From 385264c26ffdfbad9b8f20933dbe7f3f1dd3e8a5 Mon Sep 17 00:00:00 2001 From: Greg Dean Date: Thu, 10 Jan 2019 09:17:19 -0500 Subject: [PATCH 01/25] moving generation of event_id to event table instead of staging table --- .../etl/etl.d/jobs_cloud_generic.json | 9 +++++- .../etl/etl.d/jobs_cloud_openstack.json | 11 +++++-- .../cloud_generic/event.json | 25 --------------- .../cloud_generic/event_asset.json | 12 +++---- .../event_asset_root_volume.json | 14 ++++----- .../cloud_generic/instance_data.json | 31 +++++++++++++++++++ .../cloud_openstack/event.json | 26 ---------------- .../cloud_openstack/event_asset.json | 10 ++++-- .../event_asset_root_volume.json | 14 ++++----- .../cloud_openstack/instance_data.json | 31 +++++++++++++++++++ .../cloud_generic/post_ingest_updates.sql | 2 ++ .../cloud_openstack/post_ingest_update.sql | 8 ++--- .../etl/etl_tables.d/cloud_common/event.json | 16 +++++++++- .../cloud_generic/staging_event.json | 21 ------------- .../cloud_openstack/staging_event.json | 21 ------------- 15 files changed, 127 insertions(+), 124 deletions(-) create mode 100644 configuration/etl/etl_action_defs.d/cloud_generic/instance_data.json create mode 100644 configuration/etl/etl_action_defs.d/cloud_openstack/instance_data.json diff --git a/configuration/etl/etl.d/jobs_cloud_generic.json b/configuration/etl/etl.d/jobs_cloud_generic.json index bdc0ff5ab9..7ef1246bc8 100644 --- a/configuration/etl/etl.d/jobs_cloud_generic.json +++ b/configuration/etl/etl.d/jobs_cloud_generic.json @@ -196,10 +196,17 @@ { "#": "Instance data must be ingested after staging events", "name": "GenericCloudEventIngestor", - "description": "Generic cloud event and instance data", + "description": "Generic cloud event", "class": "DatabaseIngestor", "definition_file": "cloud_generic/event.json" }, + { + "#": "Instance data must be ingested after events", + "name": "GenericCloudInstanceDataIngestor", + "description": "Generic cloud instance data", + "class": "DatabaseIngestor", + "definition_file": "cloud_generic/instance_data.json" + }, { "#": "Asset data must be ingested after events", "name": "GenericCloudEventAssetRootVolumeIngestor", diff --git a/configuration/etl/etl.d/jobs_cloud_openstack.json b/configuration/etl/etl.d/jobs_cloud_openstack.json index dbfed7b445..54e0695ce2 100644 --- a/configuration/etl/etl.d/jobs_cloud_openstack.json +++ b/configuration/etl/etl.d/jobs_cloud_openstack.json @@ -157,12 +157,19 @@ "definition_file": "cloud_openstack/root_volume.json" }, { - "#": "Instance data must be ingested after staging events", + "#": "Events must be ingested after all other dimensions", "name": "OpenStackCloudEventIngestor", - "description": "OpenStack cloud event and instance data", + "description": "OpenStack cloud event", "class": "DatabaseIngestor", "definition_file": "cloud_openstack/event.json" }, + { + "#": "Instance data must be ingested after events", + "name": "OpenStackInstanceDataIngestor", + "description": "OpenStack instance data", + "class": "DatabaseIngestor", + "definition_file": "cloud_openstack/instance_data.json" + }, { "#": "Events must be ingested after all other dimensions", "name": "OpenStackCloudEventAssetRootVolumeIngestor", diff --git a/configuration/etl/etl_action_defs.d/cloud_generic/event.json b/configuration/etl/etl_action_defs.d/cloud_generic/event.json index 80641d3649..296cc55f96 100644 --- a/configuration/etl/etl_action_defs.d/cloud_generic/event.json +++ b/configuration/etl/etl_action_defs.d/cloud_generic/event.json @@ -1,8 +1,5 @@ { "table_definition": [ - { - "$ref": "${table_definition_dir}/cloud_common/instance_data.json#/table_definition" - }, { "$ref": "${table_definition_dir}/cloud_common/event.json#/table_definition" } @@ -10,14 +7,11 @@ "source_query": { "records": { - "event_id": "staging.event_id", "resource_id": "staging.resource_id", "instance_id": "staging.instance_id", - "instance_type_id": "staging.instance_type_id", "event_time_utc": "staging.event_time_utc", "event_type_id": "staging.event_type_id", "record_type_id": "staging.record_type_id", - "image_id": "staging.image_id", "host_id": "staging.host_id" }, @@ -28,24 +22,5 @@ "alias": "staging" } ] - }, - - "destination_field_map": { - "instance_data": { - "resource_id": "resource_id", - "event_id": "event_id", - "instance_type_id": "instance_type_id", - "image_id": "image_id", - "host_id": "host_id" - }, - "event": { - "event_id": "event_id", - "resource_id": "resource_id", - "instance_id": "instance_id", - "event_time_utc": "event_time_utc", - "event_type_id": "event_type_id", - "record_type_id": "record_type_id", - "host_id": "host_id" - } } } diff --git a/configuration/etl/etl_action_defs.d/cloud_generic/event_asset.json b/configuration/etl/etl_action_defs.d/cloud_generic/event_asset.json index 5c15ad4af7..3cdab12677 100644 --- a/configuration/etl/etl_action_defs.d/cloud_generic/event_asset.json +++ b/configuration/etl/etl_action_defs.d/cloud_generic/event_asset.json @@ -13,27 +13,27 @@ "source_query": { "records": { - "resource_id": "staging.resource_id", - "event_id": "staging.event_id", + "resource_id": "ev.resource_id", + "event_id": "ev.event_id", "asset_id": "a.asset_id" }, "joins": [ { - "name": "generic_cloud_staging_event", + "name": "event", "schema": "${SOURCE_SCHEMA}", - "alias": "staging" + "alias": "ev" }, { "name": "asset", "schema": "${SOURCE_SCHEMA}", "alias": "a", - "on": "a.resource_id = staging.resource_id AND a.provider_identifier = staging.event_data" + "on": "a.resource_id = ev.resource_id AND a.provider_identifier = ev.event_data" } ], "where": [ - "staging.event_data IS NOT NULL" + "ev.event_data IS NOT NULL" ] } } diff --git a/configuration/etl/etl_action_defs.d/cloud_generic/event_asset_root_volume.json b/configuration/etl/etl_action_defs.d/cloud_generic/event_asset_root_volume.json index 3afedd8c43..da2c353245 100644 --- a/configuration/etl/etl_action_defs.d/cloud_generic/event_asset_root_volume.json +++ b/configuration/etl/etl_action_defs.d/cloud_generic/event_asset_root_volume.json @@ -13,34 +13,34 @@ "source_query": { "records": { - "resource_id": "staging.resource_id", - "event_id": "staging.event_id", + "resource_id": "ev.resource_id", + "event_id": "ev.event_id", "asset_id": "a.asset_id" }, "joins": [ { - "name": "generic_cloud_staging_event", + "name": "event", "schema": "${SOURCE_SCHEMA}", - "alias": "staging" + "alias": "ev" }, { "name": "instance", "schema": "${SOURCE_SCHEMA}", "alias": "i", - "on": "i.instance_id = staging.instance_id AND i.resource_id = staging.resource_id" + "on": "i.instance_id = ev.instance_id AND i.resource_id = ev.resource_id" }, { "name": "asset", "schema": "${SOURCE_SCHEMA}", "alias": "a", - "on": "a.resource_id = staging.resource_id AND a.provider_identifier = CONCAT('root-vol-', i.provider_identifier)" + "on": "a.resource_id = ev.resource_id AND a.provider_identifier = CONCAT('root-vol-', i.provider_identifier)" }, { "name": "event_type", "schema": "${SOURCE_SCHEMA}", "alias": "etype", - "on": "etype.event_type_id = staging.event_type_id" + "on": "etype.event_type_id = ev.event_type_id" } ], diff --git a/configuration/etl/etl_action_defs.d/cloud_generic/instance_data.json b/configuration/etl/etl_action_defs.d/cloud_generic/instance_data.json new file mode 100644 index 0000000000..8a7d127d09 --- /dev/null +++ b/configuration/etl/etl_action_defs.d/cloud_generic/instance_data.json @@ -0,0 +1,31 @@ +{ + "table_definition": [ + { + "$ref": "${table_definition_dir}/cloud_common/instance_data.json#/table_definition" + } + ], + + "source_query": { + "records": { + "event_id": "ev.event_id", + "resource_id": "staging.resource_id", + "instance_type_id": "staging.instance_type_id", + "host_id": "staging.host_id", + "image_id": "staging.image_id" + }, + + "joins": [ + { + "name": "generic_cloud_staging_event", + "schema": "${SOURCE_SCHEMA}", + "alias": "staging" + }, + { + "name": "event", + "schema": "${SOURCE_SCHEMA}", + "alias": "ev", + "on": "ev.resource_id = staging.resource_id AND ev.instance_id = staging.instance_id AND ev.event_time_utc = staging.event_time_utc AND ev.event_type_id = staging.event_type_id" + } + ] + } +} diff --git a/configuration/etl/etl_action_defs.d/cloud_openstack/event.json b/configuration/etl/etl_action_defs.d/cloud_openstack/event.json index e175cd7bd6..c763def73a 100644 --- a/configuration/etl/etl_action_defs.d/cloud_openstack/event.json +++ b/configuration/etl/etl_action_defs.d/cloud_openstack/event.json @@ -1,8 +1,5 @@ { "table_definition": [ - { - "$ref": "${table_definition_dir}/cloud_common/instance_data.json#/table_definition" - }, { "$ref": "${table_definition_dir}/cloud_common/event.json#/table_definition" } @@ -10,15 +7,12 @@ "source_query": { "records": { - "event_id": "staging.event_id", "resource_id": "staging.resource_id", "instance_id": "staging.instance_id", - "instance_type_id": "staging.instance_type_id", "event_time_utc": "staging.event_time_utc", "event_type_id": "staging.event_type_id", "record_type_id": "staging.record_type_id", "host_id": "staging.host_id", - "image_id": "staging.image_id", "submission_venue_id": 3 }, @@ -29,25 +23,5 @@ "alias": "staging" } ] - }, - - "destination_field_map": { - "instance_data": { - "resource_id": "resource_id", - "event_id": "event_id", - "instance_type_id": "instance_type_id", - "host_id": "host_id", - "image_id": "image_id" - }, - "event": { - "event_id": "event_id", - "resource_id": "resource_id", - "instance_id": "instance_id", - "event_time_utc": "event_time_utc", - "event_type_id": "event_type_id", - "record_type_id": "record_type_id", - "host_id": "host_id", - "submission_venue_id": "submission_venue_id" - } } } diff --git a/configuration/etl/etl_action_defs.d/cloud_openstack/event_asset.json b/configuration/etl/etl_action_defs.d/cloud_openstack/event_asset.json index 2311515a70..7c7c854802 100644 --- a/configuration/etl/etl_action_defs.d/cloud_openstack/event_asset.json +++ b/configuration/etl/etl_action_defs.d/cloud_openstack/event_asset.json @@ -13,8 +13,8 @@ "source_query": { "records": { - "resource_id": "staging.resource_id", - "event_id": "staging.event_id", + "resource_id": "ev.resource_id", + "event_id": "ev.event_id", "asset_id": "a.asset_id" }, @@ -24,6 +24,12 @@ "schema": "${SOURCE_SCHEMA}", "alias": "staging" }, + { + "name": "event", + "schema": "${SOURCE_SCHEMA}", + "alias": "ev", + "on": "ev.resource_id = staging.resource_id AND ev.instance_id = staging.instance_id AND ev.event_time_utc = staging.event_time_utc AND ev.event_type_id = staging.event_type_id" + }, { "name": "asset", "schema": "${SOURCE_SCHEMA}", diff --git a/configuration/etl/etl_action_defs.d/cloud_openstack/event_asset_root_volume.json b/configuration/etl/etl_action_defs.d/cloud_openstack/event_asset_root_volume.json index 58a76e29a1..64e640c878 100644 --- a/configuration/etl/etl_action_defs.d/cloud_openstack/event_asset_root_volume.json +++ b/configuration/etl/etl_action_defs.d/cloud_openstack/event_asset_root_volume.json @@ -13,34 +13,34 @@ "source_query": { "records": { - "resource_id": "staging.resource_id", - "event_id": "staging.event_id", + "resource_id": "ev.resource_id", + "event_id": "ev.event_id", "asset_id": "a.asset_id" }, "joins": [ { - "name": "openstack_staging_event", + "name": "event", "schema": "${SOURCE_SCHEMA}", - "alias": "staging" + "alias": "ev" }, { "name": "instance", "schema": "${SOURCE_SCHEMA}", "alias": "i", - "on": "i.instance_id = staging.instance_id AND i.resource_id = staging.resource_id" + "on": "i.instance_id = ev.instance_id AND i.resource_id = ev.resource_id" }, { "name": "asset", "schema": "${SOURCE_SCHEMA}", "alias": "a", - "on": "a.resource_id = staging.resource_id AND a.provider_identifier = CONCAT('root-vol-', i.provider_identifier)" + "on": "a.resource_id = ev.resource_id AND a.provider_identifier = CONCAT('root-vol-', i.provider_identifier)" }, { "name": "event_type", "schema": "${SOURCE_SCHEMA}", "alias": "etype", - "on": "etype.event_type_id = staging.event_type_id" + "on": "etype.event_type_id = ev.event_type_id" } ], diff --git a/configuration/etl/etl_action_defs.d/cloud_openstack/instance_data.json b/configuration/etl/etl_action_defs.d/cloud_openstack/instance_data.json new file mode 100644 index 0000000000..6ebba1813f --- /dev/null +++ b/configuration/etl/etl_action_defs.d/cloud_openstack/instance_data.json @@ -0,0 +1,31 @@ +{ + "table_definition": [ + { + "$ref": "${table_definition_dir}/cloud_common/instance_data.json#/table_definition" + } + ], + + "source_query": { + "records": { + "event_id": "ev.event_id", + "resource_id": "staging.resource_id", + "instance_type_id": "staging.instance_type_id", + "host_id": "staging.host_id", + "image_id": "staging.image_id" + }, + + "joins": [ + { + "name": "openstack_staging_event", + "schema": "${SOURCE_SCHEMA}", + "alias": "staging" + }, + { + "name": "event", + "schema": "${SOURCE_SCHEMA}", + "alias": "ev", + "on": "ev.resource_id = staging.resource_id AND ev.instance_id = staging.instance_id AND ev.event_time_utc = staging.event_time_utc AND ev.event_type_id = staging.event_type_id" + } + ] + } +} diff --git a/configuration/etl/etl_sql.d/cloud_generic/post_ingest_updates.sql b/configuration/etl/etl_sql.d/cloud_generic/post_ingest_updates.sql index b66fd9af18..20ac487b9f 100644 --- a/configuration/etl/etl_sql.d/cloud_generic/post_ingest_updates.sql +++ b/configuration/etl/etl_sql.d/cloud_generic/post_ingest_updates.sql @@ -44,3 +44,5 @@ JOIN ${DESTINATION_SCHEMA}.generic_cloud_raw_volume v ON v.provider_account_number = a.provider_account AND v.resource_id = a.resource_id SET a.display = v.provider_account_name // + +TRUNCATE ${DESTINATION_SCHEMA}.generic_cloud_staging_event; diff --git a/configuration/etl/etl_sql.d/cloud_openstack/post_ingest_update.sql b/configuration/etl/etl_sql.d/cloud_openstack/post_ingest_update.sql index 446e21829d..d664c77b70 100644 --- a/configuration/etl/etl_sql.d/cloud_openstack/post_ingest_update.sql +++ b/configuration/etl/etl_sql.d/cloud_openstack/post_ingest_update.sql @@ -1,6 +1,7 @@ -- Update destroy times of volume assets. This updates both volumes that are destoyed -- in volume.delete.end events and also root volumes which are inferred from compute.instance.create -- events. + CREATE TEMPORARY TABLE ${DESTINATION_SCHEMA}.tmp_volume_delete (INDEX resource_id_openstack_resource_key (`resource_id`, `openstack_resource_id`)) AS @@ -48,11 +49,6 @@ WHERE -- updates. We also cannot specify the target of the update in a subquery. I've opted to use a -- temporary table to calculate the end times and then perform the update. --- The tmp_end_times table is created when ingestion is run for the generic format and OpenStack format. IF --- the ingestion for both formats are done on the same connection a error is thrown saying that the temporary --- tale already exists when ingestion for the second format is run. To prevent this we drop the table and --- recreate it. -DROP TEMPORARY TABLE IF EXISTS ${DESTINATION_SCHEMA}.tmp_end_times; CREATE TEMPORARY TABLE ${DESTINATION_SCHEMA}.tmp_end_times AS SELECT @@ -82,3 +78,5 @@ AND TRUNCATE ${DESTINATION_SCHEMA}.openstack_raw_event; TRUNCATE ${DESTINATION_SCHEMA}.openstack_raw_instance_type; + +TRUNCATE ${DESTINATION_SCHEMA}.openstack_staging_event; diff --git a/configuration/etl/etl_tables.d/cloud_common/event.json b/configuration/etl/etl_tables.d/cloud_common/event.json index 02bf6f723e..3b0fd0b303 100644 --- a/configuration/etl/etl_tables.d/cloud_common/event.json +++ b/configuration/etl/etl_tables.d/cloud_common/event.json @@ -14,6 +14,7 @@ { "name": "event_id", "type": "bigint(20) unsigned", + "extra": "auto_increment", "nullable": false, "comment": "Generated during intermediate ingest, relative to the resource." }, @@ -62,7 +63,6 @@ "name": "PRIMARY", "columns": [ "resource_id", - "event_id", "instance_id", "event_time_utc", "event_type_id", @@ -70,6 +70,20 @@ ], "is_unique": true }, + { + "#": "For MyISAM tables, you can specify AUTO_INCREMENT on a secondary column in a", + "#": "multiple-column index. In this case, the generated value for the AUTO_INCREMENT column", + "#": "is calculated as MAX(auto_increment_column) + 1 WHERE prefix=given-prefix. This is", + "#": "useful when you want to put data into ordered groups.", + "#": "See [MyISAM Notes](https://dev.mysql.com/doc/refman/5.7/en/example-auto-increment.html)", + + "name": "increment_key", + "columns": [ + "resource_id", + "event_id" + ], + "is_unique": true + }, { "name": "fk_event_type", "columns": [ diff --git a/configuration/etl/etl_tables.d/cloud_generic/staging_event.json b/configuration/etl/etl_tables.d/cloud_generic/staging_event.json index 096d5d2aa0..0c4bfb971f 100644 --- a/configuration/etl/etl_tables.d/cloud_generic/staging_event.json +++ b/configuration/etl/etl_tables.d/cloud_generic/staging_event.json @@ -9,13 +9,6 @@ "type": "int(11)", "nullable": false }, - { - "name": "event_id", - "type": "bigint(20)", - "extra": "auto_increment", - "nullable": false, - "comment": "Auto-increment relative to resource_id. Unknown = -1" - }, { "name": "instance_id", "type": "int(11)", @@ -106,20 +99,6 @@ ], "is_unique": true }, - { - "#": "For MyISAM tables, you can specify AUTO_INCREMENT on a secondary column in a", - "#": "multiple-column index. In this case, the generated value for the AUTO_INCREMENT column", - "#": "is calculated as MAX(auto_increment_column) + 1 WHERE prefix=given-prefix. This is", - "#": "useful when you want to put data into ordered groups.", - "#": "See [MyISAM Notes](https://dev.mysql.com/doc/refman/5.7/en/example-auto-increment.html)", - - "name": "increment_key", - "columns": [ - "resource_id", - "event_id" - ], - "is_unique": true - }, { "name": "event_data", "columns": [ diff --git a/configuration/etl/etl_tables.d/cloud_openstack/staging_event.json b/configuration/etl/etl_tables.d/cloud_openstack/staging_event.json index 68519ff46a..6302eec762 100644 --- a/configuration/etl/etl_tables.d/cloud_openstack/staging_event.json +++ b/configuration/etl/etl_tables.d/cloud_openstack/staging_event.json @@ -9,13 +9,6 @@ "type": "int(11)", "nullable": false }, - { - "name": "event_id", - "type": "bigint(20)", - "extra": "auto_increment", - "nullable": false, - "comment": "Auto-increment relative to resource_id. Unknown = -1" - }, { "name": "instance_id", "type": "int(11)", @@ -113,20 +106,6 @@ ], "is_unique": true }, - { - "#": "For MyISAM tables, you can specify AUTO_INCREMENT on a secondary column in a", - "#": "multiple-column index. In this case, the generated value for the AUTO_INCREMENT column", - "#": "is calculated as MAX(auto_increment_column) + 1 WHERE prefix=given-prefix. This is", - "#": "useful when you want to put data into ordered groups.", - "#": "See [MyISAM Notes](https://dev.mysql.com/doc/refman/5.7/en/example-auto-increment.html)", - - "name": "increment_key", - "columns": [ - "resource_id", - "event_id" - ], - "is_unique": true - }, { "name": "event_data", "columns": [ From 4774e4ffb62f999e03921aa9dfa53c434442771f Mon Sep 17 00:00:00 2001 From: Greg Dean Date: Mon, 14 Jan 2019 13:55:50 -0500 Subject: [PATCH 02/25] changing constraints on table to prevent duplicate rows for assets of an event --- .../etl/etl_tables.d/cloud_common/event_asset.json | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/configuration/etl/etl_tables.d/cloud_common/event_asset.json b/configuration/etl/etl_tables.d/cloud_common/event_asset.json index c1a6de9d55..cea8cf1695 100644 --- a/configuration/etl/etl_tables.d/cloud_common/event_asset.json +++ b/configuration/etl/etl_tables.d/cloud_common/event_asset.json @@ -23,6 +23,15 @@ } ], "indexes": [ + { + "name": "PRIMARY", + "columns": [ + "resource_id", + "event_id", + "asset_id" + ], + "is_unique": true + }, { "name": "fk_event", "columns": [ From b72a5875f6218fd229303145c7e60919b5a73a80 Mon Sep 17 00:00:00 2001 From: ryanrath Date: Wed, 16 Jan 2019 14:04:21 -0500 Subject: [PATCH 03/25] Active, Primary, Most Privileged Role Consolidation (#772) * Removing Active / Primary related Code This commit deals with the removal of code that interacts with the XDUser active|primary role in anyway. The criteria for code being removed was if it calls active|primary role or is called with active|primary role and is no longer used. * Updating `mostPrivilegedRole` to Acls `getMostPrivilegedRole` will now return the most privileged Acl ( to be renamed in a later acl ). * Removing unused code / end points These functions / end points are not currently in use and are being removed ahead of the rest of the active|primary role consolidation work. * Removing the last aRole::factory usage In this commit we remove the last usage of `aRole::factory` and `XDUser::assumeActiveRole`. The key to this was refactoring two functions `XDUser::getAllRoles` and `XDUser::_getFOrmalRoleName`. `XDUser::getAllRoles` to return strings ( acl names: 'cd', 'cs', usr' etc. ) instead of `aRole` instances. And `XDUser::getFormalRoleName` to accept a new parameter `$pubDisplay` which controls whether the function will return the public acl name or display value if `$role_abbrev` is not found. Now, the `XDuser::getAllRoles` change was possible because the only function called on the results of `XDUser::getAllRoles` was `aRole->getIdentifier()` which corresponds to `Acl::getName()` ( 'cd', 'cs', 'usr' etc. ). But there was one, fairly ridiculous, side affect of not instantiating `aRole` classes which necessitated the addition of `Query::initData($realm)`. It may be best to illustrate this with a series of steps: When `XDUser::getAllRoles` returns an array of `aRole` objects: - User requests a timeseries chart from Metric Explorer - ... stuff happens .. - `XDUser::getAllRoles` is called and returns an array of `aRole` objects. - this in turn calls `XDUser::assumeActiveRole($role)` - this instantiates the role class that corresponds to $role - During the Role Class instantiation all of the query descriptors for the role are retrieved and instantiated. - During the instantiation of each `QueryDescripter` it's realm's `Aggregate` class has it's `registerStatistics` / `registerGroupBys` called. These are the functions that ensure each Realms `Query` object has it's underlying statistic / group by data structure populated. - a `HighChartTimeSeries2` class is instantiated / configured. - It looks up the requested metric in the realms statistic data structure that has already been populated, succeeds in finding it and the chart is displayed with data as expected. When `XDUser::getAllRoles` no longer calls `XDUser::assumeActiveRole` we get the following: - User requests a timeseries chart from Metric Explorer - ... stuff happens ... - `XDUser::getAllRoles` is called and returns an array of strings that represent this user's set of Roles. - No `aRole` objects are instantiated so the realms statistics / group by data structures are not populated. - a `HighChartTimeSeries2` class is instantiated / configured. - It looks up the requested metric in the **Not Populated** statistics data structure and return's no `series` data. Thus presenting an empty chart to the user. So, by adding `Query::initData($realm)` and calling it after retrieving this `Query`s realm in the following functions: - &get_group_by_name_to_instance - &get_group_by_name_to_class_name - &get_statistic_name_to_class_name We ensure that when the other `public static` functions of `Query` are called that the underlying group by / statistic data structures are populated as expected. n * Minor update to `Query::initData` Just split out the `registerStatistics` and `registerGroupBys` so that they are called based on `$_stats_initialized` and `$_group_by_initialized` respectively. * Updating Just a small update to the way previous initialization is being checked for. * Updates per testing on metrics-dev While testing on metrics-dev I ran into a problem where my Metric Explorer queries were stored not as => but => . This caused a problem when `MetricExplorer::convertActiveRoleToGlobalFilters` was called w/ the acl display value generating an error stating "Unable to find configuration information for Center Director". To make sure that installs that may still have old style user query data hanging around don't break I've updated the get queries end point to check if we have an acl name or display, and if we have a display then retrieve the associated name. A new function was added to Acls.php to help facilitate this, `getAclByDisplay`. I tested this on xdmod-dev and did not run into a problem with old-style metric explorer queries there. * Add support for campus champion parameters `Parameters::getParameters` needed to have a case `institution` to support Campus Champions users. * Updates per @jpwhite4 * Removing unneeded code We no longer need: ```php getIdentifier() + $userRole ); if ($accessPermitted) { $authorizedRoles[] = $userRole; @@ -616,12 +617,12 @@ public static function convertActiveRoleToGlobalFilters(XDUser $user, $activeRol ); } else { $activeRoleComponents = explode(':', $activeRoleId); - $activeRoleComponents = array_pad($activeRoleComponents, 2, null); - $activeRole = $user->assumeActiveRole( - $activeRoleComponents[0], - $activeRoleComponents[1] - ); - $activeRoleParameters = Parameters::getParameters($user, $activeRole->getIdentifier()); + $activeRoleId = $activeRoleComponents[0]; + $activeRole = Acls::getAclByName($activeRoleId); + if ($activeRole === null) { + $activeRoleId = ROLE_ID_PUBLIC; + } + $activeRoleParameters = Parameters::getParameters($user, $activeRoleId); } // For each set of filter parameters the role has, create an @@ -1010,7 +1011,7 @@ public static function getDimensionValueName( * @return array The realms available to the user. */ public static function getRealmsFromUser(XDUser $user, $queryGroup = 'tg_usage') { - return array_keys($user->getMostPrivilegedRole()->getAllQueryRealms($queryGroup)); + return Realms::getRealmsForUser($user); } /** diff --git a/classes/DataWarehouse/Query/Query.php b/classes/DataWarehouse/Query/Query.php index 15a6f0e5a8..df045e0131 100644 --- a/classes/DataWarehouse/Query/Query.php +++ b/classes/DataWarehouse/Query/Query.php @@ -1130,7 +1130,7 @@ public function setMultipleRoleParameters($rolearray, $user) { foreach($rolearray as $role) { - $roleparams = Parameters::getParameters($user, $role->getIdentifier()); + $roleparams = Parameters::getParameters($user, $role); if(count($roleparams) == 0 ) { // Empty where condition translates to a "WHERE 1". There is no need to add the other @@ -1498,9 +1498,7 @@ public static function &get_group_by_name_to_instance() { $realm = static::getRealm(); - if (!isset(self::$_group_by_name_to_instance[$realm])) { - self::$_group_by_name_to_instance[$realm] = array(); - } + self::initData($realm); return self::$_group_by_name_to_instance[$realm]; } @@ -1511,9 +1509,7 @@ public static function &get_group_by_name_to_class_name() { $realm = static::getRealm(); - if (!isset(self::$_group_by_name_to_class_name[$realm])) { - self::$_group_by_name_to_class_name[$realm] = array(); - } + self::initData($realm); return self::$_group_by_name_to_class_name[$realm]; } @@ -1524,13 +1520,35 @@ public static function &get_statistic_name_to_class_name() { $realm = static::getRealm(); - if (!isset(self::$_statistic_name_to_class_name[$realm])) { - self::$_statistic_name_to_class_name[$realm] = array(); - } + self::initData($realm); return self::$_statistic_name_to_class_name[$realm]; } + /** + * This function checks to see if the stats have been initialized for the provided $realm and if + * not, it calls `registerStatistics`. It also checks if the group bys have been initialized and + * if not calls`registerGroupBys`. + * + * Note: This is required because of the public static functions above. Since they are + * `public static` they can be called without having to instantiate Query ( or calling + * `Query::getGroupBy` ). So this function provides an easy method of ensuring that the + * statistics / groupBys data structures are populated before use. + * + * @param string $realm + */ + private static function initData($realm) + { + if (!isset(self::$_stats_initialized[$realm])) { + self::registerStatistics(); + + } + + if (!isset(self::$_group_bys_initialized[$realm])) { + self::registerGroupBys(); + } + } + /* * * @param $group_by_name for example 'resource', 'person', ... diff --git a/classes/DataWarehouse/QueryBuilder.php b/classes/DataWarehouse/QueryBuilder.php index 5b484536f8..900d6404a4 100644 --- a/classes/DataWarehouse/QueryBuilder.php +++ b/classes/DataWarehouse/QueryBuilder.php @@ -4,6 +4,7 @@ use Models\Services\Acls; use Models\Services\Parameters; +use XDUser; /** * Singleton class for helping guide the creation of a Query object. @@ -190,8 +191,6 @@ public function buildQueriesFromRequest(&$request, \XDUser &$user) $rp_usage_regex = '/rp_(?P[0-9]+)_usage/'; $rp_summary_regex = '/rp_(?P[0-9]+)_summary/'; - $activeRole = $user->getMostPrivilegedRole(); - if ( $query_group === 'my_usage' || $query_group === 'my_summary' @@ -224,21 +223,14 @@ public function buildQueriesFromRequest(&$request, \XDUser &$user) substr($query_group, 0, strpos($query_group, $suffix)) ); - $role_data = array_pad($role_data, 2, NULL); - - $activeRole = $user->assumeActiveRole( - $role_data[0], - $role_data[1] - ); + $activeRole = XDUser::_getFormalRoleName($role_data[0], true); - $role_parameters = Parameters::getParameters($user, $activeRole->getIdentifier()); + $role_parameters = Parameters::getParameters($user, $activeRole); $request = array_merge($request, $role_parameters); $query_group = 'tg' . $suffix; } } - $user->setCachedActiveRole($activeRole); - if (!isset($request['start_date'])) { throw new \Exception( 'Parameter start_date (yyyy-mm-dd) is not set' @@ -327,8 +319,6 @@ public function pullQueryParameterDescriptionsFromRequest( $rp_usage_regex = '/rp_(?P[0-9]+)_usage/'; $rp_summary_regex = '/rp_(?P[0-9]+)_summary/'; - $activeRole = $user->getMostPrivilegedRole(); - if (preg_match($rp_usage_regex, $query_group, $matches) > 0) { $request['provider'] = $matches['rp_id']; $query_group = 'tg_usage'; @@ -353,21 +343,14 @@ public function pullQueryParameterDescriptionsFromRequest( substr($query_group, 0, strpos($query_group, $suffix)) ); - $role_data = array_pad($role_data, 2, NULL); - - $activeRole = $user->assumeActiveRole( - $role_data[0], - $role_data[1] - ); + $activeRole = XDUser::_getFormalRoleName($role_data[0], true); - $role_parameters = Parameters::getParameters($user, $activeRole->getIdentifier()); + $role_parameters = Parameters::getParameters($user, $activeRole); $request = array_merge($request, $role_parameters); $query_group = 'tg' . $suffix; } } - $user->setCachedActiveRole($activeRole); - $query_descripter = Acls::getQueryDescripters( $user, $realm, diff --git a/classes/Models/Services/Acls.php b/classes/Models/Services/Acls.php index cc5235f291..360c175b97 100644 --- a/classes/Models/Services/Acls.php +++ b/classes/Models/Services/Acls.php @@ -528,6 +528,24 @@ public static function getAclByName($name) return null; } + /** + * Attempt to retrieve an Acl via it's `display` value. This corresponds to `moddb.acls.display` + * If an acl is not found then null will be returned. + * + * @param string $display + * @return Acl|null + * @throws Exception + */ + public static function getAclByDisplay($display) + { + $db = DB::factory('database'); + $rows = $db->query('SELECT * FROM acls a WHERE a.display = :display', array(':display' => $display)); + if (count($rows) > 0) { + return new Acl($rows[0]); + } + return null; + } + /** * Attempt to retrieve all descriptors for the provided user. * diff --git a/classes/Models/Services/Organizations.php b/classes/Models/Services/Organizations.php index b6b039a78b..2ae8db596d 100644 --- a/classes/Models/Services/Organizations.php +++ b/classes/Models/Services/Organizations.php @@ -60,6 +60,24 @@ public static function getIdByName($organizationName) return !empty($rows) ? $rows[0]['id'] : -1; } + /** + * Retrieve an organizations `abbrev` value based on the provided `$organizationId`. + * + * @param integer $organizationId + * @return string + * @throws \Exception + */ + public static function getAbbrevById($organizationId) + { + $db = DB::factory('database'); + $rows = $db->query( + "SELECT o.abbrev FROM modw.organization o WHERE o.id = :organization_id", + array(':organization_id' => $organizationId) + ); + + return $rows[0]['abbrev']; + } + /** * Attempt to retrieve the organization_id for the specified person_id. * diff --git a/classes/Models/Services/Parameters.php b/classes/Models/Services/Parameters.php index a7ab75fa1f..888a68c330 100644 --- a/classes/Models/Services/Parameters.php +++ b/classes/Models/Services/Parameters.php @@ -38,6 +38,9 @@ public static function getParameters(\XDUser $user, $aclName) case 'provider': $parameters['provider'] = (string)$user->getOrganizationID(); break; + case 'institution': + $parameters['institution'] = (string)$user->getOrganizationID(); + break; case 'person': $parameters['person'] = (string)$user->getPersonID(); break; diff --git a/classes/Rest/Controllers/MetricExplorerControllerProvider.php b/classes/Rest/Controllers/MetricExplorerControllerProvider.php index b463af7ae8..b5c28dcc36 100644 --- a/classes/Rest/Controllers/MetricExplorerControllerProvider.php +++ b/classes/Rest/Controllers/MetricExplorerControllerProvider.php @@ -2,6 +2,7 @@ namespace Rest\Controllers; +use Models\Services\Acls; use Symfony\Component\HttpKernel\Exception\BadRequestHttpException; use Silex\Application; use Symfony\Component\HttpFoundation\Request; @@ -386,6 +387,15 @@ private function removeRoleFromQuery(XDUser $user, array &$query) $activeRoleId = $queryConfig->active_role; unset($queryConfig->active_role); + // Check whether or not $activeRoleId is an acl name or acl display value. + // ( Old queries may utilize the `display` property). + $activeRole = Acls::getAclByName($activeRoleId); + if ($activeRole === null) { + $activeRole = Acls::getAclByDisplay($activeRoleId); + if ($activeRole !== null) { + $activeRoleId = $activeRole->getName(); + } + } // Convert the active role into global filters. MetricExplorer::convertActiveRoleToGlobalFilters($user, $activeRoleId, $queryConfig->global_filters); diff --git a/classes/Rest/Controllers/UserControllerProvider.php b/classes/Rest/Controllers/UserControllerProvider.php index 29e330ca7d..7f534a6e61 100644 --- a/classes/Rest/Controllers/UserControllerProvider.php +++ b/classes/Rest/Controllers/UserControllerProvider.php @@ -2,6 +2,7 @@ namespace Rest\Controllers; +use Models\Services\Organizations; use Silex\Application; use Symfony\Component\HttpFoundation\Request; @@ -126,7 +127,12 @@ private function extractUserData(XDUser $user) if ($emailAddress == NO_EMAIL_ADDRESS_SET) { $emailAddress = ''; } - + $mostPrivileged = $user->getMostPrivilegedRole(); + $mostPrivilegedFormalName = $mostPrivileged->getDisplay(); + if (count(array_intersect(XDUser::$CENTER_ACLS, $user->getAcls(true))) > 0) { + $organization = Organizations::getAbbrevById($user->getOrganizationID()); + $mostPrivilegedFormalName = "$mostPrivilegedFormalName - $organization"; + } return array( 'first_name' => $user->getFirstName(), 'last_name' => $user->getLastName(), @@ -135,8 +141,8 @@ private function extractUserData(XDUser $user) 'first_time_login' => $user->getCreationTimestamp() == $user->getLastLoginTimestamp(), 'autoload_suppression' => isset($_SESSION['suppress_profile_autoload']), 'field_of_science' => $user->getFieldOfScience(), - 'active_role' => $user->getActiveRole()->getFormalName(), - 'most_privileged_role' => $user->getMostPrivilegedRole()->getFormalName(), + 'active_role' => $mostPrivilegedFormalName, + 'most_privileged_role' => $mostPrivilegedFormalName ); } diff --git a/classes/Rest/Controllers/WarehouseControllerProvider.php b/classes/Rest/Controllers/WarehouseControllerProvider.php index d1f5a13e69..1c95f044ec 100644 --- a/classes/Rest/Controllers/WarehouseControllerProvider.php +++ b/classes/Rest/Controllers/WarehouseControllerProvider.php @@ -5,7 +5,9 @@ use DataWarehouse\Query\Exceptions\AccessDeniedException; use DataWarehouse\Query\Exceptions\NotFoundException; use DataWarehouse\Query\Exceptions\BadRequestException; +use Models\Services\Acls; use Models\Services\Parameters; +use Models\Services\Realms; use Silex\Application; use Symfony\Component\HttpFoundation\Request; use Silex\ControllerCollection; @@ -256,10 +258,6 @@ public function setupRoutes(Application $app, ControllerCollection $controller) ->convert('action', "$conversions::toString"); // Metrics routes - - $controller - ->get("$root/query_groups", "$current::getQueryGroups"); - $controller ->get("$root/realms", "$current::getRealms"); @@ -284,9 +282,6 @@ public function setupRoutes(Application $app, ControllerCollection $controller) $controller ->get("$root/quick_filters", "$current::getQuickFilters"); - $controller - ->get("$root/metrics", "$current::getMetrics"); - $controller ->get("$root/aggregation_units", "$current::getAggregationUnits"); @@ -676,29 +671,6 @@ public function searchJobsByAction(Request $request, Application $app, $action) } - /** - * Get the query groups available for the user's active role. - * - * Ported from: classes/REST/DataWarehouse/Explorer.php - * - * @param Request $request The request used to make this call. - * @param Application $app The router application. - * @return Response A response containing the following info: - * success: A boolean indicating if the call was successful. - * results: An object containing data about - * the query groups retrieved. - */ - public function getQueryGroups(Request $request, Application $app) - { - $user = $this->authorize($request); - - // Return the query groups that are available for the user's active role. - return $app->json(array( - 'success' => true, - 'results' => $user->getActiveRole()->getAllGroupNames(), - )); - } - /** * Get the realms available for the user's active role. * @@ -719,7 +691,7 @@ public function getRealms(Request $request, Application $app) $queryGroup = $this->getStringParam($request, 'querygroup', false, self::_DEFAULT_QUERY_GROUP); // Get the realms for the query group and the user's active role. - $realms = array_keys($user->getActiveRole()->getAllQueryRealms($queryGroup)); + $realms = Realms::getRealmsForUser($user); // Return the realms found. return $app->json(array( @@ -745,23 +717,25 @@ public function getDimensions(Request $request, Application $app) $user = $this->authorize($request); // Get parameters. - $realm = $this->getStringParam($request, 'realm'); - $queryGroup = $this->getStringParam($request, 'querygroup', false, self::_DEFAULT_QUERY_GROUP); + $realmParam = $this->getStringParam($request, 'realm'); // Get the dimensions for the query group, realm, and user's active role. + $groupBys = Acls::getQueryDescripters( + $user, + $realmParam + ); + $dimensionsToReturn = array(); - $realms = $user->getActiveRole()->getAllQueryRealms($queryGroup); - foreach ($realms as $query_realm_key => $query_realm_object) { - if ($realm == null || $realm == $query_realm_key) { - foreach ($query_realm_object as $k => $v) { - if ($k != "none") { - $dimensionsToReturn[] = array( - "id" => $k, - "name" => $v['all']->getGroupByLabel(), - 'Category' => $v['all']->getGroupByCategory(), - 'description' => $v['all']->getGroupByDescription() - ); - } + foreach($groupBys as $groupByName => $queryDescriptors) { + foreach($queryDescriptors as $queryDescriptor) { + if ($groupByName !== 'none') { + $dimensionsToReturn[] = array( + 'id' => $queryDescriptor->getGroupByName(), + 'name' => $queryDescriptor->getGroupByLabel(), + // NOTE: 'Category' is capitalized for historical reasons. + 'Category' => $queryDescriptor->getGroupByCategory(), + 'description' => $queryDescriptor->getGroupByDescription() + ); } } } @@ -875,16 +849,12 @@ public function getQuickFilters(Request $request, Application $app) // Generate user-specific quick filters if logged in. if (!$user->isPublicUser()) { $personId = (int)$user->getPersonID(); - $roles = $user->getAllRoles(); - $mostPrivilegedRoleIdentifier = $user->getMostPrivilegedRole()->getIdentifier(true); - foreach ($roles as $role) { - $roleIdentifier = $role->getIdentifier(true); + $acls = $user->getAcls(true); + $mostPrivilegedAcl = $user->getMostPrivilegedRole()->getName(); + foreach ($acls as $acl) { + $isMostPrivilegedRole = ($acl === $mostPrivilegedAcl) && $personId !== -1; + $parameters = Parameters::getParameters($user, $acl); - // the $personId !== -1 has been added so that people mapped to the Unknown Person - // do not have their quick filters automatically set. - $isMostPrivilegedRole = ($roleIdentifier === $mostPrivilegedRoleIdentifier) && $personId !== -1; - - $parameters = Parameters::getParameters($user, $role->getIdentifier()); foreach ($parameters as $dimensionId => $valueId) { if (!$multipleProvidersSupported && $dimensionId === $serviceProviderDimensionId) { continue; @@ -915,6 +885,7 @@ public function getQuickFilters(Request $request, Application $app) $dimensionIdsToNames[$dimensionId] = MetricExplorer::getDimensionName($user, $dimensionId); } } + } } @@ -997,57 +968,6 @@ public function getDimensionValueName(Request $request, Application $app, $dimen ); } - /** - * Get the metrics available for the user's active role. - * - * Ported from: classes/REST/DataWarehouse/Explorer.php - * - * @param Request $request The request used to make this call. - * @param Application $app The router application. - * @return Response A response containing the following info: - * success: A boolean indicating if the call was successful. - * results: An object containing data about - * the metrics retrieved. - */ - public function getMetrics(Request $request, Application $app) - { - $user = $this->authorize($request); - - // Get parameters. - $realm = $this->getStringParam($request, 'realm'); - $dimension = $this->getStringParam($request, 'dimension'); - $queryGroup = $this->getStringParam($request, 'querygroup', false, self::_DEFAULT_QUERY_GROUP); - - // Get the metrics available for the query group, realm, dimension, and - // user's active role. - $factsToReturn = array(); - $realms = $user->getActiveRole()->getAllQueryRealms($queryGroup); - foreach ($realms as $query_realm_key => $query_realm_object) { - if ($realm == null || $realm == $query_realm_key) { - $query_class_name = \DataWarehouse\QueryBuilder::getQueryRealmClassname($query_realm_key); - - $query_class_name::registerGroupBys(); - $query_class_name::registerStatistics(); - - $group_bys = array_keys($query_realm_object); - foreach ($group_bys as $group_by) { - if ($dimension == null || $dimension == $group_by) { - $group_by_instance = $query_class_name::getGroupBy($group_by); - - $factsToReturn = array_merge($factsToReturn, $group_by_instance->getPermittedStatistics()); - } - } - } - } - $factsToReturn = array_values(array_unique($factsToReturn)); - - // Return the metrics found. - return $app->json(array( - 'success' => true, - 'results' => $factsToReturn, - )); - } - /** * Get the aggregation units available for use. * @@ -1238,14 +1158,12 @@ public function getPlots(Request $request, Application $app) public function processJobSearch(Request $request, Application $app, XDUser $user, $realm, $startDate, $endDate, $action) { - - $activeRole = $user->getActiveRole(); - $queryRealms = isset($activeRole) ? $activeRole->getAllQueryRealms('tg_usage') : array(); + $queryDescripters = Acls::getQueryDescripters($user, $realm); $offset = $this->getIntParam($request, 'start', true); $limit = $this->getIntParam($request, 'limit', true); - $allowableDimensions = array_keys($queryRealms[$realm]); + $allowableDimensions = array_keys($queryDescripters); $params = $this->parseRestArguments($request, $allowableDimensions, false, 'params'); diff --git a/classes/XDUser.php b/classes/XDUser.php index 0f289ea450..5ece529da6 100644 --- a/classes/XDUser.php +++ b/classes/XDUser.php @@ -37,8 +37,6 @@ class XDUser extends CCR\Loggable implements JsonSerializable private $_timePasswordUpdated; private $_roles; - private $_primary_role; // Instance of class \User\aRole - private $_active_role; // Instance of class \User\aRole private $_field_of_science = 0; @@ -50,8 +48,6 @@ class XDUser extends CCR\Loggable implements JsonSerializable private $_update_token = false; private $_token; - private $_cachedActiveRole; - /** * An array that is assumed to be stored in the following manner: * _acls[$acl->name] = $acl; @@ -59,6 +55,11 @@ class XDUser extends CCR\Loggable implements JsonSerializable */ private $_acls; + /** + * @var Acl + */ + private $_mostPrivilegedAcl; + /** * A static reference to the public user. That is used as a singleton so * that the public user need only be retrieved from the db once. Note that @@ -108,7 +109,7 @@ class XDUser extends CCR\Loggable implements JsonSerializable * * @var array */ - private static $CENTER_ACLS = array('cd', 'cs'); + public static $CENTER_ACLS = array('cd', 'cs', 'cc'); /** * These are the only SSO attribtutes that should be included when setting `$this->ssoAttrs;` @@ -232,15 +233,6 @@ function __construct( $this->_update_token = true; $this->_token = NULL; - // ================================= - - $primary_role_name = self::_getFormalRoleName($primary_role); - - // These roles cannot be used immediately after constructing a new XDUser (since a user id has not been defined at this point). - // If you are explicitly calling 'new XDUser(...)', saveUser() must be called on the newly created XDUser object before accessing - // these roles using getPrimaryRole() and getActiveRole() - $this->_primary_role = $this->_active_role = \User\aRole::factory($primary_role_name); - $this->sticky = $sticky; parent::__construct( @@ -561,13 +553,7 @@ public static function getUserByID($uid, &$targetInstance = NULL) $user->sticky = (bool)$userCheck[0]['sticky']; - // We retrieve the most privileged acl for this user and use it for the - // active / primary role. - $mostPrivilegedAcl = Acls::getMostPrivilegedAcl($user); - $activeRoleFormalName = self::_getFormalRoleName($mostPrivilegedAcl->getName()); - - $user->_primary_role = $user->_active_role = aRole::factory($activeRoleFormalName); - $user->_active_role->configure($user); + $user->_mostPrivilegedAcl = Acls::getMostPrivilegedAcl($user); // BEGIN: ACL population $query = <<getName()); - $this->_primary_role = $this->_active_role = aRole::factory($activeRoleName); + $mostPrivilegedRoleId = $this->_getRoleID($mostPrivilegedAcl->getName()); - $active_role_id = $this->_getRoleID($this->_active_role->getIdentifier()); $this->_pdo->execute( "UPDATE UserRoles SET is_active='1' WHERE user_id=:id AND role_id=:roleId", - array('id' => $this->_id, 'roleId' => $active_role_id) + array('id' => $this->_id, 'roleId' => $mostPrivilegedRoleId) ); - $this->_active_role->configure($this); $this->_pdo->execute( "UPDATE UserRoles SET is_primary='1' WHERE user_id = :id AND role_id=:roleId", - array(':id' => $this->_id, ':roleId' => $active_role_id) + array(':id' => $this->_id, ':roleId' => $mostPrivilegedRoleId) ); $timestampData = $this->_pdo->query( @@ -1725,74 +1708,6 @@ public function disassociateWithInstitution() }//disassociateWithInstitution - // --------------------------- - - /* - * - * @function getActiveRoleID - * - * @returns string (the id of the active role) (see ROLES section in constants.php) - * - */ - - public function getActiveRoleID() - { - - return $this->_active_role->getIdentifier(); - - }//getActiveRoleID - - // --------------------------- - - private function _getActiveProvider($role_id) - { - - $active_provider = $this->_pdo->query("SELECT param_value FROM UserRoleParameters " . - "WHERE user_id=:user_id AND role_id=:role_id AND param_name='provider' AND is_active=1", array( - ':user_id' => $this->_id, - ':role_id' => $role_id, - )); - - if (count($active_provider) > 0) { - return $active_provider[0]['param_value']; - } else { - return NULL; - } - - }//_getActiveProvider - - public function getActiveRoleSettings() - { - - $mainRole = $this->_pdo->query("SELECT r.abbrev, r.role_id FROM Roles AS r, UserRoles AS ur WHERE r.role_id = ur.role_id AND ur.user_id=:user_id AND ur.is_active=1", array( - ':user_id' => $this->_id, - )); - - $mainRoleID = $mainRole[0]['role_id']; - $mainRole = $mainRole[0]['abbrev']; - - $activeCenter = -1; - - if ($mainRole == ROLE_ID_CENTER_DIRECTOR || $mainRole == ROLE_ID_CENTER_STAFF) { - - $activeCenter = $this->_pdo->query("SELECT param_value FROM UserRoleParameters WHERE user_id=:user_id AND role_id=:role_id AND is_active=1", array( - ':user_id' => $this->_id, - ':role_id' => $mainRoleID, - )); - - if (count($activeCenter) > 0) - $activeCenter = $activeCenter[0]['param_value']; - else - $activeCenter = -1; - - } - - return array('main_role' => $mainRole, 'active_center' => $activeCenter); - - }//getActiveRoleSettings - - // --------------------------- - /* * * @function setOrganizations @@ -1838,12 +1753,6 @@ public function setOrganizations($organization_ids = array(), $role = ROLE_ID_CE ':acl_id' => $acl->getAclId() ) ); - // ======================================= - - $active_is_in_set = false; - $primary_is_in_set = false; - - $active_organization = NULL; foreach ($organization_ids as $organization_id => $config) { @@ -1852,25 +1761,18 @@ public function setOrganizations($organization_ids = array(), $role = ROLE_ID_CE if (($config['active'] == true) && ($reassignActiveToPrimary == false)) { $active_flag = 1; - $active_is_in_set = true; } if ($config['primary'] == true) { $primary_flag = 1; - $primary_is_in_set = true; if ($reassignActiveToPrimary == true) { $active_flag = 1; - $active_is_in_set = true; } } - if ($active_flag == 1) { - $active_organization = $organization_id; - } - $insertStatement = "INSERT INTO UserRoleParameters " . "(user_id, role_id, param_name, param_op, param_value, is_primary, is_active, promoter) " . "VALUES (:user_id, :role_id, 'provider', '=', :param_value, :is_primary, :is_active, -1)"; @@ -1910,17 +1812,6 @@ public function setOrganizations($organization_ids = array(), $role = ROLE_ID_CE ) ); }//foreach - - // ======================================= - - if ($active_is_in_set == true) { - $this->setActiveRole($role, $active_organization); - } - - if ($primary_is_in_set == true) { - $this->setPrimaryRole($role); - } - }//setOrganizations // --------------------------- @@ -2257,111 +2148,22 @@ public function setRoles($role_set) $this->setAcls($acls); } - // --------------------------- - - /* - * - * @function getPrimaryRole - * - * @return string - * - */ - - public function getPrimaryRole() - { - - if ($this->_id == NULL) { - throw new Exception('You must call saveUser() on this newly created XDUser prior to using getPrimaryRole()'); - } - - return $this->_primary_role; - - }//getPrimaryRole - - // --------------------------- - - /* - * - * @function setPrimaryRole - * - * @param string $primary_role - * - */ - - public function setPrimaryRole($primary_role) - { - - $primary_role_name = self::_getFormalRoleName($primary_role); - - if ($primary_role_name == NULL) { - throw new Exception("Attempting to set an invalid primary role"); - } - - $this->_primary_role = \User\aRole::factory($primary_role_name); - - if ($this->_id != NULL) { - $this->_primary_role->configure($this); - } - - }//setPrimaryRole - - // --------------------------- - - /* - * - * @function getActiveRole - * - * @return aRole subclass instance - * - */ - - public function getActiveRole() - { - if ($this->_id == NULL) { - throw new Exception('You must call saveUser() on this newly created XDUser prior to using getActiveRole()'); - } - - return $this->_active_role; - - }//getActiveRole - - - public function setCachedActiveRole($role) - { - - $this->_cachedActiveRole = $role; - - } - - public function getCachedActiveRole() - { - - return $this->_cachedActiveRole; - - } - - // --------------------------- /* * * @function getMostPrivilegedRole * - * @return aRole subclass instance + * @return Acl * */ public function getMostPrivilegedRole() { + if (!isset($this->_mostPrivilegedAcl)) { + $this->_mostPrivilegedAcl = Acls::getMostPrivilegedAcl($this); + } - // XDUser::enumAllAvailableRoles already orders the roles in terms of 'visibility' / 'highest privilege' - // so just acquire the first item in the set. - $mostPrivilegedAcl = Acls::getMostPrivilegedAcl($this); - $roleName = self::_getFormalRoleName($mostPrivilegedAcl->getName()); - $role = aRole::factory($roleName); - - $role->configure($this, $mostPrivilegedAcl->getOrganizationId()); - - return $role; + return $this->_mostPrivilegedAcl; }//getMostPrivilegedRole /* @function getAllRoles @@ -2378,11 +2180,11 @@ function getAllRoles($includePublicRole = false) foreach ($this->enumAllAvailableRoles() as $availableRole) { $roleData = array_pad(explode(':', $availableRole['param_value']), 2, NULL); - $allroles[] = $this->assumeActiveRole($roleData[0], $roleData[1]); + $allroles[] = $roleData[0]; } if ($includePublicRole) { - $allroles[] = $this->assumeActiveRole(ROLE_ID_PUBLIC); + $allroles[] = ROLE_ID_PUBLIC; } return $allroles; @@ -2444,131 +2246,6 @@ private function _getRoleIDFromIdentifier($identifier) }//_getRoleIDFromIdentifier - // --------------------------- - - /* - * - * @function assumeActiveRole - * - * Allows this user to take on a role, yet does not 'record' this fact into the database (a 'virtual' role, if you will) - * - * @param int $active_role (see constants.php, ROLE_ID_... constants) - * @param int $role_param [depending on the role, a specific value tied to that role that behaves as an additional filter (e.g. organization / institution id) - * - * - */ - - public function assumeActiveRole($active_role, $role_param = NULL) - { - - if (empty($active_role)) $active_role = ROLE_ID_PUBLIC; - - $active_role_name = self::_getFormalRoleName($active_role); - - $virtual_active_role = \User\aRole::factory($active_role_name); - $virtual_active_role->configure($this, $role_param); - - return $virtual_active_role; - - }//assumeActiveRole - - // --------------------------- - - /* - * - * @function setActiveRole (NOTE: When using setActiveRole(), ensure that a subsequent call to saveUser() is made) - * - * @param int $active_role (see constants.php, ROLE_ID_... constants) - * @param int $role_param [required depending on what role is being set as active] - * - */ - - public function setActiveRole($active_role, $role_param = NULL) - { - - $active_role_name = self::_getFormalRoleName($active_role); - - if ($active_role_name == NULL) { - throw new Exception("Attempting to set an invalid active role"); - } - - $role_id = $this->_getRoleIDFromIdentifier($active_role); - - $campus_champion_role_id = $this->_getRoleIDFromIdentifier(ROLE_ID_CAMPUS_CHAMPION); - - if ($active_role == ROLE_ID_CENTER_DIRECTOR || $active_role == ROLE_ID_CENTER_STAFF) { - - if ($role_param === NULL) { - throw new Exception("An additional parameter must be passed for this role (organization id)"); - } - - if ($this->_isValidOrganizationID($role_id, $role_param) == true) { - - $this->_pdo->execute("UPDATE moddb.UserRoleParameters SET is_active=0 WHERE user_id=:user_id AND role_id != :role_id", array( - ':user_id' => $this->_id, - ':role_id' => $campus_champion_role_id, - )); - $this->_pdo->execute("UPDATE moddb.UserRoleParameters SET is_active=1 WHERE user_id=:user_id AND role_id=:role_id AND param_value=:param_value", array( - ':user_id' => $this->_id, - ':role_id' => $role_id, - ':param_value' => $role_param, - )); - - } else { - - throw new Exception("An invalid organization id has been specified for the role you are attempting to make active"); - - } - - } else { - - $this->_pdo->execute("UPDATE moddb.UserRoleParameters SET is_active=0 WHERE user_id=:user_id AND role_id != :role_id", array( - ':user_id' => $this->_id, - ':role_id' => $campus_champion_role_id, - )); - - } - - $this->_pdo->execute("UPDATE moddb.UserRoles SET is_active=0 WHERE user_id=:user_id", array( - ':user_id' => $this->_id, - )); - $this->_pdo->execute("UPDATE moddb.UserRoles SET is_active=1 WHERE user_id=:user_id AND role_id=:role_id", array( - ':user_id' => $this->_id, - ':role_id' => $role_id, - )); - - $this->_active_role = \User\aRole::factory($active_role_name); - - if ($this->_id != NULL) { - $this->_active_role->configure($this); - } - - }//setActiveRole - - - // --------------------------- - - /* - * - * @function assignActiveRoleToPrimary (Re-assigns the user's active role to their primary role (failover)) - * - */ - - public function assignActiveRoleToPrimary() - { - - $this->_pdo->execute("UPDATE moddb.UserRoles SET is_active=is_primary WHERE user_id=:user_id", array( - ':user_id' => $this->_id, - )); - $this->_pdo->execute("UPDATE moddb.UserRoleParameters SET is_active=is_primary WHERE user_id=:user_id", array( - ':user_id' => $this->_id, - )); - - }//assignActiveRoleToPrimary - - - // --------------------------- - /* * * @function getUserID @@ -2708,20 +2385,23 @@ public function getUpdateTimestamp() return $this->_timeUpdated; } - // --------------------------- - - /* + /** * @function _getFormalRoleName * (determines the formal description of a role based on its abbreviation) * - * @return string representing the formal role name if the abbreviation is recognized - * @return NULL otherwise + * @param string $role_abbrev the role abbreviation to use when looking up the formal name. + * @param bool $pubDisplay Determines whether or not to return the public roles `display` + * property or it's `name` property. We default to true ( i.e. `display` ) as that is the + * behavior that currently exists. * + * @return string representing the formal role name if the abbreviation is recognized + * @throws Exception */ - - public static function _getFormalRoleName($role_abbrev) + public static function _getFormalRoleName($role_abbrev, $pubDisplay = true) { $pdo = DB::factory('database'); + $pubColumn = $pubDisplay ? 'display' : 'name'; + $query = <<_acls); } // getAcls + /** + * Retrieve an array of names for this user's currently assigned Acls. + * + * @return String[] + */ + public function getAclNames() + { + return array_keys($this->_acls); + } + /** * Overwrite this users current set of acls with the provided ones. * diff --git a/html/controllers/metric_explorer/get_dw_descripter.php b/html/controllers/metric_explorer/get_dw_descripter.php index 5b487683d3..ee24a939ad 100644 --- a/html/controllers/metric_explorer/get_dw_descripter.php +++ b/html/controllers/metric_explorer/get_dw_descripter.php @@ -9,7 +9,7 @@ $roleDescriptors = array(); foreach ($roles as $activeRole) { - $shortRole = $activeRole->getIdentifier(); + $shortRole = $activeRole; $us_pos = strpos($shortRole, '_'); if ($us_pos > 0) { diff --git a/html/controllers/user_interface/get_menus.php b/html/controllers/user_interface/get_menus.php index 6076f89762..190ce4a97b 100644 --- a/html/controllers/user_interface/get_menus.php +++ b/html/controllers/user_interface/get_menus.php @@ -10,8 +10,6 @@ try { $user = \xd_security\detectUser(array(XDUser::PUBLIC_USER)); - $activeRole = $user->getMostPrivilegedRole(); - if (isset($_REQUEST['node']) && $_REQUEST['node'] == 'realms') { $query_group_name = 'tg_usage'; diff --git a/html/index.php b/html/index.php index 1ebde4abf4..a71fe0f400 100644 --- a/html/index.php +++ b/html/index.php @@ -239,14 +239,6 @@ function isReferrer($referrer) isManager() ? 'true' : 'false'; - $developer = $user->isDeveloper() ? 'true' : 'false'; - - $primary_center_director = ( - $user->hasAcl(ROLE_ID_CENTER_DIRECTOR) && - true //($user->getPromoter(ROLE_ID_CENTER_DIRECTOR, $user->getActiveRole()->getActiveCenter()) == -1) - ) ? 'true' : 'false'; $realms = array_reduce(Realms::getRealms(), function ($carry, Realm $item) { $carry [] = $item->getName(); return $carry; @@ -256,7 +248,7 @@ function isReferrer($referrer)