#!/usr/bin/env php

<?php
// This file is part of BOINC.
// http://boinc.berkeley.edu
// Copyright (C) 2011 University of California
//
// BOINC is free software; you can redistribute it and/or modify it
// under the terms of the GNU Lesser General Public License
// as published by the Free Software Foundation,
// either version 3 of the License, or (at your option) any later version.
//
// BOINC is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
// See the GNU Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public License
// along with BOINC.  If not, see <http://www.gnu.org/licenses/>.

// script for controlling "manage" privileges.
// See http://boinc.berkeley.edu/trac/wiki/MultiUser
// Run this from the project directory.

// usage:
// 
// manage_privileges grant userid {appname|all}
// manage_privileges revoke userid {appname|all}
// manage_privileges list
//
// grant/revoke the "manage" privileges for the given app (or all apps),
// or list all privileges

error_reporting(E_ALL);
ini_set('display_errors', true);
ini_set('display_startup_errors', true);

function usage() {
    die("usage:
manage_privileges grant userid {appname|all}
manage_privileges revoke userid {appname|all}
manage_privileges list
");
}

function show_user($user) {
    echo "$user->name (ID $user->id)\n";
}

function show_managers() {
    echo "Users with global manager privileges: \n";
    $buss = BoincUserSubmit::enum("manage_all<>0");
    if (!count($buss)) {
        echo "none\n";
    } else {
        foreach ($buss as $bus) {
            $user = BoincUser::lookup_id($bus->user_id);
            show_user($user);
        }
    }

    $apps = BoincApp::enum(null);
    foreach ($apps as $app) {
        echo "\nUsers with manager privileges for $app->name:\n";
        $busas = BoincUserSubmitApp::enum("app_id=$app->id and manage<>0");
        if (!count($busas)) {
            echo "none\n";
        } else {
            foreach ($busas as $busa) {
                $user = BoincUser::lookup_id($busa->user_id);
                show_user($user);
            }
        }
    }
}

if (!file_exists("config.xml")) {
    die("run this script from the project directory\n");
}

chdir("html/inc");

require_once("boinc_db.inc");
require_once("submit_db.inc");

if ($argc < 2) usage();

if ($argv[1] == "list") {
    show_managers();
    exit;
}

if ($argc < 4) usage();

$user = BoincUser::lookup_id($argv[2]);
if (!$user) {
    die("no such user: ".$argv[1]."\n");
}

if ($argv[1] === "grant") {
    $grant = true;
} else if ($argv[1] === "revoke") {
    $grant = false;
} else {
    usage();
}

if ($argv[3] === "all") {
    $bus = BoincUserSubmit::lookup_userid($user->id);
    if ($bus) {
        if ($grant) {
            if ($bus->manage_all) {
                die("User $user->id already has global manage access\n");
            } else {
                $bus->update("manage_all=1");
            }
        } else {
            if ($bus->manage_all) {
                $bus->update("manage_all=0");
            } else {
                die("User $user->id does not have global manage access\n");
            }
        }
    } else {
        if ($grant) {
            BoincUserSubmit::insert("set user_id=$user->id, manage_all=1");
        } else {
            die("User $user->id does not have global manage access\n");
        }
    }
} else {
    $app = BoincApp::lookup("name='".$argv[3]."'");
    if (!$app) die("no such app: ".$argv[3]."\n");
    $busa = BoincUserSubmitApp::lookup("user_id=$user->id and app_id=$app->id");
    if ($busa) {
        if ($grant) {
            if ($busa->manage) {
                die("User $user->id already has manage access for $app->name\n");
            } else {
                $busa->update("manage=1");
            }
        } else {
            if ($busa->manage) {
                $busa->update("manage=0");
            } else {
                die("User $user->id does not have manage access for $app->name\n");
            }
        }
    } else {
        if ($grant) {
            $bus = BoincUserSubmit::lookup_userid($user->id);
            if (!$bus) {
                BoincUserSubmit::insert("set user_id=$user->id");
            }
            BoincUserSubmitApp::insert("set user_id=$user->id, app_id=$app->id,  manage=1");
        } else {
            die("User $user->id does not have manage access for $app->name\n");
        }
    }
}
echo "Done.\n";

?>