/** * Retrieves the NGIS to be added and then add them. * @return null */ function submit() { require_once __DIR__ . '/../../../../htdocs/web_portal/components/Get_User_Principle.php'; //Get user details (for the remove ngi function so it can check permissions) $dn = Get_User_Principle(); $user = \Factory::getUserService()->getUserByPrinciple($dn); //Get a project and NGI services $projectServ = \Factory::getProjectService(); $ngiServ = \Factory::getNgiService(); //Get the posted service type data $projectId = $_REQUEST['ID']; $ngiIds = $_REQUEST['NGIs']; //turn ngiIds into NGIs $ngis = new Doctrine\Common\Collections\ArrayCollection(); foreach ($ngiIds as $ngiId) { $ngis[] = $ngiServ->getNgi($ngiId); } //get the project $project = $projectServ->getProject($projectId); try { //function will throw error if user does not have the correct permissions $projectServ->addNgisToProject($project, $ngis, $user); $params = array('Name' => $project->getName(), 'ID' => $project->getId(), 'NGIs' => $ngis); show_view("project/added_ngis.php", $params, "Success"); } catch (Exception $e) { show_view('error.php', $e->getMessage()); die; } }
function show_all_projects() { require_once __DIR__ . '/../../../../lib/Gocdb_Services/Factory.php'; $projects = \Factory::getProjectService()->getProjects(); $params['Projects'] = $projects; show_view('project/view_all.php', $params, "Projects"); }
function delete_project() { if (true) { throw new Exception("Project deletion is disabled - see controller to enable"); } if (!isset($_REQUEST['id']) || !is_numeric($_REQUEST['id'])) { throw new Exception("An id must be specified"); } $dn = Get_User_Principle(); $user = \Factory::getUserService()->getUserByPrinciple($dn); //Check the portal is not in read only mode, returns exception if it is and user is not an admin checkPortalIsNotReadOnlyOrUserIsAdmin($user); //Get the project from the id $serv = \Factory::getProjectService(); $project = $serv->getProject($_REQUEST['id']); //keep the name to display later $params['Name'] = $project->getName(); // Delete the project. This fuction will check the user is allowed to // perform this action and throw an error if not (only gocdb admins allowed). // Project deletion does not delete child NGIs and automatically cascade // deletes the user Roles over the OwnedEntity. try { $serv->deleteProject($project, $user); } catch (\Exception $e) { show_view('error.php', $e->getMessage()); die; } show_view("project/deleted_project.php", $params, $params['Name'] . 'deleted'); }
function CheckCurrentUserCanEditProject(\Project $project) { require_once __DIR__ . '/../../web_portal/components/Get_User_Principle.php'; $dn = Get_User_Principle(); $user = \Factory::getUserService()->getUserByPrinciple($dn); $enablingRoles = \Factory::getProjectService()->authorizeAction('ACTION_EDIT_OBJECT', $project, $user); if (count($enablingRoles) == 0) { throw new Exception("You do not have a role that enables you to edit this project"); } }
/** * Retrieves the new project's data from a portal request and submit it to the * services layer's project functions. * @return null */ function submit() { require_once __DIR__ . '/../../../../htdocs/web_portal/components/Get_User_Principle.php'; //Get the posted NGI data $newValues = getProjectDataFromWeb(); //get the user data for the add NGI function (so it can check permissions) $dn = Get_User_Principle(); $user = \Factory::getUserService()->getUserByPrinciple($dn); try { //function will through error if user does not have the correct permissions $project = \Factory::getProjectService()->addProject($newValues, $user); $params = array('Name' => $project->getName(), 'ID' => $project->getId()); show_view("admin/added_project.php", $params); } catch (Exception $e) { show_view('error.php', $e->getMessage()); die; } }
/** * Retrieves the project edit from a portal request and submit it to the * services layer's vsite functions. * @param \User $user Current user * @return null */ function submit(\User $user = null) { require_once __DIR__ . '/../../../../htdocs/web_portal/components/Get_User_Principle.php'; //get the post data $newValues = getProjectDataFromWeb(); //get the project service and the project being edited $serv = \Factory::getProjectService(); $unalteredProject = $serv->getProject($newValues['ID']); try { //function will throw error if user does not have the correct permissions $alteredProject = $serv->editProject($unalteredProject, $newValues, $user); $params = array('Name' => $alteredProject->getName(), 'Description' => $alteredProject->getDescription(), 'ID' => $alteredProject->getId()); show_view("project/edited_project.php", $params); } catch (Exception $e) { show_view('error.php', $e->getMessage()); die; } }
function show_project() { require_once __DIR__ . '/../../../../lib/Gocdb_Services/Factory.php'; require_once __DIR__ . '/../utils.php'; require_once __DIR__ . '/../../../../htdocs/web_portal/components/Get_User_Principle.php'; if (!isset($_GET['id']) || !is_numeric($_GET['id'])) { throw new Exception("An id must be specified"); } $projId = $_GET['id']; $serv = \Factory::getProjectService(); $project = $serv->getProject($projId); $allRoles = $project->getRoles(); $roles = array(); foreach ($allRoles as $role) { if ($role->getStatus() == \RoleStatus::GRANTED && $role->getRoleType()->getName() != \RoleTypeName::CIC_STAFF) { $roles[] = $role; } } //get user for case that portal is read only and user is admin, so they can still see edit links $dn = Get_User_Principle(); $user = \Factory::getUserService()->getUserByPrinciple($dn); $params['ShowEdit'] = false; if (count($serv->authorizeAction(\Action::EDIT_OBJECT, $project, $user)) >= 1) { $params['ShowEdit'] = true; } $params['authenticated'] = false; if ($user != null) { $params['authenticated'] = true; } // Add RoleActionRecords to params $params['RoleActionRecords'] = \Factory::getRoleService()->getRoleActionRecordsById_Type($project->getId(), 'project'); $params['Name'] = $project->getName(); $params['Description'] = $project->getDescription(); $params['ID'] = $project->getId(); $params['NGIs'] = $project->getNgis(); $params['Sites'] = $serv->getSites($project); $params['Roles'] = $roles; $params['portalIsReadOnly'] = portalIsReadOnlyAndUserIsNotAdmin($user); show_view('project/view_project.php', $params, $params['Name']); }
function view_requests() { require_once __DIR__ . '/../../../../lib/Gocdb_Services/Factory.php'; require_once __DIR__ . '/../../components/Get_User_Principle.php'; require_once __DIR__ . '/../utils.php'; $dn = Get_User_Principle(); $user = \Factory::getUserService()->getUserByPrinciple($dn); if ($user == null) { throw new Exception("Unregistered users can't view/request roles"); } // Entites is a two-dimensional array that lists both the id and name of // OwnedEntities that a user can reqeust a role over (Projects, NGIs, Sites, // ServiceGroups). If an inner dimesional array does not contain an Object_ID // array key, then it is used as a section title in a pull-down list. $entities = array(); $entities[] = array('Name' => 'Projects'); $allProjects = \Factory::getProjectService()->getProjects(); foreach ($allProjects as $proj) { $entities[] = array('Object_ID' => $proj->getId(), 'Name' => $proj->getName()); } $entities[] = array('Name' => 'NGIs'); $allNGIs = \Factory::getNgiService()->getNGIs(); foreach ($allNGIs as $ngi) { $entities[] = array('Object_ID' => $ngi->getId(), 'Name' => $ngi->getName()); } $entities[] = array('Name' => 'Sites'); $allSites = \Factory::getSiteService()->getSitesBy(); foreach ($allSites as $site) { $entities[] = array('Object_ID' => $site->getId(), 'Name' => $site->getShortName()); } $entities[] = array('Name' => 'ServiceGroups'); $allSGs = \Factory::getServiceGroupService()->getServiceGroups(); foreach ($allSGs as $sg) { $entities[] = array('Object_ID' => $sg->getId(), 'Name' => $sg->getName()); } // Current user's own pending roles $myPendingRoleRequests = \Factory::getRoleService()->getUserRoles($user, \RoleStatus::PENDING); // foreach role, lookup corresponding RoleActionRecord (if any) and populate // the role.decoratorObject with the roleActionRecord for subsequent display // foreach($myPendingRoleRequests as $role){ // $rar = \Factory::getRoleService()->getRoleActionRecordByRoleId($role->getId()); // $role->setDecoratorObject($rar); // } // Other roles current user can approve $otherRolesUserCanApprove = \Factory::getRoleService()->getPendingRolesUserCanApprove($user); // can the calling user grant or reject each role? foreach ($otherRolesUserCanApprove as $r) { $grantRejectRoleNamesArray = array(); $grantRejectRoleNamesArray['grant'] = ''; $grantRejectRoleNamesArray['deny'] = ''; // get list of roles that allows user to to grant the role request $grantRoleAuthorisingRoleNames = \Factory::getRoleService()->authorizeAction(\Action::GRANT_ROLE, $r->getOwnedEntity(), $user); if (count($grantRoleAuthorisingRoleNames) >= 1) { $allAuthorisingRoleNames = ''; foreach ($grantRoleAuthorisingRoleNames as $arName) { $allAuthorisingRoleNames .= $arName . ', '; } $allAuthorisingRoleNames = substr($allAuthorisingRoleNames, 0, strlen($allAuthorisingRoleNames) - 2); $grantRejectRoleNamesArray['grant'] = '[' . $allAuthorisingRoleNames . ']'; } // get list of roles that allows user to reject the role request $denyRoleAuthorisingRoleNames = \Factory::getRoleService()->authorizeAction(\Action::REJECT_ROLE, $r->getOwnedEntity(), $user); if (count($denyRoleAuthorisingRoleNames) >= 1) { $allAuthorisingRoleNames = ''; foreach ($denyRoleAuthorisingRoleNames as $arName) { $allAuthorisingRoleNames .= $arName . ', '; } $allAuthorisingRoleNames = substr($allAuthorisingRoleNames, 0, strlen($allAuthorisingRoleNames) - 2); $grantRejectRoleNamesArray['deny'] = '[' . $allAuthorisingRoleNames . ']'; } // store array of role names in decorator object $r->setDecoratorObject($grantRejectRoleNamesArray); } $params = array(); $params['entities'] = $entities; $params['myRequests'] = $myPendingRoleRequests; $params['allRequests'] = $otherRolesUserCanApprove; $params['portalIsReadOnly'] = portalIsReadOnlyAndUserIsNotAdmin($user); show_view("political_role/view_requests.php", $params, "Role Requests"); die; }
/** * This class will take an entity of either site, service group, NGI or Project. * It will then get the roles from the entity * and then get the users for each of those roles. Then using the authorizeAction function for the correct entity type it will * ascertain if a given user has the permission to grant a role. If they do there email address is added to an array. This array * of email addresses will then be sent a notification that they have a pending role request they can approve. * * If a site or NGI has no users with roles attached to it due to being newly created then this method will get the parent NGI and * send an email to those users to approve. It does this by passing the parent entity back into this method recursively. * * * @param Site/ServiceGroup/NGI/Project $entity */ public function roleRequest($entity) { $project = null; $emails = null; $projectIds = null; // Get the roles from the entity foreach ($entity->getRoles() as $role) { $roles[] = $role; } // Now for each role get the user foreach ($roles as $role) { // Call the correct authorize action service for the type of entity if ($entity instanceof \Site) { $enablingRoles = \Factory::getSiteService()->authorizeAction(\Action::GRANT_ROLE, $entity, $role->getUser()); // If the site has no site adminstrators to approve the role request then send an email to the parent NGI users to approve the request if ($roles == null) { $this->roleRequest($entity->getNgi()); // Recursivly call this function to send email to the NGI users } } else { if ($entity instanceof \ServiceGroup) { $enablingRoles = \Factory::getServiceGroupService()->authorizeAction(\Action::GRANT_ROLE, $entity, $role->getUser()); } else { if ($entity instanceof \Project) { $enablingRoles = \Factory::getProjectService()->authorizeAction(\Action::GRANT_ROLE, $entity, $role->getUser()); } else { if ($entity instanceof \NGI) { $enablingRoles = \Factory::getNgiService()->authorizeAction(\Action::GRANT_ROLE, $entity, $role->getUser()); $projects = $entity->getProjects(); // set project with the NGI's parent project and later recurse with this // Only send emails to Project users if there are no users with grant_roles over the NGI if ($roles == null) { // Get the ID's of each project so we can remove duplicates foreach ($projects as $project) { $projectIds[] = $project->getId(); } $projectIds = array_unique($projectIds); } } } } } // remove admin from enabling roles $position = array_search('GOCDB_ADMIN', $enablingRoles); if ($position != null) { unset($enablingRoles[$position]); } // Get the users email and add it to the array if they have an enabling role if (count($enablingRoles) > 0) { $emails[] = $role->getUser()->getEmail(); } } /* * No users are able to grant the role or there are no users over this entity. In this case we will email the parent entity for approval */ if ($emails == null || count($emails) == 0) { if ($entity instanceof \Site) { $this->roleRequest($entity->getNgi()); // Recursivly call this function to send email to the NGI users } else { if ($entity instanceof \NGI) { /* * It is important to remove duplicate projects here otherwise we will spam the same addresses as we recursively call this method. */ $projects = $entity->getProjects(); // set project with the NGI's parent project and later recurse with this $projectIds = array(); // Get the ID's of each project so we can remove duplicates foreach ($projects as $project) { $projectIds[] = $project->getId(); } $projectIds = array_unique($projectIds); } } } else { // If the entity has valid users who can approve the role then send the email notification. // Remove duplicate emails from array $emails = array_unique($emails); // Get the PortalURL to create an accurate link to the role approval view $localInfoLocation = __DIR__ . "/../../config/local_info.xml"; $localInfoXML = simplexml_load_file($localInfoLocation); $webPortalURL = $localInfoXML->local_info->web_portal_url; // Email content $headers = "From: no-reply@goc.egi.eu"; $subject = "GocDB: A Role request requires attention"; $body = "Dear GOCDB User,\n\n" . "A user has requested a role that requires attention.\n\n" . "You can approve or deny this request here:\n\n" . $webPortalURL . "/index.php?Page_Type=Role_Requests\n\n" . "Note: This role may already have been approved or denied by another GocDB User"; $sendMail = TRUE; // Send email to all users who can approve this role request if ($emails != null) { foreach ($emails as $email) { if ($sendMail) { mail($email, $subject, $body, $headers); } else { echo "Email: " . $email . "<br>"; echo "Subject: " . $subject . "<br>"; echo "Body: " . $body . "<br>"; } } } } /** * For each project ID get the entity and run this function again for each entity so * that for each NGI the email notification is sent to all users who hold roles over the parent * NGI(s). */ if ($projectIds != null) { foreach ($projectIds as $pid) { $project = \Factory::getOwnedEntityService()->getOwnedEntityById($pid); if (sendMail) { $this->roleRequest($project); } else { echo $project->getName() . "<br>"; } } } }