vcl-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jftho...@apache.org
Subject svn commit: r756746 - in /incubator/vcl/trunk/web/.ht-inc: authentication.php errors.php utils.php xmlrpcWrappers.php
Date Fri, 20 Mar 2009 20:28:25 GMT
Author: jfthomps
Date: Fri Mar 20 20:28:24 2009
New Revision: 756746

URL: http://svn.apache.org/viewvc?rev=756746&view=rev
Log:
VCL-33

authentication.php:
modified testGeneralAffiliation: regular expression allowed there to be nothing before the
@ that separates the userid from the affiliation; modified
to require at least one character before the @

errors.php:
added error 12: Failed to determine affiliation id in getUserListID

utils.php:
modified updateUserOrGroupPrivs:
-changed $name parameter such that a user group name is not allowed because this doesn't account
for the affiliation part of the user group; no calling functions were using it this way anyway
modified getUserlistID:
-added an optional $noadd parameter that allows the function to just check to see if a user
already exists in the database without trying to add it from configured sources
-modified abort error code to be 12 instead of 11 that was there incorrectly
modified getUsersGroups:
-added optional $includeaffil parameter that if set will cause the affiliation of the groups
to be appended to the end of the group name
modified getUserGroupID:
-now it always checks the affiliation with the name instead of only when the group was both
not custom or a courseroll group
modified xmlrpccall:
-registered new functions added to xmlrpcWrappers
modified xmlRPChandler:
-mysql_escape_string called for $saveargs data
added validateAPIgroupInput

xmlrpcWrappers.php:
added these functions:
XMLRPCaddUserGroup
XMLRPCgetUserGroupAttributes
XMLRPCdeleteUserGroup
XMLRPCeditUserGroup
XMLRPCgetUserGroupMembers
XMLRPCaddUsersToGroup
XMLRPCremoveUsersFromGroup

Modified:
    incubator/vcl/trunk/web/.ht-inc/authentication.php
    incubator/vcl/trunk/web/.ht-inc/errors.php
    incubator/vcl/trunk/web/.ht-inc/utils.php
    incubator/vcl/trunk/web/.ht-inc/xmlrpcWrappers.php

Modified: incubator/vcl/trunk/web/.ht-inc/authentication.php
URL: http://svn.apache.org/viewvc/incubator/vcl/trunk/web/.ht-inc/authentication.php?rev=756746&r1=756745&r2=756746&view=diff
==============================================================================
--- incubator/vcl/trunk/web/.ht-inc/authentication.php (original)
+++ incubator/vcl/trunk/web/.ht-inc/authentication.php Fri Mar 20 20:28:24 2009
@@ -608,7 +608,7 @@
 ///
 ////////////////////////////////////////////////////////////////////////////////
 function testGeneralAffiliation(&$login, &$affilid) {
-	if(preg_match('/^([^@]*)@([^@\.]*)$/', $login, $matches)) {
+	if(preg_match('/^([^@]+)@([^@\.]*)$/', $login, $matches)) {
 		$login = $matches[1];
 		$affilid = getAffiliationID($matches[2]);
 		return 1;

Modified: incubator/vcl/trunk/web/.ht-inc/errors.php
URL: http://svn.apache.org/viewvc/incubator/vcl/trunk/web/.ht-inc/errors.php?rev=756746&r1=756745&r2=756746&view=diff
==============================================================================
--- incubator/vcl/trunk/web/.ht-inc/errors.php (original)
+++ incubator/vcl/trunk/web/.ht-inc/errors.php Fri Mar 20 20:28:24 2009
@@ -36,6 +36,7 @@
 	"9"   => 'getRequestInfo was called with an empty $id',
 	"10"  => "Failed to insert row while submitting new image",
 	"11"  => "getContinuationsData returned an empty array",
+	"12"  => "Failed to determine affiliation id in getUserListID",
 	"15"  => "Failed to insert row while submitting new schedule",
 	"20"  => "There was an attempt submit data to the page, but the referrer was not the
entry script.",
 	"25"  => "Failed to get IPaddress of computer in acknowledgeRequest.",

Modified: incubator/vcl/trunk/web/.ht-inc/utils.php
URL: http://svn.apache.org/viewvc/incubator/vcl/trunk/web/.ht-inc/utils.php?rev=756746&r1=756745&r2=756746&view=diff
==============================================================================
--- incubator/vcl/trunk/web/.ht-inc/utils.php (original)
+++ incubator/vcl/trunk/web/.ht-inc/utils.php Fri Mar 20 20:28:24 2009
@@ -211,6 +211,7 @@
 			$semislocked = 0;
 			require_once(".ht-inc/xmlrpcWrappers.php");
 			require_once(".ht-inc/requests.php");
+			require_once(".ht-inc/groups.php");
 			setupSession();
 		}
 		return;
@@ -2079,7 +2080,7 @@
 ///
 /// \fn updateUserOrGroupPrivs($name, $node, $adds, $removes, $mode)
 ///
-/// \param $name - unityid, user id, user group name, or user group id
+/// \param $name - unityid, user id, or user group id
 /// \param $node - id of the node
 /// \param $adds - array of privs (the name, not the id) to add
 /// \param $removes - array of privs (the name, not the id) to remove
@@ -2104,10 +2105,7 @@
 	}
 	else {
 		$field = "usergroupid";
-		if(is_numeric($name))
-			$id = $name;
-		else
-			$id = getUserGroupID($name);
+		$id = $name;
 	}
 	foreach($adds as $type) {
 		$typeid = getUserPrivTypeID($type);
@@ -2678,9 +2676,11 @@
 
 ////////////////////////////////////////////////////////////////////////////////
 ///
-/// \fn getUserlistID($loginid)
+/// \fn getUserlistID($loginid, $noadd)
 ///
 /// \param $loginid - login ID
+/// \param $noadd - (optional, default=0) 0 to try to add user to database if
+/// not there, 1 to only return the id if it already exists in the database
 ///
 /// \return id from userlist table for the user
 ///
@@ -2688,12 +2688,12 @@
 /// calls addUser to add it to the table
 ///
 ////////////////////////////////////////////////////////////////////////////////
-function getUserlistID($loginid) {
+function getUserlistID($loginid, $noadd=0) {
 	$_loginid = $loginid;
 	getAffilidAndLogin($loginid, $affilid);
 
 	if(empty($affilid))
-		abort(11);
+		abort(12);
 
 	$query = "SELECT id "
 	       . "FROM user "
@@ -2704,6 +2704,8 @@
 		$row = mysql_fetch_row($qh);
 		return $row[0];
 	}
+	if($noadd)
+		return NULL;
 	return addUser($_loginid);
 }
 
@@ -3187,10 +3189,13 @@
 
 ////////////////////////////////////////////////////////////////////////////////
 ///
-/// \fn getUsersGroups($userid, $includeowned)
+/// \fn getUsersGroups($userid, $includeowned, $includeaffil)
 ///
 /// \param $userid - an id from the user table
-/// \param $includeowned - include groups the user owns but is not in
+/// \param $includeowned - (optional, default=0) include groups the user owns
+///                        but is not in
+/// \param $includeaffil - (optional, default=0) include @affiliation in name
+///                        of group
 ///
 /// \return an array of the user's groups where the index is the id of the
 /// group
@@ -3198,13 +3203,25 @@
 /// \brief builds a array of the groups the user is member of
 ///
 ////////////////////////////////////////////////////////////////////////////////
-function getUsersGroups($userid, $includeowned=0) {
-	$query = "SELECT m.usergroupid, "
-	       .        "g.name "
-	       . "FROM usergroupmembers m, "
-	       .      "usergroup g "
-	       . "WHERE m.userid = $userid AND "
-	       .       "m.usergroupid = g.id";
+function getUsersGroups($userid, $includeowned=0, $includeaffil=0) {
+	if($includeaffil) {
+		$query = "SELECT m.usergroupid, "
+		       .        "CONCAT(g.name, '@', a.name) AS name "
+		       . "FROM usergroupmembers m, "
+		       .      "usergroup g, "
+		       .      "affiliation a "
+		       . "WHERE m.userid = $userid AND "
+		       .       "m.usergroupid = g.id AND "
+		       .       "g.affiliationid = a.id";
+	}
+	else {
+		$query = "SELECT m.usergroupid, "
+		       .        "g.name "
+		       . "FROM usergroupmembers m, "
+		       .      "usergroup g "
+		       . "WHERE m.userid = $userid AND "
+		       .       "m.usergroupid = g.id";
+	}
 	$qh = doQuery($query, "101");
 	$groups = array();
 	while($row = mysql_fetch_assoc($qh)) {
@@ -6918,11 +6935,7 @@
 	$query = "SELECT id "
 	       . "FROM usergroup "
 	       . "WHERE name = '$name' AND "
-	       .       "((custom = 0 AND "
-	       .       "courseroll = 0 AND "
-	       .       "affiliationid = $affilid) OR "
-	       .       "custom = 1 OR "
-	       .       "courseroll = 1)";
+	       .       "affiliationid = $affilid";
 	$qh = doQuery($query, 300);
 	if($row = mysql_fetch_row($qh)) {
 		return $row[0];
@@ -7777,7 +7790,7 @@
 /// \b virtualswitch0 - name of first virtual switch\n
 /// \b virtualswitch1 - name of second virtual switch\n
 /// \b vmdisk - "localdisk" or "networkdisk" - whether or not vm files are
-/// stored on local disk or network attached storage
+/// stored on local disk or network attached storage\n
 /// \b username - vmware username associated with this profile\n
 /// \b password - vmware password associated with this profile
 ///
@@ -8112,6 +8125,13 @@
 	xmlrpc_server_register_method($xmlrpc_handle, "XMLRPCgetRequestIds", "xmlRPChandler");
 	xmlrpc_server_register_method($xmlrpc_handle, "XMLRPCblockAllocation", "xmlRPChandler");
 	xmlrpc_server_register_method($xmlrpc_handle, "XMLRPCprocessBlockTime", "xmlRPChandler");
+	xmlrpc_server_register_method($xmlrpc_handle, "XMLRPCaddUserGroup", "xmlRPChandler");
+	xmlrpc_server_register_method($xmlrpc_handle, "XMLRPCgetUserGroupAttributes", "xmlRPChandler");
+	xmlrpc_server_register_method($xmlrpc_handle, "XMLRPCdeleteUserGroup", "xmlRPChandler");
+	xmlrpc_server_register_method($xmlrpc_handle, "XMLRPCeditUserGroup", "xmlRPChandler");
+	xmlrpc_server_register_method($xmlrpc_handle, "XMLRPCgetUserGroupMembers", "xmlRPChandler");
+	xmlrpc_server_register_method($xmlrpc_handle, "XMLRPCaddUsersToGroup", "xmlRPChandler");
+	xmlrpc_server_register_method($xmlrpc_handle, "XMLRPCremoveUsersFromGroup", "xmlRPChandler");
 
