function AJsubmitAddResourcePriv() { global $user; $node = processInputVar("activeNode", ARG_NUMERIC); if (!checkUserHasPriv("resourceGrant", $user["id"], $node)) { $text = "You do not have rights to add new resource groups at this node."; print "addResourceGroupPaneHide(); "; print "alert('{$text}');"; return; } $newgroupid = processInputVar("newgroupid", ARG_NUMERIC); $privs = array("computerAdmin", "mgmtNodeAdmin", "imageAdmin", "scheduleAdmin", "serverProfileAdmin"); $resourcegroups = getUserResources($privs, array("manageGroup"), 1); $groupdata = getResourceGroups('', $newgroupid); if (empty($groupdata)) { $text = "Invalid resource group submitted."; print "addResourceGroupPaneHide(); "; print "alert('{$text}');"; return; } list($newtype, $tmp) = explode('/', $groupdata[$newgroupid]['name']); if (!array_key_exists($newgroupid, $resourcegroups[$newtype])) { $text = "You do not have rights to manage the specified resource group."; print "addResourceGroupPaneHide(); "; print "alert('{$text}');"; return; } $perms = explode(':', processInputVar('perms', ARG_STRING)); $privtypes = getResourcePrivs(); $newgroupprivs = array(); foreach ($privtypes as $type) { if (in_array($type, $perms)) { array_push($newgroupprivs, $type); } } if (empty($newgroupprivs) || count($newgroupprivs) == 1 && in_array("cascade", $newgroupprivs)) { $text = "<font color=red>No resource group privileges were specified</font>"; print setAttribute('addResourceGroupPrivStatus', 'innerHTML', $text); return; } updateResourcePrivs($newgroupid, $node, $newgroupprivs, array()); clearPrivCache(); print "refreshPerms(); "; print "addResourceGroupPaneHide(); "; }
function AJsubmitAddResourcePriv() { global $user; $node = processInputVar("activeNode", ARG_NUMERIC); if (!checkUserHasPriv("resourceGrant", $user["id"], $node)) { $text = "You do not have rights to add new resource groups at this node."; print "addUserGroupPaneHide(); "; print "alert('{$text}');"; dbDisconnect(); exit; } $newgroupid = processInputVar("newgroupid", ARG_NUMERIC); # FIXME validate newgroupid $perms = explode(':', processInputVar('perms', ARG_STRING)); $privtypes = array("block", "cascade", "available", "administer", "manageGroup"); $newgroupprivs = array(); foreach ($privtypes as $type) { if (in_array($type, $perms)) { array_push($newgroupprivs, $type); } } if (empty($newgroupprivs) || count($newgroupprivs) == 1 && in_array("cascade", $newgroupprivs)) { $text = "<font color=red>No resource group privileges were specified</font>"; print setAttribute('addResourceGroupPrivStatus', 'innerHTML', $text); dbDisconnect(); exit; } updateResourcePrivs($newgroupid, $node, $newgroupprivs, array()); clearPrivCache(); print "addResourceGroupPaneHide(); "; print "refreshPerms(); "; dbDisconnect(); exit; }
function _XMLRPCchangeResourceGroupPriv_sub($mode, $name, $type, $nodeid, $permissions) { require_once ".ht-inc/privileges.php"; global $user; if (!is_numeric($nodeid)) { return array('status' => 'error', 'errorcode' => 78, 'errormsg' => 'Invalid nodeid specified'); } if (!checkUserHasPriv("resourceGrant", $user['id'], $nodeid)) { return array('status' => 'error', 'errorcode' => 61, 'errormsg' => 'Unable to remove resource group privileges on this node'); } $resourcetypes = getTypes('resources'); if (!in_array($type, $resourcetypes['resources'])) { return array('status' => 'error', 'errorcode' => 71, 'errormsg' => 'Invalid resource type'); } $groupid = getResourceGroupID("{$type}/{$name}"); if (is_null($groupid)) { return array('status' => 'error', 'errorcode' => 74, 'errormsg' => 'resource group does not exist'); } $changeperms = explode(':', $permissions); $allperms = getResourcePrivs(); $diff = array_diff($changeperms, $allperms); if (count($diff)) { return array('status' => 'error', 'errorcode' => 66, 'errormsg' => 'Invalid or missing permissions list supplied'); } $nocheckperms = array('block', 'cascade', 'available'); $checkperms = array_diff($changeperms, $nocheckperms); $groupdata = getResourceGroups($type, $groupid); if (count($checkperms) && !array_key_exists($groupdata[$groupid]["ownerid"], $user["groups"])) { return array('status' => 'error', 'errorcode' => 79, 'errormsg' => 'Unable to modify privilege set for resource group'); } $key = "{$type}/{$name}/{$groupid}"; $cnp = getNodeCascadePrivileges($nodeid, "resources"); $np = getNodePrivileges($nodeid, 'resources'); if (array_key_exists($key, $cnp['resources']) && (!array_key_exists($key, $np['resources']) || !in_array('block', $np['resources'][$key]))) { $intersect = array_intersect($cnp['resources'][$key], $changeperms); if (count($intersect)) { return array('status' => 'error', 'errorcode' => 80, 'errormsg' => 'Unable to modify privileges cascaded to this node'); } } if ($mode == 'remove') { $diff = array_diff($np['resources'][$key], $changeperms); if (count($diff) == 1 && in_array("cascade", $diff)) { $changeperms[] = 'cascade'; } } if ($mode == 'add') { updateResourcePrivs("{$groupid}", $nodeid, $changeperms, array()); } elseif ($mode == 'remove') { updateResourcePrivs("{$groupid}", $nodeid, array(), $changeperms); } return array('status' => 'success'); }