Author: jfthomps
Date: Fri Mar 20 20:28:24 2009
New Revision: 756746
URL: http://svn.apache.org/viewvc?rev=756746&view=rev
Log:
VCL-33
authentication.php:
modified testGeneralAffiliation: regular expression allowed there to be nothing
before the @ that separates the userid from the affiliation; modified
to require at least one character before the @
errors.php:
added error 12: Failed to determine affiliation id in getUserListID
utils.php:
modified updateUserOrGroupPrivs:
-changed $name parameter such that a user group name is not allowed because
this doesn't account for the affiliation part of the user group; no calling
functions were using it this way anyway
modified getUserlistID:
-added an optional $noadd parameter that allows the function to just check to
see if a user already exists in the database without trying to add it from
configured sources
-modified abort error code to be 12 instead of 11 that was there incorrectly
modified getUsersGroups:
-added optional $includeaffil parameter that if set will cause the affiliation
of the groups to be appended to the end of the group name
modified getUserGroupID:
-now it always checks the affiliation with the name instead of only when the
group was both not custom or a courseroll group
modified xmlrpccall:
-registered new functions added to xmlrpcWrappers
modified xmlRPChandler:
-mysql_escape_string called for $saveargs data
added validateAPIgroupInput
xmlrpcWrappers.php:
added these functions:
XMLRPCaddUserGroup
XMLRPCgetUserGroupAttributes
XMLRPCdeleteUserGroup
XMLRPCeditUserGroup
XMLRPCgetUserGroupMembers
XMLRPCaddUsersToGroup
XMLRPCremoveUsersFromGroup
Modified:
incubator/vcl/trunk/web/.ht-inc/authentication.php
incubator/vcl/trunk/web/.ht-inc/errors.php
incubator/vcl/trunk/web/.ht-inc/utils.php
incubator/vcl/trunk/web/.ht-inc/xmlrpcWrappers.php
Modified: incubator/vcl/trunk/web/.ht-inc/authentication.php
URL:
http://svn.apache.org/viewvc/incubator/vcl/trunk/web/.ht-inc/authentication.php?rev=756746&r1=756745&r2=756746&view=diff
==============================================================================
--- incubator/vcl/trunk/web/.ht-inc/authentication.php (original)
+++ incubator/vcl/trunk/web/.ht-inc/authentication.php Fri Mar 20 20:28:24 2009
@@ -608,7 +608,7 @@
///
////////////////////////////////////////////////////////////////////////////////
function testGeneralAffiliation(&$login, &$affilid) {
- if(preg_match('/^([...@]*)@([...@\.]*)$/', $login, $matches)) {
+ if(preg_match('/^([...@]+)@([...@\.]*)$/', $login, $matches)) {
$login = $matches[1];
$affilid = getAffiliationID($matches[2]);
return 1;
Modified: incubator/vcl/trunk/web/.ht-inc/errors.php
URL:
http://svn.apache.org/viewvc/incubator/vcl/trunk/web/.ht-inc/errors.php?rev=756746&r1=756745&r2=756746&view=diff
==============================================================================
--- incubator/vcl/trunk/web/.ht-inc/errors.php (original)
+++ incubator/vcl/trunk/web/.ht-inc/errors.php Fri Mar 20 20:28:24 2009
@@ -36,6 +36,7 @@
"9" => 'getRequestInfo was called with an empty $id',
"10" => "Failed to insert row while submitting new image",
"11" => "getContinuationsData returned an empty array",
+ "12" => "Failed to determine affiliation id in getUserListID",
"15" => "Failed to insert row while submitting new schedule",
"20" => "There was an attempt submit data to the page, but the
referrer was not the entry script.",
"25" => "Failed to get IPaddress of computer in acknowledgeRequest.",
Modified: incubator/vcl/trunk/web/.ht-inc/utils.php
URL:
http://svn.apache.org/viewvc/incubator/vcl/trunk/web/.ht-inc/utils.php?rev=756746&r1=756745&r2=756746&view=diff
==============================================================================
--- incubator/vcl/trunk/web/.ht-inc/utils.php (original)
+++ incubator/vcl/trunk/web/.ht-inc/utils.php Fri Mar 20 20:28:24 2009
@@ -211,6 +211,7 @@
$semislocked = 0;
require_once(".ht-inc/xmlrpcWrappers.php");
require_once(".ht-inc/requests.php");
+ require_once(".ht-inc/groups.php");
setupSession();
}
return;
@@ -2079,7 +2080,7 @@
///
/// \fn updateUserOrGroupPrivs($name, $node, $adds, $removes, $mode)
///
-/// \param $name - unityid, user id, user group name, or user group id
+/// \param $name - unityid, user id, or user group id
/// \param $node - id of the node
/// \param $adds - array of privs (the name, not the id) to add
/// \param $removes - array of privs (the name, not the id) to remove
