function addImagePermissions($ownerdata, $resourceid, $virtual)
{
$ownerid = $ownerdata['id'];
// create new node if it does not exist
if ($virtual) {
$nodename = 'newvmimages';
} else {
$nodename = 'newimages';
}
$query = "SELECT id " . "FROM privnode " . "WHERE name = '{$nodename}' AND " . "parent = 3";
$qh = doQuery($query, 101);
if (!($row = mysql_fetch_assoc($qh))) {
$query2 = "INSERT INTO privnode " . "(parent, " . "name) " . "VALUES " . "(3, " . "'{$nodename}')";
doQuery($query2, 101);
$qh = doQuery($query, 101);
$row = mysql_fetch_assoc($qh);
}
$parent = $row['id'];
$query = "SELECT id " . "FROM privnode " . "WHERE name = '{$ownerdata['login']}-{$ownerid}' AND " . "parent = {$parent}";
$qh = doQuery($query, 101);
if ($row = mysql_fetch_assoc($qh)) {
$newnode = $row['id'];
} else {
$query = "INSERT INTO privnode " . "(parent, name) " . "VALUES ({$parent}, '{$ownerdata['login']}-{$ownerid}')";
doQuery($query, 101);
$qh = doQuery("SELECT LAST_INSERT_ID() FROM privnode", 101);
$row = mysql_fetch_row($qh);
$newnode = $row[0];
}
// give user imageCheckOut and imageAdmin at new node
$newprivs = array('imageCheckOut', 'imageAdmin');
updateUserOrGroupPrivs($ownerid, $newnode, $newprivs, array(), 'user');
// create new image group if it does not exist
$query = "SELECT id " . "FROM usergroup " . "WHERE name = 'manageNewImages'";
$qh = doQuery($query, 101);
$row = mysql_fetch_assoc($qh);
$ownergroupid = $row['id'];
if ($virtual) {
$prefix = 'newvmimages';
} else {
$prefix = 'newimages';
}
$query = "SELECT id " . "FROM resourcegroup " . "WHERE name = '{$prefix}-{$ownerdata['login']}-{$ownerid}' AND " . "ownerusergroupid = {$ownergroupid} AND " . "resourcetypeid = 13";
$qh = doQuery($query, 101);
if ($row = mysql_fetch_assoc($qh)) {
$resourcegroupid = $row['id'];
} else {
$query = "INSERT INTO resourcegroup " . "(name, " . "ownerusergroupid, " . "resourcetypeid) " . "VALUES ('{$prefix}-{$ownerdata['login']}-{$ownerid}', " . "{$ownergroupid}, " . "13)";
doQuery($query, 305);
$qh = doQuery("SELECT LAST_INSERT_ID() FROM resourcegroup", 101);
$row = mysql_fetch_row($qh);
$resourcegroupid = $row[0];
// map group to newimages/newvmimages comp group
if ($virtual) {
$rgroupname = 'newvmimages';
} else {
$rgroupname = 'newimages';
}
$query = "SELECT id " . "FROM resourcegroup " . "WHERE name = '{$rgroupname}' AND " . "resourcetypeid = 12";
$qh = doQuery($query, 101);
$row = mysql_fetch_assoc($qh);
$compResGrpid = $row['id'];
$query = "INSERT INTO resourcemap " . "(resourcegroupid1, " . "resourcetypeid1, " . "resourcegroupid2, " . "resourcetypeid2) " . "VALUES ({$resourcegroupid}, " . "13, " . "{$compResGrpid}, " . "12)";
doQuery($query, 101);
}
// make image group available at new node
$adds = array('available', 'administer');
if ($virtual) {
updateResourcePrivs("image/newvmimages-{$ownerdata['login']}-{$ownerid}", $newnode, $adds, array());
} else {
updateResourcePrivs("image/newimages-{$ownerdata['login']}-{$ownerid}", $newnode, $adds, array());
}
// add image to image group
$query = "INSERT INTO resourcegroupmembers " . "(resourceid, resourcegroupid) " . "VALUES ({$resourceid}, {$resourcegroupid})";
doQuery($query, 101);
}
function AJsubmitAddUserGroupPriv()
{
global $user;
$node = processInputVar("activeNode", ARG_NUMERIC);
if (!checkUserHasPriv("userGrant", $user["id"], $node)) {
$text = "You do not have rights to add new user groups at this node.";
print "addUserGroupPaneHide(); ";
print "alert('{$text}');";
dbDisconnect();
exit;
}
$newgroupid = processInputVar("newgroupid", ARG_NUMERIC);
# FIXME validate newgroupid
$perms = explode(':', processInputVar('perms', ARG_STRING));
$usertypes = getTypes("users");
array_push($usertypes["users"], "block");
array_push($usertypes["users"], "cascade");
$newgroupprivs = array();
foreach ($usertypes["users"] as $type) {
if (in_array($type, $perms)) {
array_push($newgroupprivs, $type);
}
}
if (empty($newgroupprivs) || count($newgroupprivs) == 1 && in_array("cascade", $newgroupprivs)) {
$text = "<font color=red>No user group privileges were specified</font>";
print setAttribute('addUserGroupPrivStatus', 'innerHTML', $text);
dbDisconnect();
exit;
}
updateUserOrGroupPrivs($newgroupid, $node, $newgroupprivs, array(), "group");
clearPrivCache();
print "addUserGroupPaneHide(); ";
print "refreshPerms(); ";
dbDisconnect();
exit;
}
function addImage($data)
{
global $user;
if (get_magic_quotes_gpc()) {
$data['description'] = stripslashes($data['description']);
$data['usage'] = stripslashes($data['usage']);
}
$data['description'] = mysql_escape_string($data['description']);
$data['usage'] = mysql_escape_string($data['usage']);
$ownerdata = getUserInfo($data['owner']);
$ownerid = $ownerdata['id'];
if (empty($data['maxconcurrent']) || !is_numeric($data['maxconcurrent'])) {
$data['maxconcurrent'] = 'NULL';
}
$query = "INSERT INTO image " . "(prettyname, " . "ownerid, " . "platformid, " . "OSid, " . "minram, " . "minprocnumber, " . "minprocspeed, " . "minnetwork, " . "maxconcurrent, " . "reloadtime, " . "deleted, " . "description, " . "`usage`, " . "basedoffrevisionid) " . "VALUES ('{$data["prettyname"]}', " . "{$ownerid}, " . "{$data["platformid"]}, " . "{$data["osid"]}, " . "{$data["minram"]}, " . "{$data["minprocnumber"]}, " . "{$data["minprocspeed"]}, " . "{$data["minnetwork"]}, " . "{$data["maxconcurrent"]}, " . "{$data["reloadtime"]}, " . "1, " . "'{$data['description']}', " . "'{$data['usage']}', " . "{$data['basedoffrevisionid']})";
doQuery($query, 205);
// get last insert id
$qh = doQuery("SELECT LAST_INSERT_ID() FROM image", 206);
if (!($row = mysql_fetch_row($qh))) {
abort(207);
}
$imageid = $row[0];
// possibly add entry to imagemeta table
$imagemetaid = 0;
if ($data['checkuser'] != 0 && $data['checkuser'] != 1) {
$data['checkuser'] = 1;
}
if (!is_numeric($data['usergroupid']) || $data['usergroupid'] <= 0) {
$data['usergroupid'] = "NULL";
}
if ($data['sysprep'] != 0 && $data['sysprep'] != 1) {
$data['sysprep'] = 1;
}
if ($data['checkuser'] == 0 || is_numeric($data['usergroupid']) && $data['usergroupid'] > 0 || $data['sysprep'] == 0) {
$query = "INSERT INTO imagemeta " . "(checkuser, " . "usergroupid, " . "sysprep) " . "VALUES " . "({$data['checkuser']}, " . "{$data['usergroupid']}, " . "{$data['sysprep']})";
doQuery($query, 101);
// get last insert id
$qh = doQuery("SELECT LAST_INSERT_ID() FROM imagemeta", 101);
if (!($row = mysql_fetch_row($qh))) {
abort(207);
}
$imagemetaid = $row[0];
}
// create name from pretty name, os, and last insert id
$OSs = getOSList();
$name = $OSs[$data["osid"]]["name"] . "-" . preg_replace('/\\W/', '', $data["prettyname"]) . $imageid . "-v0";
if ($imagemetaid) {
$query = "UPDATE image " . "SET name = '{$name}', " . "imagemetaid = {$imagemetaid} " . "WHERE id = {$imageid}";
} else {
$query = "UPDATE image SET name = '{$name}' WHERE id = {$imageid}";
}
doQuery($query, 208);
$query = "INSERT INTO imagerevision " . "(imageid, " . "userid, " . "datecreated, " . "production, " . "imagename, " . "comments) " . "VALUES ({$imageid}, " . "{$user['id']}, " . "NOW(), " . "1, " . "'{$name}', " . "'{$data['comments']}')";
doQuery($query, 101);
// add entry in resource table
$query = "INSERT INTO resource " . "(resourcetypeid, " . "subid) " . "VALUES (13, " . "{$imageid})";
doQuery($query, 209);
$qh = doQuery("SELECT LAST_INSERT_ID() FROM resource", 101);
$row = mysql_fetch_row($qh);
$resourceid = $row[0];
if (strncmp($OSs[$data['osid']]['name'], 'vmware', 6) == 0) {
$vmware = 1;
} else {
$vmware = 0;
}
// create new node if it does not exist
if ($vmware) {
$nodename = 'newvmimages';
} else {
$nodename = 'newimages';
}
$query = "SELECT id " . "FROM privnode " . "WHERE name = '{$nodename}' AND " . "parent = 3";
$qh = doQuery($query, 101);
if (!($row = mysql_fetch_assoc($qh))) {
$query2 = "INSERT INTO privnode " . "(parent, " . "name) " . "VALUES " . "(3, " . "'{$nodename}')";
doQuery($query2, 101);
$qh = doQuery($query, 101);
$row = mysql_fetch_assoc($qh);
}
$parent = $row['id'];
$query = "SELECT id " . "FROM privnode " . "WHERE name = '{$ownerdata['login']}-{$ownerid}' AND " . "parent = {$parent}";
$qh = doQuery($query, 101);
if ($row = mysql_fetch_assoc($qh)) {
$newnode = $row['id'];
} else {
$query = "INSERT INTO privnode " . "(parent, name) " . "VALUES ({$parent}, '{$ownerdata['login']}-{$ownerid}')";
doQuery($query, 101);
$qh = doQuery("SELECT LAST_INSERT_ID() FROM privnode", 101);
$row = mysql_fetch_row($qh);
$newnode = $row[0];
}
// give user imageCheckOut and imageAdmin at new node
$newprivs = array('imageCheckOut', 'imageAdmin');
updateUserOrGroupPrivs($ownerid, $newnode, $newprivs, array(), 'user');
// create new image group if it does not exist
$query = "SELECT id " . "FROM usergroup " . "WHERE name = 'manageNewImages'";
$qh = doQuery($query, 101);
$row = mysql_fetch_assoc($qh);
$ownergroupid = $row['id'];
if ($vmware) {
$prefix = 'newvmimages';
} else {
$prefix = 'newimages';
}
$query = "SELECT id " . "FROM resourcegroup " . "WHERE name = '{$prefix}-{$ownerdata['login']}-{$ownerid}' AND " . "ownerusergroupid = {$ownergroupid} AND " . "resourcetypeid = 13";
$qh = doQuery($query, 101);
if ($row = mysql_fetch_assoc($qh)) {
$resourcegroupid = $row['id'];
} else {
$query = "INSERT INTO resourcegroup " . "(name, " . "ownerusergroupid, " . "resourcetypeid) " . "VALUES ('{$prefix}-{$ownerdata['login']}-{$ownerid}', " . "{$ownergroupid}, " . "13)";
doQuery($query, 305);
$qh = doQuery("SELECT LAST_INSERT_ID() FROM resourcegroup", 101);
$row = mysql_fetch_row($qh);
$resourcegroupid = $row[0];
// map group to newimages/newvmimages comp group
if ($vmware) {
$rgroupname = 'newvmimages';
} else {
$rgroupname = 'newimages';
}
$query = "SELECT id " . "FROM resourcegroup " . "WHERE name = '{$rgroupname}' AND " . "resourcetypeid = 12";
$qh = doQuery($query, 101);
$row = mysql_fetch_assoc($qh);
$compResGrpid = $row['id'];
$query = "INSERT INTO resourcemap " . "(resourcegroupid1, " . "resourcetypeid1, " . "resourcegroupid2, " . "resourcetypeid2) " . "VALUES ({$resourcegroupid}, " . "13, " . "{$compResGrpid}, " . "12)";
doQuery($query, 101);
}
// make image group available at new node
$adds = array('available', 'administer');
if ($vmware) {
updateResourcePrivs("image/newvmimages-{$ownerdata['login']}-{$ownerid}", $newnode, $adds, array());
} else {
updateResourcePrivs("image/newimages-{$ownerdata['login']}-{$ownerid}", $newnode, $adds, array());
}
// add image to image group
$query = "INSERT INTO resourcegroupmembers " . "(resourceid, resourcegroupid) " . "VALUES ({$resourceid}, {$resourcegroupid})";
doQuery($query, 101);
return $imageid;
}
function XMLRPCremoveUserGroupPriv($name, $affiliation, $nodeid, $permissions)
{
require_once ".ht-inc/privileges.php";
global $user;
if (!is_numeric($nodeid)) {
return array('status' => 'error', 'errorcode' => 78, 'errormsg' => 'Invalid nodeid specified');
}
if (!checkUserHasPriv("userGrant", $user['id'], $nodeid)) {
return array('status' => 'error', 'errorcode' => 65, 'errormsg' => 'Unable to remove user group privileges on this node');
}
$validate = array('name' => $name, 'affiliation' => $affiliation);
$rc = validateAPIgroupInput($validate, 1);
if ($rc['status'] == 'error') {
return $rc;
}
$groupid = $rc['id'];
$perms = explode(':', $permissions);
$usertypes = getTypes('users');
array_push($usertypes["users"], "block");
array_push($usertypes["users"], "cascade");
$diff = array_diff($perms, $usertypes['users']);
if (count($diff)) {
return array('status' => 'error', 'errorcode' => 66, 'errormsg' => 'Invalid or missing permissions list supplied');
}
$cnp = getNodeCascadePrivileges($nodeid, "usergroups");
$np = getNodePrivileges($nodeid, "usergroups");
if (array_key_exists($groupid, $cnp['usergroups']) && (!array_key_exists($groupid, $np['usergroups']) || !in_array('block', $np['usergroups'][$groupid]['privs']))) {
$intersect = array_intersect($cnp['usergroups'][$groupid]['privs'], $perms);
if (count($intersect)) {
return array('status' => 'error', 'errorcode' => 80, 'errormsg' => 'Unable to modify privileges cascaded to this node');
}
}
$diff = array_diff($np['usergroups'][$groupid]['privs'], $perms);
if (count($diff) == 1 && in_array("cascade", $diff)) {
array_push($perms, "cascade");
}
updateUserOrGroupPrivs($groupid, $nodeid, array(), $perms, "group");
return array('status' => 'success');
}
