Exemplo n.º 1
0
 public function xRemoveAction()
 {
     if (!$this->user->canManageAcl()) {
         throw new Scalr_Exception_InsufficientPermissions();
     }
     $team = Scalr_Account_Team::init();
     $team->loadById($this->getParam('teamId'));
     if ($team->accountId != $this->user->getAccountId()) {
         throw new Scalr_Exception_InsufficientPermissions();
     }
     $team->delete();
     $this->response->success('Team successfully removed');
 }
Exemplo n.º 2
0
 public function viewAction()
 {
     $users = array();
     foreach ($this->env->getTeams() as $teamId) {
         $team = Scalr_Account_Team::init()->loadById($teamId);
         foreach ($team->getUsers() as $user) {
             if (!isset($users[$user['id']])) {
                 $users[$user['id']] = array('id' => $user['id'], 'name' => !empty($user['fullname']) ? $user['fullname'] : $user['email'], 'email' => $user['email'], 'teams' => array());
             }
             $users[$user['id']]['teams'][] = array('id' => $team->id, 'name' => $team->name);
         }
     }
     $this->response->page('ui/account2/environments/accessmap.js', array('definitions' => Acl::getResources(true), 'users' => array_values($users), 'env' => array('id' => $this->env->id, 'name' => $this->env->name)));
 }
Exemplo n.º 3
0
 /**
  * Gets all account teams list
  *
  * @return array
  * @throws Scalr_Exception_InsufficientPermissions
  */
 public function getAccountTeamsList()
 {
     $acl = \Scalr::getContainer()->acl;
     if ($this->user->canManageAcl()) {
         $teamIds = $this->db->getAll('SELECT id FROM account_teams WHERE account_id = ?', array($this->user->getAccountId()));
     } else {
         $teamIds = $this->user->getTeams();
     }
     $result = array();
     foreach ($teamIds as &$row) {
         $team = Scalr_Account_Team::init()->loadById($row['id']);
         $resultRow = array('id' => $team->id, 'name' => $team->name, 'description' => $team->description, 'account_role_id' => $team->accountRoleId);
         $users = array_map(function ($arr) {
             return $arr['id'];
         }, $team->getUsers());
         if (!empty($users)) {
             foreach ($acl->getUserRoleIdsByTeam($users, $row['id'], $this->user->getAccountId()) as $userId => $roles) {
                 $resultRow['users'][] = array('id' => $userId, 'roles' => $roles);
             }
         }
         $result[] = $resultRow;
     }
     return $result;
 }
Exemplo n.º 4
0
 /**
  * Checks wheter this user is considered to be the team owner for the specified team.
  *
  * @param   int     $teamId  The identifier of the team.
  * @return  boolean Returns true if the user is considered to be the team owner for the specified team.
  * @deprecated This function has been deprecated since new ACL
  */
 public function isTeamOwner($teamId = null)
 {
     $ret = false;
     if ($teamId) {
         try {
             $team = Scalr_Account_Team::init();
             $team->loadById($teamId);
             $ret = $team->isTeamOwner($this->id);
         } catch (\Exception $e) {
         }
     } else {
         $ret = $this->canManageAcl();
     }
     return $ret;
 }
Exemplo n.º 5
0
 public function addTeam($teamId)
 {
     $team = Scalr_Account_Team::init()->loadById($teamId);
     if ($team->accountId == $this->clientId) {
         $this->removeTeam($teamId);
         $this->db->Execute('INSERT INTO `account_team_envs` (team_id, env_id) VALUES(?,?)', array($teamId, $this->id));
     } else {
         throw new Exception('This team doesn\'t belongs to this account');
     }
 }
Exemplo n.º 6
0
 public function testUsers()
 {
     if (!$this->getUser()->canManageAcl()) {
         $this->markTestSkipped('Specified test user cannot manage users.');
     }
     // remove previous test data
     $user = new \Scalr_Account_User();
     $user = $user->loadByEmail(self::getTestName(self::USER_NAME) . '@scalr.com', $this->getEnvironment()->clientId);
     if ($user) {
         $user->delete();
     }
     $team = new \Scalr_Account_Team();
     $result = $team->loadByFilter(array('name' => self::getTestName(self::TEAM_NAME), 'accountId' => $this->getEnvironment()->clientId));
     if (count($result)) {
         foreach ($result as $e) {
             $obj = new \Scalr_Account_Team();
             $obj->loadById($e['id']);
             $obj->delete();
         }
     }
     // create
