public function xRemoveAction()
{
if (!$this->user->canManageAcl()) {
throw new Scalr_Exception_InsufficientPermissions();
}
$team = Scalr_Account_Team::init();
$team->loadById($this->getParam('teamId'));
if ($team->accountId != $this->user->getAccountId()) {
throw new Scalr_Exception_InsufficientPermissions();
}
$team->delete();
$this->response->success('Team successfully removed');
}
public function viewAction()
{
$users = array();
foreach ($this->env->getTeams() as $teamId) {
$team = Scalr_Account_Team::init()->loadById($teamId);
foreach ($team->getUsers() as $user) {
if (!isset($users[$user['id']])) {
$users[$user['id']] = array('id' => $user['id'], 'name' => !empty($user['fullname']) ? $user['fullname'] : $user['email'], 'email' => $user['email'], 'teams' => array());
}
$users[$user['id']]['teams'][] = array('id' => $team->id, 'name' => $team->name);
}
}
$this->response->page('ui/account2/environments/accessmap.js', array('definitions' => Acl::getResources(true), 'users' => array_values($users), 'env' => array('id' => $this->env->id, 'name' => $this->env->name)));
}
/**
* Gets all account teams list
*
* @return array
* @throws Scalr_Exception_InsufficientPermissions
*/
public function getAccountTeamsList()
{
$acl = \Scalr::getContainer()->acl;
if ($this->user->canManageAcl()) {
$teamIds = $this->db->getAll('SELECT id FROM account_teams WHERE account_id = ?', array($this->user->getAccountId()));
} else {
$teamIds = $this->user->getTeams();
}
$result = array();
foreach ($teamIds as &$row) {
$team = Scalr_Account_Team::init()->loadById($row['id']);
$resultRow = array('id' => $team->id, 'name' => $team->name, 'description' => $team->description, 'account_role_id' => $team->accountRoleId);
$users = array_map(function ($arr) {
return $arr['id'];
}, $team->getUsers());
if (!empty($users)) {
foreach ($acl->getUserRoleIdsByTeam($users, $row['id'], $this->user->getAccountId()) as $userId => $roles) {
$resultRow['users'][] = array('id' => $userId, 'roles' => $roles);
}
}
$result[] = $resultRow;
}
return $result;
}
/**
* Checks wheter this user is considered to be the team owner for the specified team.
*
* @param int $teamId The identifier of the team.
* @return boolean Returns true if the user is considered to be the team owner for the specified team.
* @deprecated This function has been deprecated since new ACL
*/
public function isTeamOwner($teamId = null)
{
$ret = false;
if ($teamId) {
try {
$team = Scalr_Account_Team::init();
$team->loadById($teamId);
$ret = $team->isTeamOwner($this->id);
} catch (\Exception $e) {
}
} else {
$ret = $this->canManageAcl();
}
return $ret;
}
public function addTeam($teamId)
{
$team = Scalr_Account_Team::init()->loadById($teamId);
if ($team->accountId == $this->clientId) {
$this->removeTeam($teamId);
$this->db->Execute('INSERT INTO `account_team_envs` (team_id, env_id) VALUES(?,?)', array($teamId, $this->id));
} else {
throw new Exception('This team doesn\'t belongs to this account');
}
}
public function testUsers()
{
if (!$this->getUser()->canManageAcl()) {
$this->markTestSkipped('Specified test user cannot manage users.');
}
// remove previous test data
$user = new \Scalr_Account_User();
$user = $user->loadByEmail(self::getTestName(self::USER_NAME) . '@scalr.com', $this->getEnvironment()->clientId);
if ($user) {
$user->delete();
}
$team = new \Scalr_Account_Team();
$result = $team->loadByFilter(array('name' => self::getTestName(self::TEAM_NAME), 'accountId' => $this->getEnvironment()->clientId));
if (count($result)) {
foreach ($result as $e) {
$obj = new \Scalr_Account_Team();
$obj->loadById($e['id']);
$obj->delete();
}
}
// create
$content = $this->request('/account/users/xSave', array('email' => self::getTestName(self::USER_NAME) . '@scalr.com', 'password' => '123', 'status' => 'Active', 'fullname' => 'phpunit test user', 'comments' => 'For testing'));
$this->assertTrue($content['success']);
$this->assertArrayHasKey('user', $content);
$this->assertArrayHasKey('id', $content['user']);
$this->assertArrayHasKey('email', $content['user']);
$this->assertArrayHasKey('fullname', $content['user']);
$createUserId = $content['user']['id'];
$content = $this->request('/account/users/xGetInfo', array('userId' => $createUserId));
$this->assertTrue($content['success']);
$this->assertArrayHasKey('user', $content);
$this->assertArrayHasKey('id', $content['user']);
$this->assertArrayHasKey('email', $content['user']);
$this->assertArrayHasKey('fullname', $content['user']);
$this->assertArrayHasKey('status', $content['user']);
$this->assertArrayHasKey('comments', $content['user']);
// modify some settings
$content = $this->request('/account/users/xSave', array('id' => $createUserId, 'email' => self::getTestName(self::USER_NAME) . '@scalr.com', 'status' => 'Inactive', 'fullname' => 'phpunit test user', 'comments' => 'For testing'));
$this->assertTrue($content['success']);
$content = $this->request('/account/users/xGetInfo', array('userId' => $createUserId));
$this->assertTrue($content['success']);
$this->assertArrayHasKey('user', $content);
$this->assertEquals($content['user']['status'], 'Inactive');
// get api keys
$content = $this->request('/account/users/xGetApiKeys', array('userId' => $createUserId));
$this->assertFalse($content['success']);
// remove user
$content = $this->request("/account/users/xRemove", array('userId' => $createUserId));
$this->assertTrue($content['success']);
// create with api enabled
$content = $this->request('/account/users/xSave', array('email' => self::getTestName(self::USER_NAME) . '@scalr.com', 'password' => '123', 'status' => 'Active', 'fullname' => 'phpunit test user', 'comments' => 'For testing', 'enableApi' => true));
$this->assertTrue($content['success']);
$this->assertArrayHasKey('user', $content);
$createUserId = $content['user']['id'];
// get api keys
$content = $this->request('/account/users/xGetApiKeys', array('userId' => $createUserId));
$this->assertTrue($content['success']);
$this->assertArrayHasKey('accessKey', $content);
$this->assertArrayHasKey('secretKey', $content);
if ($this->getUser()->isAccountOwner()) {
//create team
$content = $this->request("/account/teams/xCreate", array('name' => self::getTestName(self::TEAM_NAME), 'ownerId' => $createUserId, 'envId' => $this->getEnvironment()->id));
$this->assertTrue($content['success']);
$this->assertArrayHasKey('teamId', $content);
$createTeamId = $content['teamId'];
// remove team
$content = $this->request('/account/teams/xRemove', array('teamId' => $createTeamId));
$this->assertTrue($content['success']);
}
// remove user
$content = $this->request('/account/users/xRemove', array('userId' => $createUserId));
$this->assertTrue($content['success']);
}
public function xSaveAction()
{
if (!$this->user->isAccountSuperAdmin() && !$this->request->isAllowed(Acl::RESOURCE_ENV_CLOUDS_ENVIRONMENT)) {
throw new Scalr_Exception_InsufficientPermissions();
}
$params = array('envId' => array('type' => 'int'), 'teams' => array('type' => 'json'));
if ($this->user->isAccountOwner() || $this->user->isAccountSuperAdmin()) {
$params['name'] = array('type' => 'string', 'validator' => array(Scalr_Validator::REQUIRED => true, Scalr_Validator::NOHTML => true));
}
$this->request->defineParams($params);
$this->request->validate();
if ($this->getContainer()->analytics->enabled) {
if ($this->getParam('ccId')) {
if (!$this->getContainer()->analytics->ccs->get($this->getParam('ccId'))) {
$this->request->addValidationErrors('ccId', 'Invalid cost center ID');
}
} else {
$this->request->addValidationErrors('ccId', 'Cost center is required field');
}
}
if ($this->request->isValid()) {
$isNew = false;
if (!$this->getParam('envId')) {
//create new environment
if (!$this->user->isAccountOwner() && !$this->user->isAccountSuperAdmin()) {
throw new Scalr_Exception_InsufficientPermissions();
}
$this->user->getAccount()->validateLimit(Scalr_Limits::ACCOUNT_ENVIRONMENTS, 1);
$env = $this->user->getAccount()->createEnvironment($this->getParam('name'));
$isNew = true;
} else {
$env = Scalr_Environment::init()->loadById($this->getParam('envId'));
}
$this->user->getPermissions()->validate($env);
if (!$this->user->isAccountSuperAdmin() && !$this->user->getAclRolesByEnvironment($env->id)->isAllowed(Acl::RESOURCE_ENV_CLOUDS_ENVIRONMENT)) {
throw new Scalr_Exception_InsufficientPermissions();
}
//set name, status and defaultPriority
if ($this->user->isAccountOwner() || $this->user->isAccountSuperAdmin()) {
$env->name = $this->getParam('name');
}
if ($this->user->canManageAcl()) {
$env->status = $this->getParam('status') == Scalr_Environment::STATUS_ACTIVE ? Scalr_Environment::STATUS_ACTIVE : Scalr_Environment::STATUS_INACTIVE;
$env->defaultPriority = $this->getParam('defaultPriority');
}
$env->save();
if ($this->user->canManageAcl()) {
if ($this->getContainer()->analytics->enabled && $this->getParam('ccId')) {
$oldCcId = $env->getPlatformConfigValue(Scalr_Environment::SETTING_CC_ID);
$env->setPlatformConfig(array(Scalr_Environment::SETTING_CC_ID => $this->getParam('ccId')));
if ($isNew || $oldCcId != $this->getParam('ccId')) {
$cc = CostCentreEntity::findPk($this->getParam('ccId'));
$email = $cc->getProperty(CostCentrePropertyEntity::NAME_LEAD_EMAIL);
$emailData = ['envName' => $env->name, 'ccName' => $cc->name];
if (!empty($email)) {
\Scalr::getContainer()->mailer->sendTemplate(SCALR_TEMPLATES_PATH . '/emails/analytics_on_cc_add.eml.php', $emailData, $email);
}
}
if ($isNew || empty($oldCcId)) {
$this->getContainer()->analytics->events->fireAssignCostCenterEvent($env, $this->getParam('ccId'));
} elseif ($oldCcId != $this->getParam('ccId')) {
$this->getContainer()->analytics->events->fireReplaceCostCenterEvent($env, $this->getParam('ccId'), $oldCcId);
}
}
//set teams
if ($this->getContainer()->config->get('scalr.auth_mode') == 'ldap') {
$teams = array_map('trim', $this->getParam('teams'));
$ldapGroups = null;
if ($this->getContainer()->config->get('scalr.connections.ldap.user')) {
$ldap = $this->getContainer()->ldap(null, null);
$ldapGroups = $ldap->getGroupsDetails($teams);
foreach ($teams as $team) {
if (!isset($ldapGroups[$team])) {
throw new \Exception(sprintf("Team '%s' is not found on the directory server", $team));
}
}
}
$env->clearTeams();
foreach ($teams as $name) {
$name = trim($name);
if ($name) {
$id = $this->db->GetOne('SELECT id FROM account_teams WHERE name = ? AND account_id = ? LIMIT 1', array($name, $this->user->getAccountId()));
if (!$id) {
$team = new Scalr_Account_Team();
$team->name = $name;
$team->accountId = $this->user->getAccountId();
if ($ldapGroups !== null && $ldapGroups[$name] != $name) {
$team->description = $ldapGroups[$name];
}
$team->save();
$id = $team->id;
} elseif ($ldapGroups !== null) {
// Update team description
$team = new Scalr_Account_Team();
$team->loadById($id);
if ($team->description != $ldapGroups[$name] && $ldapGroups[$name] != $name) {
$team->description = $ldapGroups[$name];
$team->save();
}
}
$env->addTeam($id);
}
}
if ($this->getContainer()->config->get('scalr.connections.ldap.user')) {
$user = strtok($this->user->getEmail(), '@');
$ldap = $this->getContainer()->ldap($user, null);
if ($ldap->isValidUsername()) {
$this->user->applyLdapGroups($ldap->getUserGroups());
}
}
} else {
$env->clearTeams();
foreach ($this->getParam('teams') as $id) {
$env->addTeam($id);
}
}
}
$this->response->success($isNew ? 'Environment successfully created' : 'Environment saved');
$env = Scalr_Environment::init()->loadById($env->id);
//reload env to be sure we have actual params
$teams = array();
foreach ($env->getTeams() as $teamId) {
if ($this->getContainer()->config->get('scalr.auth_mode') == 'ldap') {
$team = new Scalr_Account_Team();
$team->loadById($teamId);
$teams[] = $team->name;
} else {
$teams[] = $teamId;
}
}
$this->response->data(array('env' => array('id' => $env->id, 'name' => $env->name, 'status' => $env->status, 'defaultPriority' => $env->defaultPriority, 'platforms' => $env->getEnabledPlatforms(), 'teams' => $teams, 'ccId' => $env->getPlatformConfigValue(Scalr_Environment::SETTING_CC_ID))));
} else {
$this->response->failure($this->request->getValidationErrorsMessage(), true);
}
}
public function xSaveAction()
{
if (!$this->user->isAccountSuperAdmin() && !$this->request->isAllowed(Acl::RESOURCE_ENVADMINISTRATION_ENV_CLOUDS)) {
throw new Scalr_Exception_InsufficientPermissions();
}
$params = array('envId' => array('type' => 'int'), 'teams' => array('type' => 'json'));
if ($this->user->isAccountOwner() || $this->user->isAccountSuperAdmin()) {
$params['name'] = array('type' => 'string', 'validator' => array(Scalr_Validator::REQUIRED => true, Scalr_Validator::NOHTML => true));
}
$this->request->defineParams($params);
$this->request->validate();
if ($this->getContainer()->analytics->enabled && $this->request->isInterfaceBetaOrNotHostedScalr()) {
if ($this->getParam('ccId')) {
if (!$this->getContainer()->analytics->ccs->get($this->getParam('ccId'))) {
$this->request->addValidationErrors('ccId', 'Invalid cost center ID');
}
} else {
$this->request->addValidationErrors('ccId', 'Cost center is required field');
}
}
if ($this->request->isValid()) {
$isNew = false;
if (!$this->getParam('envId')) {
//create new environment
if (!$this->user->isAccountOwner() && !$this->user->isAccountSuperAdmin()) {
throw new Scalr_Exception_InsufficientPermissions();
}
$this->user->getAccount()->validateLimit(Scalr_Limits::ACCOUNT_ENVIRONMENTS, 1);
$env = $this->user->getAccount()->createEnvironment($this->getParam('name'));
$isNew = true;
} else {
$env = Scalr_Environment::init()->loadById($this->getParam('envId'));
}
$this->user->getPermissions()->validate($env);
if (!$this->user->isAccountSuperAdmin() && !$this->user->getAclRolesByEnvironment($env->id)->isAllowed(Acl::RESOURCE_ENVADMINISTRATION_ENV_CLOUDS)) {
throw new Scalr_Exception_InsufficientPermissions();
}
//set name and status
if ($this->user->isAccountOwner() || $this->user->isAccountSuperAdmin()) {
$env->name = $this->getParam('name');
}
if ($this->user->canManageAcl()) {
$env->status = $this->getParam('status') == Scalr_Environment::STATUS_ACTIVE ? Scalr_Environment::STATUS_ACTIVE : Scalr_Environment::STATUS_INACTIVE;
}
$env->save();
if ($this->user->canManageAcl()) {
if ($this->getContainer()->analytics->enabled && $this->getParam('ccId')) {
$oldCcId = $env->getPlatformConfigValue(Scalr_Environment::SETTING_CC_ID);
$env->setPlatformConfig(array(Scalr_Environment::SETTING_CC_ID => $this->getParam('ccId')));
if ($isNew || empty($oldCcId)) {
$this->getContainer()->analytics->events->fireAssignCostCenterEvent($env, $this->getParam('ccId'));
} elseif ($oldCcId != $this->getParam('ccId')) {
$this->getContainer()->analytics->events->fireReplaceCostCenterEvent($env, $this->getParam('ccId'), $oldCcId);
}
}
//set teams
$env->clearTeams();
if ($this->getContainer()->config->get('scalr.auth_mode') == 'ldap') {
foreach ($this->getParam('teams') as $name) {
$name = trim($name);
if ($name) {
$id = $this->db->GetOne('SELECT id FROM account_teams WHERE name = ? AND account_id = ? LIMIT 1', array($name, $this->user->getAccountId()));
if (!$id) {
$team = new Scalr_Account_Team();
$team->name = $name;
$team->accountId = $this->user->getAccountId();
$team->save();
$id = $team->id;
}
$env->addTeam($id);
}
}
// remove unused teams
$ids = $this->db->GetAll('
SELECT account_teams.id
FROM account_teams
LEFT JOIN account_team_envs ON account_team_envs.team_id = account_teams.id
WHERE ISNULL(account_team_envs.env_id) AND account_teams.account_id = ?
', array($this->user->getAccountId()));
foreach ($ids as $id) {
$team = new Scalr_Account_Team();
$team->loadById($id['id']);
$team->delete();
}
if ($this->getContainer()->config->get('scalr.connections.ldap.user')) {
$ldap = $this->getContainer()->ldap($this->user->getEmail(), null);
if ($ldap->isValidUsername()) {
$this->user->applyLdapGroups($ldap->getUserGroups());
}
}
} else {
foreach ($this->getParam('teams') as $id) {
$env->addTeam($id);
}
}
}
$this->response->success($isNew ? 'Environment successfully created' : 'Environment saved');
$env = Scalr_Environment::init()->loadById($env->id);
//reload env to be sure we have actual params
$teams = array();
foreach ($env->getTeams() as $teamId) {
if ($this->getContainer()->config->get('scalr.auth_mode') == 'ldap') {
$team = new Scalr_Account_Team();
$team->loadById($teamId);
$teams[] = $team->name;
} else {
$teams[] = $teamId;
}
}
$this->response->data(array('env' => array('id' => $env->id, 'name' => $env->name, 'status' => $env->status, 'platforms' => $env->getEnabledPlatforms(), 'teams' => $teams, 'ccId' => $env->getPlatformConfigValue(Scalr_Environment::SETTING_CC_ID))));
} else {
$this->response->failure($this->request->getValidationErrorsMessage());
}
}
public function xSaveAction()
{
$this->request->restrictAccess(Acl::RESOURCE_ADMINISTRATION_ENV_CLOUDS);
$params = array('envId' => array('type' => 'int'), 'teams' => array('type' => 'json'));
if ($this->user->isAccountOwner()) {
$params['name'] = array('type' => 'string', 'validator' => array(Scalr_Validator::REQUIRED => true, Scalr_Validator::NOHTML => true));
}
$this->request->defineParams($params);
$this->request->validate();
if ($this->request->isValid()) {
$isNew = false;
if (!$this->getParam('envId')) {
//create new environment
if (!$this->user->isAccountOwner()) {
throw new Scalr_Exception_InsufficientPermissions();
}
$this->user->getAccount()->validateLimit(Scalr_Limits::ACCOUNT_ENVIRONMENTS, 1);
$env = $this->user->getAccount()->createEnvironment($this->getParam('name'));
$isNew = true;
} else {
$env = Scalr_Environment::init()->loadById($this->getParam('envId'));
}
$this->user->getPermissions()->validate($env);
if (!$this->user->getAclRolesByEnvironment($env->id)->isAllowed(Acl::RESOURCE_ADMINISTRATION_ENV_CLOUDS)) {
throw new Scalr_Exception_InsufficientPermissions();
}
//set name and status
if ($this->user->isAccountOwner()) {
$env->name = $this->getParam('name');
}
if ($this->user->canManageAcl()) {
$env->status = $this->getParam('status') == Scalr_Environment::STATUS_ACTIVE ? Scalr_Environment::STATUS_ACTIVE : Scalr_Environment::STATUS_INACTIVE;
}
$env->save();
if ($this->user->canManageAcl()) {
//set teams
$env->clearTeams();
if ($this->getContainer()->config->get('scalr.auth_mode') == 'ldap') {
foreach ($this->getParam('teams') as $name) {
$name = trim($name);
if ($name) {
$id = $this->db->GetOne('SELECT id FROM account_teams WHERE name = ? AND account_id = ? LIMIT 1', array($name, $this->user->getAccountId()));
if (!$id) {
$team = new Scalr_Account_Team();
$team->name = $name;
$team->accountId = $this->user->getAccountId();
$team->save();
$id = $team->id;
}
$env->addTeam($id);
}
}
// remove unused teams
$ids = $this->db->GetAll('
SELECT account_teams.id
FROM account_teams
LEFT JOIN account_team_envs ON account_team_envs.team_id = account_teams.id
WHERE ISNULL(account_team_envs.env_id) AND account_teams.account_id = ?
', array($this->user->getAccountId()));
foreach ($ids as $id) {
$team = new Scalr_Account_Team();
$team->loadById($id['id']);
$team->delete();
}
} else {
foreach ($this->getParam('teams') as $id) {
$env->addTeam($id);
}
}
}
$this->response->success($isNew ? 'Environment successfully created' : 'Environment saved');
$env = Scalr_Environment::init()->loadById($env->id);
//reload env to be sure we have actual params
$teams = array();
foreach ($env->getTeams() as $teamId) {
if ($this->getContainer()->config->get('scalr.auth_mode') == 'ldap') {
$team = new Scalr_Account_Team();
$team->loadById($teamId);
$teams[] = $team->name;
} else {
$teams[] = $teamId;
}
}
$this->response->data(array('env' => array('id' => $env->id, 'name' => $env->name, 'status' => $env->status, 'platforms' => $env->getEnabledPlatforms(), 'teams' => $teams)));
} else {
$this->response->failure($this->request->getValidationErrorsMessage());
}
}
public function xRemoveAction()
{
$team = Scalr_Account_Team::init();
$team->loadById($this->getParam('teamId'));
if ($this->user->isAccountOwner() && $team->accountId == $this->user->getAccountId()) {
$team->delete();
} else {
throw new Scalr_Exception_InsufficientPermissions();
}
$this->response->success();
}
public function xRemovePermissionGroupAction()
{
$team = Scalr_Account_Team::init()->loadById($this->getParam(self::CALL_PARAM_NAME));
$this->user->getPermissions()->validate($team);
if (!($this->user->getType() == Scalr_Account_User::TYPE_ACCOUNT_OWNER || $team->isTeamOwner($this->user->getId()))) {
throw new Scalr_Exception_InsufficientPermissions();
}
$group = Scalr_Account_Group::init();
$group->loadById($this->getParam('groupId'));
if ($group->teamId != $team->id) {
throw new Scalr_Exception_InsufficientPermissions();
}
$group->delete();
$this->response->success();
}