You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2017/02/09 16:18:38 UTC
[1/2] airavata-php-gateway git commit: AIRAVATA-2312 Removing unused
method
Repository: airavata-php-gateway
Updated Branches:
refs/heads/develop 6f55b5b18 -> 9765c1e25
AIRAVATA-2312 Removing unused method
AdminController::updateUserRoles isn't routed to or referenced internally
Project: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/commit/773e542c
Tree: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/tree/773e542c
Diff: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/diff/773e542c
Branch: refs/heads/develop
Commit: 773e542c47fbaa1db59739852c2d67717aea3bdd
Parents: 6f55b5b
Author: Marcus Christie <ma...@iu.edu>
Authored: Thu Feb 9 10:22:55 2017 -0500
Committer: Marcus Christie <ma...@iu.edu>
Committed: Thu Feb 9 10:22:55 2017 -0500
----------------------------------------------------------------------
app/controllers/AdminController.php | 15 ---------------
1 file changed, 15 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/773e542c/app/controllers/AdminController.php
----------------------------------------------------------------------
diff --git a/app/controllers/AdminController.php b/app/controllers/AdminController.php
index d0aa3e5..1ecce03 100644
--- a/app/controllers/AdminController.php
+++ b/app/controllers/AdminController.php
@@ -278,21 +278,6 @@ class AdminController extends BaseController {
return View::make("admin/manage-credentials", array("tokens" => $tokens , "pwdTokens" => $pwdTokens) );
}
- public function updateUserRoles(){
- if( Input::has("add")){
- WSIS::updateUserRoles(Input::get("username"), array("new"=> Input::get("roles"), "deleted" => array() ) );
- $roles = WSIS::getUserRoles(Input::get("username"));
- if(in_array(Config::get("pga_config.wsis")["admin-role-name"], $roles) || in_array(Config::get("pga_config.wsis")["read-only-admin-role-name"], $roles)
- || in_array(Config::get("pga_config.wsis")["user-role-name"], $roles)){
- $userProfile = WSIS::getUserProfile(Input::get("username"));
- $recipients = array($userProfile["email"]);
- $this->sendAccessGrantedEmailToTheUser(Input::get("username"), $recipients);
- }
- }
- else
- return WSIS::updateUserRoles(Input::get("username"), array("new"=> array(), "deleted" => Input::get("roles") ) );
- }
-
private function sendAccessGrantedEmailToTheUser($username, $recipients){
$mail = new PHPMailer;
[2/2] airavata-php-gateway git commit: AIRAVATA-2312 Adds
'initial-role-name' to pga_config.php
Posted by ma...@apache.org.
AIRAVATA-2312 Adds 'initial-role-name' to pga_config.php
'initial-role-name' defaults to 'user-pending' but can be customized to
automatically assign new users to the given role. The main use case for
this is to set 'initial-role-name' to 'gateway-user' to provide new
users access to the gateway without needing admin intervention.
Project: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/commit/9765c1e2
Tree: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/tree/9765c1e2
Diff: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/diff/9765c1e2
Branch: refs/heads/develop
Commit: 9765c1e250992c9ee870243081795e6aa2312948
Parents: 773e542
Author: Marcus Christie <ma...@iu.edu>
Authored: Thu Feb 9 11:17:49 2017 -0500
Committer: Marcus Christie <ma...@iu.edu>
Committed: Thu Feb 9 11:17:49 2017 -0500
----------------------------------------------------------------------
app/config/pga_config.php.template | 8 ++++++
app/controllers/AccountController.php | 9 +++---
app/controllers/AdminController.php | 44 ++++++++++++++++++++++--------
app/libraries/CommonUtilities.php | 4 +++
4 files changed, 50 insertions(+), 15 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/9765c1e2/app/config/pga_config.php.template
----------------------------------------------------------------------
diff --git a/app/config/pga_config.php.template b/app/config/pga_config.php.template
index ac378f6..8370364 100644
--- a/app/config/pga_config.php.template
+++ b/app/config/pga_config.php.template
@@ -24,6 +24,14 @@ return array(
'user-role-name' => 'Internal/everyone',
/**
+ * Initial user role. This is the initial user role assigned to a new
+ * user. Set this to one of the three roles above to automatically
+ * grant new users that role, or set to some other role ('user-pending')
+ * to require admin approval before users have access.
+ */
+ 'initial-role-name' => 'user-pending',
+
+ /**
* Tenant Domain
*/
'tenant-domain' => 'master.airavata',
http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/9765c1e2/app/controllers/AccountController.php
----------------------------------------------------------------------
diff --git a/app/controllers/AccountController.php b/app/controllers/AccountController.php
index 1490ee1..a9ac6b4 100644
--- a/app/controllers/AccountController.php
+++ b/app/controllers/AccountController.php
@@ -56,14 +56,15 @@ class AccountController extends BaseController
WSIS::registerUserAccount($username, $password, $email, $first_name, $last_name, $organization, $address, $country, $telephone, $mobile, $im, $url,
Config::get('pga_config.wsis')['tenant-domain']);
- /*add user to role - user-pending */
+ /*add user to the initial role */
+ $initialRoleName = CommonUtilities::getInitialRoleName();
$allRoles = WSIS::getAllRoles();
- if(! in_array( "user-pending", $allRoles)){
- WSIS::addRole( "user-pending");
+ if(! in_array( $initialRoleName, $allRoles)){
+ WSIS::addRole( $initialRoleName);
}
- $userRoles["new"] = "user-pending";
+ $userRoles["new"] = $initialRoleName;
if( Config::get('pga_config.portal')['super-admin-portal'] == true ){
http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/9765c1e2/app/controllers/AdminController.php
----------------------------------------------------------------------
diff --git a/app/controllers/AdminController.php b/app/controllers/AdminController.php
index 1ecce03..6dd27bd 100644
--- a/app/controllers/AdminController.php
+++ b/app/controllers/AdminController.php
@@ -236,22 +236,44 @@ class AdminController extends BaseController {
$recipients = array($userProfile["email"]);
$this->sendAccessGrantedEmailToTheUser(Input::get("username"), $recipients);
- // remove the pending role when access is granted, unless
- // the admin is trying to add the user to the pending role
- if(in_array("user-pending", $newCurrentRoles) && !in_array("user-pending", $roles["new"])) {
- $userRoles["new"] = array();
- $userRoles["deleted"] = "user-pending";
- WSIS::updateUserRoles( $username, $userRoles);
- } else if(in_array("user-pending", $newCurrentRoles) && in_array("user-pending", $roles["new"])) {
- // When user-pending role added remove all roles except for user-pending and Internal/everyone
- $userRoles["new"] = array();
- $userRoles["deleted"] = array_diff($newCurrentRoles, array("user-pending", "Internal/everyone"));
- WSIS::updateUserRoles( $username, $userRoles);
+ // remove the initial role when the initial role isn't a privileged
+ // role and the admin has now assigned the user to a privileged
+ // role, unless the admin is trying to add the user back to the
+ // initial role
+ if (!$this->isInitialRoleOneOfPrivilegedRoles()) {
+
+ $initialRoleName = CommonUtilities::getInitialRoleName();
+ if(in_array($initialRoleName, $newCurrentRoles) && !in_array($initialRoleName, $roles["new"])) {
+ $userRoles["new"] = array();
+ $userRoles["deleted"] = $initialRoleName;
+ WSIS::updateUserRoles( $username, $userRoles);
+ } else if(in_array($initialRoleName, $newCurrentRoles) && in_array($initialRoleName, $roles["new"])) {
+ // When initial role added remove all roles except for initial role and Internal/everyone
+ $userRoles["new"] = array();
+ $userRoles["deleted"] = array_diff($newCurrentRoles, array($initialRoleName, "Internal/everyone"));
+ WSIS::updateUserRoles( $username, $userRoles);
+ }
}
}
return Redirect::to("admin/dashboard/roles")->with( "message", "Roles has been added.");
}
+ /*
+ * Return true if the initial-role-name is one of the three privileged
+ * roles. This is used to figure out whether the initial-role-name is a
+ * 'user-pending' kind of role (returns false), or whether the initial role
+ * is a privileged role (returns true) and no admin intervention is
+ * necessary.
+ */
+ private function isInitialRoleOneOfPrivilegedRoles() {
+
+ $initialRoleName = CommonUtilities::getInitialRoleName();
+ $adminRoleName = Config::get("pga_config.wsis")["admin-role-name"];
+ $adminReadOnlyRoleName = Config::get("pga_config.wsis")["read-only-admin-role-name"];
+ $userRoleName = Config::get("pga_config.wsis")["user-role-name"];
+ return in_array($initialRoleName, array($adminRoleName, $adminReadOnlyRoleName, $userRoleName));
+ }
+
public function removeRoleFromUser(){
$roles["deleted"] = array(Input::all()["roleName"]);
$roles["new"] = array();
http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/9765c1e2/app/libraries/CommonUtilities.php
----------------------------------------------------------------------
diff --git a/app/libraries/CommonUtilities.php b/app/libraries/CommonUtilities.php
index 585016f..53f790e 100644
--- a/app/libraries/CommonUtilities.php
+++ b/app/libraries/CommonUtilities.php
@@ -438,5 +438,9 @@ class CommonUtilities
return false;
}
}
+
+ public static function getInitialRoleName() {
+ return Config::get('pga_config.wsis.initial-role-name', 'user-pending');
+ }
}