Context Navigation

source: trunk/bin/acl.cli.php @ 174

Last change on this file since 174 was 174, checked in by scdev, 18 years ago
Q - added move method to ACL class, added polish.
Property svn:executable set to ``*
File size: 11.0 KB

Line
1	#!/usr/local/bin/php
2	<?php
3	/*
4	* acl.cli.php
5	* Code by Strangecode :: www.strangecode.com :: This document contains copyrighted information.
6	* @author Quinn Comendant <quinn@strangecode.com>
7	* @version 1.0
8	* @since 14 Jun 2006 23:10:45
9	*/
10
11
12	/********************************************************************
13	* STARTUP
14	********************************************************************/
15
16	$this_script = basename($_SERVER['argv'][0]);
17
18	// Give them a fighting chance. Show the help message. ;P
19	if ($_SERVER['argc'] <= 1) {
20	help();
21	}
22
23	// Make sure necessary files exist.
24	define('COMMON_BASE', realpath('.'));
25	$db_quth_file = COMMON_BASE . '/global/db_auth.inc.php';
26	if (!file_exists($db_quth_file)) {
27	die(sprintf("%s error: the current directory must be common site directory (i.e. the parent directory of the document root) AND the global/db_auth.inc.php file must exist.\n", $this_script));
28	}
29
30	if (fileowner($db_quth_file) != getmyuid()) {
31	die(sprintf("%s error: you must execute this script as the owner of the web files.\n", $this_script));
32	}
33
34	// Set include path.
35	ini_set('include_path', get_include_path()
36	. PATH_SEPARATOR . COMMON_BASE
37	);
38
39
40	/********************************************************************
41	* CONFIG
42	********************************************************************/
43
44	// Include core libraries.
45	require_once 'codebase/lib/App.inc.php';
46	require_once 'codebase/lib/Utilities.inc.php';
47
48	$app =& App::getInstance('module_maker');
49	$app->setParam(array(
50	'site_name' => 'ACL cli',
51	'site_email' => 'codebase@strangecode.com',
52	'enable_session' => false,
53	'enable_db' => true,
54	'db_always_debug' => false,
55	'db_debug' => true,
56	'db_die_on_failure' => true,
57	'display_errors' => true,
58	'error_reporting' => E_ALL,
59	'log_file_priority' => LOG_INFO,
60	'log_screen_priority' => LOG_ERR,
61	'log_directory' => COMMON_BASE . '/log',
62	'log_filename' => 'site_log',
63	));
64	require_once 'global/db_auth.inc.php';
65
66	// Start application-based functionality: database, session, environment, ini setup, etc.
67	// Most configuration parameters must be set before starting the App.
68	$app->start();
69
70	// Global DB object. Automatically pre-configured by $app->start().
71	$db =& DB::getInstance();
72
73	// ACL!
74	require_once 'codebase/lib/ACL.inc.php';
75	$acl =& ACL::getInstance();
76	$acl->setParam(array('create_table' => false));
77
78
79	/********************************************************************
80	* MAIN
81	********************************************************************/
82
83	$op = $_SERVER['argv'][1];
84	switch ($op) {
85	case 'list' :
86	$type = isset($_SERVER['argv'][2]) ? $_SERVER['argv'][2] : null;
87	switch ($type) {
88	case 'aro' :
89	case 'aco' :
90	case 'axo' :
91	listObjects('root', $type);
92	break;
93	case 'all' :
94	listObjects('root', 'aro');
95	listObjects('root', 'aco');
96	listObjects('root', 'axo');
97	break;
98	case 'perms' :
99	default :
100	listPerms();
101	break;
102	}
103	break;
104
105	case 'addaro' :
106	case 'addaco' :
107	case 'addaxo' :
108	$object = isset($_SERVER['argv'][2]) ? $_SERVER['argv'][2] : null;
109	$parent = isset($_SERVER['argv'][3]) ? $_SERVER['argv'][3] : null;
110	if (!isset($object)) {
111	echo "'add*' commands require at least one argument. Try 'help' if you are lost.\n";
112	}
113	echo $acl->add($object, $parent, str_replace('add', '', $op)) ? "Ok\n" : "Error!\n";
114	break;
115
116	case 'mvaro' :
117	case 'mvaco' :
118	case 'mvaxo' :
119	$object = isset($_SERVER['argv'][2]) ? $_SERVER['argv'][2] : null;
120	$parent = isset($_SERVER['argv'][3]) ? $_SERVER['argv'][3] : null;
121	if (!isset($object)) {
122	echo "'mv*' commands require at least one argument. Try 'help' if you are lost.\n";