 	print xmlrpc_server_call_method($xmlrpc_handle, $HTTP_RAW_POST_DATA, '');
 	xmlrpc_server_destroy($xmlrpc_handle);
@@ -8166,7 +8186,7 @@
 	else
 		$keyid = $user['id'];
 	if(function_exists($function)) {
-		$saveargs = serialize($args);
+		$saveargs = mysql_escape_string(serialize($args));
 		$query = "INSERT INTO xmlrpcLog "
 		       .        "(xmlrpcKeyid, " 
 		       .        "timestamp, "
@@ -8280,6 +8300,133 @@
 
 ////////////////////////////////////////////////////////////////////////////////
 ///
+/// \fn validateAPIgroupInput($items, $exists)
+///
+/// \param $items - array of data to validate; the following items can be
+/// validated:\n
+/// \b name - if specified, affiliation must also be specified\n
+/// \b affiliation - if specified, name must also be specified\n
+/// \b owner \n
+/// \b managingGroup \n
+/// \b initialMaxTime \n
+/// \b totalMaxTime \n
+/// \b maxExtendTime
+/// \param $exists - 1 to check if $name\@$affiliation exists, 0 to check that
+///                  they it does not exist
+///
+/// \return an array to be returned as an error status or $items with these
+/// extra keys:\n
+/// \b status - "success"\n
+/// \b managingGroupID - (if managingGroup in $items) id of managingGroup
+/// \b managingGroupName - (if managingGroup in $items) name of managingGroup
+/// \b managingGroupAffilid - (if managingGroup in $items) affiliation id of
+///                           managingGroup
+/// \b affiliationid - (if affiliation in $items) affiliation id
+///
+/// \brief validates data in $items
+///
+////////////////////////////////////////////////////////////////////////////////
+function validateAPIgroupInput($items, $exists) {
+	# initialMaxTime
+	if(array_key_exists('initialMaxTime', $items)) {
+		if(! is_numeric($items['initialMaxTime']) ||
+		   $items['initialMaxTime'] < 1 ||
+		   $items['initialMaxTime'] > 65535) {
+			return array('status' => 'error',
+			             'errorcode' => 21,
+			             'errormsg' => 'submitted initialMaxTime is invalid');
+		}
+	}
+	# totalMaxTime
+	if(array_key_exists('totalMaxTime', $items)) {
+		if(! is_numeric($items['totalMaxTime']) ||
+		   $items['totalMaxTime'] < 1 ||
+		   $items['totalMaxTime'] > 65535) {
+			return array('status' => 'error',
+			             'errorcode' => 22,
+			             'errormsg' => 'submitted totalMaxTime is invalid');
+		}
+	}
+	# maxExtendTime
+	if(array_key_exists('maxExtendTime', $items)) {
+		if(! is_numeric($items['maxExtendTime']) ||
+		   $items['maxExtendTime'] < 1 ||
+		   $items['maxExtendTime'] > 65535) {
+			return array('status' => 'error',
+			             'errorcode' => 23,
+			             'errormsg' => 'submitted maxExtendTime is invalid');
+		}
+	}
+	# affiliation
+	if(array_key_exists('affiliation', $items)) {
+		$esc_affiliation = mysql_escape_string($items['affiliation']);
+		$affilid = getAffiliationID($esc_affiliation);
+		if(is_null($affilid)) {
+			return array('status' => 'error',
+			             'errorcode' => 17,
+			             'errormsg' => 'unknown affiliation');
+		}
+		$items['affiliationid'] = $affilid;
+	}
+	# name
+	if(array_key_exists('name', $items)) {
+		if(! ereg('^[-a-zA-Z0-9_\.: ]{3,30}$', $items['name'])) {
+			return array('status' => 'error',
+			             'errorcode' => 19,
+			             'errormsg' => 'Name must be between 3 and 30 characters '
+			                         . 'and can only contain letters, numbers, and '
+			                         . 'these characters: - _ . :');
+		}
+		$esc_name = mysql_escape_string($items['name']);
+		$doesexist = checkForGroupName($esc_name, 'user', '', $affilid);
+		if($exists && ! $doesexist) {
+			return array('status' => 'error',
+			             'errorcode' => 18,
+			             'errormsg' => 'user group with submitted name and affiliation does not
exist');
+		}
+		elseif(! $exists && $doesexist) {
+			return array('status' => 'error',
+			             'errorcode' => 27,
+			             'errormsg' => 'existing user group with submitted name and affiliation');
+		}
+		elseif($exists && $doesexist) {
+			$items['id'] = getUserGroupID($esc_name, $affilid);
+		}
+	}
+	# owner
+	if(array_key_exists('owner', $items)) {
+		if(! validateUserid(mysql_escape_string($items['owner']))) {
+			return array('status' => 'error',
+			             'errorcode' => 20,
+			             'errormsg' => 'submitted owner is invalid');
+		}
+	}
+	# managingGroup
+	if(array_key_exists('managingGroup', $items)) {
+		$parts = explode('@', $items['managingGroup']);
+		if(count($parts) != 2) {
+			return array('status' => 'error',
+			             'errorcode' => 24,
+			             'errormsg' => 'submitted managingGroup is invalid');
+		}
+		$esc_mgName = mysql_escape_string($parts[0]);
+		$esc_mgAffil = mysql_escape_string($parts[1]);
+		$mgaffilid = getAffiliationID($esc_mgAffil);
+		if(! checkForGroupName($esc_mgName, 'user', '', $mgaffilid)) {
+			return array('status' => 'error',
+			             'errorcode' => 25,
+			             'errormsg' => 'submitted managingGroup does not exist');
+		}
+		$items['managingGroupID'] = getUserGroupID($esc_mgName, $mgaffilid);
+		$items['managingGroupName'] = $parts[0];
+		$items['managingGroupAffilid'] = $mgaffilid;
+	}
+	$items['status'] = 'success';
+	return $items;
+}
+
+////////////////////////////////////////////////////////////////////////////////
+///
 /// \fn json_encode()
 ///
 /// \brief json_encode was introduced in php 5.2, this function was taked from

Modified: incubator/vcl/trunk/web/.ht-inc/xmlrpcWrappers.php
URL: http://svn.apache.org/viewvc/incubator/vcl/trunk/web/.ht-inc/xmlrpcWrappers.php?rev=756746&r1=756745&r2=756746&view=diff
==============================================================================
--- incubator/vcl/trunk/web/.ht-inc/xmlrpcWrappers.php (original)
+++ incubator/vcl/trunk/web/.ht-inc/xmlrpcWrappers.php Fri Mar 20 20:28:24 2009
@@ -738,6 +738,577 @@
 
 ////////////////////////////////////////////////////////////////////////////////
 ///
+/// \fn XMLRPCaddUserGroup($name, $affiliation, $owner, $managingGroup,
+///                        $initialMaxTime, $totalMaxTime, $maxExtendTime)
+///
+/// \param $name - name of user group
+/// \param $affiliation - affiliation of user group
+/// \param $owner - user that will be the owner of the group in
+///                 username\@affiliation form
+/// \param $managingGroup - user group that can manage membership of this one
+/// \param $initialMaxTime - (minutes) max initial time users in this group can
+///                          select for length of reservations
+/// \param $totalMaxTime - (minutes) total length users in the group can have
+///                        for a reservation (including all extensions)
+/// \param $maxExtendTime - (minutes) max length of time users can request as an
+///                         extension to a reservation at a time
+///
+/// \return an array with at least one index named 'status' which will have
+/// one of these values:\n
+/// \b error - error occurred; there will be 2 additional elements in the array:
+/// \li \b errorcode - error number
+/// \li \b errormsg - error string
+///
+/// \b success - user group was successfully created
+///
+/// \brief creates a new user group with the specified parameters
+///
+////////////////////////////////////////////////////////////////////////////////
+function XMLRPCaddUserGroup($name, $affiliation, $owner, $managingGroup,
+                            $initialMaxTime, $totalMaxTime, $maxExtendTime) {
+	global $user;
+	if(! in_array('groupAdmin', $user['privileges'])) {
+		return array('status' => 'error',
+		             'errorcode' => 16,
+		             'errormsg' => 'access denied for managing user groups');
+	}
+	$validate = array('name' => $name,
+	                  'affiliation' => $affiliation,
+	                  'owner' => $owner,
+	                  'managingGroup' => $managingGroup,
+	                  'initialMaxTime' => $initialMaxTime,
+	                  'totalMaxTime' => $totalMaxTime,
+	                  'maxExtendTime' => $maxExtendTime);
+	$rc = validateAPIgroupInput($validate, 0);
+	if($rc['status'] == 'error')
+		return $rc;
+	$data = array('type' => 'user',
+	              'owner' => $owner,
+	              'name' => $name,
+	              'affiliationid' => $rc['affiliationid'],
+	              'editgroupid' => $rc['managingGroupID'],
+	              'initialmax' => $initialMaxTime,
+	              'totalmax' => $totalMaxTime,
+	              'maxextend' => $maxExtendTime,
+	              'overlap' => 0);
+	if(! addGroup($data)) {
+		return array('status' => 'error',
+		             'errorcode' => 26,
+		             'errormsg' => 'failure while adding group to database');
+	}
+	return array('status' => 'success');
+}
+
+////////////////////////////////////////////////////////////////////////////////
+///
+/// \fn XMLRPCgetUserGroupAttributes($name, $affiliation)
+///
+/// \param $name - name of user group
+/// \param $affiliation - affiliation of user group
+///
+/// \return an array with at least one index named 'status' which will have
+/// one of these values:\n
+/// \b error - error occurred; there will be 2 additional elements in the array:
+/// \li \b errorcode - error number
+/// \li \b errormsg - error string
+///
+/// \b success - there will be five additional elements in this case:
+/// \li \b owner - user that will be the owner of the group in
+///                username\@affiliation form
+/// \li \b managingGroup - user group that can manage membership of this one in
+///                        groupname\@affiliation form
+/// \li \b initialMaxTime - (minutes) max initial time users in this group can
+///                         select for length of reservations
+/// \li \b totalMaxTime - (minutes) total length users in the group can have for
+///                       a reservation (including all extensions)
+/// \li \b maxExtendTime - (minutes) max length of time users can request as an
+///                        extension to a reservation at a time
+///
+/// \brief gets information about a user group
+///
+////////////////////////////////////////////////////////////////////////////////