@@ -2104,10 +2105,7 @@
}
else {
$field = "usergroupid";
- if(is_numeric($name))
- $id = $name;
- else
- $id = getUserGroupID($name);
+ $id = $name;
}
foreach($adds as $type) {
$typeid = getUserPrivTypeID($type);
@@ -2678,9 +2676,11 @@
////////////////////////////////////////////////////////////////////////////////
///
-/// \fn getUserlistID($loginid)
+/// \fn getUserlistID($loginid, $noadd)
///
/// \param $loginid - login ID
+/// \param $noadd - (optional, default=0) 0 to try to add user to database if
+/// not there, 1 to only return the id if it already exists in the database
///
/// \return id from userlist table for the user
///
@@ -2688,12 +2688,12 @@
/// calls addUser to add it to the table
///
////////////////////////////////////////////////////////////////////////////////
-function getUserlistID($loginid) {
+function getUserlistID($loginid, $noadd=0) {
$_loginid = $loginid;
getAffilidAndLogin($loginid, $affilid);
if(empty($affilid))
- abort(11);
+ abort(12);
$query = "SELECT id "
. "FROM user "
@@ -2704,6 +2704,8 @@
$row = mysql_fetch_row($qh);
return $row[0];
}
+ if($noadd)
+ return NULL;
return addUser($_loginid);
}
@@ -3187,10 +3189,13 @@
////////////////////////////////////////////////////////////////////////////////
///
-/// \fn getUsersGroups($userid, $includeowned)
+/// \fn getUsersGroups($userid, $includeowned, $includeaffil)
///
/// \param $userid - an id from the user table
-/// \param $includeowned - include groups the user owns but is not in
+/// \param $includeowned - (optional, default=0) include groups the user owns
+/// but is not in
+/// \param $includeaffil - (optional, default=0) include @affiliation in name
+/// of group
///
/// \return an array of the user's groups where the index is the id of the
/// group
@@ -3198,13 +3203,25 @@
/// \brief builds a array of the groups the user is member of
///
////////////////////////////////////////////////////////////////////////////////
-function getUsersGroups($userid, $includeowned=0) {
- $query = "SELECT m.usergroupid, "
- . "g.name "
- . "FROM usergroupmembers m, "
- . "usergroup g "
- . "WHERE m.userid = $userid AND "
- . "m.usergroupid = g.id";
+function getUsersGroups($userid, $includeowned=0, $includeaffil=0) {
+ if($includeaffil) {
+ $query = "SELECT m.usergroupid, "
+ . "CONCAT(g.name, '@', a.name) AS name "
+ . "FROM usergroupmembers m, "
+ . "usergroup g, "
+ . "affiliation a "
+ . "WHERE m.userid = $userid AND "
+ . "m.usergroupid = g.id AND "
+ . "g.affiliationid = a.id";
+ }
+ else {
+ $query = "SELECT m.usergroupid, "
+ . "g.name "
+ . "FROM usergroupmembers m, "
+ . "usergroup g "
+ . "WHERE m.userid = $userid AND "
+ . "m.usergroupid = g.id";
+ }
$qh = doQuery($query, "101");
$groups = array();
while($row = mysql_fetch_assoc($qh)) {
@@ -6918,11 +6935,7 @@
$query = "SELECT id "
. "FROM usergroup "
. "WHERE name = '$name' AND "
- . "((custom = 0 AND "
- . "courseroll = 0 AND "
- . "affiliationid = $affilid) OR "
- . "custom = 1 OR "
- . "courseroll = 1)";
+ . "affiliationid = $affilid";
$qh = doQuery($query, 300);
if($row = mysql_fetch_row($qh)) {
return $row[0];
@@ -7777,7 +7790,7 @@
/// \b virtualswitch0 - name of first virtual switch\n
/// \b virtualswitch1 - name of second virtual switch\n
/// \b vmdisk - "localdisk" or "networkdisk" - whether or not vm files are
-/// stored on local disk or network attached storage
+/// stored on local disk or network attached storage\n
/// \b username - vmware username associated with this profile\n
/// \b password - vmware password associated with this profile
///
@@ -8112,6 +8125,13 @@
xmlrpc_server_register_method($xmlrpc_handle, "XMLRPCgetRequestIds",
"xmlRPChandler");
xmlrpc_server_register_method($xmlrpc_handle, "XMLRPCblockAllocation",
"xmlRPChandler");
xmlrpc_server_register_method($xmlrpc_handle, "XMLRPCprocessBlockTime",
"xmlRPChandler");
+ xmlrpc_server_register_method($xmlrpc_handle, "XMLRPCaddUserGroup",
"xmlRPChandler");
+ xmlrpc_server_register_method($xmlrpc_handle,
"XMLRPCgetUserGroupAttributes", "xmlRPChandler");
+ xmlrpc_server_register_method($xmlrpc_handle, "XMLRPCdeleteUserGroup",
"xmlRPChandler");
+ xmlrpc_server_register_method($xmlrpc_handle, "XMLRPCeditUserGroup",
"xmlRPChandler");
+ xmlrpc_server_register_method($xmlrpc_handle,
"XMLRPCgetUserGroupMembers", "xmlRPChandler");
+ xmlrpc_server_register_method($xmlrpc_handle, "XMLRPCaddUsersToGroup",
"xmlRPChandler");
+ xmlrpc_server_register_method($xmlrpc_handle,
"XMLRPCremoveUsersFromGroup", "xmlRPChandler");
print xmlrpc_server_call_method($xmlrpc_handle, $HTTP_RAW_POST_DATA,
'');
xmlrpc_server_destroy($xmlrpc_handle);
@@ -8166,7 +8186,7 @@
else
$keyid = $user['id'];
if(function_exists($function)) {
- $saveargs = serialize($args);
+ $saveargs = mysql_escape_string(serialize($args));
$query = "INSERT INTO xmlrpcLog "
. "(xmlrpcKeyid, "
. "timestamp, "
@@ -8280,6 +8300,133 @@
////////////////////////////////////////////////////////////////////////////////
///
+/// \fn validateAPIgroupInput($items, $exists)
+///
+/// \param $items - array of data to validate; the following items can be
+/// validated:\n
+/// \b name - if specified, affiliation must also be specified\n
+/// \b affiliation - if specified, name must also be specified\n
+/// \b owner \n
+/// \b managingGroup \n
+/// \b initialMaxTime \n
+/// \b totalMaxTime \n
+/// \b maxExtendTime
+/// \param $exists - 1 to check if $na...@$affiliation exists, 0 to check that
+/// they it does not exist
+///
+/// \return an array to be returned as an error status or $items with these
+/// extra keys:\n
+/// \b status - "success"\n
+/// \b managingGroupID - (if managingGroup in $items) id of managingGroup
+/// \b managingGroupName - (if managingGroup in $items) name of managingGroup
+/// \b managingGroupAffilid - (if managingGroup in $items) affiliation id of
+/// managingGroup
+/// \b affiliationid - (if affiliation in $items) affiliation id
+///
+/// \brief validates data in $items
+///
+////////////////////////////////////////////////////////////////////////////////
+function validateAPIgroupInput($items, $exists) {
+ # initialMaxTime
+ if(array_key_exists('initialMaxTime', $items)) {
+ if(! is_numeric($items['initialMaxTime']) ||
+ $items['initialMaxTime'] < 1 ||
+ $items['initialMaxTime'] > 65535) {
+ return array('status' => 'error',
+ 'errorcode' => 21,
+ 'errormsg' => 'submitted initialMaxTime is
invalid');
+ }
+ }
+ # totalMaxTime
+ if(array_key_exists('totalMaxTime', $items)) {
+ if(! is_numeric($items['totalMaxTime']) ||
+ $items['totalMaxTime'] < 1 ||
+ $items['totalMaxTime'] > 65535) {
+ return array('status' => 'error',
+ 'errorcode' => 22,
+ 'errormsg' => 'submitted totalMaxTime is
invalid');
+ }
+ }
+ # maxExtendTime
+ if(array_key_exists('maxExtendTime', $items)) {
+ if(! is_numeric($items['maxExtendTime']) ||
+ $items['maxExtendTime'] < 1 ||
+ $items['maxExtendTime'] > 65535) {
+ return array('status' => 'error',
+ 'errorcode' => 23,
+ 'errormsg' => 'submitted maxExtendTime is
invalid');
+ }
+ }
+ # affiliation
+ if(array_key_exists('affiliation', $items)) {
+ $esc_affiliation = mysql_escape_string($items['affiliation']);
+ $affilid = getAffiliationID($esc_affiliation);
+ if(is_null($affilid)) {
+ return array('status' => 'error',
+ 'errorcode' => 17,
+ 'errormsg' => 'unknown affiliation');
+ }
+ $items['affiliationid'] = $affilid;
+ }
+ # name
+ if(array_key_exists('name', $items)) {
+ if(! ereg('^[-a-zA-Z0-9_\.: ]{3,30}$', $items['name'])) {
+ return array('status' => 'error',
+ 'errorcode' => 19,
+ 'errormsg' => 'Name must be between 3 and
30 characters '
+ . 'and can only contain
letters, numbers, and '
+ . 'these characters: - _ . :');
+ }
+ $esc_name = mysql_escape_string($items['name']);
+ $doesexist = checkForGroupName($esc_name, 'user', '', $affilid);
+ if($exists && ! $doesexist) {
+ return array('status' => 'error',
+ 'errorcode' => 18,
+ 'errormsg' => 'user group with submitted
name and affiliation does not exist');
+ }
+ elseif(! $exists && $doesexist) {
+ return array('status' => 'error',
+ 'errorcode' => 27,
+ 'errormsg' => 'existing user group with
submitted name and affiliation');
+ }
+ elseif($exists && $doesexist) {
+ $items['id'] = getUserGroupID($esc_name, $affilid);
+ }
+ }
+ # owner
+ if(array_key_exists('owner', $items)) {
+ if(! validateUserid(mysql_escape_string($items['owner']))) {
+ return array('status' => 'error',
+ 'errorcode' => 20,
+ 'errormsg' => 'submitted owner is
invalid');
+ }
+ }
+ # managingGroup
+ if(array_key_exists('managingGroup', $items)) {
+ $parts = explode('@', $items['managingGroup']);
+ if(count($parts) != 2) {
+ return array('status' => 'error',
+ 'errorcode' => 24,
+ 'errormsg' => 'submitted managingGroup is
invalid');
+ }
+ $esc_mgName = mysql_escape_string($parts[0]);
