approveuser_form.php3 7.34 KB
Newer Older
1
<?php
Leigh Stoller's avatar
Leigh Stoller committed
2 3
#
# EMULAB-COPYRIGHT
4
# Copyright (c) 2000-2003 University of Utah and the Flux Group.
Leigh Stoller's avatar
Leigh Stoller committed
5 6
# All rights reserved.
#
7 8
include("defs.php3");

9 10 11 12 13
#
# Standard Testbed Header
#
PAGEHEADER("New Users Approval Form");

14 15 16
#
# Only known and logged in users can be verified.
#
17
$auth_usr = GETLOGIN();
18 19 20
LOGGEDINORDIE($auth_usr);

echo "
Leigh Stoller's avatar
Leigh Stoller committed
21
      <h2>Approve new users in your Project or Group</h2>
Chad Barb's avatar
Chad Barb committed
22
      <p>
Leigh Stoller's avatar
Leigh Stoller committed
23 24
      Use this page to approve new members of your Project or Group.  Once
      approved, they will be able to log into machines in your Project's 
25
      experiments. Be sure to toggle the menu options appropriately for
26
      each pending user.
Chad Barb's avatar
Chad Barb committed
27
      </p>
28

Chad Barb's avatar
Chad Barb committed
29 30
      <center>
      <h4>You have the following choices for <b>Action</b>:</h4>
31 32
      <table cellspacing=2 border=0>
        <tr>
Chad Barb's avatar
Chad Barb committed
33
            <td><b>Postpone</b></td>
Jay Lepreau's avatar
Jay Lepreau committed
34
            <td>Do nothing; application remains, pending a decision.</td>
35 36
        </tr>
        <tr>
Chad Barb's avatar
Chad Barb committed
37
            <td><b>Deny</b></td>
Jay Lepreau's avatar
Jay Lepreau committed
38
            <td>Deny user application and so notify the user.</td>
39 40
        </tr>
        <tr>
Chad Barb's avatar
Chad Barb committed
41
            <td><b>Nuke</b></td>
Jay Lepreau's avatar
Jay Lepreau committed
42 43
            <td>Nuke user application.  Kills user account, without
		notice to user.  Useful for
44 45 46
                bogus project applications.</td>
        </tr>
        <tr>
Chad Barb's avatar
Chad Barb committed
47
            <td><b>Approve</b></td>
48 49 50
            <td>Approve the user</td>
        </tr>
      </table>
Chad Barb's avatar
Chad Barb committed
51 52 53
      <br />
      <h4>You have the following choices for <b>Trust</b>:</h4>
      <table cellspacing=2 cellpadding=4 border=0>
54
        <tr>
Chad Barb's avatar
Chad Barb committed
55
            <td><b>User</b></td>
56 57 58
            <td>User may log into machines in your experiments</td>
        </tr>
        <tr>
Chad Barb's avatar
Chad Barb committed
59
            <td><b>Local Root</b></td>
60
            <td>User may create/destroy experiments in your project and
Jay Lepreau's avatar
Jay Lepreau committed
61
                has root privileges on machines in your experiments</td>
62
        </tr>
Leigh Stoller's avatar
Leigh Stoller committed
63
        <tr>
Chad Barb's avatar
Chad Barb committed
64
            <td><b>Group Root</b></td>
Leigh Stoller's avatar
Leigh Stoller committed
65 66 67 68 69 70
            <td>In addition to Local Root privileges, user may also
                approve new group members and 
                modify user info for other users within the group. This
                level of trust is typically given only to TAs and the
                like.</td>
        </tr>
71
      </table>
Chad Barb's avatar
Chad Barb committed
72
      <br />
73 74 75
      <b>Important group
       <a href='docwrapper.php3?docname=groups.html#SECURITY'>
       security issues</a> are discussed in the
Chad Barb's avatar
Chad Barb committed
76
       <a href='docwrapper.php3?docname=groups.html'>Groups Tutorial</a>.
77
      </b>
Chad Barb's avatar
Chad Barb committed
78
      </center><br />
79

80
      \n";
81 82

#
Leigh Stoller's avatar
Leigh Stoller committed
83 84 85
# Find all of the groups that this person has project/group root in, and 
# then in all of those groups, all of the people who are awaiting to be
# approved (status = none).
86
#
Leigh Stoller's avatar
Leigh Stoller committed
87
# First off, just determine if this person has group/project root anywhere.
88
#
Leigh Stoller's avatar
Leigh Stoller committed
89 90 91
$query_result =
    DBQueryFatal("SELECT pid FROM group_membership WHERE uid='$auth_usr' ".
		 "and (trust='group_root' or trust='project_root')");
92
if (mysql_num_rows($query_result) == 0) {
Leigh Stoller's avatar
Leigh Stoller committed
93
    USERERROR("You do not have Root permissions in any Project or Group.", 1);
94 95 96 97
}

#
# Okay, so this operation sucks out the right people by joining the
Leigh Stoller's avatar
Leigh Stoller committed
98
# group_membership table with itself. Kinda obtuse if you are not a natural
99 100
# DB guy. Sorry. Well, obtuse to me.
# 
Leigh Stoller's avatar
Leigh Stoller committed
101
$query_result =
102 103 104
    DBQueryFatal("select g.* from group_membership as authed ".
		 "left join group_membership as g on ".
		 " g.pid=authed.pid and g.gid=authed.gid ".
105
		 "left join users as u on u.uid=g.uid ".
106 107 108 109 110 111 112 113
		 "where u.status!='".
		 TBDB_USERSTATUS_UNVERIFIED . "' and ".
		 " u.status!='" . TBDB_USERSTATUS_NEWUSER . 
		 "' and g.uid!='$auth_usr' and ".
		 "  g.trust='". TBDB_TRUSTSTRING_NONE . "' ".
		 "  and authed.uid='$auth_usr' and ".
		 "  (authed.trust='group_root' or ".
		 "   authed.trust='project_root') ".
114
		 "ORDER BY g.uid,g.pid,g.gid");
Leigh Stoller's avatar
Leigh Stoller committed
115

116 117 118 119 120 121 122 123 124
if (mysql_num_rows($query_result) == 0) {
    USERERROR("You have no new project members who need approval.", 1);
}

#
# Now build a table with a bunch of selections. The thing to note about the
# form inside this table is that the selection fields are constructed with
# name= on the fly, from the uid of the user to be approved. In other words:
#
Leigh Stoller's avatar
Leigh Stoller committed
125 126 127
#             uid     menu     project/group
#	name=stoller$$approval-testbed/testbed value=approved,denied,postpone
#	name=stoller$$trust-testbed/testbed value=user,local_root
128 129
#
# so that we can go through the entire list of post variables, looking
130
# for these. The alternative is to work backwards, and I do not like that.
131
# 
132 133
echo "<table width=\"100%\" border=2 cellpadding=2 cellspacing=2
       align=\"center\">\n";
134 135

echo "<tr>
136 137 138 139 140 141 142 143 144 145 146
          <th rowspan=2>User</th>
          <th rowspan=2>Project</th>
          <th rowspan=2>Group</th>
          <th rowspan=2>Date<br>Applied</th>
          <th rowspan=2>Action</th>
          <th rowspan=2>Trust</th>
          <th>Name</th>
          <th>Title</th>
          <th>Affil</th>
          <th>E-mail</th>
          <th>Phone</th>
147 148
      </tr>
      <tr>
149
          <th colspan=5>Addr</th>
150 151
      </tr>\n";

152
echo "<form action='approveuser.php3' method='post'>\n";
153 154

while ($usersrow = mysql_fetch_array($query_result)) {
155 156
    $newuid        = $usersrow[uid];
    $pid           = $usersrow[pid];
Leigh Stoller's avatar
Leigh Stoller committed
157
    $gid           = $usersrow[gid];
158 159 160 161 162 163 164 165
    $date_applied  = $usersrow[date_applied];

    #
    # Cause this field was added late and might be null.
    # 
    if (! $date_applied) {
	$date_applied = "--";
    }
166

Leigh Stoller's avatar
Leigh Stoller committed
167 168
    $userinfo_result =
	DBQueryFatal("SELECT * from users where uid='$newuid'");
169 170 171 172 173 174 175 176 177 178 179 180 181

    $row	= mysql_fetch_array($userinfo_result);
    $name	= $row[usr_name];
    $email	= $row[usr_email];
    $title	= $row[usr_title];
    $affil	= $row[usr_affil];
    $addr	= $row[usr_addr];
    $addr2	= $row[usr_addr2];
    $city	= $row[usr_city];
    $state	= $row[usr_state];
    $zip	= $row[usr_zip];
    $phone	= $row[usr_phone];

182
     echo "<tr>
183 184
              <td rowspan=2>$newuid</td>
              <td rowspan=2>$pid</td>
Leigh Stoller's avatar
Leigh Stoller committed
185
              <td rowspan=2>$gid</td>
186
              <td rowspan=2>$date_applied</td>
187
              <td rowspan=2>
Leigh Stoller's avatar
Leigh Stoller committed
188
                  <select name=\"$newuid\$\$approval-$pid/$gid\">
189 190 191 192
                          <option value='postpone'>Postpone </option>
                          <option value='approve'>Approve </option>
                          <option value='deny'>Deny </option>
                          <option value='nuke'>Nuke </option>
193 194 195
                  </select>
              </td>
              <td rowspan=2>
196 197 198
                  <select name=\"$newuid\$\$trust-$pid/$gid\">\n";
    if (TBCheckGroupTrustConsistency($newuid, $pid, $gid, "user", 0)) {
	echo  "<option value='user'>User </option>\n";
Leigh Stoller's avatar
Leigh Stoller committed
199
    }
200 201 202
    if (TBCheckGroupTrustConsistency($newuid, $pid, $gid, "local_root", 0)) {       
	# local_root means any root is valid.
        echo  "<option value='local_root'>Local Root </option>\n";
203 204 205 206
	if (TBProjAccessCheck($auth_usr, $pid, $gid,
                              $TB_PROJECT_BESTOWGROUPROOT)) {
	    echo  "<option value='group_root'>Group Root </option>\n";
	}
207
    }	
Leigh Stoller's avatar
Leigh Stoller committed
208
    echo "        </select>
209 210 211 212 213 214 215 216 217
              </td>\n";

    echo "    <td>&nbsp;$name&nbsp;</td>
              <td>&nbsp;$title&nbsp;</td>
              <td>&nbsp;$affil&nbsp;</td>
              <td>&nbsp;$email&nbsp;</td>
              <td>&nbsp;$phone&nbsp;</td>
          </tr>\n";
    echo "<tr>
218
              <td colspan=5>&nbsp;$addr&nbsp;</td>
219 220 221
          </tr>\n";
}
echo "<tr>
Leigh Stoller's avatar
Leigh Stoller committed
222
          <td align=center colspan=11>
223 224 225
              <b><input type='submit' value='Submit' name='OK'></td>
      </tr>
      </form>
226 227 228 229 230 231
      </table>\n";

#
# Standard Testbed Footer
# 
PAGEFOOTER();
232
?>