add user to LDAP immediately

Author: simonLeary42

CONTRIBUTING.md

@@ -63,6 +63,7 @@ Notable users:
 - `[email protected]` - admin, PI
 - `[email protected]` - not admin, not PI
 - `[email protected]` - does not yet have an account
+- `[email protected]` - regsitered but not qualified (not a PI or in a PI group)
 
 ### Changes to Dev Environment
 

README.md

@@ -117,6 +117,8 @@ rm "$prod" && ln -s "$old" "$prod"
 ### 1.3 -> 1.4
 
 - the `[ldap]user_group` option has been renamed to `[ldap]qualified_user_group`
+- the `user_created ` mail template has been renamed to `user_qualified`
+- the `user_dequalified` mail template has been added
 
 ### 1.2 -> 1.3
 

resources/lib/UnityGroup.php

@@ -100,7 +100,7 @@ public function approveGroup(?UnityUser $operator = null, bool $send_mail = true
         if ($this->exists()) {
             return;
         }
-        \ensure(!$this->getOwner()->exists());
+        \ensure($this->getOwner()->exists());
         $this->init();
         $this->SQL->removeRequest($this->getOwner()->uid);
         $operator = is_null($operator) ? $this->getOwner()->uid : $operator->uid;
@@ -113,6 +113,7 @@ public function approveGroup(?UnityUser $operator = null, bool $send_mail = true
         if ($send_mail) {
             $this->MAILER->sendMail($this->getOwner()->getMail(), "group_created");
         }
+        $this->getOwner()->setIsQualified(true); // having your own group makes you qualified
     }
 
     /**
@@ -183,10 +184,17 @@ public function cancelGroupJoinRequest(UnityUser $user, bool $send_mail = true):
     //     // now we delete the ldap entry
     //     $this->entry->ensureExists();
     //     $this->entry->delete();
-    //     $this->REDIS->removeCacheArray("sorted_groups", "", $this->gid);
+    //     $default_value_getter = [$this->LDAP, "getSortedGroupsForRedis"];
+    //     $this->REDIS->removeCacheArray("sorted_groups", "", $this->gid, $default_value_getter);
     //     foreach ($users as $user) {
-    //         $this->REDIS->removeCacheArray($user->uid, "groups", $this->gid);
+    //         $this->REDIS->removeCacheArray(
+    //             $user->uid,
+    //             "groups",
+    //             $this->gid,
+    //             fn() => $this->getGroupMemberUIDs(true),
+    //         );
     //     }
+    //     // FIXME group not removed from user's groups array
 
     //     // send email to every user of the now deleted PI group
     //     if ($send_mail) {
@@ -207,7 +215,7 @@ public function cancelGroupJoinRequest(UnityUser $user, bool $send_mail = true):
     public function approveUser(UnityUser $new_user, bool $send_mail = true): void
     {
         $request = $this->SQL->getRequest($new_user->uid, $this->gid);
-        \ensure(!$new_user->exists());
+        \ensure($new_user->exists());
         $this->addUserToGroup($new_user);
         $this->SQL->removeRequest($new_user->uid, $this->gid);
         if ($send_mail) {
@@ -222,6 +230,7 @@ public function approveUser(UnityUser $new_user, bool $send_mail = true): void
                 "org" => $new_user->getOrg(),
             ]);
         }
+        $new_user->setIsQualified(true); // being in a group makes you qualified
     }
 
     public function denyUser(UnityUser $new_user, bool $send_mail = true): void
@@ -374,7 +383,8 @@ private function init(): void
         $this->entry->setAttribute("gidnumber", strval($nextGID));
         $this->entry->setAttribute("memberuid", [$owner->uid]);
         $this->entry->write();
-        $this->REDIS->appendCacheArray("sorted_groups", "", $this->gid);
+        $default_value_getter = [$this->LDAP, "getSortedGroupsForRedis"];
+        $this->REDIS->appendCacheArray("sorted_groups", "", $this->gid, $default_value_getter);
         // TODO if we ever make this project based,
         // we need to update the cache here with the memberuid
     }
@@ -383,16 +393,36 @@ private function addUserToGroup(UnityUser $new_user): void
     {
         $this->entry->appendAttribute("memberuid", $new_user->uid);
         $this->entry->write();
-        $this->REDIS->appendCacheArray($this->gid, "members", $new_user->uid);
-        $this->REDIS->appendCacheArray($new_user->uid, "groups", $this->gid);
+        $this->REDIS->appendCacheArray(
+            $this->gid,
+            "members",
+            $new_user->uid,
+            fn() => $this->getGroupMemberUIDs(true),
+        );
+        $this->REDIS->appendCacheArray(
+            $new_user->uid,
+            "groups",
+            $this->gid,
+            fn() => $this->LDAP->getPIGroupGIDsWithMemberUID($new_user->uid),
+        );
     }
 
     private function removeUserFromGroup(UnityUser $old_user): void
     {
         $this->entry->removeAttributeEntryByValue("memberuid", $old_user->uid);
         $this->entry->write();
-        $this->REDIS->removeCacheArray($this->gid, "members", $old_user->uid);
-        $this->REDIS->removeCacheArray($old_user->uid, "groups", $this->gid);
+        $this->REDIS->removeCacheArray(
+            $this->gid,
+            "members",
+            $old_user->uid,
+            fn() => $this->getGroupMemberUIDs(true),
+        );
+        $this->REDIS->removeCacheArray(
+            $old_user->uid,
+            "groups",
+            $this->gid,
+            fn() => $this->LDAP->getPIGroupGIDsWithMemberUID($old_user->uid),
+        );
     }
 
     public function memberExists(UnityUser $user): bool

resources/lib/UnityLDAP.php

@@ -458,4 +458,27 @@ public function getUidFromEmail(string $email): LDAPEntry
         }
         throw new exceptions\EntryNotFoundException($email);
     }
+
+    public function getSortedQualifiedUsersForRedis(): array
+    {
+        $qualified_users = $this->getQualifiedUsersUIDs();
+        sort($qualified_users);
+        return $qualified_users;
+    }
+
+    public function getSortedOrgsForRedis(): array
+    {
+        $attributes = $this->getAllOrgGroupsAttributes(["cn"]);
+        $groups = array_map(fn($x) => $x["cn"][0], $attributes);
+        sort($groups);
+        return $groups;
+    }
+
+    public function getSortedGroupsForRedis(): array
+    {
+        $attributes = $this->getAllPIGroupsAttributes(["cn"]);
+        $groups = array_map(fn($x) => $x["cn"][0], $attributes);
+        sort($groups);
+        return $groups;
+    }
 }

resources/lib/UnityOrg.php

@@ -39,7 +39,8 @@ public function init(): void
         $this->entry->setAttribute("objectclass", UnityLDAP::POSIX_GROUP_CLASS);
         $this->entry->setAttribute("gidnumber", strval($nextGID));
         $this->entry->write();
-        $this->REDIS->appendCacheArray("sorted_orgs", "", $this->gid);
+        $default_value_getter = [$this->LDAP, "getSortedOrgsForRedis"];
+        $this->REDIS->appendCacheArray("sorted_orgs", "", $this->gid, $default_value_getter);
     }
 
     public function exists(): bool
@@ -94,13 +95,23 @@ public function addUser(UnityUser $user): void
     {
         $this->entry->appendAttribute("memberuid", $user->uid);
         $this->entry->write();
-        $this->REDIS->appendCacheArray($this->gid, "members", $user->uid);
+        $this->REDIS->appendCacheArray(
+            $this->gid,
+            "members",
+            $user->uid,
+            fn() => $this->getOrgMemberUIDs(true),
+        );
     }
 
     public function removeUser(UnityUser $user): void
     {
         $this->entry->removeAttributeEntryByValue("memberuid", $user->uid);
         $this->entry->write();
-        $this->REDIS->removeCacheArray($this->gid, "members", $user->uid);
+        $this->REDIS->removeCacheArray(
+            $this->gid,
+            "members",
+            $user->uid,
+            fn() => $this->getOrgMemberUIDs(true),
+        );
     }
 }

resources/lib/UnityRedis.php

@@ -61,15 +61,19 @@ public function getCache(string $object, string $key): mixed
         return null;
     }
 
-    public function appendCacheArray(string $object, string $key, mixed $value): void
-    {
+    public function appendCacheArray(
+        string $object,
+        string $key,
+        mixed $value,
+        callable $default_value_getter,
+    ): void {
         if (!$this->enabled) {
             return;
         }
 
         $cached_val = $this->getCache($object, $key);
         if (is_null($cached_val)) {
-            $this->setCache($object, $key, [$value]);
+            $this->setCache($object, $key, $default_value_getter());
         } else {
             if (!is_array($cached_val)) {
                 throw new Exception("This cache value is not an array");
@@ -82,15 +86,19 @@ public function appendCacheArray(string $object, string $key, mixed $value): voi
     }
 
     // TODO return void
-    public function removeCacheArray(string $object, string $key, mixed $value)
-    {
+    public function removeCacheArray(
+        string $object,
+        string $key,
+        mixed $value,
+        callable $default_value_getter,
+    ) {
         if (!$this->enabled) {
             return null;
         }
 
         $cached_val = $this->getCache($object, $key);
         if (is_null($cached_val)) {
-            $this->setCache($object, $key, []);
+            $this->setCache($object, $key, $default_value_getter());
         } else {
             if (!is_array($cached_val)) {
                 throw new Exception("This cache value is not an array");

resources/lib/UnityUser.php

@@ -105,18 +105,54 @@ public function init(
             $org->addUser($this);
         }
 
-        $this->LDAP->getQualifiedUserGroup()->appendAttribute("memberuid", $this->uid);
-        $this->LDAP->getQualifiedUserGroup()->write();
-
-        $this->REDIS->appendCacheArray("sorted_qualified_users", "", $this->uid);
-
         $this->SQL->addLog($this->uid, $_SERVER["REMOTE_ADDR"], "user_added", $this->uid);
+    }
 
-        if ($send_mail) {
-            $this->MAILER->sendMail($this->getMail(), "user_created", [
-                "user" => $this->uid,
-                "org" => $this->getOrg(),
-            ]);
+    public function isQualified(): bool
+    {
+        return $this->LDAP->getQualifiedUserGroup()->attributeValueExists("memberUid", $this->uid);
+    }
+
+    public function setIsQualified(bool $newIsQualified, bool $doSendMail = true): void
+    {
+        $oldIsQualified = $this->isQualified();
+        if ($oldIsQualified == $newIsQualified) {
+            return;
+        }
+        if ($newIsQualified) {
+            $this->LDAP->getQualifiedUserGroup()->appendAttribute("memberuid", $this->uid);
+            $this->LDAP->getQualifiedUserGroup()->write();
+            $default_value_getter = [$this->LDAP, "getSortedQualifiedUsersForRedis"];
+            $this->REDIS->appendCacheArray(
+                "sorted_qualified_users",
+                "",
+                $this->uid,
+                $default_value_getter,
+            );
+            if ($doSendMail) {
+                $this->MAILER->sendMail($this->getMail(), "user_qualified", [
+                    "user" => $this->uid,
+                    "org" => $this->getOrg(),
+                ]);
+            }
+        } else {
+            $this->LDAP
+                ->getQualifiedUserGroup()
+                ->removeAttributeEntryByValue("memberuid", $this->uid);
+            $this->LDAP->getQualifiedUserGroup()->write();
+            $default_value_getter = [$this->LDAP, "getSortedQualifiedUsersForRedis"];
+            $this->REDIS->removeCacheArray(
+                "sorted_qualified_users",
+                "",
+                $this->uid,
+                $default_value_getter,
+            );
+            if ($doSendMail) {
+                $this->MAILER->sendMail($this->getMail(), "user_dequalified", [
+                    "user" => $this->uid,
+                    "org" => $this->getOrg(),
+                ]);
+            }
         }
     }
 

resources/mail/user_dequalified.php

@@ -0,0 +1,10 @@
+<?php
+
+// this template is sent when a user account is no longer qualified
+$this->Subject = "User Deactivated"; ?>
+
+<p>Hello,</p>
+
+<p>Your account on the Unity cluster has been deactivated.</p>
+
+<p>If you believe this to be a mistake, please reply to this email as soon as possible.</p>

resources/mail/user_created.php resources/mail/user_qualified.phpresources/mail/user_created.php renamed to resources/mail/user_qualified.php

@@ -1,7 +1,7 @@
 <?php
 
-// this template is sent when a user account gets created
-$this->Subject = "User Created"; ?>
+// this template is sent when a user account becomes qualified
+$this->Subject = "User Activated"; ?>
 
 <p>Hello,</p>