function confirmDeleteGroup() { global $user; $groupid = getContinuationVar("groupid"); $type = getContinuationVar("type"); $usergroups = getUserGroups(); $groupid = processInputVar('groupid', ARG_NUMERIC); if ($type == 'user') { if (!array_key_exists($groupid, $usergroups)) { print "<h2>Delete User Group</h2>\n"; print "The selected user group does not exist.\n"; return; } if ($usergroups[$groupid]['ownerid'] != $user['id']) { if ($usergroups[$groupid]['custom'] == 0 || $usergroups[$groupid]['courseroll'] == 1) { if (!checkUserHasPerm('Manage Federated User Groups (global)') && (!checkUserHasPerm('Manage Federated User Groups (affiliation only)') || $usergroups[$groupid]['groupaffiliationid'] != $user['affiliationid'])) { print "<h2>Delete User Group</h2>\n"; print "You do not have access to delete the selected user group.\n"; return; } } else { print "<h2>Delete User Group</h2>\n"; print "You do not have access to delete the selected user group.\n"; return; } } $tmp = explode('@', $usergroups[$groupid]['name']); $checkname = $tmp[0]; if ($usergroups[$groupid]['groupaffiliationid'] == 1 && ($checkname == 'Specify End Time' || $checkname == 'Allow No User Check' || $checkname == 'Default for Editable by')) { print "<h2>Delete User Group</h2>\n"; print "{$usergroups[$groupid]['name']} is a system group that cannot be deleted"; return; } } else { $userresources = getUserResources(array("groupAdmin"), array("manageGroup"), 1); $noaccess = 1; foreach (array_keys($userresources) as $rtype) { if (array_key_exists($groupid, $userresources[$rtype])) { $noaccess = 0; break; } } if ($noaccess) { print "<h2>Delete Resource Group</h2>\n"; print "You do not have access to delete the selected resource group.\n"; return; } } $resourcegroups = getResourceGroups(); if ($type == "user") { $title = "Delete User Group"; $usemsg = "This group is currently in use. You cannot delete it until " . "it is no longer being used."; $question = "Delete the following user group?"; $name = $usergroups[$groupid]["name"]; $target = ""; } else { $title = "Delete Resource Group"; $usemsg = "This group is currently assigned to at least one node in the " . "privilege tree. You cannot delete it until it is no longer " . "in use."; $question = "Delete the following resource group?"; list($resourcetype, $name) = explode('/', $resourcegroups[$groupid]["name"]); $target = "#resources"; } if (checkForGroupUsage($groupid, $type, $usemsg)) { print "<H2 align=center>{$title}</H2>\n"; print $usemsg; return; } print "<DIV align=center>\n"; print "<H2>{$title}</H2>\n"; print "{$question}<br><br>\n"; print "<TABLE>\n"; if ($type == "resource") { print " <TR>\n"; print " <TH align=right>Type:</TH>\n"; print " <TD>{$resourcetype}</TD>\n"; print " </TR>\n"; } print " <TR>\n"; print " <TH align=right>Name:</TH>\n"; print " <TD>{$name}</TD>\n"; print " </TR>\n"; if ($type == "resource") { print " <TR>\n"; print " <TH align=right>Owning User Group:</TH>\n"; print " <TD>" . $resourcegroups[$groupid]["owner"] . "</TD>\n"; print " </TR>\n"; } elseif ($usergroups[$groupid]['courseroll'] == 1 || $usergroups[$groupid]['custom'] == 0) { print "<TR>\n"; print " <TH align=right>Type:</TH>\n"; if ($usergroups[$groupid]['courseroll'] == 1) { print " <TD>Course Roll</TD>\n"; } elseif ($usergroups[$groupid]['custom'] == 0) { print " <TD>Federated</TD>\n"; } print "</TR>\n"; print "<TR>\n"; print " <TD colspan=2><br><strong>Note</strong>: This type of group is "; print "created from external sources<br>and could be recreated from "; print "those sources at any time.