123	}
124	echo $acl->move($object, $parent, str_replace('mv', '', $op)) ? "Ok\n" : "Error!\n";
125	break;
126
127	case 'rmaro' :
128	case 'rmaco' :
129	case 'rmaxo' :
130	$object = isset($_SERVER['argv'][2]) ? $_SERVER['argv'][2] : null;
131	if (!isset($object)) {
132	echo "'add*' commands require at least one argument. Try 'help' if you are lost.\n";
133	}
134	echo $acl->remove($object, str_replace('rm', '', $op)) ? "Ok\n" : "Error!\n";
135	break;
136
137	case 'initdb' :
138	echo $acl->initDB(true) ? "Ok\n" : "Error!\n";
139	break;
140
141	case 'grant' :
142	$aro = isset($_SERVER['argv'][2]) ? $_SERVER['argv'][2] : null;
143	$aco = isset($_SERVER['argv'][3]) ? $_SERVER['argv'][3] : null;
144	$axo = isset($_SERVER['argv'][4]) ? $_SERVER['argv'][4] : null;
145	if (!isset($aro)) {
146	echo "'grant' command require at least one argument. Try 'help' if you are lost.\n";
147	}
148	echo $acl->grant($aro, $aco, $axo) ? "Ok\n" : "Error!\n";
149	break;
150
151	case 'revoke' :
152	$aro = isset($_SERVER['argv'][2]) ? $_SERVER['argv'][2] : null;
153	$aco = isset($_SERVER['argv'][3]) ? $_SERVER['argv'][3] : null;
154	$axo = isset($_SERVER['argv'][4]) ? $_SERVER['argv'][4] : null;
155	if (!isset($aro)) {
156	echo "'revoke' command require at least one argument. Try 'help' if you are lost.\n";
157	}
158	echo $acl->revoke($aro, $aco, $axo) ? "Ok\n" : "Error!\n";
159	break;
160
161	case 'check' :
162	$aro = isset($_SERVER['argv'][2]) ? $_SERVER['argv'][2] : null;
163	$aco = isset($_SERVER['argv'][3]) ? $_SERVER['argv'][3] : null;
164	$axo = isset($_SERVER['argv'][4]) ? $_SERVER['argv'][4] : null;
165	if (!isset($aro)) {
166	echo "'check' command require at least one argument. Try 'help' if you are lost.\n";
167	}
168	echo $acl->check($aro, $aco, $axo) ? "allow\n" : "deny\n";
169	break;
170
171	case 'help' :
172	help();
173	break;
174
175	default :
176	echo "'$op' is not an understood command. Try 'help' if you are lost.\n";
177	break;
178	}
179
180
181	/********************************************************************
182	* FUNCTIONS
183	********************************************************************/
184
185	function help()
186	{
187	global $this_script;
188
189	?>
190	Access Control List command line tool.
191
192	This script must be run in the common site directory (i.e. the parent
193	directory of the document root). DB credentials are retrieved from:
194	global/db_auth.inc.php so this file must exist. Further more this script
195	must be executed as the owner of the db_auth.inc.php file.
196
197	Three types of objects are managed by this interface: ARO - Access
198	Request Objects, ACO - Access Control Objects, and AXO - Access Xtra
199	Objects. These are most often used as a USER -> ACTION -> OBJECT model,
200	but can just as easily be SPICES -> CUISINES -> DISHES A privilege is
201	allowed if a user (ARO) can perform an action (ACO) on something (AXO).
202	For example, Bob can edit article 4. If the AXO if omitted, this becomes
203	"Bob can edit" (period).
204
205	Each access object is stored as a node in hierarchial tree structures. A
206	premission granted to a node is applied to all its children. If a child
207	node is specified a different permission that is more specific that
208	anything on the branch it will take precidence. If no permission is
209	specified, root is used for that object. Root, in this case, means
210	"anything" since it is at the top of all branches.
211
212	Usage: <?php echo $this_script; ?> <command> [args]
213
214	Where <command> is any of the following (with arguments):
215
216	initdb
217	list [aro \| aco \| axo \| all \| perms]
218	addaro <aro_object> [parent]
219	addaco <aco_object> [parent]
220	addaxo <axo_object> [parent]
221	mvaro <aro_object> [parent]
222	mvaco <aco_object> [parent]
223	mvaxo <axo_object> [parent]
224	rmaro <aro_object>
225	rmaco <aco_object>
226	rmaxo <axo_object>
227	grant <aro_object> [aco_object] [axo_object]
228	revoke <aro_object> [aco_object] [axo_object]
229
230	For the add, mv, grant, and revoke commands if any of the optional
231	args are not provided, 'root' is assumed.
