Skip to content

store operator info in session #476

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
simonLeary42 merged 3 commits into from
Dec 31, 2025
Merged

store operator info in session #476

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
e30f4da
store operator info in session
simonLeary42 Dec 31, 2025
46396cc
missed a spot
simonLeary42 Dec 31, 2025
d117856
missed more spots
simonLeary42 Dec 31, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 4 additions & 1 deletion resources/init.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,9 @@
$OPERATOR = new UnityUser($SSO["user"], $LDAP, $SQL, $MAILER, $WEBHOOK);
$_SESSION["is_admin"] = $OPERATOR->getFlag(UserFlag::ADMIN);

$_SESSION["OPERATOR"] = $SSO["user"];
$_SESSION["OPERATOR_IP"] = $_SERVER["REMOTE_ADDR"];

if (isset($_SESSION["viewUser"]) && $_SESSION["is_admin"]) {
$USER = new UnityUser($_SESSION["viewUser"], $LDAP, $SQL, $MAILER, $WEBHOOK);
} else {
Expand All @@ -69,7 +72,7 @@
$_SESSION["is_pi"] = $USER->isPI();
$SEND_PIMESG_TO_ADMINS = CONFIG["mail"]["send_pimesg_to_admins"];

$SQL->addLog($OPERATOR->uid, $_SERVER["REMOTE_ADDR"], "user_login", $OPERATOR->uid);
$SQL->addLog("user_login", $OPERATOR->uid);
}

$LOC_HEADER = __DIR__ . "/templates/header.php";
Expand Down
20 changes: 4 additions & 16 deletions resources/lib/UnityGroup.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@ public function requestGroup(bool $send_mail_to_admins, bool $send_mail = true):
/**
* This method will create the group (this is what is executed when an admin approved the group)
*/
public function approveGroup(?UnityUser $operator = null, bool $send_mail = true): void
public function approveGroup(bool $send_mail = true): void
{
$uid = $this->getOwner()->uid;
$request = $this->SQL->getRequest($uid, UnitySQL::REQUEST_BECOME_PI);
Expand All @@ -75,13 +75,7 @@ public function approveGroup(?UnityUser $operator = null, bool $send_mail = true
\ensure($this->getOwner()->exists());
$this->init();
$this->SQL->removeRequest($this->getOwner()->uid, UnitySQL::REQUEST_BECOME_PI);
$operator = is_null($operator) ? $this->getOwner()->uid : $operator->uid;
$this->SQL->addLog(
$operator,
$_SERVER["REMOTE_ADDR"],
"approved_group",
$this->getOwner()->uid,
);
$this->SQL->addLog("approved_group", $this->getOwner()->uid);
if ($send_mail) {
$this->MAILER->sendMail($this->getOwner()->getMail(), "group_created");
}
Expand All @@ -92,20 +86,14 @@ public function approveGroup(?UnityUser $operator = null, bool $send_mail = true
/**
* This method is executed when an admin denys the PI group request
*/
public function denyGroup(?UnityUser $operator = null, bool $send_mail = true): void
public function denyGroup(bool $send_mail = true): void
{
$request = $this->SQL->getRequest($this->getOwner()->uid, UnitySQL::REQUEST_BECOME_PI);
$this->SQL->removeRequest($this->getOwner()->uid, UnitySQL::REQUEST_BECOME_PI);
if ($this->exists()) {
return;
}
$operator = is_null($operator) ? $this->getOwner()->uid : $operator->uid;
$this->SQL->addLog(
$operator,
$_SERVER["REMOTE_ADDR"],
"denied_group",
$this->getOwner()->uid,
);
$this->SQL->addLog("denied_group", $this->getOwner()->uid);
if ($send_mail) {
$this->MAILER->sendMail($this->getOwner()->getMail(), "group_denied");
}
Expand Down
49 changes: 9 additions & 40 deletions resources/lib/UnitySQL.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,6 @@ public function removeRequest($requestor, string $dest): void
);
$stmt->bindParam(":uid", $requestor);
$stmt->bindParam(":request_for", $dest);

$stmt->execute();
}

Expand All @@ -69,7 +68,6 @@ public function removeRequests(string $dest): void
"DELETE FROM " . self::TABLE_REQS . " WHERE request_for=:request_for",
);
$stmt->bindParam(":request_for", $dest);

$stmt->execute();
}

Expand Down Expand Up @@ -115,47 +113,36 @@ public function getRequests(string $dest): array
"SELECT * FROM " . self::TABLE_REQS . " WHERE request_for=:request_for",
);
$stmt->bindParam(":request_for", $dest);

$stmt->execute();

return $stmt->fetchAll();
}

public function getRequestsByUser(string $user): array
{
$stmt = $this->conn->prepare("SELECT * FROM " . self::TABLE_REQS . " WHERE uid=:uid");
$stmt->bindParam(":uid", $user);

$stmt->execute();

return $stmt->fetchAll();
}

public function deleteRequestsByUser(string $user): void
{
$stmt = $this->conn->prepare("DELETE FROM " . self::TABLE_REQS . " WHERE uid=:uid");
$stmt->bindParam(":uid", $user);

$stmt->execute();
}

public function addNotice(
string $title,
string $date,
string $content,
UnityUser $operator,
): void {
public function addNotice(string $title, string $date, string $content): void
{
$table = self::TABLE_NOTICES;
$stmt = $this->conn->prepare(
"INSERT INTO $table (date, title, message) VALUES (:date, :title, :message)",
);
$stmt->bindParam(":date", $date);
$stmt->bindParam(":title", $title);
$stmt->bindParam(":message", $content);

$stmt->execute();

$this->addLog($operator->uid, $_SERVER["REMOTE_ADDR"], "added_cluster_notice", $operator);
$this->addLog("added_cluster_notice", "");
}

public function editNotice(string $id, string $title, string $date, string $content): void
Expand All @@ -168,25 +155,21 @@ public function editNotice(string $id, string $title, string $date, string $cont
$stmt->bindParam(":title", $title);
$stmt->bindParam(":message", $content);
$stmt->bindParam(":id", $id);

$stmt->execute();
}

public function deleteNotice(string $id): void
{
$stmt = $this->conn->prepare("DELETE FROM " . self::TABLE_NOTICES . " WHERE id=:id");
$stmt->bindParam(":id", $id);

$stmt->execute();
}

public function getNotice(string $id): array
{
$stmt = $this->conn->prepare("SELECT * FROM " . self::TABLE_NOTICES . " WHERE id=:id");
$stmt->bindParam(":id", $id);

$stmt->execute();

return $stmt->fetchAll()[0];
}

Expand All @@ -196,57 +179,46 @@ public function getNotices(): array
"SELECT * FROM " . self::TABLE_NOTICES . " ORDER BY date DESC",
);
$stmt->execute();

return $stmt->fetchAll();
}

public function getPages(): array
{
$stmt = $this->conn->prepare("SELECT * FROM " . self::TABLE_PAGES);
$stmt->execute();

return $stmt->fetchAll();
}

public function getPage(string $id): array
{
$stmt = $this->conn->prepare("SELECT * FROM " . self::TABLE_PAGES . " WHERE page=:id");
$stmt->bindParam(":id", $id);

$stmt->execute();

return $stmt->fetchAll()[0];
}

public function editPage(string $id, string $content, UnityUser $operator): void
public function editPage(string $id, string $content): void
{
$stmt = $this->conn->prepare(
"UPDATE " . self::TABLE_PAGES . " SET content=:content WHERE page=:id",
);
$stmt->bindParam(":id", $id);
$stmt->bindParam(":content", $content);

$stmt->execute();

$this->addLog($operator->uid, $_SERVER["REMOTE_ADDR"], "edited_page", $operator);
$this->addLog("edited_page", "");
}

public function addLog(
string $operator,
string $operator_ip,
string $action_type,
string $recipient,
): void {
public function addLog(string $action_type, string $recipient): void
{
$table = self::TABLE_AUDIT_LOG;
$stmt = $this->conn->prepare(
"INSERT INTO $table (operator, operator_ip, action_type, recipient)
VALUE (:operator, :operator_ip, :action_type, :recipient)",
);
$stmt->bindParam(":operator", $operator);
$stmt->bindParam(":operator_ip", $operator_ip);
$stmt->bindValue(":operator", $_SESSION["OPERATOR"] ?? "");
$stmt->bindValue(":operator_ip", $_SESSION["OPERATOR_IP"] ?? "");
$stmt->bindParam(":action_type", $action_type);
$stmt->bindParam(":recipient", $recipient);

$stmt->execute();
}

Expand All @@ -256,7 +228,6 @@ public function addAccountDeletionRequest(string $uid): void
"INSERT INTO " . self::TABLE_ACCOUNT_DELETION_REQUESTS . " (uid) VALUE (:uid)",
);
$stmt->bindParam(":uid", $uid);

$stmt->execute();
}

Expand All @@ -266,9 +237,7 @@ public function accDeletionRequestExists(string $uid): bool
"SELECT * FROM " . self::TABLE_ACCOUNT_DELETION_REQUESTS . " WHERE uid=:uid",
);
$stmt->bindParam(":uid", $uid);

$stmt->execute();

return count($stmt->fetchAll()) > 0;
}

Expand Down
49 changes: 14 additions & 35 deletions resources/lib/UnityUser.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@ public function init(
$org->addMemberUID($this->uid);
}

$this->SQL->addLog($this->uid, $_SERVER["REMOTE_ADDR"], "user_added", $this->uid);
$this->SQL->addLog("user_added", $this->uid);
}

public function getFlag(UserFlag $flag): bool
Expand Down Expand Up @@ -167,13 +167,10 @@ public function getOrg(): string
/**
* Sets the firstname of the account and the corresponding ldap entry if it exists
*/
public function setFirstname(string $firstname, ?UnityUser $operator = null): void
public function setFirstname(string $firstname): void
{
$this->entry->setAttribute("givenname", $firstname);
$operator = is_null($operator) ? $this->uid : $operator->uid;

$this->SQL->addLog($operator, $_SERVER["REMOTE_ADDR"], "firstname_changed", $this->uid);

