blob: a6766d5bc7660703b676e78e4fb15aec45c4221c [file] [log] [blame]
<?php
use Airavata\Model\Group\ResourcePermissionType;
class SharingUtilities {
/**
* Determine if the resource has been shared with any users.
*
* @param $resourceId Experiment or Project ID
* @return True if the resource has been shared, false otherwise.
*/
public static function resourceIsShared($resourceId) {
$read = GrouperUtilities::getAllAccessibleUsers($resourceId, ResourcePermissionType::READ);
return (count($read) > 0 ? true : false);
}
/**
* Determine if the user has read privileges on the resource.
*
* @param $uid The user to check
* @param $resourceId Experiment or Project ID
* @return True if the user has read permission, false otherwise.
*/
public static function userCanRead($uid, $resourceId) {
return Airavata::userHasAccess(Session::get('authz-token'), $resourceId, ResourcePermissionType::READ);
}
/**
* Determine if the user has write privileges on the resource.
*
* @param $uid The user to check
* @param $resourceId Experiment or Project ID
* @return True if the user has write permission, false otherwise.
*/
public static function userCanWrite($uid, $resourceId) {
return Airavata::userHasAccess(Session::get('authz-token'), $resourceId, ResourcePermissionType::WRITE);
}
/**
* Get the permissions settings for the specified resource.
*
* @param $resourceId Experiment or Project ID
* @return An array [$uid => [read => bool, write => bool, owner => bool]]
*/
public static function getAllUserPermissions($resourceId) {
$users = array();
$read = GrouperUtilities::getAllAccessibleUsers($resourceId, ResourcePermissionType::READ);
$write = GrouperUtilities::getAllAccessibleUsers($resourceId, ResourcePermissionType::WRITE);
$owner = GrouperUtilities::getAllAccessibleUsers($resourceId, ResourcePermissionType::OWNER);
foreach($read as $uid) {
if ($uid !== Session::get('username') && UserProfileUtilities::does_user_profile_exist($uid)) {
$users[$uid] = array('read' => true, 'write' => false);
}
}
foreach($write as $uid) {
if ($uid !== Session::get('username') && UserProfileUtilities::does_user_profile_exist($uid)) {
$users[$uid]['write'] = true;
}
}
foreach($owner as $uid) {
if ($uid !== Session::get('username') && UserProfileUtilities::does_user_profile_exist($uid)) {
$users[$uid]['owner'] = true;
}
}
return $users;
}
/**
* Retrieve profile information for all user in the supplied list.
*
* @param $uids An array of uids
* @return An array [uid => [firstname => string, lastname => string, email => string]]
*/
public static function getUserProfiles($uids) {
// FIXME: instead of loading all user profiles it would be better to
// have the user search for users and just load profiles matching the search
$all_profiles = SharingUtilities::convertUserProfilesToSharingProfiles(UserProfileUtilities::get_all_user_profiles(0, 100000));
// Log::debug("all_profiles", array($all_profiles));
$uids = array_filter($uids, function($uid) use ($all_profiles) {
return ($uid !== Session::get('username') && array_key_exists($uid, $all_profiles));
});
$profiles = array();
foreach ($uids as $uid) {
$profiles[$uid] = $all_profiles[$uid];
}
return $profiles;
}
private static function convertUserProfilesToSharingProfiles($user_profiles) {
$sharing_profiles = array();
foreach ($user_profiles as $user_profile) {
$sharing_profile = array(
'firstname' => $user_profile->firstName,
'lastname' => $user_profile->lastName,
'email' => $user_profile->emails[0],
);
$sharing_profiles[$user_profile->userId] = $sharing_profile;
}
return $sharing_profiles;
}
/**
* Retrieve profile and permissions information for users with access to the given resource.
*
* @param $resourceId Experiment or Project ID
* @return An array [uid => [firstname => string, lastname => string, email => string, access => [read => bool, write => bool]]]
*/
public static function getProfilesForSharedUsers($resourceId) {
$perms = SharingUtilities::getAllUserPermissions($resourceId);
$profs = SharingUtilities::getUserProfiles(array_keys($perms));
foreach ($profs as $uid => $prof) {
$prof["access"] = $perms[$uid];
$profs[$uid] = $prof;
}
return $profs;
}
/**
* Retrieve profile and permissions information for users without access to the given resource.
*
* @param $resourceId Experiment or Project ID
* @return An array [uid => [firstname => string, lastname => string, email => string]] of all users without access
*/
public static function getProfilesForUnsharedUsers($resourceId) {
$users = GrouperUtilities::getAllGatewayUsers();
$read = GrouperUtilities::getAllAccessibleUsers($resourceId, ResourcePermissionType::READ);
$unshared = array_diff($users, $read);
return SharingUtilities::getUserProfiles($unshared);
}
/**
* Retrieve profile and permissions information for all users for the given resource.
*
*
* @param $resourceId Experiment or Project ID
* @return An array [uid => [firstname => string, lastname => string, email => string, access => [read => bool, write => bool, owner => bool]]]
* with access only defined for users with permissions.
*/
public static function getAllUserProfiles($resourceId=null) {
$profs = SharingUtilities::getUserProfiles(GrouperUtilities::getAllGatewayUsers());
if ($resourceId) {
$perms = SharingUtilities::getAllUserPermissions($resourceId);
foreach ($perms as $uid => $access) {
$profs[$uid]['access'] = $access;
}
}
return $profs;
}
public static function mixProjectPermissionsWithExperiment($projectId, $expId) {
$proj = SharingUtilities::getProfilesForSharedUsers($projectId);
$exp = SharingUtilities::getProfilesForSharedUsers($expId);
foreach ($proj as $uid => $prof) {
if (!array_key_exists($uid, $exp)) {
$exp[$uid] = $prof;
}
}
return $exp;
}
public static function updateAllUsersListWithPrivileges($shared) {
$users = SharingUtilities::getAllUserProfiles();
foreach ($shared as $uid => $prof) {
$users[$uid] = $shared[$uid];
}
return $users;
}
public static function getSharedResourceOwner($resourceId) {
$owners = GrouperUtilities::getAllAccessibleUsers($resourceId, ResourcePermissionType::OWNER);
if (count($owners) != 1) {
Log::error("Got more than one shared resource owner!", array($resourceId, $owners));
throw new Exception("Expected exactly 1 owner for $resourceId!");
} else {
return $owners[0];
}
}
}
?>