public function getAccountEnvironmentsList() { $environments = $this->user->getEnvironments(); $result = array(); foreach ($environments as &$row) { $env = Scalr_Environment::init()->loadById($row['id']); $row['platforms'] = $env->getEnabledPlatforms(); $row['teams'] = array(); if ($this->getContainer()->config->get('scalr.auth_mode') == 'ldap') { $row['teamIds'] = array(); } foreach ($env->getTeams() as $teamId) { if ($this->getContainer()->config->get('scalr.auth_mode') == 'ldap') { $team = new Scalr_Account_Team(); $team->loadById($teamId); $row['teams'][] = $team->name; $row['teamIds'][] = $teamId; } else { $row['teams'][] = $teamId; } } $row['dtAdded'] = Scalr_Util_DateTime::convertTz($env->dtAdded); $row['status'] = $env->status; if ($this->getContainer()->analytics->enabled) { $row['ccId'] = $env->getPlatformConfigValue(Scalr_Environment::SETTING_CC_ID); } $result[] =& $row; } return $result; }
/** * Special method for LDAP auth * sync LDAP groups to Scalr groups * * @param $groups */ public function applyLdapGroups($groups) { // get current teams $currentTeamIds = array(); foreach ($this->getTeams() as $t) { $currentTeamIds[$t['id']] = $t['name']; } if (count($groups)) { // create all links between LDAP user and teams ( == LDAP group) $groups[] = $this->getAccountId(); $teams = $this->db->GetCol('SELECT id FROM account_teams WHERE name IN(' . join(',', array_fill(0, count($groups) - 1, '?')) . ') AND account_id = ?', $groups); // team exists in DB, so we can save link foreach ($teams as $id) { $team = new Scalr_Account_Team(); $team->loadById($id); if (!$team->isTeamUser($this->id)) { $team->addUser($this->id); } unset($currentTeamIds[$id]); } } // remove old teams foreach ($currentTeamIds as $id => $name) { $team = new Scalr_Account_Team(); $team->loadById($id); $team->removeUser($this->id); } }
public function testUsers() { if (!$this->getUser()->canManageAcl()) { $this->markTestSkipped('Specified test user cannot manage users.'); } // remove previous test data $user = new \Scalr_Account_User(); $user = $user->loadByEmail(self::getTestName(self::USER_NAME) . '@scalr.com', $this->getEnvironment()->clientId); if ($user) { $user->delete(); } $team = new \Scalr_Account_Team(); $result = $team->loadByFilter(array('name' => self::getTestName(self::TEAM_NAME), 'accountId' => $this->getEnvironment()->clientId)); if (count($result)) { foreach ($result as $e) { $obj = new \Scalr_Account_Team(); $obj->loadById($e['id']); $obj->delete(); } } // create $content = $this->request('/account/users/xSave', array('email' => self::getTestName(self::USER_NAME) . '@scalr.com', 'password' => '123', 'status' => 'Active', 'fullname' => 'phpunit test user', 'comments' => 'For testing')); $this->assertTrue($content['success']); $this->assertArrayHasKey('user', $content); $this->assertArrayHasKey('id', $content['user']); $this->assertArrayHasKey('email', $content['user']); $this->assertArrayHasKey('fullname', $content['user']); $createUserId = $content['user']['id']; $content = $this->request('/account/users/xGetInfo', array('userId' => $createUserId)); $this->assertTrue($content['success']); $this->assertArrayHasKey('user', $content); $this->assertArrayHasKey('id', $content['user']); $this->assertArrayHasKey('email', $content['user']); $this->assertArrayHasKey('fullname', $content['user']); $this->assertArrayHasKey('status', $content['user']); $this->assertArrayHasKey('comments', $content['user']); // modify some settings $content = $this->request('/account/users/xSave', array('id' => $createUserId, 'email' => self::getTestName(self::USER_NAME) . '@scalr.com', 'status' => 'Inactive', 'fullname' => 'phpunit test user', 'comments' => 'For testing')); $this->assertTrue($content['success']); $content = $this->request('/account/users/xGetInfo', array('userId' => $createUserId)); $this->assertTrue($content['success']); $this->assertArrayHasKey('user', $content); $this->assertEquals($content['user']['status'], 'Inactive'); // get api keys $content = $this->request('/account/users/xGetApiKeys', array('userId' => $createUserId)); $this->assertFalse($content['success']); // remove user $content = $this->request("/account/users/xRemove", array('userId' => $createUserId)); $this->assertTrue($content['success']); // create with api enabled $content = $this->request('/account/users/xSave', array('email' => self::getTestName(self::USER_NAME) . '@scalr.com', 'password' => '123', 'status' => 'Active', 'fullname' => 'phpunit test user', 'comments' => 'For testing', 'enableApi' => true)); $this->assertTrue($content['success']); $this->assertArrayHasKey('user', $content); $createUserId = $content['user']['id']; // get api keys $content = $this->request('/account/users/xGetApiKeys', array('userId' => $createUserId)); $this->assertTrue($content['success']); $this->assertArrayHasKey('accessKey', $content); $this->assertArrayHasKey('secretKey', $content); if ($this->getUser()->isAccountOwner()) { //create team $content = $this->request("/account/teams/xCreate", array('name' => self::getTestName(self::TEAM_NAME), 'ownerId' => $createUserId, 'envId' => $this->getEnvironment()->id)); $this->assertTrue($content['success']); $this->assertArrayHasKey('teamId', $content); $createTeamId = $content['teamId']; // remove team $content = $this->request('/account/teams/xRemove', array('teamId' => $createTeamId)); $this->assertTrue($content['success']); } // remove user $content = $this->request('/account/users/xRemove', array('userId' => $createUserId)); $this->assertTrue($content['success']); }
public function xSaveAction() { if (!$this->user->isAccountSuperAdmin() && !$this->request->isAllowed(Acl::RESOURCE_ENV_CLOUDS_ENVIRONMENT)) { throw new Scalr_Exception_InsufficientPermissions(); } $params = array('envId' => array('type' => 'int'), 'teams' => array('type' => 'json')); if ($this->user->isAccountOwner() || $this->user->isAccountSuperAdmin()) { $params['name'] = array('type' => 'string', 'validator' => array(Scalr_Validator::REQUIRED => true, Scalr_Validator::NOHTML => true)); } $this->request->defineParams($params); $this->request->validate(); if ($this->getContainer()->analytics->enabled) { if ($this->getParam('ccId')) { if (!$this->getContainer()->analytics->ccs->get($this->getParam('ccId'))) { $this->request->addValidationErrors('ccId', 'Invalid cost center ID'); } } else { $this->request->addValidationErrors('ccId', 'Cost center is required field'); } } if ($this->request->isValid()) { $isNew = false; if (!$this->getParam('envId')) { //create new environment if (!$this->user->isAccountOwner() && !$this->user->isAccountSuperAdmin()) { throw new Scalr_Exception_InsufficientPermissions(); } $this->user->getAccount()->validateLimit(Scalr_Limits::ACCOUNT_ENVIRONMENTS, 1); $env = $this->user->getAccount()->createEnvironment($this->getParam('name')); $isNew = true; } else { $env = Scalr_Environment::init()->loadById($this->getParam('envId')); } $this->user->getPermissions()->validate($env); if (!$this->user->isAccountSuperAdmin() && !