Commit 0ac35a4b authored by Leigh Stoller's avatar Leigh Stoller

Add APT/Cloud page to approve/deny users, rather then having project

leaders go through Emulab interface. Leader will get email like this:

You can approve or reject this user:

Approve:  https://www.cloudlab.us/approveuser.php?uid=leebee67&pid=lbsbox&action=approve
or
Deny:     https://www.cloudlab.us/approveuser.php?uid=leebee67&pid=lbsbox&action=deny

And clicking on one of those links will do the deed.
parent bb21573c
<?php
#
# Copyright (c) 2000-2014 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
# This file is part of the Emulab network testbed software.
#
# This file is free software: you can redistribute it and/or modify it
# under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at
# your option) any later version.
#
# This file is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public
# License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this file. If not, see <http://www.gnu.org/licenses/>.
#
# }}}
#
function CommonSetup()
{
global $ajax_args;
global $this_user;
global $TB_PROJECT_ADDUSER;
# Until I get a delay into the waitwait modal.
sleep(1);
if (!isset($ajax_args["user_uid"])) {
SPITAJAX_ERROR(1, "Missing user user_uid");
return;
}
$user_uid = $ajax_args["user_uid"];
$target_user = User::Lookup($user_uid);
if (!isset($ajax_args["pid"])) {
SPITAJAX_ERROR(1, "Missing project pid");
return;
}
$pid = $ajax_args["pid"];
$project = Project::Lookup($pid);
#
# Check that the current user has the necessary trust level
# to approver users in the project/group.
#
if (! $project->AccessCheck($this_user, $TB_PROJECT_ADDUSER)) {
SPITAJAX_ERROR(1, "You are not allowed to approve users in project $pid");
return;
}
#
# Must be an unapproved member ...
#
$approved = 0;
if (! $project->IsMember($target_user, $approved)) {
SPITAJAX_ERROR(1, "User $user_uid is not a member of project $pid");
return;
}
if ($approved) {
SPITAJAX_ERROR(1, "User $user_uid is already an approved ".
"member of project $pid");
return;
}
return array($target_user, $project);
}
#
# Deny
#
function Do_Deny()
{
global $this_user;
global $TBADMINGROUP;
$this_uid = $this_user->uid();
list ($target_user, $project) = CommonSetup();
$pid = $project->pid();
$user_uid = $target_user->uid();
#
# Must delete the group_membership record since we require that the
# user reapply once denied. Send the luser email to let him know.
#
$project->DeleteMember($target_user);
#
# See if user is in any other projects (even unapproved).
#
$project_list = $target_user->ProjectMembershipList();
#
# If no we can safely delete the user account.
#
if (!count($project_list)) {
SUEXEC($this_uid, $TBADMINGROUP, "webrmuser -n -p $pid $user_uid", 1);
}
SPITAJAX_RESPONSE("User $user_uid was denied membership in project $pid");
}
#
# Approve
#
function Do_Approve()
{
global $this_user;
global $TBADMINGROUP;
$this_uid = $this_user->uid();
list ($target_user, $project) = CommonSetup();
$pid = $project->pid();
$user_uid = $target_user->uid();
$trust = TBDB_TRUSTSTRING_LOCALROOT;
# Create the user if it is not yet approved.
if ($target_user->status() != TBDB_USERSTATUS_ACTIVE) {
$user->SetStatus(TBDB_USERSTATUS_ACTIVE);
$retval = SUEXEC($this_uid, $TBADMINGROUP,
"webtbacct add $user_uid",
SUEXEC_ACTION_CONTINUE);
if ($retval) {
SPITAJAX_ERROR(-1, "Internal error creating new user");
return;
}
}
# And update the trust level in the group.
$retval = SUEXEC($this_uid, $TBADMINGROUP,
"webmodgroups -a $pid:$pid:$trust $user_uid",
SUEXEC_ACTION_CONTINUE);
if ($retval) {
SPITAJAX_ERROR(-1, "Internal error updating user membership");
return;
}
SPITAJAX_RESPONSE("User $user_uid was granted membership in project $pid");
}
<?php
#
# Copyright (c) 2000-2014 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
# This file is part of the Emulab network testbed software.
#
# This file is free software: you can redistribute it and/or modify it
# under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at
# your option) any later version.
#
# This file is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public
# License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this file. If not, see <http://www.gnu.org/licenses/>.
#
# }}}
#
chdir("..");
include("defs.php3");
chdir("apt");
include("quickvm_sup.php");
$page_title = "Approve User";
#
# Get current user in case we need an error message.
#
RedirectSecure();
$this_user = CheckLogin($check_status);
#
# Verify page arguments.
#
$optargs = RequiredPageArguments("action", PAGEARG_STRING,
"project", PAGEARG_PROJECT,
"user", PAGEARG_USER);
#
# The user must be logged in.
#
if (!$this_user) {
RedirectLoginPage();
exit();
}
$this_idx = $this_user->uid_idx();
$this_uid = $this_user->uid();
$user_uid = $user->uid();
$pid = $project->pid();
SPITHEADER(1);
SpitWaitModal("waitwait-modal");
SpitOopsModal("oops");
echo "<div id='page-body'></div>\n";
if ($action != "approve" && $action != "deny") {
SPITUSERERROR("Action is not one of approve or deny");
return;
}
#
# Check that the current user has the necessary trust level
# to approver users in the project/group.
#
if (! $project->AccessCheck($this_user, $TB_PROJECT_ADDUSER)) {
SPITUSERERROR("You are not allowed to approve users in this project");
return;
}
#
# Must be an unapproved member ...
#
$approved = 0;
if (! $project->IsMember($user, $approved)) {
SPITUSERERROR("User $user_uid is not a member of project $pid");
return;
}
if ($approved) {
SPITUSERERROR("User $user_uid is already an approved ".
"member of project $pid");
return;
}
echo "<script type='text/javascript'>\n";
echo " window.ACTION = '$action';\n";
echo " window.USER = '$user_uid';\n";
echo " window.PROJECT = '$pid';\n";
echo " window.AJAXURL = 'server-ajax.php';\n";
echo "</script>\n";
echo "<script src='js/lib/jquery-2.0.3.min.js'></script>\n";
echo "<script src='js/lib/bootstrap.js'></script>\n";
echo "<script src='js/lib/require.js' data-main='js/approveuser'></script>\n";
SPITFOOTER();
require(window.APT_OPTIONS.configObject,
['js/quickvm_sup'],
function (sup)
{
'use strict';
function initialize()
{
window.APT_OPTIONS.initialize(sup);
var callback = function(json) {
sup.HideModal("#waitwait-modal");
//console.info(json.value);
if (json.code) {
sup.SpitOops("oops", json.value);
}
$('#page-body').html(json.value);
}
sup.ShowModal("#waitwait-modal");
var xmlthing = sup.CallServerMethod(window.AJAXURL,
"approveuser",
window.ACTION,
{"user_uid" : window.USER,
"pid" : window.PROJECT});
xmlthing.done(callback);
}
$(document).ready(initialize);
});
......@@ -74,12 +74,22 @@ $routing = array("myprofiles" =>
"Do_GetInstanceManifest",
"GetSSHAuthObject" =>
"Do_GetSSHAuthObject",
"ConsoleURL" =>
"Do_ConsoleURL",
"RequestExtension" =>
"Do_RequestExtension",
"SnapShot" =>
"Do_Snapshot",
"SnapshotStatus" =>
"Do_SnapshotStatus")));
"Do_SnapshotStatus")),
"approveuser" =>
array("file" => "approveuser.ajax",
"guest" => false,
"methods" => array("approve" =>
"Do_Approve",
"deny" =>
"Do_Deny")),
);
#
# Redefine this so we return XML instead of html for all errors.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment