/**
* Get an array of Role names granted to the user that permit the requested
* action on the given OwnedEntity. If the user has no roles that
* permit the requested action, then return an empty array.
* <p>
* Supported actions: EDIT_OBJECT, NGI_ADD_SITE, GRANT_ROLE, REJECT_ROLE, REVOKE_ROLE
*
* @param string $action
* @param \OwnedEntity $entity
* @param \User $callingUser
* @return array of RoleName values
* @throws LogicException If unsupported enitity type or action is passed
*/
public function authorizeAction($action, \OwnedEntity $entity, \User $callingUser)
{
$siteService = new \org\gocdb\services\Site();
$siteService->setEntityManager($this->em);
$ngiService = new \org\gocdb\services\NGI();
$ngiService->setEntityManager($this->em);
$sgService = new \org\gocdb\services\ServiceGroup();
$sgService->setEntityManager($this->em);
$projectService = new \org\gocdb\services\Project();
$projectService->setEntityManager($this->em);
if ($entity instanceof \NGI) {
$grantingRoles = $ngiService->authorizeAction($action, $entity, $callingUser);
} else {
if ($entity instanceof \Site) {
$grantingRoles = $siteService->authorizeAction($action, $entity, $callingUser);
} else {
if ($entity instanceof \Project) {
$grantingRoles = $projectService->authorizeAction($action, $entity, $callingUser);
} else {
if ($entity instanceof \ServiceGroup) {
$grantingRoles = $sgService->authorizeAction($action, $entity, $callingUser);
} else {
throw new \LogicException('Unsuppored OwnedEntity type');
}
}
}
}
return $grantingRoles;
}
/**
* Test the NGI service deleteNGI() method which recursively deletes child
* sites and services, roles etc.
*/
public function testNgiService_deleteNgi()
{
print __METHOD__ . "\n";
include __DIR__ . '/resources/sampleFixtureData1.php';
// create an admin user (required to call the NGI service)
$adminUser = TestUtil::createSampleUser('some', 'admin', '/some/admin');
$adminUser->setAdmin(TRUE);
$this->em->persist($adminUser);
// Now delete the ngi using the NGI service.
$ngiService = new org\gocdb\services\NGI();
$ngiService->setEntityManager($this->em);
$ngiService->deleteNgi($ngi, $adminUser, FALSE);
// since we deleted the NGI, we expect an empty DB !
$result = $testConn->createQueryTable('results_table', "SELECT * FROM Roles");
$this->assertTrue($result->getRowCount() == 0);
$result = $testConn->createQueryTable('results_table', "SELECT * FROM NGIs");
$this->assertTrue($result->getRowCount() == 0);
$result = $testConn->createQueryTable('results_table', "SELECT * FROM Sites");
$this->assertTrue($result->getRowCount() == 0);
$result = $testConn->createQueryTable('results_table', "SELECT * FROM Services");
$this->assertTrue($result->getRowCount() == 0);
$result = $testConn->createQueryTable('results_table', "SELECT * FROM Downtimes");
$this->assertTrue($result->getRowCount() == 0);
$result = $testConn->createQueryTable('results_table', "SELECT * FROM EndpointLocations");
$this->assertTrue($result->getRowCount() == 0);
$result = $testConn->createQueryTable('results_table', "SELECT * FROM CertificationStatusLogs");
$this->assertTrue($result->getRowCount() == 0);
}
public function testNgiService_removeNgi()
{
print __METHOD__ . "\n";
include __DIR__ . '/resources/sampleFixtureData1.php';
$adminUser = TestUtil::createSampleUser('some', 'admin', '/some/admin');
$adminUser->setAdmin(TRUE);
$this->em->persist($adminUser);
$ngiService = new org\gocdb\services\NGI();
$ngiService->setEntityManager($this->em);
$ngiService->deleteNgi($ngi, $adminUser, FALSE);
}
/**
* Delete the parent NGI and ensure all sites, servcies, endponts and downtimes
* are deleted leaving only the orphan dowmtime.
*/
public function testNgiService_removeNgi()
{
print __METHOD__ . "\n";
include __DIR__ . '/resources/sampleFixtureData4.php';
$adminUser = TestUtil::createSampleUser('some', 'admin', '/some/admin');
$adminUser->setAdmin(TRUE);
$this->em->persist($adminUser);
$ngiService = new org\gocdb\services\NGI();
$ngiService->setEntityManager($this->em);
$ngiService->deleteNgi($ngi, $adminUser, FALSE);
// use DB connection to check data has been deleted
$con = $this->getConnection();
$result = $con->createQueryTable('results_table', "SELECT * FROM EndpointLocations");
$this->assertTrue($result->getRowCount() == 0);
$result = $con->createQueryTable('results_table', "SELECT * FROM Downtimes");
$this->assertTrue($result->getRowCount() == 1);
// orphanDT
$result = $con->createQueryTable('results_table', "SELECT * FROM Sites");
$this->assertTrue($result->getRowCount() == 0);
// site2
}
/**
* Adds a site. $values is in the following format:
* Array
* (
* [Scope] => 2
* [Country] => 6
* [Timezone] => 1
* [ProductionStatus] => 1
* [NGI] => 11
* [Certification_Status] => 1
* [Site] => Array
* (
* [SHORT_NAME] => MyTestSite
* [OFFICIAL_NAME] => TestSite
* [HOME_URL] => https://test.host.com
* [GIIS_URL] => ldap://giis_url:234
* [IP_RANGE] => 0.0.0.0/255.255.255.234
* [IP_V6_RANGE] => 0000:0000:0000:0000:0000:0000:0000:0000[/int]
* [LOCATION] => Britain
* [LATITUDE] => 234
* [LONGITUDE] => 234
* [DESCRIPTION] => Test
* [EMAIL] => lcg@rl.ac.uk
* [CONTACTTEL] => +44 01925 603762, +44 01235 44 5010234
* [EMERGENCYTEL] => +44 01925 603762, +44 01235 44 5010, +44 01925 603513234
* [CSIRTEMAIL] => gocdb-admins@mailtalk.ac.uk
* [CSIRTTEL] => +44 01925 603762, +44 01235 44 5010, +44 01925 603513234
* [EMERGENCYEMAIL] => jcasson@234.com
* [HELPDESKEMAIL] => gocdb-admins@mailtalk.ac.uk
* [DOMAIN] => Test.com
* )
* )
* @param array $values New Site Values
* @param \User $user User making the request
*/
public function addSite($values, \User $user = null)
{
//Check the portal is not in read only mode, throws exception if it is
$this->checkPortalIsNotReadOnlyOrUserIsAdmin($user);
if (is_null($user)) {
throw new Exception("Unregistered users may not add new sites");
}
if (!$user->isAdmin()) {
$ngiService = new \org\gocdb\services\NGI();
$ngiService->setEntityManager($this->em);
$usersNGIs = $ngiService->getNGIsBySupportedAction(\Action::NGI_ADD_SITE, $user);
if (count($usersNGIs) == 0) {
throw new \Exception("You do not have permission to add a new site." . " To add a new site you require a managing role over an NGI");
}
}
// do as much validation before starting a new db tx
// check the site object data is valid
$this->validate($values['Site'], 'site');
//check there are the required number of scopes specified
$this->checkNumberOfScopes($values['Scope_ids']);
$this->uniqueCheck($values['Site']['SHORT_NAME']);
// Populate the entity
try {
/* Create a PK for this site
* This is persisted/flushed (but not committed) before the site
* so the PK is set by the database.
* If the site insertion fails the PK can still be rolled back.
*/
$this->em->getConnection()->beginTransaction();
$pk = new \PrimaryKey();
$this->em->persist($pk);
// flush synchronizes the in-memory state of managed objects with the database
// but we can still rollback
$this->em->flush();
//$this->em->getConnection()->commit();
//$this->em->getConnection()->beginTransaction();
$site = new \Site();
$site->setPrimaryKey($pk->getId() . "G0");
$site->setOfficialName($values['Site']['OFFICIAL_NAME']);
$site->setShortName($values['Site']['SHORT_NAME']);
$site->setDescription($values['Site']['DESCRIPTION']);
$site->setHomeUrl($values['Site']['HOME_URL']);
$site->setEmail($values['Site']['EMAIL']);
$site->setTelephone($values['Site']['CONTACTTEL']);
$site->setGiisUrl($values['Site']['GIIS_URL']);
$site->setLatitude($values['Site']['LATITUDE']);
$site->setLongitude($values['Site']['LONGITUDE']);
$site->setCsirtEmail($values['Site']['CSIRTEMAIL']);
$site->setIpRange($values['Site']['IP_RANGE']);
$site->setIpV6Range($values['Site']['IP_V6_RANGE']);
$site->setDomain($values['Site']['DOMAIN']);
$site->setLocation($values['Site']['LOCATION']);
$site->setCsirtTel($values['Site']['CSIRTTEL']);
$site->setEmergencyTel($values['Site']['EMERGENCYTEL']);
$site->setEmergencyEmail($values['Site']['EMERGENCYEMAIL']);
$site->setHelpdeskEmail($values['Site']['HELPDESKEMAIL']);
$site->setTimezoneId($values['Site']['TIMEZONE']);
// get the parent NGI entity
$dql = "SELECT n FROM NGI n WHERE n.id = :id";
$parentNgi = $this->em->createQuery($dql)->setParameter('id', $values['NGI'])->getSingleResult();
$site->setNgiDoJoin($parentNgi);
// get the target infrastructure
$dql = "SELECT i FROM Infrastructure i WHERE i.id = :id";
$inf = $this->em->createQuery($dql)->setParameter('id', $values['ProductionStatus'])->getSingleResult();
$site->setInfrastructure($inf);
// get the cert status
if (!isset($values['Certification_Status']) || $values['Certification_Status'] == null || $values['Certification_Status'] == '') {
throw new \LogicException("Missing seed data - No certification status values in the DB (required data)");
}
$dql = "SELECT c FROM CertificationStatus c WHERE c.id = :id";
$certStatus = $this->em->createQuery($dql)->setParameter('id', $values['Certification_Status'])->getSingleResult();
$site->setCertificationStatus($certStatus);
$now = new \DateTime('now', new \DateTimeZone('UTC'));
$site->setCertificationStatusChangeDate($now);
// create a new CertStatusLog
$certLog = new \CertificationStatusLog();
$certLog->setAddedBy($user->getCertificateDn());
$certLog->setNewStatus($certStatus->getName());
$certLog->setOldStatus(null);
$certLog->setAddedDate($now);
$certLog->setReason('Initial creation');
$this->em->persist($certLog);
$site->addCertificationStatusLog($certLog);
// Set the scopes
foreach ($values['Scope_ids'] as $scopeId) {
$dql = "SELECT s FROM Scope s WHERE s.id = :id";
$scope = $this->em->createQuery($dql)->setParameter('id', $scopeId)->getSingleResult();
$site->addScope($scope);
}
// get the country
$dql = "SELECT c FROM Country c WHERE c.id = :id";
$country = $this->em->createQuery($dql)->setParameter('id', $values['Country'])->getSingleResult();
$site->setCountry($country);
// deprecated - don't use the lookup DB entity
// $dql = "SELECT t FROM Timezone t WHERE t.id = :id";
// $timezone = $this->em->createQuery($dql)
// ->setParameter('id', $values['Timezone'])
// ->getSingleResult();
// $site->setTimezone($timezone);
$this->em->persist($site);
$this->em->flush();
$this->em->getConnection()->commit();
} catch (\Exception $ex) {
$this->em->getConnection()->rollback();
//$this->em->remove($pk);
//$this->em->flush();
$this->em->close();
throw $ex;
}
return $site;
}