source: trunk/bin/acl.cli.php @ 172

Last change on this file since 172 was 172, checked in by scdev, 18 years ago

Q - added caching to ACL, and flush command to acl.cli.php
  • Property svn:executable set to *
File size: 8.7 KB
Line 
1#!/usr/local/bin/php
2<?php
3/*
4* acl.cli.php
5* Code by Strangecode :: www.strangecode.com :: This document contains copyrighted information.
6* @author   Quinn Comendant <quinn@strangecode.com>
7* @version  1.0
8* @since    14 Jun 2006 23:10:45
9*/
10
11
12/********************************************************************
13* STARTUP
14********************************************************************/
15
16// Give them a fighting chance. Show the help message. ;P
17if ($_SERVER['argc'] <= 1) {
18    help();
19}
20
21// Make sure necessary files exist.
22define('COMMON_BASE', realpath('.'));
23$db_quth_file = COMMON_BASE . '/global/db_auth.inc.php';
24if (!file_exists($db_quth_file)) {
25    die(sprintf("%s error: the current directory must be common site directory (i.e. the parent directory of the document root) AND the global/db_auth.inc.php file must exist.\n", $_SERVER['argv'][0]));
26}
27
28if (fileowner($db_quth_file) != getmyuid()) {
29    die(sprintf("%s error: you must execute this script as the owner of the web files.\n", $_SERVER['argv'][0]));
30}
31
32// Set include path.
33ini_set('include_path', get_include_path()
34    . PATH_SEPARATOR . COMMON_BASE
35);
36
37
38/********************************************************************
39* CONFIG
40********************************************************************/
41
42// Include core libraries.
43require_once 'codebase/lib/App.inc.php';
44require_once 'codebase/lib/Utilities.inc.php';
45
46$app =& App::getInstance('module_maker');
47$app->setParam(array(
48    'site_name' => 'ACL cli',
49    'site_email' => 'codebase@strangecode.com',
50    'enable_session' => false,
51    'enable_db' => true,
52    'db_always_debug' => false,
53    'db_debug' => true,
54    'db_die_on_failure' => true,
55    'display_errors' => true,
56    'error_reporting' => E_ALL,
57    'log_file_priority' => LOG_DEBUG,
58    'log_screen_priority' => LOG_NOTICE,
59    'log_directory' => COMMON_BASE . '/log',
60    'log_filename' => 'site_log',
61));
62require_once 'global/db_auth.inc.php';
63
64// Start application-based functionality: database, session, environment, ini setup, etc.
65// Most configuration parameters must be set before starting the App.
66$app->start();
67
68// Global DB object. Automatically pre-configured by $app->start().
69$db =& DB::getInstance();
70
71// ACL!
72require_once 'codebase/lib/ACL.inc.php';
73$acl =& ACL::getInstance();
74
75
76/********************************************************************
77* MAIN
78********************************************************************/
79
80$op = $_SERVER['argv'][1];
81switch ($op) {
82case 'list' :
83$type = isset($_SERVER['argv'][2]) ? $_SERVER['argv'][2] : null;
84if (isset($type)) {
85    listACL('root', $type);
86} else {
87
88    echo "\n_______________________Access Request Objects________________________\n\n";
89    listACL('root', 'aro');                               
90    echo "\n_______________________Access Control Objects________________________\n\n";
91    listACL('root', 'aco');                               
92    echo "\n______________________Access eXtension Objects_______________________\n\n";
93    listACL('root', 'axo');
94}
95break;
96
97case 'addaro' :
98case 'addaco' :
99case 'addaxo' :
100    $object = isset($_SERVER['argv'][2]) ? $_SERVER['argv'][2] : null;
101    $parent = isset($_SERVER['argv'][3]) ? $_SERVER['argv'][3] : null;
102    if (!isset($object)) {
103        echo "'add*' commands require at least one argument. Try 'help' if you are lost.\n";
104    }
105    echo $acl->add($object, $parent, str_replace('add', '', $op)) ? "Ok\n" : "Error!\n";
106    break;
107
108case 'rmaro' :
109case 'rmaco' :
110case 'rmaxo' :
111    $object = isset($_SERVER['argv'][2]) ? $_SERVER['argv'][2] : null;
112    if (!isset($object)) {
113        echo "'add*' commands require at least one argument. Try 'help' if you are lost.\n";
114    }
115    echo $acl->remove($object, str_replace('rm', '', $op)) ? "Ok\n" : "Error!\n";
116    break;
117
118case 'flush' :
119    echo $acl->initDB(true) ? "Ok\n" : "Error!\n";
120    break;
121
122case 'grant' :
123    $aro = isset($_SERVER['argv'][2]) ? $_SERVER['argv'][2] : null;
124    $aco = isset($_SERVER['argv'][3]) ? $_SERVER['argv'][3] : null;
125    $axo = isset($_SERVER['argv'][4]) ? $_SERVER['argv'][4] : null;
126    if (!isset($aro)) {
127        echo "'grant' command require at least one argument. Try 'help' if you are lost.\n";
128    }
129    echo $acl->grant($aro, $aco, $axo) ? "Ok\n" : "Error!\n";
130    break;
131
132case 'revoke' :
133    $aro = isset($_SERVER['argv'][2]) ? $_SERVER['argv'][2] : null;
134    $aco = isset($_SERVER['argv'][3]) ? $_SERVER['argv'][3] : null;
135    $axo = isset($_SERVER['argv'][4]) ? $_SERVER['argv'][4] : null;
136    if (!isset($aro)) {
137        echo "'revoke' command require at least one argument. Try 'help' if you are lost.\n";
138    }
139    echo $acl->revoke($aro, $aco, $axo) ? "Ok\n" : "Error!\n";
140    break;
141
142case 'check' :
143    $aro = isset($_SERVER['argv'][2]) ? $_SERVER['argv'][2] : null;
144    $aco = isset($_SERVER['argv'][3]) ? $_SERVER['argv'][3] : null;
145    $axo = isset($_SERVER['argv'][4]) ? $_SERVER['argv'][4] : null;
146    if (!isset($aro)) {
147        echo "'check' command require at least one argument. Try 'help' if you are lost.\n";
148    }
149    echo $acl->check($aro, $aco, $axo) ? "allow\n" : "deny\n";
150    break;
151
152case 'help' :
153    help();
154    break;
155
156default :
157    echo "'$op' is not an understood command. Try 'help' if you are lost.\n";
158    break;
159}
160
161
162/********************************************************************
163* FUNCTIONS
164********************************************************************/
165
166function help()
167{
168    ?>
169Access Control List command line tool.
170
171This script must be run in the common site directory (i.e. the parent
172directory of the document root). DB credentials are retrieved from:
173global/db_auth.inc.php so this file must exist. Further more this script
174must be executed as the owner of the db_auth.inc.php file.
175
176Three types of objects are managed by this interface: ARO - Access
177Request Objects, ACO - Access Control Objects, and AXO - Access eXtention
178Objects. These are most often used as a USER -> ACTION -> OBJECT model,
179but can just as easily be SPICES -> CUISINES -> DISHES A privilege is
180allowed if a user (ARO) can perform an action (ACO) on something (AXO).
181For example, Bob can edit article 4. If the AXO if omitted, this becomes
182"Bob can edit" (period).
183
184Each access object is stored as a node in hierarchial tree structures. A
185premission granted to a node is applied to all its children. If a child
186node is specified a different permission that is more specific that
187anything on the branch it will take precidence. If no permission is
188specified, root is used for that object. Root, in this case, means
189"anything" since it is at the top of all branches.
190
191Usage: <?php echo $_SERVER['argv'][0]; ?> <command> [args]
192
193
194<?php echo $_SERVER['argv'][0]; ?> list [aro | aco | axo]
195<?php echo $_SERVER['argv'][0]; ?> addaro <aro_object> [parent]
196<?php echo $_SERVER['argv'][0]; ?> addaco <aco_object> [parent]
197<?php echo $_SERVER['argv'][0]; ?> addaxo <axo_object> [parent]
198<?php echo $_SERVER['argv'][0]; ?> rmaro <aro_object>
199<?php echo $_SERVER['argv'][0]; ?> rmaco <aco_object>
200<?php echo $_SERVER['argv'][0]; ?> rmaxo <axo_object>
201<?php echo $_SERVER['argv'][0]; ?> flush
202<?php echo $_SERVER['argv'][0]; ?> grant <aro_object> [aco_object] [axo_object]
203<?php echo $_SERVER['argv'][0]; ?> revoke <aro_object> [aco_object] [axo_object]
204
205For the add*, grant, and revoke commands, if any of the optional
206args are not provided, 'root' is assumed.
207
208Strangecode :: www.strangecode.com
209<?php
210    die;
211}
212
213
214function listACL($root, $type)
215{
216    $app =& App::getInstance();
217    $db =& DB::getInstance();
218   
219    switch ($type) {
220    case 'aro' :
221        $tbl = 'aro_tbl';
222        break;
223    case 'aco' :
224        $tbl = 'aco_tbl';
225        break;
226    case 'axo' :
227        $tbl = 'axo_tbl';
228        break;
229    default :
230        $app->logMsg(sprintf('Invalid access object type: %s', $type), LOG_ERR, __FILE__, __LINE__);
231        return false;
232        break;
233    }
234   
235    // Retrieve the left and right value of the $root node.
236    $qid = $db->query("SELECT lft, rgt FROM $tbl WHERE name = '" . $db->escapeString($root) . "'");
237    list($lft, $rgt) = mysql_fetch_row($qid);
238   
239    $depth = array();
240   
241    // Retrieve all descendants of the root node
242    $qid = $db->query("SELECT name, lft, rgt, added_datetime FROM $tbl WHERE lft BETWEEN $lft AND $rgt ORDER BY lft ASC");
243    while (list($name, $lft, $rgt, $added_datetime) = mysql_fetch_row($qid)) {
244        // If the last element of $depth is less than the current rgt it means we finished with a set of children nodes.
245        while (sizeof($depth) > 0 && end($depth) < $rgt) {
246            array_pop($depth);
247        }
248   
249        // Display indented node title.
250        printf("%-20s %-5s %-5s %s\n", str_repeat('    ', sizeof($depth)) . $name, $lft, $rgt, $added_datetime);
251       
252        // Add this node to the stack.
253        $depth[] = $rgt;
254    }
255}
256
257
258?>
Note: See TracBrowser for help on using the repository browser.