function get_project_info($slice, $signer, $ma_url, $sa_url)
{
$project_id = $slice[SA_SLICE_TABLE_FIELDNAME::PROJECT_ID];
$project_details = lookup_project($sa_url, $signer, $project_id);
$project_name = $project_details[PA_PROJECT_TABLE_FIELDNAME::PROJECT_NAME];
$project_expiration = dateUIFormat($project_details[PA_PROJECT_TABLE_FIELDNAME::EXPIRATION]);
$project_description = $project_details[PA_PROJECT_TABLE_FIELDNAME::PROJECT_PURPOSE];
$project_lead_id = $project_details[PA_PROJECT_TABLE_FIELDNAME::LEAD_ID];
$project_lead_detail_list = lookup_member_details($ma_url, $signer, array($project_lead_id));
$project_lead_details = $project_lead_detail_list[$project_lead_id];
$member = new Member($project_lead_id);
$member->init_from_record($project_lead_details);
$project_lead_name = $member->prettyName();
$project_lead_email = $project_lead_details[MA_ATTRIBUTE_NAME::EMAIL_ADDRESS];
$mailto_link = "<a href='mailto:{$project_lead_email}'>{$project_lead_email}</a>";
$project_lead_number = $project_lead_details[MA_ATTRIBUTE_NAME::TELEPHONE_NUMBER];
$project_info = "<b style='text-decoration: underline;'>Parent project</b><br>";
$project_info .= "<b>Name: </b>{$project_name}<br>" . "<b>Expiration: </b>{$project_expiration}<br>" . "<b>Description: </b>{$project_description}<br>" . "<b>Lead Name: </b>{$project_lead_name}<br>" . "<b>Lead Email: </b>{$mailto_link}<br>" . "<b>Lead Phone: </b>{$project_lead_number}";
return $project_info;
}
$ma_url = get_first_service_of_type(SR_SERVICE_TYPE::MEMBER_AUTHORITY);
}
// error_log("REQUEST = " . print_r($_REQUEST, true));
if (!array_key_exists('project_id', $_REQUEST)) {
// Error
error_log("do-handle-project-request called without project_id");
relative_redirect("home.php");
}
$project_id = $_REQUEST['project_id'];
unset($_REQUEST['project_id']);
if (array_key_exists('project_name', $_REQUEST)) {
unset($_REQUEST['project_name']);
}
$selections = $_REQUEST;
// error_log("SELECTIONS = " . print_r($selections, true));
$project_details = lookup_project($sa_url, $user, $project_id);
if (!isset($project_details) or is_null($project_details)) {
error_log("Couldn't find project by ID in do-handle-project-request: {$project_id}");
// $_SESSION['lasterror'] = "Project $project_id unknown";
relative_redirect("home.php");
}
$project_name = $project_details[PA_PROJECT_TABLE_FIELDNAME::PROJECT_NAME];
if (!$user->isAllowed(PA_ACTION::ADD_PROJECT_MEMBER, CS_CONTEXT_TYPE::PROJECT, $project_id)) {
error_log("User " . $user->prettyName() . " not allowed to handle project requests on this project " . $project_name);
relative_redirect("home.php");
}
$lead_id = $project_details[PA_PROJECT_TABLE_FIELDNAME::LEAD_ID];
$lead_name = lookup_member_names($ma_url, $user, array($lead_id));
$lead_name = $lead_name[$lead_id];
$num_members_added = 0;
$num_members_rejected = 0;
$project_desc = urldecode($project_desc);
}
if ($project_inst) {
$project_inst = urldecode($project_inst);
}
if ($download) {
$download_url = url_to_download();
if (!$download_url) {
echo "no file to download";
exit;
}
}
// see if this project is in BOINC's list;
// if so, use the info there if the project didn't supply it
//
$p = lookup_project($master_url);
if ($p) {
setcookie('attach_known', "1");
if (!$project_inst) {
$project_inst = $p[2];
}
if (!$project_desc) {
$project_desc = $p[4];
}
} else {
setcookie('attach_known', "0");
}
$expire = time() + 24 * 86400;
setrawcookie('attach_master_url', rawurlencode($master_url), $expire);
setrawcookie('attach_project_name', rawurlencode($project_name), $expire);
setrawcookie('attach_auth', rawurlencode($auth), $expire);
if ($request[RQ_REQUEST_TABLE_FIELDNAME::CONTEXT_TYPE] != CS_CONTEXT_TYPE::PROJECT) {
error_log("cancel-p-req: Not a project, but " . $request[RQ_REQUEST_TABLE_FIELDNAME::REQUEST_TYPE]);
show_header('GENI Portal: Projects');
include "tool-breadcrumbs.php";
print "<h2>Error canceling project request</h2>\n";
print "Request not a project request, but " . $request[RQ_REQUEST_TABLE_FIELDNAME::CONTEXT_TYPE] . "<br/>\n";
// FIXME: Print other request details
print "<input type=\"button\" value=\"Cancel\" onclick=\"history.back(-1)\"/>\n";
include "footer.php";
exit;
}
if (isset($project_id) && $request['context_id'] != $project_id) {
error_log("cancel-p-req: Request project != given project: " . $request[RQ_REQUEST_TABLE_FIELDNAME::CONTEXT_ID] . " != " . $project_id);
}
$project_id = $request[RQ_REQUEST_TABLE_FIELDNAME::CONTEXT_ID];
$project = lookup_project($sa_url, $user, $project_id);
$project_name = $project[PA_PROJECT_TABLE_FIELDNAME::PROJECT_NAME];
$lead_id = $project[PA_PROJECT_TABLE_FIELDNAME::LEAD_ID];
$lead = $user->fetchMember($lead_id);
$leadname = $lead->prettyName();
// Now: was this a form submission (e.g. trying to handle the request?)
// FIXME: Validate those inputs
$reason = null;
$error = null;
if (array_key_exists('submit', $_REQUEST)) {
$submit = $_REQUEST['submit'];
if (array_key_exists('reason', $_REQUEST)) {
$reason = $_REQUEST['reason'];
} else {
error_log("cancel-p-req got no reason");
$reason = "";
$reqs = $preqs;
if (isset($reqs) && count($reqs) > 0) {
print "Found " . count($reqs) . " outstanding request(s) by you:<br/>\n";
print "<div class='tablecontainer'><table>\n";
// Could add the lead and purpose?
print "<tr><th>Request Type</th><th>Project</th><th>Request Created</th><th>Request Reason</th><th>Cancel Request?</th></tr>\n";
$REQ_TYPE_NAMES = array();
$REQ_TYPE_NAMES[] = 'Join';
$REQ_TYPE_NAMES[] = 'Update Attributes';
foreach ($reqs as $request) {
$name = "";
//error_log(print_r($request, true));
$typestr = $REQ_TYPE_NAMES[$request[RQ_REQUEST_TABLE_FIELDNAME::REQUEST_TYPE]] . " " . $CS_CONTEXT_TYPE_NAME[$request[RQ_REQUEST_TABLE_FIELDNAME::CONTEXT_TYPE]];
if ($request[RQ_REQUEST_TABLE_FIELDNAME::CONTEXT_TYPE] == CS_CONTEXT_TYPE::PROJECT) {
//error_log("looking up project " . $request[RQ_REQUEST_TABLE_FIELDNAME::CONTEXT_ID]);
$project = lookup_project($sa_url, $user, $request[RQ_REQUEST_TABLE_FIELDNAME::CONTEXT_ID]);
$name = $project[PA_PROJECT_TABLE_FIELDNAME::PROJECT_NAME];
$cancel_url = "cancel-join-project.php?request_id=" . $request[RQ_REQUEST_TABLE_FIELDNAME::ID];
// } elseif ($request[RQ_REQUEST_TABLE_FIELDNAME::CONTEXT_TYPE] == CS_CONTEXT_TYPE::SLICE) {
// $slice = lookup_slice($sa_url, $request[RQ_REQUEST_TABLE_FIELDNAME::CONTEXT_ID]);
// $name = $slice[SA_SLICE_TABLE_FIELDNAME::SLICE_NAME];
// $cancel_url="cancel-join-slice.php?request_id=" . $request[RQ_REQUEST_TABLE_FIELDNAME::ID];
// } else {
// $name = "";
// $cancel_url="cancel-account-mod.php?request_id=" . $request[RQ_REQUEST_TABLE_FIELDNAME::ID];
}
$cancel_button = "<button style=\"\" onClick=\"window.location='" . $cancel_url . "'\"><b>Cancel Request</b></button>";
$reason = $request[RQ_REQUEST_TABLE_FIELDNAME::REQUEST_TEXT];
$req_date_db = $request[RQ_REQUEST_TABLE_FIELDNAME::CREATION_TIMESTAMP];
$req_date = dateUIFormat($req_date_db);
print "<tr><td>{$typestr}</td><td>{$name}</td><td>{$req_date}</td><td>{$reason}</td><td>{$cancel_button}</td></tr>\n";
function addToGroup($project_id, $group_name, $member_id, $user)
{
if (!isset($project_id) || $project_id == "-1" || !uuid_is_valid($project_id)) {
error_log("irods addToGroup: not a valid project ID. Nothing to do. {$project_id}");
return -1;
}
if (!isset($group_name) || is_null($group_name) || $group_name === '') {
error_log("irods addToGroup: not a valid group name. Nothing to do. {$project_id}, {$group_name}");
return -1;
}
if (!isset($member_id) || $member_id == "-1" || !uuid_is_valid($member_id)) {
error_log("irods addToGroup: not a valid member ID. Nothing to do. {$member_id}");
return -1;
}
global $disable_irods;
if (isset($disable_irods)) {
error_log("irods addToGroup: disable_irods was set. Doing nothing.");
return -1;
}
// must get member username
$member = geni_load_user_by_member_id($member_id);
// Bail early if the local attribute says the user does not yet have an account
if (!isset($member->ma_member->irods_username)) {
error_log("iRODS addToGroup local attribute says member {$member_id} does not yet have an iRODS account. Cannot add to group {$group_name}");
return -1;
}
$username = base_username($member);
error_log("iRODS addToGroup {$group_name} member {$member_id} with username {$username}");
global $irods_url;
global $default_zone;
global $portal_irods_user;
global $portal_irods_pw;
global $irods_cert;
$irods_info = array();
$irods_info[IRODS_USER_NAME] = $username;
$irods_info[IRODS_GROUP] = $group_name;
$irods_info[IRODS_ZONE] = $default_zone;
// Note: in PHP 5.4, use JSON_UNESCAPED_SLASHES.
// we have PHP 5.3, so we have to remove those manually.
$irods_json = json_encode($irods_info);
$irods_json = str_replace('\\/', '/', $irods_json);
// error_log("Trying to add member to iRODS group with values: " . $irods_json);
///* Sign the data with the portal certificate (Is that correct?) */
//$irods_signed = smime_sign_message($irods_json, $portal_cert, $portal_key);
///* Encrypt the signed data for the iRODS SSL certificate */
//$irods_blob = smime_encrypt($irods_signed, $irods_cert);
$added = -1;
// Was the user added to the group? -1=Error, 0=Success, 1=Member already in group
try {
$addstruct = doRESTCall($irods_url . IRODS_PUT_USER_GROUP_URI . IRODS_SEND_JSON, $portal_irods_user, $portal_irods_pw, "PUT", $irods_json, "application/json", $irods_cert);
// look for (\r or \n or \r\n){2} and move past that
preg_match("/(\r|\n|\r\n){2}([^\r\n].+)\$/", $addstruct, $m);
if (!array_key_exists(2, $m)) {
error_log("iRODS addToGroup Malformed PUT result to iRODS - error? Got: " . $addstruct);
throw new Exception("Failed to add member to iRODS group - server error: " . $addstruct);
}
// error_log("PUT result content: " . $m[2]);
$addjson = json_decode($m[2], true);
// error_log("add user to group result: " . print_r($addjson, true));
if (is_array($addjson)) {
$status = null;
$msg = null;
$groupCmdStatus = null;
if (array_key_exists("status", $addjson)) {
$status = $addjson["status"];
// Return 0 if added the user, 1 if user already in the group, -1 on error
if ($status == IRODS_STATUS_ERROR) {
$added = -1;
} elseif ($status == IRODS_STATUS_SUCCESS) {
$added = 0;
}
}
if (array_key_exists("message", $addjson)) {
$msg = $addjson["message"];
}
if (array_key_exists(IRODS_USER_GROUP_COMMAND_STATUS, $addjson)) {
$groupCmdStatus = $addjson[IRODS_USER_GROUP_COMMAND_STATUS];
if ($groupCmdStatus == IRODS_STATUS_DUPLICATE_USER) {
$added = 1;
error_log("iRODS user {$username} already in group {$group_name}");
} elseif ($groupCmdStatus != IRODS_STATUS_SUCCESS) {
if ($groupCmdStatus === IRODS_STATUS_BAD_USER) {
error_log("iRODS: user {$username} has no iRODS account yet. Cannot add to group {$group_name}. ({$groupCmdStatus}: '{$msg}')");
// FIXME: Email someone?
} elseif ($groupCmdStatus === IRODS_STATUS_BAD_GROUP) {
// If it is INVALID_GROUP then we still need to do createGroup. I don't think that should happen. But in case...
error_log("iRODS: group {$group_name} doesn't exist yet, so cannot add user {$username}. Try to create the group... ({$groupCmdStatus}: '{$msg}')");
if (!isset($sa_url)) {
$sa_url = get_first_service_of_type(SR_SERVICE_TYPE::SLICE_AUTHORITY);
if (!isset($sa_url) || is_null($sa_url) || $sa_url == '') {
error_log("iRODS Found no SA in SR!'");
}
}
$project = lookup_project($sa_url, $user, $project_id);
$project_name = $project[PA_PROJECT_TABLE_FIELDNAME::PROJECT_NAME];
$groupCreated = irods_create_group($project_id, $project_name, $user);
if ($groupCreated != -1) {
$added = 0;
}
} else {
error_log("iRODS failed to add user {$username} to group {$group_name}: {$groupCmdStatus}: '{$msg}'");
}
}
} elseif ($added !== 0) {
error_log("iRODS failed to add user {$username} to group {$group_name}: '{$msg}'");
}
} else {
$added = -1;
error_log("iRODS: malformed return from addUserToGroup: " . print_r($addjson, true));
}
} catch (Exception $e) {
error_log("Error doing iRODS put to add member to group: " . $e->getMessage());
$added = -1;
}
// Return 0 if added the user, 1 if user already in the group, -1 on error
return $added;
}
function get_template_omni_config($user, $version, $default_project = null)
{
$legal_versions = array("2.3.1", "2.5");
if (!in_array($version, $legal_versions)) {
/* If $version is not understood, default to omni 2.5. */
$version = "2.5";
}
/* Create OMNI config file */
$username = $user->username;
$urn = $user->urn();
// Get the authority from the user's URN
parse_urn($urn, $authority, $type, $name);
$pgchs = get_services_of_type(SR_SERVICE_TYPE::PGCH);
if (count($pgchs) != 1) {
error_log("am_client must have exactly one PGCH service defined to generate an omni_config");
return "Should be exactly one PGCH url.";
} else {
$pgch = $pgchs[0];
$PGCH_URL = $pgch[SR_TABLE_FIELDNAME::SERVICE_URL];
}
$omni_config = '# This omni configuration file is for use with omni version ';
$omni_config .= $version . ' or higher';
$omni_config .= "\n";
$omni_config .= "[omni]\n";
if ($version == "2.5") {
$omni_config .= "default_cf = portal_chapi\n";
}
if ($version == "2.3.1") {
$omni_config .= "default_cf = portal\n";
}
$omni_config .= "# 'users' is a comma separated list of users which should be added to a slice.\n" . "# Each user is defined in a separate section below.\n" . "users = {$username}\n";
if ($version == "2.5") {
// Note this isn't necessary for omni 2.7+, where the default is True
$omni_config .= "# Over-ride the commandline setting of --useSliceMembers to force it True\n" . "useslicemembers = True\n";
}
$omni_config = $omni_config . "# 'default_project' is the name of the project that will be assumed\n" . "# unless '--project' is specified on the command line.\n" . "# Uncomment only one of the following lines if you want to use this feature\n";
if (!isset($sa_url)) {
$sa_url = get_first_service_of_type(SR_SERVICE_TYPE::SLICE_AUTHORITY);
}
if (!isset($ma_url)) {
$ma_url = get_first_service_of_type(SR_SERVICE_TYPE::MEMBER_AUTHORITY);
}
$projects = get_projects_for_member($sa_url, $user, $user->account_id, true);
if (count($projects) > 0 && is_null($default_project)) {
$p0 = $projects[0];
$default_project = $p0[PA_PROJECT_TABLE_FIELDNAME::PROJECT_NAME];
}
foreach ($projects as $project_id) {
$project = lookup_project($sa_url, $user, $project_id);
$proj_name = $project[PA_PROJECT_TABLE_FIELDNAME::PROJECT_NAME];
if ($proj_name == $default_project) {
$omni_config .= "default_project = {$proj_name}\n";
} else {
$omni_config .= "#default_project = {$proj_name}\n";
}
}
$omni_config .= "\n" . "[portal_chapi]\n" . "# For use with the Uniform Federation API\n" . "# NOTE: Only works with Omni 2.5 or newer\n" . "type = chapi\n" . "# Authority part of the control framework's URN\n" . "authority={$authority}\n" . "# Where the CH API server's Clearinghouse service is listening.\n" . "# This will be used to find the MA and SA\n" . "ch=https://{$authority}:8444/CH\n" . "# Optionally you may explicitly specify where the MA and SA are\n" . "# running, in which case the Clearinghouse service is not used\n" . "# to find them\n" . "ma = {$ma_url}\n" . "sa = {$sa_url}\n" . "cert = /PATH/TO/YOUR/CERTIFICATE/AS/DOWNLOADED/FROM/PORTAL/geni-{$username}.pem\n" . "key = /PATH/TO/YOUR/CERTIFICATE/AS/DOWNLOADED/FROM/PORTAL/geni-{$username}.pem\n" . "# For debugging\n" . "verbose=false\n" . "\n";
$omni_config .= "\n" . "[portal]\n" . "type = pgch\n" . "authority={$authority}\n" . "ch = {$PGCH_URL}\n" . "sa = {$PGCH_URL}\n" . "cert = /PATH/TO/YOUR/CERTIFICATE/AS/DOWNLOADED/FROM/PORTAL/geni-{$username}.pem\n" . "key = /PATH/TO/YOUR/CERTIFICATE/AS/DOWNLOADED/FROM/PORTAL/geni-{$username}.pem\n" . "\n";
$omni_config .= "[{$username}]\n" . "urn = {$urn}\n" . "# 'keys' is a comma separated list of ssh public keys which should be added to this user's account.\n" . "keys = /PATH/TO/SSH/PUBLIC/KEY.pub\n";
$omni_config = $omni_config . "\n";
return $omni_config;
}
