Exemplo n.º 1
0
function confirmDeleteGroup()
{
    global $user;
    $groupid = getContinuationVar("groupid");
    $type = getContinuationVar("type");
    $usergroups = getUserGroups();
    $groupid = processInputVar('groupid', ARG_NUMERIC);
    if ($type == 'user') {
        if (!array_key_exists($groupid, $usergroups)) {
            print "<h2>Delete User Group</h2>\n";
            print "The selected user group does not exist.\n";
            return;
        }
        if ($usergroups[$groupid]['ownerid'] != $user['id']) {
            if ($usergroups[$groupid]['custom'] == 0 || $usergroups[$groupid]['courseroll'] == 1) {
                if (!checkUserHasPerm('Manage Federated User Groups (global)') && (!checkUserHasPerm('Manage Federated User Groups (affiliation only)') || $usergroups[$groupid]['groupaffiliationid'] != $user['affiliationid'])) {
                    print "<h2>Delete User Group</h2>\n";
                    print "You do not have access to delete the selected user group.\n";
                    return;
                }
            } else {
                print "<h2>Delete User Group</h2>\n";
                print "You do not have access to delete the selected user group.\n";
                return;
            }
        }
        $tmp = explode('@', $usergroups[$groupid]['name']);
        $checkname = $tmp[0];
        if ($usergroups[$groupid]['groupaffiliationid'] == 1 && ($checkname == 'Specify End Time' || $checkname == 'Allow No User Check' || $checkname == 'Default for Editable by')) {
            print "<h2>Delete User Group</h2>\n";
            print "{$usergroups[$groupid]['name']} is a system group that cannot be deleted";
            return;
        }
    } else {
        $userresources = getUserResources(array("groupAdmin"), array("manageGroup"), 1);
        $noaccess = 1;
        foreach (array_keys($userresources) as $rtype) {
            if (array_key_exists($groupid, $userresources[$rtype])) {
                $noaccess = 0;
                break;
            }
        }
        if ($noaccess) {
            print "<h2>Delete Resource Group</h2>\n";
            print "You do not have access to delete the selected resource group.\n";
            return;
        }
    }
    $resourcegroups = getResourceGroups();
    if ($type == "user") {
        $title = "Delete User Group";
        $usemsg = "This group is currently in use.  You cannot delete it until " . "it is no longer being used.";
        $question = "Delete the following user group?";
        $name = $usergroups[$groupid]["name"];
        $target = "";
    } else {
        $title = "Delete Resource Group";
        $usemsg = "This group is currently assigned to at least one node in the " . "privilege tree.  You cannot delete it until it is no longer " . "in use.";
        $question = "Delete the following resource group?";
        list($resourcetype, $name) = explode('/', $resourcegroups[$groupid]["name"]);
        $target = "#resources";
    }
    if (checkForGroupUsage($groupid, $type, $usemsg)) {
        print "<H2 align=center>{$title}</H2>\n";
        print $usemsg;
        return;
    }
    print "<DIV align=center>\n";
    print "<H2>{$title}</H2>\n";
    print "{$question}<br><br>\n";
    print "<TABLE>\n";
    if ($type == "resource") {
        print "  <TR>\n";
        print "    <TH align=right>Type:</TH>\n";
        print "    <TD>{$resourcetype}</TD>\n";
        print "  </TR>\n";
    }
    print "  <TR>\n";
    print "    <TH align=right>Name:</TH>\n";
    print "    <TD>{$name}</TD>\n";
    print "  </TR>\n";
    if ($type == "resource") {
        print "  <TR>\n";
        print "    <TH align=right>Owning User Group:</TH>\n";
        print "    <TD>" . $resourcegroups[$groupid]["owner"] . "</TD>\n";
        print "  </TR>\n";
    } elseif ($usergroups[$groupid]['courseroll'] == 1 || $usergroups[$groupid]['custom'] == 0) {
        print "<TR>\n";
        print "  <TH align=right>Type:</TH>\n";
        if ($usergroups[$groupid]['courseroll'] == 1) {
