add users to LDAP immediately

CONTRIBUTING.md

@@ -63,6 +63,7 @@ Notable users:
 - `user1@org1.test` - admin, PI
 - `user2@org1.test` - not admin, not PI
 - `user2000@org2.test` - does not yet have an account
+- `user2005@org1.test` - regsitered but not qualified (not a PI or in a PI group)
 
 ### Changes to Dev Environment
 

README.md

@@ -117,6 +117,8 @@ rm "$prod" && ln -s "$old" "$prod"
 ### 1.3 -> 1.4
 
 - the `[ldap]user_group` option has been renamed to `[ldap]qualified_user_group`
+- the `user_created ` mail template has been renamed to `user_qualified`
+- the `user_dequalified` mail template has been added
 
 ### 1.2 -> 1.3
 

resources/lib/UnityGroup.php

@@ -65,43 +65,28 @@ public function exists(): bool
         return $this->entry->exists();
     }
 
-    public function requestGroup(
-        string $firstname,
-        string $lastname,
-        string $email,
-        string $org,
-        bool $send_mail_to_admins,
-        bool $send_mail = true,
-    ): void {
+    public function requestGroup(bool $send_mail_to_admins, bool $send_mail = true): void
+    {
         if ($this->exists()) {
             return;
         }
         if ($this->SQL->accDeletionRequestExists($this->getOwner()->uid)) {
             return;
         }
-        $this->SQL->addRequest($this->getOwner()->uid, $firstname, $lastname, $email, $org);
+        $context = [
+            "user" => $this->getOwner()->uid,
+            "org" => $this->getOwner()->getOrg(),
+            "name" => $this->getOwner()->getFullName(),
+            "email" => $this->getOwner()->getMail(),
+        ];
+        $this->SQL->addRequest($this->getOwner()->uid);
         if ($send_mail) {
-            $this->MAILER->sendMail($email, "group_request");
-            $this->WEBHOOK->sendWebhook("group_request_admin", [
-                "user" => $this->getOwner()->uid,
-                "org" => $org,
-                "name" => "$firstname $lastname",
-                "email" => $email,
-            ]);
+            $this->MAILER->sendMail($this->getOwner()->getMail(), "group_request");
+            $this->WEBHOOK->sendWebhook("group_request_admin", $context);
             if ($send_mail_to_admins) {
-                $this->MAILER->sendMail("admin", "group_request_admin", [
-                    "user" => $this->getOwner()->uid,
-                    "org" => $org,
-                    "name" => "$firstname $lastname",
-                    "email" => $email,
-                ]);
+                $this->MAILER->sendMail("admin", "group_request_admin", $context);
             }
-            $this->MAILER->sendMail("pi_approve", "group_request_admin", [
-                "user" => $this->getOwner()->uid,
-                "org" => $org,
-                "name" => "$firstname $lastname",
-                "email" => $email,
-            ]);
+            $this->MAILER->sendMail("pi_approve", "group_request_admin", $context);
         }
     }
 
@@ -115,15 +100,7 @@ public function approveGroup(?UnityUser $operator = null, bool $send_mail = true
         if ($this->exists()) {
             return;
         }
-        if (!$this->getOwner()->exists()) {
-            $this->getOwner()->init(
-                $request["firstname"],
-                $request["lastname"],
-                $request["email"],
-                $request["org"],
-                $send_mail,
-            );
-        }
+        \ensure($this->getOwner()->exists());
         $this->init();
         $this->SQL->removeRequest($this->getOwner()->uid);
         $operator = is_null($operator) ? $this->getOwner()->uid : $operator->uid;
@@ -134,8 +111,9 @@ public function approveGroup(?UnityUser $operator = null, bool $send_mail = true
             $this->getOwner()->uid,
         );
         if ($send_mail) {
-            $this->MAILER->sendMail($request["email"], "group_created");
+            $this->MAILER->sendMail($this->getOwner()->getMail(), "group_created");
         }
+        $this->getOwner()->setIsQualified(true); // having your own group makes you qualified
     }
 
     /**
@@ -156,7 +134,7 @@ public function denyGroup(?UnityUser $operator = null, bool $send_mail = true):
             $this->getOwner()->uid,
         );
         if ($send_mail) {
-            $this->MAILER->sendMail($request["email"], "group_denied");
+            $this->MAILER->sendMail($this->getOwner()->getMail(), "group_denied");
         }
     }
 
@@ -237,14 +215,7 @@ public function cancelGroupJoinRequest(UnityUser $user, bool $send_mail = true):
     public function approveUser(UnityUser $new_user, bool $send_mail = true): void
     {
         $request = $this->SQL->getRequest($new_user->uid, $this->gid);
-        if (!$new_user->exists()) {
-            $new_user->init(
-                $request["firstname"],
-                $request["lastname"],
-                $request["email"],
-                $request["org"],
-            );
-        }
+        \ensure($new_user->exists());
         $this->addUserToGroup($new_user);
         $this->SQL->removeRequest($new_user->uid, $this->gid);
         if ($send_mail) {
@@ -254,11 +225,12 @@ public function approveUser(UnityUser $new_user, bool $send_mail = true): void
             $this->MAILER->sendMail($this->getOwner()->getMail(), "group_user_added_owner", [
                 "group" => $this->gid,
                 "user" => $new_user->uid,
-                "name" => $request["firstname"] . " " . $request["lastname"],
-                "email" => $request["email"],
-                "org" => $request["org"],
+                "name" => $new_user->getFullname(),
+                "email" => $new_user->getMail(),
+                "org" => $new_user->getOrg(),
             ]);
         }
+        $new_user->setIsQualified(true); // being in a group makes you qualified
     }
 
     public function denyUser(UnityUser $new_user, bool $send_mail = true): void
@@ -267,7 +239,7 @@ public function denyUser(UnityUser $new_user, bool $send_mail = true): void
         // remove request, this will fail silently if the request doesn't exist
         $this->SQL->removeRequest($new_user->uid, $this->gid);
         if ($send_mail) {
-            $this->MAILER->sendMail($request["email"], "group_user_denied", [
+            $this->MAILER->sendMail($new_user->getMail(), "group_user_denied", [
                 "group" => $this->gid,
             ]);
             $this->MAILER->sendMail($this->getOwner()->getMail(), "group_user_denied_owner", [
@@ -304,14 +276,8 @@ public function removeUser(UnityUser $new_user, bool $send_mail = true): void
         }
     }
 
-    public function newUserRequest(
-        UnityUser $new_user,
-        string $firstname,
-        string $lastname,
-        string $email,
-        string $org,
-        bool $send_mail = true,
-    ): void {
+    public function newUserRequest(UnityUser $new_user, bool $send_mail = true): void
+    {
         if ($this->memberExists($new_user)) {
             UnityHTTPD::errorLog("warning", "user '$new_user' already in group");
             return;
@@ -324,17 +290,17 @@ public function newUserRequest(
             throw new Exception("user '$new_user' requested account deletion");
             return;
         }
-        $this->addRequest($new_user->uid, $firstname, $lastname, $email, $org);
+        $this->addRequest($new_user->uid);
         if ($send_mail) {
-            $this->MAILER->sendMail($email, "group_user_request", [
+            $this->MAILER->sendMail($new_user->getMail(), "group_user_request", [
                 "group" => $this->gid,
             ]);
             $this->MAILER->sendMail($this->getOwner()->getMail(), "group_user_request_owner", [
                 "group" => $this->gid,
                 "user" => $new_user->uid,
-                "name" => "$firstname $lastname",
-                "email" => $email,
-                "org" => $org,
+                "name" => $new_user->getFullname(),
+                "email" => $new_user->getMail(),
+                "org" => $new_user->getOrg(),
             ]);
         }
     }
@@ -352,14 +318,7 @@ public function getRequests(): array
                 $this->REDIS,
                 $this->WEBHOOK,
             );
-            array_push($out, [
-                $user,
-                $request["timestamp"],
-                $request["firstname"],
-                $request["lastname"],
-                $request["email"],
-                $request["org"],
-            ]);
+            array_push($out, [$user, $request["timestamp"]]);
         }
         return $out;
     }
@@ -471,14 +430,9 @@ public function memberExists(UnityUser $user): bool
         return in_array($user->uid, $this->getGroupMemberUIDs());
     }
 
-    private function addRequest(
-        string $uid,
-        string $firstname,
-        string $lastname,
-        string $email,
-        string $org,
-    ): void {
-        $this->SQL->addRequest($uid, $firstname, $lastname, $email, $org, $this->gid);
+    private function addRequest(string $uid): void
+    {
+        $this->SQL->addRequest($uid, $this->gid);
     }
 
     public function getOwner(): UnityUser

resources/lib/UnitySQL.php

@@ -34,32 +34,17 @@ public function getConn(): PDO
     //
     // requests table methods
     //
-    public function addRequest(
-        string $requestor,
-        string $firstname,
-        string $lastname,
-        string $email,
-        string $org,
-        string $dest = self::REQUEST_BECOME_PI,
-    ): void {
+    public function addRequest(string $requestor, string $dest = self::REQUEST_BECOME_PI): void
+    {
         if ($this->requestExists($requestor, $dest)) {
             return;
         }
 
         $stmt = $this->conn->prepare(
-            "INSERT INTO " .
-                self::TABLE_REQS .
-                " " .
-                "(uid, firstname, lastname, email, org, request_for) VALUES " .
-                "(:uid, :firstname, :lastname, :email, :org, :request_for)",
+            "INSERT INTO " . self::TABLE_REQS . " (uid, request_for) VALUES (:uid, :request_for)",
         );
         $stmt->bindParam(":uid", $requestor);
         $stmt->bindParam(":request_for", $dest);
-        $stmt->bindParam(":firstname", $firstname);
-        $stmt->bindParam(":lastname", $lastname);
-        $stmt->bindParam(":email", $email);
-        $stmt->bindParam(":org", $org);
-
         $stmt->execute();
     }
 

resources/lib/UnityUser.php

@@ -105,24 +105,54 @@ public function init(
             $org->addUser($this);
         }
 
-        $this->LDAP->getQualifiedUserGroup()->appendAttribute("memberuid", $this->uid);
-        $this->LDAP->getQualifiedUserGroup()->write();
-
-        $default_value_getter = [$this->LDAP, "getSortedQualifiedUsersForRedis"];
-        $this->REDIS->appendCacheArray(
-            "sorted_qualified_users",
-            "",
-            $this->uid,
-            $default_value_getter,
-        );
-
         $this->SQL->addLog($this->uid, $_SERVER["REMOTE_ADDR"], "user_added", $this->uid);
+    }
 
-        if ($send_mail) {
-            $this->MAILER->sendMail($this->getMail(), "user_created", [
-                "user" => $this->uid,
-                "org" => $this->getOrg(),
-            ]);
+    public function isQualified(): bool
+    {
+        return $this->LDAP->getQualifiedUserGroup()->attributeValueExists("memberUid", $this->uid);
+    }
+
+    public function setIsQualified(bool $newIsQualified, bool $doSendMail = true): void
+    {
+        $oldIsQualified = $this->isQualified();
+        if ($oldIsQualified == $newIsQualified) {
+            return;
+        }
+        if ($newIsQualified) {
+            $this->LDAP->getQualifiedUserGroup()->appendAttribute("memberuid", $this->uid);
+            $this->LDAP->getQualifiedUserGroup()->write();
+            $default_value_getter = [$this->LDAP, "getSortedQualifiedUsersForRedis"];
+            $this->REDIS->appendCacheArray(
+                "sorted_qualified_users",
+                "",
+                $this->uid,
+                $default_value_getter,
+            );
+            if ($doSendMail) {
+                $this->MAILER->sendMail($this->getMail(), "user_qualified", [
+                    "user" => $this->uid,
+                    "org" => $this->getOrg(),
+                ]);
+            }
+        } else {
+            $this->LDAP
+                ->getQualifiedUserGroup()
+                ->removeAttributeEntryByValue("memberuid", $this->uid);
+            $this->LDAP->getQualifiedUserGroup()->write();
+            $default_value_getter = [$this->LDAP, "getSortedQualifiedUsersForRedis"];
+            $this->REDIS->removeCacheArray(
+                "sorted_qualified_users",
+                "",
+                $this->uid,
+                $default_value_getter,
+            );
+            if ($doSendMail) {
+                $this->MAILER->sendMail($this->getMail(), "user_dequalified", [
+                    "user" => $this->uid,
+                    "org" => $this->getOrg(),
+                ]);
+            }
         }
     }
 

resources/mail/user_dequalified.php

@@ -0,0 +1,10 @@
+<?php
+
+// this template is sent when a user account is no longer qualified
+$this->Subject = "User Deactivated"; ?>
+
+<p>Hello,</p>
+
+<p>Your account on the Unity cluster has been deactivated.</p>
+
+<p>If you believe this to be a mistake, please reply to this email as soon as possible.</p>

resources/mail/user_created.php → resources/mail/user_qualified.php

@@ -1,7 +1,7 @@
 <?php
 
-// this template is sent when a user account gets created
-$this->Subject = "User Created"; ?>
+// this template is sent when a user account becomes qualified
+$this->Subject = "User Activated"; ?>
 
 <p>Hello,</p>