airavata-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From machris...@apache.org
Subject [06/12] airavata-php-gateway git commit: AIRAVATA-2312 Adds 'initial-role-name' to pga_config.php
Date Wed, 15 Feb 2017 14:38:40 GMT
AIRAVATA-2312 Adds 'initial-role-name' to pga_config.php

'initial-role-name' defaults to 'user-pending' but can be customized to
automatically assign new users to the given role. The main use case for
this is to set 'initial-role-name' to 'gateway-user' to provide new
users access to the gateway without needing admin intervention.


Project: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/commit/9765c1e2
Tree: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/tree/9765c1e2
Diff: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/diff/9765c1e2

Branch: refs/heads/dreg-gateway
Commit: 9765c1e250992c9ee870243081795e6aa2312948
Parents: 773e542
Author: Marcus Christie <machrist@iu.edu>
Authored: Thu Feb 9 11:17:49 2017 -0500
Committer: Marcus Christie <machrist@iu.edu>
Committed: Thu Feb 9 11:17:49 2017 -0500

----------------------------------------------------------------------
 app/config/pga_config.php.template    |  8 ++++++
 app/controllers/AccountController.php |  9 +++---
 app/controllers/AdminController.php   | 44 ++++++++++++++++++++++--------
 app/libraries/CommonUtilities.php     |  4 +++
 4 files changed, 50 insertions(+), 15 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/9765c1e2/app/config/pga_config.php.template
----------------------------------------------------------------------
diff --git a/app/config/pga_config.php.template b/app/config/pga_config.php.template
index ac378f6..8370364 100644
--- a/app/config/pga_config.php.template
+++ b/app/config/pga_config.php.template
@@ -24,6 +24,14 @@ return array(
         'user-role-name' => 'Internal/everyone',
 
         /**
+         * Initial user role. This is the initial user role assigned to a new
+         * user. Set this to one of the three roles above to automatically
+         * grant new users that role, or set to some other role ('user-pending')
+         * to require admin approval before users have access.
+         */
+        'initial-role-name' => 'user-pending',
+
+        /**
          * Tenant Domain
          */
         'tenant-domain' => 'master.airavata',

http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/9765c1e2/app/controllers/AccountController.php
----------------------------------------------------------------------
diff --git a/app/controllers/AccountController.php b/app/controllers/AccountController.php
index 1490ee1..a9ac6b4 100644
--- a/app/controllers/AccountController.php
+++ b/app/controllers/AccountController.php
@@ -56,14 +56,15 @@ class AccountController extends BaseController
             WSIS::registerUserAccount($username, $password, $email, $first_name, $last_name,
$organization, $address, $country, $telephone, $mobile, $im, $url,
                 Config::get('pga_config.wsis')['tenant-domain']);
 
-            /*add user to role - user-pending */
+            /*add user to the initial role */
 
+            $initialRoleName = CommonUtilities::getInitialRoleName();
             $allRoles = WSIS::getAllRoles();
-            if(! in_array( "user-pending", $allRoles)){
-                WSIS::addRole( "user-pending");
+            if(! in_array( $initialRoleName, $allRoles)){
+                WSIS::addRole( $initialRoleName);
             }
 
-            $userRoles["new"] = "user-pending";
+            $userRoles["new"] = $initialRoleName;
 
             if(  Config::get('pga_config.portal')['super-admin-portal'] == true ){
 

http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/9765c1e2/app/controllers/AdminController.php
----------------------------------------------------------------------
diff --git a/app/controllers/AdminController.php b/app/controllers/AdminController.php
index 1ecce03..6dd27bd 100644
--- a/app/controllers/AdminController.php
+++ b/app/controllers/AdminController.php
@@ -236,22 +236,44 @@ class AdminController extends BaseController {
             $recipients = array($userProfile["email"]);
             $this->sendAccessGrantedEmailToTheUser(Input::get("username"), $recipients);
 
-            // remove the pending role when access is granted, unless
-            // the admin is trying to add the user to the pending role
-            if(in_array("user-pending", $newCurrentRoles) && !in_array("user-pending",
$roles["new"])) {
-                $userRoles["new"] = array();
-                $userRoles["deleted"] = "user-pending";
-                WSIS::updateUserRoles( $username, $userRoles);
-            } else if(in_array("user-pending", $newCurrentRoles) && in_array("user-pending",
$roles["new"])) {
-                // When user-pending role added remove all roles except for user-pending
and Internal/everyone
-                $userRoles["new"] = array();
-                $userRoles["deleted"] = array_diff($newCurrentRoles, array("user-pending",
"Internal/everyone"));
-                WSIS::updateUserRoles( $username, $userRoles);
+            // remove the initial role when the initial role isn't a privileged
+            // role and the admin has now assigned the user to a privileged
+            // role, unless the admin is trying to add the user back to the
+            // initial role
+            if (!$this->isInitialRoleOneOfPrivilegedRoles()) {
+
+                $initialRoleName = CommonUtilities::getInitialRoleName();
+                if(in_array($initialRoleName, $newCurrentRoles) && !in_array($initialRoleName,
$roles["new"])) {
+                    $userRoles["new"] = array();
+                    $userRoles["deleted"] = $initialRoleName;
+                    WSIS::updateUserRoles( $username, $userRoles);
+                } else if(in_array($initialRoleName, $newCurrentRoles) && in_array($initialRoleName,
$roles["new"])) {
+                    // When initial role added remove all roles except for initial role and
Internal/everyone
+                    $userRoles["new"] = array();
+                    $userRoles["deleted"] = array_diff($newCurrentRoles, array($initialRoleName,
"Internal/everyone"));
+                    WSIS::updateUserRoles( $username, $userRoles);
+                }
             }
         }
         return Redirect::to("admin/dashboard/roles")->with( "message", "Roles has been
added.");
     }
 
+    /*
+     * Return true if the initial-role-name is one of the three privileged
+     * roles. This is used to figure out whether the initial-role-name is a
+     * 'user-pending' kind of role (returns false), or whether the initial role
+     * is a privileged role (returns true) and no admin intervention is
+     * necessary.
+     */
+    private function isInitialRoleOneOfPrivilegedRoles() {
+
+        $initialRoleName = CommonUtilities::getInitialRoleName();
+        $adminRoleName = Config::get("pga_config.wsis")["admin-role-name"];
+        $adminReadOnlyRoleName = Config::get("pga_config.wsis")["read-only-admin-role-name"];
+        $userRoleName = Config::get("pga_config.wsis")["user-role-name"];
+        return in_array($initialRoleName, array($adminRoleName, $adminReadOnlyRoleName, $userRoleName));
+    }
+
     public function removeRoleFromUser(){
         $roles["deleted"] = array(Input::all()["roleName"]);
         $roles["new"] = array();

http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/9765c1e2/app/libraries/CommonUtilities.php
----------------------------------------------------------------------
diff --git a/app/libraries/CommonUtilities.php b/app/libraries/CommonUtilities.php
index 585016f..53f790e 100644
--- a/app/libraries/CommonUtilities.php
+++ b/app/libraries/CommonUtilities.php
@@ -438,5 +438,9 @@ class CommonUtilities
             return false;
         }
     }
+
+    public static function getInitialRoleName() {
+        return Config::get('pga_config.wsis.initial-role-name', 'user-pending');
+    }
 }
 


Mime
View raw message