Commit c108da6a authored by Leigh Stoller's avatar Leigh Stoller

Merge uuid-branch back to the head revision. This is the next step in

converting to locally unique ids and later globally unique ids.
parent 9855627f
......@@ -14,13 +14,13 @@ PAGEHEADER("New Project Approved");
#
# Only known and logged in users can do this.
#
$uid = GETLOGIN();
LOGGEDINORDIE($uid);
$this_user = CheckLoginOrDie();
$uid = $this_user->uid();
#
# Of course verify that this uid has admin privs!
#
$isadmin = ISADMIN($uid);
$isadmin = ISADMIN();
if (! $isadmin) {
USERERROR("You do not have admin privileges to approve projects!", 1);
}
......@@ -37,22 +37,27 @@ echo "<center><h1>
#
# Grab the head_uid for this project. This verifies it is a valid project.
#
$query_result =
DBQueryFatal("SELECT head_uid from projects where pid='$pid'");
if (($row = mysql_fetch_row($query_result)) == 0) {
if (! ($this_project = Project::Lookup($pid))) {
TBERROR("Unknown project $pid", 1);
}
$headuid = $row[0];
if (! ($leader = $this_project->GetLeader())) {
TBERROR("Error getting leader for $pid", 1);
}
$headuid = $this_project->head_uid();
#
# If the user wanted to change the head uid, do that now (we change both
# the head_uid and the leader of the default project)
#
if (isset($head_uid) && strcmp($head_uid,"")) {
if (isset($head_uid) && $head_uid != "") {
if (! ($newleader = User::Lookup($head_uid))) {
TBERROR("Unknown user $head_uid", 1);
}
if ($this_project->ChangeLeader($newleader) < 0) {
TBERROR("Error changing leader to $head_uid", 1);
}
$leader = $newleader;
$headuid = $head_uid;
DBQueryFatal("UPDATE projects set head_uid='$headuid' where pid='$pid'");
DBQueryFatal("UPDATE groups set leader='$headuid' where pid='$pid' and " .
"gid='$pid'");
}
if (!isset($user_interface) ||
......@@ -70,26 +75,16 @@ if (!isset($user_interface) ||
# and we will change it to "unapproved" or "active", respectively.
# If the status is "active", we leave it alone.
#
$query_result =
DBQueryFatal("SELECT status,usr_email,usr_name from users ".
"where uid='$headuid'");
if (mysql_num_rows($query_result) == 0) {
TBERROR("Unknown user $headuid", 1);
}
$row = mysql_fetch_row($query_result);
$curstatus = $row[0];
$headuid_email = $row[1];
$headname = $row[2];
$curstatus = $leader->status();
$headuid_email = $leader->email();
$headname = $leader->name();
#echo "Status = $curstatus, Email = $headuid_email<br>\n";
#
# Then we check that the headuid is really listed in the group_membership
# table (default group), just to be sure.
#
$query_result =
DBQueryFatal("SELECT trust from group_membership where ".
"uid='$headuid' and pid='$pid' and gid='$pid'");
if (mysql_num_rows($query_result) == 0) {
if (! $this_project->IsMember($leader, $ignore)) {
USERERROR("User $headuid is not the leader of project $pid.", 1);
}
......@@ -194,17 +189,14 @@ elseif (strcmp($approval, "approve") == 0) {
TBERROR("Invalid $headuid status $curstatus in ".
"approveproject.php3", 1);
}
DBQueryFatal("UPDATE users set status='$newstatus', ".
" user_interface='$user_interface' ".
"WHERE uid='$headuid'");
$leader->SetUserInterface($user_interface);
$leader->SetStatus($newstatus);
}
#
# Set the project "approved" field to true.
#
DBQueryFatal("update projects set approved='1', ".
" default_user_interface='$user_interface' ".
"where pid='$pid'");
$this_project->SetApproved(1);
#
# XXX
......@@ -223,8 +215,7 @@ elseif (strcmp($approval, "approve") == 0) {
}
if (count($pcremote_ok)) {
$foo = implode(",", $pcremote_ok);
DBQueryFatal("UPDATE projects set pcremote_ok='$foo' ".
"WHERE pid='$pid'");
$this_project->SetRemoteOK($foo);
}
#
......
......@@ -15,13 +15,13 @@ PAGEHEADER("New Project Approval");
#
# Only known and logged in users can do this.
#
$uid = GETLOGIN();
LOGGEDINORDIE($uid);
$this_user = CheckLoginOrDie();
$uid = $this_user->uid();
$isadmin = ISADMIN();
#
# Of course verify that this uid has admin privs!
#
$isadmin = ISADMIN($uid);
if (! $isadmin) {
USERERROR("You do not have admin privileges to approve projects!", 1);
}
......@@ -37,8 +37,8 @@ if (!isset($pid) ||
#
# Check to make sure thats this is a valid PID.
#
if (! TBValidProject($pid)) {
USERERROR("The project $pid is not a valid project.", 1);
if (! ($this_project = Project::Lookup($pid))) {
USERERROR("Unknown project $pid", 1);
}
echo "<center><h3>You have the following choices:</h3></center>
......@@ -79,19 +79,19 @@ echo "<center><h3>You have the following choices:</h3></center>
#
SHOWPROJECT($pid, $uid);
TBProjLeader($pid, $projleader);
$projleader = $this_project->GetLeader();
echo "<center>
<h3>Project Leader Information</h3>
</center>
<table align=center border=0>\n";
SHOWUSER($projleader);
SHOWUSER($projleader->uid());
#
# Check to make sure that the head user is 'unapproved' or 'active'
#
$headstatus = TBUserStatus($projleader);
$headstatus = $projleader->status();
if (!strcmp($headstatus,TBDB_USERSTATUS_UNAPPROVED) ||
!strcmp($headstatus,TBDB_USERSTATUS_ACTIVE)) {
$approvable = 1;
......@@ -136,7 +136,7 @@ echo "<tr>
</tr>\n";
#
# Allow the approver to change the project's head UID - gotta find everyone in
# Allow the approver to change the projects head UID - gotta find everyone in
# the default group, first
#
echo "<tr>
......@@ -144,12 +144,14 @@ echo "<tr>
Head UID:
<select name=head_uid>
<option value=''>(Unchanged)</option>";
$query_result =
DBQueryFatal("select uid from group_membership where pid='$pid' and " .
"gid='$pid'");
while ($row = mysql_fetch_array($query_result)) {
$thisuid = $row[uid];
echo " <option value='$thisuid'>$thisuid</option>\n";
$allmembers = $this_project->MemberList();
foreach ($allmembers as $other_user) {
$this_uid = $other_user->uid();
$this_webid = $other_user->webid();
echo " <option value='$this_webid'>$this_uid</option>\n";
}
echo " </select>
</td>
......
<?php
#
# EMULAB-COPYRIGHT
# Copyright (c) 2000-2004 University of Utah and the Flux Group.
# Copyright (c) 2000-2004, 2006 University of Utah and the Flux Group.
# All rights reserved.
#
include("defs.php3");
......@@ -14,13 +14,13 @@ PAGEHEADER("New Project Approval List");
#
# Only known and logged in users can do this. uid came in with the URI.
#
$uid = GETLOGIN();
LOGGEDINORDIE($uid);
$this_user = CheckLoginOrDie();
$uid = $this_user->uid();
#
# Of course verify that this uid has admin privs!
#
$isadmin = ISADMIN($uid);
$isadmin = ISADMIN();
if (! $isadmin) {
USERERROR("You do not have admin privileges to approve projects!", 1);
}
......@@ -32,7 +32,7 @@ if (! $isadmin) {
# implies denying the project leader account, when there is just a single
# project pending for that project leader.
#
$query_result = DBQueryFatal("SELECT *, ".
$query_result = DBQueryFatal("SELECT pid_idx, ".
" DATE_FORMAT(created, '%m/%d/%y') as day_created ".
" from projects ".
"where approved='0' order by created desc");
......@@ -64,36 +64,42 @@ echo "<tr>
</tr>\n";
while ($projectrow = mysql_fetch_array($query_result)) {
$pid = $projectrow[pid];
$headuid = $projectrow[head_uid];
$Purl = $projectrow[URL];
$Pname = $projectrow[name];
$Pcreated = $projectrow[day_created];
$pid_idx = $projectrow["pid_idx"];
$Pcreated = $projectrow["day_created"];
$userinfo_result =
DBQueryFatal("SELECT * from users where uid='$headuid'");
if (! ($project = Project::Lookup($pid_idx))) {
TBERROR("Could not lookup project $pid_idx", 1);
}
if (! ($leader = $project->GetLeader())) {
TBERROR("Could not get leader for project $pid_idx", 1);
}
$pid = $project->pid();
$Purl = $project->URL();
$Pname = $project->name();
$headuid = $leader->uid();
$name = $leader->name();
$email = $leader->email();
$title = $leader->title();
$affil = $leader->affil();
$phone = $leader->phone();
$status = $leader->status();
$row = mysql_fetch_array($userinfo_result);
$name = $row[usr_name];
$email = $row[usr_email];
$title = $row[usr_title];
$affil = $row[usr_affil];
$phone = $row[usr_phone];
$status = $row[status];
$apprproj_url = CreateURL("approveproject_form", $project);
$showproj_url = CreateURL("showproject", $project);
$showuser_url = CreateURL("showuser", $leader);
echo "<tr>
<td height=15 colspan=6></td>
</tr>
<tr>
<td align=center valign=center rowspan=2>
<A href='approveproject_form.php3?pid=$pid'>
<A href='$apprproj_url'>
<img alt=\"o\" src=\"redball.gif\"></A></td>
<td rowspan=2>
<A href='showproject.php3?pid=$pid'>$pid</A>
<A href='$showproj_url'>$pid</A>
<br>$Pcreated</td>
<td rowspan=2>
<A href='showuser.php3?target_uid=$headuid'>
$headuid</A></td>
<A href='$showuser_url'>$headuid</A></td>
<td>$name";
if ($status == TBDB_USERSTATUS_NEWUSER) {
echo " (<font color=red>unverified</font>)";
......
<?php
#
# EMULAB-COPYRIGHT
# Copyright (c) 2000-2003, 2005 University of Utah and the Flux Group.
# Copyright (c) 2000-2003, 2005, 2006 University of Utah and the Flux Group.
# All rights reserved.
#
include("defs.php3");
......@@ -12,10 +12,10 @@ include("defs.php3");
PAGEHEADER("New Users Approved");
#
# Only known and logged in users can be verified.
# Only known and logged in users.
#
$uid = GETLOGIN();
LOGGEDINORDIE($uid);
$this_user = CheckLoginOrDie();
$uid = $this_user->uid();
$projectchecks = array();
......@@ -92,34 +92,42 @@ while (list ($header, $value) = each ($HTTP_POST_VARS)) {
#
# Verify an actual user that is being approved.
#
if (! TBCurrentUser($user)) {
if (! ($target_user = User::Lookup($user))) {
TBERROR("Trying to approve unknown user $user.", 1);
}
# Ditto the project.
if (! ($target_project = Project::Lookup($project))) {
TBERROR("Trying to approve user into unknown project $project.", 1);
}
# Ditto the group.
if (! ($target_group = Group::LookupByPidGid($project, $group))) {
TBERROR("Trying to approve user into unknown group $group", 1);
}
#
# Check that the current uid has the necessary trust level
# to approver users in the project/group. Also, only project leaders
# can add someone to the default group as group_root.
#
if (! TBProjAccessCheck($uid, $project, $group, $TB_PROJECT_ADDUSER)) {
if (! $target_group->AccessCheck($this_user, $TB_PROJECT_ADDUSER)) {
USERERROR("You are not allowed to approve users in ".
"$project/$group!", 1);
}
if (strcmp($newtrust, "group_root") == 0 &&
strcmp($group, $project) == 0) {
if (! TBProjAccessCheck($uid, $project, $group,
$TB_PROJECT_BESTOWGROUPROOT)) {
USERERROR("You do not have permission to add new users with group ".
"root trust to the default group!", 1);
}
if ($newtrust == "group_root" && $project == $group &&
!$target_project->AccessCheck($this_user,
$TB_PROJECT_BESTOWGROUPROOT)) {
USERERROR("You do not have permission to add new users with group ".
"root trust to the default group!", 1);
}
#
# Check if already approved in the project/group. If already an
# approved member, something went wrong.
#
TBGroupMember($user, $project, $group, $isapproved);
$target_group->IsMember($target_user, $isapproved);
if ($isapproved) {
USERERROR("$user is already an approved member of ".
"$project/$group!", 1);
......@@ -146,12 +154,12 @@ while (list ($header, $value) = each ($HTTP_POST_VARS)) {
if (strcmp($project, $group) == 0 &&
(strcmp($approval, "deny") == 0 ||
strcmp($approval, "nuke") == 0)) {
$query_result =
DBQueryFatal("select gid from group_membership ".
"where uid='$user' and pid='$project' and pid!=gid");
while ($row = mysql_fetch_array($query_result)) {
$gid = $row[gid];
# List of subgroup membership in this project.
$grouplist = $target_project->GroupList($target_user);
foreach ($grouplist as $subgroup) {
$gid = $subgroup->gid();