232
233	Strangecode :: www.strangecode.com
234	<?php
235	die;
236	}
237
238
239	/*
240	* Print the tree structure of a specified table (aro_tbl, aco_tbl, or axo_tbl).
241	*
242	* @access public
243	* @param string $root Root node from which to begin calculating.
244	* @param string $type Table to call, one of: aro, aco, or axo.
245	* @return bool Returns false on error.
246	* @author Quinn Comendant <quinn@strangecode.com>
247	* @version 1.0
248	* @since 17 Jun 2006 23:41:22
249	*/
250	function listObjects($root, $type)
251	{
252	$app =& App::getInstance();
253	$db =& DB::getInstance();
254	global $this_script;
255
256	echo "\n";
257
258	switch ($type) {
259	case 'aro' :
260	$tbl = 'aro_tbl';
261	printf("%-35s %-5s %-5s %s\n", 'Request objects', 'lft', 'rgt', 'Added');
262	break;
263	case 'aco' :
264	$tbl = 'aco_tbl';
265	printf("%-35s %-5s %-5s %s\n", 'Control objects', 'lft', 'rgt', 'Added');
266	break;
267	case 'axo' :
268	$tbl = 'axo_tbl';
269	printf("%-35s %-5s %-5s %s\n", 'Xtra objects', 'lft', 'rgt', 'Added');
270	break;
271	default :
272	$app->logMsg(sprintf('Invalid access object type: %s', $type), LOG_ERR, __FILE__, __LINE__);
273	return false;
274	break;
275	}
276
277	echo "-----------------------------------------------------------\n";
278
279	// Retrieve the left and right value of the $root node.
280	$qid = $db->query("SELECT lft, rgt FROM $tbl WHERE name = '" . $db->escapeString($root) . "'");
281	list($lft, $rgt) = mysql_fetch_row($qid);
282
283	$depth = array();
284
285	// Retrieve all descendants of the root node
286	$qid = $db->query("SELECT name, lft, rgt, added_datetime FROM $tbl WHERE lft BETWEEN $lft AND $rgt ORDER BY lft ASC");
287	while (list($name, $lft, $rgt, $added_datetime) = mysql_fetch_row($qid)) {
288	// If the last element of $depth is less than the current rgt it means we finished with a set of children nodes.
289	while (sizeof($depth) > 0 && end($depth) < $rgt) {
290	array_pop($depth);
291	}
292
293	// Display indented node title.
294	printf("%-35s %-5s %-5s %s\n", str_repeat(' ', sizeof($depth)) . $name, $lft, $rgt, date($app->getParam('date_format'), strtotime($added_datetime)));
295
296	// Add this node to the stack.
297	$depth[] = $rgt;
298	}
299	}
300
301	/*
302	* List all entries in the acl_tbl.
303	*
304	* @access public
305	* @author Quinn Comendant <quinn@strangecode.com>
306	* @version 1.0
307	* @since 17 Jun 2006 15:11:53
308	*/
309	function listPerms()
310	{
311	$app =& App::getInstance();
312	$db =& DB::getInstance();
313	global $this_script;
314
315	// Retreive access value from db.
316	$qid = $db->query("
317	SELECT aro_tbl.name AS aro, aco_tbl.name AS aco, axo_tbl.name AS axo, acl_tbl.access, acl_tbl.added_datetime
318	FROM acl_tbl
319	LEFT JOIN aro_tbl ON (acl_tbl.aro_id = aro_tbl.aro_id)
320	LEFT JOIN aco_tbl ON (acl_tbl.aco_id = aco_tbl.aco_id)
321	LEFT JOIN axo_tbl ON (acl_tbl.axo_id = axo_tbl.axo_id)
322	ORDER BY aro_tbl.aro_id ASC, aco_tbl.aco_id ASC, axo_tbl.axo_id ASC
323	");
324	echo "\n";
325	printf("%-25s %-25s %-25s %-6s %-10s\n", 'Request objects', 'Control objects', 'Xtra objects', '', 'Added');
326	echo "------------------------------------------------------------------------------------------------\n";
327	while ($p = mysql_fetch_assoc($qid)) {
328	printf("%-25s %-25s %-25s \033[0;%sm%-6s\033[0m %-10s\n", $p['aro'], $p['aco'], $p['axo'], ('allow' == $p['access'] ? '32' : '31'), $p['access'], date($app->getParam('date_format'), strtotime($p['added_datetime'])));
329	}
330	}
331
332
333	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: