PHP Get_User_Principle函数代码示例

function my_sites()
{
    require_once __DIR__ . '/../../../lib/Gocdb_Services/Factory.php';
    require_once __DIR__ . '/../components/Get_User_Principle.php';
    $params = array();
    $userServ = \Factory::getUserService();
    $dn = Get_User_Principle();
    $user = \Factory::getUserService()->getUserByPrinciple($dn);
    if (is_null($user)) {
        show_view('error.php', "Unregistered users can't hold a role over sites, NGIs or service groups.");
        die;
    }
    $sites = $userServ->getSitesFromRoles($user);
    if (!empty($sites)) {
        $params['sites_from_roles'] = $sites;
    }
    $sGroups = $userServ->getSGroupsFromRoles($user);
    if (!empty($sGroups)) {
        $params['sgroups_from_roles'] = $sGroups;
    }
    $ngis = $userServ->getNgisFromRoles($user);
    if (!empty($ngis)) {
        $params['ngis_from_roles'] = $ngis;
    }
    $projects = $userServ->getProjectsFromRoles($user);
    if (!empty($projects)) {
        $params['projects_from_roles'] = $projects;
    }
    $title = "My Sites and Groups";
    show_view('my_sites.php', $params, $title);
}

function view_se()
{
    require_once __DIR__ . '/../utils.php';
    require_once __DIR__ . '/../../../web_portal/components/Get_User_Principle.php';
    if (!isset($_GET['id']) || !is_numeric($_GET['id'])) {
        throw new Exception("An id must be specified");
    }
    $id = $_GET['id'];
    //get user for case that portal is read only and user is admin, so they can still see edit links
    $dn = Get_User_Principle();
    $user = \Factory::getUserService()->getUserByPrinciple($dn);
    $serv = \Factory::getServiceService();
    $params['authenticated'] = false;
    if ($user != null) {
        $params['authenticated'] = true;
    }
    $params['portalIsReadOnly'] = portalIsReadOnlyAndUserIsNotAdmin($user);
    $se = $serv->getService($id);
    // Does current viewer have edit permissions over object ?
    $params['ShowEdit'] = false;
    if ($user != null && count($serv->authorizeAction(\Action::EDIT_OBJECT, $se, $user)) >= 1) {
        $params['ShowEdit'] = true;
    }
    $title = $se->getHostName() . " - " . $se->getServiceType()->getName();
    $params['se'] = $se;
    $params['sGroups'] = $se->getServiceGroups();
    $params['Scopes'] = $serv->getScopesWithParentScopeInfo($se);
    // Show upcoming downtimes and downtimes that started within the last thirty days
    $downtimes = $serv->getDowntimes($id, 31);
    $params['Downtimes'] = $downtimes;
    show_view("service/view_service.php", $params, $title);
}

/**
 * Retrieves the NGIS to be added and then add them.
 * @return null 
*/
function submit()
{
    require_once __DIR__ . '/../../../../htdocs/web_portal/components/Get_User_Principle.php';
    //Get user details (for the remove ngi function so it can check permissions)
    $dn = Get_User_Principle();
    $user = \Factory::getUserService()->getUserByPrinciple($dn);
    //Get a project and NGI services
    $projectServ = \Factory::getProjectService();
    $ngiServ = \Factory::getNgiService();
    //Get the posted service type data
    $projectId = $_REQUEST['ID'];
    $ngiIds = $_REQUEST['NGIs'];
    //turn ngiIds into NGIs
    $ngis = new Doctrine\Common\Collections\ArrayCollection();
    foreach ($ngiIds as $ngiId) {
        $ngis[] = $ngiServ->getNgi($ngiId);
    }
    //get the project
    $project = $projectServ->getProject($projectId);
    try {
        //function will throw error if user does not have the correct permissions
        $projectServ->addNgisToProject($project, $ngis, $user);
        $params = array('Name' => $project->getName(), 'ID' => $project->getId(), 'NGIs' => $ngis);
        show_view("project/added_ngis.php", $params, "Success");
    } catch (Exception $e) {
        show_view('error.php', $e->getMessage());
        die;
    }
}