$this->user->getAclRolesByEnvironment($env->id)->isAllowed(Acl::RESOURCE_ENV_CLOUDS_ENVIRONMENT)) { throw new Scalr_Exception_InsufficientPermissions(); } //set name, status and defaultPriority if ($this->user->isAccountOwner() || $this->user->isAccountSuperAdmin()) { $env->name = $this->getParam('name'); } if ($this->user->canManageAcl()) { $env->status = $this->getParam('status') == Scalr_Environment::STATUS_ACTIVE ? Scalr_Environment::STATUS_ACTIVE : Scalr_Environment::STATUS_INACTIVE; $env->defaultPriority = $this->getParam('defaultPriority'); } $env->save(); if ($this->user->canManageAcl()) { if ($this->getContainer()->analytics->enabled && $this->getParam('ccId')) { $oldCcId = $env->getPlatformConfigValue(Scalr_Environment::SETTING_CC_ID); $env->setPlatformConfig(array(Scalr_Environment::SETTING_CC_ID => $this->getParam('ccId'))); if ($isNew || $oldCcId != $this->getParam('ccId')) { $cc = CostCentreEntity::findPk($this->getParam('ccId')); $email = $cc->getProperty(CostCentrePropertyEntity::NAME_LEAD_EMAIL); $emailData = ['envName' => $env->name, 'ccName' => $cc->name]; if (!empty($email)) { \Scalr::getContainer()->mailer->sendTemplate(SCALR_TEMPLATES_PATH . '/emails/analytics_on_cc_add.eml.php', $emailData, $email); } } if ($isNew || empty($oldCcId)) { $this->getContainer()->analytics->events->fireAssignCostCenterEvent($env, $this->getParam('ccId')); } elseif ($oldCcId != $this->getParam('ccId')) { $this->getContainer()->analytics->events->fireReplaceCostCenterEvent($env, $this->getParam('ccId'), $oldCcId); } } //set teams if ($this->getContainer()->config->get('scalr.auth_mode') == 'ldap') { $teams = array_map('trim', $this->getParam('teams')); $ldapGroups = null; if ($this->getContainer()->config->get('scalr.connections.ldap.user')) { $ldap = $this->getContainer()->ldap(null, null); $ldapGroups = $ldap->getGroupsDetails($teams); foreach ($teams as $team) { if (!isset($ldapGroups[$team])) { throw new \Exception(sprintf("Team '%s' is not found on the directory server", $team)); } } } $env->clearTeams(); foreach ($teams as $name) { $name = trim($name); if ($name) { $id = $this->db->GetOne('SELECT id FROM account_teams WHERE name = ? AND account_id = ? LIMIT 1', array($name, $this->user->getAccountId())); if (!$id) { $team = new Scalr_Account_Team(); $team->name = $name; $team->accountId = $this->user->getAccountId(); if ($ldapGroups !== null && $ldapGroups[$name] != $name) { $team->description = $ldapGroups[$name]; } $team->save(); $id = $team->id; } elseif ($ldapGroups !== null) { // Update team description $team = new Scalr_Account_Team(); $team->loadById($id); if ($team->description != $ldapGroups[$name] && $ldapGroups[$name] != $name) { $team->description = $ldapGroups[$name]; $team->save(); } } $env->addTeam($id); } } if ($this->getContainer()->config->get('scalr.connections.ldap.user')) { $user = strtok($this->user->getEmail(), '@'); $ldap = $this->getContainer()->ldap($user, null); if ($ldap->isValidUsername()) { $this->user->applyLdapGroups($ldap->getUserGroups()); } } } else { $env->clearTeams(); foreach ($this->getParam('teams') as $id) { $env->addTeam($id); } } } $this->response->success($isNew ? 'Environment successfully created' : 'Environment saved'); $env = Scalr_Environment::init()->loadById($env->id); //reload env to be sure we have actual params $teams = array(); foreach ($env->getTeams() as $teamId) { if ($this->getContainer()->config->get('scalr.auth_mode') == 'ldap') { $team = new Scalr_Account_Team(); $team->loadById($teamId); $teams[] = $team->name; } else { $teams[] = $teamId; } } $this->response->data(array('env' => array('id' => $env->id, 'name' => $env->name, 'status' => $env->status, 'defaultPriority' => $env->defaultPriority, 'platforms' => $env->getEnabledPlatforms(), 'teams' => $teams, 'ccId' => $env->getPlatformConfigValue(Scalr_Environment::SETTING_CC_ID)))); } else { $this->response->failure($this->request->getValidationErrorsMessage(), true); } }
public function xSaveAction() { if (!$this->user->isAccountSuperAdmin() && !$this->request->isAllowed(Acl::RESOURCE_ENVADMINISTRATION_ENV_CLOUDS)) { throw new Scalr_Exception_InsufficientPermissions(); } $params = array('envId' => array('type' => 'int'), 'teams' => array('type' => 'json')); if ($this->user->isAccountOwner() || $this->user->isAccountSuperAdmin()) { $params['name'] = array('type' => 'string', 'validator' => array(Scalr_Validator::REQUIRED => true, Scalr_Validator::NOHTML => true)); } $this->request->defineParams($params); $this->request->validate(); if ($this->getContainer()->analytics->enabled && $this->request->isInterfaceBetaOrNotHostedScalr()) { if ($this->getParam('ccId')) { if (!$this->getContainer()->analytics->ccs->get($this->getParam('ccId'))) { $this->request->addValidationErrors('ccId', 'Invalid cost center ID'); } } else { $this->request->addValidationErrors('ccId', 'Cost center is required field'); } } if ($this->request->isValid()) { $isNew = false; if (!$this->getParam('envId')) { //create new environment if (!$this->user->isAccountOwner() && !$this->user->isAccountSuperAdmin()) { throw new Scalr_Exception_InsufficientPermissions(); } $this->user->getAccount()->validateLimit(Scalr_Limits::ACCOUNT_ENVIRONMENTS, 1); $env = $this->user->getAccount()->createEnvironment($this->getParam('name')); $isNew = true; } else { $env = Scalr_Environment::init()->loadById($this->getParam('envId')); } $this->user->getPermissions()->validate($env); if (!$this->user->isAccountSuperAdmin() && !$this->user->getAclRolesByEnvironment($env->id)->isAllowed(Acl::RESOURCE_ENVADMINISTRATION_ENV_CLOUDS)) { throw new Scalr_Exception_InsufficientPermissions(); } //set name and status if ($this->user->isAccountOwner() || $this->user->isAccountSuperAdmin()) { $env->name = $this->getParam('name'); } if ($this->user->canManageAcl()) { $env->status = $this->getParam('status') == Scalr_Environment::STATUS_ACTIVE ? Scalr_Environment::STATUS_ACTIVE : Scalr_Environment::STATUS_INACTIVE; } $env->save(); if ($this->user->canManageAcl()) { if ($this->getContainer()->analytics->enabled && $this->getParam('ccId')) { $oldCcId = $env->getPlatformConfigValue(Scalr_Environment::SETTING_CC_ID); $env->setPlatformConfig(array(Scalr_Environment::SETTING_CC_ID => $this->getParam('ccId'))); if ($isNew || empty($oldCcId)) { $this->getContainer()->analytics->events->fireAssignCostCenterEvent($env, $this->getParam('ccId')); } elseif ($oldCcId != $this->getParam('ccId')) { $this->getContainer()->analytics->events->fireReplaceCostCenterEvent($env, $this->getParam('ccId'), $oldCcId); } } //set teams $env->clearTeams(); if ($this->getContainer()->config->get('scalr.auth_mode') == 'ldap') { foreach ($this->getParam('teams') as $name) { $name = trim($name); if ($name) { $id = $this->db->GetOne('SELECT id FROM account_teams WHERE name = ? AND account_id = ? LIMIT 1', array($name, $this->user->getAccountId())); if (!$id) { $team = new Scalr_Account_Team(); $team->name = $name; $team->accountId = $this->user->getAccountId(); $team->save(); $id = $team->id; } $env->addTeam($id); } } // remove unused teams $ids = $this->db->GetAll(' SELECT account_teams.id FROM account_teams LEFT JOIN account_team_envs ON account_team_envs.team_id = account_teams.id WHERE ISNULL(account_team_envs.env_id) AND account_teams.account_id = ? ', array($this->user->getAccountId())); foreach ($ids as $id) { $team = new Scalr_Account_Team(); $team->loadById($id['id']); $team->delete(); } if ($this->getContainer()->config->get('scalr.connections.ldap.user')) { $ldap = $this->getContainer()->ldap($this->user->getEmail(), null); if ($ldap->isValidUsername()) { $this->user->applyLdapGroups($ldap->getUserGroups()); } } } else { foreach ($this->getParam('teams') as $id) { $env->addTeam($id); } } } $this->response->success($isNew ? 'Environment successfully created' : 'Environment saved'); $env = Scalr_Environment::init()->loadById($env->id); //reload env to be sure we have actual params $teams = array(); foreach ($env->getTeams() as $teamId) { if ($this->getContainer()->config->get('scalr.auth_mode') == 'ldap') { $team = new Scalr_Account_Team(); $team->loadById($teamId); $teams[] = $team->name; } else { $teams[] = $teamId; } } $this->response->data(array('env' => array('id' => $env->id, 'name' => $env->name, 'status' => $env->status, 'platforms' => $env->getEnabledPlatforms(), 'teams' => $teams, 'ccId' => $env->getPlatformConfigValue(Scalr_Environment::SETTING_CC_ID)))); } else { $this->response->failure($this->request->getValidationErrorsMessage()); } }
public function xSaveAction() { $this->request->restrictAccess(Acl::RESOURCE_ADMINISTRATION_ENV_CLOUDS); $params = array('envId' => array('type' => 'int'), 'teams' => array('type' => 'json')); if ($this->user->isAccountOwner()) { $params['name'] = array('type' => 'string', 'validator' => array(Scalr_Validator::REQUIRED => true, Scalr_Validator::NOHTML => true)); } $this->request->defineParams($params); $this->request->validate(); if ($this->request->isValid()) { $isNew = false; if (!$this->getParam('envId')) { //create new environment if (!$this->user->isAccountOwner()) { throw new Scalr_Exception_InsufficientPermissions(); } $this->user->getAccount()->validateLimit(Scalr_Limits::ACCOUNT_ENVIRONMENTS, 1); $env = $this->user->getAccount()->createEnvironment($this->getParam('name')); $isNew = true; } else { $env = Scalr_Environment::init()->loadById($this->getParam('envId')); } $this->user->getPermissions()->validate($env); if (!$this->user->getAclRolesByEnvironment($env->id)->isAllowed(Acl::RESOURCE_ADMINISTRATION_ENV_CLOUDS)) { throw new Scalr_Exception_InsufficientPermissions(); } //set name and status if ($this->user->isAccountOwner()) { $env->name = $this->getParam('name'); } if ($this->user->canManageAcl()) { $env->status = $this->getParam('status') == Scalr_Environment::STATUS_ACTIVE ? Scalr_Environment::STATUS_ACTIVE : Scalr_Environment::STATUS_INACTIVE; } $env->save(); if ($this->user->canManageAcl()) { //set teams $env->clearTeams(); if ($this->getContainer()->config->get('scalr.auth_mode') == 'ldap') { foreach ($this->getParam('teams') as $name) { $name = trim($name); if ($name) { $id = $this->db->GetOne('SELECT id FROM account_teams WHERE name = ? AND account_id = ? LIMIT 1', array($name, $this->user->getAccountId())); if (!$id) { $team = new Scalr_Account_Team(); $team->name = $name; $team->accountId = $this->user->getAccountId(); $team->save(); $id = $team->id; } $env->addTeam($id); } } // remove unused teams $ids = $this->db->GetAll(' SELECT account_teams.id FROM account_teams LEFT JOIN account_team_envs ON account_team_envs.team_id = account_teams.id WHERE ISNULL(account_team_envs.env_id) AND account_teams.account_id = ? ', array($this->user->getAccountId())); foreach ($ids as $id) { $team = new Scalr_Account_Team(); $team->loadById($id['id']); $team->delete(); } } else { foreach ($this->getParam('teams') as $id) { $env->addTeam($id); } } } $this->response->success($isNew ? 'Environment successfully created' : 'Environment saved'); $env = Scalr_Environment::init()->loadById($env->id); //reload env to be sure we have actual params $teams = array(); foreach ($env->getTeams() as $teamId) { if ($this->getContainer()->config->get('scalr.auth_mode') == 'ldap') { $team = new Scalr_Account_Team(); $team->loadById($teamId); $teams[] = $team->name; } else { $teams[] = $teamId; } } $this->response->data(array('env' => array('id' => $env->id, 'name' => $env->name, 'status' => $env->status, 'platforms' => $env->getEnabledPlatforms(), 'teams' => $teams))); } else { $this->response->failure($this->request->getValidationErrorsMessage()); } }