Beispiel #1
0
function irods_create_group($project_id, $project_name, $user)
{
    // Note this function must bail if project_id is not a project but an error of some kind
    error_log("iRODS: creating group for project {$project_name} with id {$project_id}");
    if (!isset($project_id) || $project_id == "-1" || !uuid_is_valid($project_id)) {
        error_log("irods_create_group: not a valid project ID. Nothing to do. {$project_id}");
        return -1;
    }
    if (!isset($project_name) || is_null($project_name) || $project_name === '') {
        error_log("irods_create_group: not a valid project name. Nothing to do. {$project_id}, {$project_name}");
        return -1;
    }
    global $disable_irods;
    if (isset($disable_irods)) {
        error_log("irodsCreateGroup: disable_irods was set. Doing nothing.");
        return -1;
    }
    // If pa_project_attribute has the irods_group_name attribute, then return 1
    if (!isset($sa_url)) {
        $sa_url = get_first_service_of_type(SR_SERVICE_TYPE::SLICE_AUTHORITY);
        if (!isset($sa_url) || is_null($sa_url) || $sa_url == '') {
            error_log("iRODS Found no SA in SR!'");
        }
    }
    $project_attributes = lookup_project_attributes($sa_url, $user, $project_id);
    $group_name = null;
    $att_group_name = null;
    foreach ($project_attributes as $attribute) {
        if ($attribute[PA_ATTRIBUTE::NAME] == PA_ATTRIBUTE_NAME::IRODS_GROUP_NAME) {
            $group_name = $attribute[PA_ATTRIBUTE::VALUE];
            $att_group_name = $group_name;
            break;
        }
    }
    if (!is_null($group_name)) {
        error_log("irodsCreateGroup: local attribute says group {$group_name} already exists for project {$project_id}");
        return 1;
        // group already existed
    }
    global $irods_url;
    global $default_zone;
    global $irods_cert;
    global $portal_irods_user;
    global $portal_irods_pw;
    // must get project name and then groupname
    $group_name = group_name($project_name);
    $irods_info = array();
    $irods_info[IRODS_GROUP_NEW] = $group_name;
    $irods_info[IRODS_ZONE] = $default_zone;
    // Note: in PHP 5.4, use JSON_UNESCAPED_SLASHES.
    //   we have PHP 5.3, so we have to remove those manually.
    $irods_json = json_encode($irods_info);
    $irods_json = str_replace('\\/', '/', $irods_json);
    //  error_log("Trying to add group to iRODS with values: " . $irods_json);
    ///* Sign the data with the portal certificate (Is that correct?) */
    //$irods_signed = smime_sign_message($irods_json, $portal_cert, $portal_key);
    ///* Encrypt the signed data for the iRODS SSL certificate */
    //$irods_blob = smime_encrypt($irods_signed, $irods_cert);
    $created = -1;
    // Was the group created? -1=error, 0=success, 1=group was already there
    try {
        $addstruct = doRESTCall($irods_url . IRODS_PUT_GROUP_URI . IRODS_SEND_JSON, $portal_irods_user, $portal_irods_pw, "PUT", $irods_json, "application/json", $irods_cert);
        // look for (\r or \n or \r\n){2} and move past that
        preg_match("/(\r|\n|\r\n){2}([^\r\n].+)\$/", $addstruct, $m);
        if (!array_key_exists(2, $m)) {
            error_log("irods createGroup: Malformed PUT result to iRODS - error? Got: " . $addstruct);
            throw new Exception("Failed to add iRODS group - server error: " . $addstruct);
        }
        //    error_log("PUT result content: " . $m[2]);
        $addjson = json_decode($m[2], true);
        //    error_log("add group result: " . print_r($addjson, true));
        if (is_array($addjson)) {
            $status = null;
            $msg = null;
            $groupCmdStatus = null;
            if (array_key_exists("status", $addjson)) {
                $status = $addjson["status"];
                // Return 0 if added the group, 1 if group existed, -1 on error
                if ($status == IRODS_STATUS_ERROR) {
                    $created = -1;
                } elseif ($status == IRODS_STATUS_SUCCESS) {
                    $created = 0;
                }
            }
            if (array_key_exists("message", $addjson)) {
                $msg = $addjson["message"];
            }
            if (array_key_exists(IRODS_USER_GROUP_COMMAND_STATUS, $addjson)) {
                $groupCmdStatus = $addjson[IRODS_USER_GROUP_COMMAND_STATUS];
                if ($groupCmdStatus == IRODS_STATUS_DUPLICATE_GROUP) {
                    $created = 1;
                    error_log("iRODS group {$group_name} already existed");
                } elseif ($groupCmdStatus != IRODS_STATUS_SUCCESS) {
                    error_log("iRODS failed to create group {$group_name}: {$groupCmdStatus}: '{$msg}'");
                }
            } elseif ($created !== 0) {
                error_log("iRODS failed to create group {$group_name}: '{$msg}'");
            }
        } else {
            error_log("iRODS: malformed return from createGroup: " . print_r($addjson, true));
            $created = -1;
        }
    } catch (Exception $e) {
        error_log("Error doing iRODS put to add group: " . $e->getMessage());
        $created = -1;
    }
    if ($created === 1) {
        if (!isset($att_group_name)) {
            // irods says the group exists, but our local attribute does not. Set it.
            if ($user->isAllowed(PA_ACTION::ADD_PROJECT_ATTRIBUTE, CS_CONTEXT_TYPE::PROJECT, $project_id)) {
                add_project_attribute($sa_url, $user, $project_id, PA_ATTRIBUTE_NAME::IRODS_GROUP_NAME, $group_name);
            }
        }
    }
    if ($created === 0) {
        // Save in local DB that we created the iRODS group
        // Remove first ensures no duplicate rows
        if ($user->isAllowed(PA_ACTION::ADD_PROJECT_ATTRIBUTE, CS_CONTEXT_TYPE::PROJECT, $project_id)) {
            if (isset($att_group_name)) {
                remove_project_attribute($sa_url, $user, $project_id, PA_ATTRIBUTE_NAME::IRODS_GROUP_NAME);
            }
            add_project_attribute($sa_url, $user, $project_id, PA_ATTRIBUTE_NAME::IRODS_GROUP_NAME, $group_name);
        }
        // Bootstrapping: for previously existing project, there may be other members of the project to add
        // Rely on the fact that we can move on if the user doesn't exist
        // Do this block only if we actually created the irods group just now
        $members = get_project_members($sa_url, $user, $project_id);
        // for each member of the project
        foreach ($members as $m) {
            $added = addToGroup($project_id, $group_name, $m[MA_MEMBER_TABLE_FIELDNAME::MEMBER_ID], $user);
            /* if ($added === -1) { */
            /* 	error_log("Couldn't add member " . $m[MA_MEMBER_TABLE_FIELDNAME::MEMBER_ID] . " to new irods group $group_name: probably they don't have an irods account yet."); */
            /* } */
        }
    }
    return $created;
}
Beispiel #2
0
            $actions_entry = "<td>{$actions}</td>";
        }
        $purpose_entry = "";
        if ($show_purpose) {
            $purpose_entry = "<td>{$proj_purpose}</td>";
        }
        $error_entry_id = "error-" . $proj_id;
        $error_entry = "<td id=\"{$error_entry_id}\"></td>";
        echo "<tr><td>{$proj_href}</td><td id=\"group-{$proj_id}\">{$group_name}</td><td>{$lead_name}</td>{$purpose_entry} {$actions_entry} {$error_entry}</tr>";
    }
    echo "</table>";
}
echo "<h1>Wireless Account Setup</h1>";
$project_ids = get_projects_for_member($sa_url, $user, $user->account_id, true);
// Gather project attributes for each project
$attribs = lookup_project_attributes($sa_url, $user, $project_ids);
$attribs_by_project = array();
foreach ($project_ids as $project_id) {
    $attribs_by_project[$project_id] = array();
}
foreach ($attribs as $attrib) {
    $project_id = $attrib[PA_PROJECT_TABLE_FIELDNAME::PROJECT_ID];
    $attribs_by_project[$project_id][] = $attrib;
}
$projects = lookup_project_details($sa_url, $user, $project_ids);
$num_projects = count($project_ids);
$lead_names = lookup_member_names_for_rows($ma_url, $user, $projects, PA_PROJECT_TABLE_FIELDNAME::LEAD_ID);
// error_log("LEADS = " . print_r($lead_names, true));
// Get the user's SSH keys to make sure they'll be able to log in
$sshkeys = $user->sshKeys();
// Break up projects into those I can modify and those I cannot.