/** * Retrieves the NGIS to be added and then add them. * @return null */ function submit() { require_once __DIR__ . '/../../../../htdocs/web_portal/components/Get_User_Principle.php'; //Get user details (for the remove ngi function so it can check permissions) $dn = Get_User_Principle(); $user = \Factory::getUserService()->getUserByPrinciple($dn); //Get a project and NGI services $projectServ = \Factory::getProjectService(); $ngiServ = \Factory::getNgiService(); //Get the posted service type data $projectId = $_REQUEST['ID']; $ngiIds = $_REQUEST['NGIs']; //turn ngiIds into NGIs $ngis = new Doctrine\Common\Collections\ArrayCollection(); foreach ($ngiIds as $ngiId) { $ngis[] = $ngiServ->getNgi($ngiId); } //get the project $project = $projectServ->getProject($projectId); try { //function will throw error if user does not have the correct permissions $projectServ->addNgisToProject($project, $ngis, $user); $params = array('Name' => $project->getName(), 'ID' => $project->getId(), 'NGIs' => $ngis); show_view("project/added_ngis.php", $params, "Success"); } catch (Exception $e) { show_view('error.php', $e->getMessage()); die; } }
function submit() { //Only administrators can delete sites, double check user is an administrator checkUserIsAdmin(); if (!isset($_REQUEST['id']) || !is_numeric($_REQUEST['id'])) { throw new Exception("An id must be specified"); } if (isset($_REQUEST['id'])) { $ngi = \Factory::getNgiService()->getNgi($_REQUEST['id']); } else { throw new \Exception("A NGI must be specified in the url"); } //save name to display later $params['Name'] = $ngi->getName(); $dn = Get_User_Principle(); $user = \Factory::getUserService()->getUserByPrinciple($dn); //remove ngi try { \Factory::getNgiService()->deleteNgi($ngi, $user); } catch (\Exception $e) { show_view('error.php', $e->getMessage()); die; } show_view('/site/deleted_site.php', $params); }
/** * Processes an edit service request from a web request * @param \User $user current user * @return null */ function submit(\User $user = null) { $serv = \Factory::getNgiService(); $newValues = getNgiDataFromWeb(); $ngi = $serv->getNgi($newValues['ID']); $ngi = $serv->editNgi($ngi, $newValues, $user); $params = array('ngi' => $ngi); show_view('ngi/ngi_updated.php', $params); }
function view_ngi() { require_once __DIR__ . '/../../../../lib/Gocdb_Services/Factory.php'; require_once __DIR__ . '/../utils.php'; require_once __DIR__ . '/../../../web_portal/components/Get_User_Principle.php'; if (!isset($_GET['id']) || !is_numeric($_GET['id'])) { throw new Exception("An id must be specified"); } $ngiId = $_GET['id']; //get user for case that portal is read only and user is admin, so they can still see edit links $dn = Get_User_Principle(); $user = \Factory::getUserService()->getUserByPrinciple($dn); $params['portalIsReadOnly'] = portalIsReadOnlyAndUserIsNotAdmin($user); $params['UserIsAdmin'] = false; if (!is_null($user)) { $params['UserIsAdmin'] = $user->isAdmin(); } $params['authenticated'] = false; if ($user != null) { $params['authenticated'] = true; } $ngiServ = \Factory::getNgiService(); $siteServ = \Factory::getSiteService(); $ngi = $ngiServ->getNgi($ngiId); // Does current viewer have edit permissions over NGI ? $params['ShowEdit'] = false; if (count($ngiServ->authorizeAction(\Action::EDIT_OBJECT, $ngi, $user)) >= 1) { $params['ShowEdit'] = true; } // Add ngi to params $params['ngi'] = $ngi; // Add all roles over ngi to params $allRoles = $ngi->getRoles(); $roles = array(); foreach ($allRoles as $role) { if ($role->getStatus() == \RoleStatus::GRANTED) { $roles[] = $role; } } $params['roles'] = $roles; // Add ngi's project to params $projects = $ngi->getProjects(); $params['Projects'] = $projects; // Add sites and scopes to params $params['SitesAndScopes'] = array(); foreach ($ngi->getSites() as $site) { $params['SitesAndScopes'][] = array('Site' => $site, 'Scopes' => $siteServ->getScopesWithParentScopeInfo($site)); } // Add RoleActionRecords to params $params['RoleActionRecords'] = \Factory::getRoleService()->getRoleActionRecordsById_Type($ngi->getId(), 'ngi'); show_view('ngi/view_ngi.php', $params, $ngi->getName()); die; }
function view_ngis() { require_once __DIR__ . '/../../../../lib/Gocdb_Services/Factory.php'; $scope = '%%'; if (!empty($_GET['scope'])) { $scope = $_GET['scope']; } $scopes = \Factory::getScopeService()->getScopes(); $ngis = \Factory::getNgiService()->getNGIs($scope); $params['ngis'] = $ngis; $params['scopes'] = $scopes; $params['selectedScope'] = $scope; show_view('ngi/view_ngis.php', $params, "NGIs"); }
/** * Draws a form to add a new site * @param \User $user current user * @return null */ function draw(\User $user = null) { if (is_null($user)) { throw new Exception("Unregistered users can't add a new site"); } $siteService = \Factory::getSiteService(); //try { $siteService->addAuthorization($user); //} catch(Exception $e) { show_view('error.php', $e->getMessage()); die(); } if ($user->isAdmin()) { // if user is admin, then get all NGIs $userNGIs = \Factory::getNgiService()->getNGIs(); } else { // otherwise, get only the NGIs the non-admin user has roles over that support add_site $userNGIs = \Factory::getNgiService()->getNGIsBySupportedAction(Action::NGI_ADD_SITE, $user); if (count($userNGIs) == 0) { show_view('error.php', "You do not have permission to add a new site." . " To add a new site you require a managing role over an NGI"); die; } } $countries = $siteService->getCountries(); //$timezones = $siteService->getTimezones(); // Deprecated - don't use the lookup values in the GocDB $timezones = DateTimeZone::listIdentifiers(); $prodStatuses = $siteService->getProdStatuses(); //Remove SC and PPS infrastructures from drop down list. TODO: Delete this block once they no longer exist $SCInfrastructure = $siteService->getProdStatusByName('SC'); $PPSInfrastructure = $siteService->getProdStatusByName('PPS'); $hackprodStatuses = array(); foreach ($prodStatuses as $ps) { if ($ps != $SCInfrastructure and $ps != $PPSInfrastructure) { $hackprodStatuses[] = $ps; } } $prodStatuses = $hackprodStatuses; //delete up to here once pps and sc infrastructures have been removed from database $certStatuses = $siteService->getCertStatuses(); $scopes = \Factory::getScopeService()->getDefaultScopesSelectedArray(); $numberOfScopesRequired = \Factory::getConfigService()->getMinimumScopesRequired('site'); //$dDashNgis = \Factory::getUserService()->getDDashNgis($user); $params = array('ngis' => $userNGIs, 'countries' => $countries, 'timezones' => $timezones, 'prodStatuses' => $prodStatuses, 'certStatuses' => $certStatuses, 'scopes' => $scopes, 'numberOfScopesRequired' => $numberOfScopesRequired); //Check that there is at least one NGI available before allowing an add site. if ($params['ngis'] == null) { show_view('error.php', "GocDB requires one or more NGI's to be able to add a site."); } show_view("site/add_site.php", $params); die; }
/** * Retrieves the new NGI's data from a portal request and submit it to the * services layer's NGI functions. * @return null */ function submit() { require_once __DIR__ . '/../../../../htdocs/web_portal/components/Get_User_Principle.php'; //Get the posted NGI data $newValues = getNGIDataFromWeb(); //get the user data for the add NGI function (so it can check permissions) $dn = Get_User_Principle(); $user = \Factory::getUserService()->getUserByPrinciple($dn); try { //function will through error if user does not have the correct permissions $ngi = \Factory::getNgiService()->addNGI($newValues, $user); $params = array('Name' => $ngi->getName(), 'ID' => $ngi->getId()); show_view("admin/added_ngi.php", $params); } catch (Exception $e) { show_view('error.php', $e->getMessage()); die; } }
function drawSEs() { define("RECORDS_PER_PAGE", 30); require_once __DIR__ . '/../../../../lib/Gocdb_Services/Factory.php'; $seServ = \Factory::getServiceService(); $exServ = \Factory::getExtensionsService(); $startRecord = 1; if (isset($_REQUEST['record'])) { $startRecord = $_REQUEST['record']; } // Validation, ensure start record >= 1 if ($startRecord < 1) { $startRecord = 1; } $searchTerm = ""; if (!empty($_REQUEST['searchTerm'])) { $searchTerm = $_REQUEST['searchTerm']; } //strip leading and trailing whitespace off search term $searchTerm = strip_tags(trim($searchTerm)); if (1 === preg_match("/[';\"]/", $searchTerm)) { throw new Exception("Invalid char in search term"); } $serviceType = ""; if (isset($_REQUEST['serviceType'])) { $serviceType = $_REQUEST['serviceType']; } $production = ""; if (isset($_REQUEST['production'])) { $production = $_REQUEST['production']; } $monitored = ""; if (isset($_REQUEST['monitored'])) { $monitored = $_REQUEST['monitored']; } $scope = ""; if (isset($_REQUEST['scope'])) { $scope = $_REQUEST['scope']; } $ngi = ""; if (isset($_REQUEST['ngi'])) { $ngi = $_REQUEST['ngi']; } //must be done before the if certstatus in the block that sets $certStatus $showClosed = false; if (isset($_REQUEST['showClosed'])) { $showClosed = true; } $servKeyNames = ""; if (isset($_REQUEST['servKeyNames'])) { $servKeyNames = $_REQUEST['servKeyNames']; } $servKeyValues = ""; if (isset($_REQUEST['selectedServKeyValue'])) { $servKeyValues = $_REQUEST['selectedServKeyValue']; } $certStatus = ""; if (!empty($_REQUEST['certificationStatus'])) { $certStatus = $_REQUEST['certificationStatus']; //set show closed as true if production status selected is 'closed' - otherwise // there will be no results if ($certStatus == 'Closed') { $showClosed = true; } } $thisPage = 'index.php?Page_Type=Services'; if ($serviceType != "") { $thisPage .= '&serviceType=' . $serviceType; } if ($searchTerm != "") { $thisPage .= '&searchTerm=' . $searchTerm; } if ($production != "") { $thisPage .= '&production=' . $production; } if ($monitored != "") { $thisPage .= '&monitored=' . $monitored; } if ($scope != "") { $thisPage .= '&scope=' . $scope; } if ($ngi != "") { $thisPage .= '&ngi=' . $ngi; } if ($certStatus != "") { $thisPage .= '&certStatus=' . $certStatus; } if ($showClosed != "") { $thisPage .= '&showClosed=' . $showClosed; } if ($servKeyNames != "") { $thisPage .= '&servKeyNames=' . $servKeyNames; } if ($servKeyValues != "") { $thisPage .= '&servKeyValues=' . $servKeyValues; } if ($searchTerm != null || $searchTerm != "") { if (substr($searchTerm, 0, 1) != '%') { $searchTerm = '%' . $searchTerm; } if (substr($searchTerm, -1) != '%') { $searchTerm = $searchTerm . '%'; } } $numResults = $seServ->getSesCount($searchTerm, $serviceType, $production, $monitored, $scope, $ngi, $certStatus, $showClosed, $servKeyNames, $servKeyValues, null, null, false); $firstLink = $thisPage . "&record=1"; // Set the "previous" link if ($startRecord > RECORDS_PER_PAGE) { // Not showing the first page of results so enable the previous link $previousLink = $thisPage . "&record=" . ($startRecord - RECORDS_PER_PAGE); } else { // First page of results, disable previous button $previousLink = $thisPage . "&record=" . 0; } // Set the "Next" link // not the last page of results, normal next link if ($numResults - $startRecord > RECORDS_PER_PAGE) { $nextLink = $thisPage . "&record=" . ($startRecord + RECORDS_PER_PAGE); } else { // last page of results, disable next link $nextLink = $thisPage . '&record=' . ($numResults - RECORDS_PER_PAGE + 1); } $lastLink = $thisPage . "&record=" . ($numResults + 1 - RECORDS_PER_PAGE); // $startRecord + RECORDS_PER_PAGE "-1" because record 1 in the web portal == record 0 from DB $ses = $seServ->getSes($searchTerm, $serviceType, $production, $monitored, $scope, $ngi, $certStatus, $showClosed, $servKeyNames, $servKeyValues, $startRecord - 1, RECORDS_PER_PAGE, false); $endRecord = $startRecord + RECORDS_PER_PAGE - 1; /* Due to differences in counting, startRecord is still set to 1 * even if there are zero results. If this is the case it's * zero here to display accurately in the portal. */ if (count($ses) == 0) { $startRecord = 0; } /* Doctrine will provide keynames that are the same even when selecting distinct becase the object * is distinct even though the name is not unique. To avoid showing the same name repeatdly in the filter * we will load all the keynames into an array before making it unique */ $keynames = array(); foreach ($exServ->getServiceExtensionsKeyNames() as $extension) { $keynames[] = $extension->getKeyName(); } $keynames = array_unique($keynames); $serv = \Factory::getSiteService(); $params['scopes'] = \Factory::getScopeService()->getScopes(); $params['serviceTypes'] = $seServ->getServiceTypes(); $params['servKeyNames'] = $keynames; $params['selectedServiceType'] = $serviceType; $params['searchTerm'] = $searchTerm; $params['services'] = $ses; $params['totalServices'] = $numResults; $params['startRecord'] = $startRecord; $params['endRecord'] = $endRecord; $params['firstLink'] = $firstLink; $params['previousLink'] = $previousLink; $params['nextLink'] = $nextLink; $params['lastLink'] = $lastLink; $params['ngis'] = \Factory::getNgiService()->getNGIs(); $params['certStatuses'] = $serv->getCertStatuses(); $params['showClosed'] = $showClosed; $params['selectedProduction'] = $production; $params['selectedMonitored'] = $monitored; $params['selectedScope'] = $scope; $params['selectedNgi'] = $ngi; $params['selectedClosed'] = $showClosed; $params['selectedCertStatus'] = $certStatus; $params['selectedServKeyNames'] = $servKeyNames; $params['selectedServKeyValue'] = $servKeyValues; show_view("service/view_all.php", $params, "Services"); }
function view_requests() { require_once __DIR__ . '/../../../../lib/Gocdb_Services/Factory.php'; require_once __DIR__ . '/../../components/Get_User_Principle.php'; require_once __DIR__ . '/../utils.php'; $dn = Get_User_Principle(); $user = \Factory::getUserService()->getUserByPrinciple($dn); if ($user == null) { throw new Exception("Unregistered users can't view/request roles"); } // Entites is a two-dimensional array that lists both the id and name of // OwnedEntities that a user can reqeust a role over (Projects, NGIs, Sites, // ServiceGroups). If an inner dimesional array does not contain an Object_ID // array key, then it is used as a section title in a pull-down list. $entities = array(); $entities[] = array('Name' => 'Projects'); $allProjects = \Factory::getProjectService()->getProjects(); foreach ($allProjects as $proj) { $entities[] = array('Object_ID' => $proj->getId(), 'Name' => $proj->getName()); } $entities[] = array('Name' => 'NGIs'); $allNGIs = \Factory::getNgiService()->getNGIs(); foreach ($allNGIs as $ngi) { $entities[] = array('Object_ID' => $ngi->getId(), 'Name' => $ngi->getName()); } $entities[] = array('Name' => 'Sites'); $allSites = \Factory::getSiteService()->getSitesBy(); foreach ($allSites as $site) { $entities[] = array('Object_ID' => $site->getId(), 'Name' => $site->getShortName()); } $entities[] = array('Name' => 'ServiceGroups'); $allSGs = \Factory::getServiceGroupService()->getServiceGroups(); foreach ($allSGs as $sg) { $entities[] = array('Object_ID' => $sg->getId(), 'Name' => $sg->getName()); } // Current user's own pending roles $myPendingRoleRequests = \Factory::getRoleService()->getUserRoles($user, \RoleStatus::PENDING); // foreach role, lookup corresponding RoleActionRecord (if any) and populate // the role.decoratorObject with the roleActionRecord for subsequent display // foreach($myPendingRoleRequests as $role){ // $rar = \Factory::getRoleService()->getRoleActionRecordByRoleId($role->getId()); // $role->setDecoratorObject($rar); // } // Other roles current user can approve $otherRolesUserCanApprove = \Factory::getRoleService()->getPendingRolesUserCanApprove($user); // can the calling user grant or reject each role? foreach ($otherRolesUserCanApprove as $r) { $grantRejectRoleNamesArray = array(); $grantRejectRoleNamesArray['grant'] = ''; $grantRejectRoleNamesArray['deny'] = ''; // get list of roles that allows user to to grant the role request $grantRoleAuthorisingRoleNames = \Factory::getRoleService()->authorizeAction(\Action::GRANT_ROLE, $r->getOwnedEntity(), $user); if (count($grantRoleAuthorisingRoleNames) >= 1) { $allAuthorisingRoleNames = ''; foreach ($grantRoleAuthorisingRoleNames as $arName) { $allAuthorisingRoleNames .= $arName . ', '; } $allAuthorisingRoleNames = substr($allAuthorisingRoleNames, 0, strlen($allAuthorisingRoleNames) - 2); $grantRejectRoleNamesArray['grant'] = '[' . $allAuthorisingRoleNames . ']'; } // get list of roles that allows user to reject the role request $denyRoleAuthorisingRoleNames = \Factory::getRoleService()->authorizeAction(\Action::REJECT_ROLE, $r->getOwnedEntity(), $user); if (count($denyRoleAuthorisingRoleNames) >= 1) { $allAuthorisingRoleNames = ''; foreach ($denyRoleAuthorisingRoleNames as $arName) { $allAuthorisingRoleNames .= $arName . ', '; } $allAuthorisingRoleNames = substr($allAuthorisingRoleNames, 0, strlen($allAuthorisingRoleNames) - 2); $grantRejectRoleNamesArray['deny'] = '[' . $allAuthorisingRoleNames . ']'; } // store array of role names in decorator object $r->setDecoratorObject($grantRejectRoleNamesArray); } $params = array(); $params['entities'] = $entities; $params['myRequests'] = $myPendingRoleRequests; $params['allRequests'] = $otherRolesUserCanApprove; $params['portalIsReadOnly'] = portalIsReadOnlyAndUserIsNotAdmin($user); show_view("political_role/view_requests.php", $params, "Role Requests"); die; }
/** * This class will take an entity of either site, service group, NGI or Project. * It will then get the roles from the entity * and then get the users for each of those roles. Then using the authorizeAction function for the correct entity type it will * ascertain if a given user has the permission to grant a role. If they do there email address is added to an array. This array * of email addresses will then be sent a notification that they have a pending role request they can approve. * * If a site or NGI has no users with roles attached to it due to being newly created then this method will get the parent NGI and * send an email to those users to approve. It does this by passing the parent entity back into this method recursively. * * * @param Site/ServiceGroup/NGI/Project $entity */ public function roleRequest($entity) { $project = null; $emails = null; $projectIds = null; // Get the roles from the entity foreach ($entity->getRoles() as $role) { $roles[] = $role; } // Now for each role get the user foreach ($roles as $role) { // Call the correct authorize action service for the type of entity if ($entity instanceof \Site) { $enablingRoles = \Factory::getSiteService()->authorizeAction(\Action::GRANT_ROLE, $entity, $role->getUser()); // If the site has no site adminstrators to approve the role request then send an email to the parent NGI users to approve the request if ($roles == null) { $this->roleRequest($entity->getNgi()); // Recursivly call this function to send email to the NGI users } } else { if ($entity instanceof \ServiceGroup) { $enablingRoles = \Factory::getServiceGroupService()->authorizeAction(\Action::GRANT_ROLE, $entity, $role->getUser()); } else { if ($entity instanceof \Project) { $enablingRoles = \Factory::getProjectService()->authorizeAction(\Action::GRANT_ROLE, $entity, $role->getUser()); } else { if ($entity instanceof \NGI) { $enablingRoles = \Factory::getNgiService()->authorizeAction(\Action::GRANT_ROLE, $entity, $role->getUser()); $projects = $entity->getProjects(); // set project with the NGI's parent project and later recurse with this // Only send emails to Project users if there are no users with grant_roles over the NGI if ($roles == null) { // Get the ID's of each project so we can remove duplicates foreach ($projects as $project) { $projectIds[] = $project->getId(); } $projectIds = array_unique($projectIds); } } } } } // remove admin from enabling roles $position = array_search('GOCDB_ADMIN', $enablingRoles); if ($position != null) { unset($enablingRoles[$position]); } // Get the users email and add it to the array if they have an enabling role if (count($enablingRoles) > 0) { $emails[] = $role->getUser()->getEmail(); } } /* * No users are able to grant the role or there are no users over this entity. In this case we will email the parent entity for approval */ if ($emails == null || count($emails) == 0) { if ($entity instanceof \Site) { $this->roleRequest($entity->getNgi()); // Recursivly call this function to send email to the NGI users } else { if ($entity instanceof \NGI) { /* * It is important to remove duplicate projects here otherwise we will spam the same addresses as we recursively call this method. */ $projects = $entity->getProjects(); // set project with the NGI's parent project and later recurse with this $projectIds = array(); // Get the ID's of each project so we can remove duplicates foreach ($projects as $project) { $projectIds[] = $project->getId(); } $projectIds = array_unique($projectIds); } } } else { // If the entity has valid users who can approve the role then send the email notification. // Remove duplicate emails from array $emails = array_unique($emails); // Get the PortalURL to create an accurate link to the role approval view $localInfoLocation = __DIR__ . "/../../config/local_info.xml"; $localInfoXML = simplexml_load_file($localInfoLocation); $webPortalURL = $localInfoXML->local_info->web_portal_url; // Email content $headers = "From: no-reply@goc.egi.eu"; $subject = "GocDB: A Role request requires attention"; $body = "Dear GOCDB User,\n\n" . "A user has requested a role that requires attention.\n\n" . "You can approve or deny this request here:\n\n" . $webPortalURL . "/index.php?Page_Type=Role_Requests\n\n" . "Note: This role may already have been approved or denied by another GocDB User"; $sendMail = TRUE; // Send email to all users who can approve this role request if ($emails != null) { foreach ($emails as $email) { if ($sendMail) { mail($email, $subject, $body, $headers); } else { echo "Email: " . $email . "<br>"; echo "Subject: " . $subject . "<br>"; echo "Body: " . $body . "<br>"; } } } } /** * For each project ID get the entity and run this function again for each entity so * that for each NGI the email notification is sent to all users who hold roles over the parent * NGI(s). */ if ($projectIds != null) { foreach ($projectIds as $pid) { $project = \Factory::getOwnedEntityService()->getOwnedEntityById($pid); if (sendMail) { $this->roleRequest($project); } else { echo $project->getName() . "<br>"; } } } }
/** * Move the site to the new NGI and then display the success view * @param type $movementDetails array containing the site and the NGI it is to be moved to * @return null */ function submitMoveSite($movementDetails) { //Check that some sites have been specified if (!array_key_exists('Sites', $movementDetails)) { throw new Exception('Please select one or more sites to move.'); } //Get submitted data $newNgi_id = $movementDetails['NewNGI']; $site_ids = $movementDetails['Sites']; //Convert NGI id into objects $newNgi = \Factory::getNgiService()->getNGI($newNgi_id); //Get the users details $dn = Get_User_Principle(); $user = \Factory::getUserService()->getUserByPrinciple($dn); $serv = \Factory::getSiteService(); //create an array for the sites we can use to display the results // of the site move to the user $sites = new ArrayCollection(); //If sites have been subitted, move them. Else throw exception // try { foreach ($site_ids as $site_id) { $site = $serv->getSite($site_id); $serv->moveSite($site, $newNgi, $user); $sites[] = $site; } } catch (\Exception $e) { show_view('error.php', $e->getMessage()); die; } //show success view $params['NewNGI'] = $newNgi; $params['sites'] = $sites; show_view("admin/moved_site.php", $params); }