/**
* Retrieves the NGIS to be added and then add them.
* @return null
*/
function submit()
{
require_once __DIR__ . '/../../../../htdocs/web_portal/components/Get_User_Principle.php';
//Get user details (for the remove ngi function so it can check permissions)
$dn = Get_User_Principle();
$user = \Factory::getUserService()->getUserByPrinciple($dn);
//Get a project and NGI services
$projectServ = \Factory::getProjectService();
$ngiServ = \Factory::getNgiService();
//Get the posted service type data
$projectId = $_REQUEST['ID'];
$ngiIds = $_REQUEST['NGIs'];
//turn ngiIds into NGIs
$ngis = new Doctrine\Common\Collections\ArrayCollection();
foreach ($ngiIds as $ngiId) {
$ngis[] = $ngiServ->getNgi($ngiId);
}
//get the project
$project = $projectServ->getProject($projectId);
try {
//function will throw error if user does not have the correct permissions
$projectServ->addNgisToProject($project, $ngis, $user);
$params = array('Name' => $project->getName(), 'ID' => $project->getId(), 'NGIs' => $ngis);
show_view("project/added_ngis.php", $params, "Success");
} catch (Exception $e) {
show_view('error.php', $e->getMessage());
die;
}
}
function show_all_projects()
{
require_once __DIR__ . '/../../../../lib/Gocdb_Services/Factory.php';
$projects = \Factory::getProjectService()->getProjects();
$params['Projects'] = $projects;
show_view('project/view_all.php', $params, "Projects");
}
function delete_project()
{
if (true) {
throw new Exception("Project deletion is disabled - see controller to enable");
}
if (!isset($_REQUEST['id']) || !is_numeric($_REQUEST['id'])) {
throw new Exception("An id must be specified");
}
$dn = Get_User_Principle();
$user = \Factory::getUserService()->getUserByPrinciple($dn);
//Check the portal is not in read only mode, returns exception if it is and user is not an admin
checkPortalIsNotReadOnlyOrUserIsAdmin($user);
//Get the project from the id
$serv = \Factory::getProjectService();
$project = $serv->getProject($_REQUEST['id']);
//keep the name to display later
$params['Name'] = $project->getName();
// Delete the project. This fuction will check the user is allowed to
// perform this action and throw an error if not (only gocdb admins allowed).
// Project deletion does not delete child NGIs and automatically cascade
// deletes the user Roles over the OwnedEntity.
try {
$serv->deleteProject($project, $user);
} catch (\Exception $e) {
show_view('error.php', $e->getMessage());
die;
}
show_view("project/deleted_project.php", $params, $params['Name'] . 'deleted');
}
function CheckCurrentUserCanEditProject(\Project $project)
{
require_once __DIR__ . '/../../web_portal/components/Get_User_Principle.php';
$dn = Get_User_Principle();
$user = \Factory::getUserService()->getUserByPrinciple($dn);
$enablingRoles = \Factory::getProjectService()->authorizeAction('ACTION_EDIT_OBJECT', $project, $user);
if (count($enablingRoles) == 0) {
throw new Exception("You do not have a role that enables you to edit this project");
}
}
/**
* Retrieves the new project's data from a portal request and submit it to the
* services layer's project functions.
* @return null
*/
function submit()
{
require_once __DIR__ . '/../../../../htdocs/web_portal/components/Get_User_Principle.php';
//Get the posted NGI data
$newValues = getProjectDataFromWeb();
//get the user data for the add NGI function (so it can check permissions)
$dn = Get_User_Principle();
$user = \Factory::getUserService()->getUserByPrinciple($dn);
try {
//function will through error if user does not have the correct permissions
$project = \Factory::getProjectService()->addProject($newValues, $user);
$params = array('Name' => $project->getName(), 'ID' => $project->getId());
show_view("admin/added_project.php", $params);
} catch (Exception $e) {
show_view('error.php', $e->getMessage());
die;
}
}
/**
* Retrieves the project edit from a portal request and submit it to the
* services layer's vsite functions.
* @param \User $user Current user
* @return null
*/
function submit(\User $user = null)
{
require_once __DIR__ . '/../../../../htdocs/web_portal/components/Get_User_Principle.php';
//get the post data
$newValues = getProjectDataFromWeb();
//get the project service and the project being edited
$serv = \Factory::getProjectService();
$unalteredProject = $serv->getProject($newValues['ID']);
try {
//function will throw error if user does not have the correct permissions
$alteredProject = $serv->editProject($unalteredProject, $newValues, $user);
$params = array('Name' => $alteredProject->getName(), 'Description' => $alteredProject->getDescription(), 'ID' => $alteredProject->getId());
show_view("project/edited_project.php", $params);
} catch (Exception $e) {
show_view('error.php', $e->getMessage());
die;
}
}
function show_project()
{
require_once __DIR__ . '/../../../../lib/Gocdb_Services/Factory.php';
require_once __DIR__ . '/../utils.php';
require_once __DIR__ . '/../../../../htdocs/web_portal/components/Get_User_Principle.php';
if (!isset($_GET['id']) || !is_numeric($_GET['id'])) {
throw new Exception("An id must be specified");
}
$projId = $_GET['id'];
$serv = \Factory::getProjectService();
$project = $serv->getProject($projId);
$allRoles = $project->getRoles();
$roles = array();
foreach ($allRoles as $role) {
if ($role->getStatus() == \RoleStatus::GRANTED && $role->getRoleType()->getName() != \RoleTypeName::CIC_STAFF) {
$roles[] = $role;
}
}
//get user for case that portal is read only and user is admin, so they can still see edit links
$dn = Get_User_Principle();
$user = \Factory::getUserService()->getUserByPrinciple($dn);
$params['ShowEdit'] = false;
if (count($serv->authorizeAction(\Action::EDIT_OBJECT, $project, $user)) >= 1) {
$params['ShowEdit'] = true;
}
$params['authenticated'] = false;
if ($user != null) {
$params['authenticated'] = true;
}
// Add RoleActionRecords to params
$params['RoleActionRecords'] = \Factory::getRoleService()->getRoleActionRecordsById_Type($project->getId(), 'project');
$params['Name'] = $project->getName();
$params['Description'] = $project->getDescription();
$params['ID'] = $project->getId();
$params['NGIs'] = $project->getNgis();
$params['Sites'] = $serv->getSites($project);
$params['Roles'] = $roles;
$params['portalIsReadOnly'] = portalIsReadOnlyAndUserIsNotAdmin($user);
show_view('project/view_project.php', $params, $params['Name']);
}
function view_requests()
{
require_once __DIR__ . '/../../../../lib/Gocdb_Services/Factory.php';
require_once __DIR__ . '/../../components/Get_User_Principle.php';
require_once __DIR__ . '/../utils.php';
$dn = Get_User_Principle();
$user = \Factory::getUserService()->getUserByPrinciple($dn);
if ($user == null) {
throw new Exception("Unregistered users can't view/request roles");
}
// Entites is a two-dimensional array that lists both the id and name of
// OwnedEntities that a user can reqeust a role over (Projects, NGIs, Sites,
// ServiceGroups). If an inner dimesional array does not contain an Object_ID
// array key, then it is used as a section title in a pull-down list.
$entities = array();
$entities[] = array('Name' => 'Projects');
$allProjects = \Factory::getProjectService()->getProjects();
foreach ($allProjects as $proj) {
$entities[] = array('Object_ID' => $proj->getId(), 'Name' => $proj->getName());
}
$entities[] = array('Name' => 'NGIs');
$allNGIs = \Factory::getNgiService()->getNGIs();
foreach ($allNGIs as $ngi) {
$entities[] = array('Object_ID' => $ngi->getId(), 'Name' => $ngi->getName());
}
$entities[] = array('Name' => 'Sites');
$allSites = \Factory::getSiteService()->getSitesBy();
foreach ($allSites as $site) {
$entities[] = array('Object_ID' => $site->getId(), 'Name' => $site->getShortName());
}
$entities[] = array('Name' => 'ServiceGroups');
$allSGs = \Factory::getServiceGroupService()->getServiceGroups();
foreach ($allSGs as $sg) {
$entities[] = array('Object_ID' => $sg->getId(), 'Name' => $sg->getName());
}
// Current user's own pending roles
$myPendingRoleRequests = \Factory::getRoleService()->getUserRoles($user, \RoleStatus::PENDING);
// foreach role, lookup corresponding RoleActionRecord (if any) and populate
// the role.decoratorObject with the roleActionRecord for subsequent display
// foreach($myPendingRoleRequests as $role){
// $rar = \Factory::getRoleService()->getRoleActionRecordByRoleId($role->getId());
// $role->setDecoratorObject($rar);
// }
// Other roles current user can approve
$otherRolesUserCanApprove = \Factory::getRoleService()->getPendingRolesUserCanApprove($user);
// can the calling user grant or reject each role?
foreach ($otherRolesUserCanApprove as $r) {
$grantRejectRoleNamesArray = array();
$grantRejectRoleNamesArray['grant'] = '';
$grantRejectRoleNamesArray['deny'] = '';
// get list of roles that allows user to to grant the role request
$grantRoleAuthorisingRoleNames = \Factory::getRoleService()->authorizeAction(\Action::GRANT_ROLE, $r->getOwnedEntity(), $user);
if (count($grantRoleAuthorisingRoleNames) >= 1) {
$allAuthorisingRoleNames = '';
foreach ($grantRoleAuthorisingRoleNames as $arName) {
$allAuthorisingRoleNames .= $arName . ', ';
}
$allAuthorisingRoleNames = substr($allAuthorisingRoleNames, 0, strlen($allAuthorisingRoleNames) - 2);
$grantRejectRoleNamesArray['grant'] = '[' . $allAuthorisingRoleNames . ']';
}
// get list of roles that allows user to reject the role request
$denyRoleAuthorisingRoleNames = \Factory::getRoleService()->authorizeAction(\Action::REJECT_ROLE, $r->getOwnedEntity(), $user);
if (count($denyRoleAuthorisingRoleNames) >= 1) {
$allAuthorisingRoleNames = '';
foreach ($denyRoleAuthorisingRoleNames as $arName) {
$allAuthorisingRoleNames .= $arName . ', ';
}
$allAuthorisingRoleNames = substr($allAuthorisingRoleNames, 0, strlen($allAuthorisingRoleNames) - 2);
$grantRejectRoleNamesArray['deny'] = '[' . $allAuthorisingRoleNames . ']';
}
// store array of role names in decorator object
$r->setDecoratorObject($grantRejectRoleNamesArray);
}
$params = array();
$params['entities'] = $entities;
$params['myRequests'] = $myPendingRoleRequests;
$params['allRequests'] = $otherRolesUserCanApprove;
$params['portalIsReadOnly'] = portalIsReadOnlyAndUserIsNotAdmin($user);
show_view("political_role/view_requests.php", $params, "Role Requests");
die;
}
/**
* This class will take an entity of either site, service group, NGI or Project.
* It will then get the roles from the entity
* and then get the users for each of those roles. Then using the authorizeAction function for the correct entity type it will
* ascertain if a given user has the permission to grant a role. If they do there email address is added to an array. This array
* of email addresses will then be sent a notification that they have a pending role request they can approve.
*
* If a site or NGI has no users with roles attached to it due to being newly created then this method will get the parent NGI and
* send an email to those users to approve. It does this by passing the parent entity back into this method recursively.
*
*
* @param Site/ServiceGroup/NGI/Project $entity
*/
public function roleRequest($entity)
{
$project = null;
$emails = null;
$projectIds = null;
// Get the roles from the entity
foreach ($entity->getRoles() as $role) {
$roles[] = $role;
}
// Now for each role get the user
foreach ($roles as $role) {
// Call the correct authorize action service for the type of entity
if ($entity instanceof \Site) {
$enablingRoles = \Factory::getSiteService()->authorizeAction(\Action::GRANT_ROLE, $entity, $role->getUser());
// If the site has no site adminstrators to approve the role request then send an email to the parent NGI users to approve the request
if ($roles == null) {
$this->roleRequest($entity->getNgi());
// Recursivly call this function to send email to the NGI users
}
} else {
if ($entity instanceof \ServiceGroup) {
$enablingRoles = \Factory::getServiceGroupService()->authorizeAction(\Action::GRANT_ROLE, $entity, $role->getUser());
} else {
if ($entity instanceof \Project) {
$enablingRoles = \Factory::getProjectService()->authorizeAction(\Action::GRANT_ROLE, $entity, $role->getUser());
} else {
if ($entity instanceof \NGI) {
$enablingRoles = \Factory::getNgiService()->authorizeAction(\Action::GRANT_ROLE, $entity, $role->getUser());
$projects = $entity->getProjects();
// set project with the NGI's parent project and later recurse with this
// Only send emails to Project users if there are no users with grant_roles over the NGI
if ($roles == null) {
// Get the ID's of each project so we can remove duplicates
foreach ($projects as $project) {
$projectIds[] = $project->getId();
}
$projectIds = array_unique($projectIds);
}
}
}
}
}
// remove admin from enabling roles
$position = array_search('GOCDB_ADMIN', $enablingRoles);
if ($position != null) {
unset($enablingRoles[$position]);
}
// Get the users email and add it to the array if they have an enabling role
if (count($enablingRoles) > 0) {
$emails[] = $role->getUser()->getEmail();
}
}
/*
* No users are able to grant the role or there are no users over this entity. In this case we will email the parent entity for approval
*/
if ($emails == null || count($emails) == 0) {
if ($entity instanceof \Site) {
$this->roleRequest($entity->getNgi());
// Recursivly call this function to send email to the NGI users
} else {
if ($entity instanceof \NGI) {
/*
* It is important to remove duplicate projects here otherwise we will spam the same addresses as we recursively call this method.
*/
$projects = $entity->getProjects();
// set project with the NGI's parent project and later recurse with this
$projectIds = array();
// Get the ID's of each project so we can remove duplicates
foreach ($projects as $project) {
$projectIds[] = $project->getId();
}
$projectIds = array_unique($projectIds);
}
}
} else {
// If the entity has valid users who can approve the role then send the email notification.
// Remove duplicate emails from array
$emails = array_unique($emails);
// Get the PortalURL to create an accurate link to the role approval view
$localInfoLocation = __DIR__ . "/../../config/local_info.xml";
$localInfoXML = simplexml_load_file($localInfoLocation);
$webPortalURL = $localInfoXML->local_info->web_portal_url;
// Email content
$headers = "From: no-reply@goc.egi.eu";
$subject = "GocDB: A Role request requires attention";
$body = "Dear GOCDB User,\n\n" . "A user has requested a role that requires attention.\n\n" . "You can approve or deny this request here:\n\n" . $webPortalURL . "/index.php?Page_Type=Role_Requests\n\n" . "Note: This role may already have been approved or denied by another GocDB User";
$sendMail = TRUE;
// Send email to all users who can approve this role request
if ($emails != null) {
foreach ($emails as $email) {
if ($sendMail) {
mail($email, $subject, $body, $headers);
} else {
echo "Email: " . $email . "<br>";
echo "Subject: " . $subject . "<br>";
echo "Body: " . $body . "<br>";
}
}
}
}
/**
* For each project ID get the entity and run this function again for each entity so
* that for each NGI the email notification is sent to all users who hold roles over the parent
* NGI(s).
*/
if ($projectIds != null) {
foreach ($projectIds as $pid) {
$project = \Factory::getOwnedEntityService()->getOwnedEntityById($pid);
if (sendMail) {
$this->roleRequest($project);
} else {
echo $project->getName() . "<br>";
}
}
}
}