+function XMLRPCgetUserGroupAttributes($name, $affiliation) {
+	global $user;
+	if(! in_array('groupAdmin', $user['privileges'])) {
+		return array('status' => 'error',
+		             'errorcode' => 16,
+		             'errormsg' => 'access denied for managing user groups');
+	}
+	$validate = array('name' => $name,
+	                  'affiliation' => $affiliation);
+	$rc = validateAPIgroupInput($validate, 1);
+	if($rc['status'] == 'error')
+		return $rc;
+	$query = "SELECT ug.id, "
+	       .        "ug.ownerid, "
+	       .        "CONCAT(u.unityid, '@', a.name) AS owner, "
+	       .        "ug.editusergroupid AS editgroupid, "
+	       .        "eug.name AS editgroup, "
+	       .        "eug.affiliationid AS editgroupaffiliationid, "
+	       .        "euga.name AS editgroupaffiliation, "
+	       .        "ug.initialmaxtime, "
+	       .        "ug.totalmaxtime, "
+	       .        "ug.maxextendtime, "
+	       .        "ug.overlapResCount "
+	       . "FROM usergroup ug "
+	       . "LEFT JOIN user u ON (ug.ownerid = u.id) "
+	       . "LEFT JOIN affiliation a ON (u.affiliationid = a.id) "
+	       . "LEFT JOIN usergroup eug ON (ug.editusergroupid = eug.id) "
+	       . "LEFT JOIN affiliation euga ON (eug.affiliationid = euga.id) "
+	       . "WHERE ug.id = {$rc['id']}";
+	$qh = doQuery($query, 101);
+	if(! $row = mysql_fetch_assoc($qh)) {
+		return array('status' => 'error',
+		             'errorcode' => 18,
+		             'errormsg' => 'user group with submitted name and affiliation does not
exist');
+	}
+	# if not owner and not member of managing group, no access
+	if($user['id'] != $row['ownerid'] && 
+	   ! array_key_exists($row['editgroupid'], $user['groups'])) {
+		return array('status' => 'error',
+		             'errorcode' => 28,
+		             'errormsg' => 'access denied to user group with submitted name and affiliation');
+	}
+	return array('status' => 'success',
+	             'owner' => $row['owner'],
+	             'managingGroup' => "{$row['editgroup']}@{$row['editgroupaffiliation']}",
+	             'initialMaxTime' => $row['initialmaxtime'],
+	             'totalMaxTime' => $row['totalmaxtime'],
+	             'maxExtendTime' => $row['maxextendtime']);
+}
+
+////////////////////////////////////////////////////////////////////////////////
+///
+/// \fn XMLRPCdeleteUserGroup($name, $affiliation)
+///
+/// \param $name - name of user group
+/// \param $affiliation - affiliation of user group
+///
+/// \return an array with at least one index named 'status' which will have
+/// one of these values:\n
+/// \b error - error occurred; there will be 2 additional elements in the array:
+/// \li \b errorcode - error number
+/// \li \b errormsg - error string
+///
+/// \b success - user group was successfully deleted
+///
+/// \brief deletes a user group along with all of its privileges
+///
+////////////////////////////////////////////////////////////////////////////////
+function XMLRPCdeleteUserGroup($name, $affiliation) {
+	global $user, $mysql_link_vcl;
+	if(! in_array('groupAdmin', $user['privileges'])) {
+		return array('status' => 'error',
+		             'errorcode' => 16,
+		             'errormsg' => 'access denied for managing user groups');
+	}
+	$validate = array('name' => $name,
+	                  'affiliation' => $affiliation);
+	$rc = validateAPIgroupInput($validate, 1);
+	if($rc['status'] == 'error')
+		return $rc;
+	$query = "SELECT ownerid "
+	       . "FROM usergroup "
+	       . "WHERE id = {$rc['id']}";
+	$qh = doQuery($query, 101);
+	if(! $row = mysql_fetch_assoc($qh)) {
+		return array('status' => 'error',
+		             'errorcode' => 18,
+		             'errormsg' => 'user group with submitted name and affiliation does not
exist');
+	}
+	# if not owner no access to delete group
+	if($user['id'] != $row['ownerid']) {
+		return array('status' => 'error',
+		             'errorcode' => 29,
+		             'errormsg' => 'access denied to delete user group with submitted name and
affiliation');
+	}
+	$query = "DELETE FROM usergroup "
+			 . "WHERE id = {$rc['id']}";
+	doQuery($query, 101);
+	# validate something deleted
+	if(mysql_affected_rows($mysql_link_vcl) == 0) {
+		return array('status' => 'error',
+		             'errorcode' => 30,
+		             'errormsg' => 'failure while deleting group from database');
+	}
+	return array('status' => 'success');
+}
+
+////////////////////////////////////////////////////////////////////////////////
+///
+/// \fn XMLRPCeditUserGroup($name, $affiliation, $newName, $newAffiliation,
+///                         $newOwner, $newManagingGroup, $newInitialMaxTime,
+///                         $newTotalMaxTime, $newMaxExtendTime)
+///
+/// \param $name - name of user group
+/// \param $affiliation - affiliation of user group
+/// \param $newName - new name for user group
+/// \param $newAffiliation - new affiliation for user group
+/// \param $newOwner - (optional, default='') user that will be the owner of
+///                    the group in username\@affiliation form
+/// \param $newManagingGroup - (optional, default='') user group that can
+///                            manage membership of this one
+/// \param $newInitialMaxTime - (optional, default='') (minutes) max initial
+///                             time users in this group can select for length
+///                             of reservations
+/// \param $newTotalMaxTime - (optional, default='') (minutes) total length
+///                           users in the group can have for a reservation
+///                           (including all extensions)
+/// \param $newMaxExtendTime - (optional, default='') (minutes) max length of
+///                            time users can request as an extension to a
+///                            reservation at a time
+///
+/// \return an array with at least one index named 'status' which will have
+/// one of these values:\n
+/// \b error - error occurred; there will be 2 additional elements in the array:
+/// \li \b errorcode - error number
+/// \li \b errormsg - error string
+///
+/// \b success - user group was successfully updated
+///
+/// \brief modifies attributes of a user group\n
+/// \b NOTE: an empty string may be passed for any of the new* fields to leave
+/// that item unchanged
+///
+////////////////////////////////////////////////////////////////////////////////
+function XMLRPCeditUserGroup($name, $affiliation, $newName, $newAffiliation,
+                             $newOwner='', $newManagingGroup='',
+                             $newInitialMaxTime='', $newTotalMaxTime='',
+                             $newMaxExtendTime='') {
+	global $user, $mysql_link_vcl;
+	if(! in_array('groupAdmin', $user['privileges'])) {
+		return array('status' => 'error',
+		             'errorcode' => 16,
+		             'errormsg' => 'access denied for managing user groups');
+	}
+
+	$updates = array();
+
+	# validate group exists and new values other than newName and newAffiliation
+	#   are valid
+	$validate = array('name' => $name,
+	                  'affiliation' => $affiliation);
+	if(! empty($newOwner))
+		$validate['owner'] = $newOwner;
+	if(! empty($newManagingGroup))
+		$validate['managingGroup'] = $newManagingGroup;
+	if(! empty($newInitialMaxTime)) {
+		$validate['initialMaxTime'] = $newInitialMaxTime;
+		$updates[] = "initialmaxtime = $newInitialMaxTime";
+	}
+	if(! empty($newTotalMaxTime)) {
+		$validate['totalMaxTime'] = $newTotalMaxTime;
+		$updates[] = "totalmaxtime = $newTotalMaxTime";
+	}
+	if(! empty($newMaxExtendTime)) {
+		$validate['maxExtendTime'] = $newMaxExtendTime;
+		$updates[] = "maxextendtime = $newMaxExtendTime";
+	}
+	$rc = validateAPIgroupInput($validate, 1);
+	if($rc['status'] == 'error')
+		return $rc;
+
+	# get info about group
+	$query = "SELECT ownerid "
+	       . "FROM usergroup "
+	       . "WHERE id = {$rc['id']}";
+	$qh = doQuery($query, 101);
+	if(! $row = mysql_fetch_assoc($qh)) {
+		return array('status' => 'error',
+		             'errorcode' => 18,
+		             'errormsg' => 'user group with submitted name and affiliation does not
exist');
+	}
+	# if not owner no access to edit group attributes
+	if($user['id'] != $row['ownerid']) {
+		return array('status' => 'error',
+		             'errorcode' => 32,
+		             'errormsg' => 'access denied to modify attributes for user group with submitted
name and affiliation');
+	}
+
+	# validate that newName and newAffiliation are valid
+	if(! empty($newName) || ! empty($newAffiliation)) {
+		$validate = array('name' => $name,
+		                  'affiliation' => $affiliation);
+		if(! empty($newName)) {
+			$validate['name'] = $newName;
+			$tmp = mysql_escape_string($newName);
+			$updates[] = "name = '$tmp'";
+		}
+		if(! empty($newAffiliation))
+			$validate['affiliation'] = $newAffiliation;
+		$rc2 = validateAPIgroupInput($validate, 0);
+		if($rc2['status'] == 'error') {
+			if($rc2['errorcode'] == 27) {
+				$rc2['errorcode'] = 31;
+				$rc2['errormsg'] = 'existing user group with new form of name@affiliation';
+			}
+			return $rc2;
+		}
+		if(! empty($newAffiliation))
+			$updates[] = "affiliationid = {$rc2['affiliationid']}";
+	}
+
+	if(! empty($newOwner)) {
+		$newownerid = getUserlistID(mysql_escape_string($newOwner));
+		$updates[] = "ownerid = $newownerid";
+	}
+	if(! empty($newManagingGroup)) {
+		$updates[] = "editusergroupid = {$rc['managingGroupID']}";
+	}
+	$sets = implode(',', $updates);
+	if(count($updates) == 0) {
+		return array('status' => 'error',
+		             'errorcode' => 33,
+		             'errormsg' => 'no new values submitted');
+	}
+	$query = "UPDATE usergroup "
+	       . "SET $sets "
+	       . "WHERE id = {$rc['id']}";
+	doQuery($query, 101);
+	return array('status' => 'success');
+}
+
+////////////////////////////////////////////////////////////////////////////////
+///
+/// \fn XMLRPCgetUserGroupMembers($name, $affiliation)
+///
+/// \param $name - name of user group
+/// \param $affiliation - affiliation of user group
+///
+/// \return an array with at least one index named 'status' which will have
+/// one of these values:\n
+/// \b error - error occurred; there will be 2 additional elements in the array:
+/// \li \b errorcode - error number
+/// \li \b errormsg - error string
+///
+/// \b success - there will be one additional element in this case:
+/// \li \b members - array of members of the group in username\@affiliation form
+///
+/// \brief gets members of a user group\n
+/// \b Note: it is possible to have a group with no members in which case
+/// success will be returned with an empty array for members
+///
+////////////////////////////////////////////////////////////////////////////////
+function XMLRPCgetUserGroupMembers($name, $affiliation) {
+	global $user;
+	if(! in_array('groupAdmin', $user['privileges'])) {
+		return array('status' => 'error',
+		             'errorcode' => 16,
+		             'errormsg' => 'access denied for managing user groups');
+	}
+	$validate = array('name' => $name,
+	                  'affiliation' => $affiliation);
+	$rc = validateAPIgroupInput($validate, 1);
+	if($rc['status'] == 'error')
+		return $rc;
+	$query = "SELECT ownerid, "
+	       .        "editusergroupid AS editgroupid "
+	       . "FROM usergroup "
+	       . "WHERE id = {$rc['id']}";
+	$qh = doQuery($query, 101);
+	if(! $row = mysql_fetch_assoc($qh)) {
+		return array('status' => 'error',
+		             'errorcode' => 18,
+		             'errormsg' => 'user group with submitted name and affiliation does not
exist');
+	}
+	# if not owner and not member of managing group, no access
+	if($user['id'] != $row['ownerid'] && 
+	   ! array_key_exists($row['editgroupid'], $user['groups'])) {
+		return array('status' => 'error',
+		             'errorcode' => 28,
+		             'errormsg' => 'access denied to user group with submitted name and affiliation');
+	}
+	$query = "SELECT CONCAT(u.unityid, '@', a.name) AS member "
+	       . "FROM usergroupmembers ugm, "
+	       .      "user u, "
+	       .      "affiliation a "
+	       . "WHERE ugm.usergroupid = {$rc['id']} AND "
+	       .       "ugm.userid = u.id AND "
+	       .       "u.affiliationid = a.id";
+	$qh = doQuery($query, 101);
+	$members = array();
+	while($row = mysql_fetch_assoc($qh))
+		$members[] = $row['member'];
+	return array('status' => 'success',
+	             'members' => $members);
+}
+
+////////////////////////////////////////////////////////////////////////////////
+///
+/// \fn XMLRPCaddUsersToGroup($name, $affiliation, $users)
+///
+/// \param $name - name of user group
+/// \param $affiliation - affiliation of user group
+/// \param $users - array of users in username\@affiliation form to be added to
+///                 the group
+///
+/// \return an array with at least one index named 'status' which will have
+/// one of these values:\n
+/// \b error - error occurred; there will be 2 additional elements in the array:
+/// \li \b errorcode - error number
+/// \li \b errormsg - error string
+///
+/// \b success - users successfully added to the group
+///
+/// \b warning - there was a non-fatal issue that occurred while processing
+/// the call; there will be three additional elements in this case:
+/// \li \b warningcode - warning number
+/// \li \b warningmsg - warning string
+/// \li \b failedusers - array of users in username\@affiliation form that could
+///                      not be added
+///
+/// \brief adds users to a group
+///
+////////////////////////////////////////////////////////////////////////////////
+function XMLRPCaddUsersToGroup($name, $affiliation, $users) {
+	global $user;
+	if(! in_array('groupAdmin', $user['privileges'])) {
+		return array('status' => 'error',
+		             'errorcode' => 16,
+		             'errormsg' => 'access denied for managing user groups');
+	}
+	$validate = array('name' => $name,
+	                  'affiliation' => $affiliation);
+	$rc = validateAPIgroupInput($validate, 1);
+	if($rc['status'] == 'error')
+		return $rc;
+	$query = "SELECT ownerid, "
+	       .        "editusergroupid AS editgroupid "
+	       . "FROM usergroup "
+	       . "WHERE id = {$rc['id']}";