<br><br></TD>\n"; print "</TR>\n"; } print "</TABLE>\n"; print "<TABLE>\n"; print " <TR valign=top>\n"; print " <TD>\n"; print " <FORM action=\"" . BASEURL . SCRIPT . "{$target}\" method=post>\n"; $cdata = array('groupid' => $groupid, 'type' => $type); $cont = addContinuationsEntry('submitDeleteGroup', $cdata); print " <INPUT type=hidden name=continuation value=\"{$cont}\">\n"; print " <INPUT type=submit value=Submit>\n"; print " </FORM>\n"; print " </TD>\n"; print " <TD>\n"; print " <FORM action=\"" . BASEURL . SCRIPT . "\" method=post>\n"; print " <INPUT type=hidden name=mode value=viewGroups>\n"; print " <INPUT type=submit value=Cancel>\n"; print " </FORM>\n"; print " </TD>\n"; print " </TR>\n"; print "</TABLE>\n"; print "</DIV>\n"; }
function selectNode() { global $user; $node = processInputVar("node", ARG_NUMERIC); if (!empty($_COOKIE["VCLNODES"])) { $openNodes = $_COOKIE["VCLNODES"]; } else { $openNodes = DEFAULT_PRIVNODE; } if (empty($node)) { dbDisconnect(); exit; } $return = ""; $text = ""; $js = ""; $privs = getNodePrivileges($node); $cascadePrivs = getNodeCascadePrivileges($node); $usertypes = getTypes("users"); $i = 0; $hasUserGrant = checkUserHasPriv("userGrant", $user["id"], $node, $privs, $cascadePrivs); $hasResourceGrant = checkUserHasPriv("resourceGrant", $user["id"], $node, $privs, $cascadePrivs); $hasNodeAdmin = checkUserHasPriv("nodeAdmin", $user["id"], $node, $privs, $cascadePrivs); if ($hasNodeAdmin) { $text .= "<TABLE>"; $text .= " <TR valign=top>"; $text .= " <TD><FORM action=\"" . BASEURL . SCRIPT . "\" method=post>"; $text .= " <button id=addNodeBtn dojoType=Button "; $text .= "onClick=\"showAddNodePane(); return false;\">"; $text .= "Add Child</button>"; $text .= " </FORM></TD>"; $text .= " <TD><FORM action=\"" . BASEURL . SCRIPT . "\" method=post>"; $text .= " <button id=deleteNodeBtn dojoType=Button onClick=\"showDeleteNodeDialog();\">"; $text .= "Delete Node and Children</button>"; $text .= " </FORM></TD>"; $text .= " </TR>"; $text .= "</TABLE>"; } $return .= setAttribute('treebuttons', 'innerHTML', $text); $return .= "AJdojoCreate('treebuttons');"; # privileges $text = ""; $text .= "<H3>Users</H3>"; $text .= "<FORM id=usersform action=\"" . BASEURL . SCRIPT . "#users\" method=post>"; $users = array(); if (count($privs["users"]) || count($cascadePrivs["users"])) { $text .= "<TABLE border=1 summary=\"\">"; $text .= " <TR>"; $text .= " <TD></TD>"; $text .= " <TH bgcolor=gray style=\"color: black;\">Block<br>Cascaded<br>Rights</TH>"; $text .= " <TH bgcolor=\"#008000\" style=\"color: black;\">Cascade<br>to Child<br>Nodes</TH>"; foreach ($usertypes["users"] as $type) { $img = getImageText($type); $text .= " <TD>{$img}</TD>"; } $text .= " </TR>"; $users = array_unique(array_merge(array_keys($privs["users"]), array_keys($cascadePrivs["users"]))); sort($users); foreach ($users as $_user) { $tmpArr = getUserPrivRowHTML($_user, $i, $privs["users"], $usertypes["users"], $cascadePrivs["users"], 'user', !$hasUserGrant); $text .= $tmpArr['html']; $js .= $tmpArr['javascript']; $i++; } $text .= "</TABLE>"; $text .= "<div id=lastUserNum class=hidden>" . ($i - 1) . "</div>"; if ($hasUserGrant) { $cont = addContinuationsEntry('AJchangeUserPrivs'); $text .= "<INPUT type=hidden id=changeuserprivcont value=\"{$cont}\">"; } } else { $text .= "There are no user privileges at the selected node.<br>"; } if ($hasUserGrant) { $text .= "<BUTTON id=addUserBtn dojoType=Button onClick=\"showAddUserPane(); return false;\">"; $text .= "Add User</button>"; } $text .= "</FORM>"; $return .= setAttribute('usersDiv', 'innerHTML', $text); $return .= "AJdojoCreate('usersDiv');"; # groups $text = ""; $text .= "<H3>User Groups</H3>"; if (count($privs["usergroups"]) || count($cascadePrivs["usergroups"])) { $text .= "<FORM action=\"" . BASEURL . SCRIPT . "#groups\" method=post>"; $text .= "<div id=firstUserGroupNum class=hidden>{$i}</div>"; $text .= "<TABLE border=1 summary=\"\">"; $text .= " <TR>"; $text .= " <TD></TD>"; $text .= " <TH bgcolor=gray style=\"color: black;\">Block<br>Cascaded<br>Rights</TH>"; #$img = getImageText("Block Cascaded Rights"); #$text .= " <TD>$img</TD>"; $text .= " <TH bgcolor=\"#008000\" style=\"color: black;\">Cascade<br>to Child<br>Nodes</TH>"; #$img = getImageText("Cascade to Child Nodes"); #$text .= " <TD>$img</TD>"; foreach ($usertypes["users"] as $type) { $img = getImageText($type); $text .= " <TH>{$img}</TH>"; } $text .= " </TR>"; $groups = array_unique(array_merge(array_keys($privs["usergroups"]), array_keys($cascadePrivs["usergroups"]))); sort($groups); foreach ($groups as $group) { $tmpArr = getUserPrivRowHTML($group, $i, $privs["usergroups"], $usertypes["users"], $cascadePrivs["usergroups"], 'group', !$hasUserGrant); $text .= $tmpArr['html']; $js .= $tmpArr['javascript']; $i++; } $text .= "</TABLE>"; $text .= "<div id=lastUserGroupNum class=hidden>" . ($i - 1) . "</div>"; if ($hasUserGrant) { $cont = addContinuationsEntry('AJchangeUserGroupPrivs'); $text .= "<INPUT type=hidden id=changeusergroupprivcont value=\"{$cont}\">"; } } else { $text .= "There are no user group privileges at the selected node.<br>"; $groups = array(); } if ($hasUserGrant) { $text .= "<BUTTON id=addGroupBtn dojoType=Button onclick=\"showAddUserGroupPane(); return false;\">"; $text .= "Add Group</button>"; } $text .= "</FORM>"; $return .= setAttribute('usergroupsDiv', 'innerHTML', $text); $return .= "AJdojoCreate('usergroupsDiv');"; # resources $text = ""; $resourcetypes = array("available", "administer", "manageGroup"); $text .= "<H3>Resources</H3>"; $text .= "<FORM id=resourceForm action=\"" . BASEURL . SCRIPT . "#resources\" method=post>"; if (count($privs["resources"]) || count($cascadePrivs["resources"])) { $text .= "<TABLE border=1 summary=\"\">"; $text .= " <TR>"; $text .= " <TH>Group<br>Name</TH>"; $text .= " <TH>Group<br>Type</TH>"; $text .= " <TH bgcolor=gray style=\"color: black;\">Block<br>Cascaded<br>Rights</TH>"; $text .= " <TH bgcolor=\"#008000\" style=\"color: black;\">Cascade<br>to Child<br>Nodes</TH>"; foreach ($resourcetypes as $type) { $img = getImageText("{$type}"); $text .= " <TH>{$img}</TH>"; } $text .= " </TR>"; $resources = array_unique(array_merge(array_keys($privs["resources"]), array_keys($cascadePrivs["resources"]))); sort($resources); $resourcegroups = getResourceGroups(); $resgroupmembers = getResourceGroupMembers(); foreach ($resources as $resource) { $tmpArr = getResourcePrivRowHTML($resource, $i, $privs["resources"], $resourcetypes, $resourcegroups, $resgroupmembers, $cascadePrivs["resources"], !$hasResourceGrant); $text .= $tmpArr['html']; $js .= $tmpArr['javascript']; $i++; } $text .= "</TABLE>"; if ($hasResourceGrant) { $cont = addContinuationsEntry('AJchangeResourcePrivs'); $text .= "<INPUT type=hidden id=changeresourceprivcont value=\"{$cont}\">"; } } else { $text .= "There are no resource group privileges at the selected node.<br>"; $resources = array(); } if ($hasResourceGrant) { $text .= "<BUTTON id=addResourceBtn dojoType=Button onclick=\"showAddResourceGroupPane(); return false;\">"; $text .= "Add Resource Group</button>"; } $text .= "</FORM>"; $return .= setAttribute('resourcesDiv', 'innerHTML', $text); $return .= "AJdojoCreate('resourcesDiv');"; $return .= "showPrivileges();"; print $return; print $js; dbDisconnect(); exit; }
function AJsubmitAddResourcePriv() { global $user; $node = processInputVar("activeNode", ARG_NUMERIC); if (!checkUserHasPriv("resourceGrant", $user["id"], $node)) { $text = "You do not have rights to add new resource groups at this node."; print "addResourceGroupPaneHide(); "; print "alert('{$text}');"; return; } $newgroupid = processInputVar("newgroupid", ARG_NUMERIC); $privs = array("computerAdmin", "mgmtNodeAdmin", "imageAdmin", "scheduleAdmin", "serverProfileAdmin"); $resourcegroups = getUserResources($privs, array("manageGroup"), 1); $groupdata = getResourceGroups('', $newgroupid); if (empty($groupdata)) { $text = "Invalid resource group submitted."; print "addResourceGroupPaneHide(); "; print "alert('{$text}');"; return; } list($newtype, $tmp) = explode('/', $groupdata[$newgroupid]['name']); if (!array_key_exists($newgroupid, $resourcegroups[$newtype])) { $text = "You do not have rights to manage the specified resource group."; print "addResourceGroupPaneHide(); "; print "alert('{$text}');"; return; } $perms = explode(':', processInputVar('perms', ARG_STRING)); $privtypes = getResourcePrivs(); $newgroupprivs = array(); foreach ($privtypes as $type) { if (in_array($type, $perms)) { array_push($newgroupprivs, $type); } } if (empty($newgroupprivs) || count($newgroupprivs) == 1 && in_array("cascade", $newgroupprivs)) { $text = "<font color=red>No resource group privileges were specified</font>"; print setAttribute('addResourceGroupPrivStatus', 'innerHTML', $text); return; } updateResourcePrivs($newgroupid, $node, $newgroupprivs, array()); clearPrivCache(); print "refreshPerms(); "; print "addResourceGroupPaneHide(); "; }
function confirmDeleteGroup() { $groupid = getContinuationVar("groupid"); $type = getContinuationVar("type"); $usergroups = getUserGroups(1); $resourcegroups = getResourceGroups(); if ($type == "user") { $title = "Delete User Group"; $question = "Delete the following user group?"; $name = $usergroups[$groupid]["name"]; $target = ""; } else { $title = "Delete Resource Group"; $question = "Delete the following resource group?"; list($resourcetype, $name) = split('/', $resourcegroups[$groupid]["name"]); $target = "#resources"; } if (checkForGroupUsage($groupid, $type)) { print "<H2 align=center>{$title}</H2>\n"; print "This group is currently assigned to at least one node in the "; print "privilege tree. You cannot delete it until it is no longer "; print "in use."; return; } print "<DIV align=center>\n"; print "<H2>{$title}</H2>\n"; print "{$question}<br><br>\n"; print "<TABLE>\n"; if ($type == "resource") { print " <TR>\n"; print " <TH align=right>Type:</TH>\n"; print " <TD>{$resourcetype}</TD>\n"; print " </TR>\n"; } print " <TR>\n"; print " <TH align=right>Name:</TH>\n"; print " <TD>{$name}</TD>\n"; print " </TR>\n"; if ($type == "resource") { print " <TR>\n"; print " <TH align=right>Owning User Group:</TH>\n"; print " <TD>" . $resourcegroups[$groupid]["owner"] . "</TD>\n"; print " </TR>\n"; } print "</TABLE>\n"; print "<TABLE>\n"; print " <TR valign=top>\n"; print " <TD>\n"; print " <FORM action=\"" . BASEURL . SCRIPT . "{$target}\" method=post>\n"; $cdata = array('groupid' => $groupid, 'type' => $type); $cont = addContinuationsEntry('submitDeleteGroup', $cdata); print " <INPUT type=hidden name=continuation value=\"{$cont}\">\n"; print " <INPUT type=submit value=Submit>\n"; print " </FORM>\n"; print " </TD>\n"; print " <TD>\n"; print " <FORM action=\"" . BASEURL . SCRIPT . "\" method=post>\n"; print " <INPUT type=hidden name=mode value=viewGroups>\n"; print " <INPUT type=submit value=Cancel>\n"; print " </FORM>\n"; print " </TD>\n"; print " </TR>\n"; print "</TABLE>\n"; }
function _XMLRPCchangeResourceGroupPriv_sub($mode, $name, $type, $nodeid, $permissions) { require_once ".ht-inc/privileges.php"; global $user; if (!is_numeric($nodeid)) { return array('status' => 'error', 'errorcode' => 78, 'errormsg' => 'Invalid nodeid specified'); } if (!checkUserHasPriv("resourceGrant", $user['id'], $nodeid)) { return array('status' => 'error', 'errorcode' => 61, 'errormsg' => 'Unable to remove resource group privileges on this node'); } $resourcetypes = getTypes('resources'); if (!in_array($type, $resourcetypes['resources'])) { return array('status' => 'error', 'errorcode' => 71, 'errormsg' => 'Invalid resource type'); } $groupid = getResourceGroupID("{$type}/{$name}"); if (is_null($groupid)) { return array('status' => 'error', 'errorcode' => 74, 'errormsg' => 'resource group does not exist'); } $changeperms = explode(':', $permissions); $allperms = getResourcePrivs(); $diff = array_diff($changeperms, $allperms); if (count($diff)) { return array('status' => 'error', 'errorcode' => 66, 'errormsg' => 'Invalid or missing permissions list supplied'); } $nocheckperms = array('block', 'cascade', 'available'); $checkperms = array_diff($changeperms, $nocheckperms); $groupdata = getResourceGroups($type, $groupid); if (count($checkperms) && !array_key_exists($groupdata[$groupid]["ownerid"], $user["groups"])) { return array('status' => 'error', 'errorcode' => 79, 'errormsg' => 'Unable to modify privilege set for resource group'); } $key = "{$type}/{$name}/{$groupid}"; $cnp = getNodeCascadePrivileges($nodeid, "resources"); $np = getNodePrivileges($nodeid, 'resources'); if (array_key_exists($key, $cnp['resources']) && (!array_key_exists($key, $np['resources']) || !in_array('block', $np['resources'][$key]))) { $intersect = array_intersect($cnp['resources'][$key], $changeperms); if (count($intersect)) { return array('status' => 'error', 'errorcode' => 80, 'errormsg' => 'Unable to modify privileges cascaded to this node'); } } if ($mode == 'remove') { $diff = array_diff($np['resources'][$key], $changeperms); if (count($diff) == 1 && in_array("cascade", $diff)) { $changeperms[] = 'cascade'; } } if ($mode == 'add') { updateResourcePrivs("{$groupid}", $nodeid, $changeperms, array()); } elseif ($mode == 'remove') { updateResourcePrivs("{$groupid}", $nodeid, array(), $changeperms); } return array('status' => 'success'); }