toggle.php 9.92 KB
Newer Older
1 2
<?php
#
3
# Copyright (c) 2000-2014 University of Utah and the Flux Group.
4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
# 
# {{{EMULAB-LICENSE
# 
# This file is part of the Emulab network testbed software.
# 
# This file is free software: you can redistribute it and/or modify it
# under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at
# your option) any later version.
# 
# This file is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public
# License for more details.
# 
# You should have received a copy of the GNU Affero General Public License
# along with this file.  If not, see <http://www.gnu.org/licenses/>.
# 
# }}}
23
#
24
include_once("defs.php3");
25 26 27 28 29 30 31 32

#
# This page is a generic toggle page, like adminmode.php3, but more
# generalized. There are a set of things you can toggle, and each of
# those items has a permission check and a set (pair) of valid values.
#
# Usage: toggle.php?type=swappable&value=1&pid=foo&eid=bar
# (type & value are required, others are optional and vary by type)
33 34 35 36 37
#
# No PAGEHEADER since we spit out a Location header later. See below.
#
# Only known and logged in users can do this.
#
38 39 40
$this_user = CheckLoginOrDie(CHECKLOGIN_USERSTATUS|CHECKLOGIN_WEBONLY);
$uid       = $this_user->uid();
$isadmin   = ISADMIN();
41 42

# List of valid toggles
43
$toggles = array("adminon", "webfreeze", "cvsweb", "lockdown", "stud",
44
		 "cvsrepo_public", "workbench", "hiderun", "widearearoot",
45
		 "imageglobal", "skipvlans", "adminflag", "imagedoesxen");
46 47

# list of valid values for each toggle
48
$values  = array("adminon"        => array(0,1),
49 50
		 "webfreeze"      => array(0,1),
		 "cvsweb"         => array(0,1),
51
		 "stud"           => array(0,1),
52
		 "lockdown"       => array(0,1),
53
		 "skipvlans"      => array(0,1),
54
		 "cvsrepo_public" => array(0,1),
55
		 "workbench"      => array(0,1),
56
		 "widearearoot"   => array(0,1),
57
		 "imageglobal"    => array(0,1),
58
		 "imagedoesxen"   => array(0,1),
59
		 "adminflag"      => array(0,1),
60
		 "hiderun"        => array(0,1));
61 62

# list of valid extra variables for the each toggle, and mandatory flag.
63
$optargs = array("adminon"        => array(),
64 65
		 "webfreeze"      => array("user" => 1),
		 "cvsweb"         => array("user" => 1),
66
		 "stud"           => array("user" => 1),
67
		 "lockdown"       => array("pid" => 1, "eid" => 1),
68
		 "skipvlans"      => array("pid" => 1, "eid" => 1),
69
		 "cvsrepo_public" => array("pid" => 1),
70
		 "workbench"      => array("pid" => 1),
71
		 "widearearoot"   => array("user" => 1),
72
		 "imageglobal"    => array("imageid" => 1),
73
		 "imagedoesxen"   => array("imageid" => 1),
74
		 "adminflag"      => array("user" => 1),
75
		 "hiderun"        => array("instance" => 1, "runidx" => 1));
76 77

# Mandatory page arguments.
78 79
$reqargs = RequiredPageArguments("type",  PAGEARG_STRING,
				 "value", PAGEARG_STRING);
80

81 82
# Where we zap to.
$zapurl = null;
83 84

if (! in_array($type, $toggles)) {
85
    PAGEARGERROR("There is no toggle for $type!");
86 87
}
if (! in_array($value, $values[$type])) {
88 89 90 91 92 93 94 95 96 97 98 99 100 101
    PAGEARGERROR("The value '$value' is illegal for the $type toggle!");
}

# Check optional args and bind locally.
while (list ($arg, $required) = each ($optargs[$type])) {
    if (!isset($_GET[$arg])) {
	if ($required)
	    PAGEARGERROR("Toggle '$type' requires argument '$arg'");
	else
	    unset($$arg);
    }
    else {
	$$arg = addslashes($_GET[$arg]);
    }
102 103 104 105 106
}

#
# Permissions checks, and do the toggle...
#
107
if ($type == "adminon") {
108
    # must be admin
109
    # Do not check if they are admin mode (ISADMIN), check if they
110 111
    # have the power to change to admin mode!
    if (! ($CHECKLOGIN_STATUS & CHECKLOGIN_ISADMIN) ) {
112 113
	USERERROR("You do not have permission to toggle $type!", 1);
    }
114
    SETADMINMODE($value);
115
}
116 117
elseif ($type == "webfreeze") {
    # must be admin
118
    if (! $isadmin) {
119 120
	USERERROR("You do not have permission to toggle $type!", 1);
    }
121 122
    if (! ($target_user = User::Lookup($user))) {
	PAGEARGERROR("Target user '$user' is not a valid user!");
123
    }
124
    $zapurl = CreateURL("showuser", $target_user);
125
    $target_user->SetWebFreeze($value);
126
}
127 128
elseif ($type == "adminflag") {
    # This is active on geni racks only.
129
    if (0 && !$GENIRACK) {
130 131 132 133 134 135 136 137 138
	USERERROR("This toggle is disabled on non-geni racks!", 1);
    }
    # must be admin
    if (! $isadmin) {
	USERERROR("You do not have permission to toggle $type!", 1);
    }
    if (! ($target_user = User::Lookup($user))) {
	PAGEARGERROR("Target user '$user' is not a valid user!");
    }
139 140 141
    if ($value && $target_user->status() != TBDB_USERSTATUS_ACTIVE) {
	PAGEARGERROR("Target user '$user' has not been activated yet!");
    }
142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158
    $zapurl = CreateURL("showuser", $target_user);
    $target_user->SetAdminFlag($value);
    $target_uid = $target_user->uid();
    $this_uid   = $this_user->uid();
    if ($value) {
	TBMAIL($TBMAIL_OPS,
	       "Admin Flag enabled for '$target_uid'",
	       "$this_uid has enabled the admin flag for '$target_uid'!\n\n",
	       "From: $TBMAIL_OPS\n".
	       "Bcc: $TBMAIL_AUDIT\n".
	       "Errors-To: $TBMAIL_WWW");
    }
    SUEXEC($uid, $TBADMINGROUP,
	   "webtbacct mod $target_uid", SUEXEC_ACTION_DIE);
    SUEXEC($uid, $TBADMINGROUP,
	   "webmodgroups $target_uid", SUEXEC_ACTION_DIE);
}
159 160 161 162 163
elseif ($type == "cvsweb") {
    # must be admin
    if (! $isadmin) {
	USERERROR("You do not have permission to toggle $type!", 1);
    }
164 165
    if (! ($target_user = User::Lookup($user))) {
	PAGEARGERROR("Target user '$user' is not a valid user!");
166
    }
167
    $zapurl = CreateURL("showuser", $target_user);
168
    $target_user->SetWebFreeze($value);
169
}
170 171 172 173 174 175 176 177 178 179 180
elseif ($type == "stud") {
    # must be admin
    if (! $isadmin) {
	USERERROR("You do not have permission to toggle $type!", 1);
    }
    if (! ($target_user = User::Lookup($user))) {
	PAGEARGERROR("Target user '$user' is not a valid user!");
    }
    $zapurl = CreateURL("showuser", $target_user);
    $target_user->SetStudly($value);
}
181 182 183 184 185 186 187 188 189 190 191
elseif ($type == "widearearoot") {
    # must be admin
    if (! $isadmin) {
	USERERROR("You do not have permission to toggle $type!", 1);
    }
    if (! ($target_user = User::Lookup($user))) {
	PAGEARGERROR("Target user '$user' is not a valid user!");
    }
    $zapurl = CreateURL("showuser", $target_user);
    $target_user->SetWideAreaRoot($value);
}
192 193 194 195 196
elseif ($type == "lockdown") {
    # must be admin
    if (! $isadmin) {
	USERERROR("You do not have permission to toggle $type!", 1);
    }
197
    if (! ($experiment = Experiment::LookupByPidEid($pid, $eid))) {
198 199
	PAGEARGERROR("Experiment $pid/$eid is not a valid experiment!");
    }
200 201
    $zapurl = CreateURL("showexp", $experiment);
    $experiment->SetLockDown($value);
202
}
203
elseif ($type == "skipvlans") {
204 205 206 207 208 209 210 211
    # Must validate the pid,eid since we allow non-admins to do this.
    if (! TBvalid_pid($pid)) {
	PAGEARGERROR("Invalid characters in $pid");
    }
    if (! TBvalid_eid($eid)) {
	PAGEARGERROR("Invalid characters in $eid");
    }
    if (! ($isadmin || STUDLY() || OPSGUY())) {
212 213 214 215 216
	USERERROR("You do not have permission to toggle $type!", 1);
    }
    if (! ($experiment = Experiment::LookupByPidEid($pid, $eid))) {
	PAGEARGERROR("Experiment $pid/$eid is not a valid experiment!");
    }
217 218 219 220
    if (!$isadmin &&
	! TBMinTrust(TBGrpTrust($uid, $pid, $pid), $TBDB_TRUST_LOCALROOT)) {
	USERERROR("You do not have permission to toggle $type!", 1);
    }
221 222 223
    $zapurl = CreateURL("showexp", $experiment);
    $experiment->SetSkipVlans($value);
}
224
elseif ($type == "imageglobal" || $type == "imagedoesxen") {
225 226 227 228 229 230 231 232 233 234 235 236 237 238
    include("imageid_defs.php");
    