+	$qh = doQuery($query, 101);
+	if(! $row = mysql_fetch_assoc($qh)) {
+		return array('status' => 'error',
+		             'errorcode' => 18,
+		             'errormsg' => 'user group with submitted name and affiliation does not
exist');
+	}
+	# if not owner and not member of managing group, no access
+	if($user['id'] != $row['ownerid'] && 
+	   ! array_key_exists($row['editgroupid'], $user['groups'])) {
+		return array('status' => 'error',
+		             'errorcode' => 28,
+		             'errormsg' => 'access denied to user group with submitted name and affiliation');
+	}
+	$fails = array();
+	foreach($users as $_user) {
+		if(empty($_user))
+			continue;
+		$esc_user = mysql_escape_string($_user);
+		if(validateUserid($esc_user) == 1)
+			addUserGroupMember($esc_user, $rc['id']);
+		else
+			$fails[] = $_user;
+	}
+	if(count($fails)) {
+		$cnt = 'some';
+		$code = 34;
+		if(count($fails) == count($users)) {
+			$cnt = 'all submitted';
+			$code = 35;
+		}
+		return array('status' => 'warning',
+		             'failedusers' => $fails,
+		             'warningcode' => $code,
+		             'warningmsg' => "failed to add $cnt users to user group");
+	}
+	return array('status' => 'success');
+}
+
+////////////////////////////////////////////////////////////////////////////////
+///
+/// \fn XMLRPCremoveUsersFromGroup($name, $affiliation, $users)
+///
+/// \param $name - name of user group
+/// \param $affiliation - affiliation of user group
+/// \param $users - array of users in username\@affiliation form to be removed
+///                 from the group
+///
+/// \return an array with at least one index named 'status' which will have
+/// one of these values:\n
+/// \b error - error occurred; there will be 2 additional elements in the array:
+/// \li \b errorcode - error number
+/// \li \b errormsg - error string
+///
+/// \b success - users successfully removed from the group
+///
+/// \b warning - there was a non-fatal issue that occurred while processing
+/// the call; there will be three additional elements in this case:
+/// \li \b warningcode - warning number
+/// \li \b warningmsg - warning string
+/// \li \b failedusers - array of users in username\@affiliation form that could
+///                      not be removed
+///
+/// \brief removes users from a group
+///
+////////////////////////////////////////////////////////////////////////////////
+function XMLRPCremoveUsersFromGroup($name, $affiliation, $users) {
+	global $user, $findAffilFuncs;
+	if(! in_array('groupAdmin', $user['privileges'])) {
+		return array('status' => 'error',
+		             'errorcode' => 16,
+		             'errormsg' => 'access denied for managing user groups');
+	}
+	$validate = array('name' => $name,
+	                  'affiliation' => $affiliation);
+	$rc = validateAPIgroupInput($validate, 1);
+	if($rc['status'] == 'error')
+		return $rc;
+	$query = "SELECT ownerid, "
+	       .        "editusergroupid AS editgroupid "
+	       . "FROM usergroup "
+	       . "WHERE id = {$rc['id']}";
+	$qh = doQuery($query, 101);
+	if(! $row = mysql_fetch_assoc($qh)) {
+		return array('status' => 'error',
+		             'errorcode' => 18,
+		             'errormsg' => 'user group with submitted name and affiliation does not
exist');
+	}
+	# if not owner and not member of managing group, no access
+	if($user['id'] != $row['ownerid'] && 
+	   ! array_key_exists($row['editgroupid'], $user['groups'])) {
+		return array('status' => 'error',
+		             'errorcode' => 28,
+		             'errormsg' => 'access denied to user group with submitted name and affiliation');
+	}
+	$fails = array();
+	foreach($users as $_user) {
+		if(empty($_user))
+			continue;
+		$esc_user = mysql_escape_string($_user);
+		# check that affiliation of user can be determined because getUserlistID
+		#   will abort if it can't find it
+		$affilok = 0;
+		foreach($findAffilFuncs as $func) {
+			if($func($_user, $dump))
+				$affilok = 1;
+		}
+		if(! $affilok) {
+			$fails[] = $_user;
+			continue;
+		}
+		$userid = getUserlistID($esc_user, 1);
+		if(is_null($userid))
+			$fails[] = $_user;
+		else
+			deleteUserGroupMember($userid, $rc['id']);
+	}
+	if(count($fails)) {
+		$cnt = 'some';
+		$code = 36;
+		if(count($fails) == count($users)) {
+			$cnt = 'any';
+			$code = 37;
+		}
+		return array('status' => 'warning',
+		             'failedusers' => $fails,
+		             'warningcode' => $code,
+		             'warningmsg' => "failed to remove $cnt users from user group");
+	}
+	return array('status' => 'success');
+}
+
+////////////////////////////////////////////////////////////////////////////////
+///
 /// \fn XMLRPCtest($string)
 ///
 /// \param $string - a string



Mime
View raw message