            print "  <TD>Course Roll</TD>\n";
        } elseif ($usergroups[$groupid]['custom'] == 0) {
            print "  <TD>Federated</TD>\n";
        }
        print "</TR>\n";
        print "<TR>\n";
        print "  <TD colspan=2><br><strong>Note</strong>: This type of group is ";
        print "created from external sources<br>and could be recreated from ";
        print "those sources at any time.<br><br></TD>\n";
        print "</TR>\n";
    }
    print "</TABLE>\n";
    print "<TABLE>\n";
    print "  <TR valign=top>\n";
    print "    <TD>\n";
    print "      <FORM action=\"" . BASEURL . SCRIPT . "{$target}\" method=post>\n";
    $cdata = array('groupid' => $groupid, 'type' => $type);
    $cont = addContinuationsEntry('submitDeleteGroup', $cdata);
    print "      <INPUT type=hidden name=continuation value=\"{$cont}\">\n";
    print "      <INPUT type=submit value=Submit>\n";
    print "      </FORM>\n";
    print "    </TD>\n";
    print "    <TD>\n";
    print "      <FORM action=\"" . BASEURL . SCRIPT . "\" method=post>\n";
    print "      <INPUT type=hidden name=mode value=viewGroups>\n";
    print "      <INPUT type=submit value=Cancel>\n";
    print "      </FORM>\n";
    print "    </TD>\n";
    print "  </TR>\n";
    print "</TABLE>\n";
    print "</DIV>\n";
}
Exemplo n.º 2
0
function selectNode()
{
    global $user;
    $node = processInputVar("node", ARG_NUMERIC);
    if (!empty($_COOKIE["VCLNODES"])) {
        $openNodes = $_COOKIE["VCLNODES"];
    } else {
        $openNodes = DEFAULT_PRIVNODE;
    }
    if (empty($node)) {
        dbDisconnect();
        exit;
    }
    $return = "";
    $text = "";
    $js = "";
    $privs = getNodePrivileges($node);
    $cascadePrivs = getNodeCascadePrivileges($node);
    $usertypes = getTypes("users");
    $i = 0;
    $hasUserGrant = checkUserHasPriv("userGrant", $user["id"], $node, $privs, $cascadePrivs);
    $hasResourceGrant = checkUserHasPriv("resourceGrant", $user["id"], $node, $privs, $cascadePrivs);
    $hasNodeAdmin = checkUserHasPriv("nodeAdmin", $user["id"], $node, $privs, $cascadePrivs);
    if ($hasNodeAdmin) {
        $text .= "<TABLE>";
        $text .= "  <TR valign=top>";
        $text .= "    <TD><FORM action=\"" . BASEURL . SCRIPT . "\" method=post>";
        $text .= "    <button id=addNodeBtn dojoType=Button ";
        $text .= "onClick=\"showAddNodePane(); return false;\">";
        $text .= "Add Child</button>";
        $text .= "    </FORM></TD>";
        $text .= "    <TD><FORM action=\"" . BASEURL . SCRIPT . "\" method=post>";
        $text .= "    <button id=deleteNodeBtn dojoType=Button onClick=\"showDeleteNodeDialog();\">";
        $text .= "Delete Node and Children</button>";
        $text .= "    </FORM></TD>";
        $text .= "  </TR>";
        $text .= "</TABLE>";
    }
    $return .= setAttribute('treebuttons', 'innerHTML', $text);
    $return .= "AJdojoCreate('treebuttons');";
    # privileges
    $text = "";
    $text .= "<H3>Users</H3>";
    $text .= "<FORM id=usersform action=\"" . BASEURL . SCRIPT . "#users\" method=post>";
    $users = array();
    if (count($privs["users"]) || count($cascadePrivs["users"])) {
        $text .= "<TABLE border=1 summary=\"\">";
        $text .= "  <TR>";
        $text .= "    <TD></TD>";
        $text .= "    <TH bgcolor=gray style=\"color: black;\">Block<br>Cascaded<br>Rights</TH>";
        $text .= "    <TH bgcolor=\"#008000\" style=\"color: black;\">Cascade<br>to Child<br>Nodes</TH>";
        foreach ($usertypes["users"] as $type) {
            $img = getImageText($type);
            $text .= "    <TD>{$img}</TD>";
        }
        $text .= "  </TR>";
        $users = array_unique(array_merge(array_keys($privs["users"]), array_keys($cascadePrivs["users"])));
        sort($users);
        foreach ($users as $_user) {
            $tmpArr = getUserPrivRowHTML($_user, $i, $privs["users"], $usertypes["users"], $cascadePrivs["users"], 'user', !$hasUserGrant);
            $text .= $tmpArr['html'];
            $js .= $tmpArr['javascript'];
            $i++;
        }
        $text .= "</TABLE>";
        $text .= "<div id=lastUserNum class=hidden>" . ($i - 1) . "</div>";
        if ($hasUserGrant) {
            $cont = addContinuationsEntry('AJchangeUserPrivs');
            $text .= "<INPUT type=hidden id=changeuserprivcont value=\"{$cont}\">";
        }
    } else {
        $text .= "There are no user privileges at the selected node.<br>";
    }
    if ($hasUserGrant) {
        $text .= "<BUTTON id=addUserBtn dojoType=Button onClick=\"showAddUserPane(); return false;\">";
        $text .= "Add User</button>";
    }
    $text .= "</FORM>";
    $return .= setAttribute('usersDiv', 'innerHTML', $text);
    $return .= "AJdojoCreate('usersDiv');";
    # groups
    $text = "";
    $text .= "<H3>User Groups</H3>";
    if (count($privs["usergroups"]) || count($cascadePrivs["usergroups"])) {
        $text .= "<FORM action=\"" . BASEURL . SCRIPT . "#groups\" method=post>";
        $text .= "<div id=firstUserGroupNum class=hidden>{$i}</div>";
        $text .= "<TABLE border=1 summary=\"\">";
        $text .= "  <TR>";
        $text .= "    <TD></TD>";
        $text .= "    <TH bgcolor=gray style=\"color: black;\">Block<br>Cascaded<br>Rights</TH>";
        #$img = getImageText("Block Cascaded Rights");
        #$text .= "    <TD>$img</TD>";
        $text .= "    <TH bgcolor=\"#008000\" style=\"color: black;\">Cascade<br>to Child<br>Nodes</TH>";
        #$img = getImageText("Cascade to Child Nodes");
        #$text .= "    <TD>$img</TD>";
        foreach ($usertypes["users"] as $type) {
            $img = getImageText($type);
            $text .= "    <TH>{$img}</TH>";
        }
        $text .= "  </TR>";
        $groups = array_unique(array_merge(array_keys($privs["usergroups"]), array_keys($cascadePrivs["usergroups"])));
        sort($groups);
        foreach ($groups as $group) {
            $tmpArr = getUserPrivRowHTML($group, $i, $privs["usergroups"], $usertypes["users"], $cascadePrivs["usergroups"], 'group', !$hasUserGrant);
            $text .= $tmpArr['html'];
            $js .= $tmpArr['javascript'];
            $i++;
        }
        $text .= "</TABLE>";
        $text .= "<div id=lastUserGroupNum class=hidden>" . ($i - 1) . "</div>";
        if ($hasUserGrant) {
            $cont = addContinuationsEntry('AJchangeUserGroupPrivs');
            $text .= "<INPUT type=hidden id=changeusergroupprivcont value=\"{$cont}\">";
        }
    } else {
        $text .= "There are no user group privileges at the selected node.<br>";
        $groups = array();
    }
    if ($hasUserGrant) {
        $text .= "<BUTTON id=addGroupBtn dojoType=Button onclick=\"showAddUserGroupPane(); return false;\">";
        $text .= "Add Group</button>";
    }
    $text .= "</FORM>";
    $return .= setAttribute('usergroupsDiv', 'innerHTML', $text);
    $return .= "AJdojoCreate('usergroupsDiv');";
    # resources
    $text = "";
    $resourcetypes = array("available", "administer", "manageGroup");
    $text .= "<H3>Resources</H3>";
    $text .= "<FORM id=resourceForm action=\"" . BASEURL . SCRIPT . "#resources\" method=post>";
    if (count($privs["resources"]) || count($cascadePrivs["resources"])) {
        $text .= "<TABLE border=1 summary=\"\">";
        $text .= "  <TR>";
        $text .= "    <TH>Group<br>Name</TH>";
        $text .= "    <TH>Group<br>Type</TH>";
        $text .= "    <TH bgcolor=gray style=\"color: black;\">Block<br>Cascaded<br>Rights</TH>";
        $text .= "    <TH bgcolor=\"#008000\" style=\"color: black;\">Cascade<br>to Child<br>Nodes</TH>";
        foreach ($resourcetypes as $type) {
            $img = getImageText("{$type}");
            $text .= "    <TH>{$img}</TH>";
        }
        $text .= "  </TR>";
        $resources = array_unique(array_merge(array_keys($privs["resources"]), array_keys($cascadePrivs["resources"])));
        sort($resources);
        $resourcegroups = getResourceGroups();
        $resgroupmembers = getResourceGroupMembers();
        foreach ($resources as $resource) {
            $tmpArr = getResourcePrivRowHTML($resource, $i, $privs["resources"], $resourcetypes, $resourcegroups, $resgroupmembers, $cascadePrivs["resources"], !$hasResourceGrant);
            $text .= $tmpArr['html'];
            $js .= $tmpArr['javascript'];
            $i++;
        }
        $text .= "</TABLE>";
        if ($hasResourceGrant) {
            $cont = addContinuationsEntry('AJchangeResourcePrivs');
            $text .= "<INPUT type=hidden id=changeresourceprivcont value=\"{$cont}\">";
        }
    } else {
        $text .= "There are no resource group privileges at the selected node.<br>";
        $resources = array();
    }
    if ($hasResourceGrant) {
        $text .= "<BUTTON id=addResourceBtn dojoType=Button onclick=\"showAddResourceGroupPane(); return false;\">";
        $text .= "Add Resource Group</button>";
    }
    $text .= "</FORM>";
    $return .= setAttribute('resourcesDiv', 'innerHTML', $text);
    $return .= "AJdojoCreate('resourcesDiv');";
    $return .= "showPrivileges();";
    print $return;
    print $js;
    dbDisconnect();
    exit;
}
Exemplo n.º 3
0
function AJsubmitAddResourcePriv()
{
    global $user;
    $node = processInputVar("activeNode", ARG_NUMERIC);
    if (!checkUserHasPriv("resourceGrant", $user["id"], $node)) {
        $text = "You do not have rights to add new resource groups at this node.";
        print "addResourceGroupPaneHide(); ";
        print "alert('{$text}');";
        return;
    }
    $newgroupid = processInputVar("newgroupid", ARG_NUMERIC);
    $privs = array("computerAdmin", "mgmtNodeAdmin", "imageAdmin", "scheduleAdmin", "serverProfileAdmin");
    $resourcegroups = getUserResources($privs, array("manageGroup"), 1);
    $groupdata = getResourceGroups('', $newgroupid);
    if (empty($groupdata)) {
        $text = "Invalid resource group submitted.";
        print "addResourceGroupPaneHide(); ";
        print "alert('{$text}');";
        return;
    }
    list($newtype, $tmp) = explode('/', $groupdata[$newgroupid]['name']);
    if (!array_key_exists($newgroupid, $resourcegroups[$newtype])) {
        $text = "You do not have rights to manage the specified resource group.";
        print "addResourceGroupPaneHide(); ";
        print "alert('{$text}');";
        return;
    }
    $perms = explode(':', processInputVar('perms', ARG_STRING));
    $privtypes = getResourcePrivs();
    $newgroupprivs = array();
    foreach ($privtypes as $type) {
        if (in_array($type, $perms)) {
            array_push($newgroupprivs, $type);
        }
    }
    if (empty($newgroupprivs) || count($newgroupprivs) == 1 && in_array("cascade", $newgroupprivs)) {
        $text = "<font color=red>No resource group privileges were specified</font>";
        print setAttribute('addResourceGroupPrivStatus', 'innerHTML', $text);
        return;
    }
    updateResourcePrivs($newgroupid, $node, $newgroupprivs, array());
    clearPrivCache();
    print "refreshPerms(); ";
    print "addResourceGroupPaneHide(); ";
}
Exemplo n.º 4
0
function confirmDeleteGroup()
{
    $groupid = getContinuationVar("groupid");
    $type = getContinuationVar("type");
    $usergroups = getUserGroups(1);
    $resourcegroups = getResourceGroups();
    if ($type == "user") {
        $title = "Delete User Group";
        $question = "Delete the following user group?";
        $name = $usergroups[$groupid]["name"];
        $target = "";
    } else {
        $title = "Delete Resource Group";
        $question = "Delete the following resource group?";
        list($resourcetype, $name) = split('/', $resourcegroups[$groupid]["name"]);
        $target = "#resources";
    }
    if (checkForGroupUsage($groupid, $type)) {
        print "<H2 align=center>{$title}</H2>\n";
        print "This group is currently assigned to at least one node in the ";
        print "privilege tree.  You cannot delete it until it is no longer ";
        print "in use.";
        return;
    }
    print "<DIV align=center>\n";
    print "<H2>{$title}</H2>\n";
    print "{$question}<br><br>\n";
    print "<TABLE>\n";
    if ($type == "resource") {
        print "  <TR>\n";
        print "    <TH align=right>Type:</TH>\n";
        print "    <TD>{$resourcetype}</TD>\n";
        print "  </TR>\n";
    }
    print "  <TR>\n";
    print "    <TH align=right>Name:</TH>\n";
    print "    <TD>{$name}</TD>\n";
    print "  </TR>\n";
    if ($type == "resource") {
        print "  <TR>\n";
        print "    <TH align=right>Owning User Group:</TH>\n";
        print "    <TD>" . $resourcegroups[$groupid]["owner"] . "</TD>\n";
        print "  </TR>\n";
    }
    print "</TABLE>\n";
    print "<TABLE>\n";
    print "  <TR valign=top>\n";
    print "    <TD>\n";
    print "      <FORM action=\"" . BASEURL . SCRIPT . "{$target}\" method=post>\n";
    $cdata = array('groupid' => $groupid, 'type' => $type);
    $cont = addContinuationsEntry('submitDeleteGroup', $cdata);
    print "      <INPUT type=hidden name=continuation value=\"{$cont}\">\n";
    print "      <INPUT type=submit value=Submit>\n";
    print "      </FORM>\n";
    print "    </TD>\n";
    print "    <TD>\n";
    print "      <FORM action=\"" . BASEURL . SCRIPT . "\" method=post>\n";
    print "      <INPUT type=hidden name=mode value=viewGroups>\n";
    print "      <INPUT type=submit value=Cancel>\n";
    print "      </FORM>\n";
    print "    </TD>\n";
    print "  </TR>\n";
    print "</TABLE>\n";
}
Exemplo n.º 5
0
function _XMLRPCchangeResourceGroupPriv_sub($mode, $name, $type, $nodeid, $permissions)
{
    require_once ".ht-inc/privileges.php";
    global $user;
    if (!is_numeric($nodeid)) {
        return array('status' => 'error', 'errorcode' => 78, 'errormsg' => 'Invalid nodeid specified');
    }
    if (!checkUserHasPriv("resourceGrant", $user['id'], $nodeid)) {
        return array('status' => 'error', 'errorcode' => 61, 'errormsg' => 'Unable to remove resource group privileges on this node');
    }
    $resourcetypes = getTypes('resources');
    if (!in_array($type, $resourcetypes['resources'])) {
        return array('status' => 'error', 'errorcode' => 71, 'errormsg' => 'Invalid resource type');
    }
    $groupid = getResourceGroupID("{$type}/{$name}");
    if (is_null($groupid)) {
        return array('status' => 'error', 'errorcode' => 74, 'errormsg' => 'resource group does not exist');
    }
    $changeperms = explode(':', $permissions);
    $allperms = getResourcePrivs();
    $diff = array_diff($changeperms, $allperms);
    if (count($diff)) {
        return array('status' => 'error', 'errorcode' => 66, 'errormsg' => 'Invalid or missing permissions list supplied');
    }
    $nocheckperms = array('block', 'cascade', 'available');
    $checkperms = array_diff($changeperms, $nocheckperms);
    $groupdata = getResourceGroups($type, $groupid);
    if (count($checkperms) && !array_key_exists($groupdata[$groupid]["ownerid"], $user["groups"])) {
        return array('status' => 'error', 'errorcode' => 79, 'errormsg' => 'Unable to modify privilege set for resource group');
    }
    $key = "{$type}/{$name}/{$groupid}";
    $cnp = getNodeCascadePrivileges($nodeid, "resources");
    $np = getNodePrivileges($nodeid, 'resources');
    if (array_key_exists($key, $cnp['resources']) && (!array_key_exists($key, $np['resources']) || !in_array('block', $np['resources'][$key]))) {
        $intersect = array_intersect($cnp['resources'][$key], $changeperms);
        if (count($intersect)) {
            return array('status' => 'error', 'errorcode' => 80, 'errormsg' => 'Unable to modify privileges cascaded to this node');
        }
    }
    if ($mode == 'remove') {
        $diff = array_diff($np['resources'][$key], $changeperms);
        if (count($diff) == 1 && in_array("cascade", $diff)) {
            $changeperms[] = 'cascade';
        }
    }
    if ($mode == 'add') {
        updateResourcePrivs("{$groupid}", $nodeid, $changeperms, array());
    } elseif ($mode == 'remove') {
        updateResourcePrivs("{$groupid}", $nodeid, array(), $changeperms);
    }
    return array('status' => 'success');
}