Context Navigation

source: trunk/bin/acl.cli.php @ 376

Last change on this file since 376 was 376, checked in by quinn, 14 years ago
Updated copyright date, name to Strangecode LLC.
Property svn:executable set to ``*
File size: 12.5 KB

Rev	Line
[208]	1	#!/usr/bin/php
[171]	2	<?php
[362]	3	/**
	4	* The Strangecode Codebase - a general application development framework for PHP
	5	* For details visit the project site: <http://trac.strangecode.com/codebase/>
[376]	6	* Copyright 2001-2010 Strangecode, LLC
[362]	7	*
	8	* This file is part of The Strangecode Codebase.
	9	*
	10	* The Strangecode Codebase is free software: you can redistribute it and/or
	11	* modify it under the terms of the GNU General Public License as published by the
	12	* Free Software Foundation, either version 3 of the License, or (at your option)
	13	* any later version.
	14	*
	15	* The Strangecode Codebase is distributed in the hope that it will be useful, but
	16	* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
	17	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
	18	* details.
	19	*
	20	* You should have received a copy of the GNU General Public License along with
	21	* The Strangecode Codebase. If not, see <http://www.gnu.org/licenses/>.
	22	*/
	23
[171]	24	/*
	25	* acl.cli.php
[362]	26	*
[171]	27	* @author Quinn Comendant <quinn@strangecode.com>
	28	* @version 1.0
	29	* @since 14 Jun 2006 23:10:45
	30	*/
	31
	32
	33	/********************************************************************
	34	* STARTUP
	35	********************************************************************/
	36
[174]	37	$this_script = basename($_SERVER['argv'][0]);
	38
[171]	39	// Give them a fighting chance. Show the help message. ;P
	40	if ($_SERVER['argc'] <= 1) {
	41	help();
	42	}
	43
	44	// Make sure necessary files exist.
	45	define('COMMON_BASE', realpath('.'));
	46	$db_quth_file = COMMON_BASE . '/global/db_auth.inc.php';
	47	if (!file_exists($db_quth_file)) {
[174]	48	die(sprintf("%s error: the current directory must be common site directory (i.e. the parent directory of the document root) AND the global/db_auth.inc.php file must exist.\n", $this_script));
[171]	49	}
	50
	51	if (fileowner($db_quth_file) != getmyuid()) {
[174]	52	die(sprintf("%s error: you must execute this script as the owner of the web files.\n", $this_script));
[171]	53	}
	54
	55	// Set include path.
	56	ini_set('include_path', get_include_path()
	57	. PATH_SEPARATOR . COMMON_BASE
	58	);
	59
	60
	61	/********************************************************************
	62	* CONFIG
	63	********************************************************************/
	64
	65	// Include core libraries.
	66	require_once 'codebase/lib/App.inc.php';
	67	require_once 'codebase/lib/Utilities.inc.php';
	68
	69	$app =& App::getInstance('module_maker');
	70	$app->setParam(array(
	71	'site_name' => 'ACL cli',
	72	'site_email' => 'codebase@strangecode.com',
	73	'enable_session' => false,
	74	'enable_db' => true,
	75	'db_always_debug' => false,
	76	'db_debug' => true,
	77	'db_die_on_failure' => true,
	78	'display_errors' => true,
	79	'error_reporting' => E_ALL,
[174]	80	'log_file_priority' => LOG_INFO,
	81	'log_screen_priority' => LOG_ERR,
[171]	82	'log_directory' => COMMON_BASE . '/log',
	83	'log_filename' => 'site_log',
	84	));
	85	require_once 'global/db_auth.inc.php';
	86
	87	// Start application-based functionality: database, session, environment, ini setup, etc.
	88	// Most configuration parameters must be set before starting the App.
	89	$app->start();
	90
	91	// Global DB object. Automatically pre-configured by $app->start().
	92	$db =& DB::getInstance();
	93
	94	// ACL!
