function showAllServiceGroups() { require_once __DIR__ . '/../../../../lib/Gocdb_Services/Factory.php'; $scope = '%%'; if (!empty($_GET['scope'])) { $scope = $_GET['scope']; } $scopes = \Factory::getScopeService()->getScopes(); $sgKeyNames = ""; if (isset($_GET['sgKeyNames'])) { $sgKeyNames = $_GET['sgKeyNames']; } $sgKeyValues = ""; if (isset($_GET['selectedSGKeyValue'])) { $sgKeyValues = $_GET['selectedSGKeyValue']; } $sGroups = \Factory::getServiceGroupService()->getServiceGroups($scope, $sgKeyNames, $sgKeyValues); $exServ = \Factory::getExtensionsService(); /* Doctrine will provide keynames that are the same even when selecting distinct becase the object * is distinct even though the name is not unique. To avoid showing the same name repeatdly in the filter * we will load all the keynames into an array before making it unique */ $keynames = array(); foreach ($exServ->getServiceGroupExtensionsKeyNames() as $extension) { $keynames[] = $extension->getKeyName(); } $keynames = array_unique($keynames); $params['sGroups'] = $sGroups; $params['scopes'] = $scopes; $params['selectedScope'] = $scope; $params['selectedSGKeyName'] = $sgKeyNames; $params['selectedSGKeyValue'] = $sgKeyValues; $params['sgKeyName'] = $keynames; show_view("service_group/view_all.php", $params); }
function submit(\ServiceGroupProperty $property, \User $user = null, \ServiceGroup $serviceGroup) { $params['prop'] = $property; $params['serviceGroup'] = $serviceGroup; //remove service group property try { $serv = \Factory::getServiceGroupService(); $serv->deleteServiceGroupProperty($serviceGroup, $user, $property); } catch (\Exception $e) { show_view('error.php', $e->getMessage()); die; } show_view('/service_group/deleted_service_group_property.php', $params); }
/** * Draws a form to add a new service group property * @param \User $user current user * @return null */ function draw(\User $user = null) { if (is_null($user)) { throw new Exception("Unregistered users can't add a service group property."); } if (!isset($_REQUEST['serviceGroup']) || !is_numeric($_REQUEST['serviceGroup'])) { throw new Exception("An id must be specified"); } $serv = \Factory::getServiceGroupService(); $serviceGroup = $serv->getServiceGroup($_REQUEST['serviceGroup']); //Check user has permissions to add site property $serv->validatePropertyActions($user, $serviceGroup); $params = array('serviceGroup' => $serviceGroup); show_view("service_group/add_service_group_property.php", $params); }
/** * Retrieves the new vsite's data from a portal request and submit it to the * services layer's vsite functions. * @return null */ function submit($user) { $serv = \Factory::getServiceGroupService(); try { //$serv->addAuthorization($user); if (is_null($user)) { throw new \Exception("Unregistered users can't create service groups."); } $newValues = getSGroupDataFromWeb(); $sg = $serv->addServiceGroup($newValues, $user); $params = array('sg' => $sg); show_view("service_group/submit_add_service_group.php", $params); } catch (Exception $e) { show_view("error.php", $e->getMessage()); die; } }
/** * Validates the user's input, removes the services and * returns the object ID of the removed service * @global array $_REQUEST only set if the browser has sent parameters * @param \User $user current User * @return null */ function submit(\User $user = null) { $serv = \Factory::getServiceGroupService(); if (!isset($_REQUEST['sgId']) || !is_numeric($_REQUEST['sgId'])) { throw new Exception("An id must be specified"); } if (!isset($_REQUEST['seId']) || !is_numeric($_REQUEST['seId'])) { throw new Exception("An id must be specified"); } // The service group to remove SEs from $sg = $serv->getServiceGroup($_REQUEST['sgId']); $se = \Factory::getServiceService()->getService($_REQUEST['seId']); try { /* If the service is siteless and was created under this * service group then we delete it */ if (is_null($se->getParentSite())) { // TODO: v5 implementation // If 0 was returned above then the SE doesn't have a hosting site // $hostingVSite = \Factory::getServiceService()-> // getHostVirtualSite($endpointId, $gridId); // /* If this service group created the endpoint then delete // * it */ // if($hostingVSite == $vSiteId) { // $db = ConnectionFactory::getNewConnection(); // $promAPI = PromAPIFactory::getPromAPI($db); // $returned_object_id = $promAPI->DeleteObject($endpointId, $gridId, null); // if(!$promAPI->commit()) throw new Exception("Could not commit"); // ConnectionFactory::managedClose($db); // show_view('vsite/return_removed_se.php', array('removedSe' => $_REQUEST['endpointId']), null, true); // die(); // } } /* If the SE isn't siteless and created under this service group * remove it as normal */ $serv->removeService($sg, $se, $user); } catch (Exception $e) { show_view('error.php', $e->getMessage()); die; } show_view('service_group/return_removed_se.php', array('se' => $se), null, true); die; }
/** * Processes an edit service group property request from a web request * @param \User $user current user * return null */ function submit(\User $user = null) { try { $newValues = getSerGroupPropDataFromWeb(); $serviceGroupID = $newValues['SERVICEGROUPPROPERTIES']['SERVICEGROUP']; $propID = $newValues['SERVICEGROUPPROPERTIES']['PROP']; if ($newValues['SERVICEGROUPPROPERTIES']['NAME'] == null || $newValues['SERVICEGROUPPROPERTIES']['VALUE'] == null) { show_view('error.php', "A property name and value must be provided."); die; } $property = \Factory::getServiceGroupService()->getProperty($propID); $serviceGroup = \Factory::getServiceGroupService()->getServiceGroup($serviceGroupID); $serviceGroup = \Factory::getServiceGroupService()->editServiceGroupProperty($serviceGroup, $user, $property, $newValues); $params['serviceGroupId'] = $serviceGroupID; show_view('service_group/service_group_property_updated.php', $params); } catch (Exception $e) { show_view('error.php', $e->getMessage()); die; } }
function view_sgroup_downtimes() { require_once __DIR__ . '/../../../../lib/Gocdb_Services/Factory.php'; if (!isset($_REQUEST['id']) || !is_numeric($_REQUEST['id'])) { throw new Exception("An id must be specified"); } $id = $_REQUEST['id']; if (!is_numeric($id)) { $error = "Invalid Service Group ID"; show_view('error.php', $error); return; } $sGroup = \Factory::getServiceGroupService()->getServiceGroup($id); $downtimes = \Factory::getServiceGroupService()->getDowntimes($id, null); $params['downtimes'] = $downtimes; $params['sGroup'] = $sGroup; $title = "Downtimes for " . $sGroup->getName(); show_view('service_group/view_sgroup_downtimes.php', $params, $title); return; }
/** * Draws the edit service group form * @param \User $user Current User * @return null */ function draw(\User $user = null) { $serv = \Factory::getServiceGroupService(); if (!isset($_REQUEST['id']) || !is_numeric($_REQUEST['id'])) { throw new Exception("An id must be specified"); } // Get the service group $sg = $serv->getServiceGroup($_REQUEST['id']); //try { $serv->editAuthorization($sg, $user); } catch(Exception $e) { // show_view('error.php', $e->getMessage()); die(); } if (count($serv->authorizeAction(\Action::EDIT_OBJECT, $sg, $user)) == 0) { show_view('error.php', 'You do not have permission to edit this ServiceGroup'); die; } // If the user is registered they're allowed to add a service group $configService = \Factory::getConfigService(); $scopes = \Factory::getScopeService()->getScopesSelectedArray($sg->getScopes()); $numberScopesRequired = $configService->getMinimumScopesRequired('service_group'); $params = array('serviceGroup' => $sg, 'scopes' => $scopes, 'numberOfScopesRequired' => $numberScopesRequired); show_view("service_group/edit_service_group.php", $params, "Edit " . $sg->getName()); }
function showServiceGroup() { require_once __DIR__ . '/../../../web_portal/components/Get_User_Principle.php'; require_once __DIR__ . '/../utils.php'; if (!isset($_GET['id']) || !is_numeric($_GET['id'])) { throw new Exception("An id must be specified"); } $sGroupId = $_GET['id']; $sGroup = \Factory::getServiceGroupService()->getServiceGroup($sGroupId); $params['sGroup'] = $sGroup; // get downtimes that affect services under this service group // 31 = the number of days worth of historical downtimes to show $downtimes = \Factory::getServiceGroupService()->getDowntimes($sGroupId, 31); $params['downtimes'] = $downtimes; //get user for case that portal is read only and user is admin, so they can still see edit links $dn = Get_User_Principle(); $user = \Factory::getUserService()->getUserByPrinciple($dn); $params['portalIsReadOnly'] = portalIsReadOnlyAndUserIsNotAdmin($user); $params['authenticated'] = false; if ($user != null) { $params['authenticated'] = true; } $allRoles = $sGroup->getRoles(); $roles = array(); foreach ($allRoles as $role) { if ($role->getStatus() == \RoleStatus::GRANTED) { $roles[] = $role; } } $params['Roles'] = $roles; // Does current viewer have edit permissions over object ? $params['ShowEdit'] = false; if (count(\Factory::getServiceGroupService()->authorizeAction(\Action::EDIT_OBJECT, $sGroup, $user)) >= 1) { $params['ShowEdit'] = true; } // Add RoleActionRecords to params $params['RoleActionRecords'] = \Factory::getRoleService()->getRoleActionRecordsById_Type($sGroup->getId(), 'servicegroup'); $title = $sGroup->getName(); show_view("service_group/view_sgroup.php", $params, $title); }
/** * Controller for a delete service group request * @return null */ function delete() { require_once __DIR__ . '/../../../../lib/Gocdb_Services/Factory.php'; require_once __DIR__ . '/../../../../htdocs/web_portal/components/Get_User_Principle.php'; require_once __DIR__ . '/../utils.php'; if (!isset($_REQUEST['id']) || !is_numeric($_REQUEST['id'])) { throw new Exception("An id must be specified"); } $serv = \Factory::getServiceGroupService(); $sg = $serv->getServiceGroup($_REQUEST['id']); $dn = Get_User_Principle(); $user = \Factory::getUserService()->getUserByPrinciple($dn); //Check the portal is not in read only mode, returns exception if it is and user is not an admin checkPortalIsNotReadOnlyOrUserIsAdmin($user); try { $serv->deleteServiceGroup($sg, $user); } catch (\Exception $e) { show_view('error.php', $e->getMessage()); die; } show_view('service_group/deleted_service_group.php'); }
function view_requests() { require_once __DIR__ . '/../../../../lib/Gocdb_Services/Factory.php'; require_once __DIR__ . '/../../components/Get_User_Principle.php'; require_once __DIR__ . '/../utils.php'; $dn = Get_User_Principle(); $user = \Factory::getUserService()->getUserByPrinciple($dn); if ($user == null) { throw new Exception("Unregistered users can't view/request roles"); } // Entites is a two-dimensional array that lists both the id and name of // OwnedEntities that a user can reqeust a role over (Projects, NGIs, Sites, // ServiceGroups). If an inner dimesional array does not contain an Object_ID // array key, then it is used as a section title in a pull-down list. $entities = array(); $entities[] = array('Name' => 'Projects'); $allProjects = \Factory::getProjectService()->getProjects(); foreach ($allProjects as $proj) { $entities[] = array('Object_ID' => $proj->getId(), 'Name' => $proj->getName()); } $entities[] = array('Name' => 'NGIs'); $allNGIs = \Factory::getNgiService()->getNGIs(); foreach ($allNGIs as $ngi) { $entities[] = array('Object_ID' => $ngi->getId(), 'Name' => $ngi->getName()); } $entities[] = array('Name' => 'Sites'); $allSites = \Factory::getSiteService()->getSitesBy(); foreach ($allSites as $site) { $entities[] = array('Object_ID' => $site->getId(), 'Name' => $site->getShortName()); } $entities[] = array('Name' => 'ServiceGroups'); $allSGs = \Factory::getServiceGroupService()->getServiceGroups(); foreach ($allSGs as $sg) { $entities[] = array('Object_ID' => $sg->getId(), 'Name' => $sg->getName()); } // Current user's own pending roles $myPendingRoleRequests = \Factory::getRoleService()->getUserRoles($user, \RoleStatus::PENDING); // foreach role, lookup corresponding RoleActionRecord (if any) and populate // the role.decoratorObject with the roleActionRecord for subsequent display // foreach($myPendingRoleRequests as $role){ // $rar = \Factory::getRoleService()->getRoleActionRecordByRoleId($role->getId()); // $role->setDecoratorObject($rar); // } // Other roles current user can approve $otherRolesUserCanApprove = \Factory::getRoleService()->getPendingRolesUserCanApprove($user); // can the calling user grant or reject each role? foreach ($otherRolesUserCanApprove as $r) { $grantRejectRoleNamesArray = array(); $grantRejectRoleNamesArray['grant'] = ''; $grantRejectRoleNamesArray['deny'] = ''; // get list of roles that allows user to to grant the role request $grantRoleAuthorisingRoleNames = \Factory::getRoleService()->authorizeAction(\Action::GRANT_ROLE, $r->getOwnedEntity(), $user); if (count($grantRoleAuthorisingRoleNames) >= 1) { $allAuthorisingRoleNames = ''; foreach ($grantRoleAuthorisingRoleNames as $arName) { $allAuthorisingRoleNames .= $arName . ', '; } $allAuthorisingRoleNames = substr($allAuthorisingRoleNames, 0, strlen($allAuthorisingRoleNames) - 2); $grantRejectRoleNamesArray['grant'] = '[' . $allAuthorisingRoleNames . ']'; } // get list of roles that allows user to reject the role request $denyRoleAuthorisingRoleNames = \Factory::getRoleService()->authorizeAction(\Action::REJECT_ROLE, $r->getOwnedEntity(), $user); if (count($denyRoleAuthorisingRoleNames) >= 1) { $allAuthorisingRoleNames = ''; foreach ($denyRoleAuthorisingRoleNames as $arName) { $allAuthorisingRoleNames .= $arName . ', '; } $allAuthorisingRoleNames = substr($allAuthorisingRoleNames, 0, strlen($allAuthorisingRoleNames) - 2); $grantRejectRoleNamesArray['deny'] = '[' . $allAuthorisingRoleNames . ']'; } // store array of role names in decorator object $r->setDecoratorObject($grantRejectRoleNamesArray); } $params = array(); $params['entities'] = $entities; $params['myRequests'] = $myPendingRoleRequests; $params['allRequests'] = $otherRolesUserCanApprove; $params['portalIsReadOnly'] = portalIsReadOnlyAndUserIsNotAdmin($user); show_view("political_role/view_requests.php", $params, "Role Requests"); die; }
/** * This class will take an entity of either site, service group, NGI or Project. * It will then get the roles from the entity * and then get the users for each of those roles. Then using the authorizeAction function for the correct entity type it will * ascertain if a given user has the permission to grant a role. If they do there email address is added to an array. This array * of email addresses will then be sent a notification that they have a pending role request they can approve. * * If a site or NGI has no users with roles attached to it due to being newly created then this method will get the parent NGI and * send an email to those users to approve. It does this by passing the parent entity back into this method recursively. * * * @param Site/ServiceGroup/NGI/Project $entity */ public function roleRequest($entity) { $project = null; $emails = null; $projectIds = null; // Get the roles from the entity foreach ($entity->getRoles() as $role) { $roles[] = $role; } // Now for each role get the user foreach ($roles as $role) { // Call the correct authorize action service for the type of entity if ($entity instanceof \Site) { $enablingRoles = \Factory::getSiteService()->authorizeAction(\Action::GRANT_ROLE, $entity, $role->getUser()); // If the site has no site adminstrators to approve the role request then send an email to the parent NGI users to approve the request if ($roles == null) { $this->roleRequest($entity->getNgi()); // Recursivly call this function to send email to the NGI users } } else { if ($entity instanceof \ServiceGroup) { $enablingRoles = \Factory::getServiceGroupService()->authorizeAction(\Action::GRANT_ROLE, $entity, $role->getUser()); } else { if ($entity instanceof \Project) { $enablingRoles = \Factory::getProjectService()->authorizeAction(\Action::GRANT_ROLE, $entity, $role->getUser()); } else { if ($entity instanceof \NGI) { $enablingRoles = \Factory::getNgiService()->authorizeAction(\Action::GRANT_ROLE, $entity, $role->getUser()); $projects = $entity->getProjects(); // set project with the NGI's parent project and later recurse with this // Only send emails to Project users if there are no users with grant_roles over the NGI if ($roles == null) { // Get the ID's of each project so we can remove duplicates foreach ($projects as $project) { $projectIds[] = $project->getId(); } $projectIds = array_unique($projectIds); } } } } } // remove admin from enabling roles $position = array_search('GOCDB_ADMIN', $enablingRoles); if ($position != null) { unset($enablingRoles[$position]); } // Get the users email and add it to the array if they have an enabling role if (count($enablingRoles) > 0) { $emails[] = $role->getUser()->getEmail(); } } /* * No users are able to grant the role or there are no users over this entity. In this case we will email the parent entity for approval */ if ($emails == null || count($emails) == 0) { if ($entity instanceof \Site) { $this->roleRequest($entity->getNgi()); // Recursivly call this function to send email to the NGI users } else { if ($entity instanceof \NGI) { /* * It is important to remove duplicate projects here otherwise we will spam the same addresses as we recursively call this method. */ $projects = $entity->getProjects(); // set project with the NGI's parent project and later recurse with this $projectIds = array(); // Get the ID's of each project so we can remove duplicates foreach ($projects as $project) { $projectIds[] = $project->getId(); } $projectIds = array_unique($projectIds); } } } else { // If the entity has valid users who can approve the role then send the email notification. // Remove duplicate emails from array $emails = array_unique($emails); // Get the PortalURL to create an accurate link to the role approval view $localInfoLocation = __DIR__ . "/../../config/local_info.xml"; $localInfoXML = simplexml_load_file($localInfoLocation); $webPortalURL = $localInfoXML->local_info->web_portal_url; // Email content $headers = "From: no-reply@goc.egi.eu"; $subject = "GocDB: A Role request requires attention"; $body = "Dear GOCDB User,\n\n" . "A user has requested a role that requires attention.\n\n" . "You can approve or deny this request here:\n\n" . $webPortalURL . "/index.php?Page_Type=Role_Requests\n\n" . "Note: This role may already have been approved or denied by another GocDB User"; $sendMail = TRUE; // Send email to all users who can approve this role request if ($emails != null) { foreach ($emails as $email) { if ($sendMail) { mail($email, $subject, $body, $headers); } else { echo "Email: " . $email . "<br>"; echo "Subject: " . $subject . "<br>"; echo "Body: " . $body . "<br>"; } } } } /** * For each project ID get the entity and run this function again for each entity so * that for each NGI the email notification is sent to all users who hold roles over the parent * NGI(s). */ if ($projectIds != null) { foreach ($projectIds as $pid) { $project = \Factory::getOwnedEntityService()->getOwnedEntityById($pid); if (sendMail) { $this->roleRequest($project); } else { echo $project->getName() . "<br>"; } } } }
/** * Adds service to a service group * @global array $_REQUEST only set if the browser has sent parameters * @param \User $user current user * @return null */ function submit(\User $user = null) { if (!isset($_REQUEST['id']) || !is_numeric($_REQUEST['id'])) { throw new Exception("An id must be specified"); } $sg = \Factory::getServiceGroupService()->getServiceGroup($_REQUEST['id']); $ses = array(); if (empty($_REQUEST['endpointIds'])) { show_view('error.php', 'No service selected'); die; } foreach ($_REQUEST['endpointIds'] as $seId) { $ses[] = \Factory::getServiceService()->getService($seId); } try { \Factory::getServiceGroupService()->addServices($sg, $ses, $user); $params = array('sg' => $sg); show_view("service_group/submit_service_group_ses.php", $params); } catch (Exception $e) { show_view('error.php', $e->getMessage()); die; } }