/**
* Processes an edit site request from a web request
* return null
* @param \User $user current user
*/
function submit(\User $user = null)
{
// TODO use validate service
$reason = $_REQUEST['COMMENT'];
if (empty($reason)) {
throw new Exception('A reason is required');
}
if (strlen($reason) > 300) {
throw new Exception('Invalid reason - 300 char max');
}
try {
require_once __DIR__ . '/../../../../lib/Gocdb_Services/Factory.php';
try {
$site = \Factory::getSiteService()->getSite($_REQUEST['SITEID']);
$certStatus = \Factory::getCertStatusService()->getCertificationStatus($_REQUEST['CERTSTATUSID']);
\Factory::getCertStatusService()->editCertificationStatus($site, $certStatus, $user, $reason);
} catch (\Exception $e) {
show_view('error.php', $e->getMessage());
die;
}
$params = array('site' => $site);
show_view('site/cert_status_edited.php', $params);
} catch (Exception $e) {
show_view('error.php', $e->getMessage());
die;
}
}
function show_xml()
{
try {
$xml = Factory::getSiteService()->getGoogleMapXMLString();
} catch (Exception $e) {
show_view('error.php', $e->getMessage(), "Error");
}
$params['XML'] = $xml;
show_view('sitesForGoogleMapXML.php', $params, null, true);
}
function site_downtimes()
{
require_once __DIR__ . '/../../../../lib/Gocdb_Services/Factory.php';
$serv = \Factory::getSiteService();
$site = $serv->getSite($_REQUEST['id']);
$downtimes = $serv->getDowntimes($_REQUEST['id'], null);
$params['site'] = $site;
$params['downtimes'] = $downtimes;
$title = "{$site} downtimes";
show_view('site/site_downtimes.php', $params, $title);
return;
}
function view_ngi()
{
require_once __DIR__ . '/../../../../lib/Gocdb_Services/Factory.php';
require_once __DIR__ . '/../utils.php';
require_once __DIR__ . '/../../../web_portal/components/Get_User_Principle.php';
if (!isset($_GET['id']) || !is_numeric($_GET['id'])) {
throw new Exception("An id must be specified");
}
$ngiId = $_GET['id'];
//get user for case that portal is read only and user is admin, so they can still see edit links
$dn = Get_User_Principle();
$user = \Factory::getUserService()->getUserByPrinciple($dn);
$params['portalIsReadOnly'] = portalIsReadOnlyAndUserIsNotAdmin($user);
$params['UserIsAdmin'] = false;
if (!is_null($user)) {
$params['UserIsAdmin'] = $user->isAdmin();
}
$params['authenticated'] = false;
if ($user != null) {
$params['authenticated'] = true;
}
$ngiServ = \Factory::getNgiService();
$siteServ = \Factory::getSiteService();
$ngi = $ngiServ->getNgi($ngiId);
// Does current viewer have edit permissions over NGI ?
$params['ShowEdit'] = false;
if (count($ngiServ->authorizeAction(\Action::EDIT_OBJECT, $ngi, $user)) >= 1) {
$params['ShowEdit'] = true;
}
// Add ngi to params
$params['ngi'] = $ngi;
// Add all roles over ngi to params
$allRoles = $ngi->getRoles();
$roles = array();
foreach ($allRoles as $role) {
if ($role->getStatus() == \RoleStatus::GRANTED) {
$roles[] = $role;
}
}
$params['roles'] = $roles;
// Add ngi's project to params
$projects = $ngi->getProjects();
$params['Projects'] = $projects;
// Add sites and scopes to params
$params['SitesAndScopes'] = array();
foreach ($ngi->getSites() as $site) {
$params['SitesAndScopes'][] = array('Site' => $site, 'Scopes' => $siteServ->getScopesWithParentScopeInfo($site));
}
// Add RoleActionRecords to params
$params['RoleActionRecords'] = \Factory::getRoleService()->getRoleActionRecordsById_Type($ngi->getId(), 'ngi');
show_view('ngi/view_ngi.php', $params, $ngi->getName());
die;
}
/**
* Draws a form to add a new site property
* @param \User $user current user
* @return null
*/
function draw(\User $user = null)
{
if (is_null($user)) {
throw new Exception("Unregistered users can't add a site property.");
}
$serv = \Factory::getSiteService();
$site = $serv->getSite($_REQUEST['site']);
//Check user has permissions to add site property
$serv->validatePropertyActions($user, $site);
$params = array('site' => $site);
show_view("site/add_site_property.php", $params);
}
function submit(\SiteProperty $property, \User $user = null, \Site $site)
{
$params['prop'] = $property;
$params['site'] = $site;
//remove site property
try {
$serv = \Factory::getSiteService();
$serv->deleteSiteProperty($site, $user, $property);
} catch (\Exception $e) {
show_view('error.php', $e->getMessage());
die;
}
show_view('/site/deleted_site_property.php', $params);
}
function submit(\Site $site, \User $user = null)
{
//Only administrators can delete sites, double check user is an administrator
checkUserIsAdmin();
//save name to display later
$params['Name'] = $site->getName();
//remove Site
try {
\Factory::getSiteService()->deleteSite($site, $user);
} catch (\Exception $e) {
show_view('error.php', $e->getMessage());
die;
}
show_view('/site/deleted_site.php', $params);
}
function getSitesServices()
{
require_once __DIR__ . '/../utils.php';
require_once __DIR__ . '/../../../web_portal/components/Get_User_Principle.php';
$dn = Get_User_Principle();
$user = \Factory::getUserService()->getUserByPrinciple($dn);
$params['portalIsReadOnly'] = portalIsReadOnlyAndUserIsNotAdmin($user);
if (!isset($_REQUEST['site_id']) || !is_numeric($_REQUEST['site_id'])) {
throw new Exception("A site_id must be specified");
}
$site = \Factory::getSiteService()->getSite($_REQUEST['site_id']);
$services = $site->getServices();
$params['services'] = $services;
show_view("downtime/view_services.php", $params, null, true);
}
/**
* Draws a form to add a new site
* @param \User $user current user
* @return null
*/
function draw(\User $user = null)
{
if (is_null($user)) {
throw new Exception("Unregistered users can't add a new site");
}
$siteService = \Factory::getSiteService();
//try { $siteService->addAuthorization($user);
//} catch(Exception $e) { show_view('error.php', $e->getMessage()); die(); }
if ($user->isAdmin()) {
// if user is admin, then get all NGIs
$userNGIs = \Factory::getNgiService()->getNGIs();
} else {
// otherwise, get only the NGIs the non-admin user has roles over that support add_site
$userNGIs = \Factory::getNgiService()->getNGIsBySupportedAction(Action::NGI_ADD_SITE, $user);
if (count($userNGIs) == 0) {
show_view('error.php', "You do not have permission to add a new site." . " To add a new site you require a managing role over an NGI");
die;
}
}
$countries = $siteService->getCountries();
//$timezones = $siteService->getTimezones(); // Deprecated - don't use the lookup values in the GocDB
$timezones = DateTimeZone::listIdentifiers();
$prodStatuses = $siteService->getProdStatuses();
//Remove SC and PPS infrastructures from drop down list. TODO: Delete this block once they no longer exist
$SCInfrastructure = $siteService->getProdStatusByName('SC');
$PPSInfrastructure = $siteService->getProdStatusByName('PPS');
$hackprodStatuses = array();
foreach ($prodStatuses as $ps) {
if ($ps != $SCInfrastructure and $ps != $PPSInfrastructure) {
$hackprodStatuses[] = $ps;
}
}
$prodStatuses = $hackprodStatuses;
//delete up to here once pps and sc infrastructures have been removed from database
$certStatuses = $siteService->getCertStatuses();
$scopes = \Factory::getScopeService()->getDefaultScopesSelectedArray();
$numberOfScopesRequired = \Factory::getConfigService()->getMinimumScopesRequired('site');
//$dDashNgis = \Factory::getUserService()->getDDashNgis($user);
$params = array('ngis' => $userNGIs, 'countries' => $countries, 'timezones' => $timezones, 'prodStatuses' => $prodStatuses, 'certStatuses' => $certStatuses, 'scopes' => $scopes, 'numberOfScopesRequired' => $numberOfScopesRequired);
//Check that there is at least one NGI available before allowing an add site.
if ($params['ngis'] == null) {
show_view('error.php', "GocDB requires one or more NGI's to be able to add a site.");
}
show_view("site/add_site.php", $params);
die;
}
/**
* Processes an edit site property request from a web request
* @param \User $user current user
* return null
*/
function submit(\User $user = null)
{
try {
$newValues = getSpDataFromWeb();
$siteID = $newValues['SITEPROPERTIES']['SITE'];
$propID = $newValues['SITEPROPERTIES']['PROP'];
if ($newValues['SITEPROPERTIES']['NAME'] == null || $newValues['SITEPROPERTIES']['VALUE'] == null) {
show_view('error.php', "A property name and value must be provided.");
die;
}
$property = \Factory::getSiteService()->getProperty($propID);
$site = \Factory::getSiteService()->getSite($siteID);
$site = \Factory::getSiteService()->editSiteProperty($site, $user, $property, $newValues);
$params['siteid'] = $siteID;
show_view('site/site_property_updated.php', $params);
} catch (Exception $e) {
show_view('error.php', $e->getMessage());
die;
}
}
function showAllSites()
{
require_once __DIR__ . '/../../../../lib/Gocdb_Services/Factory.php';
$exServ = \Factory::getExtensionsService();
// Do we really need to validate the URL parameter values, as the query
// to the DB always uses bind variables to protect against injection?
require_once __DIR__ . '/../../../../lib/Gocdb_Services/Validate.php';
$validatorService = new \org\gocdb\services\Validate();
$ngi = '%%';
if (!empty($_GET['NGI'])) {
$ngi = $_GET['NGI'];
if (!$validatorService->validate('ngi', 'NAME', $ngi)) {
throw new Exception("Invalid NGI parameter value");
}
}
$prodStatus = '%%';
if (!empty($_GET['prodStatus'])) {
$prodStatus = $_GET['prodStatus'];
}
//must be done before the if certstatus in the block that sets $certStatus
$showClosed = false;
if (isset($_GET['showClosed'])) {
$showClosed = true;
}
$certStatus = '%%';
if (!empty($_GET['certStatus'])) {
$certStatus = $_GET['certStatus'];
//set show closed as true if production status selected is 'closed' - otherwise
// there will be no results
if ($certStatus == 'Closed') {
$showClosed = true;
}
}
// Site extension property key name
$siteKeyNames = "";
if (isset($_GET['siteKeyNames'])) {
$siteKeyNames = $_GET['siteKeyNames'];
}
// Site extension property key value
$siteKeyValues = "";
if (isset($_GET['selectedSiteKeyValue'])) {
$siteKeyValues = $_GET['selectedSiteKeyValue'];
}
$scope = '%%';
if (!empty($_GET['scope'])) {
$scope = $_GET['scope'];
}
$serv = \Factory::getSiteService();
$params['scopes'] = \Factory::getScopeService()->getScopes();
$params['sites'] = $serv->getSitesBy($ngi, $prodStatus, $certStatus, $scope, $showClosed, null, $siteKeyNames, $siteKeyValues);
$params['NGIs'] = $serv->getNGIs();
$params['prodStatuses'] = $serv->getProdStatuses();
//Remove SC and PPS infrastructures from drop down list. TODO: Delete this block once they no longer exist
$SCInfrastructure = $serv->getProdStatusByName('SC');
$PPSInfrastructure = $serv->getProdStatusByName('PPS');
$productionStatuses = array();
foreach ($params['prodStatuses'] as $ps) {
if ($ps != $SCInfrastructure and $ps != $PPSInfrastructure) {
$productionStatuses[] = $ps;
}
}
$params['prodStatuses'] = $productionStatuses;
//delete up to here once pps and sc infrastructures have been removed from database
/* Doctrine will provide keynames that are the same even when selecting distinct becase the object
* is distinct even though the name is not unique. To avoid showing the same name repeatdly in the filter
* we will load all the keynames into an array before making it unique
*/
$keynames = array();
foreach ($exServ->getSiteExtensionsKeyNames() as $extension) {
$keynames[] = $extension->getKeyName();
}
$keynames = array_unique($keynames);
$params['selectedNgi'] = $ngi;
$params['certStatuses'] = $serv->getCertStatuses();
$params['selectedProdStatus'] = $prodStatus;
$params['selectedCertStatus'] = $certStatus;
$params['selectedScope'] = $scope;
$params['showClosed'] = $showClosed;
$params['siteKeyNames'] = $keynames;
$params['selectedSiteKeyNames'] = $siteKeyNames;
$params['selectedSiteKeyValue'] = $siteKeyValues;
show_view("site/view_all.php", $params, "Sites");
}
function drawSEs()
{
define("RECORDS_PER_PAGE", 30);
require_once __DIR__ . '/../../../../lib/Gocdb_Services/Factory.php';
$seServ = \Factory::getServiceService();
$exServ = \Factory::getExtensionsService();
$startRecord = 1;
if (isset($_REQUEST['record'])) {
$startRecord = $_REQUEST['record'];
}
// Validation, ensure start record >= 1
if ($startRecord < 1) {
$startRecord = 1;
}
$searchTerm = "";
if (!empty($_REQUEST['searchTerm'])) {
$searchTerm = $_REQUEST['searchTerm'];
}
//strip leading and trailing whitespace off search term
$searchTerm = strip_tags(trim($searchTerm));
if (1 === preg_match("/[';\"]/", $searchTerm)) {
throw new Exception("Invalid char in search term");
}
$serviceType = "";
if (isset($_REQUEST['serviceType'])) {
$serviceType = $_REQUEST['serviceType'];
}
$production = "";
if (isset($_REQUEST['production'])) {
$production = $_REQUEST['production'];
}
$monitored = "";
if (isset($_REQUEST['monitored'])) {
$monitored = $_REQUEST['monitored'];
}
$scope = "";
if (isset($_REQUEST['scope'])) {
$scope = $_REQUEST['scope'];
}
$ngi = "";
if (isset($_REQUEST['ngi'])) {
$ngi = $_REQUEST['ngi'];
}
//must be done before the if certstatus in the block that sets $certStatus
$showClosed = false;
if (isset($_REQUEST['showClosed'])) {
$showClosed = true;
}
$servKeyNames = "";
if (isset($_REQUEST['servKeyNames'])) {
$servKeyNames = $_REQUEST['servKeyNames'];
}
$servKeyValues = "";
if (isset($_REQUEST['selectedServKeyValue'])) {
$servKeyValues = $_REQUEST['selectedServKeyValue'];
}
$certStatus = "";
if (!empty($_REQUEST['certificationStatus'])) {
$certStatus = $_REQUEST['certificationStatus'];
//set show closed as true if production status selected is 'closed' - otherwise
// there will be no results
if ($certStatus == 'Closed') {
$showClosed = true;
}
}
$thisPage = 'index.php?Page_Type=Services';
if ($serviceType != "") {
$thisPage .= '&serviceType=' . $serviceType;
}
if ($searchTerm != "") {
$thisPage .= '&searchTerm=' . $searchTerm;
}
if ($production != "") {
$thisPage .= '&production=' . $production;
}
if ($monitored != "") {
$thisPage .= '&monitored=' . $monitored;
}
if ($scope != "") {
$thisPage .= '&scope=' . $scope;
}
if ($ngi != "") {
$thisPage .= '&ngi=' . $ngi;
}
if ($certStatus != "") {
$thisPage .= '&certStatus=' . $certStatus;
}
if ($showClosed != "") {
$thisPage .= '&showClosed=' . $showClosed;
}
if ($servKeyNames != "") {
$thisPage .= '&servKeyNames=' . $servKeyNames;
}
if ($servKeyValues != "") {
$thisPage .= '&servKeyValues=' . $servKeyValues;
}
if ($searchTerm != null || $searchTerm != "") {
if (substr($searchTerm, 0, 1) != '%') {
$searchTerm = '%' . $searchTerm;
}
if (substr($searchTerm, -1) != '%') {
$searchTerm = $searchTerm . '%';
}
}
$numResults = $seServ->getSesCount($searchTerm, $serviceType, $production, $monitored, $scope, $ngi, $certStatus, $showClosed, $servKeyNames, $servKeyValues, null, null, false);
$firstLink = $thisPage . "&record=1";
// Set the "previous" link
if ($startRecord > RECORDS_PER_PAGE) {
// Not showing the first page of results so enable the previous link
$previousLink = $thisPage . "&record=" . ($startRecord - RECORDS_PER_PAGE);
} else {
// First page of results, disable previous button
$previousLink = $thisPage . "&record=" . 0;
}
// Set the "Next" link
// not the last page of results, normal next link
if ($numResults - $startRecord > RECORDS_PER_PAGE) {
$nextLink = $thisPage . "&record=" . ($startRecord + RECORDS_PER_PAGE);
} else {
// last page of results, disable next link
$nextLink = $thisPage . '&record=' . ($numResults - RECORDS_PER_PAGE + 1);
}
$lastLink = $thisPage . "&record=" . ($numResults + 1 - RECORDS_PER_PAGE);
// $startRecord + RECORDS_PER_PAGE "-1" because record 1 in the web portal == record 0 from DB
$ses = $seServ->getSes($searchTerm, $serviceType, $production, $monitored, $scope, $ngi, $certStatus, $showClosed, $servKeyNames, $servKeyValues, $startRecord - 1, RECORDS_PER_PAGE, false);
$endRecord = $startRecord + RECORDS_PER_PAGE - 1;
/* Due to differences in counting, startRecord is still set to 1
* even if there are zero results. If this is the case it's
* zero here to display accurately in the portal. */
if (count($ses) == 0) {
$startRecord = 0;
}
/* Doctrine will provide keynames that are the same even when selecting distinct becase the object
* is distinct even though the name is not unique. To avoid showing the same name repeatdly in the filter
* we will load all the keynames into an array before making it unique
*/
$keynames = array();
foreach ($exServ->getServiceExtensionsKeyNames() as $extension) {
$keynames[] = $extension->getKeyName();
}
$keynames = array_unique($keynames);
$serv = \Factory::getSiteService();
$params['scopes'] = \Factory::getScopeService()->getScopes();
$params['serviceTypes'] = $seServ->getServiceTypes();
$params['servKeyNames'] = $keynames;
$params['selectedServiceType'] = $serviceType;
$params['searchTerm'] = $searchTerm;
$params['services'] = $ses;
$params['totalServices'] = $numResults;
$params['startRecord'] = $startRecord;
$params['endRecord'] = $endRecord;
$params['firstLink'] = $firstLink;
$params['previousLink'] = $previousLink;
$params['nextLink'] = $nextLink;
$params['lastLink'] = $lastLink;
$params['ngis'] = \Factory::getNgiService()->getNGIs();
$params['certStatuses'] = $serv->getCertStatuses();
$params['showClosed'] = $showClosed;
$params['selectedProduction'] = $production;
$params['selectedMonitored'] = $monitored;
$params['selectedScope'] = $scope;
$params['selectedNgi'] = $ngi;
$params['selectedClosed'] = $showClosed;
$params['selectedCertStatus'] = $certStatus;
$params['selectedServKeyNames'] = $servKeyNames;
$params['selectedServKeyValue'] = $servKeyValues;
show_view("service/view_all.php", $params, "Services");
}
/**
* Processes an edit site request from a web request
* @param \User $user current user
* return null
*/
function submit(\User $user = null)
{
try {
$newValues = getSiteDataFromWeb();
$siteId = \Factory::getSiteService()->getSite($newValues['ID']);
$site = \Factory::getSiteService()->editSite($siteId, $newValues, $user);
$params = array('site' => $site);
show_view('site/site_updated.php', $params);
} catch (Exception $e) {
show_view('error.php', $e->getMessage());
die;
}
}
function view_requests()
{
require_once __DIR__ . '/../../../../lib/Gocdb_Services/Factory.php';
require_once __DIR__ . '/../../components/Get_User_Principle.php';
require_once __DIR__ . '/../utils.php';
$dn = Get_User_Principle();
$user = \Factory::getUserService()->getUserByPrinciple($dn);
if ($user == null) {
throw new Exception("Unregistered users can't view/request roles");
}
// Entites is a two-dimensional array that lists both the id and name of
// OwnedEntities that a user can reqeust a role over (Projects, NGIs, Sites,
// ServiceGroups). If an inner dimesional array does not contain an Object_ID
// array key, then it is used as a section title in a pull-down list.
$entities = array();
$entities[] = array('Name' => 'Projects');
$allProjects = \Factory::getProjectService()->getProjects();
foreach ($allProjects as $proj) {
$entities[] = array('Object_ID' => $proj->getId(), 'Name' => $proj->getName());
}
$entities[] = array('Name' => 'NGIs');
$allNGIs = \Factory::getNgiService()->getNGIs();
foreach ($allNGIs as $ngi) {
$entities[] = array('Object_ID' => $ngi->getId(), 'Name' => $ngi->getName());
}
$entities[] = array('Name' => 'Sites');
$allSites = \Factory::getSiteService()->getSitesBy();
foreach ($allSites as $site) {
$entities[] = array('Object_ID' => $site->getId(), 'Name' => $site->getShortName());
}
$entities[] = array('Name' => 'ServiceGroups');
$allSGs = \Factory::getServiceGroupService()->getServiceGroups();
foreach ($allSGs as $sg) {
$entities[] = array('Object_ID' => $sg->getId(), 'Name' => $sg->getName());
}
// Current user's own pending roles
$myPendingRoleRequests = \Factory::getRoleService()->getUserRoles($user, \RoleStatus::PENDING);
// foreach role, lookup corresponding RoleActionRecord (if any) and populate
// the role.decoratorObject with the roleActionRecord for subsequent display
// foreach($myPendingRoleRequests as $role){
// $rar = \Factory::getRoleService()->getRoleActionRecordByRoleId($role->getId());
// $role->setDecoratorObject($rar);
// }
// Other roles current user can approve
$otherRolesUserCanApprove = \Factory::getRoleService()->getPendingRolesUserCanApprove($user);
// can the calling user grant or reject each role?
foreach ($otherRolesUserCanApprove as $r) {
$grantRejectRoleNamesArray = array();
$grantRejectRoleNamesArray['grant'] = '';
$grantRejectRoleNamesArray['deny'] = '';
// get list of roles that allows user to to grant the role request
$grantRoleAuthorisingRoleNames = \Factory::getRoleService()->authorizeAction(\Action::GRANT_ROLE, $r->getOwnedEntity(), $user);
if (count($grantRoleAuthorisingRoleNames) >= 1) {
$allAuthorisingRoleNames = '';
foreach ($grantRoleAuthorisingRoleNames as $arName) {
$allAuthorisingRoleNames .= $arName . ', ';
}
$allAuthorisingRoleNames = substr($allAuthorisingRoleNames, 0, strlen($allAuthorisingRoleNames) - 2);
$grantRejectRoleNamesArray['grant'] = '[' . $allAuthorisingRoleNames . ']';
}
// get list of roles that allows user to reject the role request
$denyRoleAuthorisingRoleNames = \Factory::getRoleService()->authorizeAction(\Action::REJECT_ROLE, $r->getOwnedEntity(), $user);
if (count($denyRoleAuthorisingRoleNames) >= 1) {
$allAuthorisingRoleNames = '';
foreach ($denyRoleAuthorisingRoleNames as $arName) {
$allAuthorisingRoleNames .= $arName . ', ';
}
$allAuthorisingRoleNames = substr($allAuthorisingRoleNames, 0, strlen($allAuthorisingRoleNames) - 2);
$grantRejectRoleNamesArray['deny'] = '[' . $allAuthorisingRoleNames . ']';
}
// store array of role names in decorator object
$r->setDecoratorObject($grantRejectRoleNamesArray);
}
$params = array();
$params['entities'] = $entities;
$params['myRequests'] = $myPendingRoleRequests;
$params['allRequests'] = $otherRolesUserCanApprove;
$params['portalIsReadOnly'] = portalIsReadOnlyAndUserIsNotAdmin($user);
show_view("political_role/view_requests.php", $params, "Role Requests");
die;
}
/**
* This class will take an entity of either site, service group, NGI or Project.
* It will then get the roles from the entity
* and then get the users for each of those roles. Then using the authorizeAction function for the correct entity type it will
* ascertain if a given user has the permission to grant a role. If they do there email address is added to an array. This array
* of email addresses will then be sent a notification that they have a pending role request they can approve.
*
* If a site or NGI has no users with roles attached to it due to being newly created then this method will get the parent NGI and
* send an email to those users to approve. It does this by passing the parent entity back into this method recursively.
*
*
* @param Site/ServiceGroup/NGI/Project $entity
*/
public function roleRequest($entity)
{
$project = null;
$emails = null;
$projectIds = null;
// Get the roles from the entity
foreach ($entity->getRoles() as $role) {
$roles[] = $role;
}
// Now for each role get the user
foreach ($roles as $role) {
// Call the correct authorize action service for the type of entity
if ($entity instanceof \Site) {
$enablingRoles = \Factory::getSiteService()->authorizeAction(\Action::GRANT_ROLE, $entity, $role->getUser());
// If the site has no site adminstrators to approve the role request then send an email to the parent NGI users to approve the request
if ($roles == null) {
$this->roleRequest($entity->getNgi());
// Recursivly call this function to send email to the NGI users
}
} else {
if ($entity instanceof \ServiceGroup) {
$enablingRoles = \Factory::getServiceGroupService()->authorizeAction(\Action::GRANT_ROLE, $entity, $role->getUser());
} else {
if ($entity instanceof \Project) {
$enablingRoles = \Factory::getProjectService()->authorizeAction(\Action::GRANT_ROLE, $entity, $role->getUser());
} else {
if ($entity instanceof \NGI) {
$enablingRoles = \Factory::getNgiService()->authorizeAction(\Action::GRANT_ROLE, $entity, $role->getUser());
$projects = $entity->getProjects();
// set project with the NGI's parent project and later recurse with this
// Only send emails to Project users if there are no users with grant_roles over the NGI
if ($roles == null) {
// Get the ID's of each project so we can remove duplicates
foreach ($projects as $project) {
$projectIds[] = $project->getId();
}
$projectIds = array_unique($projectIds);
}
}
}
}
}
// remove admin from enabling roles
$position = array_search('GOCDB_ADMIN', $enablingRoles);
if ($position != null) {
unset($enablingRoles[$position]);
}
// Get the users email and add it to the array if they have an enabling role
if (count($enablingRoles) > 0) {
$emails[] = $role->getUser()->getEmail();
}
}
/*
* No users are able to grant the role or there are no users over this entity. In this case we will email the parent entity for approval
*/
if ($emails == null || count($emails) == 0) {
if ($entity instanceof \Site) {
$this->roleRequest($entity->getNgi());
// Recursivly call this function to send email to the NGI users
} else {
if ($entity instanceof \NGI) {
/*
* It is important to remove duplicate projects here otherwise we will spam the same addresses as we recursively call this method.
*/
$projects = $entity->getProjects();
// set project with the NGI's parent project and later recurse with this
$projectIds = array();
// Get the ID's of each project so we can remove duplicates
foreach ($projects as $project) {
$projectIds[] = $project->getId();
}
$projectIds = array_unique($projectIds);
}
}
} else {
// If the entity has valid users who can approve the role then send the email notification.
// Remove duplicate emails from array
$emails = array_unique($emails);
// Get the PortalURL to create an accurate link to the role approval view
$localInfoLocation = __DIR__ . "/../../config/local_info.xml";
$localInfoXML = simplexml_load_file($localInfoLocation);
$webPortalURL = $localInfoXML->local_info->web_portal_url;
// Email content
$headers = "From: no-reply@goc.egi.eu";
$subject = "GocDB: A Role request requires attention";
$body = "Dear GOCDB User,\n\n" . "A user has requested a role that requires attention.\n\n" . "You can approve or deny this request here:\n\n" . $webPortalURL . "/index.php?Page_Type=Role_Requests\n\n" . "Note: This role may already have been approved or denied by another GocDB User";
$sendMail = TRUE;
// Send email to all users who can approve this role request
if ($emails != null) {
foreach ($emails as $email) {
if ($sendMail) {
mail($email, $subject, $body, $headers);
} else {
echo "Email: " . $email . "<br>";
echo "Subject: " . $subject . "<br>";
echo "Body: " . $body . "<br>";
}
}
}
}
/**
* For each project ID get the entity and run this function again for each entity so
* that for each NGI the email notification is sent to all users who hold roles over the parent
* NGI(s).
*/
if ($projectIds != null) {
foreach ($projectIds as $pid) {
$project = \Factory::getOwnedEntityService()->getOwnedEntityById($pid);
if (sendMail) {
$this->roleRequest($project);
} else {
echo $project->getName() . "<br>";
}
}
}
}
/**
* Draw the add service form
* @param \User $user current user
* @return null
*/
function draw($user)
{
if (is_null($user)) {
throw new Exception("Unregistered users can't add a service .");
}
/* Optional site parameter is set if a user clicked
* "add SE to this site" on the view site page */
$site = null;
if (isset($_REQUEST['siteId'])) {
$site = \Factory::getSiteService()->getSite($_REQUEST['siteId']);
if ($site == null) {
throw new Exception('Invalid site');
}
if (count(\Factory::getSiteService()->authorizeAction(\Action::SITE_ADD_SERVICE, $site, $user)) == 0) {
throw new Exception('You do not have permission to add a service to this site');
}
}
// Add sites which user has required action permission to array.
$allUserSites = \Factory::getUserService()->getSitesFromRoles($user);
$sites = array();
foreach ($allUserSites as $s) {
if (count(\Factory::getSiteService()->authorizeAction(\Action::SITE_ADD_SERVICE, $s, $user)) != 0) {
$sites[] = $s;
}
}
//For admin users, return all sites instead.
if ($user->isAdmin()) {
$sites = \Factory::getSiteService()->getSitesBy();
}
if (count($sites) == 0 and !$user->isAdmin()) {
throw new Exception("You need at least one NGI or Site level role to add a new service.");
}
$serviceTypes = \Factory::getServiceService()->getServiceTypes();
//If a site has been specified get scopes wit that sites scopes selected, otherwise get the default
if (!is_null($serviceTypes) && $site instanceof \Site) {
$scopes = \Factory::getScopeService()->getScopesSelectedArray($site->getScopes());
} else {
$scopes = \Factory::getScopeService()->getDefaultScopesSelectedArray();
}
//get the number of scopes that we require
$numberScopesRequired = \Factory::getConfigService()->getMinimumScopesRequired('service');
// remove the deprecated CE type (temp hack)
foreach ($serviceTypes as $key => $st) {
if ($st->getName() == "CE") {
unset($serviceTypes[$key]);
}
}
$params = array('sites' => $sites, 'serviceTypes' => $serviceTypes, 'scopes' => $scopes, 'site' => $site, 'numberOfScopesRequired' => $numberScopesRequired);
//Check that there is at least one Site available before allowing a user to add a service.
if ($params['sites'] == null) {
show_view('error.php', "GocDB requires one or more Sites to be able to add a service.");
}
show_view("service/add_service.php", $params);
}
/**
* Draws a form to add a new downtime
* @param \User $user current user
* @return null
*/
function draw(\User $user = null)
{
if (is_null($user)) {
throw new Exception("Unregistered users can't add a downtime.");
}
$nowUtcDateTime = new \DateTime(null, new \DateTimeZone("UTC"));
//$twoDaysAgoUtcDateTime = $nowUtcDateTime->sub(\DateInterval::createFromDateString('2 days'));
//$twoDaysAgoUtc = $twoDaysAgoUtcDateTime->format('d/m/Y H:i'); //e.g. 02/10/2013 13:20
// URL mapping
// Return the specified site's timezone label and the offset from now in UTC
// Used in ajax requests for display purposes
if (isset($_GET['siteid_timezone']) && is_numeric($_GET['siteid_timezone'])) {
$site = \Factory::getSiteService()->getSite($_GET['siteid_timezone']);
if ($site != null) {
$siteTzId = $site->getTimeZoneId();
if (!empty($siteTzId)) {
$nowInTargetTz = new \DateTime(null, new \DateTimeZone($siteTzId));
$offsetInSecsFromUtc = $nowInTargetTz->getOffset();
} else {
$siteTzId = 'UTC';
$offsetInSecsFromUtc = 0;
// assume 0 (no offset from UTC)
}
$timezoneId_Offset = array($siteTzId, $offsetInSecsFromUtc);
die(json_encode($timezoneId_Offset));
}
die(json_encode(array('UTC', 0)));
} else {
if (isset($_GET['site'])) {
$site = \Factory::getSiteService()->getSite($_GET['site']);
//old way: \Factory::getSiteService()->edit Authorization($site, $user);
if (count(\Factory::getSiteService()->authorizeAction(\Action::EDIT_OBJECT, $site, $user)) == 0) {
throw new \Exception("You don't have permission over {$site}");
}
$ses = $site->getServices();
$params = array('ses' => $ses, 'nowUtc' => $nowUtcDateTime->format('H:i T'), 'selectAll' => true);
show_view("downtime/add_downtime.php", $params);
die;
} else {
if (isset($_GET['se'])) {
$se = \Factory::getServiceService()->getService($_GET['se']);
$site = \Factory::getSiteService()->getSite($se->getParentSite()->getId());
if (count(\Factory::getServiceService()->authorizeAction(\Action::EDIT_OBJECT, $se, $user)) == 0) {
throw new \Exception("You do not have permission over {$se}.");
}
//$ses = array($se);
$ses = $site->getServices();
$params = array('ses' => $ses, 'nowUtc' => $nowUtcDateTime->format('H:i T'), 'selectAll' => true);
show_view("downtime/add_downtime.php", $params);
die;
} else {
$ses = array();
if ($user->isAdmin()) {
//If a user is an admin, return all SEs instead
$ses = \Factory::getServiceService()->getAllSesJoinParentSites();
} else {
//$allSites = \Factory::getUserService()->getSitesFromRoles($user);
// Get all ses where the user has a GRANTED role over one of its
// parent OwnedObjects (includes Site and NGI but not currently Project)
$sesAll = \Factory::getRoleService()->getReachableServicesFromOwnedObjectRoles($user);
// drop the ses where the user does not have edit permissions over
foreach ($sesAll as $se) {
if (count(\Factory::getServiceService()->authorizeAction(\Action::EDIT_OBJECT, $se, $user)) > 0) {
$ses[] = $se;
}
}
}
if (empty($ses)) {
throw new Exception("You don't hold a role over a NGI " . "or site with child services.");
}
$params = array('ses' => $ses, 'nowUtc' => $nowUtcDateTime->format('H:i T'));
show_view("downtime/add_downtime.php", $params);
die;
}
}
}
}
/**
* Moves the service to the new site and then display the success view
* @param type $movementDetails array containing the SEP and the site it is to be moved to
* @return null
*/
function submitMoveSEP($movementDetails)
{
//Check that some services have been specified
if (!array_key_exists('Services', $movementDetails)) {
throw new Exception('Please select one or more Services to move.');
}
//Get submitted data
$newSite_id = $movementDetails['NewSite'];
$service_ids = $movementDetails['Services'];
//Convert Site id into Site object
$newSite = \Factory::getSiteService()->getSite($newSite_id);
//Get the users details
$dn = Get_User_Principle();
$user = \Factory::getUserService()->getUserByPrinciple($dn);
$serv = \Factory::getServiceService();
//create an array for the SEPs we can use to display the results
// of the site move to the user
$services = new ArrayCollection();
//If services have been subitted, move them. Else throw exception
//
try {
foreach ($service_ids as $service_id) {
$serviceInstance = $serv->getService($service_id);
$serv->moveService($serviceInstance, $newSite, $user);
$services[] = $serviceInstance;
}
} catch (\Exception $e) {
show_view('error.php', $e->getMessage());
die;
}
//show success view
$params['NewSite'] = $newSite;
$params['Services'] = $services;
show_view("admin/moved_service_end_point.php", $params);
}
