Skip to content

Commit

Permalink
implement the read-only mode for federation admins
Browse files Browse the repository at this point in the history
  • Loading branch information
@twoln
twoln committed Feb 12, 2024
1 parent c5a9afd commit 7447edc
Show file tree
Hide file tree
Showing 12 changed files with 315 additions and 71 deletions.
11 changes: 11 additions & 0 deletions core/User.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -144,6 +144,17 @@ public function isIdPOwner($idp)
}
return FALSE;
}

/**
* This function lists all institution ids for which the user appears as admin
*
* @return array if institution ids.
*/
public function listOwnerships() {
$dbHandle = \core\DBConnection::handle("INST");
$query = $dbHandle->exec("SELECT institution_id FROM ownership WHERE user_id='".$this->userName."'");
return array_column($query->fetch_all(), 0);
}

/**
* shorthand function for email sending to the user
Expand Down
30 changes: 24 additions & 6 deletions web/admin/edit_participant.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,8 @@
} else {
$wizardStyle = FALSE;
}
$my_inst = $validator->existingIdP($_GET['inst_id'], $_SESSION['user']);

[$my_inst, $editMode] = $validator->existingIdPInt($_GET['inst_id'], $_SESSION['user']);
$idpoptions = $my_inst->getAttributes();
$inst_name = $my_inst->name;

Expand All @@ -45,19 +46,30 @@
}
require_once "inc/click_button_js.php";
// let's check if the inst handle actually exists in the DB and user is authorised
if ($editMode == 'readonly') {
print('<style>'
. 'button.newoption {visibility: hidden}'
. '#submitbutton {visibility: hidden} '
. 'button.delete {visibility: hidden} '
. 'input {pointer-events: none} '
. '.ui-sortable-handle {pointer-events: none}'
. '</style>');
}
?>
<script src="js/XHR.js" type="text/javascript"></script>
<script src="js/option_expand.js" type="text/javascript"></script>
<script type="text/javascript" src="../external/jquery/jquery-migrate.js"></script>

<?php
$additional = FALSE;
foreach ($idpoptions as $optionname => $optionvalue) {
if ($optionvalue['name'] == "general:geo_coordinates") {
$additional = TRUE;
if ($editMode == 'fullaccess') {
foreach ($idpoptions as $optionname => $optionvalue) {
if ($optionvalue['name'] == "general:geo_coordinates") {
$additional = TRUE;
}
}
}
$mapCode = web\lib\admin\AbstractMap::instance($my_inst, FALSE);
$mapCode = web\lib\admin\AbstractMap::instance($my_inst, !$additional);

echo $mapCode->htmlHeadCode();
?>
Expand Down Expand Up @@ -206,10 +218,16 @@

<button type='button' class='newoption' onclick='getXML("support", "<?php echo $my_inst->federation ?>")'><?php echo _("Add new option"); ?></button></fieldset>
<?php
if ($editMode == 'readonly') {
$discardLabel = _("Return");
}
if ($editMode == 'fullaccess') {
$discardLabel = _("Discard changes");
}
if ($wizardStyle) {
echo "<p>" . sprintf(_("When you are sure that everything is correct, please click on %sContinue ...%s"), "<button type='submit' name='submitbutton' value='" . web\lib\common\FormElements::BUTTON_CONTINUE . "'>", "</button>") . "</p></form>";
} else {
echo "<div><button type='submit' name='submitbutton' value='" . web\lib\common\FormElements::BUTTON_SAVE . "'>" . _("Save data") . "</button> <button type='button' class='delete' name='abortbutton' value='abort' onclick='javascript:window.location = \"overview_user.php\"'>" . _("Discard changes") . "</button></div></form>";
echo "<div><button type='submit' id='submitbutton' name='submitbutton' value='" . web\lib\common\FormElements::BUTTON_SAVE . "'>" . _("Save data") . "</button> <button type='button' name='abortbutton' value='abort' onclick='javascript:window.location = \"overview_org.php?inst_id=$my_inst->identifier\"'>".$discardLabel."</button></div></form>";
}
echo $deco->footer();

25 changes: 22 additions & 3 deletions web/admin/edit_profile.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,16 @@
<!-- EAP sorting code end -->
<?php
// initialize inputs
$my_inst = $validator->existingIdP($_GET['inst_id'], $_SESSION['user']);

[$my_inst, $editMode] = $validator->existingIdPInt($_GET['inst_id'], $_SESSION['user']);

if ($editMode == 'readonly') {
print('<style>button.newoption {visibility: hidden}'
. '#submitbutton {visibility: hidden} '
. 'button.delete {visibility: hidden} '
. 'input {pointer-events: none} '
. '.ui-sortable-handle {pointer-events: none}</style>');
}
$fed = new \core\Federation($my_inst->federation);
$anonLocal = "anonymous";
$useAnon = FALSE;
Expand Down Expand Up @@ -143,7 +152,11 @@
if ($wizardStyle) {
echo _("Step 3: Defining a user group profile");
} else {
printf(_("Edit profile '%s' ..."), $prefill_name);
if ($editMode == 'fullaccess') {
printf(_("Edit profile '%s' ..."), $prefill_name);
} else {
printf(_("View profile '%s' ..."), $prefill_name);
}
}
?>
</h1>
Expand Down Expand Up @@ -468,5 +481,11 @@
if ($wizardStyle) {
echo "<p>" . _("When you are sure that everything is correct, please click on 'Save data' and you will be taken to your IdP Dashboard page.") . "</p>";
}
echo "<p><button type='submit' name='submitbutton' value='" . web\lib\common\FormElements::BUTTON_SAVE . "'>" . _("Save data") . "</button><button type='button' class='delete' name='abortbutton' value='abort' onclick='javascript:window.location = \"overview_org.php?inst_id=$my_inst->identifier\"'>" . _("Discard changes") . "</button></p></form>";
if ($editMode == 'readonly') {
$discardLabel = _("Return");
}
if ($editMode == 'fullaccess') {
$discardLabel = _("Discard changes");
}
echo "<p><button type='submit' id='submitbutton' name='submitbutton' value='" . web\lib\common\FormElements::BUTTON_SAVE . "'>" . _("Save data") . "</button><button type='button' class='delete' id=='abortbutton' style='visibility: visible' value='abort' onclick='javascript:window.location = \"overview_org.php?inst_id=$my_inst->identifier\"'>".$discardLabel."</button></p></form>";
echo $deco->footer();
6 changes: 6 additions & 0 deletions web/admin/edit_profile_result.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,9 @@

$auth->authenticate();
$my_inst = $validator->existingIdP($_GET['inst_id'], $_SESSION['user']);
if ($my_inst == false) {
throw new Exception("Only institution admin is allowed to make changes!");
}

switch ($_POST['submitbutton']) {
case web\lib\common\FormElements::BUTTON_DELETE:
Expand Down Expand Up @@ -249,8 +252,11 @@
$text .= _("Greetings, ") . "\n\n" . \config\Master::APPEARANCE['productname_long'];
// (currently, send hard-wired to NRO - future: for linked insts, check eduroam DBv2 and send to registered admins directly)
$fed = new core\Federation($myInstOriginal->federation);
$loggerInstance->debug(2, $myInstOriginal->federation, "FED: ", "\n");
foreach ($fed->listFederationAdmins() as $id) {
$user = new core\User($id);
$mailaddr = $user->getAttributes("user:email")[0]['value'];
$loggerInstance->debug(2, $mailaddr, "FED MAIL: ", "\n");
$user->sendMailToUser(sprintf(_("%s: Significant Changes made to %s"), \config\Master::APPEARANCE['productname'], $ui->nomenclatureIdP), $text);
}
}
Expand Down
9 changes: 7 additions & 2 deletions web/admin/inc/toggleRedirect.inc.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,11 @@
$languageInstance->setTextDomain("web_admin");

header("Content-Type:text/html;charset=utf-8");
$my_inst = $validator->existingIdP($_GET['inst_id'], $_SESSION['user']);
[$my_inst, $editMode] = $validator->existingIdPInt($_GET['inst_id'], $_SESSION['user']);

if ($editMode == 'readonly') {
print('<style>button.delete {visibility: hidden}</style>');
}

$my_profile = $validator->existingProfile($_GET['profile_id'], $my_inst->identifier);

Expand Down Expand Up @@ -132,12 +136,13 @@
$optionDisplay = new \web\lib\admin\OptionDisplay($interesting_attribs, \core\Options::LEVEL_METHOD);
echo $optionDisplay->prefilledOptionTable($keyword, $my_inst->federation);
if (\config\Master::DB['INST']['readonly'] === FALSE) {
if ($editMode == 'fullaccess') {
?>
<button type='button' class='newoption' onclick='getXML("<?php echo $keyword;?>", "<?php echo $my_inst->federation;?>", "<?php echo $dev;?>")'><?php echo _("Add new option"); ?></button>
<br/>
<hr/>
<button type='submit' name='submitbutton' id='submitbutton' value='<?php echo web\lib\common\FormElements::BUTTON_SAVE; ?>'><?php echo _("Save data"); ?></button>
<?php
<?php }
}
?>
</form>
97 changes: 97 additions & 0 deletions web/admin/js/nro.js
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,97 @@
/*
* *****************************************************************************
* Contributions to this work were made on behalf of the GÉANT project, a
* project that has received funding from the European Union’s Framework
* Programme 7 under Grant Agreements No. 238875 (GN3) and No. 605243 (GN3plus),
* Horizon 2020 research and innovation programme under Grant Agreements No.
* 691567 (GN4-1) and No. 731122 (GN4-2).
* On behalf of the aforementioned projects, GEANT Association is the sole owner
* of the copyright in all material which was developed by a member of the GÉANT
* project. GÉANT Vereniging (Association) is registered with the Chamber of
* Commerce in Amsterdam with registration number 40535155 and operates in the
* UK as a branch of GÉANT Vereniging.
*
* Registered office: Hoekenrode 3, 1102BR Amsterdam, The Netherlands.
* UK branch address: City House, 126-130 Hills Road, Cambridge CB2 1PQ, UK
*
* License: see the web/copyright.inc.php file in the file structure or
* <base_url>/copyright.php after deploying the software
*/

/* various jquery scripts for the NRO admin page */

$(document).ready(function() {
// realm diagnostics
$("#realmcheck").on('click', function() {
event.preventDefault();
document.location.href = '../diag/diag.php?admin=1&sp=1&realm=';
});

// this gets the maximum width of the Organisation column and then sets this to all
// thanks to this the width does not change as we filter out some, possibly wide names
var instTdWidth = 0;
$("td.inst_td").each(function() {
instTdWidth = Math.max(instTdWidth, $(this).width());
});
$("td.inst_td").width(instTdWidth);

// show/hide download statistics part of the window
$("button.stat-button").on('click', function() {
var stat_downloads = $(this).siblings("table").find(".stat-downloads");
if (stat_downloads.is(":visible")) {
stat_downloads.hide();
$(this).css('position', 'absolute');
$(this).text(show_downloads);
} else {
stat_downloads.show();
$(this).css('position', 'static');
$(this).text(hide_downloads);
}
});

// handler for the text filter (must take into account possible filtering
// on linked status
$('[id^="qsearch_"]').keyup(function() {
var input = $(this).val().toLowerCase();
var this_row = $(this).parent().parent();
var this_table = this_row.parent();
var this_ck = this_row.find('input[id^="unlinked_ck_"]');
var tr;
if (input === '') {
if (this_ck.is(':checked')) {
console.log("checked");
this_table.children("tr.notlinked").show();
} else {
console.log("unchecked");
this_table.children("tr.idp_tr").show();
}
} else {
if (this_ck.is(':checked')) {
this_table.children("tr.idp_tr").hide();
this_table.find("span.inst_name:contains('"+input+"')").each(function() {
tr = $(this).parent().parent();
if (tr.hasClass("notlinked")) {
tr.show();
}
});
} else {
this_table.children("tr.idp_tr").hide();
this_table.find("span.inst_name:contains('"+input+"')").parent().parent().show();
}

}
});

// the linked filter checkbox handler
$('[id^="unlinked_ck_"]').on('click', function() {
var this_table = $(this).parent().parent().parent();
if ($(this).is(':checked')) {
this_table.children("tr.linked").hide();
} else {
this_table.children("tr.linked").show();
}
});
});



Loading

0 comments on commit 7447edc

Please sign in to comment.