admins can look.
if (isset($this_user) && ISFOREIGN_ADMIN() && !$needmodify) {
return 0;
}
# For a guest user; must be the same guest that created experiment.
if (get_class($creator) == "GeniUser") {
if (isset($_COOKIE['quickvm_user']) &&
......
......@@ -40,6 +40,12 @@ $this_user = CheckLogin($check_status);
if (isset($this_user)) {
CheckLoginOrDie(CHECKLOGIN_NONLOCAL);
}
#
# We do not set the isfadmin flag if the user has normal permission
# to see this experiment, since that would change what the user sees.
# Okay for real admins, but not for foreign admins.
#
$isfadmin = 0;
#
# Verify page arguments.
......@@ -102,7 +108,13 @@ if (! (isset($this_user) && ISADMIN())) {
(get_class($creator) == "GeniUser" &&
isset($_COOKIE['quickvm_user']) &&
$_COOKIE['quickvm_user'] == $creator->uuid()))) {
PAGEERROR("You do not have permission to look at this experiment!");
if (ISFOREIGN_ADMIN()) {
# See comment above.
$isfadmin = 1;
}
else {
PAGEERROR("You do not have permission to look at this experiment!");
}
}
}
$slice = GeniSlice::Lookup("sa", $instance->slice_uuid());
......@@ -213,6 +225,7 @@ echo " window.APT_OPTIONS.creatorUid = '" . $creator_uid . "';\n";
echo " window.APT_OPTIONS.creatorEmail = '" . $creator_email . "';\n";
echo " window.APT_OPTIONS.registered = $registered;\n";
echo " window.APT_OPTIONS.isadmin = $isadmin;\n";
echo " window.APT_OPTIONS.isfadmin = $isfadmin;\n";
echo " window.APT_OPTIONS.cansnap = $cansnap;\n";
echo " window.APT_OPTIONS.canclone = $canclone;\n";
echo " window.APT_OPTIONS.snapping = $snapping;\n";
......@@ -249,7 +262,9 @@ echo "<link rel='stylesheet'
echo "<link rel='stylesheet' href='css/progress.css'>\n";
echo "<link rel='stylesheet' href='css/codemirror.css'>\n";
echo "<div class='hidden'><textarea id='extension_reason'>$extension_reason</textarea></div>\n";
echo "<pre class='hidden' id='extension_history'>$extension_history</pre>\n";
if ($extension_reason != "") {
echo "<pre class='hidden' id='extension_history'>$extension_history</pre>\n";
}
SPITFOOTER();
?>
......@@ -97,13 +97,12 @@
<tbody>
<% _.each(dashboard.latest, function(value, key) { %>
<tr>
<td><a href="status.php?uuid=<%- value.uuid %>">
<%- value.name %></a></td>
<% if (!isadmin) { %>
<td><%- value.name %></td>
<td><%- value.creator %></td>
<% } %>
<% if (isadmin) { %>
<td><a href="status.php?uuid=<%- value.uuid %>">
<%- value.name %></a></td>
<td><a href="https://www.emulab.net/showuser.php3?user=<%- value.creator_idx %>"><%- value.creator %></a></td>
<% } %>
<td><a href="show-profile.php?uuid=<%- value.profile_uuid %>">
......
......@@ -120,7 +120,7 @@
</div>
<% } %>
<div class='pull-right'>
<% if (registered) { %>
<% if (registered && !isfadmin) { %>
<button class='btn btn-xs btn-primary hidden' disabled
id='clone_button' type=button>
Clone</button>
......@@ -145,11 +145,14 @@
<% } %>
<button class='btn btn-xs btn-success' disabled
id='extend_button' type=button>
Extend</button>
<button class='btn btn-xs btn-danger' disabled
id='terminate_button' type=button
data-toggle='modal' data-target='#terminate_modal'>
Terminate</button>
<% if (isfadmin) { %>Extension History<% } else { %>Extend<% } %>
</button>
<% if (!isfadmin) { %>
<button class='btn btn-xs btn-danger' disabled
id='terminate_button' type=button
data-toggle='modal' data-target='#terminate_modal'>
Terminate</button>
<% } %>
</div>
</div>
</div>
......@@ -397,6 +400,24 @@
</div>
</div>
</div>
<!-- This is the extend history modal for foreign admins -->
<div id='extend_history_modal' class='modal fade'>
<div class='modal-dialog'>
<div class='modal-content'>
<div class='modal-header'>
<button type='button' class='close' data-dismiss='modal'
aria-hidden='true'>&times;</button>
<h5>
<a data-toggle="collapse"
href="#history">Extension History</a>
</h5>
</div>
<div class='modal-body'>
<pre id="extend_history"></pre>
</div>
</div>
</div>
</div>
<div id='waitwait_div'></div>
<div id='terminate_div'></div>
<div id='oops_div'></div>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment