Skip to content

Commit a380c5a

Browse files
simonLeary42simonLeary42
authored
store operator info in session (#476)
1 parent 9c6049f commit a380c5a

File tree

9 files changed

+37
-101
lines changed

9 files changed

+37
-101
lines changed

resources/init.php

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -59,6 +59,9 @@
5959
$OPERATOR = new UnityUser($SSO["user"], $LDAP, $SQL, $MAILER, $WEBHOOK);
6060
$_SESSION["is_admin"] = $OPERATOR->getFlag(UserFlag::ADMIN);
6161

62+
$_SESSION["OPERATOR"] = $SSO["user"];
63+
$_SESSION["OPERATOR_IP"] = $_SERVER["REMOTE_ADDR"];
64+
6265
if (isset($_SESSION["viewUser"]) && $_SESSION["is_admin"]) {
6366
$USER = new UnityUser($_SESSION["viewUser"], $LDAP, $SQL, $MAILER, $WEBHOOK);
6467
} else {
@@ -69,7 +72,7 @@
6972
$_SESSION["is_pi"] = $USER->isPI();
7073
$SEND_PIMESG_TO_ADMINS = CONFIG["mail"]["send_pimesg_to_admins"];
7174

72-
$SQL->addLog($OPERATOR->uid, $_SERVER["REMOTE_ADDR"], "user_login", $OPERATOR->uid);
75+
$SQL->addLog("user_login", $OPERATOR->uid);
7376
}
7477

7578
$LOC_HEADER = __DIR__ . "/templates/header.php";

resources/lib/UnityGroup.php

Lines changed: 4 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -65,7 +65,7 @@ public function requestGroup(bool $send_mail_to_admins, bool $send_mail = true):
6565
/**
6666
* This method will create the group (this is what is executed when an admin approved the group)
6767
*/
68-
public function approveGroup(?UnityUser $operator = null, bool $send_mail = true): void
68+
public function approveGroup(bool $send_mail = true): void
6969
{
7070
$uid = $this->getOwner()->uid;
7171
$request = $this->SQL->getRequest($uid, UnitySQL::REQUEST_BECOME_PI);
@@ -75,13 +75,7 @@ public function approveGroup(?UnityUser $operator = null, bool $send_mail = true
7575
\ensure($this->getOwner()->exists());
7676
$this->init();
7777
$this->SQL->removeRequest($this->getOwner()->uid, UnitySQL::REQUEST_BECOME_PI);
78-
$operator = is_null($operator) ? $this->getOwner()->uid : $operator->uid;
79-
$this->SQL->addLog(
80-
$operator,
81-
$_SERVER["REMOTE_ADDR"],
82-
"approved_group",
83-
$this->getOwner()->uid,
84-
);
78+
$this->SQL->addLog("approved_group", $this->getOwner()->uid);
8579
if ($send_mail) {
8680
$this->MAILER->sendMail($this->getOwner()->getMail(), "group_created");
8781
}
@@ -92,20 +86,14 @@ public function approveGroup(?UnityUser $operator = null, bool $send_mail = true
9286
/**
9387
* This method is executed when an admin denys the PI group request
9488
*/
95-
public function denyGroup(?UnityUser $operator = null, bool $send_mail = true): void
89+
public function denyGroup(bool $send_mail = true): void
9690
{
9791
$request = $this->SQL->getRequest($this->getOwner()->uid, UnitySQL::REQUEST_BECOME_PI);
9892
$this->SQL->removeRequest($this->getOwner()->uid, UnitySQL::REQUEST_BECOME_PI);
9993
if ($this->exists()) {
10094
return;
10195
}
102-
$operator = is_null($operator) ? $this->getOwner()->uid : $operator->uid;
103-
$this->SQL->addLog(
104-
$operator,
105-
$_SERVER["REMOTE_ADDR"],
106-
"denied_group",
107-
$this->getOwner()->uid,
108-
);
96+
$this->SQL->addLog("denied_group", $this->getOwner()->uid);
10997
if ($send_mail) {
11098
$this->MAILER->sendMail($this->getOwner()->getMail(), "group_denied");
11199
}

resources/lib/UnitySQL.php

Lines changed: 9 additions & 40 deletions
Original file line numberDiff line numberDiff line change
@@ -59,7 +59,6 @@ public function removeRequest($requestor, string $dest): void
5959
);
6060
$stmt->bindParam(":uid", $requestor);
6161
$stmt->bindParam(":request_for", $dest);
62-
6362
$stmt->execute();
6463
}
6564

@@ -69,7 +68,6 @@ public function removeRequests(string $dest): void
6968
"DELETE FROM " . self::TABLE_REQS . " WHERE request_for=:request_for",
7069
);
7170
$stmt->bindParam(":request_for", $dest);
72-
7371
$stmt->execute();
7472
}
7573

@@ -115,47 +113,36 @@ public function getRequests(string $dest): array
115113
"SELECT * FROM " . self::TABLE_REQS . " WHERE request_for=:request_for",
116114
);
117115
$stmt->bindParam(":request_for", $dest);
118-
119116
$stmt->execute();
120-
121117
return $stmt->fetchAll();
122118
}
123119

124120
public function getRequestsByUser(string $user): array
125121
{
126122
$stmt = $this->conn->prepare("SELECT * FROM " . self::TABLE_REQS . " WHERE uid=:uid");
127123
$stmt->bindParam(":uid", $user);
128-
129124
$stmt->execute();
130-
131125
return $stmt->fetchAll();
132126
}
133127

134128
public function deleteRequestsByUser(string $user): void
135129
{
136130
$stmt = $this->conn->prepare("DELETE FROM " . self::TABLE_REQS . " WHERE uid=:uid");
137131
$stmt->bindParam(":uid", $user);
138-
139132
$stmt->execute();
140133
}
141134

142-
public function addNotice(
143-
string $title,
144-
string $date,
145-
string $content,
146-
UnityUser $operator,
147-
): void {
135+
public function addNotice(string $title, string $date, string $content): void
136+
{
148137
$table = self::TABLE_NOTICES;
149138
$stmt = $this->conn->prepare(
150139
"INSERT INTO $table (date, title, message) VALUES (:date, :title, :message)",
151140
);
152141
$stmt->bindParam(":date", $date);
153142
$stmt->bindParam(":title", $title);
154143
$stmt->bindParam(":message", $content);
155-
156144
$stmt->execute();
157-
158-
$this->addLog($operator->uid, $_SERVER["REMOTE_ADDR"], "added_cluster_notice", $operator);
145+
$this->addLog("added_cluster_notice", "");
159146
}
160147

161148
public function editNotice(string $id, string $title, string $date, string $content): void
@@ -168,25 +155,21 @@ public function editNotice(string $id, string $title, string $date, string $cont
168155
$stmt->bindParam(":title", $title);
169156
$stmt->bindParam(":message", $content);
170157
$stmt->bindParam(":id", $id);
171-
172158
$stmt->execute();
173159
}
174160

175161
public function deleteNotice(string $id): void
176162
{
177163
$stmt = $this->conn->prepare("DELETE FROM " . self::TABLE_NOTICES . " WHERE id=:id");
178164
$stmt->bindParam(":id", $id);
179-
180165
$stmt->execute();
181166
}
182167

183168
public function getNotice(string $id): array
184169
{
185170
$stmt = $this->conn->prepare("SELECT * FROM " . self::TABLE_NOTICES . " WHERE id=:id");
186171
$stmt->bindParam(":id", $id);
187-
188172
$stmt->execute();
189-
190173
return $stmt->fetchAll()[0];
191174
}
192175

@@ -196,57 +179,46 @@ public function getNotices(): array
196179
"SELECT * FROM " . self::TABLE_NOTICES . " ORDER BY date DESC",
197180
);
198181
$stmt->execute();
199-
200182
return $stmt->fetchAll();
201183
}
202184

203185
public function getPages(): array
204186
{
205187
$stmt = $this->conn->prepare("SELECT * FROM " . self::TABLE_PAGES);
206188
$stmt->execute();
207-
208189
return $stmt->fetchAll();
209190
}
210191

211192
public function getPage(string $id): array
212193
{
213194
$stmt = $this->conn->prepare("SELECT * FROM " . self::TABLE_PAGES . " WHERE page=:id");
214195
$stmt->bindParam(":id", $id);
215-
216196
$stmt->execute();
217-
218197
return $stmt->fetchAll()[0];
219198
}
220199

221-
public function editPage(string $id, string $content, UnityUser $operator): void
200+
public function editPage(string $id, string $content): void
222201
{
223202
$stmt = $this->conn->prepare(
224203
"UPDATE " . self::TABLE_PAGES . " SET content=:content WHERE page=:id",
225204
);
226205
$stmt->bindParam(":id", $id);
227206
$stmt->bindParam(":content", $content);
228-
229207
$stmt->execute();
230-
231-
$this->addLog($operator->uid, $_SERVER["REMOTE_ADDR"], "edited_page", $operator);
208+
$this->addLog("edited_page", "");
232209
}
233210

234-
public function addLog(
235-
string $operator,
236-
string $operator_ip,
237-
string $action_type,
238-
string $recipient,
239-
): void {
211+
public function addLog(string $action_type, string $recipient): void
212+
{
240213
$table = self::TABLE_AUDIT_LOG;
241214
$stmt = $this->conn->prepare(
242215
"INSERT INTO $table (operator, operator_ip, action_type, recipient)
243216
VALUE (:operator, :operator_ip, :action_type, :recipient)",
244217
);
245-
$stmt->bindParam(":operator", $operator);
246-
$stmt->bindParam(":operator_ip", $operator_ip);
218+
$stmt->bindValue(":operator", $_SESSION["OPERATOR"] ?? "");
219+
$stmt->bindValue(":operator_ip", $_SESSION["OPERATOR_IP"] ?? "");
247220
$stmt->bindParam(":action_type", $action_type);
248221
$stmt->bindParam(":recipient", $recipient);
249-
250222
$stmt->execute();
251223
}
252224

@@ -256,7 +228,6 @@ public function addAccountDeletionRequest(string $uid): void
256228
"INSERT INTO " . self::TABLE_ACCOUNT_DELETION_REQUESTS . " (uid) VALUE (:uid)",
257229
);
258230
$stmt->bindParam(":uid", $uid);
259-
260231
$stmt->execute();
261232
}
262233

@@ -266,9 +237,7 @@ public function accDeletionRequestExists(string $uid): bool
266237
"SELECT * FROM " . self::TABLE_ACCOUNT_DELETION_REQUESTS . " WHERE uid=:uid",
267238
);
268239
$stmt->bindParam(":uid", $uid);
269-
270240
$stmt->execute();
271-
272241
return count($stmt->fetchAll()) > 0;
273242
}
274243

resources/lib/UnityUser.php

Lines changed: 14 additions & 35 deletions
Original file line numberDiff line numberDiff line change
@@ -86,7 +86,7 @@ public function init(
8686
$org->addMemberUID($this->uid);
8787
}
8888

89-
$this->SQL->addLog($this->uid, $_SERVER["REMOTE_ADDR"], "user_added", $this->uid);
89+
$this->SQL->addLog("user_added", $this->uid);
9090
}
9191

9292
public function getFlag(UserFlag $flag): bool
@@ -167,13 +167,10 @@ public function getOrg(): string
167167
/**
168168
* Sets the firstname of the account and the corresponding ldap entry if it exists
169169
*/
170-
public function setFirstname(string $firstname, ?UnityUser $operator = null): void
170+
public function setFirstname(string $firstname): void
171171
{
172172
$this->entry->setAttribute("givenname", $firstname);
173-
$operator = is_null($operator) ? $this->uid : $operator->uid;
174-
175-
$this->SQL->addLog($operator, $_SERVER["REMOTE_ADDR"], "firstname_changed", $this->uid);
176-
173+
$this->SQL->addLog("firstname_changed", $this->uid);
177174
$this->entry->write();
178175
}
179176

@@ -189,13 +186,10 @@ public function getFirstname(): string
189186
/**
190187
* Sets the lastname of the account and the corresponding ldap entry if it exists
191188
*/
192-
public function setLastname(string $lastname, $operator = null): void
189+
public function setLastname(string $lastname): void
193190
{
194191
$this->entry->setAttribute("sn", $lastname);
195-
$operator = is_null($operator) ? $this->uid : $operator->uid;
196-
197-
$this->SQL->addLog($operator, $_SERVER["REMOTE_ADDR"], "lastname_changed", $this->uid);
198-
192+
$this->SQL->addLog("lastname_changed", $this->uid);
199193
$this->entry->write();
200194
}
201195

@@ -217,13 +211,10 @@ public function getFullname(): string
217211
/**
218212
* Sets the mail in the account and the ldap entry
219213
*/
220-
public function setMail(string $email, ?UnityUser $operator = null): void
214+
public function setMail(string $email): void
221215
{
222216
$this->entry->setAttribute("mail", $email);
223-
$operator = is_null($operator) ? $this->uid : $operator->uid;
224-
225-
$this->SQL->addLog($operator, $_SERVER["REMOTE_ADDR"], "email_changed", $this->uid);
226-
217+
$this->SQL->addLog("email_changed", $this->uid);
227218
$this->entry->write();
228219
}
229220

@@ -239,16 +230,13 @@ public function getMail(): string
239230
/**
240231
* Sets the SSH keys on the account and the corresponding entry
241232
*/
242-
public function setSSHKeys($keys, $operator = null, bool $send_mail = true): void
233+
public function setSSHKeys($keys, bool $send_mail = true): void
243234
{
244-
$operator = is_null($operator) ? $this->uid : $operator->uid;
245235
$keys_filt = array_values(array_unique($keys));
246236
\ensure($this->entry->exists());
247237
$this->entry->setAttribute("sshpublickey", $keys_filt);
248238
$this->entry->write();
249-
250-
$this->SQL->addLog($operator, $_SERVER["REMOTE_ADDR"], "sshkey_modify", $this->uid);
251-
239+
$this->SQL->addLog("sshkey_modify", $this->uid);
252240
if ($send_mail) {
253241
$this->MAILER->sendMail($this->getMail(), "user_sshkey", [
254242
"keys" => $this->getSSHKeys(),
@@ -269,11 +257,8 @@ public function getSSHKeys(): array
269257
/**
270258
* Sets the login shell for the account
271259
*/
272-
public function setLoginShell(
273-
string $shell,
274-
?UnityUser $operator = null,
275-
bool $send_mail = true,
276-
): void {
260+
public function setLoginShell(string $shell, bool $send_mail = true): void
261+
{
277262
// ldap schema syntax is "IA5 String (1.3.6.1.4.1.1466.115.121.1.26)"
278263
if (!mb_check_encoding($shell, "ASCII")) {
279264
throw new Exception("non ascii characters are not allowed in a login shell!");
@@ -287,11 +272,7 @@ public function setLoginShell(
287272
\ensure($this->entry->exists());
288273
$this->entry->setAttribute("loginshell", $shell);
289274
$this->entry->write();
290-
291-
$operator = is_null($operator) ? $this->uid : $operator->uid;
292-
293-
$this->SQL->addLog($operator, $_SERVER["REMOTE_ADDR"], "loginshell_changed", $this->uid);
294-
275+
$this->SQL->addLog("loginshell_changed", $this->uid);
295276
if ($send_mail) {
296277
$this->MAILER->sendMail($this->getMail(), "user_loginshell", [
297278
"new_shell" => $this->getLoginShell(),
@@ -308,14 +289,12 @@ public function getLoginShell(): string
308289
return $this->entry->getAttribute("loginshell")[0];
309290
}
310291

311-
public function setHomeDir(string $home, ?UnityUser $operator = null): void
292+
public function setHomeDir(string $home): void
312293
{
313294
\ensure($this->entry->exists());
314295
$this->entry->setAttribute("homedirectory", $home);
315296
$this->entry->write();
316-
$operator = is_null($operator) ? $this->uid : $operator->uid;
317-
318-
$this->SQL->addLog($operator, $_SERVER["REMOTE_ADDR"], "homedir_changed", $this->uid);
297+
$this->SQL->addLog("homedir_changed", $this->uid);
319298
}
320299

321300
/**

test/phpunit-bootstrap.php

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -79,7 +79,6 @@ function switchUser(
7979
$GITHUB,
8080
$SITE,
8181
$SSO,
82-
$OPERATOR,
8382
$USER,
8483
$SEND_PIMESG_TO_ADMINS,
8584
$LOC_HEADER,
@@ -114,7 +113,6 @@ function http_post(
114113
$GITHUB,
115114
$SITE,
116115
$SSO,
117-
$OPERATOR,
118116
$USER,
119117
$SEND_PIMESG_TO_ADMINS,
120118
$LOC_HEADER,
@@ -153,7 +151,6 @@ function http_get(string $phpfile, array $get_data = []): void
153151
$GITHUB,
154152
$SITE,
155153
$SSO,
156-
$OPERATOR,
157154
$USER,
158155
$SEND_PIMESG_TO_ADMINS,
159156
$LOC_HEADER,

webroot/admin/content.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@
1212
if ($_SERVER["REQUEST_METHOD"] == "POST") {
1313
UnityHTTPD::validatePostCSRFToken();
1414
if (!empty($_POST["pageSel"])) {
15-
$SQL->editPage($_POST["pageSel"], $_POST["content"], $USER);
15+
$SQL->editPage($_POST["pageSel"], $_POST["content"]);
1616
}
1717
}
1818

0 commit comments

Comments
 (0)