Commit dfdf0a87 authored by Leigh B. Stoller's avatar Leigh B. Stoller

Change permission check from experiment creator to anyone with

group or local root in that project.
parent e3ae21ba
......@@ -26,17 +26,17 @@ if (mysql_num_rows($query_result) == 0) {
$isadmin = ISADMIN($uid);
if (! $isadmin) {
$query_result = mysql_db_query($TBDBNAME,
"SELECT experiments.* ".
"FROM experiments LEFT JOIN reserved ".
"ON experiments.pid=reserved.pid and experiments.eid=reserved.eid ".
"WHERE reserved.node_id=\"$node_id\"");
"select proj_memb.* from proj_memb left join reserved ".
"on proj_memb.pid=reserved.pid and proj_memb.uid='$uid' ".
"where reserved.node_id='$node_id'");
if (mysql_num_rows($query_result) == 0) {
PAGEHEADER("Node Control");
USERERROR("The node $node_id is not in an experiment", 1);
USERERROR("The node $node_id is not in an experiment ".
"or not in the same project as you", 1);
}
$foorow = mysql_fetch_array($query_result);
$expt_head_uid = $foorow[expt_head_uid];
if ($expt_head_uid != $uid) {
$trust = $foorow[trust];
if ($trust != "local_root" && $trust != "group_root") {
PAGEHEADER("Node Control");
USERERROR("You do not have permission to modify node $node_id!", 1);
}
......
......@@ -28,16 +28,16 @@ $row = mysql_fetch_array($query_result);
$isadmin = ISADMIN($uid);
if (! $isadmin) {
$query_result = mysql_db_query($TBDBNAME,
"SELECT experiments.* ".
"FROM experiments LEFT JOIN reserved ".
"ON experiments.pid=reserved.pid and experiments.eid=reserved.eid ".
"WHERE reserved.node_id=\"$node_id\"");
"select proj_memb.* from proj_memb left join reserved ".
"on proj_memb.pid=reserved.pid and proj_memb.uid='$uid' ".
"where reserved.node_id='$node_id'");
if (mysql_num_rows($query_result) == 0) {
USERERROR("The node $node_id is not in an experiment", 1);
USERERROR("The node $node_id is not in an experiment ".
"or not in the same project as you", 1);
}
$foorow = mysql_fetch_array($query_result);
$expt_head_uid = $foorow[expt_head_uid];
if ($expt_head_uid != $uid) {
$trust = $foorow[trust];
if ($trust != "local_root" && $trust != "group_root") {
USERERROR("You do not have permission to modify node $node_id!", 1);
}
}
......@@ -83,7 +83,7 @@ echo "<tr>
echo "<tr>
<td>Def Boot Image:</td>
<td class=\"left\">
<input type=\"text\" name=\"def_boot_image_id\" size=\"20\"
<input type=\"text\" name=\"def_boot_image_id\" size=\"30\"
value=\"$def_boot_image_id\"></td>
</tr>\n";
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment