editgroup.php3 7.6 KB
Newer Older
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1
<?php
Leigh B. Stoller's avatar
Leigh B. Stoller committed
2 3
#
# EMULAB-COPYRIGHT
4
# Copyright (c) 2000-2003 University of Utah and the Flux Group.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
5 6
# All rights reserved.
#
Leigh B. Stoller's avatar
Leigh B. Stoller committed
7 8 9 10
include("defs.php3");
include("showstuff.php3");

#
11
# No testbed header since we spit out a redirect.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
12
#
13
ignore_user_abort(1);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33

#
# Only known and logged in users.
#
$uid = GETLOGIN();
LOGGEDINORDIE($uid);

#
# First off, sanity check page args.
#
if (!isset($pid) ||
    strcmp($pid, "") == 0) {
    USERERROR("Must provide a Project ID!", 1);
}
if (!isset($gid) ||
    strcmp($gid, "") == 0) {
    USERERROR("Must privide a Group ID!", 1);
}

#
34
# The default group membership cannot be changed, but the trust levels can.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
35
#
36
$defaultgroup = 0;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
37
if (strcmp($gid, $pid) == 0) {
38
    $defaultgroup = 1;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
39 40 41 42 43
}

#
# Verify permission. 
#
44
if (! TBProjAccessCheck($uid, $pid, $gid, $TB_PROJECT_EDITGROUP)) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
45 46 47 48
    USERERROR("You do not have permission to edit group $gid in ".
	      "project $pid!", 1);
}

49 50 51 52 53 54 55 56
#
# See if user is allowed to add non-members to group.
# 
$grabusers = 0;
if (TBProjAccessCheck($uid, $pid, $gid, $TB_PROJECT_GROUPGRABUSERS)) {
    $grabusers = 1;
}

57 58 59 60 61 62 63 64
#
# See if user is allowed to bestow group_root upon members of group.
# 
$bestowgrouproot = 0;
if (TBProjAccessCheck($uid, $pid, $gid, $TB_PROJECT_BESTOWGROUPROOT)) {
    $bestowgrouproot = 1;
}

Leigh B. Stoller's avatar
Leigh B. Stoller committed
65 66
#
# Grab the current user list for the group. The group leader cannot be
67 68
# removed! Do not include members that have not been approved to main
# group either! This will force them to go through the approval page first.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
69 70
#
$curmembers_result =
71
    DBQueryFatal("select distinct m.uid, m.trust from group_membership as m ".
Leigh B. Stoller's avatar
Leigh B. Stoller committed
72 73
		 "left join groups as g on g.pid=m.pid and g.gid=m.gid ".
		 "where m.pid='$pid' and m.gid='$gid' and ".
74
		 "      m.uid!=g.leader and m.trust!='none'");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
75 76 77

#
# Grab the user list from the project. These are the people who can be
78 79 80
# added. Do not include people in the above list, obviously! Do not
# include members that have not been approved to main group either! This
# will force them to go through the approval page first.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
81 82
# 
$nonmembers_result =
83
    DBQueryFatal("select m.uid from group_membership as m ".
Leigh B. Stoller's avatar
Leigh B. Stoller committed
84 85
		 "left join group_membership as a on ".
		 "     a.uid=m.uid and a.pid=m.pid and a.gid='$gid' ".
86 87
		 "where m.pid='$pid' and m.gid=m.pid and a.uid is NULL ".
		 "      and m.trust!='none'");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
88

89 90 91 92 93

#
# First pass does checks. Second pass does the real thing. 
#

Leigh B. Stoller's avatar
Leigh B. Stoller committed
94 95 96
#
# Go through the list of current members. For each one, check to see if
# the checkbox for that person was checked. If not, delete the person
97 98
# from the group membership. Otherwise, look to see if the trust level
# has been changed.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
99 100 101
# 
if (mysql_num_rows($curmembers_result)) {
    while ($row = mysql_fetch_array($curmembers_result)) {
102
	$user = $row[0];
103
	$oldtrust = $row[1];
104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119
	$foo  = "change_$user";

	#
	# Is member to be deleted?
	# 
	if (!$defaultgroup && !isset($$foo)) {
	    # Yes.
	    continue;
	}

        #
        # There should be a corresponding trust variable in the POST vars.
        # Note that we construct the variable name and indirect to it.
        #
        $foo      = "$user\$\$trust";
	$newtrust = $$foo;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
120
	
121 122 123 124 125 126 127 128 129 130
	if (!$newtrust || strcmp($newtrust, "") == 0) {
	    TBERROR("Error finding trust for $user in editgroup.php3", 1);
	}

	if (strcmp($newtrust, "user") &&
	    strcmp($newtrust, "local_root") &&
	    strcmp($newtrust, "group_root")) {
	    TBERROR("Invalid trust $newtrust for $user in editgroup.php3.", 1);
	}

131 132 133 134 135 136 137 138 139 140 141 142
	#
	# If the user is attempting to bestow group_root on a user who 
	# did not previously have group_root, check to see if the operation is
	# permitted.
	#
	if (strcmp($newtrust, $oldtrust) &&
	    !strcmp($newtrust, "group_root") && 
	    !$bestowgrouproot) {
	    USERERROR("You do not have permission to bestow group root".
		      "trust to users in $pid/$gid!", 1 );
	}

