error_log("Couldn't find project by ID in do-handle-project-request: {$project_id}");
// $_SESSION['lasterror'] = "Project $project_id unknown";
relative_redirect("home.php");
}
$project_name = $project_details[PA_PROJECT_TABLE_FIELDNAME::PROJECT_NAME];
if (!$user->isAllowed(PA_ACTION::ADD_PROJECT_MEMBER, CS_CONTEXT_TYPE::PROJECT, $project_id)) {
error_log("User " . $user->prettyName() . " not allowed to handle project requests on this project " . $project_name);
relative_redirect("home.php");
}
$lead_id = $project_details[PA_PROJECT_TABLE_FIELDNAME::LEAD_ID];
$lead_name = lookup_member_names($ma_url, $user, array($lead_id));
$lead_name = $lead_name[$lead_id];
$num_members_added = 0;
$num_members_rejected = 0;
// If the member for this request is already a member of the given project, then cancel this request
$members = get_project_members($sa_url, $user, $project_id);
foreach ($selections as $select_id => $attribs) {
if ($select_id == 'yesmessage' or $select_id == 'nomessage') {
continue;
}
$attribs_parts = explode(',', $attribs);
if (count($attribs_parts) < 4) {
error_log("Malformed selection row in do-handle-project-request: {$select_id}={$attribs}");
continue;
}
$role = $attribs_parts[0];
$member_id = $attribs_parts[1];
$request_id = $attribs_parts[2];
$email_address = $attribs_parts[3];
// Validate that the member_id is reasonable
$inP = False;
print "<h2>Error handling project request</h2>\n";
print "Request " . $request[RQ_REQUEST_TABLE_FIELDNAME::ID] . " not a project join request, but " . $request[RQ_REQUEST_TABLE_FIELDNAME::CONTEXT_TYPE] . "<br/>\n";
// FIXME: Print other request details
print "<input type=\"button\" value=\"Cancel\" onclick=\"history.back(-1)\"/>\n";
include "footer.php";
exit;
}
continue;
}
// This shouldn't happen because of above checks...
if (isset($project_id) && $request[RQ_REQUEST_TABLE_FIELDNAME::CONTEXT_ID] != $project_id) {
error_log("handle-p-req: Request " . $request[RQ_REQUEST_TABLE_FIELDNAME::ID] . " project != given project: " . $request[RQ_REQUEST_TABLE_FIELDNAME::CONTEXT_ID] . " != " . $project_id);
continue;
}
// If the member for this request is already a member of the given project, then cancel this request
$members = get_project_members($sa_url, $user, $request[RQ_REQUEST_TABLE_FIELDNAME::CONTEXT_ID]);
$user_is_project_member = false;
foreach ($members as $m) {
if ($request[RQ_REQUEST_TABLE_FIELDNAME::REQUESTOR] == $m[MA_MEMBER_TABLE_FIELDNAME::MEMBER_ID]) {
$user_is_project_member = true;
break;
}
}
if ($user_is_project_member) {
error_log("handle-p-req canceling open request for member to join a project they are already in. Request " . $request[RQ_REQUEST_TABLE_FIELDNAME::ID] . " for member " . $request[RQ_REQUEST_TABLE_FIELDNAME::REQUESTOR] . " to join project " . $request[RQ_REQUEST_TABLE_FIELDNAME::CONTEXT_ID]);
resolve_pending_request($sa_url, $user, CS_CONTEXT_TYPE::PROJECT, $request[RQ_REQUEST_TABLE_FIELDNAME::ID], RQ_REQUEST_STATUS::CANCELLED, "User already in this project");
continue;
}
// If we already have in newrs a request by the same member to join the same project, then cancel this request
$dupid = NULL;
foreach ($newrs as $newr) {
$expiration = "<i>None</i>";
}
$leadid = $project[PA_PROJECT_TABLE_FIELDNAME::LEAD_ID];
if (uuid_is_valid($leadid)) {
$lead = $user->fetchMember($leadid);
$leademail = $lead->email();
$leadname = $lead->prettyName();
} else {
error_log("project.php: Invalid project lead id from DB for project {$project_name}");
}
} else {
$_SESSION['lasterror'] = "No project specified for project page";
relative_redirect('dashboard.php#projects');
}
// Fill in members of project member table
$members = get_project_members($sa_url, $user, $project_id, null, $project_urn);
/*------------------------------------------------------------
* Does this user have privileges on this project?
*
* If not, redirect to home page.
*------------------------------------------------------------
*/
$user_is_project_member = false;
foreach ($members as $m) {
if ($user->account_id == $m[MA_MEMBER_TABLE_FIELDNAME::MEMBER_ID]) {
$user_is_project_member = true;
break;
}
}
if (!$user_is_project_member) {
$_SESSION['lasterror'] = 'User has no privileges to view project ' . $project_name;
function irods_create_group($project_id, $project_name, $user)
{
// Note this function must bail if project_id is not a project but an error of some kind
error_log("iRODS: creating group for project {$project_name} with id {$project_id}");
if (!isset($project_id) || $project_id == "-1" || !uuid_is_valid($project_id)) {
error_log("irods_create_group: not a valid project ID. Nothing to do. {$project_id}");
return -1;
}
if (!isset($project_name) || is_null($project_name) || $project_name === '') {
error_log("irods_create_group: not a valid project name. Nothing to do. {$project_id}, {$project_name}");
return -1;
}
global $disable_irods;
if (isset($disable_irods)) {
error_log("irodsCreateGroup: disable_irods was set. Doing nothing.");
return -1;
}
// If pa_project_attribute has the irods_group_name attribute, then return 1
if (!isset($sa_url)) {
$sa_url = get_first_service_of_type(SR_SERVICE_TYPE::SLICE_AUTHORITY);
if (!isset($sa_url) || is_null($sa_url) || $sa_url == '') {
error_log("iRODS Found no SA in SR!'");
}
}
$project_attributes = lookup_project_attributes($sa_url, $user, $project_id);
$group_name = null;
$att_group_name = null;
foreach ($project_attributes as $attribute) {
if ($attribute[PA_ATTRIBUTE::NAME] == PA_ATTRIBUTE_NAME::IRODS_GROUP_NAME) {
$group_name = $attribute[PA_ATTRIBUTE::VALUE];
$att_group_name = $group_name;
break;
}
}
if (!is_null($group_name)) {
error_log("irodsCreateGroup: local attribute says group {$group_name} already exists for project {$project_id}");
return 1;
// group already existed
}
global $irods_url;
global $default_zone;
global $irods_cert;
global $portal_irods_user;
global $portal_irods_pw;
// must get project name and then groupname
$group_name = group_name($project_name);
$irods_info = array();
$irods_info[IRODS_GROUP_NEW] = $group_name;
$irods_info[IRODS_ZONE] = $default_zone;
// Note: in PHP 5.4, use JSON_UNESCAPED_SLASHES.
// we have PHP 5.3, so we have to remove those manually.
$irods_json = json_encode($irods_info);
$irods_json = str_replace('\\/', '/', $irods_json);
// error_log("Trying to add group to iRODS with values: " . $irods_json);
///* Sign the data with the portal certificate (Is that correct?) */
//$irods_signed = smime_sign_message($irods_json, $portal_cert, $portal_key);
///* Encrypt the signed data for the iRODS SSL certificate */
//$irods_blob = smime_encrypt($irods_signed, $irods_cert);
$created = -1;
// Was the group created? -1=error, 0=success, 1=group was already there
try {
$addstruct = doRESTCall($irods_url . IRODS_PUT_GROUP_URI . IRODS_SEND_JSON, $portal_irods_user, $portal_irods_pw, "PUT", $irods_json, "application/json", $irods_cert);
// look for (\r or \n or \r\n){2} and move past that
preg_match("/(\r|\n|\r\n){2}([^\r\n].+)\$/", $addstruct, $m);
if (!array_key_exists(2, $m)) {
error_log("irods createGroup: Malformed PUT result to iRODS - error? Got: " . $addstruct);
throw new Exception("Failed to add iRODS group - server error: " . $addstruct);
}
// error_log("PUT result content: " . $m[2]);
$addjson = json_decode($m[2], true);
// error_log("add group result: " . print_r($addjson, true));
if (is_array($addjson)) {
$status = null;
$msg = null;
$groupCmdStatus = null;
if (array_key_exists("status", $addjson)) {
$status = $addjson["status"];
// Return 0 if added the group, 1 if group existed, -1 on error
if ($status == IRODS_STATUS_ERROR) {
$created = -1;
} elseif ($status == IRODS_STATUS_SUCCESS) {
$created = 0;
}
}
if (array_key_exists("message", $addjson)) {
$msg = $addjson["message"];
}
if (array_key_exists(IRODS_USER_GROUP_COMMAND_STATUS, $addjson)) {
$groupCmdStatus = $addjson[IRODS_USER_GROUP_COMMAND_STATUS];
if ($groupCmdStatus == IRODS_STATUS_DUPLICATE_GROUP) {
$created = 1;
error_log("iRODS group {$group_name} already existed");
} elseif ($groupCmdStatus != IRODS_STATUS_SUCCESS) {
error_log("iRODS failed to create group {$group_name}: {$groupCmdStatus}: '{$msg}'");
}
} elseif ($created !== 0) {
error_log("iRODS failed to create group {$group_name}: '{$msg}'");
}
} else {
error_log("iRODS: malformed return from createGroup: " . print_r($addjson, true));
$created = -1;
}
} catch (Exception $e) {
error_log("Error doing iRODS put to add group: " . $e->getMessage());
$created = -1;
}
if ($created === 1) {
if (!isset($att_group_name)) {
// irods says the group exists, but our local attribute does not. Set it.
if ($user->isAllowed(PA_ACTION::ADD_PROJECT_ATTRIBUTE, CS_CONTEXT_TYPE::PROJECT, $project_id)) {
add_project_attribute($sa_url, $user, $project_id, PA_ATTRIBUTE_NAME::IRODS_GROUP_NAME, $group_name);
}
}
}
if ($created === 0) {
// Save in local DB that we created the iRODS group
// Remove first ensures no duplicate rows
if ($user->isAllowed(PA_ACTION::ADD_PROJECT_ATTRIBUTE, CS_CONTEXT_TYPE::PROJECT, $project_id)) {
if (isset($att_group_name)) {
remove_project_attribute($sa_url, $user, $project_id, PA_ATTRIBUTE_NAME::IRODS_GROUP_NAME);
}
add_project_attribute($sa_url, $user, $project_id, PA_ATTRIBUTE_NAME::IRODS_GROUP_NAME, $group_name);
}
// Bootstrapping: for previously existing project, there may be other members of the project to add
// Rely on the fact that we can move on if the user doesn't exist
// Do this block only if we actually created the irods group just now
$members = get_project_members($sa_url, $user, $project_id);
// for each member of the project
foreach ($members as $m) {
$added = addToGroup($project_id, $group_name, $m[MA_MEMBER_TABLE_FIELDNAME::MEMBER_ID], $user);
/* if ($added === -1) { */
/* error_log("Couldn't add member " . $m[MA_MEMBER_TABLE_FIELDNAME::MEMBER_ID] . " to new irods group $group_name: probably they don't have an irods account yet."); */
/* } */
}
}
return $created;
}