#
# Create and indirect through post var for subgroup approval value.
......@@ -183,7 +191,7 @@ while (list ($header, $value) = each ($HTTP_POST_VARS)) {
if (strcmp($project, $group) == 0)
continue;
TBGroupMember($user, $project, $project, $isapproved);
$target_project->IsMember($target_user, $isapproved);
if ($isapproved)
continue;
......@@ -236,6 +244,14 @@ while (list ($user, $value) = each ($projectchecks)) {
#echo "$user $pid $gid $trust $foo $bar<br>\n";
if (! ($target_group = Group::LookupByPidGid($pid, $gid))) {
TBERROR("Could not find group object for $project/$group", 1);
}
if (! ($target_user = User::Lookup($user))) {
TBERROR("Could not find user object for $user", 1);
}
#
# This looks for different trust levels in different subgroups
# of the same project. We are only checking the form arguments
......@@ -258,8 +274,7 @@ while (list ($user, $value) = each ($projectchecks)) {
}
$pidlist[$pid] = $pid;
# Check vs. the database
TBCheckGroupTrustConsistency($user, $pid, $gid, $trust, 1);
$target_group->CheckTrustConsistency($target_user, $trust, 1);
}
reset($value);
......@@ -298,27 +313,32 @@ while (list ($header, $value) = each ($POST_VARS_COPY)) {
# and we will change it to "unapproved" or "active", respectively.
# If the status is "active", we leave it alone.
#
$query_result =
DBQueryFatal("SELECT status,usr_email,usr_name from users where ".
"uid='$user'");
if (mysql_num_rows($query_result) == 0) {
TBERROR("Unknown user $user", 1);
if (! ($target_user = User::Lookup($user))) {
TBERROR("Trying to approve unknown user $user.", 1);
}
$row = mysql_fetch_row($query_result);
$curstatus = $row[0];
$user_email = $row[1];
$user_name = $row[2];
$curstatus = $target_user->status();
$user_email = $target_user->email();
$user_name = $target_user->name();
#echo "Status = $curstatus, Email = $user_email<br>\n";
# Ditto the project and group
if (! ($target_project = Project::Lookup($project))) {
TBERROR("Trying to approve user into unknown project $project.", 1);
}
if (! ($target_group = Group::LookupByPidGid($project, $group))) {
TBERROR("Trying to approve user into unknown group $group", 1);
}
#
# Email info for current user.
#
TBUserInfo($uid, $uid_name, $uid_email);
#
$uid_name = $this_user->name();
$uid_email = $this_user->email();
#
# Email info for the proj/group leaders too.
#
$leaders = TBLeaderMailList($project,$group);
$leaders = $target_group->LeaderMailList();
#
# Well, looks like everything is okay. Change the project membership
......@@ -335,10 +355,7 @@ while (list ($header, $value) = each ($POST_VARS_COPY)) {
# Must delete the group_membership record since we require that the
# user reapply once denied. Send the luser email to let him know.
#
$query_result =
DBQueryFatal("delete from group_membership ".
"where uid='$user' and pid='$project' and ".
" gid='$group'");
$target_group->DeleteMember($target_user);
TBMAIL("$user_name '$user' <$user_email>",
"Membership Denied in '$project/$group'",
......@@ -365,21 +382,17 @@ while (list ($header, $value) = each ($POST_VARS_COPY)) {
# Must delete the group_membership record since we require that the
# user reapply once denied. Send the luser email to let him know.
#
$query_result =
DBQueryFatal("delete from group_membership ".
"where uid='$user' and pid='$project' and ".
" gid='$group'");
$target_group->DeleteMember($target_user);
#
# See if user is in any other projects (even unapproved).
#
$query_result =
DBQueryFatal("select * from group_membership where uid='$user'");
$project_list = $target_user->ProjectMembershipList();
#
# If yes, then we cannot safely delete the user account.
#
if (mysql_num_rows($query_result)) {
if (count($project_list)) {
echo "<p>
User $user was <b>denied</b> membership in $project/$group.
<br>
......@@ -436,11 +449,9 @@ while (list ($header, $value) = each ($POST_VARS_COPY)) {
}
if (!($user_interface = TBGetDefaultProjectUserInterface($project)))
$user_interface = TBDB_USER_INTERFACE_EMULAB;
DBQueryFatal("UPDATE users set ".
" status='$newstatus', ".
" user_interface='$user_interface' ".
"WHERE uid='$user'");
$target_user->SetUserInterface($user_interface);
$target_user->SetStatus($newstatus);
#
# Create user account on control node.
......
