source: trunk/bin/acl.cli.php

Last change on this file was 674, checked in by anonymous, 5 years ago

Add user.cli.php and supporting changes
  • Property svn:executable set to *
File size: 10.1 KB
Line 
1#!/usr/bin/env php
2<?php
3/**
4 * The Strangecode Codebase - a general application development framework for PHP
5 * For details visit the project site: <http://trac.strangecode.com/codebase/>
6 * Copyright 2001-2012 Strangecode, LLC
7 *
8 * This file is part of The Strangecode Codebase.
9 *
10 * The Strangecode Codebase is free software: you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License as published by the
12 * Free Software Foundation, either version 3 of the License, or (at your option)
13 * any later version.
14 *
15 * The Strangecode Codebase is distributed in the hope that it will be useful, but
16 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
17 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
18 * details.
19 *
20 * You should have received a copy of the GNU General Public License along with
21 * The Strangecode Codebase. If not, see <http://www.gnu.org/licenses/>.
22 */
23
24/*
25* acl.cli.php
26*
27* @author   Quinn Comendant <quinn@strangecode.com>
28* @version  1.1
29* @since    14 Jun 2006 23:10:45
30*/
31
32/********************************************************************
33* CONFIG
34********************************************************************/
35
36require_once dirname(__FILE__) . '/_config.inc.php';
37
38// Give them a fighting chance. Show the help message. ;P
39if ($_SERVER['argc'] <= 1) {
40    help();
41}
42
43// ACL!
44require_once CODEBASE_PATH . '/lib/ACL.inc.php';
45$acl =& ACL::getInstance();
46$acl->setParam(array(
47    'create_table' => false,
48    'enable_cache' => false,
49));
50
51
52/********************************************************************
53* MAIN
54********************************************************************/
55
56if (!$db->tableExists('acl_tbl')) {
57    printf("This project doesn't appear to be using ACL (there is no acl_tbl in the %s DB).\n", $app->getParam('db_name'));
58    $app->stop();
59    die;
60}
61
62$op = $_SERVER['argv'][1];
63switch ($op) {
64case 'list' :
65    $type = isset($_SERVER['argv'][2]) ? $_SERVER['argv'][2] : null;
66    switch ($type) {
67    case 'aro' :
68    case 'aco' :
69    case 'axo' :
70        listObjects($type);
71        break;
72    case 'all' :
73        listObjects('aro');
74        listObjects('aco');
75        listObjects('axo');
76        break;
77    case 'perms' :
78    default :
79        listPerms();
80        break;
81    }
82    break;
83
84case 'addaro' :
85case 'addaco' :
86case 'addaxo' :
87    $object = isset($_SERVER['argv'][2]) ? $_SERVER['argv'][2] : null;
88    $parent = isset($_SERVER['argv'][3]) ? $_SERVER['argv'][3] : null;
89    if (!isset($object)) {
90        echo "'add*' commands require at least one argument. Try 'help' if you are lost.\n";
91        break;
92    }
93    echo $acl->add($object, $parent, str_replace('add', '', $op)) ? "Ok\n" : "Error!\n";
94    break;
95
96case 'mvaro' :
97case 'mvaco' :
98case 'mvaxo' :
99    $object = isset($_SERVER['argv'][2]) ? $_SERVER['argv'][2] : null;
100    $parent = isset($_SERVER['argv'][3]) ? $_SERVER['argv'][3] : null;
101    if (!isset($object)) {
102        echo "'mv*' commands require at least one argument. Try 'help' if you are lost.\n";
103        break;
104    }
105    echo $acl->move($object, $parent, str_replace('mv', '', $op)) ? "Ok\n" : "Error!\n";
106    break;
107
108case 'rmaro' :
109case 'rmaco' :
110case 'rmaxo' :
111    $object = isset($_SERVER['argv'][2]) ? $_SERVER['argv'][2] : null;
112    if (!isset($object)) {
113        echo "'add*' commands require at least one argument. Try 'help' if you are lost.\n";
114        break;
115    }
116    echo $acl->remove($object, str_replace('rm', '', $op)) ? "Ok\n" : "Error!\n";
117    break;
118
119case 'initdb' :
120    echo $acl->initDB(true) ? "Ok\n" : "Error!\n";
121    break;
122
123case 'grant' :
124    $aro = isset($_SERVER['argv'][2]) ? $_SERVER['argv'][2] : null;
125    $aco = isset($_SERVER['argv'][3]) ? $_SERVER['argv'][3] : null;
126    $axo = isset($_SERVER['argv'][4]) ? $_SERVER['argv'][4] : null;
127    if (!isset($aro)) {
128        echo "'grant' command require at least one argument. Try 'help' if you are lost.\n";
129        break;
130    }
131    echo $acl->grant($aro, $aco, $axo) ? "Ok\n" : "Error!\n";
132    break;
133
134case 'revoke' :
135    $aro = isset($_SERVER['argv'][2]) ? $_SERVER['argv'][2] : null;
136    $aco = isset($_SERVER['argv'][3]) ? $_SERVER['argv'][3] : null;
137    $axo = isset($_SERVER['argv'][4]) ? $_SERVER['argv'][4] : null;
138    if (!isset($aro)) {
139        echo "'revoke' command require at least one argument. Try 'help' if you are lost.\n";
140        break;
141    }
142    echo $acl->revoke($aro, $aco, $axo) ? "Ok\n" : "Error!\n";
143    break;
144
145case 'delete' :
146    $aro = isset($_SERVER['argv'][2]) && 'null' != $_SERVER['argv'][2] ? $_SERVER['argv'][2] : null;
147    $aco = isset($_SERVER['argv'][3]) && 'null' != $_SERVER['argv'][3] ? $_SERVER['argv'][3] : null;
148    $axo = isset($_SERVER['argv'][4]) && 'null' != $_SERVER['argv'][4] ? $_SERVER['argv'][4] : null;
149    if (!isset($_SERVER['argv'][2]) || !isset($_SERVER['argv'][3]) || !isset($_SERVER['argv'][4])) {
150        echo "'delete' command require all three arguments to be specified. Try 'help' if you are lost.\n";
151        break;
152    }
153    echo $acl->delete($aro, $aco, $axo) ? "Ok\n" : "Error!\n";
154    break;
155
156case 'check' :
157    $aro = isset($_SERVER['argv'][2]) ? $_SERVER['argv'][2] : null;
158    $aco = isset($_SERVER['argv'][3]) ? $_SERVER['argv'][3] : null;
159    $axo = isset($_SERVER['argv'][4]) ? $_SERVER['argv'][4] : null;
160    if (!isset($aro)) {
161        echo "'check' command require at least one argument. Try 'help' if you are lost.\n";
162        break;
163    }
164    echo $acl->check($aro, $aco, $axo) ? "allow\n" : "deny\n";
165    break;
166
167case 'help' :
168    help();
169    break;
170
171default :
172    echo "'$op' is not an understood command. Try 'help' if you are lost.\n";
173    break;
174}
175
176$app->stop();
177die;
178
179
180/********************************************************************
181* FUNCTIONS
182********************************************************************/
183
184function help()
185{
186    global $cli_executed;
187
188    ?>
189Access Control List command line tool.
190
191This script must be run in a common site directory configured with a DB auth file,
192e.g., `lib/db_auth.json`, readable by the user executing this script.
193
194Three types of objects are managed by this interface:
195
196  ARO - Access Request Objects
197  ACO - Access Control Objects
198  AXO - Access Xtra Objects
199
200These are most often used as a USER -> ACTION -> OBJECT model,
201but could just as easily be SPICES -> CUISINES -> DISHES. A privilege is
202allowed if a user (ARO) can perform an action (ACO) on something (AXO).
203For example, with an `ARO->ACO->AXO` of `Bob->edit->4`, Bob can edit article 4.
204If the AXO were omitted (i.e. just `Bob->edit`), this becomes "Bob can edit"
205(he can edit any object).
206
207Each access object is stored as a node in hierarchical tree structure.
208A permission granted to a node is applied to all its children. If a child
209node is specified with a permission more specific than its ancestors, the
210child will take precedence. If no permission is specified, root is used,
211implying access to any object of that type.
