function addImagePermissions($ownerdata, $resourceid, $virtual) { $ownerid = $ownerdata['id']; // create new node if it does not exist if ($virtual) { $nodename = 'newvmimages'; } else { $nodename = 'newimages'; } $query = "SELECT id " . "FROM privnode " . "WHERE name = '{$nodename}' AND " . "parent = 3"; $qh = doQuery($query, 101); if (!($row = mysql_fetch_assoc($qh))) { $query2 = "INSERT INTO privnode " . "(parent, " . "name) " . "VALUES " . "(3, " . "'{$nodename}')"; doQuery($query2, 101); $qh = doQuery($query, 101); $row = mysql_fetch_assoc($qh); } $parent = $row['id']; $query = "SELECT id " . "FROM privnode " . "WHERE name = '{$ownerdata['login']}-{$ownerid}' AND " . "parent = {$parent}"; $qh = doQuery($query, 101); if ($row = mysql_fetch_assoc($qh)) { $newnode = $row['id']; } else { $query = "INSERT INTO privnode " . "(parent, name) " . "VALUES ({$parent}, '{$ownerdata['login']}-{$ownerid}')"; doQuery($query, 101); $qh = doQuery("SELECT LAST_INSERT_ID() FROM privnode", 101); $row = mysql_fetch_row($qh); $newnode = $row[0]; } // give user imageCheckOut and imageAdmin at new node $newprivs = array('imageCheckOut', 'imageAdmin'); updateUserOrGroupPrivs($ownerid, $newnode, $newprivs, array(), 'user'); // create new image group if it does not exist $query = "SELECT id " . "FROM usergroup " . "WHERE name = 'manageNewImages'"; $qh = doQuery($query, 101); $row = mysql_fetch_assoc($qh); $ownergroupid = $row['id']; if ($virtual) { $prefix = 'newvmimages'; } else { $prefix = 'newimages'; } $query = "SELECT id " . "FROM resourcegroup " . "WHERE name = '{$prefix}-{$ownerdata['login']}-{$ownerid}' AND " . "ownerusergroupid = {$ownergroupid} AND " . "resourcetypeid = 13"; $qh = doQuery($query, 101); if ($row = mysql_fetch_assoc($qh)) { $resourcegroupid = $row['id']; } else { $query = "INSERT INTO resourcegroup " . "(name, " . "ownerusergroupid, " . "resourcetypeid) " . "VALUES ('{$prefix}-{$ownerdata['login']}-{$ownerid}', " . "{$ownergroupid}, " . "13)"; doQuery($query, 305); $qh = doQuery("SELECT LAST_INSERT_ID() FROM resourcegroup", 101); $row = mysql_fetch_row($qh); $resourcegroupid = $row[0]; // map group to newimages/newvmimages comp group if ($virtual) { $rgroupname = 'newvmimages'; } else { $rgroupname = 'newimages'; } $query = "SELECT id " . "FROM resourcegroup " . "WHERE name = '{$rgroupname}' AND " . "resourcetypeid = 12"; $qh = doQuery($query, 101); $row = mysql_fetch_assoc($qh); $compResGrpid = $row['id']; $query = "INSERT INTO resourcemap " . "(resourcegroupid1, " . "resourcetypeid1, " . "resourcegroupid2, " . "resourcetypeid2) " . "VALUES ({$resourcegroupid}, " . "13, " . "{$compResGrpid}, " . "12)"; doQuery($query, 101); } // make image group available at new node $adds = array('available', 'administer'); if ($virtual) { updateResourcePrivs("image/newvmimages-{$ownerdata['login']}-{$ownerid}", $newnode, $adds, array()); } else { updateResourcePrivs("image/newimages-{$ownerdata['login']}-{$ownerid}", $newnode, $adds, array()); } // add image to image group $query = "INSERT INTO resourcegroupmembers " . "(resourceid, resourcegroupid) " . "VALUES ({$resourceid}, {$resourcegroupid})"; doQuery($query, 101); }
function AJsubmitAddUserGroupPriv() { global $user; $node = processInputVar("activeNode", ARG_NUMERIC); if (!checkUserHasPriv("userGrant", $user["id"], $node)) { $text = "You do not have rights to add new user groups at this node."; print "addUserGroupPaneHide(); "; print "alert('{$text}');"; dbDisconnect(); exit; } $newgroupid = processInputVar("newgroupid", ARG_NUMERIC); # FIXME validate newgroupid $perms = explode(':', processInputVar('perms', ARG_STRING)); $usertypes = getTypes("users"); array_push($usertypes["users"], "block"); array_push($usertypes["users"], "cascade"); $newgroupprivs = array(); foreach ($usertypes["users"] as $type) { if (in_array($type, $perms)) { array_push($newgroupprivs, $type); } } if (empty($newgroupprivs) || count($newgroupprivs) == 1 && in_array("cascade", $newgroupprivs)) { $text = "<font color=red>No user group privileges were specified</font>"; print setAttribute('addUserGroupPrivStatus', 'innerHTML', $text); dbDisconnect(); exit; } updateUserOrGroupPrivs($newgroupid, $node, $newgroupprivs, array(), "group"); clearPrivCache(); print "addUserGroupPaneHide(); "; print "refreshPerms(); "; dbDisconnect(); exit; }
function addImage($data) { global $user; if (get_magic_quotes_gpc()) { $data['description'] = stripslashes($data['description']); $data['usage'] = stripslashes($data['usage']); } $data['description'] = mysql_escape_string($data['description']); $data['usage'] = mysql_escape_string($data['usage']); $ownerdata = getUserInfo($data['owner']); $ownerid = $ownerdata['id']; if (empty($data['maxconcurrent']) || !is_numeric($data['maxconcurrent'])) { $data['maxconcurrent'] = 'NULL'; } $query = "INSERT INTO image " . "(prettyname, " . "ownerid, " . "platformid, " . "OSid, " . "minram, " . "minprocnumber, " . "minprocspeed, " . "minnetwork, " . "maxconcurrent, " . "reloadtime, " . "deleted, " . "description, " . "`usage`, " . "basedoffrevisionid) " . "VALUES ('{$data["prettyname"]}', " . "{$ownerid}, " . "{$data["platformid"]}, " . "{$data["osid"]}, " . "{$data["minram"]}, " . "{$data["minprocnumber"]}, " . "{$data["minprocspeed"]}, " . "{$data["minnetwork"]}, " . "{$data["maxconcurrent"]}, " . "{$data["reloadtime"]}, " . "1, " . "'{$data['description']}', " . "'{$data['usage']}', " . "{$data['basedoffrevisionid']})"; doQuery($query, 205); // get last insert id $qh = doQuery("SELECT LAST_INSERT_ID() FROM image", 206); if (!($row = mysql_fetch_row($qh))) { abort(207); } $imageid = $row[0]; // possibly add entry to imagemeta table $imagemetaid = 0; if ($data['checkuser'] != 0 && $data['checkuser'] != 1) { $data['checkuser'] = 1; } if (!is_numeric($data['usergroupid']) || $data['usergroupid'] <= 0) { $data['usergroupid'] = "NULL"; } if ($data['sysprep'] != 0 && $data['sysprep'] != 1) { $data['sysprep'] = 1; } if ($data['checkuser'] == 0 || is_numeric($data['usergroupid']) && $data['usergroupid'] > 0 || $data['sysprep'] == 0) { $query = "INSERT INTO imagemeta " . "(checkuser, " . "usergroupid, " . "sysprep) " . "VALUES " . "({$data['checkuser']}, " . "{$data['usergroupid']}, " . "{$data['sysprep']})"; doQuery($query, 101); // get last insert id $qh = doQuery("SELECT LAST_INSERT_ID() FROM imagemeta", 101); if (!($row = mysql_fetch_row($qh))) { abort(207); } $imagemetaid = $row[0]; } // create name from pretty name, os, and last insert id $OSs = getOSList(); $name = $OSs[$data["osid"]]["name"] . "-" . preg_replace('/\\W/', '', $data["prettyname"]) . $imageid . "-v0"; if ($imagemetaid) { $query = "UPDATE image " . "SET name = '{$name}', " . "imagemetaid = {$imagemetaid} " . "WHERE id = {$imageid}"; } else { $query = "UPDATE image SET name = '{$name}' WHERE id = {$imageid}"; } doQuery($query, 208); $query = "INSERT INTO imagerevision " . "(imageid, " . "userid, " . "datecreated, " . "production, " . "imagename, " . "comments) " . "VALUES ({$imageid}, " . "{$user['id']}, " . "NOW(), " . "1, " . "'{$name}', " . "'{$data['comments']}')"; doQuery($query, 101); // add entry in resource table $query = "INSERT INTO resource " . "(resourcetypeid, " . "subid) " . "VALUES (13, " . "{$imageid})"; doQuery($query, 209); $qh = doQuery("SELECT LAST_INSERT_ID() FROM resource", 101); $row = mysql_fetch_row($qh); $resourceid = $row[0]; if (strncmp($OSs[$data['osid']]['name'], 'vmware', 6) == 0) { $vmware = 1; } else { $vmware = 0; } // create new node if it does not exist if ($vmware) { $nodename = 'newvmimages'; } else { $nodename = 'newimages'; } $query = "SELECT id " . "FROM privnode " . "WHERE name = '{$nodename}' AND " . "parent = 3"; $qh = doQuery($query, 101); if (!($row = mysql_fetch_assoc($qh))) { $query2 = "INSERT INTO privnode " . "(parent, " . "name) " . "VALUES " . "(3, " . "'{$nodename}')"; doQuery($query2, 101); $qh = doQuery($query, 101); $row = mysql_fetch_assoc($qh); } $parent = $row['id']; $query = "SELECT id " . "FROM privnode " . "WHERE name = '{$ownerdata['login']}-{$ownerid}' AND " . "parent = {$parent}"; $qh = doQuery($query, 101); if ($row = mysql_fetch_assoc($qh)) { $newnode = $row['id']; } else { $query = "INSERT INTO privnode " . "(parent, name) " . "VALUES ({$parent}, '{$ownerdata['login']}-{$ownerid}')"; doQuery($query, 101); $qh = doQuery("SELECT LAST_INSERT_ID() FROM privnode", 101); $row = mysql_fetch_row($qh); $newnode = $row[0]; } // give user imageCheckOut and imageAdmin at new node $newprivs = array('imageCheckOut', 'imageAdmin'); updateUserOrGroupPrivs($ownerid, $newnode, $newprivs, array(), 'user'); // create new image group if it does not exist $query = "SELECT id " . "FROM usergroup " . "WHERE name = 'manageNewImages'"; $qh = doQuery($query, 101); $row = mysql_fetch_assoc($qh); $ownergroupid = $row['id']; if ($vmware) { $prefix = 'newvmimages'; } else { $prefix = 'newimages'; } $query = "SELECT id " . "FROM resourcegroup " . "WHERE name = '{$prefix}-{$ownerdata['login']}-{$ownerid}' AND " . "ownerusergroupid = {$ownergroupid} AND " . "resourcetypeid = 13"; $qh = doQuery($query, 101); if ($row = mysql_fetch_assoc($qh)) { $resourcegroupid = $row['id']; } else { $query = "INSERT INTO resourcegroup " . "(name, " . "ownerusergroupid, " . "resourcetypeid) " . "VALUES ('{$prefix}-{$ownerdata['login']}-{$ownerid}', " . "{$ownergroupid}, " . "13)"; doQuery($query, 305); $qh = doQuery("SELECT LAST_INSERT_ID() FROM resourcegroup", 101); $row = mysql_fetch_row($qh); $resourcegroupid = $row[0]; // map group to newimages/newvmimages comp group if ($vmware) { $rgroupname = 'newvmimages'; } else { $rgroupname = 'newimages'; } $query = "SELECT id " . "FROM resourcegroup " . "WHERE name = '{$rgroupname}' AND " . "resourcetypeid = 12"; $qh = doQuery($query, 101); $row = mysql_fetch_assoc($qh); $compResGrpid = $row['id']; $query = "INSERT INTO resourcemap " . "(resourcegroupid1, " . "resourcetypeid1, " . "resourcegroupid2, " . "resourcetypeid2) " . "VALUES ({$resourcegroupid}, " . "13, " . "{$compResGrpid}, " . "12)"; doQuery($query, 101); } // make image group available at new node $adds = array('available', 'administer'); if ($vmware) { updateResourcePrivs("image/newvmimages-{$ownerdata['login']}-{$ownerid}", $newnode, $adds, array()); } else { updateResourcePrivs("image/newimages-{$ownerdata['login']}-{$ownerid}", $newnode, $adds, array()); } // add image to image group $query = "INSERT INTO resourcegroupmembers " . "(resourceid, resourcegroupid) " . "VALUES ({$resourceid}, {$resourcegroupid})"; doQuery($query, 101); return $imageid; }
function XMLRPCremoveUserGroupPriv($name, $affiliation, $nodeid, $permissions) { require_once ".ht-inc/privileges.php"; global $user; if (!is_numeric($nodeid)) { return array('status' => 'error', 'errorcode' => 78, 'errormsg' => 'Invalid nodeid specified'); } if (!checkUserHasPriv("userGrant", $user['id'], $nodeid)) { return array('status' => 'error', 'errorcode' => 65, 'errormsg' => 'Unable to remove user group privileges on this node'); } $validate = array('name' => $name, 'affiliation' => $affiliation); $rc = validateAPIgroupInput($validate, 1); if ($rc['status'] == 'error') { return $rc; } $groupid = $rc['id']; $perms = explode(':', $permissions); $usertypes = getTypes('users'); array_push($usertypes["users"], "block"); array_push($usertypes["users"], "cascade"); $diff = array_diff($perms, $usertypes['users']); if (count($diff)) { return array('status' => 'error', 'errorcode' => 66, 'errormsg' => 'Invalid or missing permissions list supplied'); } $cnp = getNodeCascadePrivileges($nodeid, "usergroups"); $np = getNodePrivileges($nodeid, "usergroups"); if (array_key_exists($groupid, $cnp['usergroups']) && (!array_key_exists($groupid, $np['usergroups']) || !in_array('block', $np['usergroups'][$groupid]['privs']))) { $intersect = array_intersect($cnp['usergroups'][$groupid]['privs'], $perms); if (count($intersect)) { return array('status' => 'error', 'errorcode' => 80, 'errormsg' => 'Unable to modify privileges cascaded to this node'); } } $diff = array_diff($np['usergroups'][$groupid]['privs'], $perms); if (count($diff) == 1 && in_array("cascade", $diff)) { array_push($perms, "cascade"); } updateUserOrGroupPrivs($groupid, $nodeid, array(), $perms, "group"); return array('status' => 'success'); }