approveuser_form.php3 7.54 KB
Newer Older
1
<?php
Leigh Stoller's avatar
Leigh Stoller committed
2 3
#
# EMULAB-COPYRIGHT
4
# Copyright (c) 2000-2003 University of Utah and the Flux Group.
Leigh Stoller's avatar
Leigh Stoller committed
5 6
# All rights reserved.
#
7 8
include("defs.php3");

9 10 11 12 13
#
# Standard Testbed Header
#
PAGEHEADER("New Users Approval Form");

14 15 16
#
# Only known and logged in users can be verified.
#
17
$auth_usr = GETLOGIN();
18 19 20
LOGGEDINORDIE($auth_usr);

echo "
Leigh Stoller's avatar
Leigh Stoller committed
21
      <h2>Approve new users in your Project or Group</h2>
Chad Barb's avatar
Chad Barb committed
22
      <p>
Leigh Stoller's avatar
Leigh Stoller committed
23 24
      Use this page to approve new members of your Project or Group.  Once
      approved, they will be able to log into machines in your Project's 
25
      experiments. Be sure to toggle the menu options appropriately for
26
      each pending user.
Chad Barb's avatar
Chad Barb committed
27
      </p>
28

Chad Barb's avatar
Chad Barb committed
29 30
      <center>
      <h4>You have the following choices for <b>Action</b>:</h4>
31 32
      <table cellspacing=2 border=0>
        <tr>
Chad Barb's avatar
Chad Barb committed
33
            <td><b>Postpone</b></td>
Jay Lepreau's avatar
Jay Lepreau committed
34
            <td>Do nothing; application remains, pending a decision.</td>
35 36
        </tr>
        <tr>
Chad Barb's avatar
Chad Barb committed
37
            <td><b>Deny</b></td>
Jay Lepreau's avatar
Jay Lepreau committed
38
            <td>Deny user application and so notify the user.</td>
39 40
        </tr>
        <tr>
Chad Barb's avatar
Chad Barb committed
41
            <td><b>Nuke</b></td>
Jay Lepreau's avatar
Jay Lepreau committed
42 43
            <td>Nuke user application.  Kills user account, without
		notice to user.  Useful for
44 45 46
                bogus project applications.</td>
        </tr>
        <tr>
Chad Barb's avatar
Chad Barb committed
47
            <td><b>Approve</b></td>
48 49 50
            <td>Approve the user</td>
        </tr>
      </table>
Chad Barb's avatar
Chad Barb committed
51 52 53
      <br />
      <h4>You have the following choices for <b>Trust</b>:</h4>
      <table cellspacing=2 cellpadding=4 border=0>
54
        <tr>
Chad Barb's avatar
Chad Barb committed
55
            <td><b>User</b></td>
56 57 58
            <td>User may log into machines in your experiments</td>
        </tr>
        <tr>
Chad Barb's avatar
Chad Barb committed
59
            <td><b>Local Root</b></td>
60
            <td>User may create/destroy experiments in your project and
Jay Lepreau's avatar
Jay Lepreau committed
61
                has root privileges on machines in your experiments</td>
62
        </tr>
Leigh Stoller's avatar
Leigh Stoller committed
63
        <tr>
Chad Barb's avatar
Chad Barb committed
64
            <td><b>Group Root</b></td>
Leigh Stoller's avatar
Leigh Stoller committed
65 66 67 68 69 70
            <td>In addition to Local Root privileges, user may also
                approve new group members and 
                modify user info for other users within the group. This
                level of trust is typically given only to TAs and the
                like.</td>
        </tr>
71
      </table>
Chad Barb's avatar
Chad Barb committed
72
      <br />
73 74 75
      <b>Important group
       <a href='docwrapper.php3?docname=groups.html#SECURITY'>
       security issues</a> are discussed in the
Chad Barb's avatar
Chad Barb committed
76
       <a href='docwrapper.php3?docname=groups.html'>Groups Tutorial</a>.
77
      </b>
Chad Barb's avatar
Chad Barb committed
78
      </center><br />
79

80
      \n";
81 82

#
Leigh Stoller's avatar
Leigh Stoller committed
83 84 85
# Find all of the groups that this person has project/group root in, and 
# then in all of those groups, all of the people who are awaiting to be
# approved (status = none).
86
#
Leigh Stoller's avatar
Leigh Stoller committed
87
# First off, just determine if this person has group/project root anywhere.
88
#
Leigh Stoller's avatar
Leigh Stoller committed
89 90 91
$query_result =
    DBQueryFatal("SELECT pid FROM group_membership WHERE uid='$auth_usr' ".
		 "and (trust='group_root' or trust='project_root')");
92
if (mysql_num_rows($query_result) == 0) {
Leigh Stoller's avatar
Leigh Stoller committed
93
    USERERROR("You do not have Root permissions in any Project or Group.", 1);
94 95 96 97
}

#
# Okay, so this operation sucks out the right people by joining the
Leigh Stoller's avatar
Leigh Stoller committed
98
# group_membership table with itself. Kinda obtuse if you are not a natural
99 100
# DB guy. Sorry. Well, obtuse to me.
# 
Leigh Stoller's avatar
Leigh Stoller committed
101
$query_result =
102 103 104
    DBQueryFatal("select g.* from group_membership as authed ".
		 "left join group_membership as g on ".
		 " g.pid=authed.pid and g.gid=authed.gid ".
105
		 "left join users as u on u.uid=g.uid ".
106 107 108 109 110 111 112 113
		 "where u.status!='".
		 TBDB_USERSTATUS_UNVERIFIED . "' and ".
		 " u.status!='" . TBDB_USERSTATUS_NEWUSER . 
		 "' and g.uid!='$auth_usr' and ".
		 "  g.trust='". TBDB_TRUSTSTRING_NONE . "' ".
		 "  and authed.uid='$auth_usr' and ".
		 "  (authed.trust='group_root' or ".
		 "   authed.trust='project_root') ".
114
		 "ORDER BY g.uid,g.pid,g.gid");
Leigh Stoller's avatar
Leigh Stoller committed
115

