remove cache from big pages

resources/init.php

@@ -42,6 +42,7 @@
     $CONFIG["ldap"]["user"],
     $CONFIG["ldap"]["pass"],
     __DIR__ . "/../deployment/custom_user_mappings",
+    $CONFIG["ldap"]["basedn"],
     $CONFIG["ldap"]["user_ou"],
     $CONFIG["ldap"]["group_ou"],
     $CONFIG["ldap"]["pigroup_ou"],

resources/lib/UnityLDAP.php

@@ -26,13 +26,15 @@ class UnityLDAP extends ldapConn
     );
 
   // string vars for OUs
+    private $STR_BASEOU;
     private $STR_USEROU;
     private $STR_GROUPOU;
     private $STR_PIGROUPOU;
     private $STR_ORGGROUPOU;
     private $STR_ADMINGROUP;
 
   // Instance vars for various ldapEntry objects
+    private $baseOU;
     private $userOU;
     private $groupOU;
     private $pi_groupOU;
@@ -49,6 +51,7 @@ public function __construct(
         $dn,
         $pass,
         $custom_user_mappings,
+        $base_ou,
         $user_ou,
         $group_ou,
         $pigroup_ou,
@@ -59,13 +62,15 @@ public function __construct(
     ) {
         parent::__construct($host, $dn, $pass);
 
+        $this->STR_BASEOU = $base_ou;
         $this->STR_USEROU = $user_ou;
         $this->STR_GROUPOU = $group_ou;
         $this->STR_PIGROUPOU = $pigroup_ou;
         $this->STR_ORGGROUPOU = $orggroup_ou;
         $this->STR_ADMINGROUP = $admin_group;
 
       // Get Global Entries
+        $this->baseOU = $this->getEntry($base_ou);
         $this->userOU = $this->getEntry($user_ou);
         $this->groupOU = $this->getEntry($group_ou);
         $this->pi_groupOU = $this->getEntry($pigroup_ou);
@@ -218,6 +223,13 @@ public function getUnassignedID($uid, $UnitySQL)
         return $next_uid;
     }
 
+    public function getAllUsersUIDs()
+    {
+        // should not use $user_ou->getChildren or $base_ou->getChildren(objectClass=posixAccount)
+        // Unity users might be outside user ou, and not all users in LDAP tree are unity users
+        return $this->userGroup->getAttribute("memberuid");
+    }
+
   //
   // Functions that return user/group objects
   //
@@ -231,21 +243,35 @@ public function getAllUsers($UnitySQL, $UnityMailer, $UnityRedis, $UnityWebhook,
                 foreach ($users as $user) {
                     array_push($out, new UnityUser($user, $this, $UnitySQL, $UnityMailer, $UnityRedis, $UnityWebhook));
                 }
-
                 return $out;
             }
         }
 
-        $users = $this->userGroup->getAttribute("memberuid");
+        $users = $this->getAllUsersUIDs();
         sort($users);
         foreach ($users as $user) {
             $params = array($user, $this, $UnitySQL, $UnityMailer, $UnityRedis, $UnityWebhook);
             array_push($out, new UnityUser(...$params));
         }
-
         return $out;
     }
 
+    public function getAllUsersAttributes($attributes = [])
+    {
+        $include_uids = $this->getAllUsersAttributes();
+        $user_attributes = $this->baseOU->getChildrenArray(
+            $attributes,
+            true, // recursive
+            "objectClass=posixAccount"
+        );
+        foreach ($user_attributes as $i => $attributes) {
+            if (!in_array($attributes["uid"][0], $include_uids)) {
+                unset($user_attributes[$i]);
+            }
+        }
+        return $user_attributes;
+    }
+
     public function getAllPIGroups($UnitySQL, $UnityMailer, $UnityRedis, $UnityWebhook, $ignorecache = false)
     {
         $out = array();
@@ -278,6 +304,58 @@ public function getAllPIGroups($UnitySQL, $UnityMailer, $UnityRedis, $UnityWebho
         return $out;
     }
 
+    public function getAllPIGroupsAttributes($attributes = [])
+    {
+        return $this->pi_groupOU->getChildrenArray($attributes);
+    }
+
+    public function getPIGroupGIDsWithMemberUID($uid)
+    {
+        return array_map(
+            fn($x) => $x["cn"][0],
+            $this->pi_groupOU->getChildrenArray(
+                ["cn"],
+                false,
+                "(memberuid=" . ldap_escape($uid, LDAP_ESCAPE_FILTER) . ")",
+            )
+        );
+    }
+
+    public function getAllPIGroupOwnerAttributes($attributes = [])
+    {
+        // get the PI groups, filter for just the GIDs, then map the GIDs to owner UIDs
+        $owner_uids = array_map(
+            fn($x) => UnityGroup::getUIDFromPIUID($x),
+            array_map(
+                fn($x) => $x["cn"][0],
+                $this->pi_groupOU->getChildrenArray(["cn"]),
+            ),
+        );
+        $owner_attributes = $this->getAllUsersAttributes($attributes);
+        foreach ($owner_attributes as $i => $attributes) {
+            if (!in_array($attributes["uid"][0], $owner_uids)) {
+                unset($owner_attributes[$i]);
+            }
+        }
+        return $owner_attributes;
+    }
+
+    /** Returns an assosiative array where keys are UIDs and values are arrays of PI GIDs */
+    public function getAllUID2PIGIDs()
+    {
+        // initialize output so each UID is a key with an empty array as its value
+        $uids = $this->getAllUsersUIDs();
+        $uid2pigids = array_combine($uids, array_fill(0, count($uids), []));
+        // for each PI group, append that GID to the member list for each of its member UIDs
+        foreach ($this->getAllPIGroupsAttributes(["cn", "memberuid"]) as $array) {
+            $gid = $array["cn"][0];
+            foreach ($array["memberuid"] as $uid) {
+                array_push($uid2pigids[$uid], $gid);
+            }
+        }
+        return $uid2pigids;
+    }
+
     public function getAllOrgGroups($UnitySQL, $UnityMailer, $UnityRedis, $UnityWebhook, $ignorecache = false)
     {
         $out = array();
@@ -309,6 +387,11 @@ public function getAllOrgGroups($UnitySQL, $UnityMailer, $UnityRedis, $UnityWebh
         return $out;
     }
 
+    public function getAllOrgGroupsAttributes($attributes = [])
+    {
+        return $this->org_groupOU->getChildrenArray($attributes);
+    }
+
     public function getUserEntry($uid)
     {
         $uid = ldap_escape($uid, LDAP_ESCAPE_DN);

resources/lib/UnityUser.php

@@ -606,48 +606,21 @@ public function getOrgGroup()
 
     /**
      * Gets the groups this user is assigned to, can be more than one
-     * @return [type]
+     * @return string[]
      */
-    public function getGroups($ignorecache = false)
+    public function getPIGroupGIDs($ignorecache = false)
     {
-        $out = array();
-
         if (!$ignorecache) {
             $cached_val = $this->REDIS->getCache($this->getUID(), "groups");
             if (!is_null($cached_val)) {
-                $groups = $cached_val;
-                foreach ($groups as $group) {
-                    $group_obj = new UnityGroup(
-                        $group,
-                        $this->LDAP,
-                        $this->SQL,
-                        $this->MAILER,
-                        $this->REDIS,
-                        $this->WEBHOOK
-                    );
-                    array_push($out, $group_obj);
-                }
-
-                return $out;
-            }
-        }
-
-        $all_pi_groups = $this->LDAP->getAllPIGroups($this->SQL, $this->MAILER, $this->REDIS, $ignorecache);
-
-        $cache_arr = array();
-
-        foreach ($all_pi_groups as $pi_group) {
-            if (in_array($this->getUID(), $pi_group->getGroupMemberUIDs())) {
-                array_push($out, $pi_group);
-                array_push($cache_arr, $pi_group->getPIUID());
+                return $cached_val;
             }
         }
-
+        $gids = $this->LDAP->getPIGroupGIDsWithMemberUID($this->uid);
         if (!$ignorecache) {
-            $this->REDIS->setCache($this->getUID(), "groups", $cache_arr);
+            $this->REDIS->setCache($this->getUID(), "groups", $gids);
         }
-
-        return $out;
+        return $gids;
     }
 
     /**

test/functional/AccountDeletionRequestTest.php

@@ -35,7 +35,7 @@ public function testRequestAccountDeletionUserHasNoGroups()
     {
         global $USER, $SQL;
         switchUser(...getUserHasNotRequestedAccountDeletionHasNoGroups());
-        $this->assertEmpty($USER->getGroups());
+        $this->assertEmpty($USER->getPIGroupGIDs());
         $this->assertNumberAccountDeletionRequests(0);
         try {
             http_post(
@@ -59,7 +59,7 @@ public function testRequestAccountDeletionUserHasGroup()
         // FIXME this should be an error
         global $USER, $SQL;
         switchUser(...getUserHasNotRequestedAccountDeletionHasGroup());
-        $this->assertNotEmpty($USER->getGroups());
+        $this->assertNotEmpty($USER->getPIGroupGIDs());
         $this->assertNumberAccountDeletionRequests(0);
         try {
             http_post(

webroot/admin/pi-mgmt.php

@@ -109,21 +109,14 @@
         <td>Actions</td>
     </tr>
 
-<?php
-    $accounts = $LDAP->getAllPIGroups($SQL, $MAILER, $REDIS, $WEBHOOK);
-
-    usort($accounts, function ($a, $b) {
-        return strcmp($a->getPIUID(), $b->getPIUID());
-    });
-
-    foreach ($accounts as $pi_group) {
-        $pi_user = $pi_group->getOwner();
-
+    <?php
+    $owner_attributes = $LDAP->getAllPIGroupOwnerAttributes(["uid", "gecos", "mail"]);
+    usort($owner_attributes, fn($a, $b) => strcmp($a["uid"][0], $b["uid"][0]));
+    foreach ($owner_attributes as $attributes) {
         echo "<tr class='expandable'>";
-        echo "<td><button class='btnExpand'>&#9654;</button>" . $pi_user->getFirstname() .
-        " " . $pi_user->getLastname() . "</td>";
-        echo "<td>" . $pi_group->getPIUID() . "</td>";
-        echo "<td><a href='mailto:" . $pi_user->getMail() . "'>" . $pi_user->getMail() . "</a></td>";
+        echo "<td><button class='btnExpand'>&#9654;</button>" . $attributes["gecos"][0] . "</td>";
+        echo "<td>" . UnityGroup::getPIUIDfromUID($attributes["uid"][0]) . "</td>";
+        echo "<td><a href='mailto:" . $attributes["mail"][0] . "'>" . $attributes["mail"][0] . "</a></td>";
         echo "</tr>";
     }
     ?>

webroot/admin/user-mgmt.php

@@ -37,36 +37,31 @@
     </tr>
 
     <?php
-    $users = $LDAP->getAllUsers($SQL, $MAILER, $REDIS, $WEBHOOK);
-
-    usort($users, function ($a, $b) {
-        return strcmp($a->getUID(), $b->getUID());
-    });
-
-    foreach ($users as $user) {
-        if ($user->hasRequestedAccountDeletion()) {
+    $UID2PIGIDs = $LDAP->getAllUID2PIGIDs();
+    $user_attributes = $LDAP->getAllUsersAttributes(["uid", "gecos", "o", "mail"]);
+    usort($user_attributes, fn ($a, $b) => strcmp($a["uid"][0], $b["uid"][0]));
+    foreach ($user_attributes as $attributes) {
+        $uid = $attributes["uid"][0];
+        if ($SQL->accDeletionRequestExists($uid)) {
             echo "<tr style='color:grey; font-style: italic'>";
         } else {
             echo "<tr>";
         }
-        echo "<td>" . $user->getFirstname() . " " . $user->getLastname() . "</td>";
-        echo "<td>" . $user->getUID() . "</td>";
-        echo "<td>" . $user->getOrg() . "</td>";
-        echo "<td><a href='mailto:" . $user->getMail() . "'>" . $user->getMail() . "</a></td>";
+        echo "<td>" . $attributes["gecos"][0] . "</td>";
+        echo "<td>" . $uid . "</td>";
+        echo "<td>" . $attributes["o"][0] . "</td>";
+        echo "<td><a href='mailto:" . $attributes["mail"][0] . "'>" . $attributes["mail"][0] . "</a></td>";
         echo "<td>";
-        $cur_user_groups = $user->getGroups();
-        foreach ($cur_user_groups as $cur_group) {
-            echo "<a href='mailto:" . $cur_group->getOwner()->getMail() . "'>" . $cur_group->getPIUID() . "</a>";
-            if ($cur_group !== array_key_last($cur_user_groups)) {
-                echo '<br>';
-            }
+        foreach ($UID2PIGIDs[$uid] as $gid) {
+            echo "<p>$gid</p>";
         }
+        echo "<br>";
         echo "</td>";
         echo "<td>";
         echo "<form class='viewAsUserForm' action='' method='POST'
-        onsubmit='return confirm(\"Are you sure you want to switch to the user " . $user->getUID() . "?\");'>
+        onsubmit='return confirm(\"Are you sure you want to switch to the user '$uid'?\");'>
         <input type='hidden' name='form_type' value='viewAsUser'>
-        <input type='hidden' name='uid' value='" . $user->getUID() . "'>
+        <input type='hidden' name='uid' value='$uid'>
         <input type='submit' name='action' value='Access'>
         </form>";
         echo "</td>";

webroot/panel/account.php

@@ -78,7 +78,7 @@
             $USER->getPIGroup()->cancelGroupRequest();
             break;
         case "account_deletion_request":
-            $hasGroups = count($USER->getGroups()) > 0;
+            $hasGroups = count($USER->getPIGroupGIDs()) > 0;
             if ($hasGroups) {
                 break;
             }
@@ -117,7 +117,7 @@
 
 <?php
 
-$isActive = count($USER->getGroups()) > 0;
+$isActive = count($USER->getPIGroupGIDs()) > 0;
 $isPI = $USER->isPI();
 
 if ($isPI) {
@@ -222,7 +222,7 @@
 <h5>Account Deletion</h5>
 
 <?php
-$hasGroups = count($USER->getGroups()) > 0;
+$hasGroups = count($USER->getPIGroupGIDs()) > 0;
 
 if ($hasGroups) {
     echo "<p>You cannot request to delete your account while you are in a PI group.</p>";

webroot/panel/groups.php

@@ -63,7 +63,7 @@
 <hr>
 
 <?php
-$groups = $USER->getGroups();
+$PIGroupGIDs = $USER->getPIGroupGIDs();
 
 $requests = $SQL->getRequestsByUser($USER->getUID());
 
@@ -97,27 +97,28 @@
     }
     echo "</table>";
 
-    if (count($groups) > 0) {
+    if (count($PIGroupGIDs) > 0) {
         echo "<hr>";
     }
 }
 
 echo "<h5>Current Groups</h5>";
 
-if ($USER->isPI() && count($groups) == 1) {
+if ($USER->isPI() && count($PIGroupGIDs) == 1) {
     echo "You are only a member of your own PI group.
     Navigate to the <a href='" . $CONFIG["site"]["prefix"] . "/panel/pi.php'>my users</a> page to see your group.";
 }
 
-if (count($groups) == 0) {
+if (count($PIGroupGIDs) == 0) {
     echo "You are not a member of any groups. Request to join a PI using the button below,
     or request your own PI account on the <a href='" . $CONFIG["site"]["prefix"] .
     "/panel/account.php'>account settings</a> page";
 }
 
 echo "<table>";
 
-foreach ($groups as $group) {
+foreach ($PIGroupGIDs as $gid) {
+    $group = new UnityGroup($gid, $LDAP, $SQL, $MAILER, $REDIS, $WEBHOOK);
     $owner = $group->getOwner();
 
     if ($USER->getUID() == $owner->getUID()) {