/**
  * Create a new project based on project name. This function will also create
  * all roles needed by the project.
  *
  * @static
  * @param  $projectname
  * @return bool
  */
 static function createProject($projectname)
 {
     global $wgAuth;
     global $wgOpenStackManagerLDAPUser;
     global $wgOpenStackManagerLDAPProjectBaseDN;
     OpenStackNovaLdapConnection::connect();
     $project = array();
     $project['objectclass'][] = 'groupofnames';
     $project['objectclass'][] = 'posixgroup';
     $project['cn'] = $projectname;
     $project['owner'] = $wgOpenStackManagerLDAPUser;
     $project['gidnumber'] = OpenStackNovaUser::getNextIdNumber($wgAuth, 'gidnumber');
     $projectdn = 'cn=' . $projectname . ',' . $wgOpenStackManagerLDAPProjectBaseDN;
     $success = LdapAuthenticationPlugin::ldap_add($wgAuth->ldapconn, $projectdn, $project);
     $project = new OpenStackNovaProject($projectname);
     if ($success) {
         foreach (self::$rolenames as $rolename) {
             $role = OpenStackNovaRole::createRole($rolename, $project);
             # TODO: If role addition fails, find a way to fail gracefully
             # Though, if the project was added successfully, it is unlikely
             # that role addition will fail.
         }
         $wgAuth->printDebug("Successfully added project {$projectname}", NONSENSITIVE);
         return true;
     } else {
         $wgAuth->printDebug("Failed to add project {$projectname}", NONSENSITIVE);
         return false;
     }
 }
	/**
	 * @param  $formData
	 * @param string $entryPoint
	 * @return bool
	 */
	function tryDeleteMemberSubmit( $formData, $entryPoint = 'internal' ) {
		$projectname = $formData['projectname'];
		if ( $projectname ) {
			$project = OpenStackNovaProject::getProjectByName( $projectname );
			if ( ! $project ) {
				$this->getOutput()->addWikiMsg( 'openstackmanager-nonexistentproject' );
				return true;
			}
			$role = OpenStackNovaRole::getProjectRoleByName( $formData['rolename'], $project );
		} else {
			$role = OpenStackNovaRole::getGlobalRoleByName( $formData['rolename'] );
		}
		if ( ! $role ) {
			$this->getOutput()->addWikiMsg( 'openstackmanager-nonexistentrole' );
			return true;
		}
		foreach ( $formData['members'] as $member ) {
			$success = $role->deleteMember( $member );
			if ( $success ) {
				$this->getOutput()->addWikiMsg( 'openstackmanager-removedfrom', $member, $formData['rolename'] );
			} else {
				$this->getOutput()->addWikiMsg( 'openstackmanager-failedtoremove', $member, $formData['rolename'] );
			}
		}

		$out = '<br />';
		$returnto = Title::newFromText( $formData['returnto'] );
		$out .= Linker::link( $returnto, wfMsgHtml( 'openstackmanager-backprojectlist' ) );
		$this->getOutput()->addHTML( $out );

		return true;
	}
 /**
  * Create a new project based on project name. This function will also create
  * all roles needed by the project.
  *
  * @static
  * @param  $projectname
  * @return bool
  */
 static function createProject($projectname)
 {
     global $wgAuth;
     global $wgOpenStackManagerLDAPUser;
     global $wgOpenStackManagerLDAPProjectBaseDN;
     OpenStackNovaLdapConnection::connect();
     $project = array();
     $project['objectclass'][] = 'extensibleobject';
     $project['objectclass'][] = 'groupofnames';
     $project['cn'] = $projectname;
     $project['member'] = $wgOpenStackManagerLDAPUser;
     $projectdn = 'cn=' . $projectname . ',' . $wgOpenStackManagerLDAPProjectBaseDN;
     // if we're not going to use project groups,
     // then create this project as a posixgroup
     if (!OpenStackNovaProject::useProjectGroup()) {
         $project['gidnumber'] = OpenStackNovaUser::getNextIdNumber($wgAuth, 'gidnumber');
         $project['objectclass'][] = 'posixgroup';
     }
     $success = LdapAuthenticationPlugin::ldap_add($wgAuth->ldapconn, $projectdn, $project);
     $project = new OpenStackNovaProject($projectname);
     if ($success) {
         foreach (self::$rolenames as $rolename) {
             OpenStackNovaRole::createRole($rolename, $project);
             # TODO: If role addition fails, find a way to fail gracefully
             # Though, if the project was added successfully, it is unlikely
             # that role addition will fail.
         }
         $sudoerOU = array();
         $sudoerOU['objectclass'][] = 'organizationalunit';
         $sudoerOU['ou'] = 'sudooers';
         $sudoerOUdn = 'ou=sudoers,' . $projectdn;
         LdapAuthenticationPlugin::ldap_add($wgAuth->ldapconn, $sudoerOUdn, $sudoerOU);
         # TODO: If sudoerOU creation fails we need to be able to fail gracefully
         $wgAuth->printDebug("Successfully added project {$projectname}", NONSENSITIVE);
         // Now that we've created the Project, if we
         // are supposed to use a corresponding Project Group
         // to manage posix group permissions, do so now.
         if (OpenStackNovaProject::useProjectGroup()) {
             OpenStackNovaProjectGroup::createProjectGroup($projectname);
             # TODO: If project group creation fails we need to be able to fail gracefully
         }
         // Create two default, permissive sudo policies.  First,
         //  allow sudo (as root) for all members...
         $projectGroup = "%" . $project->getProjectGroup()->getProjectGroupName();
         if (OpenStackNovaSudoer::createSudoer('default-sudo', $projectname, array($projectGroup), array(), array('ALL'), array('!authenticate'))) {
             $wgAuth->printDebug("Successfully created default sudo policy for {$projectname}", NONSENSITIVE);
         }
         // Now, allow all project members to sudo to all other users.
         $projectGroup = "%" . $project->getProjectGroup()->getProjectGroupName();
         if (OpenStackNovaSudoer::createSudoer('default-sudo-as', $projectname, array($projectGroup), array("{$projectGroup}"), array('ALL'), array('!authenticate'))) {
             $wgAuth->printDebug("Successfully created default sudo-as policy for {$projectname}", NONSENSITIVE);
         }
     } else {
         $wgAuth->printDebug("Failed to add project {$projectname}", NONSENSITIVE);
         return false;
     }
     OpenStackNovaProject::createServiceGroupOUs($projectname);
     return true;
 }