function AJsubmitAddResourcePriv()
{
global $user;
$node = processInputVar("activeNode", ARG_NUMERIC);
if (!checkUserHasPriv("resourceGrant", $user["id"], $node)) {
$text = "You do not have rights to add new resource groups at this node.";
print "addResourceGroupPaneHide(); ";
print "alert('{$text}');";
return;
}
$newgroupid = processInputVar("newgroupid", ARG_NUMERIC);
$privs = array("computerAdmin", "mgmtNodeAdmin", "imageAdmin", "scheduleAdmin", "serverProfileAdmin");
$resourcegroups = getUserResources($privs, array("manageGroup"), 1);
$groupdata = getResourceGroups('', $newgroupid);
if (empty($groupdata)) {
$text = "Invalid resource group submitted.";
print "addResourceGroupPaneHide(); ";
print "alert('{$text}');";
return;
}
list($newtype, $tmp) = explode('/', $groupdata[$newgroupid]['name']);
if (!array_key_exists($newgroupid, $resourcegroups[$newtype])) {
$text = "You do not have rights to manage the specified resource group.";
print "addResourceGroupPaneHide(); ";
print "alert('{$text}');";
return;
}
$perms = explode(':', processInputVar('perms', ARG_STRING));
$privtypes = getResourcePrivs();
$newgroupprivs = array();
foreach ($privtypes as $type) {
if (in_array($type, $perms)) {
array_push($newgroupprivs, $type);
}
}
if (empty($newgroupprivs) || count($newgroupprivs) == 1 && in_array("cascade", $newgroupprivs)) {
$text = "<font color=red>No resource group privileges were specified</font>";
print setAttribute('addResourceGroupPrivStatus', 'innerHTML', $text);
return;
}
updateResourcePrivs($newgroupid, $node, $newgroupprivs, array());
clearPrivCache();
print "refreshPerms(); ";
print "addResourceGroupPaneHide(); ";
}
function AJsubmitAddResourcePriv()
{
global $user;
$node = processInputVar("activeNode", ARG_NUMERIC);
if (!checkUserHasPriv("resourceGrant", $user["id"], $node)) {
$text = "You do not have rights to add new resource groups at this node.";
print "addUserGroupPaneHide(); ";
print "alert('{$text}');";
dbDisconnect();
exit;
}
$newgroupid = processInputVar("newgroupid", ARG_NUMERIC);
# FIXME validate newgroupid
$perms = explode(':', processInputVar('perms', ARG_STRING));
$privtypes = array("block", "cascade", "available", "administer", "manageGroup");
$newgroupprivs = array();
foreach ($privtypes as $type) {
if (in_array($type, $perms)) {
array_push($newgroupprivs, $type);
}
}
if (empty($newgroupprivs) || count($newgroupprivs) == 1 && in_array("cascade", $newgroupprivs)) {
$text = "<font color=red>No resource group privileges were specified</font>";
print setAttribute('addResourceGroupPrivStatus', 'innerHTML', $text);
dbDisconnect();
exit;
}
updateResourcePrivs($newgroupid, $node, $newgroupprivs, array());
clearPrivCache();
print "addResourceGroupPaneHide(); ";
print "refreshPerms(); ";
dbDisconnect();
exit;
}
function _XMLRPCchangeResourceGroupPriv_sub($mode, $name, $type, $nodeid, $permissions)
{
require_once ".ht-inc/privileges.php";
global $user;
if (!is_numeric($nodeid)) {
return array('status' => 'error', 'errorcode' => 78, 'errormsg' => 'Invalid nodeid specified');
}
if (!checkUserHasPriv("resourceGrant", $user['id'], $nodeid)) {
return array('status' => 'error', 'errorcode' => 61, 'errormsg' => 'Unable to remove resource group privileges on this node');
}
$resourcetypes = getTypes('resources');
if (!in_array($type, $resourcetypes['resources'])) {
return array('status' => 'error', 'errorcode' => 71, 'errormsg' => 'Invalid resource type');
}
$groupid = getResourceGroupID("{$type}/{$name}");
if (is_null($groupid)) {
return array('status' => 'error', 'errorcode' => 74, 'errormsg' => 'resource group does not exist');
}
$changeperms = explode(':', $permissions);
$allperms = getResourcePrivs();
$diff = array_diff($changeperms, $allperms);
if (count($diff)) {
return array('status' => 'error', 'errorcode' => 66, 'errormsg' => 'Invalid or missing permissions list supplied');
}
$nocheckperms = array('block', 'cascade', 'available');
$checkperms = array_diff($changeperms, $nocheckperms);
$groupdata = getResourceGroups($type, $groupid);
if (count($checkperms) && !array_key_exists($groupdata[$groupid]["ownerid"], $user["groups"])) {
return array('status' => 'error', 'errorcode' => 79, 'errormsg' => 'Unable to modify privilege set for resource group');
}
$key = "{$type}/{$name}/{$groupid}";
$cnp = getNodeCascadePrivileges($nodeid, "resources");
$np = getNodePrivileges($nodeid, 'resources');
if (array_key_exists($key, $cnp['resources']) && (!array_key_exists($key, $np['resources']) || !in_array('block', $np['resources'][$key]))) {
$intersect = array_intersect($cnp['resources'][$key], $changeperms);
if (count($intersect)) {
return array('status' => 'error', 'errorcode' => 80, 'errormsg' => 'Unable to modify privileges cascaded to this node');
}
}
if ($mode == 'remove') {
$diff = array_diff($np['resources'][$key], $changeperms);
if (count($diff) == 1 && in_array("cascade", $diff)) {
$changeperms[] = 'cascade';
}
}
if ($mode == 'add') {
updateResourcePrivs("{$groupid}", $nodeid, $changeperms, array());
} elseif ($mode == 'remove') {
updateResourcePrivs("{$groupid}", $nodeid, array(), $changeperms);
}
return array('status' => 'success');
}
