/** * Revoke team access to specified environment * * @param int $envId Environment ID * @param int $teamId Team ID * * @return ResultEnvelope * * @throws ApiErrorException * @throws ModelException */ public function denyTeamAction($envId, $teamId) { if (!$this->getUser()->canManageAcl()) { throw new ApiInsufficientPermissionsException(); } $this->getEnv($envId); $team = Account\TeamEnvs::findOne([['envId' => $envId], ['teamId' => $teamId]]); if (empty($team)) { throw new ApiErrorException(404, ErrorMessage::ERR_OBJECT_NOT_FOUND, "Team '{$teamId}' has no access to environment '{$envId}'"); } $team->delete(); return $this->result(null); }
/** * Gets TeamEnvs entity * * @param string $criteria search criteria * @param array $params query params * @return TeamEnvs */ protected function getEnvironmentTeam($criteria, $params) { /* @var $teamEnv TeamEnvs */ $teamEnv = TeamEnvs::findOne([['teamId' => $criteria], ['envId' => $params['envId']]]); static::toDelete(TeamEnvs::class, [$teamEnv->envId, $teamEnv->teamId]); return $teamEnv; }
/** * Generate SQL query like "EXISTS(SELECT 1 FROM farm_teams .... WHERE ...) to check FARM_TEAMS permission. * Table `farms` should have alias `f`. * If farmId is set, when JOIN table farms to get envId from it. * * @param int $userId Identifier of User * @param int $farmId optional Identifier of Farm * @return string */ public static function getUserTeamOwnershipSql($userId, $farmId = null) { $farm = new Farm(); $farmTeam = new FarmTeam(); $accountTeamUser = new Account\TeamUser(); $accountTeamEnv = new Account\TeamEnvs(); $sql = "EXISTS(" . "SELECT 1 FROM {$farmTeam->table()}" . "JOIN {$accountTeamUser->table()} ON {$accountTeamUser->columnTeamId} = {$farmTeam->columnTeamId} " . "JOIN {$accountTeamEnv->table()} ON {$accountTeamEnv->columnTeamId} = {$farmTeam->columnTeamId} " . ($farmId ? "JOIN {$farm->table('f')} ON {$farmTeam->columnFarmId} = {$farm->columnId('f')}" : "") . "WHERE {$accountTeamEnv->columnEnvId()} = {$farm->columnEnvId('f')} " . "AND " . ($farmId ? "{$farm->columnId('f')} = " . $farm->db()->qstr($farmId) : "{$farm->columnId('f')} = {$farmTeam->columnFarmId}") . " " . "AND {$accountTeamUser->columnUserId} = " . $farm->db()->qstr($userId) . ")"; return $sql; }
/** * {@inheritdoc} * @see AbstractEntity::delete() */ public function delete() { parent::delete(); TeamEnvs::deleteByTeamId($this->id); TeamUser::deleteByTeamId($this->id); }
/** * {@inheritdoc} * @see ApiEntityAdapter::validateEntity() */ public function validateEntity($entity) { if (!$entity instanceof TeamEnvs) { throw new InvalidArgumentException(sprintf("First argument must be instance of %s", Team::class)); } if (empty($entity->teamId)) { throw new ApiErrorException(400, ErrorMessage::ERR_INVALID_STRUCTURE, "Missed property team.id"); } $teamId = $entity->teamId; if (!is_numeric($teamId)) { throw new ApiErrorException(400, ErrorMessage::ERR_INVALID_VALUE, "Invalid team identifier"); } /* @var $team Team */ $team = Team::findOne([['id' => $teamId], ['accountId' => $this->controller->getUser()->accountId]]); if (empty($team)) { throw new ApiErrorException(404, ErrorMessage::ERR_OBJECT_NOT_FOUND, sprintf("Requested team %s do not exist in this account", $teamId)); } if (!empty(TeamEnvs::findOne([['envId' => $entity->envId], ['teamId' => $teamId]]))) { throw new ApiErrorException(409, ErrorMessage::ERR_UNICITY_VIOLATION, sprintf("Team %s already exists in this environment", $teamId)); } /* @var $teamAdapter TeamAdapter */ $teamAdapter = $this->controller->adapter('team'); $teamAdapter->validateTeamName($team->name); }
/** * {@inheritdoc} * @see AbstractEntity::delete() * * @param bool $force Delete ignoring restrictions */ public function delete($force = false) { $db = $this->db(); if (!$force) { if ($db->GetOne("SELECT 1 FROM `farms` WHERE `env_id` = ? LIMIT 1", [$this->id])) { throw new ObjectInUseException('Cannot remove environment. You need to remove all your farms first.'); } if ($db->GetOne("SELECT COUNT(*) FROM client_environments WHERE client_id = ?", [$this->accountId]) < 2) { throw new ObjectInUseException('At least one environment should be in account. You cannot remove the last one.'); } } parent::delete(); try { $db->Execute("DELETE FROM client_environment_properties WHERE env_id=?", [$this->id]); $db->Execute("DELETE FROM apache_vhosts WHERE env_id=?", [$this->id]); $db->Execute("DELETE FROM autosnap_settings WHERE env_id=?", [$this->id]); $db->Execute("DELETE FROM bundle_tasks WHERE env_id=?", [$this->id]); $db->Execute("DELETE FROM dns_zones WHERE env_id=?", [$this->id]); $db->Execute("DELETE FROM ec2_ebs WHERE env_id=?", [$this->id]); $db->Execute("DELETE FROM elastic_ips WHERE env_id=?", [$this->id]); $db->Execute("DELETE FROM farms WHERE env_id=?", [$this->id]); $db->Execute("DELETE FROM roles WHERE env_id=?", [$this->id]); $servers = \DBServer::listByFilter(['envId' => $this->id]); foreach ($servers as $server) { /* @var $server \DBServer */ $server->Remove(); } Entity\EnvironmentCloudCredentials::deleteByEnvId($this->id); Entity\CloudCredentials::deleteByEnvId($this->id); TeamEnvs::deleteByEnvId($this->id); } catch (Exception $e) { throw new Exception(sprintf(_("Cannot delete record. Error: %s"), $e->getMessage()), $e->getCode()); } }