+ $esc_mgAffil = mysql_escape_string($parts[1]);
+ $mgaffilid = getAffiliationID($esc_mgAffil);
+ if(! checkForGroupName($esc_mgName, 'user', '', $mgaffilid)) {
+ return array('status' => 'error',
+ 'errorcode' => 25,
+ 'errormsg' => 'submitted managingGroup
does not exist');
+ }
+ $items['managingGroupID'] = getUserGroupID($esc_mgName,
$mgaffilid);
+ $items['managingGroupName'] = $parts[0];
+ $items['managingGroupAffilid'] = $mgaffilid;
+ }
+ $items['status'] = 'success';
+ return $items;
+}
+
+////////////////////////////////////////////////////////////////////////////////
+///
/// \fn json_encode()
///
/// \brief json_encode was introduced in php 5.2, this function was taked from
Modified: incubator/vcl/trunk/web/.ht-inc/xmlrpcWrappers.php
URL:
http://svn.apache.org/viewvc/incubator/vcl/trunk/web/.ht-inc/xmlrpcWrappers.php?rev=756746&r1=756745&r2=756746&view=diff
==============================================================================
--- incubator/vcl/trunk/web/.ht-inc/xmlrpcWrappers.php (original)
+++ incubator/vcl/trunk/web/.ht-inc/xmlrpcWrappers.php Fri Mar 20 20:28:24 2009
@@ -738,6 +738,577 @@
////////////////////////////////////////////////////////////////////////////////
///
+/// \fn XMLRPCaddUserGroup($name, $affiliation, $owner, $managingGroup,
+/// $initialMaxTime, $totalMaxTime, $maxExtendTime)
+///
+/// \param $name - name of user group
+/// \param $affiliation - affiliation of user group
+/// \param $owner - user that will be the owner of the group in
+/// userna...@affiliation form
+/// \param $managingGroup - user group that can manage membership of this one
+/// \param $initialMaxTime - (minutes) max initial time users in this group can
+/// select for length of reservations
+/// \param $totalMaxTime - (minutes) total length users in the group can have
+/// for a reservation (including all extensions)
+/// \param $maxExtendTime - (minutes) max length of time users can request as
an
+/// extension to a reservation at a time
+///
+/// \return an array with at least one index named 'status' which will have
+/// one of these values:\n
+/// \b error - error occurred; there will be 2 additional elements in the
array:
+/// \li \b errorcode - error number
+/// \li \b errormsg - error string
+///
+/// \b success - user group was successfully created
+///
+/// \brief creates a new user group with the specified parameters
+///
+////////////////////////////////////////////////////////////////////////////////
+function XMLRPCaddUserGroup($name, $affiliation, $owner, $managingGroup,
+ $initialMaxTime, $totalMaxTime, $maxExtendTime) {
+ global $user;
+ if(! in_array('groupAdmin', $user['privileges'])) {
+ return array('status' => 'error',
+ 'errorcode' => 16,
+ 'errormsg' => 'access denied for managing user
groups');
+ }
+ $validate = array('name' => $name,
+ 'affiliation' => $affiliation,
+ 'owner' => $owner,
+ 'managingGroup' => $managingGroup,
+ 'initialMaxTime' => $initialMaxTime,
+ 'totalMaxTime' => $totalMaxTime,
+ 'maxExtendTime' => $maxExtendTime);
+ $rc = validateAPIgroupInput($validate, 0);
+ if($rc['status'] == 'error')
+ return $rc;
+ $data = array('type' => 'user',
+ 'owner' => $owner,
+ 'name' => $name,
+ 'affiliationid' => $rc['affiliationid'],
+ 'editgroupid' => $rc['managingGroupID'],
+ 'initialmax' => $initialMaxTime,
+ 'totalmax' => $totalMaxTime,
+ 'maxextend' => $maxExtendTime,
+ 'overlap' => 0);
+ if(! addGroup($data)) {
+ return array('status' => 'error',
+ 'errorcode' => 26,
+ 'errormsg' => 'failure while adding group to
database');
+ }
+ return array('status' => 'success');
+}
+
+////////////////////////////////////////////////////////////////////////////////
+///
+/// \fn XMLRPCgetUserGroupAttributes($name, $affiliation)
+///
+/// \param $name - name of user group
+/// \param $affiliation - affiliation of user group
+///
+/// \return an array with at least one index named 'status' which will have
+/// one of these values:\n
+/// \b error - error occurred; there will be 2 additional elements in the
array:
+/// \li \b errorcode - error number
+/// \li \b errormsg - error string
+///
+/// \b success - there will be five additional elements in this case:
+/// \li \b owner - user that will be the owner of the group in
+/// userna...@affiliation form
+/// \li \b managingGroup - user group that can manage membership of this one in
+/// groupna...@affiliation form
+/// \li \b initialMaxTime - (minutes) max initial time users in this group can
+/// select for length of reservations
+/// \li \b totalMaxTime - (minutes) total length users in the group can have
for
+/// a reservation (including all extensions)
+/// \li \b maxExtendTime - (minutes) max length of time users can request as an
+/// extension to a reservation at a time
+///
+/// \brief gets information about a user group
+///
+////////////////////////////////////////////////////////////////////////////////
+function XMLRPCgetUserGroupAttributes($name, $affiliation) {
+ global $user;
+ if(! in_array('groupAdmin', $user['privileges'])) {
+ return array('status' => 'error',
+ 'errorcode' => 16,
+ 'errormsg' => 'access denied for managing user
groups');
+ }
+ $validate = array('name' => $name,
+ 'affiliation' => $affiliation);
+ $rc = validateAPIgroupInput($validate, 1);
+ if($rc['status'] == 'error')
+ return $rc;
+ $query = "SELECT ug.id, "
+ . "ug.ownerid, "
+ . "CONCAT(u.unityid, '@', a.name) AS owner, "
+ . "ug.editusergroupid AS editgroupid, "
+ . "eug.name AS editgroup, "
+ . "eug.affiliationid AS editgroupaffiliationid, "
+ . "euga.name AS editgroupaffiliation, "
+ . "ug.initialmaxtime, "
+ . "ug.totalmaxtime, "
+ . "ug.maxextendtime, "
+ . "ug.overlapResCount "
+ . "FROM usergroup ug "
+ . "LEFT JOIN user u ON (ug.ownerid = u.id) "
+ . "LEFT JOIN affiliation a ON (u.affiliationid = a.id) "
+ . "LEFT JOIN usergroup eug ON (ug.editusergroupid = eug.id) "
+ . "LEFT JOIN affiliation euga ON (eug.affiliationid = euga.id) "
+ . "WHERE ug.id = {$rc['id']}";
+ $qh = doQuery($query, 101);
+ if(! $row = mysql_fetch_assoc($qh)) {
+ return array('status' => 'error',
+ 'errorcode' => 18,
+ 'errormsg' => 'user group with submitted name and
affiliation does not exist');
+ }
+ # if not owner and not member of managing group, no access
+ if($user['id'] != $row['ownerid'] &&
+ ! array_key_exists($row['editgroupid'], $user['groups'])) {
+ return array('status' => 'error',
+ 'errorcode' => 28,
+ 'errormsg' => 'access denied to user group with
submitted name and affiliation');
+ }
+ return array('status' => 'success',
+ 'owner' => $row['owner'],
+ 'managingGroup' =>
"{$row['editgroup']...@{$row['editgroupaffiliation']}",
+ 'initialMaxTime' => $row['initialmaxtime'],
+ 'totalMaxTime' => $row['totalmaxtime'],
+ 'maxExtendTime' => $row['maxextendtime']);
+}
+
+////////////////////////////////////////////////////////////////////////////////
+///
+/// \fn XMLRPCdeleteUserGroup($name, $affiliation)
+///
+/// \param $name - name of user group
+/// \param $affiliation - affiliation of user group
+///
+/// \return an array with at least one index named 'status' which will have
+/// one of these values:\n
+/// \b error - error occurred; there will be 2 additional elements in the
array:
+/// \li \b errorcode - error number
+/// \li \b errormsg - error string
+///
+/// \b success - user group was successfully deleted
+///
+/// \brief deletes a user group along with all of its privileges
+///
+////////////////////////////////////////////////////////////////////////////////
+function XMLRPCdeleteUserGroup($name, $affiliation) {
+ global $user, $mysql_link_vcl;
+ if(! in_array('groupAdmin', $user['privileges'])) {
+ return array('status' => 'error',
+ 'errorcode' => 16,
+ 'errormsg' => 'access denied for managing user
groups');
+ }
+ $validate = array('name' => $name,
+ 'affiliation' => $affiliation);
+ $rc = validateAPIgroupInput($validate, 1);
+ if($rc['status'] == 'error')
+ return $rc;
+ $query = "SELECT ownerid "
+ . "FROM usergroup "
+ . "WHERE id = {$rc['id']}";
+ $qh = doQuery($query, 101);
+ if(! $row = mysql_fetch_assoc($qh)) {
+ return array('status' => 'error',
+ 'errorcode' => 18,
+ 'errormsg' => 'user group with submitted name and
affiliation does not exist');
+ }
+ # if not owner no access to delete group
+ if($user['id'] != $row['ownerid']) {
+ return array('status' => 'error',
+ 'errorcode' => 29,
+ 'errormsg' => 'access denied to delete user group
with submitted name and affiliation');
+ }
+ $query = "DELETE FROM usergroup "
+ . "WHERE id = {$rc['id']}";
+ doQuery($query, 101);
+ # validate something deleted
+ if(mysql_affected_rows($mysql_link_vcl) == 0) {
+ return array('status' => 'error',
+ 'errorcode' => 30,
+ 'errormsg' => 'failure while deleting group from
database');
+ }
+ return array('status' => 'success');
+}
+
+////////////////////////////////////////////////////////////////////////////////
+///
+/// \fn XMLRPCeditUserGroup($name, $affiliation, $newName, $newAffiliation,
+/// $newOwner, $newManagingGroup, $newInitialMaxTime,
+/// $newTotalMaxTime, $newMaxExtendTime)
+///
+/// \param $name - name of user group
+/// \param $affiliation - affiliation of user group
+/// \param $newName - new name for user group
+/// \param $newAffiliation - new affiliation for user group
+/// \param $newOwner - (optional, default='') user that will be the owner of
+/// the group in userna...@affiliation form
+/// \param $newManagingGroup - (optional, default='') user group that can
+/// manage membership of this one
+/// \param $newInitialMaxTime - (optional, default='') (minutes) max initial
+/// time users in this group can select for length
+/// of reservations
+/// \param $newTotalMaxTime - (optional, default='') (minutes) total length
+/// users in the group can have for a reservation
+/// (including all extensions)
+/// \param $newMaxExtendTime - (optional, default='') (minutes) max length of
+/// time users can request as an extension to a
+/// reservation at a time
+///
+/// \return an array with at least one index named 'status' which will have
+/// one of these values:\n
+/// \b error - error occurred; there will be 2 additional elements in the
array:
+/// \li \b errorcode - error number
+/// \li \b errormsg - error string
+///
+/// \b success - user group was successfully updated
+///
+/// \brief modifies attributes of a user group\n
+/// \b NOTE: an empty string may be passed for any of the new* fields to leave
+/// that item unchanged
+///
+////////////////////////////////////////////////////////////////////////////////
+function XMLRPCeditUserGroup($name, $affiliation, $newName, $newAffiliation,
+ $newOwner='', $newManagingGroup='',
+ $newInitialMaxTime='', $newTotalMaxTime='',
+ $newMaxExtendTime='') {
+ global $user, $mysql_link_vcl;
+ if(! in_array('groupAdmin', $user['privileges'])) {
+ return array('status' => 'error',
+ 'errorcode' => 16,
+ 'errormsg' => 'access denied for managing user
groups');
+ }
+
+ $updates = array();
+
+ # validate group exists and new values other than newName and
newAffiliation
+ # are valid
+ $validate = array('name' => $name,
+ 'affiliation' => $affiliation);
+ if(! empty($newOwner))
+ $validate['owner'] = $newOwner;
+ if(! empty($newManagingGroup))
+ $validate['managingGroup'] = $newManagingGroup;
+ if(! empty($newInitialMaxTime)) {
+ $validate['initialMaxTime'] = $newInitialMaxTime;
+ $updates[] = "initialmaxtime = $newInitialMaxTime";
+ }
+ if(! empty($newTotalMaxTime)) {
+ $validate['totalMaxTime'] = $newTotalMaxTime;
+ $updates[] = "totalmaxtime = $newTotalMaxTime";
+ }
+ if(! empty($newMaxExtendTime)) {
+ $validate['maxExtendTime'] = $newMaxExtendTime;
+ $updates[] = "maxextendtime = $newMaxExtendTime";
+ }
+ $rc = validateAPIgroupInput($validate, 1);
+ if($rc['status'] == 'error')
+ return $rc;
+
+ # get info about group
+ $query = "SELECT ownerid "
+ . "FROM usergroup "
+ . "WHERE id = {$rc['id']}";
+ $qh = doQuery($query, 101);
+ if(! $row = mysql_fetch_assoc($qh)) {
+ return array('status' => 'error',
+ 'errorcode' => 18,
+ 'errormsg' => 'user group with submitted name and
affiliation does not exist');
+ }
+ # if not owner no access to edit group attributes
+ if($user['id'] != $row['ownerid']) {
+ return array('status' => 'error',
+ 'errorcode' => 32,
+ 'errormsg' => 'access denied to modify attributes
for user group with submitted name and affiliation');
+ }
+
+ # validate that newName and newAffiliation are valid
+ if(! empty($newName) || ! empty($newAffiliation)) {
+ $validate = array('name' => $name,
+ 'affiliation' => $affiliation);
+ if(! empty($newName)) {
+ $validate['name'] = $newName;
+ $tmp = mysql_escape_string($newName);
+ $updates[] = "name = '$tmp'";
+ }
+ if(! empty($newAffiliation))
+ $validate['affiliation'] = $newAffiliation;
+ $rc2 = validateAPIgroupInput($validate, 0);
+ if($rc2['status'] == 'error') {
+ if($rc2['errorcode'] == 27) {
+ $rc2['errorcode'] = 31;
+ $rc2['errormsg'] = 'existing user group with
new form of n...@affiliation';
+ }
+ return $rc2;
+ }
+ if(! empty($newAffiliation))
+ $updates[] = "affiliationid = {$rc2['affiliationid']}";
+ }
+
+ if(! empty($newOwner)) {
+ $newownerid = getUserlistID(mysql_escape_string($newOwner));
+ $updates[] = "ownerid = $newownerid";
+ }
+ if(! empty($newManagingGroup)) {
+ $updates[] = "editusergroupid = {$rc['managingGroupID']}";
+ }
+ $sets = implode(',', $updates);
+ if(count($updates) == 0) {
+ return array('status' => 'error',
+ 'errorcode' => 33,
+ 'errormsg' => 'no new values submitted');
+ }
+ $query = "UPDATE usergroup "
+ . "SET $sets "
+ . "WHERE id = {$rc['id']}";
+ doQuery($query, 101);
+ return array('status' => 'success');
+}
+
+////////////////////////////////////////////////////////////////////////////////
+///
+/// \fn XMLRPCgetUserGroupMembers($name, $affiliation)
+///
+/// \param $name - name of user group
+/// \param $affiliation - affiliation of user group
+///
+/// \return an array with at least one index named 'status' which will have
+/// one of these values:\n
+/// \b error - error occurred; there will be 2 additional elements in the
array:
+/// \li \b errorcode - error number
+/// \li \b errormsg - error string
+///
+/// \b success - there will be one additional element in this case:
+/// \li \b members - array of members of the group in userna...@affiliation
form
+///
+/// \brief gets members of a user group\n
+/// \b Note: it is possible to have a group with no members in which case
+/// success will be returned with an empty array for members
+///
+////////////////////////////////////////////////////////////////////////////////
+function XMLRPCgetUserGroupMembers($name, $affiliation) {
+ global $user;
+ if(! in_array('groupAdmin', $user['privileges'])) {
+ return array('status' => 'error',
+ 'errorcode' => 16,
+ 'errormsg' => 'access denied for managing user
groups');
+ }
+ $validate = array('name' => $name,
+ 'affiliation' => $affiliation);
+ $rc = validateAPIgroupInput($validate, 1);
+ if($rc['status'] == 'error')
+ return $rc;
+ $query = "SELECT ownerid, "
+ . "editusergroupid AS editgroupid "
+ . "FROM usergroup "
+ . "WHERE id = {$rc['id']}";
+ $qh = doQuery($query, 101);
+ if(! $row = mysql_fetch_assoc($qh)) {
+ return array('status' => 'error',
+ 'errorcode' => 18,
+ 'errormsg' => 'user group with submitted name and
affiliation does not exist');
+ }
+ # if not owner and not member of managing group, no access
+ if($user['id'] != $row['ownerid'] &&
+ ! array_key_exists($row['editgroupid'], $user['groups'])) {
+ return array('status' => 'error',
+ 'errorcode' => 28,
+ 'errormsg' => 'access denied to user group with
submitted name and affiliation');
+ }
+ $query = "SELECT CONCAT(u.unityid, '@', a.name) AS member "
+ . "FROM usergroupmembers ugm, "
+ . "user u, "
+ . "affiliation a "
+ . "WHERE ugm.usergroupid = {$rc['id']} AND "
+ . "ugm.userid = u.id AND "
+ . "u.affiliationid = a.id";
+ $qh = doQuery($query, 101);
+ $members = array();
+ while($row = mysql_fetch_assoc($qh))
+ $members[] = $row['member'];
+ return array('status' => 'success',
+ 'members' => $members);
+}
+
+////////////////////////////////////////////////////////////////////////////////
+///
+/// \fn XMLRPCaddUsersToGroup($name, $affiliation, $users)
+///
+/// \param $name - name of user group
+/// \param $affiliation - affiliation of user group
+/// \param $users - array of users in userna...@affiliation form to be added to
+/// the group
+///
+/// \return an array with at least one index named 'status' which will have
+/// one of these values:\n
+/// \b error - error occurred; there will be 2 additional elements in the
array:
+/// \li \b errorcode - error number
+/// \li \b errormsg - error string
+///
+/// \b success - users successfully added to the group
+///
+/// \b warning - there was a non-fatal issue that occurred while processing
+/// the call; there will be three additional elements in this case:
+/// \li \b warningcode - warning number
+/// \li \b warningmsg - warning string
+/// \li \b failedusers - array of users in userna...@affiliation form that
could
+/// not be added
+///
+/// \brief adds users to a group
+///
+////////////////////////////////////////////////////////////////////////////////
+function XMLRPCaddUsersToGroup($name, $affiliation, $users) {
+ global $user;
+ if(! in_array('groupAdmin', $user['privileges'])) {
+ return array('status' => 'error',
+ 'errorcode' => 16,
+ 'errormsg' => 'access denied for managing user
groups');
+ }
+ $validate = array('name' => $name,
+ 'affiliation' => $affiliation);
+ $rc = validateAPIgroupInput($validate, 1);
+ if($rc['status'] == 'error')
+ return $rc;
+ $query = "SELECT ownerid, "
+ . "editusergroupid AS editgroupid "
