function checkUserHasPriv($priv, $uid, $node, $privs = 0, $cascadePrivs = 0) { global $user; $key = getKey(array($priv, $uid, $node, $privs, $cascadePrivs)); if (array_key_exists($key, $_SESSION['userhaspriv'])) { return $_SESSION['userhaspriv'][$key]; } if ($user["id"] != $uid) { $_user = getUserInfo($uid); } else { $_user = $user; } $affilUserid = "{$_user['unityid']}@{$_user['affiliation']}"; if (!is_array($privs)) { $privs = getNodePrivileges($node, 'users'); $privs = getNodePrivileges($node, 'usergroups', $privs); } if (!is_array($cascadePrivs)) { $cascadePrivs = getNodeCascadePrivileges($node, 'users'); $cascadePrivs = getNodeCascadePrivileges($node, 'usergroups', $cascadePrivs); } // if user (has $priv at this node) || # (has cascaded $priv && ! have block at this node) return 1 if (array_key_exists($affilUserid, $privs["users"]) && in_array($priv, $privs["users"][$affilUserid]) || array_key_exists($affilUserid, $cascadePrivs["users"]) && in_array($priv, $cascadePrivs["users"][$affilUserid]) && (!array_key_exists($affilUserid, $privs["users"]) || !in_array("block", $privs["users"][$affilUserid]))) { $_SESSION['userhaspriv'][$key] = 1; return 1; } foreach ($_user["groups"] as $groupname) { // if group (has $priv at this node) || # (has cascaded $priv && ! have block at this node) return 1 if (array_key_exists($groupname, $privs["usergroups"]) && in_array($priv, $privs["usergroups"][$groupname]['privs']) || array_key_exists($groupname, $cascadePrivs["usergroups"]) && in_array($priv, $cascadePrivs["usergroups"][$groupname]['privs']) && (!array_key_exists($groupname, $privs["usergroups"]) || !in_array("block", $privs["usergroups"][$groupname]['privs']))) { $_SESSION['userhaspriv'][$key] = 1; return 1; } } $_SESSION['userhaspriv'][$key] = 0; return 0; }
function addUserResources(&$nodeprivs, $userid) { require_once ".ht-inc/privileges.php"; foreach (array_keys($nodeprivs) as $nodeid) { $privs = getNodePrivileges($nodeid, "resources"); $nodeprivs[$nodeid]["resources"] = $privs["resources"]; $privs = getNodeCascadePrivileges($nodeid, "resources"); $nodeprivs[$nodeid]["cascaderesources"] = $privs["resources"]; } }
function _XMLRPCchangeResourceGroupPriv_sub($mode, $name, $type, $nodeid, $permissions) { require_once ".ht-inc/privileges.php"; global $user; if (!is_numeric($nodeid)) { return array('status' => 'error', 'errorcode' => 78, 'errormsg' => 'Invalid nodeid specified'); } if (!checkUserHasPriv("resourceGrant", $user['id'], $nodeid)) { return array('status' => 'error', 'errorcode' => 61, 'errormsg' => 'Unable to remove resource group privileges on this node'); } $resourcetypes = getTypes('resources'); if (!in_array($type, $resourcetypes['resources'])) { return array('status' => 'error', 'errorcode' => 71, 'errormsg' => 'Invalid resource type'); } $groupid = getResourceGroupID("{$type}/{$name}"); if (is_null($groupid)) { return array('status' => 'error', 'errorcode' => 74, 'errormsg' => 'resource group does not exist'); } $changeperms = explode(':', $permissions); $allperms = getResourcePrivs(); $diff = array_diff($changeperms, $allperms); if (count($diff)) { return array('status' => 'error', 'errorcode' => 66, 'errormsg' => 'Invalid or missing permissions list supplied'); } $nocheckperms = array('block', 'cascade', 'available'); $checkperms = array_diff($changeperms, $nocheckperms); $groupdata = getResourceGroups($type, $groupid); if (count($checkperms) && !array_key_exists($groupdata[$groupid]["ownerid"], $user["groups"])) { return array('status' => 'error', 'errorcode' => 79, 'errormsg' => 'Unable to modify privilege set for resource group'); } $key = "{$type}/{$name}/{$groupid}"; $cnp = getNodeCascadePrivileges($nodeid, "resources"); $np = getNodePrivileges($nodeid, 'resources'); if (array_key_exists($key, $cnp['resources']) && (!array_key_exists($key, $np['resources']) || !in_array('block', $np['resources'][$key]))) { $intersect = array_intersect($cnp['resources'][$key], $changeperms); if (count($intersect)) { return array('status' => 'error', 'errorcode' => 80, 'errormsg' => 'Unable to modify privileges cascaded to this node'); } } if ($mode == 'remove') { $diff = array_diff($np['resources'][$key], $changeperms); if (count($diff) == 1 && in_array("cascade", $diff)) { $changeperms[] = 'cascade'; } } if ($mode == 'add') { updateResourcePrivs("{$groupid}", $nodeid, $changeperms, array()); } elseif ($mode == 'remove') { updateResourcePrivs("{$groupid}", $nodeid, array(), $changeperms); } return array('status' => 'success'); }