function create_project($sa_url, $signer, $project_name, $lead_id, $project_purpose, $expiration) { $client = XMLRPCClient::get_client($sa_url, $signer); $fields = array('PROJECT_NAME' => $project_name, '_GENI_PROJECT_OWNER' => $lead_id, 'PROJECT_DESCRIPTION' => $project_purpose); if ($expiration && $expiration != "") { $fields['PROJECT_EXPIRATION'] = $expiration; } $options = array('fields' => $fields); $options = array_merge($options, $client->options()); $results = $client->create_project($client->creds(), $options); $project_id = $results['PROJECT_UID']; /**** iRODS Support ****/ // All new projects get an irods group $created = irods_create_group($project_id, $project_name, $signer); if ($created === -1) { error_log("FAILED to create iRODS group for new project {$project_name}"); } /**** End of iRODS Support ***/ return $project_id; }
} } // Use $username // Get users projects $project_ids = get_projects_for_member($sa_url, $user, $user->account_id, true); $num_projects = count($project_ids); // for each project foreach ($project_ids as $project_id) { $project = lookup_project($sa_url, $user, $project_id); if (convert_boolean($project[PA_PROJECT_TABLE_FIELDNAME::EXPIRED])) { // Don't create groups and members for expired projects continue; } // FIXME: If I had attributes, I could skip trying to recreate the group here if it already exists // create group $created = irods_create_group($project_id, $project[PA_PROJECT_TABLE_FIELDNAME::PROJECT_NAME], $user); $group_name = group_name($project[PA_PROJECT_TABLE_FIELDNAME::PROJECT_NAME]); if ($created === 0) { error_log("irods.php created group for already existing project {$group_name} cause of page load by " . $user->prettyName()); } // If the group was created, then this user was added // But if the group already existed and we just created their iRODS account, then we must add them to the group if ($created === 1 and $didCreate) { // add user to group $added = addToGroup($project_id, $group_name, $user->account_id, $user); if ($added === -1) { error_log("FAILed to add {$username} to iRODS group {$group_name}"); } } } }
function addToGroup($project_id, $group_name, $member_id, $user) { if (!isset($project_id) || $project_id == "-1" || !uuid_is_valid($project_id)) { error_log("irods addToGroup: not a valid project ID. Nothing to do. {$project_id}"); return -1; } if (!isset($group_name) || is_null($group_name) || $group_name === '') { error_log("irods addToGroup: not a valid group name. Nothing to do. {$project_id}, {$group_name}"); return -1; } if (!isset($member_id) || $member_id == "-1" || !uuid_is_valid($member_id)) { error_log("irods addToGroup: not a valid member ID. Nothing to do. {$member_id}"); return -1; } global $disable_irods; if (isset($disable_irods)) { error_log("irods addToGroup: disable_irods was set. Doing nothing."); return -1; } // must get member username $member = geni_load_user_by_member_id($member_id); // Bail early if the local attribute says the user does not yet have an account if (!isset($member->ma_member->irods_username)) { error_log("iRODS addToGroup local attribute says member {$member_id} does not yet have an iRODS account. Cannot add to group {$group_name}"); return -1; } $username = base_username($member); error_log("iRODS addToGroup {$group_name} member {$member_id} with username {$username}"); global $irods_url; global $default_zone; global $portal_irods_user; global $portal_irods_pw; global $irods_cert; $irods_info = array(); $irods_info[IRODS_USER_NAME] = $username; $irods_info[IRODS_GROUP] = $group_name; $irods_info[IRODS_ZONE] = $default_zone; // Note: in PHP 5.4, use JSON_UNESCAPED_SLASHES. // we have PHP 5.3, so we have to remove those manually. $irods_json = json_encode($irods_info); $irods_json = str_replace('\\/', '/', $irods_json); // error_log("Trying to add member to iRODS group with values: " . $irods_json); ///* Sign the data with the portal certificate (Is that correct?) */ //$irods_signed = smime_sign_message($irods_json, $portal_cert, $portal_key); ///* Encrypt the signed data for the iRODS SSL certificate */ //$irods_blob = smime_encrypt($irods_signed, $irods_cert); $added = -1; // Was the user added to the group? -1=Error, 0=Success, 1=Member already in group try { $addstruct = doRESTCall($irods_url . IRODS_PUT_USER_GROUP_URI . IRODS_SEND_JSON, $portal_irods_user, $portal_irods_pw, "PUT", $irods_json, "application/json", $irods_cert); // look for (\r or \n or \r\n){2} and move past that preg_match("/(\r|\n|\r\n){2}([^\r\n].+)\$/", $addstruct, $m); if (!array_key_exists(2, $m)) { error_log("iRODS addToGroup Malformed PUT result to iRODS - error? Got: " . $addstruct); throw new Exception("Failed to add member to iRODS group - server error: " . $addstruct); } // error_log("PUT result content: " . $m[2]); $addjson = json_decode($m[2], true); // error_log("add user to group result: " . print_r($addjson, true)); if (is_array($addjson)) { $status = null; $msg = null; $groupCmdStatus = null; if (array_key_exists("status", $addjson)) { $status = $addjson["status"]; // Return 0 if added the user, 1 if user already in the group, -1 on error if ($status == IRODS_STATUS_ERROR) { $added = -1; } elseif ($status == IRODS_STATUS_SUCCESS) { $added = 0; } } if (array_key_exists("message", $addjson)) { $msg = $addjson["message"]; } if (array_key_exists(IRODS_USER_GROUP_COMMAND_STATUS, $addjson)) { $groupCmdStatus = $addjson[IRODS_USER_GROUP_COMMAND_STATUS]; if ($groupCmdStatus == IRODS_STATUS_DUPLICATE_USER) { $added = 1; error_log("iRODS user {$username} already in group {$group_name}"); } elseif ($groupCmdStatus != IRODS_STATUS_SUCCESS) { if ($groupCmdStatus === IRODS_STATUS_BAD_USER) { error_log("iRODS: user {$username} has no iRODS account yet. Cannot add to group {$group_name}. ({$groupCmdStatus}: '{$msg}')"); // FIXME: Email someone? } elseif ($groupCmdStatus === IRODS_STATUS_BAD_GROUP) { // If it is INVALID_GROUP then we still need to do createGroup. I don't think that should happen. But in case... error_log("iRODS: group {$group_name} doesn't exist yet, so cannot add user {$username}. Try to create the group... ({$groupCmdStatus}: '{$msg}')"); if (!isset($sa_url)) { $sa_url = get_first_service_of_type(SR_SERVICE_TYPE::SLICE_AUTHORITY); if (!isset($sa_url) || is_null($sa_url) || $sa_url == '') { error_log("iRODS Found no SA in SR!'"); } } $project = lookup_project($sa_url, $user, $project_id); $project_name = $project[PA_PROJECT_TABLE_FIELDNAME::PROJECT_NAME]; $groupCreated = irods_create_group($project_id, $project_name, $user); if ($groupCreated != -1) { $added = 0; } } else { error_log("iRODS failed to add user {$username} to group {$group_name}: {$groupCmdStatus}: '{$msg}'"); } } } elseif ($added !== 0) { error_log("iRODS failed to add user {$username} to group {$group_name}: '{$msg}'"); } } else { $added = -1; error_log("iRODS: malformed return from addUserToGroup: " . print_r($addjson, true)); } } catch (Exception $e) { error_log("Error doing iRODS put to add member to group: " . $e->getMessage()); $added = -1; } // Return 0 if added the user, 1 if user already in the group, -1 on error return $added; }