source: tags/2.1.5/bin/acl.cli.php @ 377

Last change on this file since 377 was 377, checked in by quinn, 14 years ago

Releasing trunk as stable version 2.1.5
  • Property svn:executable set to *
File size: 12.5 KB
Line 
1#!/usr/bin/php
2<?php
3/**
4 * The Strangecode Codebase - a general application development framework for PHP
5 * For details visit the project site: <http://trac.strangecode.com/codebase/>
6 * Copyright 2001-2010 Strangecode, LLC
7 *
8 * This file is part of The Strangecode Codebase.
9 *
10 * The Strangecode Codebase is free software: you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License as published by the
12 * Free Software Foundation, either version 3 of the License, or (at your option)
13 * any later version.
14 *
15 * The Strangecode Codebase is distributed in the hope that it will be useful, but
16 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
17 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
18 * details.
19 *
20 * You should have received a copy of the GNU General Public License along with
21 * The Strangecode Codebase. If not, see <http://www.gnu.org/licenses/>.
22 */
23
24/*
25* acl.cli.php
26*
27* @author   Quinn Comendant <quinn@strangecode.com>
28* @version  1.0
29* @since    14 Jun 2006 23:10:45
30*/
31
32
33/********************************************************************
34* STARTUP
35********************************************************************/
36
37$this_script = basename($_SERVER['argv'][0]);
38
39// Give them a fighting chance. Show the help message. ;P
40if ($_SERVER['argc'] <= 1) {
41    help();
42}
43
44// Make sure necessary files exist.
45define('COMMON_BASE', realpath('.'));
46$db_quth_file = COMMON_BASE . '/global/db_auth.inc.php';
47if (!file_exists($db_quth_file)) {
48    die(sprintf("%s error: the current directory must be common site directory (i.e. the parent directory of the document root) AND the global/db_auth.inc.php file must exist.\n", $this_script));
49}
50
51if (fileowner($db_quth_file) != getmyuid()) {
52    die(sprintf("%s error: you must execute this script as the owner of the web files.\n", $this_script));
53}
54
55// Set include path.
56ini_set('include_path', get_include_path()
57    . PATH_SEPARATOR . COMMON_BASE
58);
59
60
61/********************************************************************
62* CONFIG
63********************************************************************/
64
65// Include core libraries.
66require_once 'codebase/lib/App.inc.php';
67require_once 'codebase/lib/Utilities.inc.php';
68
69$app =& App::getInstance('module_maker');
70$app->setParam(array(
71    'site_name' => 'ACL cli',
72    'site_email' => 'codebase@strangecode.com',
73    'enable_session' => false,
74    'enable_db' => true,
75    'db_always_debug' => false,
76    'db_debug' => true,
77    'db_die_on_failure' => true,
78    'display_errors' => true,
79    'error_reporting' => E_ALL,
80    'log_file_priority' => LOG_INFO,
81    'log_screen_priority' => LOG_ERR,
82    'log_directory' => COMMON_BASE . '/log',
83    'log_filename' => 'site_log',
84));
85require_once 'global/db_auth.inc.php';
86
87// Start application-based functionality: database, session, environment, ini setup, etc.
88// Most configuration parameters must be set before starting the App.
89$app->start();
90
91// Global DB object. Automatically pre-configured by $app->start().
92$db =& DB::getInstance();
93
94// ACL!
95require_once 'codebase/lib/ACL.inc.php';
96$acl =& ACL::getInstance();
97$acl->setParam(array('create_table' => false));
98
99
100/********************************************************************
101* MAIN
102********************************************************************/
103
104$op = $_SERVER['argv'][1];
105switch ($op) {
106case 'list' :
107    $type = isset($_SERVER['argv'][2]) ? $_SERVER['argv'][2] : null;
108    switch ($type) {
109    case 'aro' :
110    case 'aco' :
111    case 'axo' :
112        listObjects('root', $type);
113        break;
114    case 'all' :
115        listObjects('root', 'aro');                               
116        listObjects('root', 'aco');                               
117        listObjects('root', 'axo');
118        break;
119    case 'perms' :
120        default :
121        listPerms();
122        break;
123    }
124    break;
125
126case 'addaro' :
127case 'addaco' :
128case 'addaxo' :
129    $object = isset($_SERVER['argv'][2]) ? $_SERVER['argv'][2] : null;
130    $parent = isset($_SERVER['argv'][3]) ? $_SERVER['argv'][3] : null;
131    if (!isset($object)) {
132        echo "'add*' commands require at least one argument. Try 'help' if you are lost.\n";
133        break;
134    }