116 117 118 119 120 121 122 123 124
if (mysql_num_rows($query_result) == 0) {
    USERERROR("You have no new project members who need approval.", 1);
}

#
# Now build a table with a bunch of selections. The thing to note about the
# form inside this table is that the selection fields are constructed with
# name= on the fly, from the uid of the user to be approved. In other words:
#
Leigh Stoller's avatar
Leigh Stoller committed
125 126 127
#             uid     menu     project/group
#	name=stoller$$approval-testbed/testbed value=approved,denied,postpone
#	name=stoller$$trust-testbed/testbed value=user,local_root
128 129
#
# so that we can go through the entire list of post variables, looking
130
# for these. The alternative is to work backwards, and I do not like that.
131
# 
132 133
echo "<table width=\"100%\" border=2 cellpadding=2 cellspacing=2
       align=\"center\">\n";
134 135

echo "<tr>
136 137 138 139 140 141 142 143 144 145 146
          <th rowspan=2>User</th>
          <th rowspan=2>Project</th>
          <th rowspan=2>Group</th>
          <th rowspan=2>Date<br>Applied</th>
          <th rowspan=2>Action</th>
          <th rowspan=2>Trust</th>
          <th>Name</th>
          <th>Title</th>
          <th>Affil</th>
          <th>E-mail</th>
          <th>Phone</th>
147 148
      </tr>
      <tr>
149 150 151 152
          <th colspan=2>Addr</th>
          <th>City</th>
          <th>State</th>
          <th>Zip</th>
153 154
      </tr>\n";

155
echo "<form action='approveuser.php3' method='post'>\n";
156 157

while ($usersrow = mysql_fetch_array($query_result)) {
158 159
    $newuid        = $usersrow[uid];
    $pid           = $usersrow[pid];
Leigh Stoller's avatar
Leigh Stoller committed
160
    $gid           = $usersrow[gid];
161 162 163 164 165 166 167 168
    $date_applied  = $usersrow[date_applied];

    #
    # Cause this field was added late and might be null.
    # 
    if (! $date_applied) {
	$date_applied = "--";
    }
169

Leigh Stoller's avatar
Leigh Stoller committed
170 171
    $userinfo_result =
	DBQueryFatal("SELECT * from users where uid='$newuid'");
172 173 174 175 176 177 178 179 180 181 182 183 184

    $row	= mysql_fetch_array($userinfo_result);
    $name	= $row[usr_name];
    $email	= $row[usr_email];
    $title	= $row[usr_title];
    $affil	= $row[usr_affil];
    $addr	= $row[usr_addr];
    $addr2	= $row[usr_addr2];
    $city	= $row[usr_city];
    $state	= $row[usr_state];
    $zip	= $row[usr_zip];
    $phone	= $row[usr_phone];

185
     echo "<tr>
186 187
              <td rowspan=2>$newuid</td>
              <td rowspan=2>$pid</td>
Leigh Stoller's avatar
Leigh Stoller committed
188
              <td rowspan=2>$gid</td>
189
              <td rowspan=2>$date_applied</td>
190
              <td rowspan=2>
Leigh Stoller's avatar
Leigh Stoller committed
191
                  <select name=\"$newuid\$\$approval-$pid/$gid\">
192 193 194 195
                          <option value='postpone'>Postpone </option>
                          <option value='approve'>Approve </option>
                          <option value='deny'>Deny </option>
                          <option value='nuke'>Nuke </option>
196 197 198
                  </select>
              </td>
              <td rowspan=2>
199 200 201
                  <select name=\"$newuid\$\$trust-$pid/$gid\">\n";
    if (TBCheckGroupTrustConsistency($newuid, $pid, $gid, "user", 0)) {
	echo  "<option value='user'>User </option>\n";
Leigh Stoller's avatar
Leigh Stoller committed
202
    }
203 204 205
    if (TBCheckGroupTrustConsistency($newuid, $pid, $gid, "local_root", 0)) {       
	# local_root means any root is valid.
        echo  "<option value='local_root'>Local Root </option>\n";
206 207 208 209
	if (TBProjAccessCheck($auth_usr, $pid, $gid,
                              $TB_PROJECT_BESTOWGROUPROOT)) {
	    echo  "<option value='group_root'>Group Root </option>\n";
	}
210
    }	
Leigh Stoller's avatar
Leigh Stoller committed
211
    echo "        </select>
212 213 214 215 216 217 218 219 220
              </td>\n";

    echo "    <td>&nbsp;$name&nbsp;</td>
              <td>&nbsp;$title&nbsp;</td>
              <td>&nbsp;$affil&nbsp;</td>
              <td>&nbsp;$email&nbsp;</td>
              <td>&nbsp;$phone&nbsp;</td>
          </tr>\n";
    echo "<tr>
221 222 223 224
              <td colspan=5>&nbsp;$addr&nbsp;
                            &nbsp;$city&nbsp;
                            &nbsp;$state&nbsp;
                            &nbsp;$zip&nbsp;</td>
225 226 227
          </tr>\n";
}
echo "<tr>
Leigh Stoller's avatar
Leigh Stoller committed
228
          <td align=center colspan=11>
229 230 231
              <b><input type='submit' value='Submit' name='OK'></td>
      </tr>
      </form>
232 233 234 235 236 237
      </table>\n";

#
# Standard Testbed Footer
# 
PAGEFOOTER();
238
?>