	95	require_once 'codebase/lib/ACL.inc.php';
	96	$acl =& ACL::getInstance();
[173]	97	$acl->setParam(array('create_table' => false));
[171]	98
	99
	100	/********************************************************************
	101	* MAIN
	102	********************************************************************/
	103
	104	$op = $_SERVER['argv'][1];
	105	switch ($op) {
	106	case 'list' :
[174]	107	$type = isset($_SERVER['argv'][2]) ? $_SERVER['argv'][2] : null;
	108	switch ($type) {
	109	case 'aro' :
	110	case 'aco' :
	111	case 'axo' :
	112	listObjects('root', $type);
	113	break;
	114	case 'all' :
	115	listObjects('root', 'aro');
	116	listObjects('root', 'aco');
	117	listObjects('root', 'axo');
	118	break;
	119	case 'perms' :
	120	default :
	121	listPerms();
	122	break;
	123	}
	124	break;
[171]	125
	126	case 'addaro' :
	127	case 'addaco' :
	128	case 'addaxo' :
	129	$object = isset($_SERVER['argv'][2]) ? $_SERVER['argv'][2] : null;
	130	$parent = isset($_SERVER['argv'][3]) ? $_SERVER['argv'][3] : null;
	131	if (!isset($object)) {
	132	echo "'add*' commands require at least one argument. Try 'help' if you are lost.\n";
[175]	133	break;
[171]	134	}
	135	echo $acl->add($object, $parent, str_replace('add', '', $op)) ? "Ok\n" : "Error!\n";
	136	break;
	137
[174]	138	case 'mvaro' :
	139	case 'mvaco' :
	140	case 'mvaxo' :
	141	$object = isset($_SERVER['argv'][2]) ? $_SERVER['argv'][2] : null;
	142	$parent = isset($_SERVER['argv'][3]) ? $_SERVER['argv'][3] : null;
	143	if (!isset($object)) {
	144	echo "'mv*' commands require at least one argument. Try 'help' if you are lost.\n";
[175]	145	break;
[174]	146	}
	147	echo $acl->move($object, $parent, str_replace('mv', '', $op)) ? "Ok\n" : "Error!\n";
	148	break;
	149
[171]	150	case 'rmaro' :
	151	case 'rmaco' :
	152	case 'rmaxo' :
	153	$object = isset($_SERVER['argv'][2]) ? $_SERVER['argv'][2] : null;
	154	if (!isset($object)) {
	155	echo "'add*' commands require at least one argument. Try 'help' if you are lost.\n";
[175]	156	break;
[171]	157	}
	158	echo $acl->remove($object, str_replace('rm', '', $op)) ? "Ok\n" : "Error!\n";
	159	break;
	160
[173]	161	case 'initdb' :
[172]	162	echo $acl->initDB(true) ? "Ok\n" : "Error!\n";
	163	break;
	164
[171]	165	case 'grant' :
	166	$aro = isset($_SERVER['argv'][2]) ? $_SERVER['argv'][2] : null;
	167	$aco = isset($_SERVER['argv'][3]) ? $_SERVER['argv'][3] : null;
	168	$axo = isset($_SERVER['argv'][4]) ? $_SERVER['argv'][4] : null;
	169	if (!isset($aro)) {
	170	echo "'grant' command require at least one argument. Try 'help' if you are lost.\n";
[175]	171	break;
[171]	172	}
	173	echo $acl->grant($aro, $aco, $axo) ? "Ok\n" : "Error!\n";
	174	break;
	175
	176	case 'revoke' :
	177	$aro = isset($_SERVER['argv'][2]) ? $_SERVER['argv'][2] : null;
	178	$aco = isset($_SERVER['argv'][3]) ? $_SERVER['argv'][3] : null;
	179	$axo = isset($_SERVER['argv'][4]) ? $_SERVER['argv'][4] : null;
	180	if (!isset($aro)) {
	181	echo "'revoke' command require at least one argument. Try 'help' if you are lost.\n";
[175]	182	break;
[171]	183	}
	184	echo $acl->revoke($aro, $aco, $axo) ? "Ok\n" : "Error!\n";
	185	break;
	186
[175]	187	case 'delete' :
	188	$aro = isset($_SERVER['argv'][2]) && 'null' != $_SERVER['argv'][2] ? $_SERVER['argv'][2] : null;
	189	$aco = isset($_SERVER['argv'][3]) && 'null' != $_SERVER['argv'][3] ? $_SERVER['argv'][3] : null;
	190	$axo = isset($_SERVER['argv'][4]) && 'null' != $_SERVER['argv'][4] ? $_SERVER['argv'][4] : null;
	191	if (!isset($_SERVER['argv'][2]) \|\| !isset($_SERVER['argv'][3]) \|\| !isset($_SERVER['argv'][4])) {
