From d3fe3fb987b157bd95c16266dd9f6603b8bd522b Mon Sep 17 00:00:00 2001 From: axman Date: Fri, 8 Oct 2021 10:31:24 -0700 Subject: [PATCH] fixes for ICPCO-169,170 and 172 --- Controller/GrouperGroupsController.php | 78 +++++++------------------ Lib/GrouperApiAccess.php | 43 ++++++++++++++ Lib/GrouperHTTPWrapper.php | 3 +- Model/GrouperGroup.php | 9 ++- View/CoGrouperLites/display.ctp | 4 +- View/GrouperGroups/emaillistsmanage.ctp | 11 +--- View/GrouperGroups/emaillistsmember.ctp | 12 +--- View/GrouperGroups/emaillistsoptin.ctp | 11 +--- 8 files changed, 86 insertions(+), 85 deletions(-) diff --git a/Controller/GrouperGroupsController.php b/Controller/GrouperGroupsController.php index c02afac..e9baa80 100644 --- a/Controller/GrouperGroupsController.php +++ b/Controller/GrouperGroupsController.php @@ -107,66 +107,32 @@ public function index() { ); } - /** - * Display of Grouper Group Information, such as Group Properties, Members and Attributes - * - */ - public function groupInfo() { - $name = urldecode($this->request->query['groupname']); - - $this->set('title', _txt('pl.grouperlite.title.groupinfo')); - - try { - $details = $this->GrouperGroup->groupDescriptions($name); - $this->set('groupergroupsdetail', $details[0]); - - } catch (Exception $e) { - CakeLog::write('error', __METHOD__ . ': ' . var_export($e->getMessage(), true)); - - $this->set('groupergroupsdetail', array()); - $this->Flash->set(_txt('pl.grouperlite.message.flash.info-group-failed'), array('key' => 'error')); - } - - try { - $groupMembers = $this->membersInGroup(); - $this->set('groupergroupssubscribers', $groupMembers); - } catch (Exception $e) { - CakeLog::write('error', __METHOD__ . ': ' . var_export($e->getMessage(), true)); - - $this->set('groupergroupssubscribers', array()); - $this->Flash->set(_txt('pl.grouperlite.message.flash.group-detail-members-failed'), array('key' => 'error')); - } - - $this->set('isuserowner', $this->GrouperGroup->isUserOwner($this->userId)); - $this->set('grouperbaseurl', $this->Session->read('Plugin.Grouper.Api.grouperUrl')); - } - /** * Show all members of group in Grouper Group detail page * Called from method GroupInfo * */ - public function membersInGroup() { - $groupName = urldecode($this->request->query['groupname']); - - //Set initial - $scope = [ - 'groupName' => $groupName - ]; - - $details = []; - - try { - $details = $this->GrouperGroup->membersInGroup($scope); - - } catch (Exception $e) { - CakeLog::write('error', __METHOD__ . ': ' . var_export($e->getMessage(), true)); - - $this->Flash->set(_txt('pl.grouperlite.message.flash.group-detail-members-failed'), array('key' => 'error')); - } - - return $details; - } +// public function membersInGroup() { +// $groupName = urldecode($this->request->query['groupname']); +// +// //Set initial +// $scope = [ +// 'groupName' => $groupName +// ]; +// +// $details = []; +// +// try { +// $details = $this->GrouperGroup->membersInGroup($scope, $this->userId); +// +// } catch (Exception $e) { +// CakeLog::write('error', __METHOD__ . ': ' . var_export($e->getMessage(), true)); +// +// $this->Flash->set(_txt('pl.grouperlite.message.flash.group-detail-members-failed'), array('key' => 'error')); +// } +// +// return $details; +// } /** * Show all members of group in Grouper Group detail page @@ -193,7 +159,7 @@ public function groupSubscribers() { ]; try { - $subscribers = $this->GrouperGroup->membersInGroup($scope); + $subscribers = $this->GrouperGroup->membersInGroup($scope, $this->userId); } catch (Exception $e) { CakeLog::write('error', __METHOD__ . ': ' . var_export($e->getMessage(), true)); diff --git a/Lib/GrouperApiAccess.php b/Lib/GrouperApiAccess.php index 00edecf..33466a6 100644 --- a/Lib/GrouperApiAccess.php +++ b/Lib/GrouperApiAccess.php @@ -264,6 +264,16 @@ public function removeDuplicates(array $arrOne, array $arrTwo) { */ public function getMembersInGroup(array $queryData) { + // First verify that user has read access to group + if ($this->verifyPrivileges($queryData, 'read') === false) { + return array( + array( + "sourceId" => "ldap", + "name" => "You do not have access to memberships" + ) + ); + } + //Build request logic $usersToShow = array( "WsRestGetMembersRequest" => array( @@ -294,6 +304,39 @@ public function getMembersInGroup(array $queryData) { return array(); } + public function verifyPrivileges(array $queryData, string $privilege) { + //Build request logic + $verifyPrivs = array( + "WsRestGetGrouperPrivilegesLiteRequest" => array( + "privilegeName" => $privilege, + "groupName" => $queryData['groupName'], + "subjectId" => $queryData['userId'] + ) + ); + + $this->http->setHeader(array('Content-Type' => 