diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index b24dd63d..3622c294 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -31,6 +31,7 @@ repos: resources/lib/phpopenldaper/.*| vendor/.*| resources/lib/.*| + resources/mail/.*| )$ - repo: https://github.com/rbubley/mirrors-prettier @@ -47,6 +48,7 @@ repos: vendor/.*| resources/templates/.*| webroot/.*| + resources/mail/.*| )$ # linters (work required) ######################################################################## @@ -81,6 +83,7 @@ repos: resources/lib/phpopenldaper/.*| vendor/.*| resources/lib/.*| + resources/mail/.*| )$ - id: php-l name: php -l diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 4e5c5e1d..4f5e66c5 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -26,7 +26,7 @@ This will enable strict mode and throw an exception rather than issuing a warning. - `UnityHTTPD`'s user-facing error functionality (ex: `badRequest`) should only be called from `webroot/**/*.php`. `resources/**/*.php` should throw exceptions instead. -- all pages under `webroot/admin/` must check for `$USER->isAdmin()` and call `UnityHTTPD::forbidden()` if not admin. +- all pages under `webroot/admin/` must check for `$USER->getFlag(UserFlag::ADMIN)` and call `UnityHTTPD::forbidden()` if not admin. This repository will automatically check PRs for linting compliance. diff --git a/README.md b/README.md index 8a65ec4c..4edbdcc5 100644 --- a/README.md +++ b/README.md @@ -120,6 +120,8 @@ rm "$prod" && ln -s "$old" "$prod" ### 1.5.0 -> 1.5.1 - the `[site]getting_started_url` option should be defined +- the `[ldap]admin_group` option has been renamed to `[ldap]user_flag_groups[admin]` +- the `[ldap]qualified_user_group` option has been renamed to `[ldap]user_flag_groups[qualified]` ### 1.4 -> 1.5 diff --git a/defaults/config.ini.default b/defaults/config.ini.default index 773013bc..c826c779 100644 --- a/defaults/config.ini.default +++ b/defaults/config.ini.default @@ -28,15 +28,18 @@ pass = "password" ; Admin bind password custom_user_mappings_dir = "deployment/custom_user_mappings" ; for internal use only basedn = "dc=unityhpc,dc=test" ; Base search DN user_ou = "ou=users,dc=unityhpc,dc=test" ; User organizational unit (may contain more than user group) -qualified_user_group = "cn=unityusers,dc=unityhpc,dc=test" ; Qualified user group (in at least one PI group) group_ou = "ou=groups,dc=unityhpc,dc=test" ; Group organizational unit pigroup_ou = "ou=pi_groups,dc=unityhpc,dc=test" ; PI Group organizational unit orggroup_ou = "ou=org_groups,dc=unityhpc,dc=test" ; ORG group organizational unit -admin_group = "cn=web_admins,dc=unityhpc,dc=test" ; admin dn (members of this group are admins on the web portal) def_user_shell = "/bin/bash" ; Default shell for new users offset_UIDGID = 1000000 ; start point when allocating new UID/GID pairs for a new user offset_PIGID = 2000000 ; start point when allocating new GID for a new PI group offset_ORGGID = 3000000 ; start point when allocating new GID for a new org group +user_flag_groups[admin] = "cn=web_admins,dc=unityhpc,dc=test" ; admin user group dn +user_flag_groups[ghost] = "cn=ghost,dc=unityhpc,dc=test" ; ghost user group dn +user_flag_groups[idlelocked] = "cn=idlelocked,dc=unityhpc,dc=test" ; idlelocked user group dn +user_flag_groups[locked] = "cn=locked,dc=unityhpc,dc=test" ; locked user group dn +user_flag_groups[qualified] = "cn=unityusers,dc=unityhpc,dc=test" ; qualified user group (in at least one PI group) [sql] host = "sql" ; mariadb hostname diff --git a/resources/init.php b/resources/init.php index b4c2f20d..26918d14 100644 --- a/resources/init.php +++ b/resources/init.php @@ -12,6 +12,7 @@ use UnityWebPortal\lib\UnityWebhook; use UnityWebPortal\lib\UnityGithub; use UnityWebPortal\lib\UnityHTTPD; +use UnityWebPortal\lib\UserFlag; if (CONFIG["site"]["enable_exception_handler"]) { set_exception_handler(["UnityWebPortal\lib\UnityHTTPD", "exceptionHandler"]); @@ -56,7 +57,7 @@ $_SESSION["SSO"] = $SSO; $OPERATOR = new UnityUser($SSO["user"], $LDAP, $SQL, $MAILER, $WEBHOOK); - $_SESSION["is_admin"] = $OPERATOR->isAdmin(); + $_SESSION["is_admin"] = $OPERATOR->getFlag(UserFlag::ADMIN); if (isset($_SESSION["viewUser"]) && $_SESSION["is_admin"]) { $USER = new UnityUser($_SESSION["viewUser"], $LDAP, $SQL, $MAILER, $WEBHOOK); diff --git a/resources/lib/UnityGroup.php b/resources/lib/UnityGroup.php index 04f6e8e0..3d7ba31b 100644 --- a/resources/lib/UnityGroup.php +++ b/resources/lib/UnityGroup.php @@ -85,7 +85,7 @@ public function approveGroup(?UnityUser $operator = null, bool $send_mail = true if ($send_mail) { $this->MAILER->sendMail($this->getOwner()->getMail(), "group_created"); } - $this->getOwner()->setIsQualified(true); // having your own group makes you qualified + $this->getOwner()->setFlag(UserFlag::QUALIFIED, true); // having your own group makes you qualified } /** @@ -191,7 +191,8 @@ public function approveUser(UnityUser $new_user, bool $send_mail = true): void "org" => $new_user->getOrg(), ]); } - $new_user->setIsQualified(true); // being in a group makes you qualified + // being in a group makes you qualified + $new_user->setFlag(UserFlag::QUALIFIED, true, doSendMail: true, doSendMailAdmin: false); } public function denyUser(UnityUser $new_user, bool $send_mail = true): void diff --git a/resources/lib/UnityLDAP.php b/resources/lib/UnityLDAP.php index 6752140a..139ede5a 100644 --- a/resources/lib/UnityLDAP.php +++ b/resources/lib/UnityLDAP.php @@ -5,6 +5,16 @@ use UnityWebPortal\lib\exceptions\EntryNotFoundException; use PHPOpenLDAPer\LDAPConn; use PHPOpenLDAPer\LDAPEntry; +use UnityWebPortal\lib\PosixGroup; + +enum UserFlag: string +{ + case ADMIN = "admin"; + case GHOST = "ghost"; + case IDLELOCKED = "idlelocked"; + case LOCKED = "locked"; + case QUALIFIED = "qualified"; +} /** * An LDAP connection class which extends LDAPConn tailored for the UnityHPC Platform @@ -35,8 +45,8 @@ class UnityLDAP extends LDAPConn private LDAPEntry $groupOU; private LDAPEntry $pi_groupOU; private LDAPEntry $org_groupOU; - private LDAPEntry $adminGroup; - private LDAPEntry $qualifiedUserGroup; + + public array $userFlagGroups; public function __construct() { @@ -46,8 +56,11 @@ public function __construct() $this->groupOU = $this->getEntry(CONFIG["ldap"]["group_ou"]); $this->pi_groupOU = $this->getEntry(CONFIG["ldap"]["pigroup_ou"]); $this->org_groupOU = $this->getEntry(CONFIG["ldap"]["orggroup_ou"]); - $this->adminGroup = $this->getEntry(CONFIG["ldap"]["admin_group"]); - $this->qualifiedUserGroup = $this->getEntry(CONFIG["ldap"]["qualified_user_group"]); + $this->userFlagGroups = []; + foreach (UserFlag::cases() as $flag) { + $dn = CONFIG["ldap"]["user_flag_groups"][$flag->value]; + $this->userFlagGroups[$flag->value] = new PosixGroup(new LDAPEntry($this->conn, $dn)); + } } public function getUserOU(): LDAPEntry @@ -70,16 +83,6 @@ public function getOrgGroupOU(): LDAPEntry return $this->org_groupOU; } - public function getAdminGroup(): LDAPEntry - { - return $this->adminGroup; - } - - public function getQualifiedUserGroup(): LDAPEntry - { - return $this->qualifiedUserGroup; - } - public function getDefUserShell(): string { return $this->def_user_shell; @@ -187,31 +190,11 @@ private function getAllGIDNumbersInUse(): array ); } - public function getQualifiedUsersUIDs(): array - { - // should not use $user_ou->getChildren or $base_ou->getChildren(objectClass=posixAccount) - // qualified users might be outside user ou, and not all users in LDAP tree are qualified users - return $this->qualifiedUserGroup->getAttribute("memberuid"); - } - - public function getQualifiedUsers($UnitySQL, $UnityMailer, $UnityWebhook): array - { - $out = []; - - $qualifiedUsers = $this->getQualifiedUsersUIDs(); - sort($qualifiedUsers); - foreach ($qualifiedUsers as $user) { - $params = [$user, $this, $UnitySQL, $UnityMailer, $UnityWebhook]; - array_push($out, new UnityUser(...$params)); - } - return $out; - } - public function getQualifiedUsersAttributes( array $attributes, array $default_values = [], ): array { - $include_uids = $this->getQualifiedUsersUIDs(); + $include_uids = $this->userFlagGroups[UserFlag::QUALIFIED->value]->getMemberUIDs(); $user_attributes = $this->baseOU->getChildrenArrayStrict( $attributes, true, // recursive @@ -308,7 +291,7 @@ public function getAllPIGroupOwnerAttributes( public function getQualifiedUID2PIGIDs(): array { // initialize output so each UID is a key with an empty array as its value - $uids = $this->getQualifiedUsersUIDs(); + $uids = $this->userFlagGroups[UserFlag::QUALIFIED->value]->getMemberUIDs(); $uid2pigids = array_combine($uids, array_fill(0, count($uids), [])); // for each PI group, append that GID to the member list for each of its member UIDs foreach ( diff --git a/resources/lib/UnityUser.php b/resources/lib/UnityUser.php index 16b4514f..9e1b4b48 100644 --- a/resources/lib/UnityUser.php +++ b/resources/lib/UnityUser.php @@ -97,35 +97,51 @@ public function init( $this->SQL->addLog($this->uid, $_SERVER["REMOTE_ADDR"], "user_added", $this->uid); } - public function isQualified(): bool + public function getFlag(UserFlag $flag): bool { - return $this->LDAP->getQualifiedUserGroup()->attributeValueExists("memberUid", $this->uid); + return $this->LDAP->userFlagGroups[$flag->value]->memberUIDExists($this->uid); } - public function setIsQualified(bool $newIsQualified, bool $doSendMail = true): void - { - $oldIsQualified = $this->isQualified(); - if ($oldIsQualified == $newIsQualified) { + public function setFlag( + UserFlag $flag, + bool $newValue, + bool $doSendMail = true, + bool $doSendMailAdmin = true, + ): void { + $oldValue = $this->getFlag($flag); + if ($oldValue == $newValue) { return; } - if ($newIsQualified) { - $this->LDAP->getQualifiedUserGroup()->appendAttribute("memberuid", $this->uid); - $this->LDAP->getQualifiedUserGroup()->write(); + if ($newValue) { + $this->LDAP->userFlagGroups[$flag->value]->addMemberUID($this->uid); if ($doSendMail) { - $this->MAILER->sendMail($this->getMail(), "user_qualified", [ + $this->MAILER->sendMail($this->getMail(), "user_flag_added", [ + "user" => $this->uid, + "org" => $this->getOrg(), + "flag" => $flag, + ]); + } + if ($doSendMailAdmin) { + $this->MAILER->sendMail("admin", "user_flag_added_admin", [ "user" => $this->uid, "org" => $this->getOrg(), + "flag" => $flag, ]); } } else { - $this->LDAP - ->getQualifiedUserGroup() - ->removeAttributeEntryByValue("memberuid", $this->uid); - $this->LDAP->getQualifiedUserGroup()->write(); + $this->LDAP->userFlagGroups[$flag->value]->removeMemberUID($this->uid); if ($doSendMail) { - $this->MAILER->sendMail($this->getMail(), "user_dequalified", [ + $this->MAILER->sendMail($this->getMail(), "user_flag_removed", [ "user" => $this->uid, "org" => $this->getOrg(), + "flag" => $flag, + ]); + } + if ($doSendMailAdmin) { + $this->MAILER->sendMail("admin", "user_flag_removed_admin", [ + "user" => $this->uid, + "org" => $this->getOrg(), + "flag" => $flag, ]); } } @@ -319,15 +335,6 @@ public function getHomeDir(): string return $this->entry->getAttribute("homedirectory"); } - /** - * Checks if the current account is an admin - */ - public function isAdmin(): bool - { - $admins = $this->LDAP->getAdminGroup()->getAttribute("memberuid"); - return in_array($this->uid, $admins); - } - /** * Checks if current user is a PI */ diff --git a/resources/mail/user_dequalified.php b/resources/mail/user_dequalified.php deleted file mode 100644 index 73677ab0..00000000 --- a/resources/mail/user_dequalified.php +++ /dev/null @@ -1,10 +0,0 @@ -Subject = "User Deactivated"; ?> - -

