Context Navigation

acl.cli.php @ 468

Last change on this file since 468 was 468, checked in by anonymous, 10 years ago

Completed integrating ^{/branches/eli_branch into}/trunk. Changes include:

Removed closing ?> from end of files
Upgrade old-style contructor methods to use construct() instead.
Class properties and methods defined as public, private, static or protected
Ensure code runs under E_ALL with only mysql_* deprecated warnings
Search for the '@' symbol anywhere it might be used to supress runtime errors, then replace with proper error recovery.
Run the php cli -l option to check files for syntax errors.
Bring tests up-to-date with latest version and methods of PHPUnit

Property svn:executable set to *

File size: 12.5 KB

Line
1	#!/usr/bin/php
2	<?php
3	/**
4	* The Strangecode Codebase - a general application development framework for PHP
5	* For details visit the project site: <http://trac.strangecode.com/codebase/>
6	* Copyright 2001-2012 Strangecode, LLC
7	*
8	* This file is part of The Strangecode Codebase.
9	*
10	* The Strangecode Codebase is free software: you can redistribute it and/or
11	* modify it under the terms of the GNU General Public License as published by the
12	* Free Software Foundation, either version 3 of the License, or (at your option)
13	* any later version.
14	*
15	* The Strangecode Codebase is distributed in the hope that it will be useful, but
16	* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
17	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
18	* details.
19	*
20	* You should have received a copy of the GNU General Public License along with
21	* The Strangecode Codebase. If not, see <http://www.gnu.org/licenses/>.
22	*/
23
24	/*
25	* acl.cli.php
26	*
27	* @author Quinn Comendant <quinn@strangecode.com>
28	* @version 1.0
29	* @since 14 Jun 2006 23:10:45
30	*/
31
32
33	/********************************************************************
34	* STARTUP
35	********************************************************************/
36
37	$this_script = basename($_SERVER['argv'][0]);
38
39	// Give them a fighting chance. Show the help message. ;P
40	if ($_SERVER['argc'] <= 1) {
41	help();
42	}
43
44	// Make sure necessary files exist.
45	define('COMMON_BASE', realpath('.'));
46	$db_quth_file = COMMON_BASE . '/global/db_auth.inc.php';
47	if (!file_exists($db_quth_file)) {
48	die(sprintf("%s error: the current directory must be common site directory (i.e. the parent directory of the document root) AND the global/db_auth.inc.php file must exist.\n", $this_script));
49	}
50
51	if (fileowner($db_quth_file) != getmyuid()) {
52	die(sprintf("%s error: you must execute this script as the owner of the web files.\n", $this_script));
53	}
54
55	// Set include path.
56	ini_set('include_path', get_include_path()
57	. PATH_SEPARATOR . COMMON_BASE
58	);
59
60
61	/********************************************************************
62	* CONFIG
63	********************************************************************/
64
65	// Include core libraries.
66	require_once 'codebase/lib/App.inc.php';
67	require_once 'codebase/lib/Utilities.inc.php';
68
69	$app =& App::getInstance('module_maker');
70	$app->setParam(array(
71	'site_name' => 'ACL cli',
72	'site_email' => 'codebase@strangecode.com',
73	'enable_session' => false,
74	'enable_db' => true,
75	'db_always_debug' => false,
76	'db_debug' => true,
77	'db_die_on_failure' => true,
78	'display_errors' => true,
79	'error_reporting' => E_ALL,
80	'log_file_priority' => LOG_INFO,
81	'log_screen_priority' => LOG_ERR,
82	'log_directory' => COMMON_BASE . '/log',
83	'log_filename' => 'site_log',
84	));
85	require_once 'global/db_auth.inc.php';
86
87	// Start application-based functionality: database, session, environment, ini setup, etc.
88	// Most configuration parameters must be set before starting the App.
89	$app->start();
90
91	// Global DB object. Automatically pre-configured by $app->start().
92	$db =& DB::getInstance();
93
94	// ACL!
95	require_once 'codebase/lib/ACL.inc.php';
96	$acl =& ACL::getInstance();
97	$acl->setParam(array('create_table' => false));
98
99
100	/********************************************************************
101	* MAIN
102	********************************************************************/
103
104	$op = $_SERVER['argv'][1];
105	switch ($op) {
106	case 'list' :
107	$type = isset($_SERVER['argv'][2]) ? $_SERVER['argv'][2] : null;
108	switch ($type) {
109	case 'aro' :
110	case 'aco' :
111	case 'axo' :
112	listObjects('root', $type);
113	break;
114	case 'all' :
115	listObjects('root', 'aro');
116	listObjects('root', 'aco');
117	listObjects('root', 'axo');
118	break;
119	case 'perms' :
120	default :
121	listPerms();
122	break;
123	}
124	break;
125
126	case 'addaro' :
127	case 'addaco' :
128	case 'addaxo' :
129	$object = isset($_SERVER['argv'][2]) ? $_SERVER['argv'][2] : null;
130	$parent = isset($_SERVER['argv'][3]) ? $_SERVER['argv'][3] : null;
131	if (!isset($object)) {
132	echo "'add*' commands require at least one argument. Try 'help' if you are lost.\n";
133	break;
134	}
135	echo $acl->add($object, $parent, str_replace('add', '', $op)) ? "Ok\n" : "Error!\n";
136	break;
137
138	case 'mvaro' :
139	case 'mvaco' :
140	case 'mvaxo' :
141	$object = isset($_SERVER['argv'][2]) ? $_SERVER['argv'][2] : null;
142	$parent = isset($_SERVER['argv'][3]) ? $_SERVER['argv'][3] : null;
143	if (!isset($object)) {
144	echo "'mv*' commands require at least one argument. Try 'help' if you are lost.\n";
145	break;
146	}
147	echo $acl->move($object, $parent, str_replace('mv', '', $op)) ? "Ok\n" : "Error!\n";
148	break;
149
150	case 'rmaro' :
151	case 'rmaco' :
152	case 'rmaxo' :
153	$object = isset($_SERVER['argv'][2]) ? $_SERVER['argv'][2] : null;
154	if (!isset($object)) {
155	echo "'add*' commands require at least one argument. Try 'help' if you are lost.\n";
156	break;
157	}
158	echo $acl->remove($object, str_replace('rm', '', $op)) ? "Ok\n" : "Error!\n";
159	break;
160
161	case 'initdb' :
162	echo $acl->initDB(true) ? "Ok\n" : "Error!\n";
163	break;
164
165	case 'grant' :
166	$aro = isset($_SERVER['argv'][2]) ? $_SERVER['argv'][2] : null;
167	$aco = isset($_SERVER['argv'][3]) ? $_SERVER['argv'][3] : null;
168	$axo = isset($_SERVER['argv'][4]) ? $_SERVER['argv'][4] : null;
169	if (!isset($aro)) {
170	echo "'grant' command require at least one argument. Try 'help' if you are lost.\n";
171	break;
172	}
173	echo $acl->grant($aro, $aco, $axo) ? "Ok\n" : "Error!\n";
174	break;
175
176	case 'revoke' :
177	$aro = isset($_SERVER['argv'][2]) ? $_SERVER['argv'][2] : null;
178	$aco = isset($_SERVER['argv'][3]) ? $_SERVER['argv'][3] : null;
179	$axo = isset($_SERVER['argv'][4]) ? $_SERVER['argv'][4] : null;
180	if (!isset($aro)) {
181	echo "'revoke' command require at least one argument. Try 'help' if you are lost.\n";
182	break;
183	}
184	echo $acl->revoke($aro, $aco, $axo) ? "Ok\n" : "Error!\n";
185	break;
186
187	case 'delete' :
188	$aro = isset($_SERVER['argv'][2]) && 'null' != $_SERVER['argv'][2] ? $_SERVER['argv'][2] : null;
189	$aco = isset($_SERVER['argv'][3]) && 'null' != $_SERVER['argv'][3] ? $_SERVER['argv'][3] : null;
190	$axo = isset($_SERVER['argv'][4]) && 'null' != $_SERVER['argv'][4] ? $_SERVER['argv'][4] : null;
191	if (!isset($_SERVER['argv'][2]) \|\| !isset($_SERVER['argv'][3]) \|\| !isset($_SERVER['argv'][4])) {
192	echo "'delete' command require all three arguments to be specified. Try 'help' if you are lost.\n";
193	break;
194	}
195	echo $acl->delete($aro, $aco, $axo) ? "Ok\n" : "Error!\n";
196	break;
197
198	case 'check' :
199	$aro = isset($_SERVER['argv'][2]) ? $_SERVER['argv'][2] : null;
200	$aco = isset($_SERVER['argv'][3]) ? $_SERVER['argv'][3] : null;
201	$axo = isset($_SERVER['argv'][4]) ? $_SERVER['argv'][4] : null;
202	if (!isset($aro)) {
203	echo "'check' command require at least one argument. Try 'help' if you are lost.\n";
204	break;
205	}
206	echo $acl->check($aro, $aco, $axo) ? "allow\n" : "deny\n";
207	break;
208
209	case 'help' :
210	help();
211	break;
212
213	default :
214	echo "'$op' is not an understood command. Try 'help' if you are lost.\n";
215	break;
216	}
217
218
219	/********************************************************************
220	* FUNCTIONS
221	********************************************************************/
222
223	function help()
224	{
225	global $this_script;
226
227	?>
228	Access Control List command line tool.
229
230	This script must be run in the common site directory (i.e. the parent
231	directory of the document root). DB credentials are retrieved from:
232	global/db_auth.inc.php so this file must exist. Furthermore this script
233	must be executed as the owner of the db_auth.inc.php file.
234
235	Three types of objects are managed by this interface: ARO - Access
236	Request Objects, ACO - Access Control Objects, and AXO - Access Xtra
237	Objects. These are most often used as a USER -> ACTION -> OBJECT model,
238	but could just as easily be SPICES -> CUISINES -> DISHES. A privilege is
239	allowed if a user (ARO) can perform an action (ACO) on something (AXO).
240	For example, with an `ARO->ACO->AXO` of `Bob->edit->4`, Bob can edit article 4.
241	If the AXO were omitted (i.e. just `Bob->edit`), this becomes "Bob can edit"
242	(he can edit any object).
243
244	Each access object is stored as a node in hierarchical tree structures.
245	A permission granted to a node is applied to all its children. If a child
246	node is specified a different permission that is more specific than
247	anything on the branch it will take precedence. If no permission is
248	specified, root is used for that object. Root, in this case, means
249	"anything" since it is at the top of all branches.
250
251	Usage: <?php echo $this_script; ?> command [args]
252
253	Where command is any of the following (with arguments):
254
255	initdb
256	list [aro \| aco \| axo \| all \| perms]
257	check aro [aco] [axo]
258	addaro aro [parent]
259	addaco aco [parent]
260	addaxo axo [parent]
261	mvaro aro [parent]
262	mvaco aco [parent]
263	mvaxo axo [parent]
264	rmaro aro
265	rmaco aco
266	rmaxo axo
267	grant aro [aco] [axo]
268	revoke aro [aco] [axo]
269	delete [aro] [aco] [axo]
270
271
272	For the add, mv, grant, and revoke commands if any of the optional
273	args are not provided, 'root' is assumed. For the delete command
274	'null' is considered a wild-card to delete all objects of that type.
275
276
277	Strangecode :: www.strangecode.com
278	<?php
279	die;
280	}
281
282
283	/*
284	* Print the tree structure of a specified table (aro_tbl, aco_tbl, or axo_tbl).
285	*
286	* @access public
287	* @param string $root Root node from which to begin calculating.
288	* @param string $type Table to call, one of: aro, aco, or axo.
289	* @return bool Returns false on error.
290	* @author Quinn Comendant <quinn@strangecode.com>
291	* @version 1.0
292	* @since 17 Jun 2006 23:41:22
293	*/
294	function listObjects($root, $type)
295	{
296	$app =& App::getInstance();
297	$db =& DB::getInstance();
298	global $this_script;
299
300	echo "\n";
301
302	switch ($type) {
303	case 'aro' :
304	$tbl = 'aro_tbl';
305	printf("%-35s %-5s %-5s %s\n", 'Request objects', 'lft', 'rgt', 'Added');
306	break;
307	case 'aco' :
308	$tbl = 'aco_tbl';
309	printf("%-35s %-5s %-5s %s\n", 'Control objects', 'lft', 'rgt', 'Added');
310	break;
311	case 'axo' :
312	$tbl = 'axo_tbl';
313	printf("%-35s %-5s %-5s %s\n", 'Xtra objects', 'lft', 'rgt', 'Added');
314	break;
315	default :
316	$app->logMsg(sprintf('Invalid access object type: %s', $type), LOG_ERR, __FILE__, __LINE__);
317	return false;
318	break;
319	}
320
321	echo "-----------------------------------------------------------\n";
322
323	// Retrieve the left and right value of the $root node.
324	$qid = $db->query("SELECT lft, rgt FROM $tbl WHERE name = '" . $db->escapeString($root) . "'");
325	list($lft, $rgt) = mysql_fetch_row($qid);
326
327	$depth = array();
328
329	// Retrieve all descendants of the root node
330	$qid = $db->query("SELECT name, lft, rgt, added_datetime FROM $tbl WHERE lft BETWEEN $lft AND $rgt ORDER BY lft ASC");
331	while (list($name, $lft, $rgt, $added_datetime) = mysql_fetch_row($qid)) {
332	// If the last element of $depth is less than the current rgt it means we finished with a set of children nodes.
333	while (sizeof($depth) > 0 && end($depth) < $rgt) {
334	array_pop($depth);
335	}
336
337	// Display indented node title.
338	printf("%-35s %-5s %-5s %s\n", str_repeat(' ', sizeof($depth)) . $name, $lft, $rgt, date($app->getParam('date_format'), strtotime($added_datetime)));
339
340	// Add this node to the stack.
341	$depth[] = $rgt;
342	}
343	}
344
345	/*
346	* List all entries in the acl_tbl.
347	*
348	* @access public
349	* @author Quinn Comendant <quinn@strangecode.com>
350	* @version 1.0
351	* @since 17 Jun 2006 15:11:53
352	*/
353	function listPerms()
354	{
355	$app =& App::getInstance();
356	$db =& DB::getInstance();
357	global $this_script;
358
359	// Retrieve access value from db.
360	$qid = $db->query("
361	SELECT aro_tbl.name AS aro, aco_tbl.name AS aco, axo_tbl.name AS axo, acl_tbl.access, acl_tbl.added_datetime
362	FROM acl_tbl
363	LEFT JOIN aro_tbl ON (acl_tbl.aro_id = aro_tbl.aro_id)
364	LEFT JOIN aco_tbl ON (acl_tbl.aco_id = aco_tbl.aco_id)
365	LEFT JOIN axo_tbl ON (acl_tbl.axo_id = axo_tbl.axo_id)
366	ORDER BY aro_tbl.lft ASC, aco_tbl.lft ASC, axo_tbl.lft ASC
367	");
368	echo "\n";
369	printf("%-25s %-25s %-25s %-6s %-10s\n", 'Request objects', 'Control objects', 'Xtra objects', '', 'Added');
370	echo "------------------------------------------------------------------------------------------------\n";
371	while ($p = mysql_fetch_assoc($qid)) {
372	printf("%-25s %-25s %-25s \033[0;%sm%-6s\033[0m %-10s\n", $p['aro'], $p['aco'], $p['axo'], ('allow' == $p['access'] ? '32' : '31'), $p['access'], date($app->getParam('date_format'), strtotime($p['added_datetime'])));
373	}
374	}
375
376

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: trunk/bin/acl.cli.php @ 468

Download in other formats: