Author: jfthomps
Date: Mon Oct 27 20:26:14 2014
New Revision: 1634677
URL: http://svn.apache.org/r1634677
Log:
VCL-759 - check user group access to image when creating block allocations
blockallocations.php:
-modified blockAllocationForm: added onChange handlers to form for selecting
environment and user group that call clearCont2; added hidden form value with
id of submitcont2 - we end up storing a 2nd continuation here that has an
override flag set to allow ignoring a warning that the submitted user group
does not have access to the submitted environment
-modified processBlockAllocationInput: check for user group having access to
image; do not do check if $override is set; if error and error was from user
group not having access to image, send back a 2nd continuation that has
override flag set
utils.php: modified getUserResources: added optional argument to end of
argument list - $groupid; allows a group id to be passed in (along with $userid
= 0) to get resources a user group has access to
blockallocations.js:
-modified blockFormSubmitWeekly, blockFormSubmitMonthly, and
blockFormSubmitList: use continuation stored in submitcont2 if it has a non
empty value
-added clearCont2
Modified:
vcl/trunk/web/.ht-inc/blockallocations.php
vcl/trunk/web/.ht-inc/utils.php
vcl/trunk/web/js/blockallocations.js
Modified: vcl/trunk/web/.ht-inc/blockallocations.php
URL:
http://svn.apache.org/viewvc/vcl/trunk/web/.ht-inc/blockallocations.php?rev=1634677&r1=1634676&r2=1634677&view=diff
==============================================================================
--- vcl/trunk/web/.ht-inc/blockallocations.php (original)
+++ vcl/trunk/web/.ht-inc/blockallocations.php Mon Oct 27 20:26:14 2014
@@ -143,10 +143,11 @@ function blockAllocationForm() {
print " <td>\n";
if(USEFILTERINGSELECT && count($resources['image']) <
FILTERINGSELECTTHRESHOLD) {
print " <select dojoType=\"dijit.form.FilteringSelect\"
id=imagesel style=\"width: 300px\" ";
- print "queryExpr=\"*\${0}*\" highlightMatch=\"all\"
autoComplete=\"false\">\n";
+ print "queryExpr=\"*\${0}*\" highlightMatch=\"all\"
autoComplete=\"false\" ";
+ print "onChange=\"clearCont2();\">\n";
}
else
- print " <select id=imagesel>";
+ print " <select id=imagesel onChange=\"clearCont2();\">";
foreach($resources['image'] as $id => $name) {
if($id == $data['imageid'])
print " <option value=\"$id\"
selected>$name</option>\n";
@@ -162,10 +163,11 @@ function blockAllocationForm() {
$groups = getUserGroups(0, $user['affiliationid']);
if(USEFILTERINGSELECT && count($groups) < FILTERINGSELECTTHRESHOLD) {
print " <select dojoType=\"dijit.form.FilteringSelect\"
id=groupsel style=\"width: 300px\" ";
- print "queryExpr=\"*\${0}*\" highlightMatch=\"all\"
autoComplete=\"false\">\n";
+ print "queryExpr=\"*\${0}*\" highlightMatch=\"all\"
autoComplete=\"false\" ";
+ print "onChange=\"clearCont2();\">\n";
}
else
- print " <select id=groupsel>";
+ print " <select id=groupsel onChange=\"clearCont2();\">";
$extragroups = array();
if($mode == 'requestBlockAllocation')
print " <option value=\"0\">(" . _("group not listed") .
")</option>\n";
@@ -472,6 +474,7 @@ function blockAllocationForm() {
$data['method'] = 'request';
$cont = addContinuationsEntry('AJblockAllocationSubmit', $data,
SECINWEEK, 1, 0);
print "<input type=\"hidden\" id=\"submitcont\" value=\"$cont\">\n";
+ print "<input type=\"hidden\" id=\"submitcont2\">\n";
print "<button dojoType=\"dijit.form.Button\" type=\"button\">\n";
print " $btntxt\n";
print " <script type=\"dojo/method\" event=\"onClick\">\n";
@@ -2998,6 +3001,7 @@ function processBlockAllocationInput() {
$return['imageid'] = processInputVar('imageid', ARG_NUMERIC);
$return['seats'] = processInputVar('seats', ARG_NUMERIC);
$return['groupid'] = processInputVar('groupid', ARG_NUMERIC);
+ $override = getContinuationVar('override', 0);
$type = processInputVar('type', ARG_STRING);
$err = 0;
if($method != 'request' && ! preg_match('/^([-a-zA-Z0-9\.
\(\)]){3,80}$/', $return['name'])) {
@@ -3039,6 +3043,19 @@ function processBlockAllocationInput() {
$err = 1;
}
}
+ $dooverride = 0;
+ if(! $err && ! $override) {
+ $groupresources = getUserResources(array("imageAdmin",
"imageCheckOut"),
+ array("available"), 0, 0, 0,
+ $return['groupid']);
+ if(! array_key_exists($return['imageid'],
$groupresources['image'])) {
+ $dooverride = 1;
+ $errmsg = "WARNING - The selected user group does not
currently have "
+ . "access to the selected environment. You can
submit the "
+ . "Block Allocation again to ignore this
warning.";
+ $err = 1;
+ }
+ }
if(! $err && $type != 'weekly' && $type != 'monthly' && $type !=
'list') {
$errmsg = 'You must select one of "Repeating Weekly",
"Repeating Monthly", '
. 'or "List of Dates/Times".';
@@ -3191,6 +3208,13 @@ function processBlockAllocationInput() {
$data['blockid'] = getContinuationVar('blockid');
$cont = addContinuationsEntry('AJblockAllocationSubmit', $data,
SECINWEEK, 1, 0);
print "dojo.byId('submitcont').value = '$cont';";
+ if($dooverride) {
+ $data['override'] = 1;
+ $cont =
addContinuationsEntry('AJblockAllocationSubmit', $data, SECINWEEK, 1, 0);
+ print "dojo.byId('submitcont2').value = '$cont';";
+ }
+ else
+ print "dojo.byId('submitcont2').value = '';";
}
$return['type'] = $type;
$return['err'] = $err;
Modified: vcl/trunk/web/.ht-inc/utils.php
URL:
http://svn.apache.org/viewvc/vcl/trunk/web/.ht-inc/utils.php?rev=1634677&r1=1634676&r2=1634677&view=diff
==============================================================================
--- vcl/trunk/web/.ht-inc/utils.php (original)
+++ vcl/trunk/web/.ht-inc/utils.php Mon Oct 27 20:26:14 2014
@@ -1834,18 +1834,22 @@ function removeNoCheckout($images) {
////////////////////////////////////////////////////////////////////////////////
///
/// \fn getUserResources($userprivs, $resourceprivs, $onlygroups,
-/// $includedeleted, $userid)
+/// $includedeleted, $userid, $groupid)
///
/// \param $userprivs - array of privileges to look for (such as
-/// imageAdmin, imageCheckOut, etc) - this is an OR list; don't include
'block' or 'cascade'
+/// imageAdmin, imageCheckOut, etc) - this is an OR list; don't include 'block'
+/// or 'cascade'
/// \param $resourceprivs - array of privileges to look for (such as
-/// available, administer, manageGroup) - this is an OR list; don't include
'block' or 'cascade'
+/// available, administer, manageGroup) - this is an OR list; don't include
+/// 'block' or 'cascade'
/// \param $onlygroups - (optional) if 1, return the resource groups instead
/// of the resources
/// \param $includedeleted - (optional) included deleted resources if 1,
/// don't if 0
/// \param $userid - (optional) id from the user table, if not given, use the
/// id of the currently logged in user
+/// \param $groupid - (optional) id from the usergroup table, if not given,
look
+/// up by $userid; $userid must be 0 to look up by $groupid
///
/// \return an array of 2 arrays where the first indexes are resource types
/// and each one's arrays are a list of resources available to the user where
@@ -1868,14 +1872,18 @@ function removeNoCheckout($images) {
///
////////////////////////////////////////////////////////////////////////////////
function getUserResources($userprivs, $resourceprivs=array("available"),
- $onlygroups=0, $includedeleted=0, $userid=0) {
+ $onlygroups=0, $includedeleted=0, $userid=0,
+ $groupid=0) {
global $user;
if(in_array('managementnodeAdmin', $userprivs))
$userprivs[] = 'mgmtnodeAdmin';
- $key = getKey(array($userprivs, $resourceprivs, $onlygroups,
$includedeleted, $userid));
+ $key = getKey(array($userprivs, $resourceprivs, $onlygroups,
$includedeleted, $userid, $groupid));
if(array_key_exists($key, $_SESSION['userresources']))
return $_SESSION['userresources'][$key];
#FIXME this whole function could be much more efficient
+ $bygroup = 0;
+ if($userid == 0 && $groupid != 0)
+ $bygroup = 1;
if(! $userid)
$userid = $user["id"];
$return = array();
@@ -1888,11 +1896,15 @@ function getUserResources($userprivs, $r
. "FROM userpriv u, "
. "userprivtype t "
. "WHERE u.userprivtypeid = t.id AND "
- . "t.name IN ($inlist) AND "
- . "(u.userid = $userid OR "
- . "u.usergroupid IN (SELECT usergroupid "
- . "FROM usergroupmembers "
- . "WHERE userid = $userid))";
+ . "t.name IN ($inlist) AND ";
+ if(! $bygroup) {
+ $query .= "(u.userid = $userid OR "
+ . "u.usergroupid IN (SELECT usergroupid "
+ . "FROM usergroupmembers "
+ . "WHERE userid = $userid))";
+ }
+ else
+ $query .= "u.usergroupid = $groupid";
$qh = doQuery($query, 101);
while($row = mysql_fetch_assoc($qh)) {
array_push($startnodes, $row["privnodeid"]);
@@ -1920,11 +1932,14 @@ function getUserResources($userprivs, $r
. "FROM userprivtype t, "
. "userpriv u "
. "WHERE u.userprivtypeid = t.id AND "
- . "u.usergroupid IS NOT NULL AND "
- . "u.usergroupid IN (SELECT usergroupid "
- . "FROM usergroupmembers "
- . "WHERE userid = $userid) AND "
- . "t.name IN ('block','cascade',$inlist) "
+ . "u.usergroupid IS NOT NULL AND ";
+ if($bygroup)
+ $query .= "u.usergroupid = $groupid AND ";
+ else
+ $query .= "u.usergroupid IN (SELECT usergroupid "
+ . "FROM usergroupmembers "
+ . "WHERE userid =
$userid) AND ";
+ $query .= "t.name IN ('block','cascade',$inlist) "
. "ORDER BY u.privnodeid, "
. "u.usergroupid";
$qh = doQuery($query, 101);
@@ -1989,7 +2004,8 @@ function getUserResources($userprivs, $r
}
}
- addOwnedResourceGroups($resourcegroups, $userid);
+ if(! $bygroup)
+ addOwnedResourceGroups($resourcegroups, $userid);
if($onlygroups) {
foreach(array_keys($resourcegroups) as $type)
uasort($resourcegroups[$type], "sortKeepIndex");
@@ -2002,7 +2018,8 @@ function getUserResources($userprivs, $r
$resources[$type] =
getResourcesFromGroups($resourcegroups[$type], $type,
$includedeleted);
}
- addOwnedResources($resources, $includedeleted, $userid);
+ if(! $bygroup)
+ addOwnedResources($resources, $includedeleted, $userid);
$noimageid = getImageId('noimage');
if(array_key_exists($noimageid, $resources['image']))
unset($resources['image'][$noimageid]);
Modified: vcl/trunk/web/js/blockallocations.js
URL:
http://svn.apache.org/viewvc/vcl/trunk/web/js/blockallocations.js?rev=1634677&r1=1634676&r2=1634677&view=diff
==============================================================================
--- vcl/trunk/web/js/blockallocations.js (original)
+++ vcl/trunk/web/js/blockallocations.js Mon Oct 27 20:26:14 2014
@@ -538,6 +538,8 @@ function blockFormSubmitWeekly(mode) {
enddate: enddate,
times: alltimes,
days: days2};
+ if(dojo.byId('submitcont2').value != '')
+ data.continuation = dojo.byId('submitcont2').value;
if(mode != 'request') {
data.name = dijit.byId('brname').value;
data.owner = dijit.byId('browner').value;
@@ -673,6 +675,8 @@ function blockFormSubmitMonthly(mode) {
weeknum: weeknum,
day: day,
times: alltimes};
+ if(dojo.byId('submitcont2').value != '')
+ data.continuation = dojo.byId('submitcont2').value;
if(mode != 'request') {
data.name = dijit.byId('brname').value;
data.owner = dijit.byId('browner').value;
@@ -758,6 +762,8 @@ function blockFormSubmitList(mode) {
groupid: groupid,
type: 'list',
slots: allslots};
+ if(dojo.byId('submitcont2').value != '')
+ data.continuation = dojo.byId('submitcont2').value;
if(mode != 'request') {
data.name = dijit.byId('brname').value;
data.owner = dijit.byId('browner').value;
@@ -1393,3 +1399,6 @@ function viewBlockUsageCB(data, ioArgs)
}
}
+function clearCont2() {
+ dojo.byId('submitcont2').value = '';
+}
