2008-05-30 11:40:08 +00:00
< ? php
/**
2009-08-07 08:32:27 -04:00
* Acl Shell provides Acl access in the CLI environment
2008-05-30 11:40:08 +00:00
*
2010-10-03 12:38:58 -04:00
* PHP 5
2008-05-30 11:40:08 +00:00
*
2009-11-06 17:46:59 +11:00
* CakePHP ( tm ) : Rapid Development Framework ( http :// cakephp . org )
2010-01-26 14:18:20 -05:00
* Copyright 2005 - 2010 , Cake Software Foundation , Inc . ( http :// cakefoundation . org )
2008-05-30 11:40:08 +00:00
*
* Licensed under The MIT License
* Redistributions of files must retain the above copyright notice .
*
2010-01-26 14:18:20 -05:00
* @ copyright Copyright 2005 - 2010 , Cake Software Foundation , Inc . ( http :// cakefoundation . org )
2009-11-06 17:00:11 +11:00
* @ link http :// cakephp . org CakePHP ( tm ) Project
2010-12-24 14:26:26 -05:00
* @ package cake . console . shells
2008-10-30 17:30:26 +00:00
* @ since CakePHP ( tm ) v 1.2 . 0.5012
2009-11-06 17:51:51 +11:00
* @ license MIT License ( http :// www . opensource . org / licenses / mit - license . php )
2008-05-30 11:40:08 +00:00
*/
2010-12-08 23:15:18 -04:30
App :: uses ( 'AclComponent' , 'Controller/Component' );
App :: uses ( 'DbAcl' , 'Model' );
2009-07-24 21:18:37 +02:00
2008-05-30 11:40:08 +00:00
/**
2010-09-26 12:33:15 -04:00
* Shell for ACL management . This console is known to have issues with zend . ze1_compatibility_mode
* being enabled . Be sure to turn it off when using this shell .
2008-05-30 11:40:08 +00:00
*
2010-12-24 13:57:20 -05:00
* @ package cake . console . libs
2008-05-30 11:40:08 +00:00
*/
class AclShell extends Shell {
2009-07-24 21:18:37 +02:00
2008-05-30 11:40:08 +00:00
/**
* Contains instance of AclComponent
*
2009-03-17 21:10:28 +00:00
* @ var AclComponent
2008-05-30 11:40:08 +00:00
* @ access public
*/
2010-04-04 17:14:00 +10:00
public $Acl ;
2009-07-24 21:18:37 +02:00
2008-05-30 11:40:08 +00:00
/**
* Contains arguments parsed from the command line .
*
* @ var array
* @ access public
*/
2010-04-04 17:14:00 +10:00
public $args ;
2009-07-24 21:18:37 +02:00
2008-05-30 11:40:08 +00:00
/**
* Contains database source to use
*
* @ var string
* @ access public
*/
2010-04-04 17:14:00 +10:00
public $connection = 'default' ;
2009-07-24 21:18:37 +02:00
2008-05-30 11:40:08 +00:00
/**
* Contains tasks to load and instantiate
*
* @ var array
* @ access public
*/
2010-04-04 17:14:00 +10:00
public $tasks = array ( 'DbConfig' );
2009-07-24 21:18:37 +02:00
2008-05-30 11:40:08 +00:00
/**
* Override startup of the Shell
*
*/
2010-04-05 13:19:38 +10:00
public function startup () {
2010-10-10 17:15:44 -04:00
parent :: startup ();
2009-08-05 23:41:25 -04:00
if ( isset ( $this -> params [ 'connection' ])) {
$this -> connection = $this -> params [ 'connection' ];
2008-05-30 11:40:08 +00:00
}
if ( ! in_array ( Configure :: read ( 'Acl.classname' ), array ( 'DbAcl' , 'DB_ACL' ))) {
$out = " -------------------------------------------------- \n " ;
2011-03-19 18:32:35 +01:00
$out .= __d ( 'cake_console' , 'Error: Your current Cake configuration is set to' ) . " \n " ;
$out .= __d ( 'cake_console' , 'an ACL implementation other than DB. Please change' ) . " \n " ;
$out .= __d ( 'cake_console' , 'your core config to reflect your decision to use' ) . " \n " ;
$out .= __d ( 'cake_console' , 'DbAcl before attempting to use this script' ) . " . \n " ;
2008-05-30 11:40:08 +00:00
$out .= " -------------------------------------------------- \n " ;
2011-03-19 18:32:35 +01:00
$out .= __d ( 'cake_console' , 'Current ACL Classname: %s' , Configure :: read ( 'Acl.classname' )) . " \n " ;
2008-05-30 11:40:08 +00:00
$out .= " -------------------------------------------------- \n " ;
$this -> err ( $out );
2008-06-04 19:04:58 +00:00
$this -> _stop ();
2008-05-30 11:40:08 +00:00
}
2010-10-11 13:30:18 -04:00
if ( $this -> command ) {
2008-05-30 11:40:08 +00:00
if ( ! config ( 'database' )) {
2011-03-19 18:32:35 +01:00
$this -> out ( __d ( 'cake_console' , 'Your database configuration was not found. Take a moment to create one.' ), true );
2008-05-30 11:40:08 +00:00
$this -> args = null ;
return $this -> DbConfig -> execute ();
}
require_once ( CONFIGS . 'database.php' );
if ( ! in_array ( $this -> command , array ( 'initdb' ))) {
2010-09-07 23:40:07 -04:00
$collection = new ComponentCollection ();
2010-11-12 23:05:44 -05:00
$this -> Acl = new AclComponent ( $collection );
2008-05-30 11:40:08 +00:00
$controller = null ;
$this -> Acl -> startup ( $controller );
}
}
}
2009-07-24 21:18:37 +02:00
2008-05-30 11:40:08 +00:00
/**
* Override main () for help message hook
*
*/
2010-04-05 13:19:38 +10:00
public function main () {
2010-10-11 01:58:12 -04:00
$this -> out ( $this -> OptionParser -> help ());
2008-05-30 11:40:08 +00:00
}
2009-07-24 21:18:37 +02:00
2008-05-30 11:40:08 +00:00
/**
* Creates an ARO / ACO node
*
*/
2010-04-05 13:19:38 +10:00
public function create () {
2008-05-30 11:40:08 +00:00
extract ( $this -> __dataVars ());
$class = ucfirst ( $this -> args [ 0 ]);
2009-08-01 18:57:54 -04:00
$parent = $this -> parseIdentifier ( $this -> args [ 1 ]);
2008-05-30 11:40:08 +00:00
if ( ! empty ( $parent ) && $parent != '/' && $parent != 'root' ) {
2009-08-01 20:17:44 -04:00
$parent = $this -> _getNodeId ( $class , $parent );
2008-05-30 11:40:08 +00:00
} else {
$parent = null ;
}
2009-08-01 18:57:54 -04:00
$data = $this -> parseIdentifier ( $this -> args [ 2 ]);
2009-08-01 20:17:44 -04:00
if ( is_string ( $data ) && $data != '/' ) {
2009-08-01 18:57:54 -04:00
$data = array ( 'alias' => $data );
2009-08-01 20:17:44 -04:00
} elseif ( is_string ( $data )) {
2011-03-19 18:32:35 +01:00
$this -> error ( __d ( 'cake_console' , '/ can not be used as an alias!' ) . __d ( 'cake_console' , " / is the root, please supply a sub alias " ));
2008-05-30 11:40:08 +00:00
}
$data [ 'parent_id' ] = $parent ;
2009-08-01 20:17:44 -04:00
$this -> Acl -> { $class } -> create ();
if ( $this -> Acl -> { $class } -> save ( $data )) {
2011-03-19 18:32:35 +01:00
$this -> out ( __d ( 'cake_console' , " <success>New %s</success> '%s' created. " , $class , $this -> args [ 2 ]), 2 );
2008-05-30 11:40:08 +00:00
} else {
2011-03-19 18:32:35 +01:00
$this -> err ( __d ( 'cake_console' , " There was a problem creating a new %s '%s'. " , $class , $this -> args [ 2 ]));
2008-05-30 11:40:08 +00:00
}
}
2009-07-24 21:18:37 +02:00
2008-05-30 11:40:08 +00:00
/**
* Delete an ARO / ACO node .
*
*/
2010-04-05 13:19:38 +10:00
public function delete () {
2008-05-30 11:40:08 +00:00
extract ( $this -> __dataVars ());
2009-08-01 20:17:44 -04:00
$identifier = $this -> parseIdentifier ( $this -> args [ 1 ]);
$nodeId = $this -> _getNodeId ( $class , $identifier );
if ( ! $this -> Acl -> { $class } -> delete ( $nodeId )) {
2011-03-19 18:32:35 +01:00
$this -> error ( __d ( 'cake_console' , 'Node Not Deleted' ) . __d ( 'cake_console' , 'There was an error deleting the %s. Check that the node exists' , $class ) . " . \n " );
2008-05-30 11:40:08 +00:00
}
2011-03-19 18:32:35 +01:00
$this -> out ( __d ( 'cake_console' , '<success>%s deleted.</success>' , $class ), 2 );
2008-05-30 11:40:08 +00:00
}
/**
* Set parent for an ARO / ACO node .
*
*/
2010-04-05 13:19:38 +10:00
public function setParent () {
2008-05-30 11:40:08 +00:00
extract ( $this -> __dataVars ());
2009-08-01 20:56:58 -04:00
$target = $this -> parseIdentifier ( $this -> args [ 1 ]);
$parent = $this -> parseIdentifier ( $this -> args [ 2 ]);
2008-05-30 11:40:08 +00:00
$data = array (
$class => array (
2009-08-01 20:56:58 -04:00
'id' => $this -> _getNodeId ( $class , $target ),
'parent_id' => $this -> _getNodeId ( $class , $parent )
2008-05-30 11:40:08 +00:00
)
);
$this -> Acl -> { $class } -> create ();
if ( ! $this -> Acl -> { $class } -> save ( $data )) {
2011-03-19 18:32:35 +01:00
$this -> out ( __d ( 'cake_console' , 'Error in setting new parent. Please make sure the parent node exists, and is not a descendant of the node specified.' ), true );
2008-05-30 11:40:08 +00:00
} else {
2011-03-19 18:32:35 +01:00
$this -> out ( __d ( 'cake_console' , 'Node parent set to %s' , $this -> args [ 2 ]) . " \n " , true );
2008-05-30 11:40:08 +00:00
}
}
2009-07-24 21:18:37 +02:00
2008-05-30 11:40:08 +00:00
/**
* Get path to specified ARO / ACO node .
*
*/
2010-04-05 13:19:38 +10:00
public function getPath () {
2008-05-30 11:40:08 +00:00
extract ( $this -> __dataVars ());
2009-08-05 23:13:48 -04:00
$identifier = $this -> parseIdentifier ( $this -> args [ 1 ]);
$id = $this -> _getNodeId ( $class , $identifier );
2008-05-30 11:40:08 +00:00
$nodes = $this -> Acl -> { $class } -> getPath ( $id );
2009-08-05 23:13:48 -04:00
2008-05-30 11:40:08 +00:00
if ( empty ( $nodes )) {
2009-08-05 23:13:48 -04:00
$this -> error (
2011-03-19 18:32:35 +01:00
__d ( 'cake_console' , " Supplied Node '%s' not found " , $this -> args [ 1 ]),
__d ( 'cake_console' , 'No tree returned.' )
2009-08-05 23:13:48 -04:00
);
2008-05-30 11:40:08 +00:00
}
2011-03-19 18:32:35 +01:00
$this -> out ( __d ( 'cake_console' , 'Path:' ));
2009-08-05 23:41:25 -04:00
$this -> hr ();
2008-05-30 11:40:08 +00:00
for ( $i = 0 ; $i < count ( $nodes ); $i ++ ) {
2009-08-05 23:13:48 -04:00
$this -> _outputNode ( $class , $nodes [ $i ], $i );
}
}
/**
* Outputs a single node , Either using the alias or Model . key
*
* @ param string $class Class name that is being used .
* @ param array $node Array of node information .
* @ param integer $indent indent level .
* @ return void
2009-11-14 23:19:25 +11:00
*/
2010-04-05 13:21:28 +10:00
protected function _outputNode ( $class , $node , $indent ) {
2009-08-05 23:13:48 -04:00
$indent = str_repeat ( ' ' , $indent );
$data = $node [ $class ];
if ( $data [ 'alias' ]) {
$this -> out ( $indent . " [ " . $data [ 'id' ] . " ] " . $data [ 'alias' ]);
} else {
$this -> out ( $indent . " [ " . $data [ 'id' ] . " ] " . $data [ 'model' ] . '.' . $data [ 'foreign_key' ]);
2008-05-30 11:40:08 +00:00
}
}
2009-07-24 21:18:37 +02:00
2008-05-30 11:40:08 +00:00
/**
* Check permission for a given ARO to a given ACO .
*
*/
2010-04-05 13:19:38 +10:00
public function check () {
2008-05-30 11:40:08 +00:00
extract ( $this -> __getParams ());
if ( $this -> Acl -> check ( $aro , $aco , $action )) {
2011-03-19 18:32:35 +01:00
$this -> out ( __d ( 'cake_console' , '%s is <success>allowed</success>.' , $aroName ), true );
2008-05-30 11:40:08 +00:00
} else {
2011-03-19 18:32:35 +01:00
$this -> out ( __d ( 'cake_console' , '%s is <error>not allowed</error>.' , $aroName ), true );
2008-05-30 11:40:08 +00:00
}
}
2009-07-24 21:18:37 +02:00
2008-05-30 11:40:08 +00:00
/**
* Grant permission for a given ARO to a given ACO .
*
*/
2010-04-05 13:19:38 +10:00
public function grant () {
2008-05-30 11:40:08 +00:00
extract ( $this -> __getParams ());
if ( $this -> Acl -> allow ( $aro , $aco , $action )) {
2011-03-19 18:32:35 +01:00
$this -> out ( __d ( 'cake_console' , 'Permission <success>granted</success>.' ), true );
2008-05-30 11:40:08 +00:00
} else {
2011-03-19 18:32:35 +01:00
$this -> out ( __d ( 'cake_console' , 'Permission was <error>not granted</error>.' ), true );
2008-05-30 11:40:08 +00:00
}
}
2009-07-24 21:18:37 +02:00
2008-05-30 11:40:08 +00:00
/**
* Deny access for an ARO to an ACO .
*
*/
2010-04-05 13:19:38 +10:00
public function deny () {
2008-05-30 11:40:08 +00:00
extract ( $this -> __getParams ());
if ( $this -> Acl -> deny ( $aro , $aco , $action )) {
2011-03-19 18:32:35 +01:00
$this -> out ( __d ( 'cake_console' , 'Permission denied.' ), true );
2008-05-30 11:40:08 +00:00
} else {
2011-03-19 18:32:35 +01:00
$this -> out ( __d ( 'cake_console' , 'Permission was not denied.' ), true );
2008-05-30 11:40:08 +00:00
}
}
2009-07-24 21:18:37 +02:00
2008-05-30 11:40:08 +00:00
/**
* Set an ARO to inhermit permission to an ACO .
*
*/
2010-04-05 13:19:38 +10:00
public function inherit () {
2008-05-30 11:40:08 +00:00
extract ( $this -> __getParams ());
if ( $this -> Acl -> inherit ( $aro , $aco , $action )) {
2011-03-19 18:32:35 +01:00
$this -> out ( __d ( 'cake_console' , 'Permission inherited.' ), true );
2008-05-30 11:40:08 +00:00
} else {
2011-03-19 18:32:35 +01:00
$this -> out ( __d ( 'cake_console' , 'Permission was not inherited.' ), true );
2008-05-30 11:40:08 +00:00
}
}
2009-07-24 21:18:37 +02:00
2008-05-30 11:40:08 +00:00
/**
* Show a specific ARO / ACO node .
*
*/
2010-04-05 13:19:38 +10:00
public function view () {
2008-05-30 11:40:08 +00:00
extract ( $this -> __dataVars ());
2009-08-05 23:41:25 -04:00
2009-08-07 08:32:27 -04:00
if ( isset ( $this -> args [ 1 ])) {
$identity = $this -> parseIdentifier ( $this -> args [ 1 ]);
$topNode = $this -> Acl -> { $class } -> find ( 'first' , array (
'conditions' => array ( $class . '.id' => $this -> _getNodeId ( $class , $identity ))
));
$nodes = $this -> Acl -> { $class } -> find ( 'all' , array (
'conditions' => array (
$class . '.lft >=' => $topNode [ $class ][ 'lft' ],
$class . '.lft <=' => $topNode [ $class ][ 'rght' ]
),
'order' => $class . '.lft ASC'
));
2008-05-30 11:40:08 +00:00
} else {
2009-08-07 08:32:27 -04:00
$nodes = $this -> Acl -> { $class } -> find ( 'all' , array ( 'order' => $class . '.lft ASC' ));
2008-05-30 11:40:08 +00:00
}
2009-08-05 23:41:25 -04:00
2008-05-30 11:40:08 +00:00
if ( empty ( $nodes )) {
if ( isset ( $this -> args [ 1 ])) {
2011-03-19 18:32:35 +01:00
$this -> error ( __d ( 'cake_console' , '%s not found' , $this -> args [ 1 ]), __d ( 'cake_console' , 'No tree returned.' ));
2008-05-30 11:40:08 +00:00
} elseif ( isset ( $this -> args [ 0 ])) {
2011-03-19 18:32:35 +01:00
$this -> error ( __d ( 'cake_console' , '%s not found' , $this -> args [ 0 ]), __d ( 'cake_console' , 'No tree returned.' ));
2008-05-30 11:40:08 +00:00
}
}
$this -> out ( $class . " tree: " );
$this -> hr ();
2009-08-05 23:41:25 -04:00
2008-05-30 11:40:08 +00:00
$stack = array ();
$last = null ;
2009-08-05 23:41:25 -04:00
2008-05-30 11:40:08 +00:00
foreach ( $nodes as $n ) {
$stack [] = $n ;
if ( ! empty ( $last )) {
$end = end ( $stack );
if ( $end [ $class ][ 'rght' ] > $last ) {
foreach ( $stack as $k => $v ) {
$end = end ( $stack );
if ( $v [ $class ][ 'rght' ] < $end [ $class ][ 'rght' ]) {
unset ( $stack [ $k ]);
}
}
}
}
2009-08-05 23:41:25 -04:00
$last = $n [ $class ][ 'rght' ];
$count = count ( $stack );
$this -> _outputNode ( $class , $n , $count );
2008-05-30 11:40:08 +00:00
}
$this -> hr ();
}
2009-07-24 21:18:37 +02:00
2008-05-30 11:40:08 +00:00
/**
* Initialize ACL database .
*
*/
2010-04-05 13:19:38 +10:00
public function initdb () {
2010-10-16 01:38:11 -04:00
return $this -> dispatchShell ( 'schema create DbAcl' );
2008-05-30 11:40:08 +00:00
}
2009-07-24 21:18:37 +02:00
2008-05-30 11:40:08 +00:00
/**
2010-10-10 17:15:44 -04:00
* Get the option parser .
2008-05-30 11:40:08 +00:00
*
2010-10-10 17:15:44 -04:00
* @ return void
2008-05-30 11:40:08 +00:00
*/
2010-10-10 17:15:44 -04:00
public function getOptionParser () {
$parser = parent :: getOptionParser ();
$type = array (
'choices' => array ( 'aro' , 'aco' ),
'required' => true ,
2011-03-19 18:32:35 +01:00
'help' => __d ( 'cake_console' , 'Type of node to create.' )
2008-05-30 11:40:08 +00:00
);
2010-10-10 17:15:44 -04:00
$parser -> description ( 'A console tool for managing the DbAcl' )
-> addSubcommand ( 'create' , array (
2011-03-19 18:32:35 +01:00
'help' => __d ( 'cake_console' , 'Create a new ACL node' ),
2010-10-10 17:15:44 -04:00
'parser' => array (
2011-03-19 18:32:35 +01:00
'description' => __d ( 'cake_console' , 'Creates a new ACL object <node> under the parent' ),
2010-10-10 17:15:44 -04:00
'arguments' => array (
'type' => $type ,
'parent' => array (
2011-03-19 18:32:35 +01:00
'help' => __d ( 'cake_console' , 'The node selector for the parent.' ),
2010-10-11 01:58:12 -04:00
'required' => true
2010-10-10 17:15:44 -04:00
),
'alias' => array (
2011-03-19 18:32:35 +01:00
'help' => __d ( 'cake_console' , 'The alias to use for the newly created node.' ),
2010-10-11 01:58:12 -04:00
'required' => true
2010-10-10 17:15:44 -04:00
)
)
)
)) -> addSubcommand ( 'delete' , array (
2011-03-19 18:32:35 +01:00
'help' => __d ( 'cake_console' , 'Deletes the ACL object with the given <node> reference' ),
2010-10-10 17:15:44 -04:00
'parser' => array (
2011-03-19 18:32:35 +01:00
'description' => __d ( 'cake_console' , 'Delete an ACL node.' ),
2010-10-10 17:15:44 -04:00
'arguments' => array (
'type' => $type ,
'node' => array (
2011-03-19 18:32:35 +01:00
'help' => __d ( 'cake_console' , 'The node identifier to delete.' ),
2010-10-10 17:15:44 -04:00
'required' => true ,
)
)
)
)) -> addSubcommand ( 'setparent' , array (
2011-03-19 18:32:35 +01:00
'help' => __d ( 'cake_console' , 'Moves the ACL node under a new parent.' ),
2010-10-10 17:15:44 -04:00
'parser' => array (
2011-03-19 18:32:35 +01:00
'description' => __d ( 'cake_console' , 'Moves the ACL object specified by <node> beneath <parent>' ),
2010-10-10 17:15:44 -04:00
'arguments' => array (
'type' => $type ,
'node' => array (
2011-03-19 18:32:35 +01:00
'help' => __d ( 'cake_console' , 'The node to move' ),
2010-10-10 17:15:44 -04:00
'required' => true ,
),
'parent' => array (
2011-03-19 18:32:35 +01:00
'help' => __d ( 'cake_console' , 'The new parent for <node>.' ),
2010-10-10 17:15:44 -04:00
'required' => true
)
)
)
)) -> addSubcommand ( 'getpath' , array (
2011-03-19 18:32:35 +01:00
'help' => __d ( 'cake_console' , 'Print out the path to an ACL node.' ),
2010-10-10 17:15:44 -04:00
'parser' => array (
2010-10-10 17:23:30 -04:00
'description' => array (
2011-03-19 18:32:35 +01:00
__d ( 'cake_console' , " Returns the path to the ACL object specified by <node>. " ),
__d ( 'cake_console' , " This command is useful in determining the inhertiance of permissions " ),
__d ( 'cake_console' , " for a certain object in the tree. " )
2010-10-10 17:15:44 -04:00
),
'arguments' => array (
'type' => $type ,
'node' => array (
2011-03-19 18:32:35 +01:00
'help' => __d ( 'cake_console' , 'The node to get the path of' ),
2010-10-10 17:15:44 -04:00
'required' => true ,
)
)
)
)) -> addSubcommand ( 'check' , array (
2011-03-19 18:32:35 +01:00
'help' => __d ( 'cake_console' , 'Check the permissions between an ACO and ARO.' ),
2010-10-10 17:15:44 -04:00
'parser' => array (
2010-10-10 17:23:30 -04:00
'description' => array (
2011-03-19 18:32:35 +01:00
__d ( 'cake_console' , " Use this command to grant ACL permissions. Once executed, the ARO " ),
__d ( 'cake_console' , " specified (and its children, if any) will have ALLOW access to the " ),
__d ( 'cake_console' , " specified ACO action (and the ACO's children, if any). " )
2010-10-10 17:23:30 -04:00
),
2010-10-10 17:15:44 -04:00
'arguments' => array (
2011-03-19 18:32:35 +01:00
'aro' => array ( 'help' => __d ( 'cake_console' , 'ARO to check.' ), 'required' => true ),
'aco' => array ( 'help' => __d ( 'cake_console' , 'ACO to check.' ), 'required' => true ),
'action' => array ( 'help' => __d ( 'cake_console' , 'Action to check' ), 'default' => 'all' )
2010-10-10 17:15:44 -04:00
)
)
)) -> addSubcommand ( 'grant' , array (
2011-03-19 18:32:35 +01:00
'help' => __d ( 'cake_console' , 'Grant an ARO permissions to an ACO.' ),
2010-10-10 17:15:44 -04:00
'parser' => array (
2010-10-10 17:23:30 -04:00
'description' => array (
2011-03-19 18:32:35 +01:00
__d ( 'cake_console' , " Use this command to grant ACL permissions. Once executed, the ARO " ),
__d ( 'cake_console' , " specified (and its children, if any) will have ALLOW access to the " ),
__d ( 'cake_console' , " specified ACO action (and the ACO's children, if any). " )
2010-10-10 17:23:30 -04:00
),
2010-10-10 17:15:44 -04:00
'arguments' => array (
2011-03-19 18:32:35 +01:00
'aro' => array ( 'help' => __d ( 'cake_console' , 'ARO to grant permission to.' ), 'required' => true ),
'aco' => array ( 'help' => __d ( 'cake_console' , 'ACO to grant access to.' ), 'required' => true ),
'action' => array ( 'help' => __d ( 'cake_console' , 'Action to grant' ), 'default' => 'all' )
2010-10-10 17:15:44 -04:00
)
)
)) -> addSubcommand ( 'deny' , array (
2011-03-19 18:32:35 +01:00
'help' => __d ( 'cake_console' , 'Deny an ARO permissions to an ACO.' ),
2010-10-10 17:15:44 -04:00
'parser' => array (
2010-10-10 17:23:30 -04:00
'description' => array (
2011-03-19 18:32:35 +01:00
__d ( 'cake_console' , " Use this command to deny ACL permissions. Once executed, the ARO " ),
__d ( 'cake_console' , " specified (and its children, if any) will have DENY access to the " ),
__d ( 'cake_console' , " specified ACO action (and the ACO's children, if any). " )
2010-10-10 17:23:30 -04:00
),
2010-10-10 17:15:44 -04:00
'arguments' => array (
2011-03-19 18:32:35 +01:00
'aro' => array ( 'help' => __d ( 'cake_console' , 'ARO to deny.' ), 'required' => true ),
'aco' => array ( 'help' => __d ( 'cake_console' , 'ACO to deny.' ), 'required' => true ),
'action' => array ( 'help' => __d ( 'cake_console' , 'Action to deny' ), 'default' => 'all' )
2010-10-10 17:15:44 -04:00
)
)
)) -> addSubcommand ( 'inherit' , array (
2011-03-19 18:32:35 +01:00
'help' => __d ( 'cake_console' , 'Inherit an ARO\'s parent permissions.' ),
2010-10-10 17:15:44 -04:00
'parser' => array (
2010-10-10 17:23:30 -04:00
'description' => array (
2011-03-19 18:32:35 +01:00
__d ( 'cake_console' , " Use this command to force a child ARO object to inherit its " ),
__d ( 'cake_console' , " permissions settings from its parent. " )
2010-10-10 17:23:30 -04:00
),
2010-10-10 17:15:44 -04:00
'arguments' => array (
2011-03-19 18:32:35 +01:00
'aro' => array ( 'help' => __d ( 'cake_console' , 'ARO to have permisssions inherit.' ), 'required' => true ),
'aco' => array ( 'help' => __d ( 'cake_console' , 'ACO to inherit permissions on.' ), 'required' => true ),
'action' => array ( 'help' => __d ( 'cake_console' , 'Action to inherit' ), 'default' => 'all' )
2010-10-10 17:15:44 -04:00
)
)
)) -> addSubcommand ( 'view' , array (
2011-03-19 18:32:35 +01:00
'help' => __d ( 'cake_console' , 'View a tree or a single node\'s subtree.' ),
2010-10-10 17:15:44 -04:00
'parser' => array (
2010-10-10 17:23:30 -04:00
'description' => array (
2011-03-19 18:32:35 +01:00
__d ( 'cake_console' , " The view command will return the ARO or ACO tree. " ),
__d ( 'cake_console' , " The optional node parameter allows you to return " ),
__d ( 'cake_console' , " only a portion of the requested tree. " )
2010-10-10 17:23:30 -04:00
),
2010-10-10 17:15:44 -04:00
'arguments' => array (
'type' => $type ,
2011-03-19 18:32:35 +01:00
'node' => array ( 'help' => __d ( 'cake_console' , 'The optional node to view the subtree of.' ))
2010-10-10 17:15:44 -04:00
)
)
)) -> addSubcommand ( 'initdb' , array (
2011-03-19 18:32:35 +01:00
'help' => __d ( 'cake_console' , 'Initialize the DbAcl tables. Uses this command : cake schema run create DbAcl' )
2010-10-10 17:15:44 -04:00
)) -> epilog (
2010-10-10 17:19:14 -04:00
array (
2010-10-10 17:15:44 -04:00
'Node and parent arguments can be in one of the following formats:' ,
'' ,
' - <model>.<id> - The node will be bound to a specific record of the given model.' ,
'' ,
' - <alias> - The node will be given a string alias (or path, in the case of <parent>)' ,
" i.e. 'John'. When used with <parent>, this takes the form of an alias path, " ,
" i.e. <group>/<subgroup>/<parent>. " ,
'' ,
" To add a node at the root level, enter 'root' or '/' as the <parent> parameter. "
2010-10-10 17:19:14 -04:00
)
2010-10-10 17:15:44 -04:00
);
return $parser ;
2008-05-30 11:40:08 +00:00
}
2009-07-24 21:18:37 +02:00
2008-05-30 11:40:08 +00:00
/**
* Checks that given node exists
*
* @ param string $type Node type ( ARO / ACO )
* @ param integer $id Node id
* @ return boolean Success
*/
2010-04-05 13:19:38 +10:00
public function nodeExists () {
2010-10-11 13:30:18 -04:00
if ( ! isset ( $this -> args [ 0 ]) || ! isset ( $this -> args [ 1 ])) {
2008-05-30 11:40:08 +00:00
return false ;
}
extract ( $this -> __dataVars ( $this -> args [ 0 ]));
2009-08-01 20:17:44 -04:00
$key = is_numeric ( $this -> args [ 1 ]) ? $secondary_id : 'alias' ;
2008-05-30 11:40:08 +00:00
$conditions = array ( $class . '.' . $key => $this -> args [ 1 ]);
$possibility = $this -> Acl -> { $class } -> find ( 'all' , compact ( 'conditions' ));
if ( empty ( $possibility )) {
2011-03-19 18:32:35 +01:00
$this -> error ( __d ( 'cake_console' , '%s not found' , $this -> args [ 1 ]), __d ( 'cake_console' , 'No tree returned.' ));
2008-05-30 11:40:08 +00:00
}
return $possibility ;
}
2009-07-24 21:18:37 +02:00
2009-08-01 18:57:54 -04:00
/**
* Parse an identifier into Model . foriegnKey or an alias .
* Takes an identifier determines its type and returns the result as used by other methods .
*
* @ param string $identifier Identifier to parse
* @ return mixed a string for aliases , and an array for model . foreignKey
2009-11-14 23:19:25 +11:00
*/
2009-08-01 18:57:54 -04:00
function parseIdentifier ( $identifier ) {
if ( preg_match ( '/^([\w]+)\.(.*)$/' , $identifier , $matches )) {
return array (
'model' => $matches [ 1 ],
'foreign_key' => $matches [ 2 ],
);
}
return $identifier ;
}
2009-08-01 20:17:44 -04:00
/**
* Get the node for a given identifier . $identifier can either be a string alias
* or an array of properties to use in AcoNode :: node ()
*
* @ param string $class Class type you want ( Aro / Aco )
* @ param mixed $identifier A mixed identifier for finding the node .
* @ return int Integer of NodeId . Will trigger an error if nothing is found .
2009-11-14 23:19:25 +11:00
*/
2009-08-01 20:17:44 -04:00
function _getNodeId ( $class , $identifier ) {
$node = $this -> Acl -> { $class } -> node ( $identifier );
if ( empty ( $node )) {
2009-08-01 20:21:22 -04:00
if ( is_array ( $identifier )) {
$identifier = var_export ( $identifier , true );
}
2011-03-19 18:32:35 +01:00
$this -> error ( __d ( 'cake_console' , 'Could not find node using reference "%s"' , $identifier ));
2009-08-01 20:17:44 -04:00
}
return Set :: extract ( $node , " 0. { $class } .id " );
}
2008-05-30 11:40:08 +00:00
/**
* get params for standard Acl methods
*
* @ return array aro , aco , action
* @ access private
*/
function __getParams () {
2009-08-05 00:23:59 -04:00
$aro = is_numeric ( $this -> args [ 0 ]) ? intval ( $this -> args [ 0 ]) : $this -> args [ 0 ];
$aco = is_numeric ( $this -> args [ 1 ]) ? intval ( $this -> args [ 1 ]) : $this -> args [ 1 ];
2010-01-14 22:15:06 -05:00
$aroName = $aro ;
$acoName = $aco ;
2009-08-07 08:32:27 -04:00
2009-08-05 00:23:59 -04:00
if ( is_string ( $aro )) {
$aro = $this -> parseIdentifier ( $aro );
2008-05-30 11:40:08 +00:00
}
2009-08-05 00:23:59 -04:00
if ( is_string ( $aco )) {
$aco = $this -> parseIdentifier ( $aco );
2008-05-30 11:40:08 +00:00
}
$action = null ;
if ( isset ( $this -> args [ 2 ])) {
$action = $this -> args [ 2 ];
if ( $action == '' || $action == 'all' ) {
$action = '*' ;
}
}
2010-01-14 22:15:06 -05:00
return compact ( 'aro' , 'aco' , 'action' , 'aroName' , 'acoName' );
2008-05-30 11:40:08 +00:00
}
/**
* Build data parameters based on node type
*
* @ param string $type Node type ( ARO / ACO )
* @ return array Variables
* @ access private
*/
function __dataVars ( $type = null ) {
if ( $type == null ) {
$type = $this -> args [ 0 ];
}
$vars = array ();
$class = ucwords ( $type );
2009-08-01 18:57:54 -04:00
$vars [ 'secondary_id' ] = ( strtolower ( $class ) == 'aro' ) ? 'foreign_key' : 'object_id' ;
2008-05-30 11:40:08 +00:00
$vars [ 'data_name' ] = $type ;
$vars [ 'table_name' ] = $type . 's' ;
$vars [ 'class' ] = $class ;
return $vars ;
}
}