<?php use Airavata\Model\Group\ResourcePermissionType; class SharingUtilities { /** * Determine if the resource has been shared with any users. * * @param $resourceId Experiment or Project ID * @return True if the resource has been shared, false otherwise. */ public static function resourceIsShared($resourceId) { $read = GrouperUtilities::getAllAccessibleUsers($resourceId, ResourcePermissionType::READ); return (count($read) > 0 ? true : false); } /** * Determine if the user has read privileges on the resource. * * @param $uid The user to check * @param $resourceId Experiment or Project ID * @return True if the user has read permission, false otherwise. */ public static function userCanRead($uid, $resourceId) { return Airavata::userHasAccess(Session::get('authz-token'), $resourceId, ResourcePermissionType::READ); } /** * Determine if the user has write privileges on the resource. * * @param $uid The user to check * @param $resourceId Experiment or Project ID * @return True if the user has write permission, false otherwise. */ public static function userCanWrite($uid, $resourceId) { return Airavata::userHasAccess(Session::get('authz-token'), $resourceId, ResourcePermissionType::WRITE); } /** * Get the permissions settings for the specified resource. * * @param $resourceId Experiment or Project ID * @return An array [$uid => [read => bool, write => bool, owner => bool]] */ public static function getAllUserPermissions($resourceId) { $users = array(); $read = GrouperUtilities::getAllAccessibleUsers($resourceId, ResourcePermissionType::READ); $write = GrouperUtilities::getAllAccessibleUsers($resourceId, ResourcePermissionType::WRITE); $owner = GrouperUtilities::getAllAccessibleUsers($resourceId, ResourcePermissionType::OWNER); foreach($read as $uid) { if ($uid !== Session::get('username') && UserProfileUtilities::does_user_profile_exist($uid)) { $users[$uid] = array('read' => true, 'write' => false); } } foreach($write as $uid) { if ($uid !== Session::get('username') && UserProfileUtilities::does_user_profile_exist($uid)) { $users[$uid]['write'] = true; } } foreach($owner as $uid) { if ($uid !== Session::get('username') && UserProfileUtilities::does_user_profile_exist($uid)) { $users[$uid]['owner'] = true; } } return $users; } /** * Retrieve profile information for all user in the supplied list. * * @param $uids An array of uids * @return An array [uid => [firstname => string, lastname => string, email => string]] */ public static function getUserProfiles($uids) { // FIXME: instead of loading all user profiles it would be better to // have the user search for users and just load profiles matching the search $all_profiles = SharingUtilities::convertUserProfilesToSharingProfiles(UserProfileUtilities::get_all_user_profiles(0, 100000)); // Log::debug("all_profiles", array($all_profiles)); $uids = array_filter($uids, function($uid) use ($all_profiles) { return ($uid !== Session::get('username') && array_key_exists($uid, $all_profiles)); }); $profiles = array(); foreach ($uids as $uid) { $profiles[$uid] = $all_profiles[$uid]; } return $profiles; } private static function convertUserProfilesToSharingProfiles($user_profiles) { $sharing_profiles = array(); foreach ($user_profiles as $user_profile) { $sharing_profile = array( 'firstname' => $user_profile->firstName, 'lastname' => $user_profile->lastName, 'email' => $user_profile->emails[0], ); $sharing_profiles[$user_profile->userId] = $sharing_profile; } return $sharing_profiles; } /** * Retrieve profile and permissions information for users with access to the given resource. * * @param $resourceId Experiment or Project ID * @return An array [uid => [firstname => string, lastname => string, email => string, access => [read => bool, write => bool]]] */ public static function getProfilesForSharedUsers($resourceId) { $perms = SharingUtilities::getAllUserPermissions($resourceId); $profs = SharingUtilities::getUserProfiles(array_keys($perms)); foreach ($profs as $uid => $prof) { $prof["access"] = $perms[$uid]; $profs[$uid] = $prof; } return $profs; } /** * Retrieve profile and permissions information for users without access to the given resource. * * @param $resourceId Experiment or Project ID * @return An array [uid => [firstname => string, lastname => string, email => string]] of all users without access */ public static function getProfilesForUnsharedUsers($resourceId) { $users = GrouperUtilities::getAllGatewayUsers(); $read = GrouperUtilities::getAllAccessibleUsers($resourceId, ResourcePermissionType::READ); $unshared = array_diff($users, $read); return SharingUtilities::getUserProfiles($unshared); } /** * Retrieve profile and permissions information for all users for the given resource. * * * @param $resourceId Experiment or Project ID * @return An array [uid => [firstname => string, lastname => string, email => string, access => [read => bool, write => bool, owner => bool]]] * with access only defined for users with permissions. */ public static function getAllUserProfiles($resourceId=null) { $profs = SharingUtilities::getUserProfiles(GrouperUtilities::getAllGatewayUsers()); if ($resourceId) { $perms = SharingUtilities::getAllUserPermissions($resourceId); foreach ($perms as $uid => $access) { $profs[$uid]['access'] = $access; } } return $profs; } public static function mixProjectPermissionsWithExperiment($projectId, $expId) { $proj = SharingUtilities::getProfilesForSharedUsers($projectId); $exp = SharingUtilities::getProfilesForSharedUsers($expId); foreach ($proj as $uid => $prof) { if (!array_key_exists($uid, $exp)) { $exp[$uid] = $prof; } } return $exp; } public static function updateAllUsersListWithPrivileges($shared) { $users = SharingUtilities::getAllUserProfiles(); foreach ($shared as $uid => $prof) { $users[$uid] = $shared[$uid]; } return $users; } public static function getSharedResourceOwner($resourceId) { $owners = GrouperUtilities::getAllAccessibleUsers($resourceId, ResourcePermissionType::OWNER); if (count($owners) != 1) { Log::error("Got more than one shared resource owner!", array($resourceId, $owners)); throw new Exception("Expected exactly 1 owner for $resourceId!"); } else { return $owners[0]; } } } ?>