implement logic behind user flags#473
Closed
simonLeary42 wants to merge 1 commit intomainfrom
Closed
Conversation
simonLeary42
force-pushed
the
account-expiry
branch
from
940c8d5 to
07d951b
Compare
simonLeary42
force-pushed
the
account-expiry
branch
from
88a76c4 to
d7d5cde
Compare
Member
Author
|
TODO: |
simonLeary42
force-pushed
the
account-expiry
branch
10 times, most recently
from
268865e to
bb11a6b
Compare
Contributor
There was a problem hiding this comment.
Pull request overview
This pull request implements user flag logic and PI group lifecycle management for the Unity HPC account portal. It introduces functionality for handling ghost accounts (soft-deleted users), locked/idle-locked accounts, and the ability to disband PI groups while preserving data ownership.
Key changes:
- Adds LDAP schema for tracking defunct PI groups with the
isDefunctattribute - Implements ghost account resurrection flow when deleted users re-register
- Adds disband functionality for PI groups (accessible by both PI owners and admins)
- Implements automatic idle-unlock and locked account checks on login
- Adds comprehensive test coverage for all new user flag scenarios
Reviewed changes
Copilot reviewed 28 out of 28 changed files in this pull request and generated 10 comments.
Show a summary per file
| File | Description |
|---|---|
| webroot/panel/pi.php | Adds disband button and handler for PI owners to disband their own groups |
| webroot/panel/new_account.php | Implements ghost account detection and resurrection with welcome message |
| webroot/admin/pi-mgmt.php | Adds admin interface for disbanding PI groups, filters defunct groups from listings |
| tools/docker-dev/identity/unity-cluster-schema.ldif | Defines new LDAP schema with isDefunct attribute and unityClusterPIGroup object class |
| tools/docker-dev/identity/bootstrap.ldif | Updates test data with ghost users, locked users, and defunct PI groups for testing |
| tools/docker-dev/identity/Dockerfile | Adds LDAP schema installation step to Docker build |
| resources/lib/UnityUser.php | Modifies init() to skip LDAP creation for ghosts, updates isPI() to check defunct status, makes setFlag() return boolean |
| resources/lib/UnityGroup.php | Adds disband() and reinstate() methods, implements getIsDefunct()/setIsDefunct(), updates qualification logic |
| resources/lib/UnityLDAP.php | Adds getAllNonDefunctPIGroupOwnerUIDs() to filter out defunct groups from admin interfaces |
| resources/lib/UnityOrg.php | Fixes objectclass format to use array instead of constant |
| resources/init.php | Adds locked account check and automatic idle-unlock on login |
| resources/mail/group_reinstate.php | New email template sent when defunct PI group is reinstated |
| test/* | Comprehensive test coverage for ghost resurrection, defunct groups, user removal, idle unlock, and disband functionality |
| README.md | Documents LDAP schema upgrade requirement for version 1.7 |
| LDAP.md | Updates terminology to define ghost users and defunct groups |
| phpstan.neon | Excludes test template file from analysis |
Comments suppressed due to low confidence (1)
resources/lib/UnityGroup.php:55
- When a defunct group exists and a user requests to become PI again, the logic allows creating a new request (line 43 returns early only if exists AND not defunct). However, there's no check to prevent duplicate requests for reinstating a defunct group. This could allow multiple pending requests for the same defunct group to be created in the SQL database.
if ($this->exists() && !$this->getIsDefunct()) {
return;
}
if ($this->SQL->accDeletionRequestExists($this->getOwner()->uid)) {
return;
}
$context = [
"user" => $this->getOwner()->uid,
"org" => $this->getOwner()->getOrg(),
"name" => $this->getOwner()->getFullName(),
"email" => $this->getOwner()->getMail(),
];
$this->SQL->addRequest($this->getOwner()->uid, UnitySQL::REQUEST_BECOME_PI);
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
simonLeary42
force-pushed
the
account-expiry
branch
8 times, most recently
from
f0d8793 to
e5a78f5
Compare
simonLeary42
force-pushed
the
account-expiry
branch
from
e5a78f5 to
c370289
Compare
Member
Author
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #392
Changes:
isDefunctqualifieduser flag correctly in every place whenever a user is added or removed from a PI groupmemberuidattribute in PI group LDAP entrylockedflagidlelockedflag whenever a user logs in and send them a message that they have unlockedTODO:
new_account.phptoaccount.phpgetIsDefunct,setIsDefunctisDefunctunset is treated as falseisDefunctunset groups andisDefunct=FALSEgroups are both shown inpi-mgmt.phpFuture Work: