function create_project($sa_url, $signer, $project_name, $lead_id, $project_purpose, $expiration)
{
$client = XMLRPCClient::get_client($sa_url, $signer);
$fields = array('PROJECT_NAME' => $project_name, '_GENI_PROJECT_OWNER' => $lead_id, 'PROJECT_DESCRIPTION' => $project_purpose);
if ($expiration && $expiration != "") {
$fields['PROJECT_EXPIRATION'] = $expiration;
}
$options = array('fields' => $fields);
$options = array_merge($options, $client->options());
$results = $client->create_project($client->creds(), $options);
$project_id = $results['PROJECT_UID'];
/**** iRODS Support ****/
// All new projects get an irods group
$created = irods_create_group($project_id, $project_name, $signer);
if ($created === -1) {
error_log("FAILED to create iRODS group for new project {$project_name}");
}
/**** End of iRODS Support ***/
return $project_id;
}
}
}
// Use $username
// Get users projects
$project_ids = get_projects_for_member($sa_url, $user, $user->account_id, true);
$num_projects = count($project_ids);
// for each project
foreach ($project_ids as $project_id) {
$project = lookup_project($sa_url, $user, $project_id);
if (convert_boolean($project[PA_PROJECT_TABLE_FIELDNAME::EXPIRED])) {
// Don't create groups and members for expired projects
continue;
}
// FIXME: If I had attributes, I could skip trying to recreate the group here if it already exists
// create group
$created = irods_create_group($project_id, $project[PA_PROJECT_TABLE_FIELDNAME::PROJECT_NAME], $user);
$group_name = group_name($project[PA_PROJECT_TABLE_FIELDNAME::PROJECT_NAME]);
if ($created === 0) {
error_log("irods.php created group for already existing project {$group_name} cause of page load by " . $user->prettyName());
}
// If the group was created, then this user was added
// But if the group already existed and we just created their iRODS account, then we must add them to the group
if ($created === 1 and $didCreate) {
// add user to group
$added = addToGroup($project_id, $group_name, $user->account_id, $user);
if ($added === -1) {
error_log("FAILed to add {$username} to iRODS group {$group_name}");
}
}
}
}
function addToGroup($project_id, $group_name, $member_id, $user)
{
if (!isset($project_id) || $project_id == "-1" || !uuid_is_valid($project_id)) {
error_log("irods addToGroup: not a valid project ID. Nothing to do. {$project_id}");
return -1;
}
if (!isset($group_name) || is_null($group_name) || $group_name === '') {
error_log("irods addToGroup: not a valid group name. Nothing to do. {$project_id}, {$group_name}");
return -1;
}
if (!isset($member_id) || $member_id == "-1" || !uuid_is_valid($member_id)) {
error_log("irods addToGroup: not a valid member ID. Nothing to do. {$member_id}");
return -1;
}
global $disable_irods;
if (isset($disable_irods)) {
error_log("irods addToGroup: disable_irods was set. Doing nothing.");
return -1;
}
// must get member username
$member = geni_load_user_by_member_id($member_id);
// Bail early if the local attribute says the user does not yet have an account
if (!isset($member->ma_member->irods_username)) {
error_log("iRODS addToGroup local attribute says member {$member_id} does not yet have an iRODS account. Cannot add to group {$group_name}");
return -1;
}
$username = base_username($member);
error_log("iRODS addToGroup {$group_name} member {$member_id} with username {$username}");
global $irods_url;
global $default_zone;
global $portal_irods_user;
global $portal_irods_pw;
global $irods_cert;
$irods_info = array();
$irods_info[IRODS_USER_NAME] = $username;
$irods_info[IRODS_GROUP] = $group_name;
$irods_info[IRODS_ZONE] = $default_zone;
// Note: in PHP 5.4, use JSON_UNESCAPED_SLASHES.
// we have PHP 5.3, so we have to remove those manually.
$irods_json = json_encode($irods_info);
$irods_json = str_replace('\\/', '/', $irods_json);
// error_log("Trying to add member to iRODS group with values: " . $irods_json);
///* Sign the data with the portal certificate (Is that correct?) */
//$irods_signed = smime_sign_message($irods_json, $portal_cert, $portal_key);
///* Encrypt the signed data for the iRODS SSL certificate */
//$irods_blob = smime_encrypt($irods_signed, $irods_cert);
$added = -1;
// Was the user added to the group? -1=Error, 0=Success, 1=Member already in group
try {
$addstruct = doRESTCall($irods_url . IRODS_PUT_USER_GROUP_URI . IRODS_SEND_JSON, $portal_irods_user, $portal_irods_pw, "PUT", $irods_json, "application/json", $irods_cert);
// look for (\r or \n or \r\n){2} and move past that
preg_match("/(\r|\n|\r\n){2}([^\r\n].+)\$/", $addstruct, $m);
if (!array_key_exists(2, $m)) {
error_log("iRODS addToGroup Malformed PUT result to iRODS - error? Got: " . $addstruct);
throw new Exception("Failed to add member to iRODS group - server error: " . $addstruct);
}
// error_log("PUT result content: " . $m[2]);
$addjson = json_decode($m[2], true);
// error_log("add user to group result: " . print_r($addjson, true));
if (is_array($addjson)) {
$status = null;
$msg = null;
$groupCmdStatus = null;
if (array_key_exists("status", $addjson)) {
$status = $addjson["status"];
// Return 0 if added the user, 1 if user already in the group, -1 on error
if ($status == IRODS_STATUS_ERROR) {
$added = -1;
} elseif ($status == IRODS_STATUS_SUCCESS) {
$added = 0;
}
}
if (array_key_exists("message", $addjson)) {
$msg = $addjson["message"];
}
if (array_key_exists(IRODS_USER_GROUP_COMMAND_STATUS, $addjson)) {
$groupCmdStatus = $addjson[IRODS_USER_GROUP_COMMAND_STATUS];
if ($groupCmdStatus == IRODS_STATUS_DUPLICATE_USER) {
$added = 1;
error_log("iRODS user {$username} already in group {$group_name}");
} elseif ($groupCmdStatus != IRODS_STATUS_SUCCESS) {
if ($groupCmdStatus === IRODS_STATUS_BAD_USER) {
error_log("iRODS: user {$username} has no iRODS account yet. Cannot add to group {$group_name}. ({$groupCmdStatus}: '{$msg}')");
// FIXME: Email someone?
} elseif ($groupCmdStatus === IRODS_STATUS_BAD_GROUP) {
// If it is INVALID_GROUP then we still need to do createGroup. I don't think that should happen. But in case...
error_log("iRODS: group {$group_name} doesn't exist yet, so cannot add user {$username}. Try to create the group... ({$groupCmdStatus}: '{$msg}')");
if (!isset($sa_url)) {
$sa_url = get_first_service_of_type(SR_SERVICE_TYPE::SLICE_AUTHORITY);
if (!isset($sa_url) || is_null($sa_url) || $sa_url == '') {
error_log("iRODS Found no SA in SR!'");
}
}
$project = lookup_project($sa_url, $user, $project_id);
$project_name = $project[PA_PROJECT_TABLE_FIELDNAME::PROJECT_NAME];
$groupCreated = irods_create_group($project_id, $project_name, $user);
if ($groupCreated != -1) {
$added = 0;
}
} else {
error_log("iRODS failed to add user {$username} to group {$group_name}: {$groupCmdStatus}: '{$msg}'");
}
}
} elseif ($added !== 0) {
error_log("iRODS failed to add user {$username} to group {$group_name}: '{$msg}'");
}
} else {
$added = -1;
error_log("iRODS: malformed return from addUserToGroup: " . print_r($addjson, true));
}
} catch (Exception $e) {
error_log("Error doing iRODS put to add member to group: " . $e->getMessage());
$added = -1;
}
// Return 0 if added the user, 1 if user already in the group, -1 on error
return $added;
}
