Changeset 175
- Timestamp:
- Jun 21, 2006 4:48:45 AM (18 years ago)
- Location:
- trunk
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/bin/acl.cli.php
r174 r175 110 110 if (!isset($object)) { 111 111 echo "'add*' commands require at least one argument. Try 'help' if you are lost.\n"; 112 break; 112 113 } 113 114 echo $acl->add($object, $parent, str_replace('add', '', $op)) ? "Ok\n" : "Error!\n"; … … 121 122 if (!isset($object)) { 122 123 echo "'mv*' commands require at least one argument. Try 'help' if you are lost.\n"; 124 break; 123 125 } 124 126 echo $acl->move($object, $parent, str_replace('mv', '', $op)) ? "Ok\n" : "Error!\n"; … … 131 133 if (!isset($object)) { 132 134 echo "'add*' commands require at least one argument. Try 'help' if you are lost.\n"; 135 break; 133 136 } 134 137 echo $acl->remove($object, str_replace('rm', '', $op)) ? "Ok\n" : "Error!\n"; … … 145 148 if (!isset($aro)) { 146 149 echo "'grant' command require at least one argument. Try 'help' if you are lost.\n"; 150 break; 147 151 } 148 152 echo $acl->grant($aro, $aco, $axo) ? "Ok\n" : "Error!\n"; … … 155 159 if (!isset($aro)) { 156 160 echo "'revoke' command require at least one argument. Try 'help' if you are lost.\n"; 161 break; 157 162 } 158 163 echo $acl->revoke($aro, $aco, $axo) ? "Ok\n" : "Error!\n"; 164 break; 165 166 case 'delete' : 167 $aro = isset($_SERVER['argv'][2]) && 'null' != $_SERVER['argv'][2] ? $_SERVER['argv'][2] : null; 168 $aco = isset($_SERVER['argv'][3]) && 'null' != $_SERVER['argv'][3] ? $_SERVER['argv'][3] : null; 169 $axo = isset($_SERVER['argv'][4]) && 'null' != $_SERVER['argv'][4] ? $_SERVER['argv'][4] : null; 170 if (!isset($_SERVER['argv'][2]) || !isset($_SERVER['argv'][3]) || !isset($_SERVER['argv'][4])) { 171 echo "'delete' command require all three arguments to be specified. Try 'help' if you are lost.\n"; 172 break; 173 } 174 echo $acl->delete($aro, $aco, $axo) ? "Ok\n" : "Error!\n"; 159 175 break; 160 176 … … 165 181 if (!isset($aro)) { 166 182 echo "'check' command require at least one argument. Try 'help' if you are lost.\n"; 183 break; 167 184 } 168 185 echo $acl->check($aro, $aco, $axo) ? "allow\n" : "deny\n"; … … 227 244 grant <aro_object> [aco_object] [axo_object] 228 245 revoke <aro_object> [aco_object] [axo_object] 246 delete [aro_object] [aco_object] [axo_object] 247 229 248 230 249 For the add*, mv*, grant, and revoke commands if any of the optional 231 args are not provided, 'root' is assumed. 250 args are not provided, 'root' is assumed. For the delete command 251 'null' is considered a wildcard to delete all objects of that type. 252 232 253 233 254 Strangecode :: www.strangecode.com -
trunk/lib/ACL.inc.php
r174 r175 487 487 * 488 488 * @access public 489 * @param string $aro Identifier of an existing ARO object.490 * @param string $aco Identifier of an existing ACO object (or null to use root).491 * @param string $axo Identifier of an existing AXO object (or null to use root).489 * @param string|null $aro Identifier of an existing ARO object (or null to use root). 490 * @param string|null $aco Identifier of an existing ACO object (or null to use root). 491 * @param string|null $axo Identifier of an existing AXO object (or null to use root). 492 492 * @return bool False on error, true on success. 493 493 * @author Quinn Comendant <quinn@strangecode.com> … … 539 539 * 540 540 * @access public 541 * @param string $aro Identifier of an existing ARO object.542 * @param string $aco Identifier of an existing ACO object (or null to use root).543 * @param string $axo Identifier of an existing AXO object (or null to use root).541 * @param string|null $aro Identifier of an existing ARO object (or null to use root). 542 * @param string|null $aco Identifier of an existing ACO object (or null to use root). 543 * @param string|null $axo Identifier of an existing AXO object (or null to use root). 544 544 * @return bool False on error, true on success. 545 545 * @author Quinn Comendant <quinn@strangecode.com> … … 550 550 { 551 551 return $this->grant($aro, $aco, $axo, 'deny'); 552 } 553 554 /* 555 * Delete an entry from the acl_tbl completely to allow other permissions to cascade down. 556 * Null values act as a "wildcard" and will cause ALL matches in that column to be deleted. 557 * 558 * @access public 559 * @param string|null $aro Identifier of an existing ARO object (or null for *). 560 * @param string|null $aco Identifier of an existing ACO object (or null for *). 561 * @param string|null $axo Identifier of an existing AXO object (or null for *). 562 * @return bool False on error, true on success. 563 * @author Quinn Comendant <quinn@strangecode.com> 564 * @version 1.0 565 * @since 20 Jun 2006 20:16:12 566 */ 567 function delete($aro=null, $aco=null, $axo=null) 568 { 569 $app =& App::getInstance(); 570 $db =& DB::getInstance(); 571 572 $this->initDB(); 573 574 // If any access objects are null, assume using root values. 575 // However if they're empty we don't want to escalate the grant command to root! 576 $where = array(); 577 $where[] = is_null($aro) ? "aro_tbl.name IS NOT NULL" : "aro_tbl.name = '" . $db->escapeString($aro) . "' "; 578 $where[] = is_null($aco) ? "aco_tbl.name IS NOT NULL" : "aco_tbl.name = '" . $db->escapeString($aco) . "' "; 579 $where[] = is_null($axo) ? "axo_tbl.name IS NOT NULL" : "axo_tbl.name = '" . $db->escapeString($axo) . "' "; 580 581 $final_where = join(' AND ', $where); 582 if (substr_count($final_where, 'IS NOT NULL') == 3) { 583 // Null on all three tables will delete ALL entries including the root -> root -> root = deny. 584 $app->logMsg(sprintf('Cannot allow deletion of all acl entries.', null), LOG_NOTICE, __FILE__, __LINE__); 585 return false; 586 } 587 588 $qid = $db->query(" 589 DELETE acl_tbl 590 FROM acl_tbl 591 LEFT JOIN aro_tbl ON (acl_tbl.aro_id = aro_tbl.aro_id) 592 LEFT JOIN aco_tbl ON (acl_tbl.aco_id = aco_tbl.aco_id) 593 LEFT JOIN axo_tbl ON (acl_tbl.axo_id = axo_tbl.axo_id) 594 WHERE $final_where 595 "); 596 597 $app->logMsg(sprintf('Deleted %s acl_tbl links: %s -> %s -> %s', mysql_affected_rows($db->getDBH()), $aro, $aco, $axo), LOG_INFO, __FILE__, __LINE__); 598 599 return true; 552 600 } 553 601
Note: See TracChangeset
for help on using the changeset viewer.