source: trunk/bin/acl.cli.php @ 173

Last change on this file since 173 was 173, checked in by scdev, 18 years ago

Q - little bugs fixing in ACL and acl.cli.php.
  • Property svn:executable set to *
File size: 8.7 KB
Line 
1#!/usr/local/bin/php
2<?php
3/*
4* acl.cli.php
5* Code by Strangecode :: www.strangecode.com :: This document contains copyrighted information.
6* @author   Quinn Comendant <quinn@strangecode.com>
7* @version  1.0
8* @since    14 Jun 2006 23:10:45
9*/
10
11
12/********************************************************************
13* STARTUP
14********************************************************************/
15
16// Give them a fighting chance. Show the help message. ;P
17if ($_SERVER['argc'] <= 1) {
18    help();
19}
20
21// Make sure necessary files exist.
22define('COMMON_BASE', realpath('.'));
23$db_quth_file = COMMON_BASE . '/global/db_auth.inc.php';
24if (!file_exists($db_quth_file)) {
25    die(sprintf("%s error: the current directory must be common site directory (i.e. the parent directory of the document root) AND the global/db_auth.inc.php file must exist.\n", $_SERVER['argv'][0]));
26}
27
28if (fileowner($db_quth_file) != getmyuid()) {
29    die(sprintf("%s error: you must execute this script as the owner of the web files.\n", $_SERVER['argv'][0]));
30}
31
32// Set include path.
33ini_set('include_path', get_include_path()
34    . PATH_SEPARATOR . COMMON_BASE
35);
36
37
38/********************************************************************
39* CONFIG
40********************************************************************/
41
42// Include core libraries.
43require_once 'codebase/lib/App.inc.php';
44require_once 'codebase/lib/Utilities.inc.php';
45
46$app =& App::getInstance('module_maker');
47$app->setParam(array(
48    'site_name' => 'ACL cli',
49    'site_email' => 'codebase@strangecode.com',
50    'enable_session' => false,
51    'enable_db' => true,
52    'db_always_debug' => false,
53    'db_debug' => true,
54    'db_die_on_failure' => true,
55    'display_errors' => true,
56    'error_reporting' => E_ALL,
57    'log_file_priority' => LOG_DEBUG,
58    'log_screen_priority' => LOG_NOTICE,
59    'log_directory' => COMMON_BASE . '/log',
60    'log_filename' => 'site_log',
61));
62require_once 'global/db_auth.inc.php';
63
64// Start application-based functionality: database, session, environment, ini setup, etc.
65// Most configuration parameters must be set before starting the App.
66$app->start();
67
68// Global DB object. Automatically pre-configured by $app->start().
69$db =& DB::getInstance();
70
71// ACL!
72require_once 'codebase/lib/ACL.inc.php';
73$acl =& ACL::getInstance();
74$acl->setParam(array('create_table' => false));
75
76
77/********************************************************************
78* MAIN
79********************************************************************/
80
81$op = $_SERVER['argv'][1];
82switch ($op) {
83case 'list' :
84$type = isset($_SERVER['argv'][2]) ? $_SERVER['argv'][2] : null;
85if (isset($type)) {
86    listACL('root', $type);
87} else {
88
89    echo "\n_______________________Access Request Objects________________________\n\n";
90    listACL('root', 'aro');                               
91    echo "\n_______________________Access Control Objects________________________\n\n";
92    listACL('root', 'aco');                               
93    echo "\n______________________Access eXtension Objects_______________________\n\n";
94    listACL('root', 'axo');
95}
96break;
97
98case 'addaro' :
99case 'addaco' :
100case 'addaxo' :
101    $object = isset($_SERVER['argv'][2]) ? $_SERVER['argv'][2] : null;
102    $parent = isset($_SERVER['argv'][3]) ? $_SERVER['argv'][3] : null;
103    if (!isset($object)) {
104        echo "'add*' commands require at least one argument. Try 'help' if you are lost.\n";
105    }
106    echo $acl->add($object, $parent, str_replace('add', '', $op)) ? "Ok\n" : "Error!\n";
107    break;
108
109case 'rmaro' :
110case 'rmaco' :
111case 'rmaxo' :
112    $object = isset($_SERVER['argv'][2]) ? $_SERVER['argv'][2] : null;
113    if (!isset($object)) {
114        echo "'add*' commands require at least one argument. Try 'help' if you are lost.\n";
115    }
116    echo $acl->remove($object, str_replace('rm', '', $op)) ? "Ok\n" : "Error!\n";
117    break;
118
119case 'initdb' :
120    echo $acl->initDB(true) ? "Ok\n" : "Error!\n";
121    break;
122
123case 'grant' :
124    $aro = isset($_SERVER['argv'][2]) ? $_SERVER['argv'][2] : null;
125    $aco = isset($_SERVER['argv'][3]) ? $_SERVER['argv'][3] : null;
126    $axo = isset($_SERVER['argv'][4]) ? $_SERVER['argv'][4] : null;
127    if (!isset($aro)) {
128        echo "'grant' command require at least one argument. Try 'help' if you are lost.\n";
129    }
130    echo $acl->grant($aro, $aco, $axo) ? "Ok\n" : "Error!\n";
131    break;
132
133case 'revoke' :
134    $aro = isset($_SERVER['argv'][2]) ? $_SERVER['argv'][2] : null;
135    $aco = isset($_SERVER['argv'][3]) ? $_SERVER['argv'][3] : null;
136    $axo = isset($_SERVER['argv'][4]) ? $_SERVER['argv'][4] : null;
137    if (!isset($aro)) {
138        echo "'revoke' command require at least one argument. Try 'help' if you are lost.\n";
139    }
140    echo $acl->revoke($aro, $aco, $axo) ? "Ok\n" : "Error!\n";
141    break;
142
143case 'check' :
144    $aro = isset($_SERVER['argv'][2]) ? $_SERVER['argv'][2] : null;
145    $aco = isset($_SERVER['argv'][3]) ? $_SERVER['argv'][3] : null;
146    $axo = isset($_SERVER['argv'][4]) ? $_SERVER['argv'][4] : null;
147    if (!isset($aro)) {
148        echo "'check' command require at least one argument. Try 'help' if you are lost.\n";
149    }
150    echo $acl->check($aro, $aco, $axo) ? "allow\n" : "deny\n";
151    break;
152
153case 'help' :
154    help();
155    break;
156
157default :
158    echo "'$op' is not an understood command. Try 'help' if you are lost.\n";
159    break;
160}
161
162
163/********************************************************************
164* FUNCTIONS
165********************************************************************/
166
167function help()
168{
169    ?>
170Access Control List command line tool.
171
172This script must be run in the common site directory (i.e. the parent
173directory of the document root). DB credentials are retrieved from:
174global/db_auth.inc.php so this file must exist. Further more this script
175must be executed as the owner of the db_auth.inc.php file.
176
177Three types of objects are managed by this interface: ARO - Access
178Request Objects, ACO - Access Control Objects, and AXO - Access eXtention
179Objects. These are most often used as a USER -> ACTION -> OBJECT model,
180but can just as easily be SPICES -> CUISINES -> DISHES A privilege is
181allowed if a user (ARO) can perform an action (ACO) on something (AXO).
182For example, Bob can edit article 4. If the AXO if omitted, this becomes
183"Bob can edit" (period).
184
185Each access object is stored as a node in hierarchial tree structures. A
186premission granted to a node is applied to all its children. If a child
187node is specified a different permission that is more specific that
188anything on the branch it will take precidence. If no permission is
189specified, root is used for that object. Root, in this case, means
190"anything" since it is at the top of all branches.
191
192Usage: <?php echo $_SERVER['argv'][0]; ?> <command> [args]
193
194
195<?php echo $_SERVER['argv'][0]; ?> initdb
196<?php echo $_SERVER['argv'][0]; ?> list [aro | aco | axo]
197<?php echo $_SERVER['argv'][0]; ?> addaro <aro_object> [parent]
198<?php echo $_SERVER['argv'][0]; ?> addaco <aco_object> [parent]
199<?php echo $_SERVER['argv'][0]; ?> addaxo <axo_object> [parent]
200<?php echo $_SERVER['argv'][0]; ?> rmaro <aro_object>
201<?php echo $_SERVER['argv'][0]; ?> rmaco <aco_object>
202<?php echo $_SERVER['argv'][0]; ?> rmaxo <axo_object>
203<?php echo $_SERVER['argv'][0]; ?> grant <aro_object> [aco_object] [axo_object]
204<?php echo $_SERVER['argv'][0]; ?> revoke <aro_object> [aco_object] [axo_object]
205
206For the add*, grant, and revoke commands, if any of the optional
207args are not provided, 'root' is assumed.
208
209Strangecode :: www.strangecode.com
210<?php
211    die;
212}
213
214
215function listACL($root, $type)
216{
217    $app =& App::getInstance();
218    $db =& DB::getInstance();
219   
220    switch ($type) {
221    case 'aro' :
222        $tbl = 'aro_tbl';
223        break;
224    case 'aco' :
225        $tbl = 'aco_tbl';
226        break;
227    case 'axo' :
228        $tbl = 'axo_tbl';
229        break;
230    default :
231        $app->logMsg(sprintf('Invalid access object type: %s', $type), LOG_ERR, __FILE__, __LINE__);
232        return false;
233        break;
234    }
235   
236    // Retrieve the left and right value of the $root node.
237    $qid = $db->query("SELECT lft, rgt FROM $tbl WHERE name = '" . $db->escapeString($root) . "'");
238    list($lft, $rgt) = mysql_fetch_row($qid);
239   
240    $depth = array();
241   
242    // Retrieve all descendants of the root node
243    $qid = $db->query("SELECT name, lft, rgt, added_datetime FROM $tbl WHERE lft BETWEEN $lft AND $rgt ORDER BY lft ASC");
244    while (list($name, $lft, $rgt, $added_datetime) = mysql_fetch_row($qid)) {
245        // If the last element of $depth is less than the current rgt it means we finished with a set of children nodes.
246        while (sizeof($depth) > 0 && end($depth) < $rgt) {
247            array_pop($depth);
248        }
249   
250        // Display indented node title.
251        printf("%-20s %-5s %-5s %s\n", str_repeat('    ', sizeof($depth)) . $name, $lft, $rgt, $added_datetime);
252       
253        // Add this node to the stack.
254        $depth[] = $rgt;
255    }
256}
257
258
259?>
Note: See TracBrowser for help on using the repository browser.