Context Navigation

source: trunk/bin/acl.cli.php @ 502

Last change on this file since 502 was 502, checked in by anonymous, 9 years ago
Many minor fixes during pulso development
Property svn:executable set to ``*
File size: 12.9 KB

Line
1	#!/usr/bin/php
2	<?php
3	/**
4	* The Strangecode Codebase - a general application development framework for PHP
5	* For details visit the project site: <http://trac.strangecode.com/codebase/>
6	* Copyright 2001-2012 Strangecode, LLC
7	*
8	* This file is part of The Strangecode Codebase.
9	*
10	* The Strangecode Codebase is free software: you can redistribute it and/or
11	* modify it under the terms of the GNU General Public License as published by the
12	* Free Software Foundation, either version 3 of the License, or (at your option)
13	* any later version.
14	*
15	* The Strangecode Codebase is distributed in the hope that it will be useful, but
16	* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
17	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
18	* details.
19	*
20	* You should have received a copy of the GNU General Public License along with
21	* The Strangecode Codebase. If not, see <http://www.gnu.org/licenses/>.
22	*/
23
24	/*
25	* acl.cli.php
26	*
27	* @author Quinn Comendant <quinn@strangecode.com>
28	* @version 1.0
29	* @since 14 Jun 2006 23:10:45
30	*/
31
32
33	/********************************************************************
34	* STARTUP
35	********************************************************************/
36
37	$this_script = basename($_SERVER['argv'][0]);
38
39	// Give them a fighting chance. Show the help message. ;P
40	if ($_SERVER['argc'] <= 1) {
41	help();
42	}
43
44	// Make sure necessary files exist.
45	define('COMMON_BASE', realpath('.'));
46	$db_auth_file = false;
47	$rii = new RecursiveIteratorIterator(new RecursiveDirectoryIterator(COMMON_BASE));
48	$rii->setMaxDepth(2);
49	foreach ($rii as $filename => $file) {
50	if (mb_strpos($filename, 'db_auth.inc.php') !== false) {
51	$db_auth_file = $filename;
52	break;
53	}
54	}
55	if (!$db_auth_file) {
56	die(sprintf("%s error: the current directory must be common site directory (i.e. the parent directory of the document root) AND the db_auth.inc.php file must exist.\n", $this_script));
57	}
58	if (fileowner($db_auth_file) != getmyuid()) {
59	die(sprintf("%s error: you must execute this script as the owner of the web files.\n", $this_script));
60	}
61
62	// Set include path.
63	ini_set('include_path', get_include_path() . PATH_SEPARATOR . COMMON_BASE);
64
65	/********************************************************************
66	* CONFIG
67	********************************************************************/
68
69	// Include core libraries.
70	require_once 'codebase/lib/App.inc.php';
71	require_once 'codebase/lib/Utilities.inc.php';
72
73	define('_CLI', true);
74	$app =& App::getInstance('module_maker');
75	$app->setParam(array(
76	'site_name' => 'ACL cli',
77	'site_email' => 'codebase@strangecode.com',
78	'enable_session' => false,
79	'enable_db' => true,
80	'db_always_debug' => false,
81	'db_debug' => true,
82	'db_die_on_failure' => true,
83	'display_errors' => true,
84	'error_reporting' => E_ALL,
85	'log_file_priority' => LOG_INFO,
86	'log_screen_priority' => LOG_ERR,
87	'log_directory' => COMMON_BASE . '/log',
88	'log_filename' => 'site_log',
89	));
90	require_once $db_auth_file;
91
92	// Start application-based functionality: database, session, environment, ini setup, etc.
93	// Most configuration parameters must be set before starting the App.
94	$app->start();
95
96	// Global DB object. Automatically pre-configured by $app->start().
97	$db =& DB::getInstance();
98
99	// ACL!
100	require_once 'codebase/lib/ACL.inc.php';
101	$acl =& ACL::getInstance();
102	$acl->setParam(array('create_table' => false));
103
104
105	/********************************************************************
106	* MAIN
107	********************************************************************/
108
109	if (!$db->tableExists('acl_tbl')) {
110	printf("This project doesn't appear to be using ACL (there is no acl_tbl in the %s DB).\n", $app->getParam('db_name'));
111	$app->stop();
112	die;
113	}
114
115	$op = $_SERVER['argv'][1];
116	switch ($op) {
117	case 'list' :
118	$type = isset($_SERVER['argv'][2]) ? $_SERVER['argv'][2] : null;
119	switch ($type) {
120	case 'aro' :
121	case 'aco' :
122	case 'axo' :
123	listObjects('root', $type);
124	break;
125	case 'all' :
126	listObjects('root', 'aro');
127	listObjects('root', 'aco');
128	listObjects('root', 'axo');
129	break;
130	case 'perms' :
131	default :
132	listPerms();
133	break;
134	}
135	break;
136
137	case 'addaro' :
138	case 'addaco' :
139	case 'addaxo' :
140	$object = isset($_SERVER['argv'][2]) ? $_SERVER['argv'][2] : null;
141	$parent = isset($_SERVER['argv'][3]) ? $_SERVER['argv'][3] : null;
142	if (!isset($object)) {
143	echo "'add*' commands require at least one argument. Try 'help' if you are lost.\n";
144	break;
145	}
146	echo $acl->add($object, $parent, str_replace('add', '', $op)) ? "Ok\n" : "Error!\n";
147	break;
148
149	case 'mvaro' :
150	case 'mvaco' :
151	case 'mvaxo' :
152	$object = isset($_SERVER['argv'][2]) ? $_SERVER['argv'][2] : null;
153	$parent = isset($_SERVER['argv'][3]) ? $_SERVER['argv'][3] : null;
154	if (!isset($object)) {
155	echo "'mv*' commands require at least one argument. Try 'help' if you are lost.\n";
156	break;
157	}
158	echo $acl->move($object, $parent, str_replace('mv', '', $op)) ? "Ok\n" : "Error!\n";
159	break;
160
161	case 'rmaro' :
162	case 'rmaco' :
163	case 'rmaxo' :
164	$object = isset($_SERVER['argv'][2]) ? $_SERVER['argv'][2] : null;
165	if (!isset($object)) {
166	echo "'add*' commands require at least one argument. Try 'help' if you are lost.\n";
167	break;
168	}
169	echo $acl->remove($object, str_replace('rm', '', $op)) ? "Ok\n" : "Error!\n";
170	break;
171
172	case 'initdb' :
173	echo $acl->initDB(true) ? "Ok\n" : "Error!\n";
174	break;
175
176	case 'grant' :
177	$aro = isset($_SERVER['argv'][2]) ? $_SERVER['argv'][2] : null;
178	$aco = isset($_SERVER['argv'][3]) ? $_SERVER['argv'][3] : null;
179	$axo = isset($_SERVER['argv'][4]) ? $_SERVER['argv'][4] : null;
180	if (!isset($aro)) {
181	echo "'grant' command require at least one argument. Try 'help' if you are lost.\n";
182	break;
183	}
184	echo $acl->grant($aro, $aco, $axo) ? "Ok\n" : "Error!\n";
185	break;
186
187	case 'revoke' :
188	$aro = isset($_SERVER['argv'][2]) ? $_SERVER['argv'][2] : null;
189	$aco = isset($_SERVER['argv'][3]) ? $_SERVER['argv'][3] : null;
190	$axo = isset($_SERVER['argv'][4]) ? $_SERVER['argv'][4] : null;
191	if (!isset($aro)) {
192	echo "'revoke' command require at least one argument. Try 'help' if you are lost.\n";
193	break;
194	}
195	echo $acl->revoke($aro, $aco, $axo) ? "Ok\n" : "Error!\n";
196	break;
197
198	case 'delete' :
199	$aro = isset($_SERVER['argv'][2]) && 'null' != $_SERVER['argv'][2] ? $_SERVER['argv'][2] : null;
200	$aco = isset($_SERVER['argv'][3]) && 'null' != $_SERVER['argv'][3] ? $_SERVER['argv'][3] : null;
201	$axo = isset($_SERVER['argv'][4]) && 'null' != $_SERVER['argv'][4] ? $_SERVER['argv'][4] : null;
202	if (!isset($_SERVER['argv'][2]) \|\| !isset($_SERVER['argv'][3]) \|\| !isset($_SERVER['argv'][4])) {
203	echo "'delete' command require all three arguments to be specified. Try 'help' if you are lost.\n";
204	break;
205	}
206	echo $acl->delete($aro, $aco, $axo) ? "Ok\n" : "Error!\n";
207	break;
208
209	case 'check' :
210	$aro = isset($_SERVER['argv'][2]) ? $_SERVER['argv'][2] : null;
211	$aco = isset($_SERVER['argv'][3]) ? $_SERVER['argv'][3] : null;
212	$axo = isset($_SERVER['argv'][4]) ? $_SERVER['argv'][4] : null;
213	if (!isset($aro)) {
214	echo "'check' command require at least one argument. Try 'help' if you are lost.\n";
215	break;
216	}
217	echo $acl->check($aro, $aco, $axo) ? "allow\n" : "deny\n";
218	break;
219
220	case 'help' :
221	help();
222	break;
223
224	default :
225	echo "'$op' is not an understood command. Try 'help' if you are lost.\n";
226	break;
227	}
228
229	$app->stop();
230	die;
231
232
233	/********************************************************************
234	* FUNCTIONS
235	********************************************************************/
236
237	function help()
238	{
239	global $this_script;
240
241	?>
242	Access Control List command line tool.
243
244	This script must be run in the common site directory (i.e. the parent
245	directory of the document root). DB credentials are retrieved from:
246	global/db_auth.inc.php so this file must exist. Furthermore this script
247	must be executed as the owner of the db_auth.inc.php file.
248
249	Three types of objects are managed by this interface:
250
251	ARO - Access Request Objects
252	ACO - Access Control Objects
253	AXO - Access Xtra Objects
254
255	These are most often used as a USER -> ACTION -> OBJECT model,
256	but could just as easily be SPICES -> CUISINES -> DISHES. A privilege is
257	allowed if a user (ARO) can perform an action (ACO) on something (AXO).
258	For example, with an `ARO->ACO->AXO` of `Bob->edit->4`, Bob can edit article 4.
259	If the AXO were omitted (i.e. just `Bob->edit`), this becomes "Bob can edit"
260	(he can edit any object).
261
262	Each access object is stored as a node in hierarchical tree structure.
263	A permission granted to a node is applied to all its children. If a child
264	node is specified with a permission more specific than its ancestors, the
265	child will take precedence. If no permission is specified, root is used,
266	implying access to any object of that type.
267
268	Usage: <?php echo $this_script; ?> command [args]
269
270	Where command is any of the following (with arguments):
271
272	initdb
273	list [aro \| aco \| axo \| all \| perms]
274	check aro [aco] [axo]
275	addaro aro [parent]
276	addaco aco [parent]
277	addaxo axo [parent]
278	mvaro aro [parent]
279	mvaco aco [parent]
280	mvaxo axo [parent]
281	rmaro aro
282	rmaco aco
283	rmaxo axo
284	grant aro [aco] [axo]
285	revoke aro [aco] [axo]
286	delete aro aco axo
287
288	For the add, mv, grant, and revoke commands if any of the optional
289	args are not provided, 'root' is assumed. The delete command requires
290	all object types to be specified; Passing the string 'null' will cause
291	all matches in that column to be deleted. run with 'grants' to view what
292	can be deleted.
293	<?php
294	die;
295	}
296
297
298	/*
299	* Print the tree structure of a specified table (aro_tbl, aco_tbl, or axo_tbl).
300	*
301	* @access public
302	* @param string $root Root node from which to begin calculating.
303	* @param string $type Table to call, one of: aro, aco, or axo.
304	* @return bool Returns false on error.
305	* @author Quinn Comendant <quinn@strangecode.com>
306	* @version 1.0
307	* @since 17 Jun 2006 23:41:22
308	*/
309	function listObjects($root, $type)
310	{
311	$app =& App::getInstance();
312	$db =& DB::getInstance();
313	global $this_script;
314
315	echo "\n";
316
317	switch ($type) {
318	case 'aro' :
319	$tbl = 'aro_tbl';
320	printf("%-45s %s\n", 'Request objects', 'Added');
321	break;
322	case 'aco' :
323	$tbl = 'aco_tbl';
324	printf("%-45s %s\n", 'Control objects', 'Added');
325	break;
326	case 'axo' :
327	$tbl = 'axo_tbl';
328	printf("%-45s %s\n", 'Xtra objects', 'Added');
329	break;
330	default :
331	$app->logMsg(sprintf('Invalid access object type: %s', $type), LOG_ERR, __FILE__, __LINE__);
332	return false;
333	break;
334	}
335
336	echo "---------------------------------------------------------------------\n";
337
338	// Retrieve the left and right value of the $root node.
339	$qid = $db->query("SELECT lft, rgt FROM $tbl WHERE name = '" . $db->escapeString($root) . "'");
340	list($lft, $rgt) = mysql_fetch_row($qid);
341
342	$depth = array();
343
344	// Retrieve all descendants of the root node
345	$qid = $db->query("SELECT name, lft, rgt, added_datetime FROM $tbl WHERE lft BETWEEN $lft AND $rgt ORDER BY lft ASC");
346	while (list($name, $lft, $rgt, $added_datetime) = mysql_fetch_row($qid)) {
347	// If the last element of $depth is less than the current rgt it means we finished with a set of children nodes.
348	while (sizeof($depth) > 0 && end($depth) < $rgt) {
349	array_pop($depth);
350	}
351
352	// Display indented node title.
353	printf("%-45s %s\n", str_repeat(' ', sizeof($depth)) . $name, date($app->getParam('date_format') . ' ' . $app->getParam('time_format'), strtotime($added_datetime)));
354
355	// Add this node to the stack.
356	$depth[] = $rgt;
357	}
358	}
359
360	/*
361	* List all entries in the acl_tbl.
362	*
363	* @access public
364	* @author Quinn Comendant <quinn@strangecode.com>
365	* @version 1.0
366	* @since 17 Jun 2006 15:11:53
367	*/
368	function listPerms()
369	{
370	$app =& App::getInstance();
371	$db =& DB::getInstance();
372	global $this_script;
373
374	// Retrieve access value from db.
375	$qid = $db->query("
376	SELECT aro_tbl.name AS aro, aco_tbl.name AS aco, axo_tbl.name AS axo, acl_tbl.access, acl_tbl.added_datetime
377	FROM acl_tbl
378	LEFT JOIN aro_tbl ON (acl_tbl.aro_id = aro_tbl.aro_id)
379	LEFT JOIN aco_tbl ON (acl_tbl.aco_id = aco_tbl.aco_id)
380	LEFT JOIN axo_tbl ON (acl_tbl.axo_id = axo_tbl.axo_id)
381	ORDER BY aro_tbl.lft ASC, aco_tbl.lft ASC, axo_tbl.lft ASC
382	");
383	echo "\n";
384	printf("%-25s %-25s %-25s %-6s %-10s\n", 'Request objects', 'Control objects', 'Xtra objects', 'Grant', 'Added');
385	echo "------------------------------------------------------------------------------------------------\n";
386	while ($p = mysql_fetch_assoc($qid)) {
387	printf("%-25s %-25s %-25s \033[0;%sm%-6s\033[0m %-10s\n", $p['aro'], $p['aco'], $p['axo'], ('allow' == $p['access'] ? '32' : '31'), $p['access'], date($app->getParam('date_format'), strtotime($p['added_datetime'])));
388	}
389	}
390
391

Note: See TracBrowser for help on using the repository browser.

Download in other formats: