Google Git
Sign in
apache / vcl / cf6d0405fad42c80f820b91c36f9cc0f6a5ee905 / . / web / .ht-inc / privileges.php
blob: 9db653bb4ee3f01ba96ec0363fe624e3e9ae98b5 [file] [log] [blame]
<?php
/*
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
/**
* \file
*/
/// signifies an error with the submitted new node name
define("NEWNODENAMEERR", 1);
/// signifies an error with the submitted new user id
define("NEWUSERERR", 1);
/// signifies no privs were submitted with the new user
define("ADDUSERNOPRIVS", 1 << 1);
////////////////////////////////////////////////////////////////////////////////
///
/// \fn viewNodes()
///
/// \brief prints a node privilege tree and the privliges at the node
///
////////////////////////////////////////////////////////////////////////////////
function viewNodes() {
global $user;
# FIXME change activeNode if current one has been deleted
$mode = processInputVar("mode", ARG_STRING);
$tmp = processInputVar("openNodes", ARG_STRING);
if($tmp != "")
$openNodes = explode(":", $tmp);
else {
if(! empty($_COOKIE["VCLNODES"]))
$openNodes = explode(":", $_COOKIE["VCLNODES"]);
else
$openNodes = array(DEFAULT_PRIVNODE);
}
$topNodes = getChildNodes();
if(count($topNodes)) {
$keys = array_keys($topNodes);
$defaultActive = array_shift($keys);
}
$activeNode = processInputVar("activeNode", ARG_NUMERIC);
if(empty($activeNode))
if(! empty($_COOKIE["VCLACTIVENODE"]) &&
nodeExists($_COOKIE['VCLACTIVENODE']))
$activeNode = $_COOKIE["VCLACTIVENODE"];
else
$activeNode = $defaultActive;
$hasNodeAdmin = checkUserHasPriv("nodeAdmin", $user["id"], $activeNode);
# tree
print "<H2>Privilege Tree</H2>\n";
/*if($mode == "submitAddChildNode") {
print "<font color=\"#008000\">Node successfully added to tree";
print "</font><br><br>\n";
}
if($mode == "submitDeleteNode") {
print "<font color=\"#008000\">Nodes successfully deleted from tree";
print "</font><br><br>\n";
}*/
print "<dojo:TreeSelector widgetId=treeSelector eventNames=select:nodeSelected></dojo:TreeSelector>\n";
#print "<dojo:TreeRPCController RPCUrl=local widgetId=treeController></dojo:TreeRPCController>\n";
print "<div dojoType=Tree widgetId=privTree selector=treeSelector>\n";
recursivePrintNodes2($topNodes, $openNodes, $activeNode);
print "</div>\n";
print "<div id=treebuttons>\n";
if($hasNodeAdmin) {
$openNodes = implode(":", $openNodes);
print "<TABLE>\n";
print " <TR valign=top>\n";
print " <TD><FORM action=\"" . BASEURL . SCRIPT . "\" method=post>\n";
print " <button id=addNodeBtn dojoType=Button ";
print "onClick=\"showAddNodePane(); return false;\">";
print "Add Child</button>\n";
print " </FORM></TD>\n";
print " <TD><FORM action=\"" . BASEURL . SCRIPT . "\" method=post>\n";
print " <button id=deleteNodeBtn dojoType=Button onClick=\"dojo.widget.byId('deleteDialog').show();\">";
print "Delete Node and Children</button>\n";
print " </FORM></TD>\n";
print " </TR>\n";
print "</TABLE>\n";
}
print "</div>\n";
$cont = addContinuationsEntry('selectNode');
print "<INPUT type=hidden id=nodecont value=\"$cont\">\n";
# privileges
print "<H2>Privileges at Selected Node</H2>\n";
$node = $activeNode;
if($openNodes == "")
$openNodes = DEFAULT_PRIVNODE;
$nodeInfo = getNodeInfo($node);
$privs = getNodePrivileges($node);
$cascadePrivs = getNodeCascadePrivileges($node);
$usertypes = getTypes("users");
$i = 0;
$hasUserGrant = checkUserHasPriv("userGrant", $user["id"], $node,
$privs, $cascadePrivs);
$hasResourceGrant = checkUserHasPriv("resourceGrant", $user["id"],
$node, $privs, $cascadePrivs);
print "<div id=nodePerms>\n";
# users
print "<A name=\"users\"></a>\n";
print "<div id=usersDiv>\n";
print "<H3>Users</H3>\n";
print "<FORM id=usersform action=\"" . BASEURL . SCRIPT . "#users\" method=post>\n";
$users = array();
if(count($privs["users"]) || count($cascadePrivs["users"])) {
print "<TABLE border=1 summary=\"\">\n";
print " <TR>\n";
print " <TD></TD>\n";
print " <TH bgcolor=gray style=\"color: black;\">Block<br>Cascaded<br>Rights</TH>\n";
print " <TH bgcolor=\"#008000\" style=\"color: black;\">Cascade<br>to Child<br>Nodes</TH>\n";
foreach($usertypes["users"] as $type) {
$img = getImageText($type);
print " <TD>$img</TD>\n";
}
print " </TR>\n";
$users = array_unique(array_merge(array_keys($privs["users"]),
array_keys($cascadePrivs["users"])));
sort($users);
foreach($users as $_user) {
printUserPrivRow($_user, $i, $privs["users"], $usertypes["users"],
$cascadePrivs["users"], 'user', ! $hasUserGrant);
$i++;
}
print "</TABLE>\n";
print "<div id=lastUserNum class=hidden>" . ($i - 1) . "</div>\n";
if($hasUserGrant) {
$cont = addContinuationsEntry('AJchangeUserPrivs');
print "<INPUT type=hidden id=changeuserprivcont value=\"$cont\">\n";
}
}
else {
print "There are no user privileges at the selected node.<br>\n";
}
if($hasUserGrant) {
print "<BUTTON id=addUserBtn dojoType=Button onclick=\"showAddUserPane(); return false;\">";
print "Add User</button>\n";
}
print "</FORM>\n";
print "</div>\n";
# groups
print "<A name=\"groups\"></a>\n";
print "<div id=usergroupsDiv>\n";
print "<H3>User Groups</H3>\n";
if(count($privs["usergroups"]) || count($cascadePrivs["usergroups"])) {
print "<FORM action=\"" . BASEURL . SCRIPT . "#groups\" method=post>\n";
print "<div id=firstUserGroupNum class=hidden>$i</div>";
print "<TABLE border=1 summary=\"\">\n";
print " <TR>\n";
print " <TD></TD>\n";
print " <TH bgcolor=gray style=\"color: black;\">Block<br>Cascaded<br>Rights</TH>\n";
#$img = getImageText("Block Cascaded Rights");
#print " <TD>$img</TD>\n";
print " <TH bgcolor=\"#008000\" style=\"color: black;\">Cascade<br>to Child<br>Nodes</TH>\n";
#$img = getImageText("Cascade to Child Nodes");
#print " <TD>$img</TD>\n";
foreach($usertypes["users"] as $type) {
$img = getImageText($type);
print " <TH>$img</TH>\n";
}
print " </TR>\n";
$groups = array_unique(array_merge(array_keys($privs["usergroups"]),
array_keys($cascadePrivs["usergroups"])));
sort($groups);
foreach($groups as $group) {
printUserPrivRow($group, $i, $privs["usergroups"], $usertypes["users"],
$cascadePrivs["usergroups"], 'group', ! $hasUserGrant);
$i++;
}
print "</TABLE>\n";
print "<div id=lastUserGroupNum class=hidden>" . ($i - 1) . "</div>";
if($hasUserGrant) {
$cont = addContinuationsEntry('AJchangeUserGroupPrivs');
print "<INPUT type=hidden id=changeusergroupprivcont value=\"$cont\">\n";
}
}
else {
print "There are no user group privileges at the selected node.<br>\n";
$groups = array();
}
if($hasUserGrant) {
print "<BUTTON id=addGroupBtn dojoType=Button onclick=\"showAddUserGroupPane(); return false;\">";
print "Add Group</button>\n";
}
print "</FORM>\n";
print "</div>\n";
# resources
$resourcetypes = array("available", "administer", "manageGroup");
print "<A name=\"resources\"></a>\n";
print "<div id=resourcesDiv>\n";
print "<H3>Resources</H3>\n";
print "<FORM id=resourceForm action=\"" . BASEURL . SCRIPT . "#resources\" method=post>\n";
if(count($privs["resources"]) || count($cascadePrivs["resources"])) {
print "<TABLE border=1 summary=\"\">\n";
print " <TR>\n";
print " <TH>Group<br>Name</TH>\n";
print " <TH>Group<br>Type</TH>\n";
print " <TH bgcolor=gray style=\"color: black;\">Block<br>Cascaded<br>Rights</TH>\n";
print " <TH bgcolor=\"#008000\" style=\"color: black;\">Cascade<br>to Child<br>Nodes</TH>\n";
foreach($resourcetypes as $type) {
$img = getImageText("$type");
print " <TH>$img</TH>\n";
}
print " </TR>\n";
$resources = array_unique(array_merge(array_keys($privs["resources"]),
array_keys($cascadePrivs["resources"])));
sort($resources);
$resourcegroups = getResourceGroups();
$resgroupmembers = getResourceGroupMembers();
foreach($resources as $resource) {
printResourcePrivRow($resource, $i, $privs["resources"], $resourcetypes,
$resourcegroups, $resgroupmembers,
$cascadePrivs["resources"], ! $hasResourceGrant);
$i++;
}
print "</TABLE>\n";
if($hasResourceGrant) {
$cont = addContinuationsEntry('AJchangeResourcePrivs');
print "<INPUT type=hidden id=changeresourceprivcont value=\"$cont\">\n";
}
}
else {
print "There are no resource group privileges at the selected node.<br>\n";
$resources = array();
}
if($hasResourceGrant) {
print "<BUTTON id=addResourceBtn dojoType=Button onclick=\"showAddResourceGroupPane(); return false;\">";
print "Add Resource Group</button>\n";
}
print "</FORM>\n";
print "</div>\n";
print "</div>\n";
print "<div dojoType=FloatingPane\n";
print " id=addUserPane\n";
print " title=\"Add User Permission\"\n";
print " constrainToContainer=false\n";
print " hasShadow=true\n";
print " resizable=true\n";
print " style=\"width: 520px; height: 410px; position: absolute; left: 15; top: 250px; display: none\"\n";
print ">\n";
print "<H2>Add User</H2>\n";
print "<div id=addPaneNodeName></div>\n";
print "<TABLE border=1 summary=\"\">\n";
print " <TR>\n";
print " <TD></TD>\n";
print " <TH bgcolor=gray style=\"color: black;\">Block<br>Cascaded<br>Rights</TH>\n";
print " <TH bgcolor=\"#008000\" style=\"color: black;\">Cascade<br>to Child<br>Nodes</TH>\n";
foreach($usertypes["users"] as $type) {
$img = getImageText($type);
print " <TD>$img</TD>\n";
}
print " </TR>\n";
print " <TR>\n";
print " <TD><INPUT type=text id=newuser name=newuser size=15";
print "></TD>\n";
# block rights
$count = count($usertypes) + 1;
print " <TD align=center bgcolor=gray><INPUT type=checkbox ";
print "dojoType=Checkbox id=blockchk name=block></TD>\n";
#cascade rights
print " <TD align=center bgcolor=\"#008000\" id=usercell0:0>";
print "<INPUT type=checkbox dojoType=Checkbox id=userck0:0 name=cascade ";
print "></TD>\n";
# normal rights
$j = 1;
foreach($usertypes["users"] as $type) {
print " <TD align=center id=usercell0:$j><INPUT type=checkbox ";
print "dojoType=Checkbox name=\"$type\" id=userck0:$j></TD>\n";
$j++;
}
print " </TR>\n";
print "</TABLE>\n";
print "<div id=addUserPrivStatus></div>\n";
print "<TABLE summary=\"\"><TR>\n";
print "<TD><button id=submitAddUserBtn dojoType=Button onclick=\"submitAddUser();\">";
print "Submit New User</button></TD>\n";
print "<TD><button id=cancelAddUserBtn dojoType=Button onclick=\"addUserPaneHide();\">";
print "Cancel</button></TD>\n";
print "</TR></TABLE>\n";
$cont = addContinuationsEntry('AJsubmitAddUserPriv');
print "<INPUT type=hidden id=addusercont value=\"$cont\">\n";
print "</div>\n";
print "<div dojoType=FloatingPane\n";
print " id=addUserGroupPane\n";
print " title=\"Add User Group Permission\"\n";
print " constrainToContainer=false\n";
print " hasShadow=true\n";
print " resizable=true\n";
print " style=\"width: 520px; height: 410px; position: absolute; left: 15; top: 450px; display: none\"\n";
print ">\n";
print "<H2>Add User Group</H2>\n";
print "<div id=addGroupPaneNodeName></div>\n";
print "<TABLE border=1 summary=\"\">\n";
print " <TR>\n";
print " <TD></TD>\n";
print " <TH bgcolor=gray style=\"color: black;\">Block<br>Cascaded<br>Rights</TH>\n";
print " <TH bgcolor=\"#008000\" style=\"color: black;\">Cascade<br>to Child<br>Nodes</TH>\n";
foreach($usertypes["users"] as $type) {
$img = getImageText($type);
print " <TD>$img</TD>\n";
}
print " </TR>\n";
print " <TR>\n";
print " <TD>\n";
# FIXME should $groups be only the user's groups?
$groups = getUserGroups(0, $user['affiliationid']);
if(array_key_exists(82, $groups))
unset($groups[82]); # remove None group
printSelectInput("newgroupid", $groups, -1, 0, 0, 'newgroupid');
print " </TD>\n";
# block rights
print " <TD align=center bgcolor=gray><INPUT type=checkbox ";
print "dojoType=Checkbox id=blockgrpchk name=blockgrp></TD>\n";
#cascade rights
print " <TD align=center bgcolor=\"#008000\" id=grpcell0:0>";
print "<INPUT type=checkbox dojoType=Checkbox id=usergrpck0:0 ";
print "name=cascadegrp></TD>\n";
# normal rights
$j = 1;
foreach($usertypes["users"] as $type) {
print " <TD align=center id=usergrpcell0:$j><INPUT type=checkbox ";
print "dojoType=Checkbox name=\"$type\" id=usergrpck0:$j></TD>\n";
$j++;
}
print " </TR>\n";
print "</TABLE>\n";
print "<div id=addUserGroupPrivStatus></div>\n";
print "<TABLE summary=\"\"><TR>\n";
print "<TD><button id=submitAddGroupBtn dojoType=Button onclick=\"submitAddUserGroup();\">";
print "Submit New User Group</button></TD>\n";
print "<TD><button id=cancelAddGroupBtn dojoType=Button onclick=\"addUserGroupPaneHide();\">";
print "Cancel</button></TD>\n";
print "</TR></TABLE>\n";
$cont = addContinuationsEntry('AJsubmitAddUserGroupPriv');
print "<INPUT type=hidden id=addusergroupcont value=\"$cont\">\n";
print "</div>\n";
print "<div dojoType=FloatingPane\n";
print " id=addResourceGroupPane\n";
print " title=\"Add Resource Group Permission\"\n";
print " constrainToContainer=false\n";
print " hasShadow=true\n";
print " resizable=true\n";
print " style=\"width: 520px; height: 410px; position: absolute; left: 15; top: 450px; display: none\"\n";
print ">\n";
print "<H2>Add Resource Group</H2>\n";
print "<div id=addResourceGroupPaneNodeName></div>\n";
print "<TABLE border=1 summary=\"\">\n";
print " <TR>\n";
print " <TD></TD>\n";
print " <TH bgcolor=gray style=\"color: black;\">Block<br>Cascaded<br>Rights</TH>\n";
print " <TH bgcolor=\"#008000\" style=\"color: black;\">Cascade<br>to Child<br>Nodes</TH>\n";
$resourcetypes = array("available", "administer", "manageGroup");
foreach($resourcetypes as $type) {
$img = getImageText("$type");
print " <TH>$img</TH>\n";
}
print " </TR>\n";
print " <TR>\n";
print " <TD>\n";
$resources = array();
$privs = array("computerAdmin","mgmtNodeAdmin", "imageAdmin", "scheduleAdmin");
$resourcesgroups = getUserResources($privs, array("manageGroup"), 1);
foreach(array_keys($resourcesgroups) as $type) {
foreach($resourcesgroups[$type] as $id => $group) {
$resources[$id] = $type . "/" . $group;
}
}
printSelectInput("newresourcegroupid", $resources, -1, 0, 0, 'newresourcegroupid');
print " </TD>\n";
# block rights
print " <TD align=center bgcolor=gray><INPUT type=checkbox ";
print "dojoType=Checkbox id=blockresgrpck name=blockresgrp></TD>\n";
#cascade rights
print " <TD align=center bgcolor=\"#008000\" id=resgrpcell0:0>";
print "<INPUT type=checkbox dojoType=Checkbox id=resgrpck0:0 ";
print "name=cascaderesgrp></TD>\n";
# normal rights
print " <TD align=center id=resgrpcell0:1><INPUT type=checkbox ";
print "dojoType=Checkbox name=available id=resgrpck0:1></TD>\n";
print " <TD align=center id=resgrpcell0:2><INPUT type=checkbox ";
print "dojoType=Checkbox name=administer id=resgrpck0:2></TD>\n";
print " <TD align=center id=resgrpcell0:3><INPUT type=checkbox ";
print "dojoType=Checkbox name=manageGroup id=resgrpck0:3></TD>\n";
print " </TR>\n";
print "</TABLE>\n";
print "<div id=addResourceGroupPrivStatus></div>\n";
print "<TABLE summary=\"\"><TR>\n";
print "<TD><button dojoType=Button onclick=\"submitAddResourceGroup();\">";
print "Submit New Resource Group</button></TD>\n";
print "<TD><button dojoType=Button onclick=\"addResourceGroupPaneHide();\">";
print "Cancel</button></TD>\n";
print "</TR></TABLE>\n";
$cont = addContinuationsEntry('AJsubmitAddResourcePriv');
print "<INPUT type=hidden id=addresourcegroupcont value=\"$cont\">\n";
print "</div>\n";
print "<div dojoType=FloatingPane\n";
print " id=addNodePane\n";
print " title=\"Add Child Node\"\n";
print " constrainToContainer=false\n";
print " hasShadow=true\n";
print " resizable=true\n";
print " style=\"width: 280px; height: 200px; position: absolute; left: 15; top: 150px; display: none\"\n";
print ">\n";
print "<H2>Add Child Node</H2>\n";
print "<div id=addChildNodeName></div>\n";
print "<strong>New Node:</strong> <INPUT type=text id=childNodeName>\n";
print "<div id=addChildNodeStatus></div>\n";
print "<TABLE summary=\"\"><TR>\n";
print "<TD><button id=submitAddNodeBtn dojoType=Button onclick=\"submitAddChildNode();\">";
print "Create Child</button></TD>\n";
print "<TD><button id=cancelAddNodeBtn dojoType=Button onclick=\"addNodePaneHide();\">";
print "Cancel</button></TD>\n";
print "</TR></TABLE>\n";
$cont = addContinuationsEntry('AJsubmitAddChildNode');
print "<INPUT type=hidden id=addchildcont value=\"$cont\"\n>";
print "</div>\n";
print "<div dojoType=dialog id=deleteDialog bgColor=white bgOpacity=0.5 toggle=fade toggleDuration=250>\n";
print "Delete the following node and all of its children?<br><br>\n";
print "<div id=deleteNodeName></div><br>\n";
print "<div align=center>\n";
print "<TABLE summary=\"\"><TR>\n";
print "<TD><button id=submitDeleteNodeBtn dojoType=Button onClick=\"deleteNode();\">";
print "Delete Nodes</button></TD>\n";
print "<TD><button id=cancelDeleteNodeBtn dojoType=Button ";
print "onClick=\"dojo.widget.byId('deleteDialog').hide();\">Cancel</button>";
print "</TD>\n";
print "</TR></TABLE>\n";
$cont = addContinuationsEntry('AJsubmitDeleteNode');
print "<INPUT type=hidden id=delchildcont value=\"$cont\"\n>";
print "</div>\n";
print "</div>\n";
print "<div dojoType=dialog id=workingDialog bgColor=white bgOpacity=0.5 toggle=fade toggleDuration=250>\n";
print "Loading...\n";
print "</div>\n";
}
////////////////////////////////////////////////////////////////////////////////
///
/// \fn selectNode()
///
/// \brief generates html for ajax update to privileges page when a node is
/// clicked
///
////////////////////////////////////////////////////////////////////////////////
function selectNode() {
global $user;
$node = processInputVar("node", ARG_NUMERIC);
if(! empty($_COOKIE["VCLNODES"]))
$openNodes = $_COOKIE["VCLNODES"];
else
$openNodes = DEFAULT_PRIVNODE;
if(empty($node)) {
dbDisconnect();
exit;
}
$return = "";
$text = "";
$js = "";
$privs = getNodePrivileges($node);
$cascadePrivs = getNodeCascadePrivileges($node);
$usertypes = getTypes("users");
$i = 0;
$hasUserGrant = checkUserHasPriv("userGrant", $user["id"], $node,
$privs, $cascadePrivs);
$hasResourceGrant = checkUserHasPriv("resourceGrant", $user["id"],
$node, $privs, $cascadePrivs);
$hasNodeAdmin = checkUserHasPriv("nodeAdmin", $user["id"], $node, $privs,
$cascadePrivs);
if($hasNodeAdmin) {
$text .= "<TABLE>";
$text .= " <TR valign=top>";
$text .= " <TD><FORM action=\"" . BASEURL . SCRIPT . "\" method=post>";
$text .= " <button id=addNodeBtn dojoType=Button ";
$text .= "onClick=\"showAddNodePane(); return false;\">";
$text .= "Add Child</button>";
$text .= " </FORM></TD>";
$text .= " <TD><FORM action=\"" . BASEURL . SCRIPT . "\" method=post>";
$text .= " <button id=deleteNodeBtn dojoType=Button onClick=\"showDeleteNodeDialog();\">";
$text .= "Delete Node and Children</button>";
$text .= " </FORM></TD>";
$text .= " </TR>";
$text .= "</TABLE>";
}
$return .= setAttribute('treebuttons', 'innerHTML', $text);
$return .= "AJdojoCreate('treebuttons');";
# privileges
$text = "";
$text .= "<H3>Users</H3>";
$text .= "<FORM id=usersform action=\"" . BASEURL . SCRIPT . "#users\" method=post>";
$users = array();
if(count($privs["users"]) || count($cascadePrivs["users"])) {
$text .= "<TABLE border=1 summary=\"\">";
$text .= " <TR>";
$text .= " <TD></TD>";
$text .= " <TH bgcolor=gray style=\"color: black;\">Block<br>Cascaded<br>Rights</TH>";
$text .= " <TH bgcolor=\"#008000\" style=\"color: black;\">Cascade<br>to Child<br>Nodes</TH>";
foreach($usertypes["users"] as $type) {
$img = getImageText($type);
$text .= " <TD>$img</TD>";
}
$text .= " </TR>";
$users = array_unique(array_merge(array_keys($privs["users"]),
array_keys($cascadePrivs["users"])));
sort($users);
foreach($users as $_user) {
$tmpArr = getUserPrivRowHTML($_user, $i, $privs["users"],
$usertypes["users"], $cascadePrivs["users"], 'user',
! $hasUserGrant);
$text .= $tmpArr['html'];
$js .= $tmpArr['javascript'];
$i++;
}
$text .= "</TABLE>";
$text .= "<div id=lastUserNum class=hidden>" . ($i - 1) . "</div>";
if($hasUserGrant) {
$cont = addContinuationsEntry('AJchangeUserPrivs');
$text .= "<INPUT type=hidden id=changeuserprivcont value=\"$cont\">";
}
}
else {
$text .= "There are no user privileges at the selected node.<br>";
}
if($hasUserGrant) {
$text .= "<BUTTON id=addUserBtn dojoType=Button onClick=\"showAddUserPane(); return false;\">";
$text .= "Add User</button>";
}
$text .= "</FORM>";
$return .= setAttribute('usersDiv', 'innerHTML', $text);
$return .= "AJdojoCreate('usersDiv');";
# groups
$text = "";
$text .= "<H3>User Groups</H3>";
if(count($privs["usergroups"]) || count($cascadePrivs["usergroups"])) {
$text .= "<FORM action=\"" . BASEURL . SCRIPT . "#groups\" method=post>";
$text .= "<div id=firstUserGroupNum class=hidden>$i</div>";
$text .= "<TABLE border=1 summary=\"\">";
$text .= " <TR>";
$text .= " <TD></TD>";
$text .= " <TH bgcolor=gray style=\"color: black;\">Block<br>Cascaded<br>Rights</TH>";
#$img = getImageText("Block Cascaded Rights");
#$text .= " <TD>$img</TD>";
$text .= " <TH bgcolor=\"#008000\" style=\"color: black;\">Cascade<br>to Child<br>Nodes</TH>";
#$img = getImageText("Cascade to Child Nodes");
#$text .= " <TD>$img</TD>";
foreach($usertypes["users"] as $type) {
$img = getImageText($type);
$text .= " <TH>$img</TH>";
}
$text .= " </TR>";
$groups = array_unique(array_merge(array_keys($privs["usergroups"]),
array_keys($cascadePrivs["usergroups"])));
sort($groups);
foreach($groups as $group) {
$tmpArr = getUserPrivRowHTML($group, $i, $privs["usergroups"],
$usertypes["users"], $cascadePrivs["usergroups"],
'group', ! $hasUserGrant);
$text .= $tmpArr['html'];
$js .= $tmpArr['javascript'];
$i++;
}
$text .= "</TABLE>";
$text .= "<div id=lastUserGroupNum class=hidden>" . ($i - 1) . "</div>";
if($hasUserGrant) {
$cont = addContinuationsEntry('AJchangeUserGroupPrivs');
$text .= "<INPUT type=hidden id=changeusergroupprivcont value=\"$cont\">";
}
}
else {
$text .= "There are no user group privileges at the selected node.<br>";
$groups = array();
}
if($hasUserGrant) {
$text .= "<BUTTON id=addGroupBtn dojoType=Button onclick=\"showAddUserGroupPane(); return false;\">";
$text .= "Add Group</button>";
}
$text .= "</FORM>";
$return .= setAttribute('usergroupsDiv', 'innerHTML', $text);
$return .= "AJdojoCreate('usergroupsDiv');";
# resources
$text = "";
$resourcetypes = array("available", "administer", "manageGroup");
$text .= "<H3>Resources</H3>";
$text .= "<FORM id=resourceForm action=\"" . BASEURL . SCRIPT . "#resources\" method=post>";
if(count($privs["resources"]) || count($cascadePrivs["resources"])) {
$text .= "<TABLE border=1 summary=\"\">";
$text .= " <TR>";
$text .= " <TH>Group<br>Name</TH>";
$text .= " <TH>Group<br>Type</TH>";
$text .= " <TH bgcolor=gray style=\"color: black;\">Block<br>Cascaded<br>Rights</TH>";
$text .= " <TH bgcolor=\"#008000\" style=\"color: black;\">Cascade<br>to Child<br>Nodes</TH>";
foreach($resourcetypes as $type) {
$img = getImageText("$type");
$text .= " <TH>$img</TH>";
}
$text .= " </TR>";
$resources = array_unique(array_merge(array_keys($privs["resources"]),
array_keys($cascadePrivs["resources"])));
sort($resources);
$resourcegroups = getResourceGroups();
$resgroupmembers = getResourceGroupMembers();
foreach($resources as $resource) {
$tmpArr = getResourcePrivRowHTML($resource, $i, $privs["resources"],
$resourcetypes, $resourcegroups, $resgroupmembers,
$cascadePrivs["resources"], ! $hasResourceGrant);
$text .= $tmpArr['html'];
$js .= $tmpArr['javascript'];
$i++;
}
$text .= "</TABLE>";
if($hasResourceGrant) {
$cont = addContinuationsEntry('AJchangeResourcePrivs');
$text .= "<INPUT type=hidden id=changeresourceprivcont value=\"$cont\">";
}
}
else {
$text .= "There are no resource group privileges at the selected node.<br>";
$resources = array();
}
if($hasResourceGrant) {
$text .= "<BUTTON id=addResourceBtn dojoType=Button onclick=\"showAddResourceGroupPane(); return false;\">";
$text .= "Add Resource Group</button>";
}
$text .= "</FORM>";
$return .= setAttribute('resourcesDiv', 'innerHTML', $text);
$return .= "AJdojoCreate('resourcesDiv');";
$return .= "showPrivileges();";
print $return;
print $js;
dbDisconnect();
exit;
}
////////////////////////////////////////////////////////////////////////////////
///
/// \fn recursivePrintNodes($nodelist, $openNodes, $activeNode)
///
/// \param $nodelist - array of nodes to print
/// \param $openNodes - array of nodes whose children should be printed
/// \param $activeNode - (optional) a selected node
///
/// \brief prints all nodes in $nodelist and any children of nodes in
/// $openNodes, if $activeNode is given, it is printed in red
///
////////////////////////////////////////////////////////////////////////////////
/*function recursivePrintNodes($nodelist, $openNodes, $activeNode="") {
print "<UL>\n";
foreach(array_keys($nodelist) as $id) {
$children = getChildNodes($id);
if(is_array($openNodes)) {
$openNodes_enc = implode(":", $openNodes);
if(! in_array($id, $openNodes))
$openNodesNew = implode(":", $openNodes) . ":$id";
else {
$tmp = $openNodes;
unset_by_val($id, $tmp);
$openNodesNew = implode(":", $tmp);
}
}
if(! is_array($openNodes) && $openNodes == "all") {
print " <img border=0 src=images/node.png> ";
print $nodelist[$id]["name"] . "<br>\n";
}
elseif(count($children)) {
if(in_array($id, $openNodes)) {
print " <a href=\"" . BASEURL . SCRIPT . "?mode=viewNodes&";
print "activeNode=$activeNode&openNodes=$openNodesNew\">";
print "<img border=0 src=images/collapse.png></a> ";
}
else {
print " <a href=\"" . BASEURL . SCRIPT . "?mode=viewNodes&";
print "activeNode=$activeNode&openNodes=$openNodesNew\">";
print "<img border=0 src=images/expand.png></a> ";
}
if($id == $activeNode) {
print "<font color=red>" . $nodelist[$id]["name"] . "</font><br>\n";
}
else {
print "<a href=\"" . BASEURL . SCRIPT . "?mode=viewNodes&";
print "activeNode=$id&openNodes=$openNodes_enc\">";
print "<font color=black>" . $nodelist[$id]["name"];
print "</font></a><br>\n";
}
}
else {
print " <img border=0 src=images/node.png> ";
if($id == $activeNode) {
print "<font color=red>" . $nodelist[$id]["name"] . "</font><br>\n";
}
else {
print "<a href=\"" . BASEURL . SCRIPT . "?mode=viewNodes&";
print "activeNode=$id&openNodes=$openNodes_enc\">";
print "<font color=black>" . $nodelist[$id]["name"];
print "</font></a><br>\n";
}
}
if((! is_array($openNodes) && $openNodes == "all") ||
in_array($id, $openNodes)) {
if(count($children)) {
recursivePrintNodes($children, $openNodes, $activeNode);
}
}
}
print "</UL>\n";
}*/
////////////////////////////////////////////////////////////////////////////////
///
/// \fn recursivePrintNodes2($nodelist, $openNodes, $activeNode)
///
/// \param $nodelist - array of nodes to print
/// \param $openNodes - array of nodes whose children should be printed
/// \param $activeNode - (optional) a selected node
///
/// \brief prints all nodes in $nodelist and any children of nodes in
/// $openNodes, if $activeNode is given, it is printed in red
///
////////////////////////////////////////////////////////////////////////////////
function recursivePrintNodes2($nodelist, $openNodes, $activeNode="") {
foreach(array_keys($nodelist) as $id) {
$opentext = "";
if(in_array($id, $openNodes))
$opentext = "expandLevel=1";
print " <div dojoType=\"TreeNode\" title=\"{$nodelist[$id]['name']}\" widgetId=$id $opentext>\n";
$children = getChildNodes($id);
if(count($children))
recursivePrintNodes2($children, $openNodes);
print " </div>\n";
}
return;
}
////////////////////////////////////////////////////////////////////////////////
///
/// \fn addChildNode()
///
/// \brief prints a page for adding a child node
///
////////////////////////////////////////////////////////////////////////////////
/*function addChildNode() {
global $submitErr;
$parent = processInputVar("activeNode", ARG_NUMERIC);
$nodeInfo = getNodeInfo($parent);
$newnode = processInputVar("newnode", ARG_STRING);
$openNodes = processInputVar("openNodes", ARG_STRING);
print "<H2>Add Child Node</H2>\n";
print "Add child to " . $nodeInfo["name"] . ":<br><br>\n";
print "<FORM action=\"" . BASEURL . SCRIPT . "\" method=post>\n";
print "<TABLE>\n";
print " <TR>\n";
print " <TH align=right>New Node:</TH>\n";
print " <TD><INPUT type=text name=newnode value=\"$newnode\"></TD>\n";
print " <TD>";
printSubmitErr($submitErr);
print "</TD>";
print " </TR>\n";
print " <TR>\n";
print " <TD colspan=2 align=right><INPUT type=submit value=Submit>";
print "</TD>\n";
print " <TD></TD>\n";
print " </TR>\n";
print "</TABLE>\n";
print "<INPUT type=hidden name=mode value=submitAddChildNode>\n";
print "<INPUT type=hidden name=openNodes value=$openNodes>\n";
print "<INPUT type=hidden name=activeNode value=$parent>\n";
print "</FORM>\n";
}*/
////////////////////////////////////////////////////////////////////////////////
///
/// \fn submitAddChildNode()
///
/// \brief processes input for adding a child node; if all is ok, adds node
/// to privnode table; checks to see if submitting user has nodeAdmin,
/// userGrant, and resourceGrant cascaded to the node; adds any of the privs
/// that aren't cascaded; calls viewNodes when finished
///
////////////////////////////////////////////////////////////////////////////////
/*function submitAddChildNode() {
global $submitErr, $submitErrMsg, $user, $nodechildren;
$parent = processInputVar("activeNode", ARG_NUMERIC);
$nodeInfo = getNodeInfo($parent);
$newnode = processInputVar("newnode", ARG_STRING);
$openNodes = processInputVar("openNodes", ARG_STRING);
if(! ereg('^[-A-Za-z0-9_. ]+$', $newnode)) {
$submitErr |= NEWNODENAMEERR;
$submitErrMsg[NEWNODENAMEERR] = "You can only use letters, numbers, "
. "spaces, dashes(-), dots(.), underscores(_), and spaces.";
}
# check to see if a node with the submitted name already exists
$query = "SELECT id "
. "FROM privnode "
. "WHERE name = '$newnode' AND "
. "parent = $parent";
$qh = doQuery($query, 335);
if(mysql_num_rows($qh)) {
$submitErr |= NEWNODENAMEERR;
$submitErrMsg[NEWNODENAMEERR] = "A node of that name already exists "
. "under " . $nodeInfo["name"];
}
if($submitErr) {
addChildNode();
return;
}
$query = "INSERT INTO privnode "
. "(parent, "
. "name) "
. "VALUES "
. "($parent, "
. "'$newnode')";
doQuery($query, 336);
$qh = doQuery("SELECT LAST_INSERT_ID() FROM privnode", 101);
if(! $row = mysql_fetch_row($qh)) {
abort(101);
}
$nodeid = $row[0];
$privs = array();
foreach(array("nodeAdmin", "userGrant", "resourceGrant") as $type) {
if(! checkUserHasPriv($type, $user["id"], $nodeid))
array_push($privs, $type);
}
if(count($privs))
array_push($privs, "cascade");
updateUserOrGroupPrivs($user["id"], $nodeid, $privs, array(), "user");
$_POST["openNodes"] .= ":$parent";
$nodechildren = array();
viewNodes();
}*/
////////////////////////////////////////////////////////////////////////////////
///
/// \fn AJsubmitAddChildNode()
///
/// \brief processes input for adding a child node; if all is ok, adds node
/// to privnode table; checks to see if submitting user has nodeAdmin,
/// userGrant, and resourceGrant cascaded to the node; adds any of the privs
/// that aren't cascaded; calls viewNodes when finished
///
////////////////////////////////////////////////////////////////////////////////
function AJsubmitAddChildNode() {
global $user;
$parent = processInputVar("activeNode", ARG_NUMERIC);
if(! checkUserHasPriv("nodeAdmin", $user["id"], $parent)) {
$text = "You do not have rights to add children to this node.";
print "alert('$text');";
dbDisconnect();
exit;
}
$nodeInfo = getNodeInfo($parent);
$newnode = processInputVar("newnode", ARG_STRING);
if(! ereg('^[-A-Za-z0-9_. ]+$', $newnode)) {
$text = "You can only use letters, numbers, "
. "spaces, dashes(-), dots(.), underscores(_), and spaces.";
print "alert('$text');";
dbDisconnect();
exit;
}
# check to see if a node with the submitted name already exists
$query = "SELECT id "
. "FROM privnode "
. "WHERE name = '$newnode' AND "
. "parent = $parent";
$qh = doQuery($query, 335);
if(mysql_num_rows($qh)) {
$text = "A node of that name already exists "
. "under " . $nodeInfo["name"];
print "alert('$text');";
dbDisconnect();
exit;
}
$query = "INSERT INTO privnode "
. "(parent, "
. "name) "
. "VALUES "
. "($parent, "
. "'$newnode')";
doQuery($query, 336);
$qh = doQuery("SELECT LAST_INSERT_ID() FROM privnode", 101);
if(! $row = mysql_fetch_row($qh)) {
abort(101);
}
$nodeid = $row[0];
$privs = array();
foreach(array("nodeAdmin", "userGrant", "resourceGrant") as $type) {
if(! checkUserHasPriv($type, $user["id"], $nodeid))
array_push($privs, $type);
}
if(count($privs))
array_push($privs, "cascade");
updateUserOrGroupPrivs($user["id"], $nodeid, $privs, array(), "user");
print "addChildNode('$newnode', $nodeid);";
dbDisconnect();
exit;
}
////////////////////////////////////////////////////////////////////////////////
///
/// \fn nodeExists($node)
///
/// \param $node - the id of a node
///
/// \return 1 if exists, 0 if not
///
/// \brief checks to see if $node exists
///
////////////////////////////////////////////////////////////////////////////////
function nodeExists($node) {
$query = "SELECT id FROM privnode WHERE id = $node";
$qh = doQuery($query, 101);
if(mysql_num_rows($qh))
return 1;
else
return 0;
}
////////////////////////////////////////////////////////////////////////////////
///
/// \fn deleteNode()
///
/// \brief prompts user for confirmation on deleting a node and its children
///
////////////////////////////////////////////////////////////////////////////////
/*function deleteNode() {
$activeNode = processInputVar("activeNode", ARG_NUMERIC);
$openNodes = processInputVar("openNodes", ARG_STRING);
$nodeInfo = getNodeInfo($activeNode);
$children = getChildNodes($activeNode);
print "<H2>Delete Node and Children</H2>\n";
if(count($children)) {
print "Delete the following part of the privilege tree?<br><br>\n";
recursivePrintNodes(array($activeNode => $nodeInfo), "all");
}
else {
print "Delete " . $nodeInfo["name"] . " from the privilege ";
print "tree?<br><br>\n";
}
print "<FORM action=\"" . BASEURL . SCRIPT . "\" method=post>\n";
print "<TABLE>\n";
print " <TR valign=top>\n";
print " <TD>\n";
print " <FORM action=\"" . BASEURL . SCRIPT . "\" method=post>\n";
print " <INPUT type=hidden name=mode value=submitDeleteNode>\n";
print " <INPUT type=hidden name=activeNode value=$activeNode>\n";
print " <INPUT type=hidden name=openNodes value=$openNodes>\n";
print " <INPUT type=submit value=Submit>\n";
print " </FORM>\n";
print " </TD>\n";
print " <TD>\n";
print " <FORM action=\"" . BASEURL . SCRIPT . "\" method=post>\n";
print " <INPUT type=hidden name=mode value=viewNodes>\n";
print " <INPUT type=hidden name=openNodes value=$openNodes>\n";
print " <INPUT type=submit value=Cancel>\n";
print " </FORM>\n";
print " </TD>\n";
print " </TR>\n";
print "</TABLE>\n";
}*/
////////////////////////////////////////////////////////////////////////////////
///
/// \fn submitDeleteNode()
///
/// \brief deletes a node and its children; calls viewNodes when finished
///
////////////////////////////////////////////////////////////////////////////////
/*function submitDeleteNode() {
global $nodechildren;
$activeNode = processInputVar("activeNode", ARG_NUMERIC);
$nodeinfo = getNodeInfo($activeNode);
$_POST["activeNode"] = $nodeinfo["parent"];
$nodes = recurseGetChildren($activeNode);
array_push($nodes, $activeNode);
$deleteNodes = implode(',', $nodes);
$query = "DELETE FROM privnode "
. "WHERE id IN ($deleteNodes)";
doQuery($query, 345);
$nodechildren = array();
clearPrivCache();
viewNodes();
}*/
////////////////////////////////////////////////////////////////////////////////
///
/// \fn AJsubmitDeleteNode()
///
/// \brief deletes a node and its children; calls viewNodes when finished
///
////////////////////////////////////////////////////////////////////////////////
function AJsubmitDeleteNode() {
global $user;
$activeNode = processInputVar("activeNode", ARG_NUMERIC);
if(empty($activeNode)) {
dbDisconnect();
exit;
}
if(! checkUserHasPriv("nodeAdmin", $user["id"], $activeNode)) {
$text = "You do not have rights to delete this node.";
print "alert('$text');";
dbDisconnect();
exit;
}
clearPrivCache();
$nodes = recurseGetChildren($activeNode);
$parents = getParentNodes($activeNode);
$parent = $parents[0];
array_push($nodes, $activeNode);
$deleteNodes = implode(',', $nodes);
$query = "DELETE FROM privnode "
. "WHERE id IN ($deleteNodes)";
doQuery($query, 345);
print "var obj = dojo.widget.byId('$activeNode'); ";
print "dojo.widget.byId('$parent').removeNode(obj); ";
print "setSelectedPrivNode('$parent'); ";
print "refreshPerms(); ";
dbDisconnect();
exit;
}
////////////////////////////////////////////////////////////////////////////////
///
/// \fn userLookup()
///
/// \brief prints a page to display a user's privileges
///
////////////////////////////////////////////////////////////////////////////////
function userLookup() {
global $user, $viewmode;
$userid = processInputVar("userid", ARG_STRING);
print "<div align=center>\n";
print "<H2>User Lookup</H2>\n";
print "<FORM action=\"" . BASEURL . SCRIPT . "\" method=post>\n";
print "<TABLE>\n";
print " <TR>\n";
print " <TH>User ID:</TH>\n";
print " <TD><INPUT type=text name=userid value=\"$userid\" size=25></TD>\n";
print " </TR>\n";
print " <TR>\n";
print " <TD></TD>\n";
print " <TD align=right><INPUT type=submit value=Submit>\n";
print " </TR>\n";
print "</TABLE>\n";
$cont = addContinuationsEntry('submitUserLookup');
print "<INPUT type=hidden name=continuation value=\"$cont\">\n";
print "</FORM>\n";
if(! empty($userid)) {
$loginid = $userid;
getAffilidAndLogin($loginid, $affilid);
if(empty($affilid)) {
print "{$matches[2]} is an unknown affiliation<br>\n";
return;
}
if($viewmode != ADMIN_DEVELOPER &&
$user['affiliationid'] != $affilid) {
print "You are only allowed to look up users from your own affiliation.<br>\n";
return;
}
$query = "SELECT id "
. "FROM user "
. "WHERE unityid = '$loginid' AND "
. "affiliationid = $affilid";
$qh = doQuery($query, 101);
if(! mysql_num_rows($qh))
print "<font color=red>$userid not currently found in VCL user database, will try to add...</font><br>\n";
$userdata = getUserInfo($userid);
if(is_null($userdata)) {
print "<font color=red>$userid not found in any known systems</font><br>\n";
return;
}
print "<TABLE>\n";
print " <TR>\n";
print " <TH align=right>First Name:</TH>\n";
print " <TD>{$userdata["firstname"]}</TD>\n";
print " </TR>\n";
print " <TR>\n";
print " <TH align=right>Middle Name:</TH>\n";
print " <TD>{$userdata["middlename"]}</TD>\n";
print " </TR>\n";
print " <TR>\n";
print " <TH align=right>Last Name:</TH>\n";
print " <TD>{$userdata["lastname"]}</TD>\n";
print " </TR>\n";
print " <TR>\n";
print " <TH align=right>Preferred Name:</TH>\n";
print " <TD>{$userdata["preferredname"]}</TD>\n";
print " </TR>\n";
print " <TR>\n";
print " <TH align=right>Email:</TH>\n";
print " <TD>{$userdata["email"]}</TD>\n";
print " </TR>\n";
print " <TR>\n";
print " <TH align=right>Admin Level:</TH>\n";
print " <TD>{$userdata["adminlevel"]}</TD>\n";
print " </TR>\n";
print " <TR>\n";
print " <TH align=right style=\"vertical-align: top\">Groups:</TH>\n";
print " <TD>\n";
uasort($userdata["groups"], "sortKeepIndex");
foreach($userdata["groups"] as $group) {
print " $group<br>\n";
}
print " </TD>\n";
print " </TR>\n";
print " <TR>\n";
print " <TH align=right style=\"vertical-align: top\">Privileges (found somewhere in the tree):</TH>\n";
print " <TD>\n";
uasort($userdata["privileges"], "sortKeepIndex");
foreach($userdata["privileges"] as $priv) {
if($priv == "block" || $priv == "cascade")
continue;
print " $priv<br>\n";
}
print " </TD>\n";
print " </TR>\n";
print "</TABLE>\n";
# get user's resources
$userResources = getUserResources(array("imageCheckOut"), array("available"), 0, 0, $userdata['id']);
# find nodes where user has privileges
$query = "SELECT p.name AS privnode, "
. "upt.name AS userprivtype, "
. "up.privnodeid "
. "FROM userpriv up, "
. "privnode p, "
. "userprivtype upt "
. "WHERE up.privnodeid = p.id AND "
. "up.userprivtypeid = upt.id AND "
. "up.userid = {$userdata['id']} "
. "ORDER BY p.name, "
. "upt.name";
$qh = doQuery($query, 101);
if(mysql_num_rows($qh)) {
print "Nodes where user is granted privileges:<br>\n";
print "<TABLE>\n";
$privnodeid = 0;
while($row = mysql_fetch_assoc($qh)) {
if($privnodeid != $row['privnodeid']) {
if($privnodeid) {
print " </TD>\n";
print " </TR>\n";
}
print " <TR>\n";
$privnodeid = $row['privnodeid'];
print " <TH align=right>{$row['privnode']}</TH>\n";
print " <TD>\n";
}
print " {$row['userprivtype']}<br>\n";
}
print " </TD>\n";
print " </TR>\n";
print "</TABLE>\n";
}
# find nodes where user's groups have privileges
if(! empty($userdata['groups'])) {
$query = "SELECT DISTINCT p.name AS privnode, "
. "upt.name AS userprivtype, "
. "up.privnodeid "
. "FROM userpriv up, "
. "privnode p, "
. "userprivtype upt "
. "WHERE up.privnodeid = p.id AND "
. "up.userprivtypeid = upt.id AND "
. "upt.name != 'cascade' AND "
. "upt.name != 'block' AND "
. "up.usergroupid IN (" . implode(',', array_keys($userdata['groups'])) . ") "
. "ORDER BY p.name, "
. "upt.name";
$qh = doQuery($query, 101);
if(mysql_num_rows($qh)) {
print "Nodes where user's groups are granted privileges:<br>\n";
print "<TABLE>\n";
$privnodeid = 0;
while($row = mysql_fetch_assoc($qh)) {
if($privnodeid != $row['privnodeid']) {
if($privnodeid) {
print " </TD>\n";
print " </TR>\n";
}
print " <TR>\n";
$privnodeid = $row['privnodeid'];
print " <TH align=right>{$row['privnode']}</TH>\n";
print " <TD>\n";
}
print " {$row['userprivtype']}<br>\n";
}
print " </TD>\n";
print " </TR>\n";
print "</TABLE>\n";
}
}
print "<table>\n";
print " <tr>\n";
print " <th>Images User Has Access To:<th>\n";
print " <td>\n";
foreach($userResources['image'] as $img)
print " $img<br>\n";
print " </td>\n";
print " </tr>\n";
print "</table>\n";
$requests = array();
$query = "SELECT l.start AS start, "
. "l.finalend AS end, "
. "c.hostname, "
. "i.prettyname AS prettyimage, "
. "l.ending "
. "FROM log l, "
. "image i, "
. "computer c, "
. "sublog s "
. "WHERE l.userid = {$userdata["id"]} AND "
. "s.logid = l.id AND "
. "i.id = s.imageid AND "
. "c.id = s.computerid "
. "ORDER BY l.start DESC "
. "LIMIT 5";
$qh = doQuery($query, 290);
while($row = mysql_fetch_assoc($qh))
array_push($requests, $row);
$requests = array_reverse($requests);
if(! empty($requests)) {
print "<h3>User's last " . count($requests) . " reservations:</h3>\n";
print "<table>\n";
$first = 1;
foreach($requests as $req) {
$thisstart = str_replace('&nbsp;', ' ',
prettyDatetime($req["start"]));
$thisend = str_replace('&nbsp;', ' ',
prettyDatetime($req["end"]));
if($first)
$first = 0;
else {
print " <tr>\n";
print " <td colspan=2><hr></td>\n";
print " </tr>\n";
}
print " <tr>\n";
print " <th align=right>Image:</th>\n";
print " <td>{$req['prettyimage']}</td>\n";
print " </tr>\n";
print " <tr>\n";
print " <th align=right>Computer:</th>\n";
print " <td>{$req['hostname']}</td>\n";
print " </tr>\n";
print " <tr>\n";
print " <th align=right>Start:</th>\n";
print " <td>$thisstart</td>\n";
print " </tr>\n";
print " <tr>\n";
print " <th align=right>End:</th>\n";
print " <td>$thisend</td>\n";
print " </tr>\n";
print " <tr>\n";
print " <th align=right>Ending:</th>\n";
print " <td>{$req['ending']}</td>\n";
print " </tr>\n";
}
print "</table>\n";
}
else
print "User made no reservations in the past week.<br>\n";
}
print "</div>\n";
}
////////////////////////////////////////////////////////////////////////////////
///
/// \fn recurseGetChildren($node)
///
/// \param $node - a node id
///
/// \return an array of nodes that are children of $node
///
/// \brief foreach child node of $node, adds it to an array and calls
/// self to add that child's children
///
////////////////////////////////////////////////////////////////////////////////
function recurseGetChildren($node) {
$children = array();
$qh = doQuery("SELECT id FROM privnode WHERE parent = $node", 340);
while($row = mysql_fetch_row($qh)) {
array_push($children, $row[0]);
$children = array_merge($children, recurseGetChildren($row[0]));
}
return $children;
}
////////////////////////////////////////////////////////////////////////////////
///
/// \fn printUserPrivRow($privname, $rownum, $privs, $types,
/// $cascadeprivs, $usergroup, $disabled)
///
/// \param $privname - privilege name
/// \param $rownum - number of the privilege row on this page
/// \param $privs - an array of user's privileges
/// \param $types - an array of privilege types
/// \param $cascadeprivs - an array of user's cascaded privileges
/// \param $usergroup - 'user' if this is a user row, or 'group' if this is a
/// group row
/// \param $disabled - 0 or 1; whether or not the checkboxes should be disabled
///
/// \brief prints a table row for this $privname
///
////////////////////////////////////////////////////////////////////////////////
function printUserPrivRow($privname, $rownum, $privs, $types,
$cascadeprivs, $usergroup, $disabled) {
$allprivs = array_merge($privs, $cascadeprivs);
print " <TR>\n";
if($usergroup == 'group' && ! empty($allprivs[$privname]['affiliation']))
print " <TH>$privname@{$allprivs[$privname]['affiliation']}</TH>\n";
else
print " <TH>$privname</TH>\n";
if($disabled)
$disabled = 'disabled=disabled';
else
$disabled = '';
# block rights
if(array_key_exists($privname, $privs) &&
(($usergroup == 'user' &&
in_array("block", $privs[$privname])) ||
($usergroup == 'group' &&
in_array("block", $privs[$privname]['privs'])))) {
$checked = "checked";
$blocked = 1;
}
else {
$checked = "";
$blocked = 0;
}
$count = count($types) + 1;
if($usergroup == 'user') {
$usergroup = 1;
$name = "privrow[$privname:block]";
}
elseif($usergroup == 'group') {
$usergroup = 2;
$name = "privrow[{$allprivs[$privname]['id']}:block]";
}
print " <TD align=center bgcolor=gray><INPUT type=checkbox ";
print "dojoType=Checkbox id=ck$rownum:block name=\"$name\" $checked ";
print "onClick=\"javascript:changeCascadedRights(this.checked, $rownum, ";
print "$count, 1, $usergroup);\" $disabled></TD>\n";
#cascade rights
if(array_key_exists($privname, $privs) &&
(($usergroup == 1 &&
in_array("cascade", $privs[$privname])) ||
($usergroup == 2 &&
in_array("cascade", $privs[$privname]['privs']))))
$checked = "checked";
else
$checked = "";
if($usergroup == 1)
$name = "privrow[$privname:cascade]";
else
$name = "privrow[{$allprivs[$privname]['id']}:cascade]";
print " <TD align=center bgcolor=\"#008000\" id=cell$rownum:0>";
print "<INPUT type=checkbox dojoType=Checkbox id=ck$rownum:0 ";
print "name=\"$name\" onClick=\"privChange(this.checked, $rownum, 0, ";
print "$usergroup);\" $checked $disabled></TD>\n";
# normal rights
$j = 1;
foreach($types as $type) {
$bgcolor = "";
$checked = "";
$value = "";
$cascaded = 0;
if(array_key_exists($privname, $cascadeprivs) &&
(($usergroup == 1 &&
in_array($type, $cascadeprivs[$privname])) ||
($usergroup == 2 &&
in_array($type, $cascadeprivs[$privname]['privs'])))) {
$bgcolor = "bgcolor=\"#008000\"";
$checked = "checked";
$value = "value=cascade";
$cascaded = 1;
}
if(array_key_exists($privname, $privs) &&
(($usergroup == 1 &&
in_array($type, $privs[$privname])) ||
($usergroup == 2 &&
in_array($type, $privs[$privname]['privs'])))) {
if($cascaded) {
$value = "value=cascadesingle";
}
else {
$checked = "checked";
$value = "value=single";
}
}
if($usergroup == 1)
$name = "privrow[$privname:$type]";
else
$name = "privrow[{$allprivs[$privname]['id']}:$type]";
print " <TD align=center id=cell$rownum:$j $bgcolor><INPUT ";
print "type=checkbox dojoType=Checkbox name=\"$name\" id=ck$rownum:$j ";
print "$checked $value $disabled ";
print "onClick=\"javascript:nodeCheck(this.checked, $rownum, $j, $usergroup)\" ";
print "onBlur=\"javascript:nodeCheck(this.checked, $rownum, $j, $usergroup)\">";
print "</TD>\n";
$j++;
}
print " </TR>\n";
$count = count($types) + 1;
if($blocked) {
print "<script language=\"Javascript\">\n";
print "dojo.addOnLoad(function() {setTimeout(\"changeCascadedRights(true, $rownum, $count, 0, 0)\", 500)});\n";
print "</script>\n";
}
}
////////////////////////////////////////////////////////////////////////////////
///
/// \fn getUserPrivRowHTML($privname, $rownum, $privs, $types,
/// $cascadeprivs, $usergroup, $disabled)
///
/// \param $privname - privilege name
/// \param $rownum - number of the privilege row on this page
/// \param $privs - an array of user's privileges
/// \param $types - an array of privilege types
/// \param $cascadeprivs - an array of user's cascaded privileges
/// \param $usergroup - 'user' if this is a user row, or 'group' if this is a
/// group row
/// \param $disabled - 0 or 1; whether or not the checkboxes should be disabled
///
/// \return a string of HTML code for a user privilege row
///
/// \brief creates HTML for a user privilege row and returns it
///
////////////////////////////////////////////////////////////////////////////////
function getUserPrivRowHTML($privname, $rownum, $privs, $types,
$cascadeprivs, $usergroup, $disabled) {
$allprivs = array_merge($privs, $cascadeprivs);
$text = "";
$js = "";
$text .= " <TR>";
if($usergroup == 'group' && ! empty($allprivs[$privname]['affiliation']))
$text .= " <TH>$privname@{$allprivs[$privname]['affiliation']}</TH>";
else
$text .= " <TH>$privname</TH>";
if($disabled)
$disabled = 'disabled=disabled';
else
$disabled = '';
# block rights
if(array_key_exists($privname, $privs) &&
(($usergroup == 'user' &&
in_array("block", $privs[$privname])) ||
($usergroup == 'group' &&
in_array("block", $privs[$privname]['privs'])))) {
$checked = "checked";
$blocked = 1;
}
else {
$checked = "";
$blocked = 0;
}
$count = count($types) + 1;
if($usergroup == 'user') {
$usergroup = 1;
$name = "privrow[$privname:block]";
}
elseif($usergroup == 'group') {
$usergroup = 2;
$name = "privrow[{$allprivs[$privname]['id']}:block]";
}
$text .= " <TD align=center bgcolor=gray><INPUT type=checkbox ";
$text .= "dojoType=Checkbox id=ck$rownum:block name=\"$name\" $checked ";
$text .= "$disabled onClick=\"javascript:";
$text .= "changeCascadedRights(this.checked, $rownum, $count, 1, $usergroup)\"></TD>";
#cascade rights
if(array_key_exists($privname, $privs) &&
(($usergroup == 1 &&
in_array("cascade", $privs[$privname])) ||
($usergroup == 2 &&
in_array("cascade", $privs[$privname]['privs']))))
$checked = "checked";
else
$checked = "";
if($usergroup == 1)
$name = "privrow[$privname:cascade]";
else
$name = "privrow[{$allprivs[$privname]['id']}:cascade]";
$text .= " <TD align=center bgcolor=\"#008000\" id=cell$rownum:0>";
$text .= "<INPUT type=checkbox dojoType=Checkbox id=ck$rownum:0 name=\"$name\" ";
$text .= "onClick=\"privChange(this.checked, $rownum, 0, $usergroup);\" ";
$text .= "$checked $disabled></TD>";
# normal rights
$j = 1;
foreach($types as $type) {
$bgcolor = "";
$checked = "";
$value = "";
$cascaded = 0;
if(array_key_exists($privname, $cascadeprivs) &&
(($usergroup == 1 &&
in_array($type, $cascadeprivs[$privname])) ||
($usergroup == 2 &&
in_array($type, $cascadeprivs[$privname]['privs'])))) {
$bgcolor = "bgcolor=\"#008000\"";
$checked = "checked";
$value = "value=cascade";
$cascaded = 1;
}
if(array_key_exists($privname, $privs) &&
(($usergroup == 1 &&
in_array($type, $privs[$privname])) ||
($usergroup == 2 &&
in_array($type, $privs[$privname]['privs'])))) {
if($cascaded) {
$value = "value=cascadesingle";
}
else {
$checked = "checked";
$value = "value=single";
}
}
if($usergroup == 1)
$name = "privrow[$privname:$type]";
else
$name = "privrow[{$allprivs[$privname]['id']}:$type]";
$text .= " <TD align=center id=cell$rownum:$j $bgcolor><INPUT ";
$text .= "type=checkbox dojoType=Checkbox name=\"$name\" ";
$text .= "id=ck$rownum:$j $checked $value $disabled ";
$text .= "onClick=\"javascript:nodeCheck(this.checked, $rownum, $j, $usergroup)\" ";
$text .= "onBlur=\"javascript:nodeCheck(this.checked, $rownum, $j, $usergroup)\">";
$text .= "</TD>";
$j++;
}
$text .= " </TR>";
$count = count($types) + 1;
if($blocked) {
$js .= "changeCascadedRights(true, $rownum, $count, 0, 0);";
}
return array('html' => $text,
'javascript' => $js);
}
////////////////////////////////////////////////////////////////////////////////
///
/// \fn printResourcePrivRow($privname, $rownum, $privs, $types,
/// $resourcegroups, $resgroupmembers, $cascadeprivs,
/// $disabled)
///
/// \param $privname - privilege name
/// \param $rownum - number of the privilege row on this page
/// \param $privs - an array of user's privileges
/// \param $types - an array of privilege types
/// \param $resourcegroups - array from getResourceGroups()
/// \param $resgroupmembers - array from getResourceGroupMembers()
/// \param $cascadeprivs - an array of user's cascaded privileges
/// \param $disabled - 0 or 1; whether or not the checkboxes should be disabled
///
/// \brief prints a table row for this $privname
///
////////////////////////////////////////////////////////////////////////////////
function printResourcePrivRow($privname, $rownum, $privs, $types,
$resourcegroups, $resgroupmembers, $cascadeprivs,
$disabled) {
global $user;
print " <TR>\n";
list($type, $name, $id) = split('/', $privname);
print " <TH>\n";
print " <span id=\"resgrp$id\">$name</span>\n";
print " <span dojoType=\"tooltip\" connectId=\"resgrp$id\">\n";
if(array_key_exists($id, $resgroupmembers[$type]) &&
is_array($resgroupmembers[$type][$id])) {
foreach($resgroupmembers[$type][$id] as $resource)
print " {$resource['name']}<br>\n";
}
else
print "(empty group)\n";
print " </span>\n";
print " </TH>\n";
//print " <TH>$name</TH>\n";
print " <TH>$type</TH>\n";
if($disabled)
$disabled = 'disabled=disabled';
else
$disabled = '';
# block rights
if(array_key_exists($privname, $privs) &&
in_array("block", $privs[$privname])) {
$checked = "checked";
$blocked = 1;
}
else {
$checked = "";
$blocked = 0;
}
$count = count($types) + 1;
$name = "privrow[" . $privname . ":block]";
print " <TD align=center bgcolor=gray><INPUT type=checkbox ";
print "dojoType=Checkbox id=ck$rownum:block name=\"$name\" $checked ";
print "$disabled onClick=\"javascript:";
print "changeCascadedRights(this.checked, $rownum, $count, 1, 3)\"></TD>\n";
#cascade rights
if(array_key_exists($privname, $privs) &&
in_array("cascade", $privs[$privname]))
$checked = "checked";
else
$checked = "";
$name = "privrow[" . $privname . ":cascade]";
print " <TD align=center bgcolor=\"#008000\" id=cell$rownum:0>";
print "<INPUT type=checkbox dojoType=Checkbox id=ck$rownum:0 name=\"$name\" ";
print "onClick=\"privChange(this.checked, $rownum, 0, 3);\" ";
print "$checked $disabled></TD>\n";
# normal rights
$j = 1;
foreach($types as $type) {
$bgcolor = "";
$checked = "";
$value = "";
$cascaded = 0;
if(array_key_exists($privname, $cascadeprivs) &&
in_array($type, $cascadeprivs[$privname])) {
$bgcolor = "bgcolor=\"#008000\"";
$checked = "checked";
$value = "value=cascade";
$cascaded = 1;
}
if(array_key_exists($privname, $privs) &&
in_array($type, $privs[$privname])) {
if($cascaded) {
$value = "value=cascadesingle";
}
else {
$checked = "checked";
$value = "value=single";
}
}
// if $type is administer or manageGroup, and it is not checked, and the
# user is not in the resource owner group, don't print the checkbox
if(($type == "administer" || $type == "manageGroup") &&
$checked != "checked" &&
! array_key_exists($resourcegroups[$id]["ownerid"], $user["groups"])) {
print "<TD><img src=images/blank.gif></TD>\n";
}
else {
$name = "privrow[" . $privname . ":" . $type . "]";
print " <TD align=center id=cell$rownum:$j $bgcolor><INPUT ";
print "type=checkbox dojoType=Checkbox name=\"$name\" ";
print "id=ck$rownum:$j $checked $value $disabled ";
print "onClick=\"javascript:nodeCheck(this.checked, $rownum, $j, 3)\" ";
print "onBlur=\"javascript:nodeCheck(this.checked, $rownum, $j, 3)\">";
print "</TD>\n";
}
$j++;
}
print " </TR>\n";
$count = count($types) + 1;
if($blocked) {
print "<script language=\"Javascript\">\n";
print "dojo.addOnLoad(function () {setTimeout(\"changeCascadedRights(true, $rownum, $count, 0, 0)\", 500)});\n";
print "</script>\n";
}
}
////////////////////////////////////////////////////////////////////////////////
///
/// \fn getResourcePrivRowHTML($privname, $rownum, $privs, $types,
/// $resourcegroups, $resgroupmembers,
/// $cascadeprivs, $disabled)
///
/// \param $privname - privilege name
/// \param $rownum - number of the privilege row on this page
/// \param $privs - an array of user's privileges
/// \param $types - an array of privilege types
/// \param $resourcegroups - array from getResourceGroups()
/// \param $resgroupmembers - array from getResourceGroupMembers()
/// \param $cascadeprivs - an array of user's cascaded privileges
/// \param $disabled - 0 or 1; whether or not the checkboxes should be disabled
///
/// \return a string of HTML code for a resource row
///
/// \brief creates HTML for a resource privilege row and returns it
///
////////////////////////////////////////////////////////////////////////////////
function getResourcePrivRowHTML($privname, $rownum, $privs, $types,
$resourcegroups, $resgroupmembers,
$cascadeprivs, $disabled) {
global $user;
$text = "";
$js = "";
$text .= " <TR>";
list($type, $name, $id) = split('/', $privname);
$text .= " <TH>";
$text .= " <span id=\"resgrp$id\">$name</span>";
$text .= " <span dojoType=\"tooltip\" connectId=\"resgrp$id\">";
if(array_key_exists($type, $resgroupmembers) &&
array_key_exists($id, $resgroupmembers[$type]) &&
is_array($resgroupmembers[$type][$id])) {
foreach($resgroupmembers[$type][$id] as $resource) {
$text .= " {$resource['name']}<br>";
}
}
$text .= " </span>";
$text .= " </TH>";
//$text .= " <TH>$name</TH>";
$text .= " <TH>$type</TH>";
if($disabled)
$disabled = 'disabled=disabled';
else
$disabled = '';
# block rights
if(array_key_exists($privname, $privs) &&
in_array("block", $privs[$privname])) {
$checked = "checked";
$blocked = 1;
}
else {
$checked = "";
$blocked = 0;
}
$count = count($types) + 1;
$name = "privrow[" . $privname . ":block]";
$text .= " <TD align=center bgcolor=gray><INPUT type=checkbox ";
$text .= "dojoType=Checkbox id=ck$rownum:block name=\"$name\" $checked ";
$text .= "$disabled onClick=\"javascript:";
$text .= "changeCascadedRights(this.checked, $rownum, $count, 1, 3)\"></TD>";
#cascade rights
if(array_key_exists($privname, $privs) &&
in_array("cascade", $privs[$privname]))
$checked = "checked";
else
$checked = "";
$name = "privrow[" . $privname . ":cascade]";
$text .= " <TD align=center bgcolor=\"#008000\" id=cell$rownum:0>";
$text .= "<INPUT type=checkbox dojoType=Checkbox id=ck$rownum:0 name=\"$name\" ";
$text .= "onClick=\"privChange(this.checked, $rownum, 0, 3);\" ";
$text .= "$checked $disabled></TD>";
# normal rights
$j = 1;
foreach($types as $type) {
$bgcolor = "";
$checked = "";
$value = "";
$cascaded = 0;
if(array_key_exists($privname, $cascadeprivs) &&
in_array($type, $cascadeprivs[$privname])) {
$bgcolor = "bgcolor=\"#008000\"";
$checked = "checked";
$value = "value=cascade";
$cascaded = 1;
}
if(array_key_exists($privname, $privs) &&
in_array($type, $privs[$privname])) {
if($cascaded) {
$value = "value=cascadesingle";
}
else {
$checked = "checked";
$value = "value=single";
}
}
// if $type is administer or manageGroup, and it is not checked, and the
# user is not in the resource owner group, don't print the checkbox
if(($type == "administer" || $type == "manageGroup") &&
$checked != "checked" &&
! array_key_exists($resourcegroups[$id]["ownerid"], $user["groups"])) {
$text .= "<TD><img src=images/blank.gif></TD>";
}
else {
$name = "privrow[" . $privname . ":" . $type . "]";
$text .= " <TD align=center id=cell$rownum:$j $bgcolor><INPUT ";
$text .= "type=checkbox dojoType=Checkbox name=\"$name\" ";
$text .= "id=ck$rownum:$j $checked $value $disabled ";
$text .= "onClick=\"javascript:nodeCheck(this.checked, $rownum, $j, 3)\" ";
$text .= "onBlur=\"javascript:nodeCheck(this.checked, $rownum, $j, 3)\">";
$text .= "</TD>";
}
$j++;
}
$text .= " </TR>";
$count = count($types) + 1;
if($blocked) {
$js .= "changeCascadedRights(true, $rownum, $count, 0, 0);";
}
return array('html' => $text,
'javascript' => $js);
}
////////////////////////////////////////////////////////////////////////////////
///
/// \fn getNodePrivileges($node, $type, $privs)
///
/// \param $node - id of node
/// \param $type - (optional) resources, users, usergroups, or all
/// \param $privs - (optional) privilege array as returned by this function or
/// getNodeCascadePrivileges
///
/// \return an array of privileges at the node:\n
///\pre
///Array\n
///(\n
/// [resources] => Array\n
/// (\n
/// )\n
/// [users] => Array\n
/// (\n
/// [userid0] => Array\n
/// (\n
/// [0] => priv0\n
/// ...\n
/// [N] => privN\n
/// )\n
/// ...\n
/// [useridN] => Array()\n
/// )\n
/// [usergroups] => Array\n
/// (\n
/// [group0] => Array\n
/// (\n
/// [0] => priv0\n
/// ...\n
/// [N] => privN\n
/// )\n
/// ...\n
/// [groupN] => Array()\n
/// )\n
///)
///
/// \brief gets the requested privileges at the specified node
///
////////////////////////////////////////////////////////////////////////////////
function getNodePrivileges($node, $type="all", $privs=0) {
global $user;
$key = getKey(array($node, $type, $privs));
if(array_key_exists($key, $_SESSION['nodeprivileges']))
return $_SESSION['nodeprivileges'][$key];
if(! $privs)
$privs = array("resources" => array(),
"users" => array(),
"usergroups" => array());
if($type == "resources" || $type == "all") {
$query = "SELECT g.id AS id, "
. "p.type AS privtype, "
. "g.name AS name, "
. "t.name AS type "
. "FROM resourcepriv p, "
. "resourcetype t, "
. "resourcegroup g "
. "WHERE p.privnodeid = $node AND "
. "p.resourcegroupid = g.id AND "
. "g.resourcetypeid = t.id";
$qh = doQuery($query, 350);
while($row = mysql_fetch_assoc($qh)) {
$name = $row["type"] . "/" . $row["name"] . "/" . $row["id"];
if(array_key_exists($name, $privs["resources"]))
array_push($privs["resources"][$name], $row["privtype"]);
else
$privs["resources"][$name] = array($row["privtype"]);
}
}
if($type == "users" || $type == "all") {
$query = "SELECT t.name AS name, "
. "CONCAT(u.unityid, '@', a.name) AS unityid "
. "FROM user u, "
. "userpriv up, "
. "userprivtype t, "
. "affiliation a "
. "WHERE up.privnodeid = $node AND "
. "up.userprivtypeid = t.id AND "
. "up.userid = u.id AND "
. "up.userid IS NOT NULL AND "
. "u.affiliationid = a.id "
. "ORDER BY u.unityid";
$qh = doQuery($query, 351);
while($row = mysql_fetch_assoc($qh)) {
if(array_key_exists($row["unityid"], $privs["users"])) {
array_push($privs["users"][$row["unityid"]], $row["name"]);
}
else {
$privs["users"][$row["unityid"]] = array($row["name"]);
}
}
}
if($type == "usergroups" || $type == "all") {
$query = "SELECT t.name AS priv, "
. "g.name AS groupname, "
. "g.affiliationid, "
. "a.name AS affiliation, "
. "g.id "
. "FROM userpriv up, "
. "userprivtype t, "
. "usergroup g "
. "LEFT JOIN affiliation a ON (g.affiliationid = a.id) "
. "WHERE up.privnodeid = $node AND "
. "up.userprivtypeid = t.id AND "
. "up.usergroupid = g.id AND "
. "up.usergroupid IS NOT NULL "
. "ORDER BY g.name";
$qh = doQuery($query, 352);
while($row = mysql_fetch_assoc($qh)) {
if(array_key_exists($row["groupname"], $privs["usergroups"]))
array_push($privs["usergroups"][$row["groupname"]]['privs'], $row["priv"]);
else
$privs["usergroups"][$row["groupname"]] = array('id' => $row['id'],
'affiliationid' => $row['affiliationid'],
'affiliation' => $row['affiliation'],
'privs' => array($row['priv']));
}
}
$_SESSION['nodeprivileges'][$key] = $privs;
return $privs;
}
////////////////////////////////////////////////////////////////////////////////
///
/// \fn getNodeCascadePrivileges($node, $type="all", $privs=0)
///
/// \param $node - id of node
/// \param $type - (optional) resources, users, usergroups, or all
/// \param $privs - (optional) privilege array as returned by this function or
/// getNodeCascadePrivileges
///
/// \return an array of privileges cascaded to the node:\n
///Array\n
///(\n
/// [resources] => Array\n
/// (\n
/// )\n
/// [users] => Array\n
/// (\n
/// [userid0] => Array\n
/// (\n
/// [0] => priv0\n
/// ...\n
/// [N] => privN\n
/// )\n
/// ...\n
/// [useridN] => Array()\n
/// )\n
/// [usergroups] => Array\n
/// (\n
/// [group0] => Array\n
/// (\n
/// [0] => priv0\n
/// ...\n
/// [N] => privN\n
/// )\n
/// ...\n
/// [groupN] => Array()\n
/// )\n
///)
///
/// \brief gets the requested cascaded privileges for the specified node
///
////////////////////////////////////////////////////////////////////////////////
function getNodeCascadePrivileges($node, $type="all", $privs=0) {
$key = getKey(array($node, $type, $privs));
if(array_key_exists($key, $_SESSION['cascadenodeprivileges']))
return $_SESSION['cascadenodeprivileges'][$key];
if(! $privs)
$privs = array("resources" => array(),
"users" => array(),
"usergroups" => array());
# get node's parents
$nodelist = getParentNodes($node);
if($type == "resources" || $type == "all") {
$mynodelist = $nodelist;
# loop through each node, starting at the root
while(count($mynodelist)) {
$node = array_pop($mynodelist);
# get all resource groups with block set at this node and remove any cascaded privs
$query = "SELECT g.name AS name, "
. "t.name AS type "
. "FROM resourcepriv p, "
. "resourcetype t, "
. "resourcegroup g "
. "WHERE p.privnodeid = $node AND "
. "p.resourcegroupid = g.id AND "
. "g.resourcetypeid = t.id AND "
. "p.type = 'block'";
$qh = doQuery($query, 353);
while($row = mysql_fetch_assoc($qh)) {
$name = $row["type"] . "/" . $row["name"];
unset($privs["resources"][$name]);
}
# get all privs for users with cascaded privs
$query = "SELECT g.id AS id, "
. "p.type AS privtype, "
. "g.name AS name, "
. "t.name AS type "
. "FROM resourcepriv p, "
. "resourcetype t, "
. "resourcegroup g "
. "WHERE p.privnodeid = $node AND "
. "p.resourcegroupid = g.id AND "
. "g.resourcetypeid = t.id AND "
. "p.type != 'block' AND "
. "p.type != 'cascade' AND "
. "p.resourcegroupid IN (SELECT resourcegroupid "
. "FROM resourcepriv "
. "WHERE type = 'cascade' AND "
. "privnodeid = $node)";
$qh = doQuery($query, 354);
while($row = mysql_fetch_assoc($qh)) {
$name = $row["type"] . "/" . $row["name"] . "/" . $row["id"];
// if we've already seen this resource group, add it to the
# resource group's privs
if(array_key_exists($name, $privs["resources"]))
array_push($privs["resources"][$name], $row["privtype"]);
// if we haven't seen this resource group, create an array containing
# this priv
else
$privs["resources"][$name] = array($row["privtype"]);
}
}
}
if($type == "users" || $type == "all") {
$mynodelist = $nodelist;
# loop through each node, starting at the root
while(count($mynodelist)) {
$node = array_pop($mynodelist);
# get all users with block set at this node and remove any cascaded privs
$query = "SELECT CONCAT(u.unityid, '@', a.name) AS unityid "
. "FROM user u, "
. "userpriv up, "
. "userprivtype t, "
. "affiliation a "
. "WHERE up.privnodeid = $node AND "
. "up.userprivtypeid = t.id AND "
. "up.userid = u.id AND "
. "up.userid IS NOT NULL AND "
. "t.name = 'block' AND "
. "u.affiliationid = a.id";
$qh = doQuery($query, 355);
while($row = mysql_fetch_assoc($qh)) {
unset($privs["users"][$row["unityid"]]);
}
# get all privs for users with cascaded privs
$query = "SELECT t.name AS name, "
. "CONCAT(u.unityid, '@', a.name) AS unityid "
. "FROM user u, "
. "userpriv up, "
. "userprivtype t, "
. "affiliation a "
. "WHERE up.privnodeid = $node AND "
. "up.userprivtypeid = t.id AND "
. "up.userid = u.id AND "
. "u.affiliationid = a.id AND "
. "up.userid IS NOT NULL AND "
. "t.name != 'cascade' AND "
. "t.name != 'block' AND "
. "up.userid IN (SELECT up.userid "
. "FROM userpriv up, "
. "userprivtype t "
. "WHERE up.userprivtypeid = t.id AND "
. "t.name = 'cascade' AND "
. "up.privnodeid = $node) "
. "ORDER BY u.unityid";
$qh = doQuery($query, 356);
while($row = mysql_fetch_assoc($qh)) {
// if we've already seen this user, add it to the user's privs
if(array_key_exists($row["unityid"], $privs["users"])) {
array_push($privs["users"][$row["unityid"]], $row["name"]);
}
// if we haven't seen this user, create an array containing this priv
else {
$privs["users"][$row["unityid"]] = array($row["name"]);
}
}
}
}
if($type == "usergroups" || $type == "all") {
$mynodelist = $nodelist;
# loop through each node, starting at the root
while(count($mynodelist)) {
$node = array_pop($mynodelist);
# get all groups with block set at this node and remove any cascaded privs
$query = "SELECT g.name AS groupname "
. "FROM usergroup g, "
. "userpriv up, "
. "userprivtype t "
. "WHERE up.privnodeid = $node AND "
. "up.userprivtypeid = t.id AND "
. "up.usergroupid = g.id AND "
. "up.usergroupid IS NOT NULL AND "
. "t.name = 'block'";
$qh = doQuery($query, 357);
while($row = mysql_fetch_assoc($qh)) {
unset($privs["usergroups"][$row["groupname"]]);
}
# get all privs for groups with cascaded privs
$query = "SELECT t.name AS priv, "
. "g.name AS groupname, "
. "g.affiliationid, "
. "a.name AS affiliation, "
. "g.id "
. "FROM userpriv up, "
. "userprivtype t, "
. "usergroup g "
. "LEFT JOIN affiliation a ON (g.affiliationid = a.id) "
. "WHERE up.privnodeid = $node AND "
. "up.userprivtypeid = t.id AND "
. "up.usergroupid = g.id AND "
. "up.usergroupid IS NOT NULL AND "
. "t.name != 'cascade' AND "
. "t.name != 'block' AND "
. "up.usergroupid IN (SELECT up.usergroupid "
. "FROM userpriv up, "
. "userprivtype t "
. "WHERE up.userprivtypeid = t.id AND "
. "t.name = 'cascade' AND "
. "up.privnodeid = $node) "
. "ORDER BY g.name";
$qh = doQuery($query, 358);
while($row = mysql_fetch_assoc($qh)) {
// if we've already seen this group, add it to the user's privs
if(array_key_exists($row["groupname"], $privs["usergroups"]))
array_push($privs["usergroups"][$row["groupname"]]['privs'], $row["priv"]);
// if we haven't seen this group, create an array containing this priv
else
$privs["usergroups"][$row["groupname"]] = array('id' => $row['id'],
'affiliationid' => $row['affiliationid'],
'affiliation' => $row['affiliation'],
'privs' => array($row['priv']));
}
}
}
$_SESSION['cascadenodeprivileges'][$key] = $privs;
return $privs;
}
////////////////////////////////////////////////////////////////////////////////
///
/// \fn AJchangeUserPrivs()
///
/// \brief processes input for changes in users' privileges at a specific node,
/// submits the changes to the database returns a call to refreshPerms()
///
////////////////////////////////////////////////////////////////////////////////
function AJchangeUserPrivs() {
global $user;
$node = processInputVar("activeNode", ARG_NUMERIC);
if(! checkUserHasPriv("userGrant", $user["id"], $node)) {
$text = "You do not have rights to modify user privileges at this node.";
print "alert('$text');";
dbDisconnect();
exit;
}
$newuser = processInputVar("item", ARG_STRING);
$newpriv = processInputVar('priv', ARG_STRING);
$newprivval = processInputVar('value', ARG_STRING);
//print "alert('node: $node; newuser: $newuser; newpriv: $newpriv; newprivval: $newprivval');";
# get cascade privs at this node
$cascadePrivs = getNodeCascadePrivileges($node, "users");
// if $newprivval is true and $newuser already has $newpriv
// cascaded to it, do nothing
if($newprivval == 'true') {
if(array_key_exists($newuser, $cascadePrivs['users']) &&
in_array($newpriv, $cascadePrivs['users'][$newuser])) {
dbDisconnect();
exit;
}
// add priv
$adds = array($newpriv);
$removes = array();
}
else {
// remove priv
$adds = array();
$removes = array($newpriv);
}
updateUserOrGroupPrivs($newuser, $node, $adds, $removes, "user");
$_SESSION['dirtyprivs'] = 1;
dbDisconnect();
exit;
}
////////////////////////////////////////////////////////////////////////////////
///
/// \fn AJchangeUserGroupPrivs()
///
/// \brief processes input for changes in user group privileges at a specific
/// node, submits the changes to the database and calls viewNodes
///
////////////////////////////////////////////////////////////////////////////////
function AJchangeUserGroupPrivs() {
global $user;
$node = processInputVar("activeNode", ARG_NUMERIC);
if(! checkUserHasPriv("userGrant", $user["id"], $node)) {
$text = "You do not have rights to modify user privileges at this node.";
print "alert('$text');";
dbDisconnect();
exit;
}
$newusergrpid = processInputVar("item", ARG_NUMERIC);
$newusergrp = getUserGroupName($newusergrpid);
$newpriv = processInputVar('priv', ARG_STRING);
$newprivval = processInputVar('value', ARG_STRING);
//print "alert('node: $node; newuser:grp $newuser;grp newpriv: $newpriv; newprivval: $newprivval');";
# get cascade privs at this node
$cascadePrivs = getNodeCascadePrivileges($node, "usergroups");
// if $newprivval is true and $newusergrp already has $newpriv
// cascaded to it, do nothing
if($newprivval == 'true') {
if(array_key_exists($newusergrp, $cascadePrivs['usergroups']) &&
in_array($newpriv, $cascadePrivs['usergroups'][$newusergrp]['privs'])) {
dbDisconnect();
exit;
}
// add priv
$adds = array($newpriv);
$removes = array();
}
else {
// remove priv
$adds = array();
$removes = array($newpriv);
}
updateUserOrGroupPrivs($newusergrpid, $node, $adds, $removes, "group");
$_SESSION['dirtyprivs'] = 1;
dbDisconnect();
exit;
}
////////////////////////////////////////////////////////////////////////////////
///
/// \fn AJchangeResourcePrivs()
///
/// \brief processes input for changes in resource group privileges at a
/// specific node and submits the changes to the database
///
////////////////////////////////////////////////////////////////////////////////
function AJchangeResourcePrivs() {
global $user;
$node = processInputVar("activeNode", ARG_NUMERIC);
if(! checkUserHasPriv("resourceGrant", $user["id"], $node)) {
$text = "You do not have rights to modify resource privileges at this node.";
print "alert('$text');";
dbDisconnect();
exit;
}
$resourcegrp = processInputVar("item", ARG_STRING);
$newpriv = processInputVar('priv', ARG_STRING);
$newprivval = processInputVar('value', ARG_STRING);
//print "alert('node: $node; resourcegrp: $resourcegrp; newpriv: $newpriv; newprivval: $newprivval');";
# get cascade privs at this node
$cascadePrivs = getNodeCascadePrivileges($node, "resources");
// if $newprivval is true and $resourcegrp already has $newpriv
// cascaded to it, do nothing
if($newprivval == 'true') {
if(array_key_exists($resourcegrp, $cascadePrivs['resources']) &&
in_array($newpriv, $cascadePrivs['resources'][$resourcegrp])) {
dbDisconnect();
exit;
}
// add priv
$adds = array($newpriv);
$removes = array();
}
else {
// remove priv
$adds = array();
$removes = array($newpriv);
}
$tmpArr = explode('/', $resourcegrp);
updateResourcePrivs($tmpArr[2], $node, $adds, $removes);
$_SESSION['dirtyprivs'] = 1;
dbDisconnect();
exit;
}
////////////////////////////////////////////////////////////////////////////////
///
/// \fn addUserPriv()
///
/// \brief prints a page for adding privileges to a node for a user
///
////////////////////////////////////////////////////////////////////////////////
/*function addUserPriv() {
global $submitErr;
$node = processInputVar("activeNode", ARG_NUMERIC);
$newuser = processInputVar("newuser", ARG_STRING);
$tmp = processInputVar("openNodes", ARG_STRING);
if($tmp != "")
$openNodes = explode(":", $tmp);
else
$openNodes = array(DEFAULT_PRIVNODE);
$usertypes = getTypes("users");
$topNodes = getChildNodes();
print "<H2>Add User</H2>\n";
recursivePrintNodes($topNodes, $openNodes, $node);
printSubmitErr(NEWUSERERR);
printSubmitErr(ADDUSERNOPRIVS);
print "<FORM action=\"" . BASEURL . SCRIPT . "#users\" method=post>\n";
print "<TABLE border=1>\n";
print " <TR>\n";
print " <TD></TD>\n";
print " <TH bgcolor=gray>Block<br>Cascaded<br>Rights</TH>\n";
print " <TH bgcolor=\"#008000\">Cascade<br>to Child<br>Nodes</TH>\n";
foreach($usertypes["users"] as $type) {
$img = getImageText($type);
print " <TD>$img</TD>\n";
}
print " </TR>\n";
print " <TR>\n";
print " <TD><INPUT type=text name=newuser value=\"$newuser\" size=8 ";
print "maxlength=8></TD>\n";
# block rights
$count = count($usertypes) + 1;
print " <TD align=center bgcolor=gray><INPUT type=checkbox ";
print "name=block></TD>\n";
#cascade rights
print " <TD align=center bgcolor=\"#008000\" id=usercell0:0>";
print "<INPUT type=checkbox id=userck0:0 name=cascade ";
print "></TD>\n";
# normal rights
$j = 1;
foreach($usertypes["users"] as $type) {
print " <TD align=center id=usercell0:$j><INPUT type=checkbox ";
print "name=\"$type\" id=userck0:$j></TD>\n";
$j++;
}
print " </TR>\n";
print "</TABLE>\n";
$openNodes = implode(':', $openNodes);
print "<TABLE>\n";
print " <TR>\n";
print " <TD><INPUT type=submit value=\"Submit New User\"></TD>\n";
print " </TR>\n";
# FIXME add javascript to reset button
print "</TABLE>\n";
print "<INPUT type=hidden name=mode value=submitAddUserPriv>\n";
print "<INPUT type=hidden name=activeNode value=$node>\n";
print "<INPUT type=hidden name=openNodes value=\"$openNodes \">\n";
print "</FORM>\n";
}*/
////////////////////////////////////////////////////////////////////////////////
///
/// \fn submitAddUserPriv()
///
/// \brief processes input for adding privileges to a node for a user; adds the
/// privileges; calls viewNodes
///
////////////////////////////////////////////////////////////////////////////////
/*function submitAddUserPriv() {
global $submitErr, $submitErrMsg;
$newuser = processInputVar("newuser", ARG_STRING);
if(! validateUserid($newuser)) {
$submitErr |= NEWUSERERR;
$submitErrMsg[NEWUSERERR] = "<strong>$newuser was not found</strong>";
addUserPriv();
return;
}
$usertypes = getTypes("users");
array_push($usertypes["users"], "block");
array_push($usertypes["users"], "cascade");
$newuserprivs = array();
foreach($usertypes["users"] as $type) {
$tmp = processInputVar($type, ARG_STRING);
if($tmp == "on")
array_push($newuserprivs, $type);
}
if(empty($newuserprivs) || (count($newuserprivs) == 1 &&
in_array("cascade", $newuserprivs))) {
$submitErr |= ADDUSERNOPRIVS;
$submitErrMsg[ADDUSERNOPRIVS] = "No user privileges were specified";
addUserPriv();
return;
}
$node = processInputVar("activeNode", ARG_NUMERIC);
updateUserOrGroupPrivs($newuser, $node, $newuserprivs, array(), "user");
clearPrivCache();
viewNodes();
}*/
////////////////////////////////////////////////////////////////////////////////
///
/// \fn AJsubmitAddUserPriv()
///
/// \brief processes input for adding privileges to a node for a user; adds the
/// privileges; returns call to refreshPerms()
///
////////////////////////////////////////////////////////////////////////////////
function AJsubmitAddUserPriv() {
global $submitErr, $submitErrMsg, $user;
$node = processInputVar("activeNode", ARG_NUMERIC);
if(! checkUserHasPriv("userGrant", $user["id"], $node)) {
$text = "You do not have rights to add new users at this node.";
print "addUserPaneHide(); ";
print "alert('$text');";
dbDisconnect();
exit;
}
$newuser = processInputVar("newuser", ARG_STRING);
if(! validateUserid($newuser)) {
$text = "<font color=red>$newuser is not a valid userid</font>";
print setAttribute('addUserPrivStatus', 'innerHTML', $text);
dbDisconnect();
exit;
}
$perms = explode(':', processInputVar('perms', ARG_STRING));
$usertypes = getTypes("users");
array_push($usertypes["users"], "block");
array_push($usertypes["users"], "cascade");
$newuserprivs = array();
foreach($usertypes["users"] as $type) {
if(in_array($type, $perms))
array_push($newuserprivs, $type);
}
if(empty($newuserprivs) || (count($newuserprivs) == 1 &&
in_array("cascade", $newuserprivs))) {
$text = "<font color=red>No user privileges were specified</font>";
print setAttribute('addUserPrivStatus', 'innerHTML', $text);
dbDisconnect();
exit;
}
$node = processInputVar("activeNode", ARG_NUMERIC);
updateUserOrGroupPrivs($newuser, $node, $newuserprivs, array(), "user");
clearPrivCache();
print "refreshPerms();";
dbDisconnect();
exit;
}
////////////////////////////////////////////////////////////////////////////////
///
/// \fn addUserGroupPriv()
///
/// \brief prints a page for adding privileges to a node for a user group
///
////////////////////////////////////////////////////////////////////////////////
/*function addUserGroupPriv() {
global $submitErr;
$node = processInputVar("activeNode", ARG_NUMERIC);
$newgroup = processInputVar("newgroup", ARG_STRING);
$tmp = processInputVar("openNodes", ARG_STRING);
if($tmp != "")
$openNodes = explode(":", $tmp);
else
$openNodes = array(DEFAULT_PRIVNODE);
$usertypes = getTypes("users");
$groups = getUserGroups();
unset($groups["82"]); // remove the "None" group
$topNodes = getChildNodes();
print "<H2>Add User Group</H2>\n";
recursivePrintNodes($topNodes, $openNodes, $node);
printSubmitErr(ADDUSERNOPRIVS);
print "<FORM action=\"" . BASEURL . SCRIPT . "#groups\" method=post>\n";
print "<TABLE border=1>\n";
print " <TR>\n";
print " <TD></TD>\n";
print " <TH bgcolor=gray>Block<br>Cascaded<br>Rights</TH>\n";
print " <TH bgcolor=\"#008000\">Cascade<br>to Child<br>Nodes</TH>\n";
foreach($usertypes["users"] as $type) {
$img = getImageText($type);
print " <TD>$img</TD>\n";
}
print " </TR>\n";
print " <TR>\n";
print " <TD>\n";
printSelectInput("newgroupid", $groups);
print " </TD>\n";
#print "</TD>\n";
# block rights
print " <TD align=center bgcolor=gray><INPUT type=checkbox ";
print "name=block></TD>\n";
#cascade rights
print " <TD align=center bgcolor=\"#008000\"><INPUT type=checkbox ";
print "name=cascade></TD>\n";
# normal rights
foreach($usertypes["users"] as $type) {
print " <TD align=center><INPUT type=checkbox ";
print "name=\"$type\"></TD>\n";
}
print " </TR>\n";
print "</TABLE>\n";
$openNodes = implode(':', $openNodes);
print "<TABLE>\n";
print " <TR>\n";
print " <TD><INPUT type=submit value=\"Submit New Group\"></TD>\n";
print " </TR>\n";
print "</TABLE>\n";
print "<INPUT type=hidden name=mode value=submitAddUserGroupPriv>\n";
print "<INPUT type=hidden name=activeNode value=$node>\n";
print "<INPUT type=hidden name=openNodes value=\"$openNodes \">\n";
print "</FORM>\n";
}*/
////////////////////////////////////////////////////////////////////////////////
///
/// \fn submitAddUserGroupPriv()
///
/// \brief processes input for adding privileges to a node for a user group;
/// adds the privileges; calls viewNodes
///
////////////////////////////////////////////////////////////////////////////////
/*function submitAddUserGroupPriv() {
global $submitErr, $submitErrMsg;
$newgroupid = processInputVar("newgroupid", ARG_NUMERIC);
$usertypes = getTypes("users");
array_push($usertypes["users"], "block");
array_push($usertypes["users"], "cascade");
$newgroupprivs = array();
foreach($usertypes["users"] as $type) {
$tmp = processInputVar($type, ARG_STRING);
if($tmp == "on")
array_push($newgroupprivs, $type);
}
if(empty($newgroupprivs) || (count($newgroupprivs) == 1 &&
in_array("cascade", $newgroupprivs))) {
$submitErr |= ADDUSERNOPRIVS;
$submitErrMsg[ADDUSERNOPRIVS] = "No user group privileges were specified";
addUserGroupPriv();
return;
}
$node = processInputVar("activeNode", ARG_NUMERIC);
updateUserOrGroupPrivs($newgroupid, $node, $newgroupprivs, array(), "group");
clearPrivCache();
viewNodes();
}*/
////////////////////////////////////////////////////////////////////////////////
///
/// \fn AJsubmitAddUserGroupPriv()
///
/// \brief processes input for adding privileges to a node for a user group;
/// adds the privileges; calls viewNodes
///
////////////////////////////////////////////////////////////////////////////////
function AJsubmitAddUserGroupPriv() {
global $user;
$node = processInputVar("activeNode", ARG_NUMERIC);
if(! checkUserHasPriv("userGrant", $user["id"], $node)) {
$text = "You do not have rights to add new user groups at this node.";
print "addUserGroupPaneHide(); ";
print "alert('$text');";
dbDisconnect();
exit;
}
$newgroupid = processInputVar("newgroupid", ARG_NUMERIC);
# FIXME validate newgroupid
$perms = explode(':', processInputVar('perms', ARG_STRING));
$usertypes = getTypes("users");
array_push($usertypes["users"], "block");
array_push($usertypes["users"], "cascade");
$newgroupprivs = array();
foreach($usertypes["users"] as $type) {
if(in_array($type, $perms))
array_push($newgroupprivs, $type);
}
if(empty($newgroupprivs) || (count($newgroupprivs) == 1 &&
in_array("cascade", $newgroupprivs))) {
$text = "<font color=red>No user group privileges were specified</font>";
print setAttribute('addUserGroupPrivStatus', 'innerHTML', $text);
dbDisconnect();
exit;
}
updateUserOrGroupPrivs($newgroupid, $node, $newgroupprivs, array(), "group");
clearPrivCache();
print "addUserGroupPaneHide(); ";
print "refreshPerms(); ";
dbDisconnect();
exit;
}
////////////////////////////////////////////////////////////////////////////////
///
/// \fn AJsubmitAddResourcePriv()
///
/// \brief processes input for adding privileges to a node for a resource group;
/// adds the privileges
///
////////////////////////////////////////////////////////////////////////////////
function AJsubmitAddResourcePriv() {
global $user;
$node = processInputVar("activeNode", ARG_NUMERIC);
if(! checkUserHasPriv("resourceGrant", $user["id"], $node)) {
$text = "You do not have rights to add new resource groups at this node.";
print "addUserGroupPaneHide(); ";
print "alert('$text');";
dbDisconnect();
exit;
}
$newgroupid = processInputVar("newgroupid", ARG_NUMERIC);
# FIXME validate newgroupid
$perms = explode(':', processInputVar('perms', ARG_STRING));
$privtypes = array("block", "cascade", "available", "administer", "manageGroup");
$newgroupprivs = array();
foreach($privtypes as $type) {
if(in_array($type, $perms))
array_push($newgroupprivs, $type);
}
if(empty($newgroupprivs) || (count($newgroupprivs) == 1 &&
in_array("cascade", $newgroupprivs))) {
$text = "<font color=red>No resource group privileges were specified</font>";
print setAttribute('addResourceGroupPrivStatus', 'innerHTML', $text);
dbDisconnect();
exit;
}
updateResourcePrivs($newgroupid, $node, $newgroupprivs, array());
clearPrivCache();
print "addResourceGroupPaneHide(); ";
print "refreshPerms(); ";
dbDisconnect();
exit;
}
////////////////////////////////////////////////////////////////////////////////
///
/// \fn checkUserHasPriv($priv, $uid, $node, $privs,
/// $cascadePrivs)
///
/// \param $priv - privilege to check for
/// \param $uid - numeric id of user
/// \param $node - id of node
/// \param $privs - (optional) privileges at node
/// \param $cascadePrivs - (optional) privileges cascaded to node
///
/// \return 1 if the user has $priv at $node, 0 if not
///
/// \brief checks to see if the user has $priv at $node; if $privs
/// and $cascadePrivs are not passed in, they are looked up for $node
///
////////////////////////////////////////////////////////////////////////////////
function checkUserHasPriv($priv, $uid, $node, $privs=0, $cascadePrivs=0) {
global $user;
$key = getKey(array($priv, $uid, $node, $privs, $cascadePrivs));
if(array_key_exists($key, $_SESSION['userhaspriv']))
return $_SESSION['userhaspriv'][$key];
if($user["id"] != $uid)
$_user = getUserInfo($uid);
else
$_user = $user;
$affilUserid = "{$_user['unityid']}@{$_user['affiliation']}";
if(! is_array($privs)) {
$privs = getNodePrivileges($node, 'users');
$privs = getNodePrivileges($node, 'usergroups', $privs);
}
if(! is_array($cascadePrivs)) {
$cascadePrivs = getNodeCascadePrivileges($node, 'users');
$cascadePrivs = getNodeCascadePrivileges($node, 'usergroups', $cascadePrivs);
}
// if user (has $priv at this node) ||
# (has cascaded $priv && ! have block at this node) return 1
if((array_key_exists($affilUserid, $privs["users"]) &&
in_array($priv, $privs["users"][$affilUserid])) ||
((array_key_exists($affilUserid, $cascadePrivs["users"]) &&
in_array($priv, $cascadePrivs["users"][$affilUserid])) &&
(! array_key_exists($affilUserid, $privs["users"]) ||
! in_array("block", $privs["users"][$affilUserid])))) {
$_SESSION['userhaspriv'][$key] = 1;
return 1;
}
foreach($_user["groups"] as $groupname) {
// if group (has $priv at this node) ||
# (has cascaded $priv && ! have block at this node) return 1
if((array_key_exists($groupname, $privs["usergroups"]) &&
in_array($priv, $privs["usergroups"][$groupname]['privs'])) ||
((array_key_exists($groupname, $cascadePrivs["usergroups"]) &&
in_array($priv, $cascadePrivs["usergroups"][$groupname]['privs'])) &&
(! array_key_exists($groupname, $privs["usergroups"]) ||
! in_array("block", $privs["usergroups"][$groupname]['privs'])))) {
$_SESSION['userhaspriv'][$key] = 1;
return 1;
}
}
$_SESSION['userhaspriv'][$key] = 0;
return 0;
}
?>