    # Must validate since we allow non-admins to do this.
    if (! TBvalid_imageid($imageid)) {
	PAGEARGERROR("Invalid characters in $imageid");
    }
    if (! ($image = Image::Lookup($imageid))) {
	PAGEARGERROR("Image $image is not a valid image!");
    }
    if (!$isadmin &&
	!$image->AccessCheck($this_user, $TB_IMAGEID_MODIFYINFO)) {
	USERERROR("You do not have permission to toggle $type!", 1);
    }
    $zapurl = CreateURL("showimageid", $image);
239 240 241 242 243 244
    if ($type == "imagedoesxen") {
	$image->DoesXen($value);
    }
    else {
	$image->SetGlobal($value);
    }
245
}
246 247 248 249 250
elseif ($type == "cvsrepo_public") {
    # Must validate the pid since we allow non-admins to do this.
    if (! TBvalid_pid($pid)) {
	PAGEARGERROR("Invalid characters in $pid");
    }
251
    if (! ($project = Project::Lookup($pid))) {
252 253 254 255 256 257 258
	PAGEARGERROR("Project $pid is not a valid project!");
    }
    # Must be admin or project/group root.
    if (!$isadmin &&
	! TBMinTrust(TBGrpTrust($uid, $pid, $pid), $TBDB_TRUST_GROUPROOT)) {
	USERERROR("You do not have permission to toggle $type!", 1);
    }
259 260
    $zapurl = CreateURL("showproject", $project);
    $project->SetCVSRepoPublic($value);
261 262
    $unix_pid = $project->unix_gid();
    SUEXEC($uid, $unix_pid, "webcvsrepo_ctrl $pid", SUEXEC_ACTION_DIE);
263
}
264 265 266 267 268 269 270 271 272 273 274 275 276 277 278
elseif ($type == "workbench") {
    # Must validate the pid since we allow non-admins to do this.
    if (! TBvalid_pid($pid)) {
	PAGEARGERROR("Invalid characters in $pid");
    }
    if (! ($project = Project::Lookup($pid))) {
	PAGEARGERROR("Project $pid is not a valid project!");
    }
    # Must be admin
    if (!$isadmin) {
	USERERROR("You do not have permission to toggle $type!", 1);
    }
    $zapurl = CreateURL("showproject", $project);
    $project->SetAllowWorkbench($value);
}
279 280 281 282 283 284 285 286 287
elseif ($type == "hiderun") {
    RequiredPageArguments("instance",  PAGEARG_INSTANCE,
			  "runidx",    PAGEARG_INTEGER);

    if (! $instance->AccessCheck($this_user, $TB_EXPT_MODIFY)) {
	USERERROR("You do not have permission to modify this instance", 1);
    }
    $instance->SetRunHidden($runidx, $value);
}
288
else {
289 290 291 292 293 294
    USERERROR("Nobody has permission to toggle $type!", 1);
}
    
#
# Spit out a redirect 
#
295 296
if (isset($_SERVER["HTTP_REFERER"]) && $_SERVER["HTTP_REFERER"] != "" &&
    strpos($_SERVER["HTTP_REFERER"],$_SERVER["SCRIPT_NAME"])===false) {
297
    # Make sure the referer is not me!
298
    header("Location: " . $_SERVER["HTTP_REFERER"]);
299
}
300 301 302
elseif ($zapurl) {
    header("Location: $zapurl");
}
303
else {
304
    header("Location: $TBBASE/showuser.php3");
305 306 307
}

?>