Skip to content

emulab-devel
emulab-devel
Commit c108da6a authored by Leigh Stoller's avatar Leigh Stoller
Browse files
Options

Merge uuid-branch back to the head revision. This is the next step in 

converting to locally unique ids and later globally unique ids.
parent 9855627f
Expand all Hide whitespace changes
Inline Side-by-side
Showing with 3668 additions and 2917 deletions
www/approveproject.php3
View file @ c108da6a
......@@ -14,13 +14,13 @@ PAGEHEADER("New Project Approved");
#
# Only known and logged in users can do this.
#
$uid = GETLOGIN();
LOGGEDINORDIE($uid);
$this_user = CheckLoginOrDie();
$uid = $this_user->uid();
#
# Of course verify that this uid has admin privs!
#
$isadmin = ISADMIN($uid);
$isadmin = ISADMIN();
if (! $isadmin) {
USERERROR("You do not have admin privileges to approve projects!", 1);
}
......@@ -37,22 +37,27 @@ echo "<center><h1>
#
# Grab the head_uid for this project. This verifies it is a valid project.
#
$query_result =
DBQueryFatal("SELECT head_uid from projects where pid='$pid'");
if (($row = mysql_fetch_row($query_result)) == 0) {
if (! ($this_project = Project::Lookup($pid))) {
TBERROR("Unknown project $pid", 1);
}
$headuid = $row[0];
if (! ($leader = $this_project->GetLeader())) {
TBERROR("Error getting leader for $pid", 1);
}
$headuid = $this_project->head_uid();
#
# If the user wanted to change the head uid, do that now (we change both
# the head_uid and the leader of the default project)
#
if (isset($head_uid) && strcmp($head_uid,"")) {
if (isset($head_uid) && $head_uid != "") {
if (! ($newleader = User::Lookup($head_uid))) {
TBERROR("Unknown user $head_uid", 1);
}
if ($this_project->ChangeLeader($newleader) < 0) {
TBERROR("Error changing leader to $head_uid", 1);
}
$leader = $newleader;
$headuid = $head_uid;
DBQueryFatal("UPDATE projects set head_uid='$headuid' where pid='$pid'");
DBQueryFatal("UPDATE groups set leader='$headuid' where pid='$pid' and " .
"gid='$pid'");
}
if (!isset($user_interface) ||
......@@ -70,26 +75,16 @@ if (!isset($user_interface) ||
# and we will change it to "unapproved" or "active", respectively.
# If the status is "active", we leave it alone.
#
$query_result =
DBQueryFatal("SELECT status,usr_email,usr_name from users ".
"where uid='$headuid'");
if (mysql_num_rows($query_result) == 0) {
TBERROR("Unknown user $headuid", 1);
}
$row = mysql_fetch_row($query_result);
$curstatus = $row[0];
$headuid_email = $row[1];
$headname = $row[2];
$curstatus = $leader->status();
$headuid_email = $leader->email();
$headname = $leader->name();
#echo "Status = $curstatus, Email = $headuid_email<br>\n";
#
# Then we check that the headuid is really listed in the group_membership
# table (default group), just to be sure.
#
$query_result =
DBQueryFatal("SELECT trust from group_membership where ".
"uid='$headuid' and pid='$pid' and gid='$pid'");
if (mysql_num_rows($query_result) == 0) {
if (! $this_project->IsMember($leader, $ignore)) {
USERERROR("User $headuid is not the leader of project $pid.", 1);
}
......@@ -194,17 +189,14 @@ elseif (strcmp($approval, "approve") == 0) {
TBERROR("Invalid $headuid status $curstatus in ".
"approveproject.php3", 1);
}
DBQueryFatal("UPDATE users set status='$newstatus', ".
" user_interface='$user_interface' ".
"WHERE uid='$headuid'");
$leader->SetUserInterface($user_interface);
$leader->SetStatus($newstatus);
}
#
# Set the project "approved" field to true.
#
DBQueryFatal("update projects set approved='1', ".
" default_user_interface='$user_interface' ".
"where pid='$pid'");
$this_project->SetApproved(1);
#
# XXX
......@@ -223,8 +215,7 @@ elseif (strcmp($approval, "approve") == 0) {
}
if (count($pcremote_ok)) {
$foo = implode(",", $pcremote_ok);
DBQueryFatal("UPDATE projects set pcremote_ok='$foo' ".
"WHERE pid='$pid'");
$this_project->SetRemoteOK($foo);
}
#
......
www/approveproject_form.php3
View file @ c108da6a
......@@ -15,13 +15,13 @@ PAGEHEADER("New Project Approval");
#
# Only known and logged in users can do this.
#
$uid = GETLOGIN();
LOGGEDINORDIE($uid);
$this_user = CheckLoginOrDie();
$uid = $this_user->uid();
$isadmin = ISADMIN();
#
# Of course verify that this uid has admin privs!
#
$isadmin = ISADMIN($uid);
if (! $isadmin) {
USERERROR("You do not have admin privileges to approve projects!", 1);
}
......@@ -37,8 +37,8 @@ if (!isset($pid) ||
#
# Check to make sure thats this is a valid PID.
#
if (! TBValidProject($pid)) {
USERERROR("The project $pid is not a valid project.", 1);
if (! ($this_project = Project::Lookup($pid))) {
USERERROR("Unknown project $pid", 1);
}
echo "<center><h3>You have the following choices:</h3></center>
......@@ -79,19 +79,19 @@ echo "<center><h3>You have the following choices:</h3></center>
#
SHOWPROJECT($pid, $uid);
TBProjLeader($pid, $projleader);
$projleader = $this_project->GetLeader();
echo "<center>
<h3>Project Leader Information</h3>
</center>
<table align=center border=0>\n";
SHOWUSER($projleader);
SHOWUSER($projleader->uid());
#
# Check to make sure that the head user is 'unapproved' or 'active'
#
$headstatus = TBUserStatus($projleader);
$headstatus = $projleader->status();
if (!strcmp($headstatus,TBDB_USERSTATUS_UNAPPROVED) ||
!strcmp($headstatus,TBDB_USERSTATUS_ACTIVE)) {
$approvable = 1;
......@@ -136,7 +136,7 @@ echo "<tr>
</tr>\n";
#
# Allow the approver to change the project's head UID - gotta find everyone in
# Allow the approver to change the projects head UID - gotta find everyone in
# the default group, first
#
echo "<tr>
......@@ -144,12 +144,14 @@ echo "<tr>
Head UID:
<select name=head_uid>
<option value=''>(Unchanged)</option>";
$query_result =
DBQueryFatal("select uid from group_membership where pid='$pid' and " .
"gid='$pid'");
while ($row = mysql_fetch_array($query_result)) {
$thisuid = $row[uid];
echo " <option value='$thisuid'>$thisuid</option>\n";
$allmembers = $this_project->MemberList();
foreach ($allmembers as $other_user) {
$this_uid = $other_user->uid();
$this_webid = $other_user->webid();
echo " <option value='$this_webid'>$this_uid</option>\n";
}
echo " </select>
</td>
......
www/approveproject_list.php3
View file @ c108da6a
<?php
#
# EMULAB-COPYRIGHT
# Copyright (c) 2000-2004 University of Utah and the Flux Group.
# Copyright (c) 2000-2004, 2006 University of Utah and the Flux Group.
# All rights reserved.
#
include("defs.php3");
......@@ -14,13 +14,13 @@ PAGEHEADER("New Project Approval List");
#
# Only known and logged in users can do this. uid came in with the URI.
#
$uid = GETLOGIN();
LOGGEDINORDIE($uid);
$this_user = CheckLoginOrDie();
$uid = $this_user->uid();
#
# Of course verify that this uid has admin privs!
#
$isadmin = ISADMIN($uid);
$isadmin = ISADMIN();
if (! $isadmin) {
USERERROR("You do not have admin privileges to approve projects!", 1);
}
......@@ -32,7 +32,7 @@ if (! $isadmin) {
# implies denying the project leader account, when there is just a single
# project pending for that project leader.
#
$query_result = DBQueryFatal("SELECT *, ".
$query_result = DBQueryFatal("SELECT pid_idx, ".
" DATE_FORMAT(created, '%m/%d/%y') as day_created ".
" from projects ".
"where approved='0' order by created desc");
......@@ -64,36 +64,42 @@ echo "<tr>
</tr>\n";
while ($projectrow = mysql_fetch_array($query_result)) {
$pid = $projectrow[pid];
$headuid = $projectrow[head_uid];
$Purl = $projectrow[URL];
$Pname = $projectrow[name];
$Pcreated = $projectrow[day_created];
$pid_idx = $projectrow["pid_idx"];
$Pcreated = $projectrow["day_created"];
$userinfo_result =
DBQueryFatal("SELECT * from users where uid='$headuid'");
if (! ($project = Project::Lookup($pid_idx))) {
TBERROR("Could not lookup project $pid_idx", 1);
}
if (! ($leader = $project->GetLeader())) {
TBERROR("Could not get leader for project $pid_idx", 1);
}
$pid = $project->pid();
$Purl = $project->URL();
$Pname = $project->name();
$headuid = $leader->uid();
$name = $leader->name();
$email = $leader->email();
$title = $leader->title();
$affil = $leader->affil();
$phone = $leader->phone();
$status = $leader->status();
$row = mysql_fetch_array($userinfo_result);
$name = $row[usr_name];
$email = $row[usr_email];
$title = $row[usr_title];
$affil = $row[usr_affil];
$phone = $row[usr_phone];
$status = $row[status];
$apprproj_url = CreateURL("approveproject_form", $project);
$showproj_url = CreateURL("showproject", $project);
$showuser_url = CreateURL("showuser", $leader);
echo "<tr>
<td height=15 colspan=6></td>
</tr>
<tr>
<td align=center valign=center rowspan=2>
<A href='approveproject_form.php3?pid=$pid'>
<A href='$apprproj_url'>
<img alt=\"o\" src=\"redball.gif\"></A></td>
<td rowspan=2>
<A href='showproject.php3?pid=$pid'>$pid</A>
<A href='$showproj_url'>$pid</A>
<br>$Pcreated</td>
<td rowspan=2>
<A href='showuser.php3?target_uid=$headuid'>
$headuid</A></td>
<A href='$showuser_url'>$headuid</A></td>
<td>$name";
if ($status == TBDB_USERSTATUS_NEWUSER) {
echo " (<font color=red>unverified</font>)";
......
www/approveuser.php3
View file @ c108da6a
<?php
#
# EMULAB-COPYRIGHT
# Copyright (c) 2000-2003, 2005 University of Utah and the Flux Group.
# Copyright (c) 2000-2003, 2005, 2006 University of Utah and the Flux Group.
# All rights reserved.
#
include("defs.php3");
......@@ -12,10 +12,10 @@ include("defs.php3");
PAGEHEADER("New Users Approved");
#
# Only known and logged in users can be verified.
# Only known and logged in users.
#
$uid = GETLOGIN();
LOGGEDINORDIE($uid);
$this_user = CheckLoginOrDie();
$uid = $this_user->uid();
$projectchecks = array();
......@@ -92,34 +92,42 @@ while (list ($header, $value) = each ($HTTP_POST_VARS)) {
#
# Verify an actual user that is being approved.
#
if (! TBCurrentUser($user)) {
if (! ($target_user = User::Lookup($user))) {
TBERROR("Trying to approve unknown user $user.", 1);
}
# Ditto the project.
if (! ($target_project = Project::Lookup($project))) {
TBERROR("Trying to approve user into unknown project $project.", 1);
}
# Ditto the group.
if (! ($target_group = Group::LookupByPidGid($project, $group))) {
TBERROR("Trying to approve user into unknown group $group", 1);
}
#
# Check that the current uid has the necessary trust level
# to approver users in the project/group. Also, only project leaders
# can add someone to the default group as group_root.
#
if (! TBProjAccessCheck($uid, $project, $group, $TB_PROJECT_ADDUSER)) {
if (! $target_group->AccessCheck($this_user, $TB_PROJECT_ADDUSER)) {
USERERROR("You are not allowed to approve users in ".
"$project/$group!", 1);
}
if (strcmp($newtrust, "group_root") == 0 &&
strcmp($group, $project) == 0) {
if (! TBProjAccessCheck($uid, $project, $group,
$TB_PROJECT_BESTOWGROUPROOT)) {
USERERROR("You do not have permission to add new users with group ".
"root trust to the default group!", 1);
}
if ($newtrust == "group_root" && $project == $group &&
!$target_project->AccessCheck($this_user,
$TB_PROJECT_BESTOWGROUPROOT)) {
USERERROR("You do not have permission to add new users with group ".
"root trust to the default group!", 1);
}
#
# Check if already approved in the project/group. If already an
# approved member, something went wrong.
#
TBGroupMember($user, $project, $group, $isapproved);
$target_group->IsMember($target_user, $isapproved);
if ($isapproved) {
USERERROR("$user is already an approved member of ".
"$project/$group!", 1);
......@@ -146,12 +154,12 @@ while (list ($header, $value) = each ($HTTP_POST_VARS)) {
if (strcmp($project, $group) == 0 &&
(strcmp($approval, "deny") == 0 ||
strcmp($approval, "nuke") == 0)) {
$query_result =
DBQueryFatal("select gid from group_membership ".
"where uid='$user' and pid='$project' and pid!=gid");
while ($row = mysql_fetch_array($query_result)) {
$gid = $row[gid];
# List of subgroup membership in this project.
$grouplist = $target_project->GroupList($target_user);
foreach ($grouplist as $subgroup) {
$gid = $subgroup->gid();
#
# Create and indirect through post var for subgroup approval value.
......@@ -183,7 +191,7 @@ while (list ($header, $value) = each ($HTTP_POST_VARS)) {
if (strcmp($project, $group) == 0)
continue;
TBGroupMember($user, $project, $project, $isapproved);
$target_project->IsMember($target_user, $isapproved);
if ($isapproved)
continue;
......@@ -236,6 +244,14 @@ while (list ($user, $value) = each ($projectchecks)) {
#echo "$user $pid $gid $trust $foo $bar<br>\n";
if (! ($target_group = Group::LookupByPidGid($pid, $gid))) {
TBERROR("Could not find group object for $project/$group", 1);
}
if (! ($target_user = User::Lookup($user))) {
TBERROR("Could not find user object for $user", 1);
}
#
# This looks for different trust levels in different subgroups
# of the same project. We are only checking the form arguments
......@@ -258,8 +274,7 @@ while (list ($user, $value) = each ($projectchecks)) {
}
$pidlist[$pid] = $pid;
# Check vs. the database
TBCheckGroupTrustConsistency($user, $pid, $gid, $trust, 1);
$target_group->CheckTrustConsistency($target_user, $trust, 1);
}
reset($value);
......@@ -298,27 +313,32 @@ while (list ($header, $value) = each ($POST_VARS_COPY)) {
# and we will change it to "unapproved" or "active", respectively.
# If the status is "active", we leave it alone.
#
$query_result =
DBQueryFatal("SELECT status,usr_email,usr_name from users where ".
"uid='$user'");
if (mysql_num_rows($query_result) == 0) {
TBERROR("Unknown user $user", 1);
if (! ($target_user = User::Lookup($user))) {
TBERROR("Trying to approve unknown user $user.", 1);
}
$row = mysql_fetch_row($query_result);
$curstatus = $row[0];
$user_email = $row[1];
$user_name = $row[2];
$curstatus = $target_user->status();
$user_email = $target_user->email();
$user_name = $target_user->name();
#echo "Status = $curstatus, Email = $user_email<br>\n";
# Ditto the project and group
if (! ($target_project = Project::Lookup($project))) {
TBERROR("Trying to approve user into unknown project $project.", 1);
}
if (! ($target_group = Group::LookupByPidGid($project, $group))) {
TBERROR("Trying to approve user into unknown group $group", 1);
}
#
# Email info for current user.
#
TBUserInfo($uid, $uid_name, $uid_email);
#
$uid_name = $this_user->name();
$uid_email = $this_user->email();
#
# Email info for the proj/group leaders too.
#
$leaders = TBLeaderMailList($project,$group);
$leaders = $target_group->LeaderMailList();
#
# Well, looks like everything is okay. Change the project membership
......@@ -335,10 +355,7 @@ while (list ($header, $value) = each ($POST_VARS_COPY)) {
# Must delete the group_membership record since we require that the
# user reapply once denied. Send the luser email to let him know.
#
$query_result =
DBQueryFatal("delete from group_membership ".
"where uid='$user' and pid='$project' and ".
" gid='$group'");
$target_group->DeleteMember($target_user);
TBMAIL("$user_name '$user' <$user_email>",
"Membership Denied in '$project/$group'",
......@@ -365,21 +382,17 @@ while (list ($header, $value) = each ($POST_VARS_COPY)) {
# Must delete the group_membership record since we require that the
# user reapply once denied. Send the luser email to let him know.
#
$query_result =
DBQueryFatal("delete from group_membership ".
"where uid='$user' and pid='$project' and ".
" gid='$group'");
$target_group->DeleteMember($target_user);
#
# See if user is in any other projects (even unapproved).
#
$query_result =
DBQueryFatal("select * from group_membership where uid='$user'");
$project_list = $target_user->ProjectMembershipList();
#
# If yes, then we cannot safely delete the user account.
#
if (mysql_num_rows($query_result)) {
if (count($project_list)) {
echo "<p>
User $user was <b>denied</b> membership in $project/$group.
<br>
......@@ -436,11 +449,9 @@ while (list ($header, $value) = each ($POST_VARS_COPY)) {
}
if (!($user_interface = TBGetDefaultProjectUserInterface($project)))
$user_interface = TBDB_USER_INTERFACE_EMULAB;
DBQueryFatal("UPDATE users set ".
" status='$newstatus', ".
" user_interface='$user_interface' ".
"WHERE uid='$user'");
$target_user->SetUserInterface($user_interface);
$target_user->SetStatus($newstatus);
#
# Create user account on control node.
......
www/approveuser_form.php3
View file @ c108da6a
<?php
#
# EMULAB-COPYRIGHT
# Copyright (c) 2000-2003 University of Utah and the Flux Group.
# Copyright (c) 2000-2003, 2006 University of Utah and the Flux Group.
# All rights reserved.
#
include("defs.php3");
......@@ -9,13 +9,25 @@ include("defs.php3");
#
# Standard Testbed Header
#
PAGEHEADER("New Users Approval Form");
PAGEHEADER("New User Approval");
#
# Only known and logged in users can be verified.
#
$auth_usr = GETLOGIN();
LOGGEDINORDIE($auth_usr);
$this_user = CheckLoginOrDie();
$auth_usr = $this_user->uid();
$auth_usridx = $this_user->uid_idx();
#
# Find all of the groups that this person has project/group root in, and
# then in all of those groups, all of the people who are awaiting to be
# approved (status = none).
#
$approvelist = $this_user->ApprovalList(1);
if (count($approvelist) == 0) {
USERERROR("You have no new project members who need approval.", 1);
}
echo "
<h2>Approve new users in your Project or Group</h2>
......@@ -79,44 +91,6 @@ echo "
\n";
#
# Find all of the groups that this person has project/group root in, and
# then in all of those groups, all of the people who are awaiting to be
# approved (status = none).
#
# First off, just determine if this person has group/project root anywhere.
#
$query_result =
DBQueryFatal("SELECT pid FROM group_membership WHERE uid='$auth_usr' ".
"and (trust='group_root' or trust='project_root')");
if (mysql_num_rows($query_result) == 0) {
USERERROR("You do not have Root permissions in any Project or Group.", 1);
}
#
# Okay, so this operation sucks out the right people by joining the
# group_membership table with itself. Kinda obtuse if you are not a natural
# DB guy. Sorry. Well, obtuse to me.
#
$query_result =
DBQueryFatal("select g.* from group_membership as authed ".
"left join group_membership as g on ".
" g.pid=authed.pid and g.gid=authed.gid ".
"left join users as u on u.uid=g.uid ".
"where u.status!='".
TBDB_USERSTATUS_UNVERIFIED . "' and ".
" u.status!='" . TBDB_USERSTATUS_NEWUSER .
"' and g.uid!='$auth_usr' and ".
" g.trust='". TBDB_TRUSTSTRING_NONE . "' ".
" and authed.uid='$auth_usr' and ".
" (authed.trust='group_root' or ".
" authed.trust='project_root') ".
"ORDER BY g.uid,g.pid,g.gid");
if (mysql_num_rows($query_result) == 0) {
USERERROR("You have no new project members who need approval.", 1);
}
#
# Now build a table with a bunch of selections. The thing to note about the
# form inside this table is that the selection fields are constructed with
......@@ -151,11 +125,22 @@ echo "<tr>
echo "<form action='approveuser.php3' method='post'>\n";
while ($usersrow = mysql_fetch_array($query_result)) {
$newuid = $usersrow[uid];
$pid = $usersrow[pid];
$gid = $usersrow[gid];
$date_applied = $usersrow[date_applied];
while (list ($uid_idx, $grouplist) = each ($approvelist)) {
if (! ($user = User::Lookup($uid_idx))) {
TBERROR("Could not lookup user $uid_idx", 1);
}
# Iterate over groups for this user.
for ($i = 0; $i < count($grouplist); $i++) {
$group = $grouplist[$i];
$newuid = $user->uid();
$gid = $group->gid();
$gid_idx = $group->gid_idx();
$pid = $group->pid();
$pid_idx = $group->pid_idx();
$group->MemberShipInfo($user, $trust, $date_applied, $date_approved);
#
# Cause this field was added late and might be null.
......@@ -164,21 +149,17 @@ while ($usersrow = mysql_fetch_array($query_result)) {
$date_applied = "--";
}
$userinfo_result =
DBQueryFatal("SELECT * from users where uid='$newuid'");
$row = mysql_fetch_array($userinfo_result);
$name = $row[usr_name];
$email = $row[usr_email];
$title = $row[usr_title];
$affil = $row[usr_affil];
$addr = $row[usr_addr];
$addr2 = $row[usr_addr2];
$city = $row[usr_city];
$state = $row[usr_state];
$zip = $row[usr_zip];
$country = $row[usr_country];
$phone = $row[usr_phone];
$name = $user->name();
$email = $user->email();
$title = $user->title();
$affil = $user->affil();
$addr = $user->addr();
$addr2 = $user->addr2();
$city = $user->city();
$state = $user->state();
$zip = $user->zip();
$country = $user->country();
$phone = $user->phone();
echo "<tr>
<td rowspan=2>$newuid</td>
......@@ -195,14 +176,16 @@ while ($usersrow = mysql_fetch_array($query_result)) {
</td>
<td rowspan=2>
<select name=\"$newuid\$\$trust-$pid/$gid\">\n";
if (TBCheckGroupTrustConsistency($newuid, $pid, $gid, "user", 0)) {