'application/json', 'Accept' => 'application/json')); + $connectionUrl = "{$this->config['fullUrl']}/grouperPrivileges"; + + try { + $results = $this->http->sendRequest('POST', $connectionUrl, json_encode($verifyPrivs)); + + // Parse out relevant records to send front end + if (isset($results['WsGetGrouperPrivilegesLiteResult']['resultMetadata']['resultCode']) && $results['WsGetGrouperPrivilegesLiteResult']['resultMetadata']['resultCode'] != NULL) { + if ($results['WsGetGrouperPrivilegesLiteResult']['resultMetadata']['resultCode'] == 'SUCCESS_ALLOWED') { + return true; + } else { + return false; + } + } + } catch (Exception $e) { + CakeLog::write('error', __METHOD__ . ': An error occurred'); + throw $e; + } + + return array(); + + } + /** * Gets all Stems/Folders where User is admin/owner * diff --git a/Lib/GrouperHTTPWrapper.php b/Lib/GrouperHTTPWrapper.php index 625d96c..3439d50 100644 --- a/Lib/GrouperHTTPWrapper.php +++ b/Lib/GrouperHTTPWrapper.php @@ -137,7 +137,8 @@ private function _verifyResults(HttpSocketResponse $apiResults): array { $mainKey = key($resBody); $apiSuccess = $resBody[$mainKey]['resultMetadata']['resultCode']; - if ($apiSuccess != 'SUCCESS') { + // Had to add SUCCESS_NOT_ALLOWED and SUCCESS_ALLOWED for checking privs on a group for a user + if ($apiSuccess != 'SUCCESS' && $apiSuccess != 'SUCCESS_NOT_ALLOWED' && $apiSuccess != 'SUCCESS_ALLOWED') { CakeLog::write('error', __METHOD__ . ': Result Code was ' . var_export($apiSuccess, true)); CakeLog::write('error', __METHOD__ . ': Error of ' . var_export($apiResults->body(), true)); throw new GrouperLiteException('Result from Grouper WS was' . var_export($apiSuccess, true)); diff --git a/Model/GrouperGroup.php b/Model/GrouperGroup.php index 52bd180..f566cd7 100644 --- a/Model/GrouperGroup.php +++ b/Model/GrouperGroup.php @@ -315,16 +315,23 @@ public function ownerGroups(array $conditions) { * members * * @param array $conditions Listing of conditions for display of records + * @param string $userId Id of User * @return array Listing of members in requested Grouper Group * @throws GrouperLiteException Captured in Controller * */ - public function membersInGroup(array $conditions) { + public function membersInGroup(array $conditions, string $userId) { $this->initApi(); + $conditions['userId'] = $userId; + try { $groupMembers = $this->grouperAPI->getMembersInGroup($conditions); + if (count($groupMembers) < 1){ + return $groupMembers; + } + $finalMembers = array(); foreach ($groupMembers as $member) { if ($member['sourceId'] !== 'g:gsa') { diff --git a/View/CoGrouperLites/display.ctp b/View/CoGrouperLites/display.ctp index c79eb73..f112905 100644 --- a/View/CoGrouperLites/display.ctp +++ b/View/CoGrouperLites/display.ctp @@ -94,7 +94,7 @@ echo $this->element('GrouperLite.base-styles'); array( 'plugin' => "grouper_lite", 'controller' => 'grouper_groups', - 'action' => 'emaillistsMember', + 'action' => 'emaillistsmember', 'co' => $coid, 'glid' => $glid ) @@ -117,7 +117,7 @@ echo $this->element('GrouperLite.base-styles'); array( 'plugin' => "grouper_lite", 'controller' => 'grouper_groups', - 'action' => 'emaillistsManage', + 'action' => 'emaillistsmanage', 'co' => $coid, 'glid' => $glid ) diff --git a/View/GrouperGroups/emaillistsmanage.ctp b/View/GrouperGroups/emaillistsmanage.ctp index 09793f6..7657544 100644 --- a/View/GrouperGroups/emaillistsmanage.ctp +++ b/View/GrouperGroups/emaillistsmanage.ctp @@ -17,14 +17,9 @@ - Html->link( - isset($group['name']) ? $group['domain'] . ':' . $group['name'] : "--", - array( - 'controller' => 'grouper_groups', - 'action' => 'emaillistinfo', - '?' => array('groupname' => urlencode($group['name'])) - ) - ) ?> + + + (10) | diff --git a/View/GrouperGroups/emaillistsmember.ctp b/View/GrouperGroups/emaillistsmember.ctp index d6952ec..c26d517 100644 --- a/View/GrouperGroups/emaillistsmember.ctp +++ b/View/GrouperGroups/emaillistsmember.ctp @@ -16,15 +16,9 @@ $group) : ?> - Html->link( - - $group['friendlyEmail'] ?? "No Name", - array( - 'controller' => 'grouper_groups', - 'action' => 'emaillistinfo', - '?' => array('groupname' => urlencode($group['name'])) - ) - ) ?> + + + element('GrouperLite.Components/optAction', array( diff --git a/View/GrouperGroups/emaillistsoptin.ctp b/View/GrouperGroups/emaillistsoptin.ctp index bfb2399..391109c 100644 --- a/View/GrouperGroups/emaillistsoptin.ctp +++ b/View/GrouperGroups/emaillistsoptin.ctp @@ -15,14 +15,9 @@ - Html->link( - $group['friendlyEmail'] ?? "No Name", - array( - 'controller' => 'grouper_groups', - 'action' => 'emaillistinfo', - '?' => array('groupname' => urlencode($group['name'])) - ) - ) ?> + + +