Changeset 175


Ignore:
Timestamp:
Jun 21, 2006 4:48:45 AM (18 years ago)
Author:
scdev
Message:

${1}

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/bin/acl.cli.php

    r174 r175  
    110110    if (!isset($object)) {
    111111        echo "'add*' commands require at least one argument. Try 'help' if you are lost.\n";
     112        break;
    112113    }
    113114    echo $acl->add($object, $parent, str_replace('add', '', $op)) ? "Ok\n" : "Error!\n";
     
    121122    if (!isset($object)) {
    122123        echo "'mv*' commands require at least one argument. Try 'help' if you are lost.\n";
     124        break;
    123125    }
    124126    echo $acl->move($object, $parent, str_replace('mv', '', $op)) ? "Ok\n" : "Error!\n";
     
    131133    if (!isset($object)) {
    132134        echo "'add*' commands require at least one argument. Try 'help' if you are lost.\n";
     135        break;
    133136    }
    134137    echo $acl->remove($object, str_replace('rm', '', $op)) ? "Ok\n" : "Error!\n";
     
    145148    if (!isset($aro)) {
    146149        echo "'grant' command require at least one argument. Try 'help' if you are lost.\n";
     150        break;
    147151    }
    148152    echo $acl->grant($aro, $aco, $axo) ? "Ok\n" : "Error!\n";
     
    155159    if (!isset($aro)) {
    156160        echo "'revoke' command require at least one argument. Try 'help' if you are lost.\n";
     161        break;
    157162    }
    158163    echo $acl->revoke($aro, $aco, $axo) ? "Ok\n" : "Error!\n";
     164    break;
     165
     166case 'delete' :
     167    $aro = isset($_SERVER['argv'][2]) && 'null' != $_SERVER['argv'][2] ? $_SERVER['argv'][2] : null;
     168    $aco = isset($_SERVER['argv'][3]) && 'null' != $_SERVER['argv'][3] ? $_SERVER['argv'][3] : null;
     169    $axo = isset($_SERVER['argv'][4]) && 'null' != $_SERVER['argv'][4] ? $_SERVER['argv'][4] : null;
     170    if (!isset($_SERVER['argv'][2]) || !isset($_SERVER['argv'][3]) || !isset($_SERVER['argv'][4])) {
     171        echo "'delete' command require all three arguments to be specified. Try 'help' if you are lost.\n";
     172        break;
     173    }
     174    echo $acl->delete($aro, $aco, $axo) ? "Ok\n" : "Error!\n";
    159175    break;
    160176
     
    165181    if (!isset($aro)) {
    166182        echo "'check' command require at least one argument. Try 'help' if you are lost.\n";
     183        break;
    167184    }
    168185    echo $acl->check($aro, $aco, $axo) ? "allow\n" : "deny\n";
     
    227244    grant <aro_object> [aco_object] [axo_object]
    228245    revoke <aro_object> [aco_object] [axo_object]
     246    delete [aro_object] [aco_object] [axo_object]
     247   
    229248
    230249For the add*, mv*, grant, and revoke commands if any of the optional
    231 args are not provided, 'root' is assumed.
     250args are not provided, 'root' is assumed. For the delete command
     251'null' is considered a wildcard to delete all objects of that type.
     252
    232253
    233254Strangecode :: www.strangecode.com

  • trunk/lib/ACL.inc.php

    r174 r175  
    487487    *
    488488    * @access   public
    489     * @param    string $aro Identifier of an existing ARO object.
    490     * @param    string $aco Identifier of an existing ACO object (or null to use root).
    491     * @param    string $axo Identifier of an existing AXO object (or null to use root).
     489    * @param    string|null $aro Identifier of an existing ARO object (or null to use root).
     490    * @param    string|null $aco Identifier of an existing ACO object (or null to use root).
     491    * @param    string|null $axo Identifier of an existing AXO object (or null to use root).
    492492    * @return   bool False on error, true on success.
    493493    * @author   Quinn Comendant <quinn@strangecode.com>
     
    539539    *
    540540    * @access   public
    541     * @param    string $aro Identifier of an existing ARO object.
    542     * @param    string $aco Identifier of an existing ACO object (or null to use root).
    543     * @param    string $axo Identifier of an existing AXO object (or null to use root).
     541    * @param    string|null $aro Identifier of an existing ARO object (or null to use root).
     542    * @param    string|null $aco Identifier of an existing ACO object (or null to use root).
     543    * @param    string|null $axo Identifier of an existing AXO object (or null to use root).
    544544    * @return   bool False on error, true on success.
    545545    * @author   Quinn Comendant <quinn@strangecode.com>
     
    550550    {
    551551        return $this->grant($aro, $aco, $axo, 'deny');
     552    }
     553   
     554    /*
     555    * Delete an entry from the acl_tbl completely to allow other permissions to cascade down.
     556    * Null values act as a "wildcard" and will cause ALL matches in that column to be deleted.
     557    *
     558    * @access   public
     559    * @param    string|null $aro Identifier of an existing ARO object (or null for *).
     560    * @param    string|null $aco Identifier of an existing ACO object (or null for *).
     561    * @param    string|null $axo Identifier of an existing AXO object (or null for *).
     562    * @return   bool False on error, true on success.
     563    * @author   Quinn Comendant <quinn@strangecode.com>
     564    * @version  1.0
     565    * @since    20 Jun 2006 20:16:12
     566    */
     567    function delete($aro=null, $aco=null, $axo=null)
     568    {
     569        $app =& App::getInstance();
     570        $db =& DB::getInstance();
     571
     572        $this->initDB();
     573
     574        // If any access objects are null, assume using root values.
     575        // However if they're empty we don't want to escalate the grant command to root!
     576        $where = array();
     577        $where[] = is_null($aro) ? "aro_tbl.name IS NOT NULL" : "aro_tbl.name = '" . $db->escapeString($aro) . "' ";
     578        $where[] = is_null($aco) ? "aco_tbl.name IS NOT NULL" : "aco_tbl.name = '" . $db->escapeString($aco) . "' ";
     579        $where[] = is_null($axo) ? "axo_tbl.name IS NOT NULL" : "axo_tbl.name = '" . $db->escapeString($axo) . "' ";
     580
     581        $final_where = join(' AND ', $where);
     582        if (substr_count($final_where, 'IS NOT NULL') == 3) {
     583            // Null on all three tables will delete ALL entries including the root -> root -> root = deny.
     584            $app->logMsg(sprintf('Cannot allow deletion of all acl entries.', null), LOG_NOTICE, __FILE__, __LINE__);
     585            return false;
     586        }
     587       
     588        $qid = $db->query("
     589            DELETE acl_tbl
     590            FROM acl_tbl
     591            LEFT JOIN aro_tbl ON (acl_tbl.aro_id = aro_tbl.aro_id)
     592            LEFT JOIN aco_tbl ON (acl_tbl.aco_id = aco_tbl.aco_id)
     593            LEFT JOIN axo_tbl ON (acl_tbl.axo_id = axo_tbl.axo_id)
     594            WHERE $final_where
     595        ");
     596
     597        $app->logMsg(sprintf('Deleted %s acl_tbl links: %s -> %s -> %s', mysql_affected_rows($db->getDBH()), $aro, $aco, $axo), LOG_INFO, __FILE__, __LINE__);
     598       
     599        return true;
    552600    }
    553601   
Note: See TracChangeset for help on using the changeset viewer.