error_log("Couldn't find project by ID in do-handle-project-request: {$project_id}"); // $_SESSION['lasterror'] = "Project $project_id unknown"; relative_redirect("home.php"); } $project_name = $project_details[PA_PROJECT_TABLE_FIELDNAME::PROJECT_NAME]; if (!$user->isAllowed(PA_ACTION::ADD_PROJECT_MEMBER, CS_CONTEXT_TYPE::PROJECT, $project_id)) { error_log("User " . $user->prettyName() . " not allowed to handle project requests on this project " . $project_name); relative_redirect("home.php"); } $lead_id = $project_details[PA_PROJECT_TABLE_FIELDNAME::LEAD_ID]; $lead_name = lookup_member_names($ma_url, $user, array($lead_id)); $lead_name = $lead_name[$lead_id]; $num_members_added = 0; $num_members_rejected = 0; // If the member for this request is already a member of the given project, then cancel this request $members = get_project_members($sa_url, $user, $project_id); foreach ($selections as $select_id => $attribs) { if ($select_id == 'yesmessage' or $select_id == 'nomessage') { continue; } $attribs_parts = explode(',', $attribs); if (count($attribs_parts) < 4) { error_log("Malformed selection row in do-handle-project-request: {$select_id}={$attribs}"); continue; } $role = $attribs_parts[0]; $member_id = $attribs_parts[1]; $request_id = $attribs_parts[2]; $email_address = $attribs_parts[3]; // Validate that the member_id is reasonable $inP = False;
print "<h2>Error handling project request</h2>\n"; print "Request " . $request[RQ_REQUEST_TABLE_FIELDNAME::ID] . " not a project join request, but " . $request[RQ_REQUEST_TABLE_FIELDNAME::CONTEXT_TYPE] . "<br/>\n"; // FIXME: Print other request details print "<input type=\"button\" value=\"Cancel\" onclick=\"history.back(-1)\"/>\n"; include "footer.php"; exit; } continue; } // This shouldn't happen because of above checks... if (isset($project_id) && $request[RQ_REQUEST_TABLE_FIELDNAME::CONTEXT_ID] != $project_id) { error_log("handle-p-req: Request " . $request[RQ_REQUEST_TABLE_FIELDNAME::ID] . " project != given project: " . $request[RQ_REQUEST_TABLE_FIELDNAME::CONTEXT_ID] . " != " . $project_id); continue; } // If the member for this request is already a member of the given project, then cancel this request $members = get_project_members($sa_url, $user, $request[RQ_REQUEST_TABLE_FIELDNAME::CONTEXT_ID]); $user_is_project_member = false; foreach ($members as $m) { if ($request[RQ_REQUEST_TABLE_FIELDNAME::REQUESTOR] == $m[MA_MEMBER_TABLE_FIELDNAME::MEMBER_ID]) { $user_is_project_member = true; break; } } if ($user_is_project_member) { error_log("handle-p-req canceling open request for member to join a project they are already in. Request " . $request[RQ_REQUEST_TABLE_FIELDNAME::ID] . " for member " . $request[RQ_REQUEST_TABLE_FIELDNAME::REQUESTOR] . " to join project " . $request[RQ_REQUEST_TABLE_FIELDNAME::CONTEXT_ID]); resolve_pending_request($sa_url, $user, CS_CONTEXT_TYPE::PROJECT, $request[RQ_REQUEST_TABLE_FIELDNAME::ID], RQ_REQUEST_STATUS::CANCELLED, "User already in this project"); continue; } // If we already have in newrs a request by the same member to join the same project, then cancel this request $dupid = NULL; foreach ($newrs as $newr) {
$expiration = "<i>None</i>"; } $leadid = $project[PA_PROJECT_TABLE_FIELDNAME::LEAD_ID]; if (uuid_is_valid($leadid)) { $lead = $user->fetchMember($leadid); $leademail = $lead->email(); $leadname = $lead->prettyName(); } else { error_log("project.php: Invalid project lead id from DB for project {$project_name}"); } } else { $_SESSION['lasterror'] = "No project specified for project page"; relative_redirect('dashboard.php#projects'); } // Fill in members of project member table $members = get_project_members($sa_url, $user, $project_id, null, $project_urn); /*------------------------------------------------------------ * Does this user have privileges on this project? * * If not, redirect to home page. *------------------------------------------------------------ */ $user_is_project_member = false; foreach ($members as $m) { if ($user->account_id == $m[MA_MEMBER_TABLE_FIELDNAME::MEMBER_ID]) { $user_is_project_member = true; break; } } if (!$user_is_project_member) { $_SESSION['lasterror'] = 'User has no privileges to view project ' . $project_name;
function irods_create_group($project_id, $project_name, $user) { // Note this function must bail if project_id is not a project but an error of some kind error_log("iRODS: creating group for project {$project_name} with id {$project_id}"); if (!isset($project_id) || $project_id == "-1" || !uuid_is_valid($project_id)) { error_log("irods_create_group: not a valid project ID. Nothing to do. {$project_id}"); return -1; } if (!isset($project_name) || is_null($project_name) || $project_name === '') { error_log("irods_create_group: not a valid project name. Nothing to do. {$project_id}, {$project_name}"); return -1; } global $disable_irods; if (isset($disable_irods)) { error_log("irodsCreateGroup: disable_irods was set. Doing nothing."); return -1; } // If pa_project_attribute has the irods_group_name attribute, then return 1 if (!isset($sa_url)) { $sa_url = get_first_service_of_type(SR_SERVICE_TYPE::SLICE_AUTHORITY); if (!isset($sa_url) || is_null($sa_url) || $sa_url == '') { error_log("iRODS Found no SA in SR!'"); } } $project_attributes = lookup_project_attributes($sa_url, $user, $project_id); $group_name = null; $att_group_name = null; foreach ($project_attributes as $attribute) { if ($attribute[PA_ATTRIBUTE::NAME] == PA_ATTRIBUTE_NAME::IRODS_GROUP_NAME) { $group_name = $attribute[PA_ATTRIBUTE::VALUE]; $att_group_name = $group_name; break; } } if (!is_null($group_name)) { error_log("irodsCreateGroup: local attribute says group {$group_name} already exists for project {$project_id}"); return 1; // group already existed } global $irods_url; global $default_zone; global $irods_cert; global $portal_irods_user; global $portal_irods_pw; // must get project name and then groupname $group_name = group_name($project_name); $irods_info = array(); $irods_info[IRODS_GROUP_NEW] = $group_name; $irods_info[IRODS_ZONE] = $default_zone; // Note: in PHP 5.4, use JSON_UNESCAPED_SLASHES. // we have PHP 5.3, so we have to remove those manually. $irods_json = json_encode($irods_info); $irods_json = str_replace('\\/', '/', $irods_json); // error_log("Trying to add group to iRODS with values: " . $irods_json); ///* Sign the data with the portal certificate (Is that correct?) */ //$irods_signed = smime_sign_message($irods_json, $portal_cert, $portal_key); ///* Encrypt the signed data for the iRODS SSL certificate */ //$irods_blob = smime_encrypt($irods_signed, $irods_cert); $created = -1; // Was the group created? -1=error, 0=success, 1=group was already there try { $addstruct = doRESTCall($irods_url . IRODS_PUT_GROUP_URI . IRODS_SEND_JSON, $portal_irods_user, $portal_irods_pw, "PUT", $irods_json, "application/json", $irods_cert); // look for (\r or \n or \r\n){2} and move past that preg_match("/(\r|\n|\r\n){2}([^\r\n].+)\$/", $addstruct, $m); if (!array_key_exists(2, $m)) { error_log("irods createGroup: Malformed PUT result to iRODS - error? Got: " . $addstruct); throw new Exception("Failed to add iRODS group - server error: " . $addstruct); } // error_log("PUT result content: " . $m[2]); $addjson = json_decode($m[2], true); // error_log("add group result: " . print_r($addjson, true)); if (is_array($addjson)) { $status = null; $msg = null; $groupCmdStatus = null; if (array_key_exists("status", $addjson)) { $status = $addjson["status"]; // Return 0 if added the group, 1 if group existed, -1 on error if ($status == IRODS_STATUS_ERROR) { $created = -1; } elseif ($status == IRODS_STATUS_SUCCESS) { $created = 0; } } if (array_key_exists("message", $addjson)) { $msg = $addjson["message"]; } if (array_key_exists(IRODS_USER_GROUP_COMMAND_STATUS, $addjson)) { $groupCmdStatus = $addjson[IRODS_USER_GROUP_COMMAND_STATUS]; if ($groupCmdStatus == IRODS_STATUS_DUPLICATE_GROUP) { $created = 1; error_log("iRODS group {$group_name} already existed"); } elseif ($groupCmdStatus != IRODS_STATUS_SUCCESS) { error_log("iRODS failed to create group {$group_name}: {$groupCmdStatus}: '{$msg}'"); } } elseif ($created !== 0) { error_log("iRODS failed to create group {$group_name}: '{$msg}'"); } } else { error_log("iRODS: malformed return from createGroup: " . print_r($addjson, true)); $created = -1; } } catch (Exception $e) { error_log("Error doing iRODS put to add group: " . $e->getMessage()); $created = -1; } if ($created === 1) { if (!isset($att_group_name)) { // irods says the group exists, but our local attribute does not. Set it. if ($user->isAllowed(PA_ACTION::ADD_PROJECT_ATTRIBUTE, CS_CONTEXT_TYPE::PROJECT, $project_id)) { add_project_attribute($sa_url, $user, $project_id, PA_ATTRIBUTE_NAME::IRODS_GROUP_NAME, $group_name); } } } if ($created === 0) { // Save in local DB that we created the iRODS group // Remove first ensures no duplicate rows if ($user->isAllowed(PA_ACTION::ADD_PROJECT_ATTRIBUTE, CS_CONTEXT_TYPE::PROJECT, $project_id)) { if (isset($att_group_name)) { remove_project_attribute($sa_url, $user, $project_id, PA_ATTRIBUTE_NAME::IRODS_GROUP_NAME); } add_project_attribute($sa_url, $user, $project_id, PA_ATTRIBUTE_NAME::IRODS_GROUP_NAME, $group_name); } // Bootstrapping: for previously existing project, there may be other members of the project to add // Rely on the fact that we can move on if the user doesn't exist // Do this block only if we actually created the irods group just now $members = get_project_members($sa_url, $user, $project_id); // for each member of the project foreach ($members as $m) { $added = addToGroup($project_id, $group_name, $m[MA_MEMBER_TABLE_FIELDNAME::MEMBER_ID], $user); /* if ($added === -1) { */ /* error_log("Couldn't add member " . $m[MA_MEMBER_TABLE_FIELDNAME::MEMBER_ID] . " to new irods group $group_name: probably they don't have an irods account yet."); */ /* } */ } } return $created; }