143
	TBCheckGroupTrustConsistency($user, $pid, $gid, $newtrust, 1);
144 145 146 147 148 149 150
    }
}

#
# Go through the list of non members. For each one, check to see if
# the checkbox for that person was checked. If so, add the person
# to the group membership, with the trust level specified.
151 152 153 154
# Only do this if user has permission to grab users. 
#

if ($grabusers && !$defaultgroup && mysql_num_rows($nonmembers_result)) {
155 156 157 158 159
    while ($row = mysql_fetch_array($nonmembers_result)) {
	$user = $row[0];
	$foo  = "add_$user";
	
	if (isset($$foo)) {
160 161 162 163 164
	    #
	    # There should be a corresponding trust variable in the POST vars.
	    # Note that we construct the variable name and indirect to it.
	    #
	    $bar      = "$user\$\$trust";
165
	    $newtrust = $$bar;
166
	    
167 168 169 170
	    if (!$newtrust || strcmp($newtrust, "") == 0) {
		TBERROR("Error finding trust for $user in editgroup.php3",
			1);
	    }
171
	    
172 173 174 175 176 177
	    if (strcmp($newtrust, "user") &&
		strcmp($newtrust, "local_root") &&
		strcmp($newtrust, "group_root")) {
		TBERROR("Invalid trust $newtrust for $user in editgroup.php3.",
			1);
	    }
178 179 180 181 182 183

	    if (!strcmp($newtrust, "group_root")
		&& !$bestowgrouproot) {
		USERERROR("You do not have permission to bestow group root".
			  "trust to users in $pid/$gid!", 1 );
	    }
184
	    
Chad Barb's avatar
Chad Barb committed
185
	    TBCheckGroupTrustConsistency($user, $pid, $gid, $newtrust);
186 187 188 189 190
	}
    }
}

#
191 192
# Now do the second pass, which makes the changes. Record the user IDs
# that are changed so that we can pass that to setgroups below.
193
#
194
$modusers = "";
195 196 197 198 199 200 201 202 203 204 205 206

#
# Go through the list of current members. For each one, check to see if
# the checkbox for that person was checked. If not, delete the person
# from the group membership. Otherwise, look to see if the trust level
# has been changed.
#
if (mysql_num_rows($curmembers_result)) {
    mysql_data_seek($curmembers_result, 0);
    
    while ($row = mysql_fetch_array($curmembers_result)) {
	$user = $row[0];
207
	$oldtrust = $row[1];
208
	$foo  = "change_$user";
209

210
	if (!$defaultgroup && !isset($$foo)) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
211
	    DBQueryFatal("delete from group_membership ".
212 213
			 "where pid='$pid' and gid='$gid' and uid='$user'");

214
	    $modusers = "$modusers $user";
215
	    continue;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
216
	}
217 218 219 220 221 222 223
        #
        # There should be a corresponding trust variable in the POST vars.
        # Note that we construct the variable name and indirect to it.
        #
        $foo      = "$user\$\$trust";
	$newtrust = $$foo;
	
224 225 226 227
	if (strcmp($oldtrust,$newtrust)) {
	    DBQueryFatal("update group_membership set trust='$newtrust' ".
			 "where pid='$pid' and gid='$gid' and uid='$user'");
	}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
228 229 230 231 232 233
    }
}

#
# Go through the list of non members. For each one, check to see if
# the checkbox for that person was checked. If so, add the person
234
# to the group membership, with the trust level specified.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
235
# 
236

237 238 239
if ($grabusers && !$defaultgroup && mysql_num_rows($nonmembers_result)) {
    mysql_data_seek($nonmembers_result, 0);
    
Leigh B. Stoller's avatar
Leigh B. Stoller committed
240
    while ($row = mysql_fetch_array($nonmembers_result)) {
241 242
	$user = $row[0];
	$foo  = "add_$user";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
243 244
	
	if (isset($$foo)) {
245 246 247 248 249
	    #
	    # There should be a corresponding trust variable in the POST vars.
	    # Note that we construct the variable name and indirect to it.
	    #
	    $bar      = "$user\$\$trust";
250
	    $newtrust = $$bar;
251
	    
Leigh B. Stoller's avatar
Leigh B. Stoller committed
252
	    DBQueryFatal("insert into group_membership ".
253 254 255
			 "(uid, pid, gid, trust, ".
			 " date_applied,date_approved) ".
			 "values ('$user','$pid','$gid', '$newtrust', ".
Leigh B. Stoller's avatar
Leigh B. Stoller committed
256
			 "        now(), now())");
257 258
	    
	    $modusers = "$modusers $user";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
259 260 261 262 263 264 265 266 267 268 269 270 271 272
	}
    }
}

#
# Grab the unix GID for running scripts.
#
TBGroupUnixInfo($pid, $pid, $unix_gid, $unix_name);

#
# Run the script. This will do the account stuff for all the people
# in the group. This is the same script that gets run when the group
# is first created.
#
273
SUEXEC($uid, $unix_gid, "websetgroups -p $pid $modusers", 1);
274

Leigh B. Stoller's avatar
Leigh B. Stoller committed
275
#
276 277
# Spit out a redirect so that the history does not include a post
# in it. The back button skips over the post and to the form.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
278
# 
279
header("Location: showgroup.php3?pid=$pid&gid=$gid");
280

281
# No Testbed footer.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
282
?>