function checkUserHasPriv($priv, $uid, $node, $privs = 0, $cascadePrivs = 0)
{
global $user;
$key = getKey(array($priv, $uid, $node, $privs, $cascadePrivs));
if (array_key_exists($key, $_SESSION['userhaspriv'])) {
return $_SESSION['userhaspriv'][$key];
}
if ($user["id"] != $uid) {
$_user = getUserInfo($uid);
} else {
$_user = $user;
}
$affilUserid = "{$_user['unityid']}@{$_user['affiliation']}";
if (!is_array($privs)) {
$privs = getNodePrivileges($node, 'users');
$privs = getNodePrivileges($node, 'usergroups', $privs);
}
if (!is_array($cascadePrivs)) {
$cascadePrivs = getNodeCascadePrivileges($node, 'users');
$cascadePrivs = getNodeCascadePrivileges($node, 'usergroups', $cascadePrivs);
}
// if user (has $priv at this node) ||
# (has cascaded $priv && ! have block at this node) return 1
if (array_key_exists($affilUserid, $privs["users"]) && in_array($priv, $privs["users"][$affilUserid]) || array_key_exists($affilUserid, $cascadePrivs["users"]) && in_array($priv, $cascadePrivs["users"][$affilUserid]) && (!array_key_exists($affilUserid, $privs["users"]) || !in_array("block", $privs["users"][$affilUserid]))) {
$_SESSION['userhaspriv'][$key] = 1;
return 1;
}
foreach ($_user["groups"] as $groupname) {
// if group (has $priv at this node) ||
# (has cascaded $priv && ! have block at this node) return 1
if (array_key_exists($groupname, $privs["usergroups"]) && in_array($priv, $privs["usergroups"][$groupname]['privs']) || array_key_exists($groupname, $cascadePrivs["usergroups"]) && in_array($priv, $cascadePrivs["usergroups"][$groupname]['privs']) && (!array_key_exists($groupname, $privs["usergroups"]) || !in_array("block", $privs["usergroups"][$groupname]['privs']))) {
$_SESSION['userhaspriv'][$key] = 1;
return 1;
}
}
$_SESSION['userhaspriv'][$key] = 0;
return 0;
}
function addUserResources(&$nodeprivs, $userid)
{
require_once ".ht-inc/privileges.php";
foreach (array_keys($nodeprivs) as $nodeid) {
$privs = getNodePrivileges($nodeid, "resources");
$nodeprivs[$nodeid]["resources"] = $privs["resources"];
$privs = getNodeCascadePrivileges($nodeid, "resources");
$nodeprivs[$nodeid]["cascaderesources"] = $privs["resources"];
}
}
function _XMLRPCchangeResourceGroupPriv_sub($mode, $name, $type, $nodeid, $permissions)
{
require_once ".ht-inc/privileges.php";
global $user;
if (!is_numeric($nodeid)) {
return array('status' => 'error', 'errorcode' => 78, 'errormsg' => 'Invalid nodeid specified');
}
if (!checkUserHasPriv("resourceGrant", $user['id'], $nodeid)) {
return array('status' => 'error', 'errorcode' => 61, 'errormsg' => 'Unable to remove resource group privileges on this node');
}
$resourcetypes = getTypes('resources');
if (!in_array($type, $resourcetypes['resources'])) {
return array('status' => 'error', 'errorcode' => 71, 'errormsg' => 'Invalid resource type');
}
$groupid = getResourceGroupID("{$type}/{$name}");
if (is_null($groupid)) {
return array('status' => 'error', 'errorcode' => 74, 'errormsg' => 'resource group does not exist');
}
$changeperms = explode(':', $permissions);
$allperms = getResourcePrivs();
$diff = array_diff($changeperms, $allperms);
if (count($diff)) {
return array('status' => 'error', 'errorcode' => 66, 'errormsg' => 'Invalid or missing permissions list supplied');
}
$nocheckperms = array('block', 'cascade', 'available');
$checkperms = array_diff($changeperms, $nocheckperms);
$groupdata = getResourceGroups($type, $groupid);
if (count($checkperms) && !array_key_exists($groupdata[$groupid]["ownerid"], $user["groups"])) {
return array('status' => 'error', 'errorcode' => 79, 'errormsg' => 'Unable to modify privilege set for resource group');
}
$key = "{$type}/{$name}/{$groupid}";
$cnp = getNodeCascadePrivileges($nodeid, "resources");
$np = getNodePrivileges($nodeid, 'resources');
if (array_key_exists($key, $cnp['resources']) && (!array_key_exists($key, $np['resources']) || !in_array('block', $np['resources'][$key]))) {
$intersect = array_intersect($cnp['resources'][$key], $changeperms);
if (count($intersect)) {
return array('status' => 'error', 'errorcode' => 80, 'errormsg' => 'Unable to modify privileges cascaded to this node');
}
}
if ($mode == 'remove') {
$diff = array_diff($np['resources'][$key], $changeperms);
if (count($diff) == 1 && in_array("cascade", $diff)) {
$changeperms[] = 'cascade';
}
}
if ($mode == 'add') {
updateResourcePrivs("{$groupid}", $nodeid, $changeperms, array());
} elseif ($mode == 'remove') {
updateResourcePrivs("{$groupid}", $nodeid, array(), $changeperms);
}
return array('status' => 'success');
}
