Commit c108da6a authored by Leigh Stoller's avatar Leigh Stoller

Merge uuid-branch back to the head revision. This is the next step in

converting to locally unique ids and later globally unique ids.
parent 9855627f
...@@ -14,13 +14,13 @@ PAGEHEADER("New Project Approved"); ...@@ -14,13 +14,13 @@ PAGEHEADER("New Project Approved");
# #
# Only known and logged in users can do this. # Only known and logged in users can do this.
# #
$uid = GETLOGIN(); $this_user = CheckLoginOrDie();
LOGGEDINORDIE($uid); $uid = $this_user->uid();
# #
# Of course verify that this uid has admin privs! # Of course verify that this uid has admin privs!
# #
$isadmin = ISADMIN($uid); $isadmin = ISADMIN();
if (! $isadmin) { if (! $isadmin) {
USERERROR("You do not have admin privileges to approve projects!", 1); USERERROR("You do not have admin privileges to approve projects!", 1);
} }
...@@ -37,22 +37,27 @@ echo "<center><h1> ...@@ -37,22 +37,27 @@ echo "<center><h1>
# #
# Grab the head_uid for this project. This verifies it is a valid project. # Grab the head_uid for this project. This verifies it is a valid project.
# #
$query_result = if (! ($this_project = Project::Lookup($pid))) {
DBQueryFatal("SELECT head_uid from projects where pid='$pid'");
if (($row = mysql_fetch_row($query_result)) == 0) {
TBERROR("Unknown project $pid", 1); TBERROR("Unknown project $pid", 1);
} }
$headuid = $row[0]; if (! ($leader = $this_project->GetLeader())) {
TBERROR("Error getting leader for $pid", 1);
}
$headuid = $this_project->head_uid();
# #
# If the user wanted to change the head uid, do that now (we change both # If the user wanted to change the head uid, do that now (we change both
# the head_uid and the leader of the default project) # the head_uid and the leader of the default project)
# #
if (isset($head_uid) && strcmp($head_uid,"")) { if (isset($head_uid) && $head_uid != "") {
if (! ($newleader = User::Lookup($head_uid))) {
TBERROR("Unknown user $head_uid", 1);
}
if ($this_project->ChangeLeader($newleader) < 0) {
TBERROR("Error changing leader to $head_uid", 1);
}
$leader = $newleader;
$headuid = $head_uid; $headuid = $head_uid;
DBQueryFatal("UPDATE projects set head_uid='$headuid' where pid='$pid'");
DBQueryFatal("UPDATE groups set leader='$headuid' where pid='$pid' and " .
"gid='$pid'");
} }
if (!isset($user_interface) || if (!isset($user_interface) ||
...@@ -70,26 +75,16 @@ if (!isset($user_interface) || ...@@ -70,26 +75,16 @@ if (!isset($user_interface) ||
# and we will change it to "unapproved" or "active", respectively. # and we will change it to "unapproved" or "active", respectively.
# If the status is "active", we leave it alone. # If the status is "active", we leave it alone.
# #
$query_result = $curstatus = $leader->status();
DBQueryFatal("SELECT status,usr_email,usr_name from users ". $headuid_email = $leader->email();
"where uid='$headuid'"); $headname = $leader->name();
if (mysql_num_rows($query_result) == 0) {
TBERROR("Unknown user $headuid", 1);
}
$row = mysql_fetch_row($query_result);
$curstatus = $row[0];
$headuid_email = $row[1];
$headname = $row[2];
#echo "Status = $curstatus, Email = $headuid_email<br>\n"; #echo "Status = $curstatus, Email = $headuid_email<br>\n";
# #
# Then we check that the headuid is really listed in the group_membership # Then we check that the headuid is really listed in the group_membership
# table (default group), just to be sure. # table (default group), just to be sure.
# #
$query_result = if (! $this_project->IsMember($leader, $ignore)) {
DBQueryFatal("SELECT trust from group_membership where ".
"uid='$headuid' and pid='$pid' and gid='$pid'");
if (mysql_num_rows($query_result) == 0) {
USERERROR("User $headuid is not the leader of project $pid.", 1); USERERROR("User $headuid is not the leader of project $pid.", 1);
} }
...@@ -194,17 +189,14 @@ elseif (strcmp($approval, "approve") == 0) { ...@@ -194,17 +189,14 @@ elseif (strcmp($approval, "approve") == 0) {
TBERROR("Invalid $headuid status $curstatus in ". TBERROR("Invalid $headuid status $curstatus in ".
"approveproject.php3", 1); "approveproject.php3", 1);
} }
DBQueryFatal("UPDATE users set status='$newstatus', ". $leader->SetUserInterface($user_interface);
" user_interface='$user_interface' ". $leader->SetStatus($newstatus);
"WHERE uid='$headuid'");
} }
# #
# Set the project "approved" field to true. # Set the project "approved" field to true.
# #
DBQueryFatal("update projects set approved='1', ". $this_project->SetApproved(1);
" default_user_interface='$user_interface' ".
"where pid='$pid'");
# #
# XXX # XXX
...@@ -223,8 +215,7 @@ elseif (strcmp($approval, "approve") == 0) { ...@@ -223,8 +215,7 @@ elseif (strcmp($approval, "approve") == 0) {
} }
if (count($pcremote_ok)) { if (count($pcremote_ok)) {
$foo = implode(",", $pcremote_ok); $foo = implode(",", $pcremote_ok);
DBQueryFatal("UPDATE projects set pcremote_ok='$foo' ". $this_project->SetRemoteOK($foo);
"WHERE pid='$pid'");
} }
# #
......
...@@ -15,13 +15,13 @@ PAGEHEADER("New Project Approval"); ...@@ -15,13 +15,13 @@ PAGEHEADER("New Project Approval");
# #
# Only known and logged in users can do this. # Only known and logged in users can do this.
# #
$uid = GETLOGIN(); $this_user = CheckLoginOrDie();
LOGGEDINORDIE($uid); $uid = $this_user->uid();
$isadmin = ISADMIN();
# #
# Of course verify that this uid has admin privs! # Of course verify that this uid has admin privs!
# #
$isadmin = ISADMIN($uid);
if (! $isadmin) { if (! $isadmin) {
USERERROR("You do not have admin privileges to approve projects!", 1); USERERROR("You do not have admin privileges to approve projects!", 1);
} }
...@@ -37,8 +37,8 @@ if (!isset($pid) || ...@@ -37,8 +37,8 @@ if (!isset($pid) ||
# #
# Check to make sure thats this is a valid PID. # Check to make sure thats this is a valid PID.
# #
if (! TBValidProject($pid)) { if (! ($this_project = Project::Lookup($pid))) {
USERERROR("The project $pid is not a valid project.", 1); USERERROR("Unknown project $pid", 1);
} }
echo "<center><h3>You have the following choices:</h3></center> echo "<center><h3>You have the following choices:</h3></center>
...@@ -79,19 +79,19 @@ echo "<center><h3>You have the following choices:</h3></center> ...@@ -79,19 +79,19 @@ echo "<center><h3>You have the following choices:</h3></center>
# #
SHOWPROJECT($pid, $uid); SHOWPROJECT($pid, $uid);
TBProjLeader($pid, $projleader); $projleader = $this_project->GetLeader();
echo "<center> echo "<center>
<h3>Project Leader Information</h3> <h3>Project Leader Information</h3>
</center> </center>
<table align=center border=0>\n"; <table align=center border=0>\n";
SHOWUSER($projleader); SHOWUSER($projleader->uid());
# #
# Check to make sure that the head user is 'unapproved' or 'active' # Check to make sure that the head user is 'unapproved' or 'active'
# #
$headstatus = TBUserStatus($projleader); $headstatus = $projleader->status();
if (!strcmp($headstatus,TBDB_USERSTATUS_UNAPPROVED) || if (!strcmp($headstatus,TBDB_USERSTATUS_UNAPPROVED) ||
!strcmp($headstatus,TBDB_USERSTATUS_ACTIVE)) { !strcmp($headstatus,TBDB_USERSTATUS_ACTIVE)) {
$approvable = 1; $approvable = 1;
...@@ -136,7 +136,7 @@ echo "<tr> ...@@ -136,7 +136,7 @@ echo "<tr>
</tr>\n"; </tr>\n";
# #
# Allow the approver to change the project's head UID - gotta find everyone in # Allow the approver to change the projects head UID - gotta find everyone in
# the default group, first # the default group, first
# #
echo "<tr> echo "<tr>
...@@ -144,12 +144,14 @@ echo "<tr> ...@@ -144,12 +144,14 @@ echo "<tr>
Head UID: Head UID:
<select name=head_uid> <select name=head_uid>
<option value=''>(Unchanged)</option>"; <option value=''>(Unchanged)</option>";
$query_result =
DBQueryFatal("select uid from group_membership where pid='$pid' and " . $allmembers = $this_project->MemberList();
"gid='$pid'");
while ($row = mysql_fetch_array($query_result)) { foreach ($allmembers as $other_user) {
$thisuid = $row[uid]; $this_uid = $other_user->uid();
echo " <option value='$thisuid'>$thisuid</option>\n"; $this_webid = $other_user->webid();
echo " <option value='$this_webid'>$this_uid</option>\n";
} }
echo " </select> echo " </select>
</td> </td>
......
<?php <?php
# #
# EMULAB-COPYRIGHT # EMULAB-COPYRIGHT
# Copyright (c) 2000-2004 University of Utah and the Flux Group. # Copyright (c) 2000-2004, 2006 University of Utah and the Flux Group.
# All rights reserved. # All rights reserved.
# #
include("defs.php3"); include("defs.php3");
...@@ -14,13 +14,13 @@ PAGEHEADER("New Project Approval List"); ...@@ -14,13 +14,13 @@ PAGEHEADER("New Project Approval List");
# #
# Only known and logged in users can do this. uid came in with the URI. # Only known and logged in users can do this. uid came in with the URI.
# #
$uid = GETLOGIN(); $this_user = CheckLoginOrDie();
LOGGEDINORDIE($uid); $uid = $this_user->uid();
# #
# Of course verify that this uid has admin privs! # Of course verify that this uid has admin privs!
# #
$isadmin = ISADMIN($uid); $isadmin = ISADMIN();
if (! $isadmin) { if (! $isadmin) {
USERERROR("You do not have admin privileges to approve projects!", 1); USERERROR("You do not have admin privileges to approve projects!", 1);
} }
...@@ -32,7 +32,7 @@ if (! $isadmin) { ...@@ -32,7 +32,7 @@ if (! $isadmin) {
# implies denying the project leader account, when there is just a single # implies denying the project leader account, when there is just a single
# project pending for that project leader. # project pending for that project leader.
# #
$query_result = DBQueryFatal("SELECT *, ". $query_result = DBQueryFatal("SELECT pid_idx, ".
" DATE_FORMAT(created, '%m/%d/%y') as day_created ". " DATE_FORMAT(created, '%m/%d/%y') as day_created ".
" from projects ". " from projects ".
"where approved='0' order by created desc"); "where approved='0' order by created desc");
...@@ -64,36 +64,42 @@ echo "<tr> ...@@ -64,36 +64,42 @@ echo "<tr>
</tr>\n"; </tr>\n";
while ($projectrow = mysql_fetch_array($query_result)) { while ($projectrow = mysql_fetch_array($query_result)) {
$pid = $projectrow[pid]; $pid_idx = $projectrow["pid_idx"];
$headuid = $projectrow[head_uid]; $Pcreated = $projectrow["day_created"];
$Purl = $projectrow[URL];
$Pname = $projectrow[name];
$Pcreated = $projectrow[day_created];
$userinfo_result = if (! ($project = Project::Lookup($pid_idx))) {
DBQueryFatal("SELECT * from users where uid='$headuid'"); TBERROR("Could not lookup project $pid_idx", 1);
}
if (! ($leader = $project->GetLeader())) {
TBERROR("Could not get leader for project $pid_idx", 1);
}
$pid = $project->pid();
$Purl = $project->URL();
$Pname = $project->name();
$headuid = $leader->uid();
$name = $leader->name();
$email = $leader->email();
$title = $leader->title();
$affil = $leader->affil();
$phone = $leader->phone();
$status = $leader->status();
$row = mysql_fetch_array($userinfo_result); $apprproj_url = CreateURL("approveproject_form", $project);
$name = $row[usr_name]; $showproj_url = CreateURL("showproject", $project);
$email = $row[usr_email]; $showuser_url = CreateURL("showuser", $leader);
$title = $row[usr_title];
$affil = $row[usr_affil];
$phone = $row[usr_phone];
$status = $row[status];
echo "<tr> echo "<tr>
<td height=15 colspan=6></td> <td height=15 colspan=6></td>
</tr> </tr>
<tr> <tr>
<td align=center valign=center rowspan=2> <td align=center valign=center rowspan=2>
<A href='approveproject_form.php3?pid=$pid'> <A href='$apprproj_url'>
<img alt=\"o\" src=\"redball.gif\"></A></td> <img alt=\"o\" src=\"redball.gif\"></A></td>
<td rowspan=2> <td rowspan=2>
<A href='showproject.php3?pid=$pid'>$pid</A> <A href='$showproj_url'>$pid</A>
<br>$Pcreated</td> <br>$Pcreated</td>
<td rowspan=2> <td rowspan=2>
<A href='showuser.php3?target_uid=$headuid'> <A href='$showuser_url'>$headuid</A></td>
$headuid</A></td>
<td>$name"; <td>$name";
if ($status == TBDB_USERSTATUS_NEWUSER) { if ($status == TBDB_USERSTATUS_NEWUSER) {
echo " (<font color=red>unverified</font>)"; echo " (<font color=red>unverified</font>)";
......
<?php <?php
# #
# EMULAB-COPYRIGHT # EMULAB-COPYRIGHT
# Copyright (c) 2000-2003, 2005 University of Utah and the Flux Group. # Copyright (c) 2000-2003, 2005, 2006 University of Utah and the Flux Group.
# All rights reserved. # All rights reserved.
# #
include("defs.php3"); include("defs.php3");
...@@ -12,10 +12,10 @@ include("defs.php3"); ...@@ -12,10 +12,10 @@ include("defs.php3");
PAGEHEADER("New Users Approved"); PAGEHEADER("New Users Approved");
# #
# Only known and logged in users can be verified. # Only known and logged in users.
# #
$uid = GETLOGIN(); $this_user = CheckLoginOrDie();
LOGGEDINORDIE($uid); $uid = $this_user->uid();
$projectchecks = array(); $projectchecks = array();
...@@ -92,34 +92,42 @@ while (list ($header, $value) = each ($HTTP_POST_VARS)) { ...@@ -92,34 +92,42 @@ while (list ($header, $value) = each ($HTTP_POST_VARS)) {
# #
# Verify an actual user that is being approved. # Verify an actual user that is being approved.
# #
if (! TBCurrentUser($user)) { if (! ($target_user = User::Lookup($user))) {
TBERROR("Trying to approve unknown user $user.", 1); TBERROR("Trying to approve unknown user $user.", 1);
} }
# Ditto the project.
if (! ($target_project = Project::Lookup($project))) {
TBERROR("Trying to approve user into unknown project $project.", 1);
}
# Ditto the group.
if (! ($target_group = Group::LookupByPidGid($project, $group))) {
TBERROR("Trying to approve user into unknown group $group", 1);
}
# #
# Check that the current uid has the necessary trust level # Check that the current uid has the necessary trust level
# to approver users in the project/group. Also, only project leaders # to approver users in the project/group. Also, only project leaders
# can add someone to the default group as group_root. # can add someone to the default group as group_root.
# #
if (! TBProjAccessCheck($uid, $project, $group, $TB_PROJECT_ADDUSER)) { if (! $target_group->AccessCheck($this_user, $TB_PROJECT_ADDUSER)) {
USERERROR("You are not allowed to approve users in ". USERERROR("You are not allowed to approve users in ".
"$project/$group!", 1); "$project/$group!", 1);
} }
if (strcmp($newtrust, "group_root") == 0 && if ($newtrust == "group_root" && $project == $group &&
strcmp($group, $project) == 0) { !$target_project->AccessCheck($this_user,
if (! TBProjAccessCheck($uid, $project, $group, $TB_PROJECT_BESTOWGROUPROOT)) {
$TB_PROJECT_BESTOWGROUPROOT)) { USERERROR("You do not have permission to add new users with group ".
USERERROR("You do not have permission to add new users with group ". "root trust to the default group!", 1);
"root trust to the default group!", 1);
}
} }
# #
# Check if already approved in the project/group. If already an # Check if already approved in the project/group. If already an
# approved member, something went wrong. # approved member, something went wrong.
# #
TBGroupMember($user, $project, $group, $isapproved); $target_group->IsMember($target_user, $isapproved);
if ($isapproved) { if ($isapproved) {
USERERROR("$user is already an approved member of ". USERERROR("$user is already an approved member of ".
"$project/$group!", 1); "$project/$group!", 1);
...@@ -146,12 +154,12 @@ while (list ($header, $value) = each ($HTTP_POST_VARS)) { ...@@ -146,12 +154,12 @@ while (list ($header, $value) = each ($HTTP_POST_VARS)) {
if (strcmp($project, $group) == 0 && if (strcmp($project, $group) == 0 &&
(strcmp($approval, "deny") == 0 || (strcmp($approval, "deny") == 0 ||
strcmp($approval, "nuke") == 0)) { strcmp($approval, "nuke") == 0)) {
$query_result =
DBQueryFatal("select gid from group_membership ". # List of subgroup membership in this project.
"where uid='$user' and pid='$project' and pid!=gid"); $grouplist = $target_project->GroupList($target_user);
while ($row = mysql_fetch_array($query_result)) { foreach ($grouplist as $subgroup) {
$gid = $row[gid]; $gid = $subgroup->gid();
# #
# Create and indirect through post var for subgroup approval value. # Create and indirect through post var for subgroup approval value.
...@@ -183,7 +191,7 @@ while (list ($header, $value) = each ($HTTP_POST_VARS)) { ...@@ -183,7 +191,7 @@ while (list ($header, $value) = each ($HTTP_POST_VARS)) {
if (strcmp($project, $group) == 0) if (strcmp($project, $group) == 0)
continue; continue;
TBGroupMember($user, $project, $project, $isapproved); $target_project->IsMember($target_user, $isapproved);
if ($isapproved) if ($isapproved)
continue; continue;
...@@ -236,6 +244,14 @@ while (list ($user, $value) = each ($projectchecks)) { ...@@ -236,6 +244,14 @@ while (list ($user, $value) = each ($projectchecks)) {
#echo "$user $pid $gid $trust $foo $bar<br>\n"; #echo "$user $pid $gid $trust $foo $bar<br>\n";
if (! ($target_group = Group::LookupByPidGid($pid, $gid))) {
TBERROR("Could not find group object for $project/$group", 1);
}
if (! ($target_user = User::Lookup($user))) {
TBERROR("Could not find user object for $user", 1);
}
# #
# This looks for different trust levels in different subgroups # This looks for different trust levels in different subgroups
# of the same project. We are only checking the form arguments # of the same project. We are only checking the form arguments
...@@ -258,8 +274,7 @@ while (list ($user, $value) = each ($projectchecks)) { ...@@ -258,8 +274,7 @@ while (list ($user, $value) = each ($projectchecks)) {
} }
$pidlist[$pid] = $pid; $pidlist[$pid] = $pid;
# Check vs. the database $target_group->CheckTrustConsistency($target_user, $trust, 1);
TBCheckGroupTrustConsistency($user, $pid, $gid, $trust, 1);
} }
reset($value); reset($value);
...@@ -298,27 +313,32 @@ while (list ($header, $value) = each ($POST_VARS_COPY)) { ...@@ -298,27 +313,32 @@ while (list ($header, $value) = each ($POST_VARS_COPY)) {
# and we will change it to "unapproved" or "active", respectively. # and we will change it to "unapproved" or "active", respectively.
# If the status is "active", we leave it alone. # If the status is "active", we leave it alone.
# #
$query_result = if (! ($target_user = User::Lookup($user))) {
DBQueryFatal("SELECT status,usr_email,usr_name from users where ". TBERROR("Trying to approve unknown user $user.", 1);
"uid='$user'");
if (mysql_num_rows($query_result) == 0) {
TBERROR("Unknown user $user", 1);
} }
$row = mysql_fetch_row($query_result); $curstatus = $target_user->status();
$curstatus = $row[0]; $user_email = $target_user->email();
$user_email = $row[1]; $user_name = $target_user->name();
$user_name = $row[2];
#echo "Status = $curstatus, Email = $user_email<br>\n"; #echo "Status = $curstatus, Email = $user_email<br>\n";
# Ditto the project and group
if (! ($target_project = Project::Lookup($project))) {
TBERROR("Trying to approve user into unknown project $project.", 1);
}
if (! ($target_group = Group::LookupByPidGid($project, $group))) {
TBERROR("Trying to approve user into unknown group $group", 1);
}
# #
# Email info for current user. # Email info for current user.
# #
TBUserInfo($uid, $uid_name, $uid_email); $uid_name = $this_user->name();
$uid_email = $this_user->email();
# #
# Email info for the proj/group leaders too. # Email info for the proj/group leaders too.
# #
$leaders = TBLeaderMailList($project,$group); $leaders = $target_group->LeaderMailList();
# #
# Well, looks like everything is okay. Change the project membership # Well, looks like everything is okay. Change the project membership
...@@ -335,10 +355,7 @@ while (list ($header, $value) = each ($POST_VARS_COPY)) { ...@@ -335,10 +355,7 @@ while (list ($header, $value) = each ($POST_VARS_COPY)) {
# Must delete the group_membership record since we require that the # Must delete the group_membership record since we require that the
# user reapply once denied. Send the luser email to let him know. # user reapply once denied. Send the luser email to let him know.
# #
$query_result = $target_group->DeleteMember($target_user);
DBQueryFatal("delete from group_membership ".
"where uid='$user' and pid='$project' and ".
" gid='$group'");
TBMAIL("$user_name '$user' <$user_email>", TBMAIL("$user_name '$user' <$user_email>",
"Membership Denied in '$project/$group'", "Membership Denied in '$project/$group'",
...@@ -365,21 +382,17 @@ while (list ($header, $value) = each ($POST_VARS_COPY)) { ...@@ -365,21 +382,17 @@ while (list ($header, $value) = each ($POST_VARS_COPY)) {
# Must delete the group_membership record since we require that the # Must delete the group_membership record since we require that the
# user reapply once denied. Send the luser email to let him know. # user reapply once denied. Send the luser email to let him know.
# #
$query_result = $target_group->DeleteMember($target_user);
DBQueryFatal("delete from group_membership ".
"where uid='$user' and pid='$project' and ".
" gid='$group'");
# #
# See if user is in any other projects (even unapproved). # See if user is in any other projects (even unapproved).
# #
$query_result = $project_list = $target_user->ProjectMembershipList();
DBQueryFatal("select * from group_membership where uid='$user'");
# #
# If yes, then we cannot safely delete the user account. # If yes, then we cannot safely delete the user account.
# #
if (mysql_num_rows($query_result)) { if (count($project_list)) {
echo "<p> echo "<p>
User $user was <b>denied</b> membership in $project/$group.