Removed ability for users with read only permissions to access project edit pages
Project: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/repo Commit: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/commit/cb57e294 Tree: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/tree/cb57e294 Diff: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/diff/cb57e294 Branch: refs/heads/develop Commit: cb57e294829bcbc98376329729ee04f28f9398c1 Parents: fe50621 Author: Jeff Kinnison <[email protected]> Authored: Tue Aug 16 11:24:43 2016 -0400 Committer: Jeff Kinnison <[email protected]> Committed: Tue Aug 16 11:24:43 2016 -0400 ---------------------------------------------------------------------- app/controllers/ProjectController.php | 66 ++++++++++++++++++++++++------ app/libraries/SharingUtilities.php | 20 ++++++++- app/views/project/browse.blade.php | 4 +- app/views/project/summary.blade.php | 5 ++- 4 files changed, 78 insertions(+), 17 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/cb57e294/app/controllers/ProjectController.php ---------------------------------------------------------------------- diff --git a/app/controllers/ProjectController.php b/app/controllers/ProjectController.php index 3bf91d5..97a41f8 100755 --- a/app/controllers/ProjectController.php +++ b/app/controllers/ProjectController.php @@ -46,8 +46,25 @@ class ProjectController extends BaseController $users = SharingUtilities::getProfilesForSharedUsers(Input::get('projId'), ResourceType::PROJECT); + $experiments = ProjectUtilities::get_experiments_in_project(Input::get("projId")); + + $experiment_can_write = array(); + foreach($experiments as $experiment) { + if (SharingUtilities::userCanWrite(Session::get("username"), $experiment->experimentId, ResourceType::EXPERIMENT)) { + $experiment_can_write[$experiment->experimentId] = true; + } + else { + $experiment_can_write[$experiment->experimentId] = false; + } + } + return View::make("project/summary", - array("projectId" => Input::get("projId"), "users" => json_encode($users))); + array("projectId" => Input::get("projId"), + "experiments" => $experiments, + "users" => json_encode($users), + "project_can_write" => SharingUtilities::userCanWrite(Session::get("username"), Input::get("projId"), ResourceType::PROJECT), + "experiment_can_write" => $experiment_can_write + )); } else return Redirect::to("home"); } @@ -55,20 +72,33 @@ class ProjectController extends BaseController public function editView() { if (Input::has("projId")) { - $users = SharingUtilities::getProfilesForSharedUsers(Input::get('projId'), ResourceType::PROJECT); - - return View::make("project/edit", - array("projectId" => Input::get("projId"), - "project" => ProjectUtilities::get_project($_GET['projId']), - "users" => json_encode($users) - )); + if (SharingUtilities::userCanWrite(Session::get("username"), Input::get("projId"), ResourceType::PROJECT)) { + $project = ProjectUtilities::get_project($_GET['projId']); + $users = SharingUtilities::getProfilesForSharedUsers(Input::get('projId'), ResourceType::PROJECT); + $owner = array(); + + if (strcmp(Session::get("username"), $project->owner) !== 0) { + $owner = array($project->owner => $users[$project->owner]); + $users = array_key_diff($users, $owner); + } + + return View::make("project/edit", + array("projectId" => Input::get("projId"), + "project" => $project, + "users" => json_encode($users), + "owner" => json_encode($owner) + )); + } + else { + return Redirect::to('project/summary?projId=' . Input::get("projId"))->with("error", "You do not have permission to edit this project."); + } } else return Redirect::to("home"); } public function editSubmit() { - if (isset($_POST['save'])) { + if (isset($_POST['save']) && SharingUtilities::userCanWrite(Session::get("username"))) { $projectDetails = array(); $projectDetails["owner"] = Session::get("username"); $projectDetails["name"] = Input::get("project-name"); @@ -103,10 +133,22 @@ class ProjectController extends BaseController $projects = ProjectUtilities::get_all_user_accessible_projects_with_pagination($this->limit, ($pageNo - 1) * $this->limit); } + $can_write = array(); + $user = Session::get("username"); + foreach($projects as $project) { + if (SharingUtilities::userCanWrite($user, $project->projectID, ResourceType::PROJECT)) { + $can_write[$project->projectID] = true; + } + else { + $can_write[$project->projectID] = false; + } + } + return View::make('project/browse', array( 'pageNo' => $pageNo, 'limit' => $this->limit, - 'projects' => $projects + 'projects' => $projects, + 'can_write' => $can_write )); } @@ -119,7 +161,7 @@ class ProjectController extends BaseController */ public function sharedUsers() { - if (array_key_exists('resourceId', $_GET)) { + if (Session::has("authz-token") && array_key_exists('resourceId', $_GET)) { return Response::json(SharingUtilities::getProfilesForSharedUsers($_GET['resourceId'], ResourceType::PROJECT)); } else { @@ -129,7 +171,7 @@ class ProjectController extends BaseController public function unsharedUsers() { - if (array_key_exists('resourceId', $_GET)) { + if (Session::has("authz-token") && array_key_exists('resourceId', $_GET)) { return Response::json(SharingUtilities::getProfilesForUnsharedUsers($_GET['resourceId'], ResourceType::PROJECT)); } else { http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/cb57e294/app/libraries/SharingUtilities.php ---------------------------------------------------------------------- diff --git a/app/libraries/SharingUtilities.php b/app/libraries/SharingUtilities.php index bf9987f..477cec5 100755 --- a/app/libraries/SharingUtilities.php +++ b/app/libraries/SharingUtilities.php @@ -30,10 +30,26 @@ class SharingUtilities { if (strcmp($uid, $user) === 0) { return true; } - else { - return false; + } + return false; + } + + /** + * Determine if the user has write privileges on the resource. + * + * @param $uid The user to check + * @param $resourceId Experiment or Project ID + * @param $dataResourceType e.g Airavata\Model\Group\ResourceType:PROJECT,Airavata\Model\Group\ResourceType:EXPERIMENT + * @return True if the user has write permission, false otherwise. + */ + public static function userCanWrite($uid, $resourceId, $dataResourceType) { + $write = GrouperUtilities::getAllAccessibleUsers($resourceId, $dataResourceType, ResourcePermissionType::WRITE); + foreach($write as $user) { + if (strcmp($uid, $user) === 0) { + return true; } } + return false; } /** http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/cb57e294/app/views/project/browse.blade.php ---------------------------------------------------------------------- diff --git a/app/views/project/browse.blade.php b/app/views/project/browse.blade.php index 4e68ddc..3b6e348 100755 --- a/app/views/project/browse.blade.php +++ b/app/views/project/browse.blade.php @@ -107,9 +107,11 @@ <tr> <td> <?php echo $project->name; ?> + @if($can_write[$project->projectID] === true) <a href="{{URL::to('/')}}/project/edit?projId=<?php echo $project->projectID; ?>" title="Edit"> <span class="glyphicon glyphicon-pencil"></span> </a> + @endif </td> <td> {{$project->owner}} @@ -143,4 +145,4 @@ @section('scripts') @parent {{ HTML::script('js/time-conversion.js')}} - @stop \ No newline at end of file + @stop http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/cb57e294/app/views/project/summary.blade.php ---------------------------------------------------------------------- diff --git a/app/views/project/summary.blade.php b/app/views/project/summary.blade.php index 9e7adce..fc6fe69 100755 --- a/app/views/project/summary.blade.php +++ b/app/views/project/summary.blade.php @@ -10,7 +10,6 @@ <div class="container" style="max-width: 80%;"> <?php $project = ProjectUtilities::get_project($_GET['projId']); - $experiments = ProjectUtilities::get_experiments_in_project($project->projectID); ?> <h1>Project Summary @if( !isset($dashboard)) @@ -21,9 +20,11 @@ <div> <div> <h3>{{ $project->name }} + @if($project_can_write === true) <a href="edit?projId={{ $project->projectID }}" title="Edit"> <span class="glyphicon glyphicon-pencil"></span> </a> + @endif </h3> <p>{{ $project->description }}</p> </div> @@ -62,7 +63,7 @@ <a href="{{URL::to('/')}}/experiment/summary?expId={{$experiment->experimentId}}"> {{ $experiment->experimentName }} </a> - @if( $expValues['editable']) + @if( $expValues['editable'] and $experiment_can_write[$experiment->experimentId] === true) <a href="{{URL::to('/')}}/experiment/edit?expId={{$experiment->experimentId}}" title="Edit"><span class="glyphicon glyphicon-pencil"></span></a> @endif </td>