function submit()
{
    //Only administrators can delete sites, double check user is an administrator
    checkUserIsAdmin();
    if (!isset($_REQUEST['id']) || !is_numeric($_REQUEST['id'])) {
        throw new Exception("An id must be specified");
    }
    if (isset($_REQUEST['id'])) {
        $ngi = \Factory::getNgiService()->getNgi($_REQUEST['id']);
    } else {
        throw new \Exception("A NGI must be specified in the url");
    }
    //save name to display later
    $params['Name'] = $ngi->getName();
    $dn = Get_User_Principle();
    $user = \Factory::getUserService()->getUserByPrinciple($dn);
    //remove ngi
    try {
        \Factory::getNgiService()->deleteNgi($ngi, $user);
    } catch (\Exception $e) {
        show_view('error.php', $e->getMessage());
        die;
    }
    show_view('/site/deleted_site.php', $params);
}

function delete_project()
{
    if (true) {
        throw new Exception("Project deletion is disabled - see controller to enable");
    }
    if (!isset($_REQUEST['id']) || !is_numeric($_REQUEST['id'])) {
        throw new Exception("An id must be specified");
    }
    $dn = Get_User_Principle();
    $user = \Factory::getUserService()->getUserByPrinciple($dn);
    //Check the portal is not in read only mode, returns exception if it is and user is not an admin
    checkPortalIsNotReadOnlyOrUserIsAdmin($user);
    //Get the project from the id
    $serv = \Factory::getProjectService();
    $project = $serv->getProject($_REQUEST['id']);
    //keep the name to display later
    $params['Name'] = $project->getName();
    // Delete the project. This fuction will check the user is allowed to
    // perform this action and throw an error if not (only gocdb admins allowed).
    // Project deletion does not delete child NGIs and automatically cascade
    // deletes the user Roles over the OwnedEntity.
    try {
        $serv->deleteProject($project, $user);
    } catch (\Exception $e) {
        show_view('error.php', $e->getMessage());
        die;
    }
    show_view("project/deleted_project.php", $params, $params['Name'] . 'deleted');
}

function view_revoke_request()
{
    require_once __DIR__ . '/../../../../lib/Gocdb_Services/Factory.php';
    require_once __DIR__ . '/../../components/Get_User_Principle.php';
    require_once __DIR__ . '/../utils.php';
    $dn = Get_User_Principle();
    $user = \Factory::getUserService()->getUserByPrinciple($dn);
    if ($user == null) {
        throw new Exception("Unregistered users can't revoke roles");
    }
    //Check the portal is not in read only mode, returns exception if it is and user is not an admin
    checkPortalIsNotReadOnlyOrUserIsAdmin($user);
    $requestId = $_POST['id'];
    if (!isset($requestId) || !is_numeric($requestId)) {
        throw new LogicException("Invalid role id");
    }
    // Either a self revocation or revoke is requested by 2nd party
    // check to see that user has permission to revoke role
    $role = \Factory::getRoleService()->getRoleById($requestId);
    \Factory::getRoleService()->revokeRole($role, $user);
    if ($role->getUser() != $user) {
        // revoke by 2nd party
        show_view('political_role/role_revoked.php');
    } else {
        // Self revocation
        show_view('political_role/role_self_revoked.php');
    }
    die;
}

function CheckCurrentUserCanEditProject(\Project $project)
{
    require_once __DIR__ . '/../../web_portal/components/Get_User_Principle.php';
    $dn = Get_User_Principle();
    $user = \Factory::getUserService()->getUserByPrinciple($dn);
    $enablingRoles = \Factory::getProjectService()->authorizeAction('ACTION_EDIT_OBJECT', $project, $user);
    if (count($enablingRoles) == 0) {
        throw new Exception("You do not have a role that enables you to edit this project");
    }
}

function show_all()
{
    //Check the user has permission to see the page, will throw exception
    //if correct permissions are lacking
    checkUserIsAdmin();
    $dn = Get_User_Principle();
    $user = \Factory::getUserService()->getUserByPrinciple($dn);
    $serviceTypes = \Factory::getServiceTypeService()->getServiceTypes();
    $params['ServiceTypes'] = $serviceTypes;
    $params['portalIsReadOnly'] = portalIsReadOnlyAndUserIsNotAdmin($user);
    show_view('admin/view_service_types.php', $params, 'Service Types');
}

function view_ngi()
{
    require_once __DIR__ . '/../../../../lib/Gocdb_Services/Factory.php';
    require_once __DIR__ . '/../utils.php';
    require_once __DIR__ . '/../../../web_portal/components/Get_User_Principle.php';
    if (!isset($_GET['id']) || !is_numeric($_GET['id'])) {
        throw new Exception("An id must be specified");
    }
    $ngiId = $_GET['id'];
    //get user for case that portal is read only and user is admin, so they can still see edit links
    $dn = Get_User_Principle();
    $user = \Factory::getUserService()->getUserByPrinciple($dn);
    $params['portalIsReadOnly'] = portalIsReadOnlyAndUserIsNotAdmin($user);
    $params['UserIsAdmin'] = false;
    if (!is_null($user)) {
        $params['UserIsAdmin'] = $user->isAdmin();
    }
    $params['authenticated'] = false;
    if ($user != null) {
        $params['authenticated'] = true;
    }
    $ngiServ = \Factory::getNgiService();
    $siteServ = \Factory::getSiteService();
    $ngi = $ngiServ->getNgi($ngiId);
    // Does current viewer have edit permissions over NGI ?
    $params['ShowEdit'] = false;
    if (count($ngiServ->authorizeAction(\Action::EDIT_OBJECT, $ngi, $user)) >= 1) {
        $params['ShowEdit'] = true;
    }
    // Add ngi to params
    $params['ngi'] = $ngi;
    // Add all roles over ngi to params
    $allRoles = $ngi->getRoles();
    $roles = array();
    foreach ($allRoles as $role) {
        if ($role->getStatus() == \RoleStatus::GRANTED) {
            $roles[] = $role;
        }
    }
    $params['roles'] = $roles;
    // Add ngi's project to params
    $projects = $ngi->getProjects();
    $params['Projects'] = $projects;
    // Add sites and scopes to params
    $params['SitesAndScopes'] = array();
    foreach ($ngi->getSites() as $site) {
        $params['SitesAndScopes'][] = array('Site' => $site, 'Scopes' => $siteServ->getScopesWithParentScopeInfo($site));
    }
    // Add RoleActionRecords to params
    $params['RoleActionRecords'] = \Factory::getRoleService()->getRoleActionRecordsById_Type($ngi->getId(), 'ngi');
    show_view('ngi/view_ngi.php', $params, $ngi->getName());
    die;
}

/**
 * Controller for an edit site property request
 * @global array $_POST only set if the browser has POSTed data
 * @return null
 */
function edit_property()
{
    $dn = Get_User_Principle();
    $user = \Factory::getUserService()->getUserByPrinciple($dn);
    //Check the portal is not in read only mode, returns exception if it is and user is not an admin
    checkPortalIsNotReadOnlyOrUserIsAdmin($user);
    if ($_POST) {
        submit($user);
    } else {
        draw($user);
    }
}

function view_user()
{
    require_once __DIR__ . '/../../../../lib/Gocdb_Services/Factory.php';
    require_once __DIR__ . '/../../components/Get_User_Principle.php';
    if (!isset($_GET['id']) || !is_numeric($_GET['id'])) {
        throw new Exception("An id must be specified");
    }
    $userId = $_GET['id'];
    $user = \Factory::getUserService()->getUser($userId);
    if ($user === null) {
        throw new Exception("No user with that ID");
    }
    $params['user'] = $user;
    // get the targetUser's roles
    $roles = \Factory::getRoleService()->getUserRoles($user, \RoleStatus::GRANTED);
    //$user->getRoles();
    $callingUser = \Factory::getUserService()->getUserByPrinciple(Get_User_Principle());
    // can the calling user revoke the targetUser's roles?
    if ($user != $callingUser) {
        foreach ($roles as $r) {
            //$ownedEntityDetail = $r->getOwnedEntity()->getName(). ' ('. $r->getOwnedEntity()->getType().')';
            $authorisingRoleNames = \Factory::getRoleService()->authorizeAction(\Action::REVOKE_ROLE, $r->getOwnedEntity(), $callingUser);
            if (count($authorisingRoleNames) >= 1) {
                $allAuthorisingRoleNames = '';
                foreach ($authorisingRoleNames as $arName) {
                    $allAuthorisingRoleNames .= $arName . ', ';
                }
                $allAuthorisingRoleNames = substr($allAuthorisingRoleNames, 0, strlen($allAuthorisingRoleNames) - 2);
                $r->setDecoratorObject('[' . $allAuthorisingRoleNames . '] ');
            }
        }
    } else {
        // current user is viewing their own roles, so they can revoke their own roles
        foreach ($roles as $r) {
            $r->setDecoratorObject('[Self revoke own role]');
        }
    }
    // Check to see if the current calling user has permission to edit the target user
    try {
        \Factory::getUserService()->editUserAuthorization($user, $callingUser);
        $params['ShowEdit'] = true;
    } catch (Exception $e) {
        $params['ShowEdit'] = false;
    }
    /* @var $authToken \org\gocdb\security\authentication\IAuthentication */
    $authToken = Get_User_AuthToken();
    $params['authAttributes'] = $authToken->getDetails();
    $params['roles'] = $roles;
    $params['portalIsReadOnly'] = \Factory::getConfigService()->IsPortalReadOnly();
    $title = $user->getFullName();
    show_view("user/view_user.php", $params, $title);
}

/**
 * Dies if the request can't be authenticated. 
 * @param string $message If not specified, a default message is used. 
 */
function rejectIfNotAuthenticated($message = null)
{
    $authPrincipleStr = Get_User_Principle();
    if (empty($authPrincipleStr)) {
        // prob better to do a re-direct here to error page.
        if ($message == null) {
            die('Access Denined, authentication failed - A valid user certificate was not found');
            //or your EGI SSO user account is not associated with a valid certificate.');
        } else {
            die($message);
        }
    }
}

function startPage()
{
    require_once __DIR__ . '/../../../lib/Gocdb_Services/Factory.php';
    require_once __DIR__ . '/../components/Get_User_Principle.php';
    $dn = Get_User_Principle();
    $user = \Factory::getUserService()->getUserByPrinciple($dn);
    $roles = \Factory::getRoleService()->getPendingRolesUserCanApprove($user);
    $configServ = \Factory::getConfigService();
    $showMap = $configServ->getShowMapOnStartPage();
    $apiKey = $configServ->getGoogleAPIKey();
    $params = array('roles' => $roles, 'googleAPIKey' => $apiKey, 'showMap' => $showMap);
    $title = "GOCDB";
    show_view('start_page.php', $params, $title, null);
}

/**
 * Controller for an edit service request
 * @global array $_POST only set if the browser has POSTed data
 * @return null
 */
function edit_service()
{
    $dn = Get_User_Principle();
    $user = \Factory::getUserService()->getUserByPrinciple($dn);
    //Check the portal is not in read only mode, returns exception if it is and user is not an admin
    checkPortalIsNotReadOnlyOrUserIsAdmin($user);
    if ($_POST) {
        // If we receive a POST request it's for a new site
        submit($user);
    } else {
        // If there is no post data, draw the edit site form
        draw($user);
    }
}

function delete()
{
    if (!isset($_REQUEST['id']) || !is_numeric($_REQUEST['id'])) {
        throw new Exception("An id must be specified");
    }
    $dn = Get_User_Principle();
    $user = \Factory::getUserService()->getUserByPrinciple($dn);
    //get the site
    $site = \Factory::getSiteService()->getSite($_REQUEST['id']);
    if ($_POST or sizeof($site->getServices()) == 0) {
        submit($site, $user);
    } else {
        draw($site);
    }
}