Hello,

- -

Your account on the UnityHPC Platform has been deactivated.

- -

If you believe this to be a mistake, please reply to this email as soon as possible.

diff --git a/resources/mail/user_flag_added.php b/resources/mail/user_flag_added.php new file mode 100644 index 00000000..268d0e44 --- /dev/null +++ b/resources/mail/user_flag_added.php @@ -0,0 +1,55 @@ + + +Subject = "User Activated"; ?> +

Hello,

+

Your account on the UnityHPC Platform has been activated. Your account details are below:

+

+Username +
+Organization +

+

+See the +">Getting Started +page in our documentation for next steps. +

+

If you believe this to be a mistake, please reply to this email as soon as possible.

+ + + + +Subject = "User Deleted"; ?> +

Hello,

+

Your account on the UnityHPC Platform has been deleted.

+

If you believe this to be a mistake, please reply to this email as soon as possible.

+ + + + +Subject = "User Locked"; ?> +

Hello,

+

Your account on the UnityHPC Platform has been locked.

+

If you believe this to be a mistake, please reply to this email as soon as possible.

+ + + + +Subject = "User Locked"; ?> +

Hello,

+

Your account on the UnityHPC Platform has been locked due to inactivity.

+

If you believe this to be a mistake, please reply to this email as soon as possible.

+ + + + +Subject = "User Promoted"; ?> +

Hello,

+

Your account on the UnityHPC Platform has been promoted to admin.

+

If you believe this to be a mistake, please reply to this email as soon as possible.

+ + + + + + diff --git a/resources/mail/user_flag_added_admin.php b/resources/mail/user_flag_added_admin.php new file mode 100644 index 00000000..3a40153e --- /dev/null +++ b/resources/mail/user_flag_added_admin.php @@ -0,0 +1,40 @@ + + +Subject = "User Qualified"; ?> +

Hello,

+

User "" has been qualified.

+ + + + +Subject = "User Ghosted"; ?> +

Hello,

+

User "" has been marked as ghost.

+ + + + +Subject = "User Locked"; ?> +

Hello,

+

User "" has been locked.

+ + + + +Subject = "User Idle Locked"; ?> +

Hello,

+

User "" has been idle locked.

+ + + + +Subject = "User Promoted"; ?> +

Hello,

+

User "" has been promoted to admin.

+ + + + + + diff --git a/resources/mail/user_flag_removed.php b/resources/mail/user_flag_removed.php new file mode 100644 index 00000000..dbd40b27 --- /dev/null +++ b/resources/mail/user_flag_removed.php @@ -0,0 +1,45 @@ + + +Subject = "User Deactivated"; ?> +

Hello,

+

Your account on the UnityHPC Platform has been deactivated.

+

If you believe this to be a mistake, please reply to this email as soon as possible.

+ + + + +Subject = "User Resurrected"; ?> +

Hello,

+

Your account on the UnityHPC Platform has been resurrected.

+

If you believe this to be a mistake, please reply to this email as soon as possible.

+ + + + +Subject = "User Unlocked"; ?> +

Hello,

+

Your account on the UnityHPC Platform has been unlocked.

+

If you believe this to be a mistake, please reply to this email as soon as possible.

+ + + + +Subject = "User Unlocked"; ?> +

Hello,

+

Your account on the UnityHPC Platform has been unlocked.

+

If you believe this to be a mistake, please reply to this email as soon as possible.

+ + + + +Subject = "User Demoted"; ?> +

Hello,

+

Your account on the UnityHPC Platform has been demoted from admin.

+

If you believe this to be a mistake, please reply to this email as soon as possible.

+ + + + + + diff --git a/resources/mail/user_flag_removed_admin.php b/resources/mail/user_flag_removed_admin.php new file mode 100644 index 00000000..9df4d136 --- /dev/null +++ b/resources/mail/user_flag_removed_admin.php @@ -0,0 +1,40 @@ + + +Subject = "User Dequalified"; ?> +

Hello,

+

User "" has been dequalified.

+ + + + +Subject = "User Resurrected"; ?> +

Hello,

+

User "" has been resurrected (no longer marked as ghost).

+ + + + +Subject = "User Unlocked"; ?> +

Hello,

+

User "" has been unlocked.

+ + + + +Subject = "User Idle Unlocked"; ?> +

Hello,

+

User "" has been idle unlocked.

+ + + + +Subject = "User Demoted"; ?> +

Hello,

+

User "" has been demoted from admin.

+ + + + + + diff --git a/resources/mail/user_qualified.php b/resources/mail/user_qualified.php deleted file mode 100644 index c6739fec..00000000 --- a/resources/mail/user_qualified.php +++ /dev/null @@ -1,22 +0,0 @@ -Subject = "User Activated"; ?> - -

Hello,

- -

Your account on the UnityHPC Platform has been activated. Your account details are below:

- -

-Username -
-Organization -

- -

-See the -">Getting Started -page in our documentation for next steps. -

- -

If you believe this to be a mistake, please reply to this email as soon as possible.

diff --git a/test/functional/PIBecomeApproveTest.php b/test/functional/PIBecomeApproveTest.php index afe7a9e3..8515372a 100644 --- a/test/functional/PIBecomeApproveTest.php +++ b/test/functional/PIBecomeApproveTest.php @@ -1,7 +1,6 @@ assertRequestedPIGroup(false); $this->assertTrue($pi_group->exists()); - $this->assertTrue($USER->isQualified()); + $this->assertTrue($USER->getFlag(UserFlag::QUALIFIED)); // $third_request_failed = false; // try { diff --git a/test/functional/PiMemberApproveTest.php b/test/functional/PiMemberApproveTest.php index 51e90acb..e12d3098 100644 --- a/test/functional/PiMemberApproveTest.php +++ b/test/functional/PiMemberApproveTest.php @@ -1,7 +1,6 @@ assertTrue(!$pi_group->requestExists($USER)); $this->assertRequestedMembership(false, $gid); $this->assertTrue($pi_group->memberUIDExists($USER->uid)); - $this->assertTrue($USER->isQualified()); + $this->assertTrue($USER->getFlag(UserFlag::QUALIFIED)); // $third_request_failed = false; // try { @@ -167,7 +166,7 @@ public function testApproveMemberByAdmin() $this->assertTrue(!$pi_group->requestExists($USER)); $this->assertRequestedMembership(false, $gid); $this->assertTrue($pi_group->memberUIDExists($USER->uid)); - $this->assertTrue($USER->isQualified()); + $this->assertTrue($USER->getFlag(UserFlag::QUALIFIED)); // $third_request_failed = false; // try { diff --git a/test/functional/SSHKeyAddTest.php b/test/functional/SSHKeyAddTest.php index e6593e4f..8d5fb009 100644 --- a/test/functional/SSHKeyAddTest.php +++ b/test/functional/SSHKeyAddTest.php @@ -2,9 +2,9 @@ use UnityWebPortal\lib\UnityGithub; use PHPUnit\Framework\Attributes\DataProvider; -use PHPUnit\Framework\MockObject\MockBuilder; use PHPUnit\Framework\Attributes\AllowMockObjectsWithoutExpectations; +#[AllowMockObjectsWithoutExpectations] class SSHKeyAddTest extends UnityWebPortalTestCase { private function addSshKeysPaste(array $keys): void diff --git a/test/functional/ViewAsUserTest.php b/test/functional/ViewAsUserTest.php index 43b1caad..3177d41a 100644 --- a/test/functional/ViewAsUserTest.php +++ b/test/functional/ViewAsUserTest.php @@ -1,6 +1,6 @@ uid; switchUser(...$beforeUser); - // $this->assertTrue($USER->isAdmin()); + // $this->assertTrue($USER->getFlag(UserFlag::ADMIN)); $beforeUid = $USER->uid; // $this->assertNotEquals($afterUid, $beforeUid); http_post(__DIR__ . "/../../webroot/admin/user-mgmt.php", [ @@ -57,7 +57,7 @@ public function testNonAdminViewAsAdmin() global $USER; switchUser(...getAdminUser()); $adminUid = $USER->uid; - $this->assertTrue($USER->isAdmin()); + $this->assertTrue($USER->getFlag(UserFlag::ADMIN)); switchUser(...getNormalUser()); http_post(__DIR__ . "/../../webroot/admin/user-mgmt.php", [ "form_type" => "viewAsUser", diff --git a/test/phpunit-bootstrap.php b/test/phpunit-bootstrap.php index d16a6222..5b1bd315 100644 --- a/test/phpunit-bootstrap.php +++ b/test/phpunit-bootstrap.php @@ -30,6 +30,7 @@ use UnityWebPortal\lib\CSRFToken; use UnityWebPortal\lib\UnityGroup; use UnityWebPortal\lib\UnityHTTPD; +use UnityWebPortal\lib\UserFlag; use UnityWebPortal\lib\UnitySQL; use UnityWebPortal\lib\UnityHTTPDMessageLevel; use PHPUnit\Framework\TestCase; @@ -195,18 +196,8 @@ function ensureUserDoesNotExist() $USER->getGroupEntry()->delete(); ensure(!$USER->getGroupEntry()->exists()); } - $qualified_users_group = $LDAP->getQualifiedUserGroup(); - $all_member_uids = $qualified_users_group->getAttribute("memberuid"); - if (in_array($USER->uid, $all_member_uids)) { - $qualified_users_group->setAttribute( - "memberuid", - // array_diff will break the contiguity of the array indexes - // ldap_mod_replace requires contiguity, array_values restores contiguity - array_values(array_diff($all_member_uids, [$USER->uid])), - ); - $qualified_users_group->write(); - ensure(!in_array($USER->uid, $qualified_users_group->getAttribute("memberuid"))); - } + $USER->setFlag(UserFlag::QUALIFIED, false); + ensure(!$LDAP->userFlagGroups[UserFlag::QUALIFIED->value]->memberUIDExists($USER->uid)); } function ensureOrgGroupDoesNotExist() diff --git a/tools/docker-dev/identity/bootstrap.ldif b/tools/docker-dev/identity/bootstrap.ldif index 3043db2b..535f9d88 100644 --- a/tools/docker-dev/identity/bootstrap.ldif +++ b/tools/docker-dev/identity/bootstrap.ldif @@ -1,3 +1,24 @@ +dn: ou=org_groups,dc=unityhpc,dc=test +objectclass: organizationalUnit +objectclass: top +ou: org_groups + +dn: ou=groups,dc=unityhpc,dc=test +objectclass: organizationalUnit +objectclass: top +ou: groups + +dn: ou=pi_groups,dc=unityhpc,dc=test +objectclass: organizationalUnit +objectclass: top +ou: pi_groups + +dn: ou=users,dc=unityhpc,dc=test +description: Holds all posix accounts. +objectclass: organizationalUnit +objectclass: top +ou: users + dn: dc=unityhpc,dc=test objectClass: top objectClass: dcObject @@ -31,10 +52,23 @@ memberuid: user14_org3_test objectclass: posixGroup objectclass: top -dn: ou=groups,dc=unityhpc,dc=test -objectclass: organizationalUnit +dn: cn=locked,dc=unityhpc,dc=test +cn: locked +gidnumber: 502 +objectclass: posixGroup +objectclass: top + +dn: cn=idlelocked,dc=unityhpc,dc=test +cn: idlelocked +gidnumber: 503 +objectclass: posixGroup +objectclass: top + +dn: cn=ghost,dc=unityhpc,dc=test +cn: ghost +gidnumber: 504 +objectclass: posixGroup objectclass: top -ou: groups dn: cn=unityusers,dc=unityhpc,dc=test cn: unityusers @@ -9183,11 +9217,6 @@ gidnumber: 33130 objectclass: posixGroup objectclass: top -dn: ou=org_groups,dc=unityhpc,dc=test -objectclass: organizationalUnit -objectclass: top -ou: org_groups - dn: cn=org11_test,ou=org_groups,dc=unityhpc,dc=test cn: org11_test gidnumber: 20007 @@ -10577,11 +10606,6 @@ memberuid: user494_org8_test objectclass: posixGroup objectclass: top -dn: ou=pi_groups,dc=unityhpc,dc=test -objectclass: organizationalUnit -objectclass: top -ou: pi_groups - dn: cn=pi_user36_org2_test,ou=pi_groups,dc=unityhpc,dc=test cn: pi_user36_org2_test gidnumber: 10206 @@ -13490,12 +13514,6 @@ memberuid: user1298_org1_test objectclass: posixGroup objectclass: top -dn: ou=users,dc=unityhpc,dc=test -description: Holds all posix accounts. -objectclass: organizationalUnit -objectclass: top -ou: users - dn: cn=user15_org3_test,ou=users,dc=unityhpc,dc=test cn: user15_org3_test gidnumber: 1813 diff --git a/webroot/admin/ajax/get_group_members.php b/webroot/admin/ajax/get_group_members.php index e9076043..02dc3233 100644 --- a/webroot/admin/ajax/get_group_members.php +++ b/webroot/admin/ajax/get_group_members.php @@ -5,7 +5,7 @@ use UnityWebPortal\lib\UnityGroup; use UnityWebPortal\lib\UnityHTTPD; -if (!$USER->isAdmin()) { +if (!$USER->getFlag(UserFlag::ADMIN)) { UnityHTTPD::forbidden("not an admin"); } diff --git a/webroot/admin/ajax/get_page_contents.php b/webroot/admin/ajax/get_page_contents.php index a26a9e59..f384c1de 100644 --- a/webroot/admin/ajax/get_page_contents.php +++ b/webroot/admin/ajax/get_page_contents.php @@ -4,7 +4,7 @@ use UnityWebPortal\lib\UnityHTTPD; -if (!$USER->isAdmin()) { +if (!$USER->getFlag(UserFlag::ADMIN)) { UnityHTTPD::forbidden("not an admin"); } diff --git a/webroot/admin/content.php b/webroot/admin/content.php index 7159681d..6285ea23 100644 --- a/webroot/admin/content.php +++ b/webroot/admin/content.php @@ -3,8 +3,9 @@ require_once __DIR__ . "/../../resources/autoload.php"; use UnityWebPortal\lib\UnityHTTPD; +use UnityWebPortal\lib\UserFlag; -if (!$USER->isAdmin()) { +if (!$USER->getFlag(UserFlag::ADMIN)) { UnityHTTPD::forbidden("not an admin"); } diff --git a/webroot/admin/notices.php b/webroot/admin/notices.php index e258670f..eec54cd2 100644 --- a/webroot/admin/notices.php +++ b/webroot/admin/notices.php @@ -3,8 +3,9 @@ require_once __DIR__ . "/../../resources/autoload.php"; use UnityWebPortal\lib\UnityHTTPD; +use UnityWebPortal\lib\UserFlag; -if (!$USER->isAdmin()) { +if (!$USER->getFlag(UserFlag::ADMIN)) { UnityHTTPD::forbidden("not an admin"); } diff --git a/webroot/admin/pi-mgmt.php b/webroot/admin/pi-mgmt.php index ec388b0e..75b128b2 100644 --- a/webroot/admin/pi-mgmt.php +++ b/webroot/admin/pi-mgmt.php @@ -6,8 +6,9 @@ use UnityWebPortal\lib\UnityGroup; use UnityWebPortal\lib\UnityHTTPD; use UnityWebPortal\lib\UnitySQL; +use UnityWebPortal\lib\UserFlag; -if (!$USER->isAdmin()) { +if (!$USER->getFlag(UserFlag::ADMIN)) { UnityHTTPD::forbidden("not an admin"); } diff --git a/webroot/admin/user-mgmt.php b/webroot/admin/user-mgmt.php index e969f9bf..9032a4b9 100644 --- a/webroot/admin/user-mgmt.php +++ b/webroot/admin/user-mgmt.php @@ -3,8 +3,9 @@ require_once __DIR__ . "/../../resources/autoload.php"; use UnityWebPortal\lib\UnityHTTPD; +use UnityWebPortal\lib\UserFlag; -if (!$USER->isAdmin()) { +if (!$USER->getFlag(UserFlag::ADMIN)) { UnityHTTPD::forbidden("not an admin"); } diff --git a/webroot/panel/account.php b/webroot/panel/account.php index aef71339..3ab19508 100644 --- a/webroot/panel/account.php +++ b/webroot/panel/account.php @@ -2,6 +2,7 @@ require_once __DIR__ . "/../../resources/autoload.php"; +use UnityWebPortal\lib\UserFlag; use UnityWebPortal\lib\UnityHTTPD; use UnityWebPortal\lib\exceptions\EncodingUnknownException; use UnityWebPortal\lib\exceptions\EncodingConversionException; @@ -130,7 +131,7 @@ echo "

You are curently a principal investigator on the UnityHPC Platform

"; -} elseif ($USER->isQualified()) { +} elseif ($USER->getFlag(UserFlag::QUALIFIED)) { echo "

You are curently a qualified user on the UnityHPC Platform

"; } else { $tos_url = CONFIG["site"]["terms_of_service_url"];