$this->SQL->addLog("firstname_changed", $this->uid);
$this->entry->write();
}

Expand All @@ -189,13 +186,10 @@ public function getFirstname(): string
/**
* Sets the lastname of the account and the corresponding ldap entry if it exists
*/
public function setLastname(string $lastname, $operator = null): void
public function setLastname(string $lastname): void
{
$this->entry->setAttribute("sn", $lastname);
$operator = is_null($operator) ? $this->uid : $operator->uid;

$this->SQL->addLog($operator, $_SERVER["REMOTE_ADDR"], "lastname_changed", $this->uid);

$this->SQL->addLog("lastname_changed", $this->uid);
$this->entry->write();
}

Expand All @@ -217,13 +211,10 @@ public function getFullname(): string
/**
* Sets the mail in the account and the ldap entry
*/
public function setMail(string $email, ?UnityUser $operator = null): void
public function setMail(string $email): void
{
$this->entry->setAttribute("mail", $email);
$operator = is_null($operator) ? $this->uid : $operator->uid;

$this->SQL->addLog($operator, $_SERVER["REMOTE_ADDR"], "email_changed", $this->uid);

$this->SQL->addLog("email_changed", $this->uid);
$this->entry->write();
}

Expand All @@ -239,16 +230,13 @@ public function getMail(): string
/**
* Sets the SSH keys on the account and the corresponding entry
*/
public function setSSHKeys($keys, $operator = null, bool $send_mail = true): void
public function setSSHKeys($keys, bool $send_mail = true): void
{
$operator = is_null($operator) ? $this->uid : $operator->uid;
$keys_filt = array_values(array_unique($keys));
\ensure($this->entry->exists());
$this->entry->setAttribute("sshpublickey", $keys_filt);
$this->entry->write();

$this->SQL->addLog($operator, $_SERVER["REMOTE_ADDR"], "sshkey_modify", $this->uid);

$this->SQL->addLog("sshkey_modify", $this->uid);
if ($send_mail) {
$this->MAILER->sendMail($this->getMail(), "user_sshkey", [
"keys" => $this->getSSHKeys(),
Expand All @@ -269,11 +257,8 @@ public function getSSHKeys(): array
/**
* Sets the login shell for the account
*/
public function setLoginShell(
string $shell,
?UnityUser $operator = null,
bool $send_mail = true,
): void {
public function setLoginShell(string $shell, bool $send_mail = true): void
{
// ldap schema syntax is "IA5 String (1.3.6.1.4.1.1466.115.121.1.26)"
if (!mb_check_encoding($shell, "ASCII")) {
throw new Exception("non ascii characters are not allowed in a login shell!");
Expand All @@ -287,11 +272,7 @@ public function setLoginShell(
\ensure($this->entry->exists());
$this->entry->setAttribute("loginshell", $shell);
$this->entry->write();

$operator = is_null($operator) ? $this->uid : $operator->uid;

$this->SQL->addLog($operator, $_SERVER["REMOTE_ADDR"], "loginshell_changed", $this->uid);

$this->SQL->addLog("loginshell_changed", $this->uid);
if ($send_mail) {
$this->MAILER->sendMail($this->getMail(), "user_loginshell", [
"new_shell" => $this->getLoginShell(),
Expand All @@ -308,14 +289,12 @@ public function getLoginShell(): string
return $this->entry->getAttribute("loginshell")[0];
}

public function setHomeDir(string $home, ?UnityUser $operator = null): void
public function setHomeDir(string $home): void
{
\ensure($this->entry->exists());
$this->entry->setAttribute("homedirectory", $home);
$this->entry->write();
$operator = is_null($operator) ? $this->uid : $operator->uid;

$this->SQL->addLog($operator, $_SERVER["REMOTE_ADDR"], "homedir_changed", $this->uid);
$this->SQL->addLog("homedir_changed", $this->uid);
}

/**
Expand Down
3 changes: 0 additions & 3 deletions test/phpunit-bootstrap.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,6 @@ function switchUser(
$GITHUB,
$SITE,
$SSO,
$OPERATOR,
$USER,
$SEND_PIMESG_TO_ADMINS,
$LOC_HEADER,
Expand Down Expand Up @@ -114,7 +113,6 @@ function http_post(
$GITHUB,
$SITE,
$SSO,
$OPERATOR,
$USER,
$SEND_PIMESG_TO_ADMINS,
$LOC_HEADER,
Expand Down Expand Up @@ -153,7 +151,6 @@ function http_get(string $phpfile, array $get_data = []): void
$GITHUB,
$SITE,
$SSO,
$OPERATOR,
$USER,
$SEND_PIMESG_TO_ADMINS,
$LOC_HEADER,
Expand Down
2 changes: 1 addition & 1 deletion webroot/admin/content.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
if ($_SERVER["REQUEST_METHOD"] == "POST") {
UnityHTTPD::validatePostCSRFToken();
if (!empty($_POST["pageSel"])) {
$SQL->editPage($_POST["pageSel"], $_POST["content"], $USER);
$SQL->editPage($_POST["pageSel"], $_POST["content"]);
}
}

Expand Down
Loading