	192	echo "'delete' command require all three arguments to be specified. Try 'help' if you are lost.\n";
	193	break;
	194	}
	195	echo $acl->delete($aro, $aco, $axo) ? "Ok\n" : "Error!\n";
	196	break;
	197
[171]	198	case 'check' :
	199	$aro = isset($_SERVER['argv'][2]) ? $_SERVER['argv'][2] : null;
	200	$aco = isset($_SERVER['argv'][3]) ? $_SERVER['argv'][3] : null;
	201	$axo = isset($_SERVER['argv'][4]) ? $_SERVER['argv'][4] : null;
	202	if (!isset($aro)) {
	203	echo "'check' command require at least one argument. Try 'help' if you are lost.\n";
[175]	204	break;
[171]	205	}
	206	echo $acl->check($aro, $aco, $axo) ? "allow\n" : "deny\n";
	207	break;
	208
	209	case 'help' :
	210	help();
	211	break;
	212
	213	default :
	214	echo "'$op' is not an understood command. Try 'help' if you are lost.\n";
	215	break;
	216	}
	217
	218
	219	/********************************************************************
	220	* FUNCTIONS
	221	********************************************************************/
	222
	223	function help()
	224	{
[174]	225	global $this_script;
	226
[171]	227	?>
	228	Access Control List command line tool.
	229
	230	This script must be run in the common site directory (i.e. the parent
	231	directory of the document root). DB credentials are retrieved from:
	232	global/db_auth.inc.php so this file must exist. Further more this script
	233	must be executed as the owner of the db_auth.inc.php file.
	234
	235	Three types of objects are managed by this interface: ARO - Access
[174]	236	Request Objects, ACO - Access Control Objects, and AXO - Access Xtra
[171]	237	Objects. These are most often used as a USER -> ACTION -> OBJECT model,
	238	but can just as easily be SPICES -> CUISINES -> DISHES A privilege is
	239	allowed if a user (ARO) can perform an action (ACO) on something (AXO).
	240	For example, Bob can edit article 4. If the AXO if omitted, this becomes
	241	"Bob can edit" (period).
	242
[334]	243	Each access object is stored as a node in hierarchical tree structures. A
	244	permission granted to a node is applied to all its children. If a child
[171]	245	node is specified a different permission that is more specific that
[334]	246	anything on the branch it will take precedence. If no permission is
[171]	247	specified, root is used for that object. Root, in this case, means
	248	"anything" since it is at the top of all branches.
	249
[234]	250	Usage: <?php echo $this_script; ?> command [args]
[171]	251
[234]	252	Where command is any of the following (with arguments):
[174]	253
	254	initdb
	255	list [aro \| aco \| axo \| all \| perms]
[234]	256	check aro [aco] [axo]
	257	addaro aro [parent]
	258	addaco aco [parent]
	259	addaxo axo [parent]
	260	mvaro aro [parent]
	261	mvaco aco [parent]
	262	mvaxo axo [parent]
	263	rmaro aro
	264	rmaco aco
	265	rmaxo axo
	266	grant aro [aco] [axo]
	267	revoke aro [aco] [axo]
	268	delete [aro] [aco] [axo]
[175]	269
[171]	270
[174]	271	For the add, mv, grant, and revoke commands if any of the optional
[175]	272	args are not provided, 'root' is assumed. For the delete command
[334]	273	'null' is considered a wild-card to delete all objects of that type.
[171]	274
[175]	275
[171]	276	Strangecode :: www.strangecode.com
	277	<?php
	278	die;
	279	}
	280
	281
[174]	282	/*
	283	* Print the tree structure of a specified table (aro_tbl, aco_tbl, or axo_tbl).
	284	*
	285	* @access public
	286	* @param string $root Root node from which to begin calculating.
	287	* @param string $type Table to call, one of: aro, aco, or axo.
	288	* @return bool Returns false on error.
