function irods_create_group($project_id, $project_name, $user) { // Note this function must bail if project_id is not a project but an error of some kind error_log("iRODS: creating group for project {$project_name} with id {$project_id}"); if (!isset($project_id) || $project_id == "-1" || !uuid_is_valid($project_id)) { error_log("irods_create_group: not a valid project ID. Nothing to do. {$project_id}"); return -1; } if (!isset($project_name) || is_null($project_name) || $project_name === '') { error_log("irods_create_group: not a valid project name. Nothing to do. {$project_id}, {$project_name}"); return -1; } global $disable_irods; if (isset($disable_irods)) { error_log("irodsCreateGroup: disable_irods was set. Doing nothing."); return -1; } // If pa_project_attribute has the irods_group_name attribute, then return 1 if (!isset($sa_url)) { $sa_url = get_first_service_of_type(SR_SERVICE_TYPE::SLICE_AUTHORITY); if (!isset($sa_url) || is_null($sa_url) || $sa_url == '') { error_log("iRODS Found no SA in SR!'"); } } $project_attributes = lookup_project_attributes($sa_url, $user, $project_id); $group_name = null; $att_group_name = null; foreach ($project_attributes as $attribute) { if ($attribute[PA_ATTRIBUTE::NAME] == PA_ATTRIBUTE_NAME::IRODS_GROUP_NAME) { $group_name = $attribute[PA_ATTRIBUTE::VALUE]; $att_group_name = $group_name; break; } } if (!is_null($group_name)) { error_log("irodsCreateGroup: local attribute says group {$group_name} already exists for project {$project_id}"); return 1; // group already existed } global $irods_url; global $default_zone; global $irods_cert; global $portal_irods_user; global $portal_irods_pw; // must get project name and then groupname $group_name = group_name($project_name); $irods_info = array(); $irods_info[IRODS_GROUP_NEW] = $group_name; $irods_info[IRODS_ZONE] = $default_zone; // Note: in PHP 5.4, use JSON_UNESCAPED_SLASHES. // we have PHP 5.3, so we have to remove those manually. $irods_json = json_encode($irods_info); $irods_json = str_replace('\\/', '/', $irods_json); // error_log("Trying to add group to iRODS with values: " . $irods_json); ///* Sign the data with the portal certificate (Is that correct?) */ //$irods_signed = smime_sign_message($irods_json, $portal_cert, $portal_key); ///* Encrypt the signed data for the iRODS SSL certificate */ //$irods_blob = smime_encrypt($irods_signed, $irods_cert); $created = -1; // Was the group created? -1=error, 0=success, 1=group was already there try { $addstruct = doRESTCall($irods_url . IRODS_PUT_GROUP_URI . IRODS_SEND_JSON, $portal_irods_user, $portal_irods_pw, "PUT", $irods_json, "application/json", $irods_cert); // look for (\r or \n or \r\n){2} and move past that preg_match("/(\r|\n|\r\n){2}([^\r\n].+)\$/", $addstruct, $m); if (!array_key_exists(2, $m)) { error_log("irods createGroup: Malformed PUT result to iRODS - error? Got: " . $addstruct); throw new Exception("Failed to add iRODS group - server error: " . $addstruct); } // error_log("PUT result content: " . $m[2]); $addjson = json_decode($m[2], true); // error_log("add group result: " . print_r($addjson, true)); if (is_array($addjson)) { $status = null; $msg = null; $groupCmdStatus = null; if (array_key_exists("status", $addjson)) { $status = $addjson["status"]; // Return 0 if added the group, 1 if group existed, -1 on error if ($status == IRODS_STATUS_ERROR) { $created = -1; } elseif ($status == IRODS_STATUS_SUCCESS) { $created = 0; } } if (array_key_exists("message", $addjson)) { $msg = $addjson["message"]; } if (array_key_exists(IRODS_USER_GROUP_COMMAND_STATUS, $addjson)) { $groupCmdStatus = $addjson[IRODS_USER_GROUP_COMMAND_STATUS]; if ($groupCmdStatus == IRODS_STATUS_DUPLICATE_GROUP) { $created = 1; error_log("iRODS group {$group_name} already existed"); } elseif ($groupCmdStatus != IRODS_STATUS_SUCCESS) { error_log("iRODS failed to create group {$group_name}: {$groupCmdStatus}: '{$msg}'"); } } elseif ($created !== 0) { error_log("iRODS failed to create group {$group_name}: '{$msg}'"); } } else { error_log("iRODS: malformed return from createGroup: " . print_r($addjson, true)); $created = -1; } } catch (Exception $e) { error_log("Error doing iRODS put to add group: " . $e->getMessage()); $created = -1; } if ($created === 1) { if (!isset($att_group_name)) { // irods says the group exists, but our local attribute does not. Set it. if ($user->isAllowed(PA_ACTION::ADD_PROJECT_ATTRIBUTE, CS_CONTEXT_TYPE::PROJECT, $project_id)) { add_project_attribute($sa_url, $user, $project_id, PA_ATTRIBUTE_NAME::IRODS_GROUP_NAME, $group_name); } } } if ($created === 0) { // Save in local DB that we created the iRODS group // Remove first ensures no duplicate rows if ($user->isAllowed(PA_ACTION::ADD_PROJECT_ATTRIBUTE, CS_CONTEXT_TYPE::PROJECT, $project_id)) { if (isset($att_group_name)) { remove_project_attribute($sa_url, $user, $project_id, PA_ATTRIBUTE_NAME::IRODS_GROUP_NAME); } add_project_attribute($sa_url, $user, $project_id, PA_ATTRIBUTE_NAME::IRODS_GROUP_NAME, $group_name); } // Bootstrapping: for previously existing project, there may be other members of the project to add // Rely on the fact that we can move on if the user doesn't exist // Do this block only if we actually created the irods group just now $members = get_project_members($sa_url, $user, $project_id); // for each member of the project foreach ($members as $m) { $added = addToGroup($project_id, $group_name, $m[MA_MEMBER_TABLE_FIELDNAME::MEMBER_ID], $user); /* if ($added === -1) { */ /* error_log("Couldn't add member " . $m[MA_MEMBER_TABLE_FIELDNAME::MEMBER_ID] . " to new irods group $group_name: probably they don't have an irods account yet."); */ /* } */ } } return $created; }
$actions_entry = "<td>{$actions}</td>"; } $purpose_entry = ""; if ($show_purpose) { $purpose_entry = "<td>{$proj_purpose}</td>"; } $error_entry_id = "error-" . $proj_id; $error_entry = "<td id=\"{$error_entry_id}\"></td>"; echo "<tr><td>{$proj_href}</td><td id=\"group-{$proj_id}\">{$group_name}</td><td>{$lead_name}</td>{$purpose_entry} {$actions_entry} {$error_entry}</tr>"; } echo "</table>"; } echo "<h1>Wireless Account Setup</h1>"; $project_ids = get_projects_for_member($sa_url, $user, $user->account_id, true); // Gather project attributes for each project $attribs = lookup_project_attributes($sa_url, $user, $project_ids); $attribs_by_project = array(); foreach ($project_ids as $project_id) { $attribs_by_project[$project_id] = array(); } foreach ($attribs as $attrib) { $project_id = $attrib[PA_PROJECT_TABLE_FIELDNAME::PROJECT_ID]; $attribs_by_project[$project_id][] = $attrib; } $projects = lookup_project_details($sa_url, $user, $project_ids); $num_projects = count($project_ids); $lead_names = lookup_member_names_for_rows($ma_url, $user, $projects, PA_PROJECT_TABLE_FIELDNAME::LEAD_ID); // error_log("LEADS = " . print_r($lead_names, true)); // Get the user's SSH keys to make sure they'll be able to log in $sshkeys = $user->sshKeys(); // Break up projects into those I can modify and those I cannot.