approveuser_form.php3 7.8 KB
Newer Older
1
<?php
Leigh Stoller's avatar
Leigh Stoller committed
2
#
3
# Copyright (c) 2000-2016 University of Utah and the Flux Group.
4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
# 
# {{{EMULAB-LICENSE
# 
# This file is part of the Emulab network testbed software.
# 
# This file is free software: you can redistribute it and/or modify it
# under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at
# your option) any later version.
# 
# This file is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public
# License for more details.
# 
# You should have received a copy of the GNU Affero General Public License
# along with this file.  If not, see <http://www.gnu.org/licenses/>.
# 
# }}}
Leigh Stoller's avatar
Leigh Stoller committed
23
#
24 25 26 27 28
include("defs.php3");

#
# Only known and logged in users can be verified.
#
29 30 31 32
$this_user   = CheckLoginOrDie();
$auth_usr    = $this_user->uid();
$auth_usridx = $this_user->uid_idx();

33 34 35 36 37
#
# The reason for this call is to make sure that globals are set properly.
#
$reqargs = RequiredPageArguments();

38 39 40 41 42 43 44 45 46 47
#
# Find all of the groups that this person has project/group root in, and 
# then in all of those groups, all of the people who are awaiting to be
# approved (status = none).
#
$approvelist = $this_user->ApprovalList(1);

if (count($approvelist) == 0) {
    USERERROR("You have no new project members who need approval.", 1);
}
48

49 50 51 52 53
#
# Standard Testbed Header
#
PAGEHEADER("New User Approval");

54
echo "
Leigh Stoller's avatar
Leigh Stoller committed
55
      <h2>Approve new users in your Project or Group</h2>
Chad Barb's avatar
Chad Barb committed
56
      <p>
Leigh Stoller's avatar
Leigh Stoller committed
57 58
      Use this page to approve new members of your Project or Group.  Once
      approved, they will be able to log into machines in your Project's 
59
      experiments. Be sure to toggle the menu options appropriately for
60
      each pending user.
Chad Barb's avatar
Chad Barb committed
61
      </p>
62

Chad Barb's avatar
Chad Barb committed
63 64
      <center>
      <h4>You have the following choices for <b>Action</b>:</h4>
65 66
      <table cellspacing=2 border=0>
        <tr>
Chad Barb's avatar
Chad Barb committed
67
            <td><b>Postpone</b></td>
Jay Lepreau's avatar
Jay Lepreau committed
68
            <td>Do nothing; application remains, pending a decision.</td>
69 70
        </tr>
        <tr>
Chad Barb's avatar
Chad Barb committed
71
            <td><b>Deny</b></td>
Jay Lepreau's avatar
Jay Lepreau committed
72
            <td>Deny user application and so notify the user.</td>
73 74
        </tr>
        <tr>
Chad Barb's avatar
Chad Barb committed
75
            <td><b>Nuke</b></td>
Jay Lepreau's avatar
Jay Lepreau committed
76 77
            <td>Nuke user application.  Kills user account, without
		notice to user.  Useful for
78 79 80
                bogus project applications.</td>
        </tr>
        <tr>
Chad Barb's avatar
Chad Barb committed
81
            <td><b>Approve</b></td>
82 83 84
            <td>Approve the user</td>
        </tr>
      </table>
Chad Barb's avatar
Chad Barb committed
85 86 87
      <br />
      <h4>You have the following choices for <b>Trust</b>:</h4>
      <table cellspacing=2 cellpadding=4 border=0>
88
        <tr>
Chad Barb's avatar
Chad Barb committed
89
            <td><b>User</b></td>
90 91 92
            <td>User may log into machines in your experiments</td>
        </tr>
        <tr>
Chad Barb's avatar
Chad Barb committed
93
            <td><b>Local Root</b></td>
94
            <td>User may create/destroy experiments in your project and
Jay Lepreau's avatar
Jay Lepreau committed
95
                has root privileges on machines in your experiments</td>
96
        </tr>
Leigh Stoller's avatar
Leigh Stoller committed
97
        <tr>
Chad Barb's avatar
Chad Barb committed
98
            <td><b>Group Root</b></td>
Leigh Stoller's avatar
Leigh Stoller committed
99 100 101 102 103 104
            <td>In addition to Local Root privileges, user may also
                approve new group members and 
                modify user info for other users within the group. This
                level of trust is typically given only to TAs and the
                like.</td>
        </tr>
105
      </table>
Chad Barb's avatar
Chad Barb committed
106
      <br />
107
      <b>Important group
108
       <a href='$WIKIDOCURL/Groups#SECURITY'>
109
       security issues</a> are discussed in the
110
       <a href='$WIKIDOCURL/Groups'>Groups Tutorial</a>.
111
      </b>
Chad Barb's avatar
Chad Barb committed
112
      </center><br />
113

114
      \n";
115 116 117 118 119 120

#
# Now build a table with a bunch of selections. The thing to note about the
# form inside this table is that the selection fields are constructed with
# name= on the fly, from the uid of the user to be approved. In other words:
#
Leigh Stoller's avatar
Leigh Stoller committed
121 122 123
#             uid     menu     project/group
#	name=stoller$$approval-testbed/testbed value=approved,denied,postpone
#	name=stoller$$trust-testbed/testbed value=user,local_root
124 125
#
# so that we can go through the entire list of post variables, looking
126
# for these. The alternative is to work backwards, and I do not like that.
127
# 
128 129
echo "<table width=\"100%\" border=2 cellpadding=2 cellspacing=2
       align=\"center\">\n";
130 131

echo "<tr>
132 133 134 135 136 137 138 139 140 141 142
          <th rowspan=2>User</th>
          <th rowspan=2>Project</th>
          <th rowspan=2>Group</th>
          <th rowspan=2>Date<br>Applied</th>
          <th rowspan=2>Action</th>
          <th rowspan=2>Trust</th>
          <th>Name</th>
          <th>Title</th>
          <th>Affil</th>
          <th>E-mail</th>
          <th>Phone</th>
143 144
      </tr>
      <tr>
Chad Barb's avatar
Chad Barb committed
145
          <th colspan=5>Address</th>
146 147
      </tr>\n";

148
echo "<form action='approveuser.php3' method='post'>\n";
149

150 151 152 153 154 155 156 157 158 159 160 161 162 163
while (list ($uid_idx, $grouplist) = each ($approvelist)) {
  if (! ($user = User::Lookup($uid_idx))) {
    TBERROR("Could not lookup user $uid_idx", 1);
  }

  # Iterate over groups for this user.
  for ($i = 0; $i < count($grouplist); $i++) {
    $group        = $grouplist[$i];
    
    $newuid       = $user->uid();
    $gid          = $group->gid();
    $gid_idx      = $group->gid_idx();
    $pid          = $group->pid();
    $pid_idx      = $group->pid_idx();
164 165 166
    $membership   = $group->MemberShipInfo($user);
    $trust        = $membership["trust"];
    $date_applied = $membership["date_applied"];
167 168 169 170 171 172 173

    #
    # Cause this field was added late and might be null.
    # 
    if (! $date_applied) {
	$date_applied = "--";
    }
174

175 176 177 178 179 180 181 182 183 184 185
    $name	= CleanString($user->name());
    $email	= CleanString($user->email());
    $title	= CleanString($user->title());
    $affil	= CleanString($user->affil());
    $addr	= CleanString($user->addr());
    $addr2	= CleanString($user->addr2());
    $city	= CleanString($user->city());
    $state	= CleanString($user->state());
    $zip	= CleanString($user->zip());
    $country	= CleanString($user->country());
    $phone	= CleanString($user->phone());
186

Chad Barb's avatar
Chad Barb committed
187
     echo "<tr>
188 189
              <td rowspan=2>$newuid</td>
              <td rowspan=2>$pid</td>
Leigh Stoller's avatar
Leigh Stoller committed
190
              <td rowspan=2>$gid</td>
191
              <td rowspan=2>$date_applied</td>
192
              <td rowspan=2>
193
                  <select name=\"U${uid_idx}\$\$approval-$pid/$gid\">
194 195 196 197
                          <option value='postpone'>Postpone </option>
                          <option value='approve'>Approve </option>
                          <option value='deny'>Deny </option>
                          <option value='nuke'>Nuke </option>
198 199 200
                  </select>
              </td>
              <td rowspan=2>
201
                  <select name=\"U${uid_idx}\$\$trust-$pid/$gid\">\n";
202 203
     
    if ($group->CheckTrustConsistency($user, TBDB_TRUSTSTRING_USER, 0)) {
Chad Barb's avatar
Chad Barb committed
204
	echo  "<option value='user'>User </option>\n";
Leigh Stoller's avatar
Leigh Stoller committed
205
    }
206
    if ($group->CheckTrustConsistency($user, TBDB_TRUSTSTRING_LOCALROOT, 0)) {
Chad Barb's avatar
Chad Barb committed
207 208
	# local_root means any root is valid.
        echo  "<option value='local_root'>Local Root </option>\n";
209 210 211

	# Allowed to set to group root?
	if ($group->AccessCheck($this_user, $TB_PROJECT_BESTOWGROUPROOT)) {
Chad Barb's avatar
Chad Barb committed
212 213
	    echo  "<option value='group_root'>Group Root </option>\n";
	}
Chad Barb's avatar
Chad Barb committed
214
    }	
Leigh Stoller's avatar
Leigh Stoller committed
215
    echo "        </select>
216 217 218 219 220 221 222 223 224
              </td>\n";

    echo "    <td>&nbsp;$name&nbsp;</td>
              <td>&nbsp;$title&nbsp;</td>
              <td>&nbsp;$affil&nbsp;</td>
              <td>&nbsp;$email&nbsp;</td>
              <td>&nbsp;$phone&nbsp;</td>
          </tr>\n";
    echo "<tr>
Chad Barb's avatar
Chad Barb committed
225 226 227 228 229
              <td colspan=5>&nbsp;$addr&nbsp;";
    if (strcmp($addr2,"")) { 
	echo "&nbsp;$addr2&nbsp;"; 
    }
    echo "                  &nbsp;$city&nbsp;
230
                            &nbsp;$state&nbsp;
Chad Barb's avatar
Chad Barb committed
231 232
                            &nbsp;$zip&nbsp;
                            &nbsp;$country&nbsp;</td>
233
          </tr>\n";
234
  }
235 236
}
echo "<tr>
Leigh Stoller's avatar
Leigh Stoller committed
237
          <td align=center colspan=11>
238 239 240
              <b><input type='submit' value='Submit' name='OK'></td>
      </tr>
      </form>
241 242 243 244 245 246
      </table>\n";

#
# Standard Testbed Footer
# 
PAGEFOOTER();
247
?>