+ . "FROM usergroup "
+ . "WHERE id = {$rc['id']}";
+ $qh = doQuery($query, 101);
+ if(! $row = mysql_fetch_assoc($qh)) {
+ return array('status' => 'error',
+ 'errorcode' => 18,
+ 'errormsg' => 'user group with submitted name and
affiliation does not exist');
+ }
+ # if not owner and not member of managing group, no access
+ if($user['id'] != $row['ownerid'] &&
+ ! array_key_exists($row['editgroupid'], $user['groups'])) {
+ return array('status' => 'error',
+ 'errorcode' => 28,
+ 'errormsg' => 'access denied to user group with
submitted name and affiliation');
+ }
+ $fails = array();
+ foreach($users as $_user) {
+ if(empty($_user))
+ continue;
+ $esc_user = mysql_escape_string($_user);
+ if(validateUserid($esc_user) == 1)
+ addUserGroupMember($esc_user, $rc['id']);
+ else
+ $fails[] = $_user;
+ }
+ if(count($fails)) {
+ $cnt = 'some';
+ $code = 34;
+ if(count($fails) == count($users)) {
+ $cnt = 'all submitted';
+ $code = 35;
+ }
+ return array('status' => 'warning',
+ 'failedusers' => $fails,
+ 'warningcode' => $code,
+ 'warningmsg' => "failed to add $cnt users to user
group");
+ }
+ return array('status' => 'success');
+}
+
+////////////////////////////////////////////////////////////////////////////////
+///
+/// \fn XMLRPCremoveUsersFromGroup($name, $affiliation, $users)
+///
+/// \param $name - name of user group
+/// \param $affiliation - affiliation of user group
+/// \param $users - array of users in userna...@affiliation form to be removed
+/// from the group
+///
+/// \return an array with at least one index named 'status' which will have
+/// one of these values:\n
+/// \b error - error occurred; there will be 2 additional elements in the
array:
+/// \li \b errorcode - error number
+/// \li \b errormsg - error string
+///
+/// \b success - users successfully removed from the group
+///
+/// \b warning - there was a non-fatal issue that occurred while processing
+/// the call; there will be three additional elements in this case:
+/// \li \b warningcode - warning number
+/// \li \b warningmsg - warning string
+/// \li \b failedusers - array of users in userna...@affiliation form that
could
+/// not be removed
+///
+/// \brief removes users from a group
+///
+////////////////////////////////////////////////////////////////////////////////
+function XMLRPCremoveUsersFromGroup($name, $affiliation, $users) {
+ global $user, $findAffilFuncs;
+ if(! in_array('groupAdmin', $user['privileges'])) {
+ return array('status' => 'error',
+ 'errorcode' => 16,
+ 'errormsg' => 'access denied for managing user
groups');
+ }
+ $validate = array('name' => $name,
+ 'affiliation' => $affiliation);
+ $rc = validateAPIgroupInput($validate, 1);
+ if($rc['status'] == 'error')
+ return $rc;
+ $query = "SELECT ownerid, "
+ . "editusergroupid AS editgroupid "
+ . "FROM usergroup "
+ . "WHERE id = {$rc['id']}";
+ $qh = doQuery($query, 101);
+ if(! $row = mysql_fetch_assoc($qh)) {
+ return array('status' => 'error',
+ 'errorcode' => 18,
+ 'errormsg' => 'user group with submitted name and
affiliation does not exist');
+ }
+ # if not owner and not member of managing group, no access
+ if($user['id'] != $row['ownerid'] &&
+ ! array_key_exists($row['editgroupid'], $user['groups'])) {
+ return array('status' => 'error',
+ 'errorcode' => 28,
+ 'errormsg' => 'access denied to user group with
submitted name and affiliation');
+ }
+ $fails = array();
+ foreach($users as $_user) {
+ if(empty($_user))
+ continue;
+ $esc_user = mysql_escape_string($_user);
+ # check that affiliation of user can be determined because
getUserlistID
+ # will abort if it can't find it
+ $affilok = 0;
+ foreach($findAffilFuncs as $func) {
+ if($func($_user, $dump))
+ $affilok = 1;
+ }
+ if(! $affilok) {
+ $fails[] = $_user;
+ continue;
+ }
+ $userid = getUserlistID($esc_user, 1);
+ if(is_null($userid))
+ $fails[] = $_user;
+ else
+ deleteUserGroupMember($userid, $rc['id']);
+ }
+ if(count($fails)) {
+ $cnt = 'some';
+ $code = 36;
+ if(count($fails) == count($users)) {
+ $cnt = 'any';
+ $code = 37;
+ }
+ return array('status' => 'warning',
+ 'failedusers' => $fails,
+ 'warningcode' => $code,
+ 'warningmsg' => "failed to remove $cnt users from
user group");
+ }
+ return array('status' => 'success');
+}
+
+////////////////////////////////////////////////////////////////////////////////
+///
/// \fn XMLRPCtest($string)
///
/// \param $string - a string