212
213Usage: <?php echo $cli_executed; ?> command [args]
214
215Where command is any of the following (with arguments):
216
217    initdb
218    list [aro | aco | axo | all | perms]
219    check aro [aco] [axo]
220    addaro aro [parent]
221    addaco aco [parent]
222    addaxo axo [parent]
223    mvaro aro [parent]
224    mvaco aco [parent]
225    mvaxo axo [parent]
226    rmaro aro
227    rmaco aco
228    rmaxo axo
229    grant aro [aco] [axo]
230    revoke aro [aco] [axo]
231    delete aro aco axo
232
233For the add*, mv*, grant, and revoke commands if any of the optional
234args are not provided, 'root' is assumed. The delete command requires
235all object types to be specified; Passing the string 'null' will cause
236all matches in that column to be deleted. run with 'grants' to view what
237can be deleted.
238<?php
239    die;
240}
241
242
243/*
244* Print the tree structure of a specified table (aro_tbl, aco_tbl, or axo_tbl).
245*
246* @access   public
247* @param    string $type Table to call, one of: aro, aco, or axo.
248* @param    string $root Root node from which to begin calculating.
249* @return   bool Returns false on error.
250* @author   Quinn Comendant <quinn@strangecode.com>
251* @version  1.0
252* @since    17 Jun 2006 23:41:22
253*/
254function listObjects($type, $root=null)
255{
256    global $acl;
257
258    $app =& App::getInstance();
259    $db =& DB::getInstance();
260
261    switch ($type) {
262    case 'aro' :
263        printf("\n%-45s %s\n", 'Request objects', 'Added');
264        break;
265    case 'aco' :
266        printf("\n%-45s %s\n", 'Control objects', 'Added');
267        break;
268    case 'axo' :
269        printf("\n%-45s %s\n", 'Xtra objects', 'Added');
270        break;
271    default :
272        $app->logMsg(sprintf('Invalid access object type: %s', $type), LOG_ERR, __FILE__, __LINE__);
273        return false;
274    }
275
276    echo "---------------------------------------------------------------------\n";
277
278    foreach ($acl->getList($type, $root) as $o) {
279        // Display indented node title.
280        printf("%-45s %s\n", str_repeat('    ', $o['depth']) . $o['name'], date($app->getParam('date_format') . ' ' . $app->getParam('time_format'), strtotime($o['added_datetime'])));
281    }
282
283    echo "\n";
284}
285
286/*
287* List all entries in the acl_tbl.
288*
289* @access   public
290* @author   Quinn Comendant <quinn@strangecode.com>
291* @version  1.0
292* @since    17 Jun 2006 15:11:53
293*/
294function listPerms()
295{
296    $app =& App::getInstance();
297    $db =& DB::getInstance();
298
299    // Retrieve access value from db.
300    $qid = $db->query("
301        SELECT aro_tbl.name AS aro, aco_tbl.name AS aco, axo_tbl.name AS axo, acl_tbl.access, acl_tbl.added_datetime
302        FROM acl_tbl
303        LEFT JOIN aro_tbl ON (acl_tbl.aro_id = aro_tbl.aro_id)
304        LEFT JOIN aco_tbl ON (acl_tbl.aco_id = aco_tbl.aco_id)
305        LEFT JOIN axo_tbl ON (acl_tbl.axo_id = axo_tbl.axo_id)
306        ORDER BY aro_tbl.lft ASC, aco_tbl.lft ASC, axo_tbl.lft ASC
307    ");
308    echo "\n";
309    printf("%-25s %-25s %-25s %-6s %-10s\n", 'Request objects', 'Control objects', 'Xtra objects', 'Grant', 'Added');
310    echo "------------------------------------------------------------------------------------------------\n";
311    while ($p = mysql_fetch_assoc($qid)) {
312        printf("%-25s %-25s %-25s \033[0;%sm%-6s\033[0m %-10s\n", $p['aro'], $p['aco'], $p['axo'], ('allow' == $p['access'] ? '32' : '31'), $p['access'], date($app->getParam('date_format'), strtotime($p['added_datetime'])));
313    }
314}
315
316
Note: See TracBrowser for help on using the repository browser.