135    echo $acl->add($object, $parent, str_replace('add', '', $op)) ? "Ok\n" : "Error!\n";
136    break;
137
138case 'mvaro' :
139case 'mvaco' :
140case 'mvaxo' :
141    $object = isset($_SERVER['argv'][2]) ? $_SERVER['argv'][2] : null;
142    $parent = isset($_SERVER['argv'][3]) ? $_SERVER['argv'][3] : null;
143    if (!isset($object)) {
144        echo "'mv*' commands require at least one argument. Try 'help' if you are lost.\n";
145        break;
146    }
147    echo $acl->move($object, $parent, str_replace('mv', '', $op)) ? "Ok\n" : "Error!\n";
148    break;
149
150case 'rmaro' :
151case 'rmaco' :
152case 'rmaxo' :
153    $object = isset($_SERVER['argv'][2]) ? $_SERVER['argv'][2] : null;
154    if (!isset($object)) {
155        echo "'add*' commands require at least one argument. Try 'help' if you are lost.\n";
156        break;
157    }
158    echo $acl->remove($object, str_replace('rm', '', $op)) ? "Ok\n" : "Error!\n";
159    break;
160
161case 'initdb' :
162    echo $acl->initDB(true) ? "Ok\n" : "Error!\n";
163    break;
164
165case 'grant' :
166    $aro = isset($_SERVER['argv'][2]) ? $_SERVER['argv'][2] : null;
167    $aco = isset($_SERVER['argv'][3]) ? $_SERVER['argv'][3] : null;
168    $axo = isset($_SERVER['argv'][4]) ? $_SERVER['argv'][4] : null;
169    if (!isset($aro)) {
170        echo "'grant' command require at least one argument. Try 'help' if you are lost.\n";
171        break;
172    }
173    echo $acl->grant($aro, $aco, $axo) ? "Ok\n" : "Error!\n";
174    break;
175
176case 'revoke' :
177    $aro = isset($_SERVER['argv'][2]) ? $_SERVER['argv'][2] : null;
178    $aco = isset($_SERVER['argv'][3]) ? $_SERVER['argv'][3] : null;
179    $axo = isset($_SERVER['argv'][4]) ? $_SERVER['argv'][4] : null;
180    if (!isset($aro)) {
181        echo "'revoke' command require at least one argument. Try 'help' if you are lost.\n";
182        break;
183    }
184    echo $acl->revoke($aro, $aco, $axo) ? "Ok\n" : "Error!\n";
185    break;
186
187case 'delete' :
188    $aro = isset($_SERVER['argv'][2]) && 'null' != $_SERVER['argv'][2] ? $_SERVER['argv'][2] : null;
189    $aco = isset($_SERVER['argv'][3]) && 'null' != $_SERVER['argv'][3] ? $_SERVER['argv'][3] : null;
190    $axo = isset($_SERVER['argv'][4]) && 'null' != $_SERVER['argv'][4] ? $_SERVER['argv'][4] : null;
191    if (!isset($_SERVER['argv'][2]) || !isset($_SERVER['argv'][3]) || !isset($_SERVER['argv'][4])) {
192        echo "'delete' command require all three arguments to be specified. Try 'help' if you are lost.\n";
193        break;
194    }
195    echo $acl->delete($aro, $aco, $axo) ? "Ok\n" : "Error!\n";
196    break;
197
198case 'check' :
199    $aro = isset($_SERVER['argv'][2]) ? $_SERVER['argv'][2] : null;
200    $aco = isset($_SERVER['argv'][3]) ? $_SERVER['argv'][3] : null;
201    $axo = isset($_SERVER['argv'][4]) ? $_SERVER['argv'][4] : null;
202    if (!isset($aro)) {
203        echo "'check' command require at least one argument. Try 'help' if you are lost.\n";
204        break;
205    }
206    echo $acl->check($aro, $aco, $axo) ? "allow\n" : "deny\n";
207    break;
208
209case 'help' :
210    help();
211    break;
212
213default :
214    echo "'$op' is not an understood command. Try 'help' if you are lost.\n";
215    break;
216}
217
218
219/********************************************************************
220* FUNCTIONS
221********************************************************************/
222
223function help()
224{
225    global $this_script;
226
227    ?>
228Access Control List command line tool.
229
230This script must be run in the common site directory (i.e. the parent
231directory of the document root). DB credentials are retrieved from:
232global/db_auth.inc.php so this file must exist. Further more this script
233must be executed as the owner of the db_auth.inc.php file.
234
235Three types of objects are managed by this interface: ARO - Access
236Request Objects, ACO - Access Control Objects, and AXO - Access Xtra
237Objects. These are most often used as a USER -> ACTION -> OBJECT model,
238but can just as easily be SPICES -> CUISINES -> DISHES A privilege is
239allowed if a user (ARO) can perform an action (ACO) on something (AXO).
240For example, Bob can edit article 4. If the AXO if omitted, this becomes
241"Bob can edit" (period).
242
243Each access object is stored as a node in hierarchical tree structures. A
244permission granted to a node is applied to all its children. If a child
245node is specified a different permission that is more specific that
246anything on the branch it will take precedence. If no permission is
247specified, root is used for that object. Root, in this case, means
248"anything" since it is at the top of all branches.
249
250Usage: <?php echo $this_script; ?> command [args]
251
252Where command is any of the following (with arguments):
253   
254    initdb
255    list [aro | aco | axo | all | perms]
256    check aro [aco] [axo]
257    addaro aro [parent]
258    addaco aco [parent]
259    addaxo axo [parent]
260    mvaro aro [parent]
261    mvaco aco [parent]
262    mvaxo axo [parent]
263    rmaro aro
264    rmaco aco
265    rmaxo axo
266    grant aro [aco] [axo]
267    revoke aro [aco] [axo]
268    delete [aro] [aco] [axo]
269   
270
271For the add*, mv*, grant, and revoke commands if any of the optional
272args are not provided, 'root' is assumed. For the delete command
273'null' is considered a wild-card to delete all objects of that type.
274
275
276Strangecode :: www.strangecode.com
277<?php
278    die;
279}
280
281
282/*
283* Print the tree structure of a specified table (aro_tbl, aco_tbl, or axo_tbl).
284*
285* @access   public
286* @param    string $root Root node from which to begin calculating.
287* @param    string $type Table to call, one of: aro, aco, or axo.
288* @return   bool Returns false on error.
289* @author   Quinn Comendant <quinn@strangecode.com>
290* @version  1.0
291* @since    17 Jun 2006 23:41:22
292*/
293function listObjects($root, $type)
294{
295    $app =& App::getInstance();
296    $db =& DB::getInstance();
297    global $this_script;
298   
299    echo "\n";
300
301    switch ($type) {
302    case 'aro' :
303        $tbl = 'aro_tbl';
304        printf("%-35s %-5s %-5s %s\n", 'Request objects', 'lft', 'rgt', 'Added');
305        break;
306    case 'aco' :
307        $tbl = 'aco_tbl';
308        printf("%-35s %-5s %-5s %s\n", 'Control objects', 'lft', 'rgt', 'Added');
309        break;
310    case 'axo' :
311        $tbl = 'axo_tbl';
312        printf("%-35s %-5s %-5s %s\n", 'Xtra objects', 'lft', 'rgt', 'Added');
313        break;
314    default :
315        $app->logMsg(sprintf('Invalid access object type: %s', $type), LOG_ERR, __FILE__, __LINE__);
316        return false;
317        break;
318    }
319
320    echo "-----------------------------------------------------------\n";
321
322    // Retrieve the left and right value of the $root node.
323    $qid = $db->query("SELECT lft, rgt FROM $tbl WHERE name = '" . $db->escapeString($root) . "'");
324    list($lft, $rgt) = mysql_fetch_row($qid);
325   
326    $depth = array();
327   
328    // Retrieve all descendants of the root node
329    $qid = $db->query("SELECT name, lft, rgt, added_datetime FROM $tbl WHERE lft BETWEEN $lft AND $rgt ORDER BY lft ASC");
330    while (list($name, $lft, $rgt, $added_datetime) = mysql_fetch_row($qid)) {
331        // If the last element of $depth is less than the current rgt it means we finished with a set of children nodes.
332        while (sizeof($depth) > 0 && end($depth) < $rgt) {
333            array_pop($depth);
334        }
335   
336        // Display indented node title.
337        printf("%-35s %-5s %-5s %s\n", str_repeat('    ', sizeof($depth)) . $name, $lft, $rgt, date($app->getParam('date_format'), strtotime($added_datetime)));
338       
339        // Add this node to the stack.
340        $depth[] = $rgt;
341    }
342}
343
344/*
345* List all entries in the acl_tbl.
346*
347* @access   public
348* @author   Quinn Comendant <quinn@strangecode.com>
349* @version  1.0
350* @since    17 Jun 2006 15:11:53
351*/
352function listPerms()
353{
354    $app =& App::getInstance();
355    $db =& DB::getInstance();
356    global $this_script;
357   
358    // Retrieve access value from db.
359    $qid = $db->query("
360        SELECT aro_tbl.name AS aro, aco_tbl.name AS aco, axo_tbl.name AS axo, acl_tbl.access, acl_tbl.added_datetime
361        FROM acl_tbl
362        LEFT JOIN aro_tbl ON (acl_tbl.aro_id = aro_tbl.aro_id)
363        LEFT JOIN aco_tbl ON (acl_tbl.aco_id = aco_tbl.aco_id)
364        LEFT JOIN axo_tbl ON (acl_tbl.axo_id = axo_tbl.axo_id)
365        ORDER BY aro_tbl.lft ASC, aco_tbl.lft ASC, axo_tbl.lft ASC
366    ");
367    echo "\n";
368    printf("%-25s %-25s %-25s %-6s %-10s\n", 'Request objects', 'Control objects', 'Xtra objects', '', 'Added');
369    echo "------------------------------------------------------------------------------------------------\n";
370    while ($p = mysql_fetch_assoc($qid)) {
371        printf("%-25s %-25s %-25s \033[0;%sm%-6s\033[0m %-10s\n", $p['aro'], $p['aco'], $p['axo'], ('allow' == $p['access'] ? '32' : '31'), $p['access'], date($app->getParam('date_format'), strtotime($p['added_datetime'])));
372    }   
373}
374
375
376?>
Note: See TracBrowser for help on using the repository browser.