     $content = $this->request('/account/users/xSave', array('email' => self::getTestName(self::USER_NAME) . '@scalr.com', 'password' => '123', 'status' => 'Active', 'fullname' => 'phpunit test user', 'comments' => 'For testing'));
     $this->assertTrue($content['success']);
     $this->assertArrayHasKey('user', $content);
     $this->assertArrayHasKey('id', $content['user']);
     $this->assertArrayHasKey('email', $content['user']);
     $this->assertArrayHasKey('fullname', $content['user']);
     $createUserId = $content['user']['id'];
     $content = $this->request('/account/users/xGetInfo', array('userId' => $createUserId));
     $this->assertTrue($content['success']);
     $this->assertArrayHasKey('user', $content);
     $this->assertArrayHasKey('id', $content['user']);
     $this->assertArrayHasKey('email', $content['user']);
     $this->assertArrayHasKey('fullname', $content['user']);
     $this->assertArrayHasKey('status', $content['user']);
     $this->assertArrayHasKey('comments', $content['user']);
     // modify some settings
     $content = $this->request('/account/users/xSave', array('id' => $createUserId, 'email' => self::getTestName(self::USER_NAME) . '@scalr.com', 'status' => 'Inactive', 'fullname' => 'phpunit test user', 'comments' => 'For testing'));
     $this->assertTrue($content['success']);
     $content = $this->request('/account/users/xGetInfo', array('userId' => $createUserId));
     $this->assertTrue($content['success']);
     $this->assertArrayHasKey('user', $content);
     $this->assertEquals($content['user']['status'], 'Inactive');
     // get api keys
     $content = $this->request('/account/users/xGetApiKeys', array('userId' => $createUserId));
     $this->assertFalse($content['success']);
     // remove user
     $content = $this->request("/account/users/xRemove", array('userId' => $createUserId));
     $this->assertTrue($content['success']);
     // create with api enabled
     $content = $this->request('/account/users/xSave', array('email' => self::getTestName(self::USER_NAME) . '@scalr.com', 'password' => '123', 'status' => 'Active', 'fullname' => 'phpunit test user', 'comments' => 'For testing', 'enableApi' => true));
     $this->assertTrue($content['success']);
     $this->assertArrayHasKey('user', $content);
     $createUserId = $content['user']['id'];
     // get api keys
     $content = $this->request('/account/users/xGetApiKeys', array('userId' => $createUserId));
     $this->assertTrue($content['success']);
     $this->assertArrayHasKey('accessKey', $content);
     $this->assertArrayHasKey('secretKey', $content);
     if ($this->getUser()->isAccountOwner()) {
         //create team
         $content = $this->request("/account/teams/xCreate", array('name' => self::getTestName(self::TEAM_NAME), 'ownerId' => $createUserId, 'envId' => $this->getEnvironment()->id));
         $this->assertTrue($content['success']);
         $this->assertArrayHasKey('teamId', $content);
         $createTeamId = $content['teamId'];
         // remove team
         $content = $this->request('/account/teams/xRemove', array('teamId' => $createTeamId));
         $this->assertTrue($content['success']);
     }
     // remove user
     $content = $this->request('/account/users/xRemove', array('userId' => $createUserId));
     $this->assertTrue($content['success']);
 }
Exemplo n.º 7
0
 public function xSaveAction()
 {
     if (!$this->user->isAccountSuperAdmin() && !$this->request->isAllowed(Acl::RESOURCE_ENV_CLOUDS_ENVIRONMENT)) {
         throw new Scalr_Exception_InsufficientPermissions();
     }
     $params = array('envId' => array('type' => 'int'), 'teams' => array('type' => 'json'));
     if ($this->user->isAccountOwner() || $this->user->isAccountSuperAdmin()) {
         $params['name'] = array('type' => 'string', 'validator' => array(Scalr_Validator::REQUIRED => true, Scalr_Validator::NOHTML => true));
     }
     $this->request->defineParams($params);
     $this->request->validate();
     if ($this->getContainer()->analytics->enabled) {
         if ($this->getParam('ccId')) {
             if (!$this->getContainer()->analytics->ccs->get($this->getParam('ccId'))) {
                 $this->request->addValidationErrors('ccId', 'Invalid cost center ID');
             }
         } else {
             $this->request->addValidationErrors('ccId', 'Cost center is required field');
         }
     }
     if ($this->request->isValid()) {
         $isNew = false;
         if (!$this->getParam('envId')) {
             //create new environment
             if (!$this->user->isAccountOwner() && !$this->user->isAccountSuperAdmin()) {
                 throw new Scalr_Exception_InsufficientPermissions();
             }
             $this->user->getAccount()->validateLimit(Scalr_Limits::ACCOUNT_ENVIRONMENTS, 1);
             $env = $this->user->getAccount()->createEnvironment($this->getParam('name'));
             $isNew = true;
         } else {
             $env = Scalr_Environment::init()->loadById($this->getParam('envId'));
         }
         $this->user->getPermissions()->validate($env);
         if (!$this->user->isAccountSuperAdmin() && !$this->user->getAclRolesByEnvironment($env->id)->isAllowed(Acl::RESOURCE_ENV_CLOUDS_ENVIRONMENT)) {
             throw new Scalr_Exception_InsufficientPermissions();
         }
         //set name, status and defaultPriority
         if ($this->user->isAccountOwner() || $this->user->isAccountSuperAdmin()) {
             $env->name = $this->getParam('name');
         }
         if ($this->user->canManageAcl()) {
             $env->status = $this->getParam('status') == Scalr_Environment::STATUS_ACTIVE ? Scalr_Environment::STATUS_ACTIVE : Scalr_Environment::STATUS_INACTIVE;
             $env->defaultPriority = $this->getParam('defaultPriority');
         }
         $env->save();
         if ($this->user->canManageAcl()) {
             if ($this->getContainer()->analytics->enabled && $this->getParam('ccId')) {
                 $oldCcId = $env->getPlatformConfigValue(Scalr_Environment::SETTING_CC_ID);
                 $env->setPlatformConfig(array(Scalr_Environment::SETTING_CC_ID => $this->getParam('ccId')));
                 if ($isNew || $oldCcId != $this->getParam('ccId')) {
                     $cc = CostCentreEntity::findPk($this->getParam('ccId'));
                     $email = $cc->getProperty(CostCentrePropertyEntity::NAME_LEAD_EMAIL);
                     $emailData = ['envName' => $env->name, 'ccName' => $cc->name];
                     if (!empty($email)) {
                         \Scalr::getContainer()->mailer->sendTemplate(SCALR_TEMPLATES_PATH . '/emails/analytics_on_cc_add.eml.php', $emailData, $email);
                     }
                 }
                 if ($isNew || empty($oldCcId)) {
                     $this->getContainer()->analytics->events->fireAssignCostCenterEvent($env, $this->getParam('ccId'));
                 } elseif ($oldCcId != $this->getParam('ccId')) {
                     $this->getContainer()->analytics->events->fireReplaceCostCenterEvent($env, $this->getParam('ccId'), $oldCcId);
                 }
             }
             //set teams
             if ($this->getContainer()->config->get('scalr.auth_mode') == 'ldap') {
                 $teams = array_map('trim', $this->getParam('teams'));
                 $ldapGroups = null;
                 if ($this->getContainer()->config->get('scalr.connections.ldap.user')) {
                     $ldap = $this->getContainer()->ldap(null, null);
                     $ldapGroups = $ldap->getGroupsDetails($teams);
                     foreach ($teams as $team) {
                         if (!isset($ldapGroups[$team])) {
                             throw new \Exception(sprintf("Team '%s' is not found on the directory server", $team));
                         }
                     }
                 }
                 $env->clearTeams();
                 foreach ($teams as $name) {
                     $name = trim($name);
                     if ($name) {
                         $id = $this->db->GetOne('SELECT id FROM account_teams WHERE name = ? AND account_id = ? LIMIT 1', array($name, $this->user->getAccountId()));
                         if (!$id) {
                             $team = new Scalr_Account_Team();
                             $team->name = $name;
                             $team->accountId = $this->user->getAccountId();
                             if ($ldapGroups !== null && $ldapGroups[$name] != $name) {
                                 $team->description = $ldapGroups[$name];
                             }
                             $team->save();
                             $id = $team->id;
                         } elseif ($ldapGroups !== null) {
                             // Update team description
                             $team = new Scalr_Account_Team();
                             $team->loadById($id);
                             if ($team->description != $ldapGroups[$name] && $ldapGroups[$name] != $name) {
                                 $team->description = $ldapGroups[$name];
                                 $team->save();
                             }
                         }
                         $env->addTeam($id);
                     }
                 }
                 if ($this->getContainer()->config->get('scalr.connections.ldap.user')) {
                     $user = strtok($this->user->getEmail(), '@');
                     $ldap = $this->getContainer()->ldap($user, null);
                     if ($ldap->isValidUsername()) {
                         $this->user->applyLdapGroups($ldap->getUserGroups());
                     }
                 }
             } else {
                 $env->clearTeams();
                 foreach ($this->getParam('teams') as $id) {
                     $env->addTeam($id);
                 }
             }
         }
         $this->response->success($isNew ? 'Environment successfully created' : 'Environment saved');
         $env = Scalr_Environment::init()->loadById($env->id);
         //reload env to be sure we have actual params
         $teams = array();
         foreach ($env->getTeams() as $teamId) {
             if ($this->getContainer()->config->get('scalr.auth_mode') == 'ldap') {
                 $team = new Scalr_Account_Team();
                 $team->loadById($teamId);
                 $teams[] = $team->name;
             } else {
                 $teams[] = $teamId;
             }
         }
         $this->response->data(array('env' => array('id' => $env->id, 'name' => $env->name, 'status' => $env->status, 'defaultPriority' => $env->defaultPriority, 'platforms' => $env->getEnabledPlatforms(), 'teams' => $teams, 'ccId' => $env->getPlatformConfigValue(Scalr_Environment::SETTING_CC_ID))));
     } else {
         $this->response->failure($this->request->getValidationErrorsMessage(), true);
     }
 }
Exemplo n.º 8
0
 public function xSaveAction()
 {
     if (!$this->user->isAccountSuperAdmin() && !$this->request->isAllowed(Acl::RESOURCE_ENVADMINISTRATION_ENV_CLOUDS)) {
         throw new Scalr_Exception_InsufficientPermissions();
     }
     $params = array('envId' => array('type' => 'int'), 'teams' => array('type' => 'json'));
     if ($this->user->isAccountOwner() || $this->user->isAccountSuperAdmin()) {
         $params['name'] = array('type' => 'string', 'validator' => array(Scalr_Validator::REQUIRED => true, Scalr_Validator::NOHTML => true));
     }
     $this->request->defineParams($params);
     $this->request->validate();
     if ($this->getContainer()->analytics->enabled && $this->request->isInterfaceBetaOrNotHostedScalr()) {
         if ($this->getParam('ccId')) {
             if (!$this->getContainer()->analytics->ccs->get($this->getParam('ccId'))) {
                 $this->request->addValidationErrors('ccId', 'Invalid cost center ID');
             }
         } else {
             $this->request->addValidationErrors('ccId', 'Cost center is required field');
         }
     }
     if ($this->request->isValid()) {
         $isNew = false;
         if (!$this->getParam('envId')) {
             //create new environment
             if (!$this->user->isAccountOwner() && !$this->user->isAccountSuperAdmin()) {
                 throw new Scalr_Exception_InsufficientPermissions();
             }
             $this->user->getAccount()->validateLimit(Scalr_Limits::ACCOUNT_ENVIRONMENTS, 1);
             $env = $this->user->getAccount()->createEnvironment($this->getParam('name'));
             $isNew = true;
         } else {
             $env = Scalr_Environment::init()->loadById($this->getParam('envId'));
         }
         $this->user->getPermissions()->validate($env);
         if (!$this->user->isAccountSuperAdmin() && !$this->user->getAclRolesByEnvironment($env->id)->isAllowed(Acl::RESOURCE_ENVADMINISTRATION_ENV_CLOUDS)) {
             throw new Scalr_Exception_InsufficientPermissions();
         }
         //set name and status
         if ($this->user->isAccountOwner() || $this->user->isAccountSuperAdmin()) {
             $env->name = $this->getParam('name');
         }
         if ($this->user->canManageAcl()) {
             $env->status = $this->getParam('status') == Scalr_Environment::STATUS_ACTIVE ? Scalr_Environment::STATUS_ACTIVE : Scalr_Environment::STATUS_INACTIVE;
         }
         $env->save();
         if ($this->user->canManageAcl()) {
             if ($this->getContainer()->analytics->enabled && $this->getParam('ccId')) {
                 $oldCcId = $env->getPlatformConfigValue(Scalr_Environment::SETTING_CC_ID);
                 $env->setPlatformConfig(array(Scalr_Environment::SETTING_CC_ID => $this->getParam('ccId')));
                 if ($isNew || empty($oldCcId)) {
                     $this->getContainer()->analytics->events->fireAssignCostCenterEvent($env, $this->getParam('ccId'));
                 } elseif ($oldCcId != $this->getParam('ccId')) {
                     $this->getContainer()->analytics->events->fireReplaceCostCenterEvent($env, $this->getParam('ccId'), $oldCcId);
                 }
             }
             //set teams
             $env->clearTeams();
             if ($this->getContainer()->config->get('scalr.auth_mode') == 'ldap') {
                 foreach ($this->getParam('teams') as $name) {
                     $name = trim($name);
                     if ($name) {
                         $id = $this->db->GetOne('SELECT id FROM account_teams WHERE name = ? AND account_id = ? LIMIT 1', array($name, $this->user->getAccountId()));
                         if (!$id) {
                             $team = new Scalr_Account_Team();
                             $team->name = $name;
                             $team->accountId = $this->user->getAccountId();
                             $team->save();
                             $id = $team->id;
                         }
                         $env->addTeam($id);
                     }
                 }
                 // remove unused teams
                 $ids = $this->db->GetAll('
                     SELECT account_teams.id
                     FROM account_teams
                     LEFT JOIN account_team_envs ON account_team_envs.team_id = account_teams.id
                     WHERE ISNULL(account_team_envs.env_id) AND account_teams.account_id = ?
                 ', array($this->user->getAccountId()));
                 foreach ($ids as $id) {
                     $team = new Scalr_Account_Team();
                     $team->loadById($id['id']);
                     $team->delete();
                 }
                 if ($this->getContainer()->config->get('scalr.connections.ldap.user')) {
                     $ldap = $this->getContainer()->ldap($this->user->getEmail(), null);
                     if ($ldap->isValidUsername()) {
                         $this->user->applyLdapGroups($ldap->getUserGroups());
                     }
                 }
             } else {
                 foreach ($this->getParam('teams') as $id) {
                     $env->addTeam($id);
                 }
             }
         }
         $this->response->success($isNew ? 'Environment successfully created' : 'Environment saved');
         $env = Scalr_Environment::init()->loadById($env->id);
         //reload env to be sure we have actual params
         $teams = array();
         foreach ($env->getTeams() as $teamId) {
             if ($this->getContainer()->config->get('scalr.auth_mode') == 'ldap') {
                 $team = new Scalr_Account_Team();
                 $team->loadById($teamId);
                 $teams[] = $team->name;
             } else {
                 $teams[] = $teamId;
             }
         }
         $this->response->data(array('env' => array('id' => $env->id, 'name' => $env->name, 'status' => $env->status, 'platforms' => $env->getEnabledPlatforms(), 'teams' => $teams, 'ccId' => $env->getPlatformConfigValue(Scalr_Environment::SETTING_CC_ID))));
     } else {
         $this->response->failure($this->request->getValidationErrorsMessage());
     }
 }
Exemplo n.º 9
0
 public function xSaveAction()
 {
     $this->request->restrictAccess(Acl::RESOURCE_ADMINISTRATION_ENV_CLOUDS);
     $params = array('envId' => array('type' => 'int'), 'teams' => array('type' => 'json'));
     if ($this->user->isAccountOwner()) {
         $params['name'] = array('type' => 'string', 'validator' => array(Scalr_Validator::REQUIRED => true, Scalr_Validator::NOHTML => true));
     }
     $this->request->defineParams($params);
     $this->request->validate();
     if ($this->request->isValid()) {
         $isNew = false;
         if (!$this->getParam('envId')) {
             //create new environment
             if (!$this->user->isAccountOwner()) {
                 throw new Scalr_Exception_InsufficientPermissions();
             }
             $this->user->getAccount()->validateLimit(Scalr_Limits::ACCOUNT_ENVIRONMENTS, 1);
             $env = $this->user->getAccount()->createEnvironment($this->getParam('name'));
             $isNew = true;
         } else {
             $env = Scalr_Environment::init()->loadById($this->getParam('envId'));
         }
         $this->user->getPermissions()->validate($env);
         if (!$this->user->getAclRolesByEnvironment($env->id)->isAllowed(Acl::RESOURCE_ADMINISTRATION_ENV_CLOUDS)) {
             throw new Scalr_Exception_InsufficientPermissions();
         }
         //set name and status
         if ($this->user->isAccountOwner()) {
             $env->name = $this->getParam('name');
         }
         if ($this->user->canManageAcl()) {
             $env->status = $this->getParam('status') == Scalr_Environment::STATUS_ACTIVE ? Scalr_Environment::STATUS_ACTIVE : Scalr_Environment::STATUS_INACTIVE;
         }
         $env->save();
         if ($this->user->canManageAcl()) {
             //set teams
             $env->clearTeams();
             if ($this->getContainer()->config->get('scalr.auth_mode') == 'ldap') {
                 foreach ($this->getParam('teams') as $name) {
                     $name = trim($name);
                     if ($name) {
                         $id = $this->db->GetOne('SELECT id FROM account_teams WHERE name = ? AND account_id = ? LIMIT 1', array($name, $this->user->getAccountId()));
                         if (!$id) {
                             $team = new Scalr_Account_Team();
                             $team->name = $name;
                             $team->accountId = $this->user->getAccountId();
                             $team->save();
                             $id = $team->id;
                         }
                         $env->addTeam($id);
                     }
                 }
                 // remove unused teams
                 $ids = $this->db->GetAll('
                     SELECT account_teams.id
                     FROM account_teams
                     LEFT JOIN account_team_envs ON account_team_envs.team_id = account_teams.id
                     WHERE ISNULL(account_team_envs.env_id) AND account_teams.account_id = ?
                 ', array($this->user->getAccountId()));
                 foreach ($ids as $id) {
                     $team = new Scalr_Account_Team();
                     $team->loadById($id['id']);
                     $team->delete();
                 }
             } else {
                 foreach ($this->getParam('teams') as $id) {
                     $env->addTeam($id);
                 }
             }
         }
         $this->response->success($isNew ? 'Environment successfully created' : 'Environment saved');
         $env = Scalr_Environment::init()->loadById($env->id);
         //reload env to be sure we have actual params
         $teams = array();
         foreach ($env->getTeams() as $teamId) {
             if ($this->getContainer()->config->get('scalr.auth_mode') == 'ldap') {
                 $team = new Scalr_Account_Team();
                 $team->loadById($teamId);
                 $teams[] = $team->name;
             } else {
                 $teams[] = $teamId;
             }
         }
         $this->response->data(array('env' => array('id' => $env->id, 'name' => $env->name, 'status' => $env->status, 'platforms' => $env->getEnabledPlatforms(), 'teams' => $teams)));
     } else {
         $this->response->failure($this->request->getValidationErrorsMessage());
     }
 }
Exemplo n.º 10
0
 public function xRemoveAction()
 {
     $team = Scalr_Account_Team::init();
     $team->loadById($this->getParam('teamId'));
     if ($this->user->isAccountOwner() && $team->accountId == $this->user->getAccountId()) {
         $team->delete();
     } else {
         throw new Scalr_Exception_InsufficientPermissions();
     }
     $this->response->success();
 }
Exemplo n.º 11
0
 public function xRemovePermissionGroupAction()
 {
     $team = Scalr_Account_Team::init()->loadById($this->getParam(self::CALL_PARAM_NAME));
     $this->user->getPermissions()->validate($team);
     if (!($this->user->getType() == Scalr_Account_User::TYPE_ACCOUNT_OWNER || $team->isTeamOwner($this->user->getId()))) {
         throw new Scalr_Exception_InsufficientPermissions();
     }
     $group = Scalr_Account_Group::init();
     $group->loadById($this->getParam('groupId'));
     if ($group->teamId != $team->id) {
         throw new Scalr_Exception_InsufficientPermissions();
     }
     $group->delete();
     $this->response->success();
 }