<?php
#
# EMULAB-COPYRIGHT
# Copyright (c) 2000-2003 University of Utah and the Flux Group.
# Copyright (c) 2000-2003, 2006 University of Utah and the Flux Group.
# All rights reserved.
#
include("defs.php3");
......@@ -9,13 +9,25 @@ include("defs.php3");
#
# Standard Testbed Header
#
PAGEHEADER("New Users Approval Form");
PAGEHEADER("New User Approval");
#
# Only known and logged in users can be verified.
#
$auth_usr = GETLOGIN();
LOGGEDINORDIE($auth_usr);
$this_user = CheckLoginOrDie();
$auth_usr = $this_user->uid();
$auth_usridx = $this_user->uid_idx();
#
# Find all of the groups that this person has project/group root in, and
# then in all of those groups, all of the people who are awaiting to be
# approved (status = none).
#
$approvelist = $this_user->ApprovalList(1);
if (count($approvelist) == 0) {
USERERROR("You have no new project members who need approval.", 1);
}
echo "
<h2>Approve new users in your Project or Group</h2>
......@@ -79,44 +91,6 @@ echo "
\n";
#
# Find all of the groups that this person has project/group root in, and
# then in all of those groups, all of the people who are awaiting to be
# approved (status = none).
#
# First off, just determine if this person has group/project root anywhere.
#
$query_result =
DBQueryFatal("SELECT pid FROM group_membership WHERE uid='$auth_usr' ".
"and (trust='group_root' or trust='project_root')");
if (mysql_num_rows($query_result) == 0) {
USERERROR("You do not have Root permissions in any Project or Group.", 1);
}
#
# Okay, so this operation sucks out the right people by joining the
# group_membership table with itself. Kinda obtuse if you are not a natural
# DB guy. Sorry. Well, obtuse to me.
#
$query_result =
DBQueryFatal("select g.* from group_membership as authed ".
"left join group_membership as g on ".
" g.pid=authed.pid and g.gid=authed.gid ".
"left join users as u on u.uid=g.uid ".
"where u.status!='".
TBDB_USERSTATUS_UNVERIFIED . "' and ".
" u.status!='" . TBDB_USERSTATUS_NEWUSER .
"' and g.uid!='$auth_usr' and ".
" g.trust='". TBDB_TRUSTSTRING_NONE . "' ".
" and authed.uid='$auth_usr' and ".
" (authed.trust='group_root' or ".
" authed.trust='project_root') ".
"ORDER BY g.uid,g.pid,g.gid");
if (mysql_num_rows($query_result) == 0) {
USERERROR("You have no new project members who need approval.", 1);
}
#
# Now build a table with a bunch of selections. The thing to note about the
# form inside this table is that the selection fields are constructed with
......@@ -151,11 +125,22 @@ echo "<tr>
echo "<form action='approveuser.php3' method='post'>\n";
while ($usersrow = mysql_fetch_array($query_result)) {
$newuid = $usersrow[uid];
$pid = $usersrow[pid];
$gid = $usersrow[gid];
$date_applied = $usersrow[date_applied];
while (list ($uid_idx, $grouplist) = each ($approvelist)) {
if (! ($user = User::Lookup($uid_idx))) {
TBERROR("Could not lookup user $uid_idx", 1);
}
# Iterate over groups for this user.
for ($i = 0; $i < count($grouplist); $i++) {
$group = $grouplist[$i];
$newuid = $user->uid();
$gid = $group->gid();
$gid_idx = $group->gid_idx();
$pid = $group->pid();
$pid_idx = $group->pid_idx();
$group->MemberShipInfo($user, $trust, $date_applied, $date_approved);
#
# Cause this field was added late and might be null.
......@@ -164,21 +149,17 @@ while ($usersrow = mysql_fetch_array($query_result)) {
$date_applied = "--";
}
$userinfo_result =
DBQueryFatal("SELECT * from users where uid='$newuid'");
$row = mysql_fetch_array($userinfo_result);
$name = $row[usr_name];
$email = $row[usr_email];
$title = $row[usr_title];
$affil = $row[usr_affil];
$addr = $row[usr_addr];
$addr2 = $row[usr_addr2];
$city = $row[usr_city];
$state = $row[usr_state];
$zip = $row[usr_zip];
$country = $row[usr_country];
$phone = $row[usr_phone];
$name = $user->name();
$email = $user->email();
$title = $user->title();
$affil = $user->affil();
$addr = $user->addr();
$addr2 = $user->addr2();
$city = $user->city();
$state = $user->state();
$zip = $user->zip();
$country = $user->country();
$phone = $user->phone();
echo "<tr>
<td rowspan=2>$newuid</td>
......@@ -195,14 +176,16 @@ while ($usersrow = mysql_fetch_array($query_result)) {
</td>
<td rowspan=2>
<select name=\"$newuid\$\$trust-$pid/$gid\">\n";
if (TBCheckGroupTrustConsistency($newuid, $pid, $gid, "user", 0)) {
if ($group->CheckTrustConsistency($user, TBDB_TRUSTSTRING_USER,