Ejemplo n.º 1
0
function checkUserHasPriv($priv, $uid, $node, $privs = 0, $cascadePrivs = 0)
{
    global $user;
    $key = getKey(array($priv, $uid, $node, $privs, $cascadePrivs));
    if (array_key_exists($key, $_SESSION['userhaspriv'])) {
        return $_SESSION['userhaspriv'][$key];
    }
    if ($user["id"] != $uid) {
        $_user = getUserInfo($uid);
    } else {
        $_user = $user;
    }
    $affilUserid = "{$_user['unityid']}@{$_user['affiliation']}";
    if (!is_array($privs)) {
        $privs = getNodePrivileges($node, 'users');
        $privs = getNodePrivileges($node, 'usergroups', $privs);
    }
    if (!is_array($cascadePrivs)) {
        $cascadePrivs = getNodeCascadePrivileges($node, 'users');
        $cascadePrivs = getNodeCascadePrivileges($node, 'usergroups', $cascadePrivs);
    }
    // if user (has $priv at this node) ||
    # (has cascaded $priv && ! have block at this node) return 1
    if (array_key_exists($affilUserid, $privs["users"]) && in_array($priv, $privs["users"][$affilUserid]) || array_key_exists($affilUserid, $cascadePrivs["users"]) && in_array($priv, $cascadePrivs["users"][$affilUserid]) && (!array_key_exists($affilUserid, $privs["users"]) || !in_array("block", $privs["users"][$affilUserid]))) {
        $_SESSION['userhaspriv'][$key] = 1;
        return 1;
    }
    foreach ($_user["groups"] as $groupname) {
        // if group (has $priv at this node) ||
        # (has cascaded $priv && ! have block at this node) return 1
        if (array_key_exists($groupname, $privs["usergroups"]) && in_array($priv, $privs["usergroups"][$groupname]['privs']) || array_key_exists($groupname, $cascadePrivs["usergroups"]) && in_array($priv, $cascadePrivs["usergroups"][$groupname]['privs']) && (!array_key_exists($groupname, $privs["usergroups"]) || !in_array("block", $privs["usergroups"][$groupname]['privs']))) {
            $_SESSION['userhaspriv'][$key] = 1;
            return 1;
        }
    }
    $_SESSION['userhaspriv'][$key] = 0;
    return 0;
}
Ejemplo n.º 2
0
function addUserResources(&$nodeprivs, $userid)
{
    require_once ".ht-inc/privileges.php";
    foreach (array_keys($nodeprivs) as $nodeid) {
        $privs = getNodePrivileges($nodeid, "resources");
        $nodeprivs[$nodeid]["resources"] = $privs["resources"];
        $privs = getNodeCascadePrivileges($nodeid, "resources");
        $nodeprivs[$nodeid]["cascaderesources"] = $privs["resources"];
    }
}
Ejemplo n.º 3
0
function _XMLRPCchangeResourceGroupPriv_sub($mode, $name, $type, $nodeid, $permissions)
{
    require_once ".ht-inc/privileges.php";
    global $user;
    if (!is_numeric($nodeid)) {
        return array('status' => 'error', 'errorcode' => 78, 'errormsg' => 'Invalid nodeid specified');
    }
    if (!checkUserHasPriv("resourceGrant", $user['id'], $nodeid)) {
        return array('status' => 'error', 'errorcode' => 61, 'errormsg' => 'Unable to remove resource group privileges on this node');
    }
    $resourcetypes = getTypes('resources');
    if (!in_array($type, $resourcetypes['resources'])) {
        return array('status' => 'error', 'errorcode' => 71, 'errormsg' => 'Invalid resource type');
    }
    $groupid = getResourceGroupID("{$type}/{$name}");
    if (is_null($groupid)) {
        return array('status' => 'error', 'errorcode' => 74, 'errormsg' => 'resource group does not exist');
    }
    $changeperms = explode(':', $permissions);
    $allperms = getResourcePrivs();
    $diff = array_diff($changeperms, $allperms);
    if (count($diff)) {
        return array('status' => 'error', 'errorcode' => 66, 'errormsg' => 'Invalid or missing permissions list supplied');
    }
    $nocheckperms = array('block', 'cascade', 'available');
    $checkperms = array_diff($changeperms, $nocheckperms);
    $groupdata = getResourceGroups($type, $groupid);
    if (count($checkperms) && !array_key_exists($groupdata[$groupid]["ownerid"], $user["groups"])) {
        return array('status' => 'error', 'errorcode' => 79, 'errormsg' => 'Unable to modify privilege set for resource group');
    }
    $key = "{$type}/{$name}/{$groupid}";
    $cnp = getNodeCascadePrivileges($nodeid, "resources");
    $np = getNodePrivileges($nodeid, 'resources');
    if (array_key_exists($key, $cnp['resources']) && (!array_key_exists($key, $np['resources']) || !in_array('block', $np['resources'][$key]))) {
        $intersect = array_intersect($cnp['resources'][$key], $changeperms);
        if (count($intersect)) {
            return array('status' => 'error', 'errorcode' => 80, 'errormsg' => 'Unable to modify privileges cascaded to this node');
        }
    }
    if ($mode == 'remove') {
        $diff = array_diff($np['resources'][$key], $changeperms);
        if (count($diff) == 1 && in_array("cascade", $diff)) {
            $changeperms[] = 'cascade';
        }
    }
    if ($mode == 'add') {
        updateResourcePrivs("{$groupid}", $nodeid, $changeperms, array());
    } elseif ($mode == 'remove') {
        updateResourcePrivs("{$groupid}", $nodeid, array(), $changeperms);
    }
    return array('status' => 'success');
}