You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by sc...@apache.org on 2016/08/17 15:33:00 UTC
[13/20] airavata-php-gateway git commit: Removed ability for users
with read only permissions to access project edit pages
Removed ability for users with read only permissions to access project edit pages
Project: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/commit/cb57e294
Tree: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/tree/cb57e294
Diff: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/diff/cb57e294
Branch: refs/heads/develop
Commit: cb57e294829bcbc98376329729ee04f28f9398c1
Parents: fe50621
Author: Jeff Kinnison <je...@gmail.com>
Authored: Tue Aug 16 11:24:43 2016 -0400
Committer: Jeff Kinnison <je...@gmail.com>
Committed: Tue Aug 16 11:24:43 2016 -0400
----------------------------------------------------------------------
app/controllers/ProjectController.php | 66 ++++++++++++++++++++++++------
app/libraries/SharingUtilities.php | 20 ++++++++-
app/views/project/browse.blade.php | 4 +-
app/views/project/summary.blade.php | 5 ++-
4 files changed, 78 insertions(+), 17 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/cb57e294/app/controllers/ProjectController.php
----------------------------------------------------------------------
diff --git a/app/controllers/ProjectController.php b/app/controllers/ProjectController.php
index 3bf91d5..97a41f8 100755
--- a/app/controllers/ProjectController.php
+++ b/app/controllers/ProjectController.php
@@ -46,8 +46,25 @@ class ProjectController extends BaseController
$users = SharingUtilities::getProfilesForSharedUsers(Input::get('projId'), ResourceType::PROJECT);
+ $experiments = ProjectUtilities::get_experiments_in_project(Input::get("projId"));
+
+ $experiment_can_write = array();
+ foreach($experiments as $experiment) {
+ if (SharingUtilities::userCanWrite(Session::get("username"), $experiment->experimentId, ResourceType::EXPERIMENT)) {
+ $experiment_can_write[$experiment->experimentId] = true;
+ }
+ else {
+ $experiment_can_write[$experiment->experimentId] = false;
+ }
+ }
+
return View::make("project/summary",
- array("projectId" => Input::get("projId"), "users" => json_encode($users)));
+ array("projectId" => Input::get("projId"),
+ "experiments" => $experiments,
+ "users" => json_encode($users),
+ "project_can_write" => SharingUtilities::userCanWrite(Session::get("username"), Input::get("projId"), ResourceType::PROJECT),
+ "experiment_can_write" => $experiment_can_write
+ ));
} else
return Redirect::to("home");
}
@@ -55,20 +72,33 @@ class ProjectController extends BaseController
public function editView()
{
if (Input::has("projId")) {
- $users = SharingUtilities::getProfilesForSharedUsers(Input::get('projId'), ResourceType::PROJECT);
-
- return View::make("project/edit",
- array("projectId" => Input::get("projId"),
- "project" => ProjectUtilities::get_project($_GET['projId']),
- "users" => json_encode($users)
- ));
+ if (SharingUtilities::userCanWrite(Session::get("username"), Input::get("projId"), ResourceType::PROJECT)) {
+ $project = ProjectUtilities::get_project($_GET['projId']);
+ $users = SharingUtilities::getProfilesForSharedUsers(Input::get('projId'), ResourceType::PROJECT);
+ $owner = array();
+
+ if (strcmp(Session::get("username"), $project->owner) !== 0) {
+ $owner = array($project->owner => $users[$project->owner]);
+ $users = array_key_diff($users, $owner);
+ }
+
+ return View::make("project/edit",
+ array("projectId" => Input::get("projId"),
+ "project" => $project,
+ "users" => json_encode($users),
+ "owner" => json_encode($owner)
+ ));
+ }
+ else {
+ return Redirect::to('project/summary?projId=' . Input::get("projId"))->with("error", "You do not have permission to edit this project.");
+ }
} else
return Redirect::to("home");
}
public function editSubmit()
{
- if (isset($_POST['save'])) {
+ if (isset($_POST['save']) && SharingUtilities::userCanWrite(Session::get("username"))) {
$projectDetails = array();
$projectDetails["owner"] = Session::get("username");
$projectDetails["name"] = Input::get("project-name");
@@ -103,10 +133,22 @@ class ProjectController extends BaseController
$projects = ProjectUtilities::get_all_user_accessible_projects_with_pagination($this->limit, ($pageNo - 1) * $this->limit);
}
+ $can_write = array();
+ $user = Session::get("username");
+ foreach($projects as $project) {
+ if (SharingUtilities::userCanWrite($user, $project->projectID, ResourceType::PROJECT)) {
+ $can_write[$project->projectID] = true;
+ }
+ else {
+ $can_write[$project->projectID] = false;
+ }
+ }
+
return View::make('project/browse', array(
'pageNo' => $pageNo,
'limit' => $this->limit,
- 'projects' => $projects
+ 'projects' => $projects,
+ 'can_write' => $can_write
));
}
@@ -119,7 +161,7 @@ class ProjectController extends BaseController
*/
public function sharedUsers()
{
- if (array_key_exists('resourceId', $_GET)) {
+ if (Session::has("authz-token") && array_key_exists('resourceId', $_GET)) {
return Response::json(SharingUtilities::getProfilesForSharedUsers($_GET['resourceId'], ResourceType::PROJECT));
}
else {
@@ -129,7 +171,7 @@ class ProjectController extends BaseController
public function unsharedUsers()
{
- if (array_key_exists('resourceId', $_GET)) {
+ if (Session::has("authz-token") && array_key_exists('resourceId', $_GET)) {
return Response::json(SharingUtilities::getProfilesForUnsharedUsers($_GET['resourceId'], ResourceType::PROJECT));
}
else {
http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/cb57e294/app/libraries/SharingUtilities.php
----------------------------------------------------------------------
diff --git a/app/libraries/SharingUtilities.php b/app/libraries/SharingUtilities.php
index bf9987f..477cec5 100755
--- a/app/libraries/SharingUtilities.php
+++ b/app/libraries/SharingUtilities.php
@@ -30,10 +30,26 @@ class SharingUtilities {
if (strcmp($uid, $user) === 0) {
return true;
}
- else {
- return false;
+ }
+ return false;
+ }
+
+ /**
+ * Determine if the user has write privileges on the resource.
+ *
+ * @param $uid The user to check
+ * @param $resourceId Experiment or Project ID
+ * @param $dataResourceType e.g Airavata\Model\Group\ResourceType:PROJECT,Airavata\Model\Group\ResourceType:EXPERIMENT
+ * @return True if the user has write permission, false otherwise.
+ */
+ public static function userCanWrite($uid, $resourceId, $dataResourceType) {
+ $write = GrouperUtilities::getAllAccessibleUsers($resourceId, $dataResourceType, ResourcePermissionType::WRITE);
+ foreach($write as $user) {
+ if (strcmp($uid, $user) === 0) {
+ return true;
}
}
+ return false;
}
/**
http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/cb57e294/app/views/project/browse.blade.php
----------------------------------------------------------------------
diff --git a/app/views/project/browse.blade.php b/app/views/project/browse.blade.php
index 4e68ddc..3b6e348 100755
--- a/app/views/project/browse.blade.php
+++ b/app/views/project/browse.blade.php
@@ -107,9 +107,11 @@
<tr>
<td>
<?php echo $project->name; ?>
+ @if($can_write[$project->projectID] === true)
<a href="{{URL::to('/')}}/project/edit?projId=<?php echo $project->projectID; ?>" title="Edit">
<span class="glyphicon glyphicon-pencil"></span>
</a>
+ @endif
</td>
<td>
{{$project->owner}}
@@ -143,4 +145,4 @@
@section('scripts')
@parent
{{ HTML::script('js/time-conversion.js')}}
- @stop
\ No newline at end of file
+ @stop
http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/cb57e294/app/views/project/summary.blade.php
----------------------------------------------------------------------
diff --git a/app/views/project/summary.blade.php b/app/views/project/summary.blade.php
index 9e7adce..fc6fe69 100755
--- a/app/views/project/summary.blade.php
+++ b/app/views/project/summary.blade.php
@@ -10,7 +10,6 @@
<div class="container" style="max-width: 80%;">
<?php
$project = ProjectUtilities::get_project($_GET['projId']);
- $experiments = ProjectUtilities::get_experiments_in_project($project->projectID);
?>
<h1>Project Summary
@if( !isset($dashboard))
@@ -21,9 +20,11 @@
<div>
<div>
<h3>{{ $project->name }}
+ @if($project_can_write === true)
<a href="edit?projId={{ $project->projectID }}" title="Edit">
<span class="glyphicon glyphicon-pencil"></span>
</a>
+ @endif
</h3>
<p>{{ $project->description }}</p>
</div>
@@ -62,7 +63,7 @@
<a href="{{URL::to('/')}}/experiment/summary?expId={{$experiment->experimentId}}">
{{ $experiment->experimentName }}
</a>
- @if( $expValues['editable'])
+ @if( $expValues['editable'] and $experiment_can_write[$experiment->experimentId] === true)
<a href="{{URL::to('/')}}/experiment/edit?expId={{$experiment->experimentId}}" title="Edit"><span class="glyphicon glyphicon-pencil"></span></a>
@endif
</td>