	289	* @author Quinn Comendant <quinn@strangecode.com>
	290	* @version 1.0
	291	* @since 17 Jun 2006 23:41:22
	292	*/
	293	function listObjects($root, $type)
[171]	294	{
	295	$app =& App::getInstance();
	296	$db =& DB::getInstance();
[174]	297	global $this_script;
[171]	298
[174]	299	echo "\n";
	300
[171]	301	switch ($type) {
	302	case 'aro' :
	303	$tbl = 'aro_tbl';
[174]	304	printf("%-35s %-5s %-5s %s\n", 'Request objects', 'lft', 'rgt', 'Added');
[171]	305	break;
	306	case 'aco' :
	307	$tbl = 'aco_tbl';
[174]	308	printf("%-35s %-5s %-5s %s\n", 'Control objects', 'lft', 'rgt', 'Added');
[171]	309	break;
	310	case 'axo' :
	311	$tbl = 'axo_tbl';
[174]	312	printf("%-35s %-5s %-5s %s\n", 'Xtra objects', 'lft', 'rgt', 'Added');
[171]	313	break;
	314	default :
	315	$app->logMsg(sprintf('Invalid access object type: %s', $type), LOG_ERR, __FILE__, __LINE__);
	316	return false;
	317	break;
	318	}
[174]	319
	320	echo "-----------------------------------------------------------\n";
	321
[171]	322	// Retrieve the left and right value of the $root node.
	323	$qid = $db->query("SELECT lft, rgt FROM $tbl WHERE name = '" . $db->escapeString($root) . "'");
	324	list($lft, $rgt) = mysql_fetch_row($qid);
	325
	326	$depth = array();
	327
	328	// Retrieve all descendants of the root node
	329	$qid = $db->query("SELECT name, lft, rgt, added_datetime FROM $tbl WHERE lft BETWEEN $lft AND $rgt ORDER BY lft ASC");
	330	while (list($name, $lft, $rgt, $added_datetime) = mysql_fetch_row($qid)) {
	331	// If the last element of $depth is less than the current rgt it means we finished with a set of children nodes.
	332	while (sizeof($depth) > 0 && end($depth) < $rgt) {
	333	array_pop($depth);
	334	}
	335
	336	// Display indented node title.
[174]	337	printf("%-35s %-5s %-5s %s\n", str_repeat(' ', sizeof($depth)) . $name, $lft, $rgt, date($app->getParam('date_format'), strtotime($added_datetime)));
[171]	338
	339	// Add this node to the stack.
	340	$depth[] = $rgt;
	341	}
	342	}
	343
[174]	344	/*
	345	* List all entries in the acl_tbl.
	346	*
	347	* @access public
	348	* @author Quinn Comendant <quinn@strangecode.com>
	349	* @version 1.0
	350	* @since 17 Jun 2006 15:11:53
	351	*/
	352	function listPerms()
	353	{
	354	$app =& App::getInstance();
	355	$db =& DB::getInstance();
	356	global $this_script;
	357
[334]	358	// Retrieve access value from db.
[174]	359	$qid = $db->query("
	360	SELECT aro_tbl.name AS aro, aco_tbl.name AS aco, axo_tbl.name AS axo, acl_tbl.access, acl_tbl.added_datetime
	361	FROM acl_tbl
	362	LEFT JOIN aro_tbl ON (acl_tbl.aro_id = aro_tbl.aro_id)
	363	LEFT JOIN aco_tbl ON (acl_tbl.aco_id = aco_tbl.aco_id)
	364	LEFT JOIN axo_tbl ON (acl_tbl.axo_id = axo_tbl.axo_id)
[208]	365	ORDER BY aro_tbl.lft ASC, aco_tbl.lft ASC, axo_tbl.lft ASC
[174]	366	");
	367	echo "\n";
	368	printf("%-25s %-25s %-25s %-6s %-10s\n", 'Request objects', 'Control objects', 'Xtra objects', '', 'Added');
	369	echo "------------------------------------------------------------------------------------------------\n";
	370	while ($p = mysql_fetch_assoc($qid)) {
	371	printf("%-25s %-25s %-25s \033[0;%sm%-6s\033[0m %-10s\n", $p['aro'], $p['aco'], $p['axo'], ('allow' == $p['access'] ? '32' : '31'), $p['access'], date($app->getParam('date_format'), strtotime($p['added_datetime'])));
	372	}
	373	}
[171]	374
[174]	375
[208]	376	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: