Context Navigation

source: trunk/bin/acl.cli.php @ 533

Last change on this file since 533 was 533, checked in by anonymous, 9 years ago
Adapted module maker scripts to use the new cli config file. Updated config to load codebase classes from its own codebase dir.
Property svn:executable set to ``*
File size: 11.0 KB

Line
1	#!/usr/bin/env php
2	<?php
3	/**
4	* The Strangecode Codebase - a general application development framework for PHP
5	* For details visit the project site: <http://trac.strangecode.com/codebase/>
6	* Copyright 2001-2012 Strangecode, LLC
7	*
8	* This file is part of The Strangecode Codebase.
9	*
10	* The Strangecode Codebase is free software: you can redistribute it and/or
11	* modify it under the terms of the GNU General Public License as published by the
12	* Free Software Foundation, either version 3 of the License, or (at your option)
13	* any later version.
14	*
15	* The Strangecode Codebase is distributed in the hope that it will be useful, but
16	* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
17	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
18	* details.
19	*
20	* You should have received a copy of the GNU General Public License along with
21	* The Strangecode Codebase. If not, see <http://www.gnu.org/licenses/>.
22	*/
23
24	/*
25	* acl.cli.php
26	*
27	* @author Quinn Comendant <quinn@strangecode.com>
28	* @version 1.1
29	* @since 14 Jun 2006 23:10:45
30	*/
31
32	/********************************************************************
33	* CONFIG
34	********************************************************************/
35
36	require_once dirname(__FILE__) . '/_config.inc.php';
37
38	// Give them a fighting chance. Show the help message. ;P
39	if ($_SERVER['argc'] <= 1) {
40	help();
41	}
42
43	// ACL!
44	require_once CODEBASE_PATH . '/lib/ACL.inc.php';
45	$acl =& ACL::getInstance();
46	$acl->setParam(array('create_table' => false));
47
48
49	/********************************************************************
50	* MAIN
51	********************************************************************/
52
53	if (!$db->tableExists('acl_tbl')) {
54	printf("This project doesn't appear to be using ACL (there is no acl_tbl in the %s DB).\n", $app->getParam('db_name'));
55	$app->stop();
56	die;
57	}
58
59	$op = $_SERVER['argv'][1];
60	switch ($op) {
61	case 'list' :
62	$type = isset($_SERVER['argv'][2]) ? $_SERVER['argv'][2] : null;
63	switch ($type) {
64	case 'aro' :
65	case 'aco' :
66	case 'axo' :
67	listObjects('root', $type);
68	break;
69	case 'all' :
70	listObjects('root', 'aro');
71	listObjects('root', 'aco');
72	listObjects('root', 'axo');
73	break;
74	case 'perms' :
75	default :
76	listPerms();
77	break;
78	}
79	break;
80
81	case 'addaro' :
82	case 'addaco' :
83	case 'addaxo' :
84	$object = isset($_SERVER['argv'][2]) ? $_SERVER['argv'][2] : null;
85	$parent = isset($_SERVER['argv'][3]) ? $_SERVER['argv'][3] : null;
86	if (!isset($object)) {
87	echo "'add*' commands require at least one argument. Try 'help' if you are lost.\n";
88	break;
89	}
90	echo $acl->add($object, $parent, str_replace('add', '', $op)) ? "Ok\n" : "Error!\n";
91	break;
92
93	case 'mvaro' :
94	case 'mvaco' :
95	case 'mvaxo' :
96	$object = isset($_SERVER['argv'][2]) ? $_SERVER['argv'][2] : null;
97	$parent = isset($_SERVER['argv'][3]) ? $_SERVER['argv'][3] : null;
98	if (!isset($object)) {
99	echo "'mv*' commands require at least one argument. Try 'help' if you are lost.\n";
100	break;
101	}
102	echo $acl->move($object, $parent, str_replace('mv', '', $op)) ? "Ok\n" : "Error!\n";
103	break;
104
105	case 'rmaro' :
106	case 'rmaco' :
107	case 'rmaxo' :
108	$object = isset($_SERVER['argv'][2]) ? $_SERVER['argv'][2] : null;
109	if (!isset($object)) {
110	echo "'add*' commands require at least one argument. Try 'help' if you are lost.\n";
111	break;
112	}
113	echo $acl->remove($object, str_replace('rm', '', $op)) ? "Ok\n" : "Error!\n";
114	break;
115
116	case 'initdb' :
117	echo $acl->initDB(true) ? "Ok\n" : "Error!\n";
118	break;
119
120	case 'grant' :
121	$aro = isset($_SERVER['argv'][2]) ? $_SERVER['argv'][2] : null;
122	$aco = isset($_SERVER['argv'][3]) ? $_SERVER['argv'][3] : null;
123	$axo = isset($_SERVER['argv'][4]) ? $_SERVER['argv'][4] : null;
124	if (!isset($aro)) {
125	echo "'grant' command require at least one argument. Try 'help' if you are lost.\n";
126	break;
127	}
128	echo $acl->grant($aro, $aco, $axo) ? "Ok\n" : "Error!\n";
129	break;
130
131	case 'revoke' :
132	$aro = isset($_SERVER['argv'][2]) ? $_SERVER['argv'][2] : null;
133	$aco = isset($_SERVER['argv'][3]) ? $_SERVER['argv'][3] : null;
134	$axo = isset($_SERVER['argv'][4]) ? $_SERVER['argv'][4] : null;
135	if (!isset($aro)) {
136	echo "'revoke' command require at least one argument. Try 'help' if you are lost.\n";
137	break;
138	}
139	echo $acl->revoke($aro, $aco, $axo) ? "Ok\n" : "Error!\n";
140	break;
141
142	case 'delete' :
143	$aro = isset($_SERVER['argv'][2]) && 'null' != $_SERVER['argv'][2] ? $_SERVER['argv'][2] : null;
144	$aco = isset($_SERVER['argv'][3]) && 'null' != $_SERVER['argv'][3] ? $_SERVER['argv'][3] : null;
145	$axo = isset($_SERVER['argv'][4]) && 'null' != $_SERVER['argv'][4] ? $_SERVER['argv'][4] : null;
146	if (!isset($_SERVER['argv'][2]) \|\| !isset($_SERVER['argv'][3]) \|\| !isset($_SERVER['argv'][4])) {
147	echo "'delete' command require all three arguments to be specified. Try 'help' if you are lost.\n";
148	break;
149	}
150	echo $acl->delete($aro, $aco, $axo) ? "Ok\n" : "Error!\n";
151	break;
152
153	case 'check' :
154	$aro = isset($_SERVER['argv'][2]) ? $_SERVER['argv'][2] : null;
155	$aco = isset($_SERVER['argv'][3]) ? $_SERVER['argv'][3] : null;
156	$axo = isset($_SERVER['argv'][4]) ? $_SERVER['argv'][4] : null;
157	if (!isset($aro)) {
158	echo "'check' command require at least one argument. Try 'help' if you are lost.\n";
159	break;
160	}
161	echo $acl->check($aro, $aco, $axo) ? "allow\n" : "deny\n";
162	break;
163
164	case 'help' :
165	help();
166	break;
167
168	default :
169	echo "'$op' is not an understood command. Try 'help' if you are lost.\n";
170	break;
171	}
172
173	$app->stop();
174	die;
175
176
177	/********************************************************************
178	* FUNCTIONS
179	********************************************************************/
180
181	function help()
182	{
183	global $cli_executed;
184
185	?>
186	Access Control List command line tool.
187
188	This script must be run in the common site directory (i.e. the parent
189	directory of the document root). DB credentials are retrieved from:
190	global/db_auth.inc.php so this file must exist. Furthermore this script
191	must be executed as the owner of the db_auth.inc.php file.
192
193	Three types of objects are managed by this interface:
194
195	ARO - Access Request Objects
196	ACO - Access Control Objects
197	AXO - Access Xtra Objects
198
199	These are most often used as a USER -> ACTION -> OBJECT model,
200	but could just as easily be SPICES -> CUISINES -> DISHES. A privilege is
201	allowed if a user (ARO) can perform an action (ACO) on something (AXO).
202	For example, with an `ARO->ACO->AXO` of `Bob->edit->4`, Bob can edit article 4.
203	If the AXO were omitted (i.e. just `Bob->edit`), this becomes "Bob can edit"
204	(he can edit any object).
205
206	Each access object is stored as a node in hierarchical tree structure.
207	A permission granted to a node is applied to all its children. If a child
208	node is specified with a permission more specific than its ancestors, the
209	child will take precedence. If no permission is specified, root is used,
210	implying access to any object of that type.
211
212	Usage: <?php echo $cli_executed; ?> command [args]
213
214	Where command is any of the following (with arguments):
215
216	initdb
217	list [aro \| aco \| axo \| all \| perms]
218	check aro [aco] [axo]
219	addaro aro [parent]
220	addaco aco [parent]
221	addaxo axo [parent]
222	mvaro aro [parent]
223	mvaco aco [parent]
224	mvaxo axo [parent]
225	rmaro aro
226	rmaco aco
227	rmaxo axo
228	grant aro [aco] [axo]
229	revoke aro [aco] [axo]
230	delete aro aco axo
231
232	For the add, mv, grant, and revoke commands if any of the optional
233	args are not provided, 'root' is assumed. The delete command requires
234	all object types to be specified; Passing the string 'null' will cause
235	all matches in that column to be deleted. run with 'grants' to view what
236	can be deleted.
237	<?php
238	die;
239	}
240
241
242	/*
243	* Print the tree structure of a specified table (aro_tbl, aco_tbl, or axo_tbl).
244	*
245	* @access public
246	* @param string $root Root node from which to begin calculating.
247	* @param string $type Table to call, one of: aro, aco, or axo.
248	* @return bool Returns false on error.
249	* @author Quinn Comendant <quinn@strangecode.com>
250	* @version 1.0
251	* @since 17 Jun 2006 23:41:22
252	*/
253	function listObjects($root, $type)
254	{
255	$app =& App::getInstance();
256	$db =& DB::getInstance();
257
258	echo "\n";
259
260	switch ($type) {
261	case 'aro' :
262	$tbl = 'aro_tbl';
263	printf("%-45s %s\n", 'Request objects', 'Added');
264	break;
265	case 'aco' :
266	$tbl = 'aco_tbl';
267	printf("%-45s %s\n", 'Control objects', 'Added');
268	break;
269	case 'axo' :
270	$tbl = 'axo_tbl';
271	printf("%-45s %s\n", 'Xtra objects', 'Added');
272	break;
273	default :
274	$app->logMsg(sprintf('Invalid access object type: %s', $type), LOG_ERR, __FILE__, __LINE__);
275	return false;
276	break;
277	}
278
279	echo "---------------------------------------------------------------------\n";
280
281	// Retrieve the left and right value of the $root node.
282	$qid = $db->query("SELECT lft, rgt FROM $tbl WHERE name = '" . $db->escapeString($root) . "'");
283	list($lft, $rgt) = mysql_fetch_row($qid);
284
285	$depth = array();
286
287	// Retrieve all descendants of the root node
288	$qid = $db->query("SELECT name, lft, rgt, added_datetime FROM $tbl WHERE lft BETWEEN $lft AND $rgt ORDER BY lft ASC");
289	while (list($name, $lft, $rgt, $added_datetime) = mysql_fetch_row($qid)) {
290	// If the last element of $depth is less than the current rgt it means we finished with a set of children nodes.
291	while (sizeof($depth) > 0 && end($depth) < $rgt) {
292	array_pop($depth);
293	}
294
295	// Display indented node title.
296	printf("%-45s %s\n", str_repeat(' ', sizeof($depth)) . $name, date($app->getParam('date_format') . ' ' . $app->getParam('time_format'), strtotime($added_datetime)));
297
298	// Add this node to the stack.
299	$depth[] = $rgt;
300	}
301	}
302
303	/*
304	* List all entries in the acl_tbl.
305	*
306	* @access public
307	* @author Quinn Comendant <quinn@strangecode.com>
308	* @version 1.0
309	* @since 17 Jun 2006 15:11:53
310	*/
311	function listPerms()
312	{
313	$app =& App::getInstance();
314	$db =& DB::getInstance();
315
316	// Retrieve access value from db.
317	$qid = $db->query("
318	SELECT aro_tbl.name AS aro, aco_tbl.name AS aco, axo_tbl.name AS axo, acl_tbl.access, acl_tbl.added_datetime
319	FROM acl_tbl
320	LEFT JOIN aro_tbl ON (acl_tbl.aro_id = aro_tbl.aro_id)
321	LEFT JOIN aco_tbl ON (acl_tbl.aco_id = aco_tbl.aco_id)
322	LEFT JOIN axo_tbl ON (acl_tbl.axo_id = axo_tbl.axo_id)
323	ORDER BY aro_tbl.lft ASC, aco_tbl.lft ASC, axo_tbl.lft ASC
324	");
325	echo "\n";
326	printf("%-25s %-25s %-25s %-6s %-10s\n", 'Request objects', 'Control objects', 'Xtra objects', 'Grant', 'Added');
327	echo "------------------------------------------------------------------------------------------------\n";
328	while ($p = mysql_fetch_assoc($qid)) {
329	printf("%-25s %-25s %-25s \033[0;%sm%-6s\033[0m %-10s\n", $p['aro'], $p['aco'], $p['axo'], ('allow' == $p['access'] ? '32' : '31'), $p['access'], date($app->getParam('date_format'), strtotime($p['added_datetime'])));
330	}
331	}
332
333

Note: See TracBrowser for help on using the repository browser.

Download in other formats: