* Copyright 2005-2007, Cake Software Foundation, Inc. * 1785 E. Sahara Avenue, Suite 490-204 * Las Vegas, Nevada 89104 * * Licensed under The MIT License * Redistributions of files must retain the above copyright notice. * * @filesource * @copyright Copyright 2005-2007, Cake Software Foundation, Inc. * @link http://www.cakefoundation.org/projects/info/cakephp CakePHP(tm) Project * @package cake * @subpackage cake.cake.console.libs * @since CakePHP(tm) v 1.2.0.5012 * @version $Revision$ * @modifiedby $LastChangedBy$ * @lastmodified $Date$ * @license http://www.opensource.org/licenses/mit-license.php The MIT License */ uses ('controller'.DS.'components'.DS.'acl', 'model'.DS.'db_acl'); /** * Shell for ACL management. * * @package cake * @subpackage cake.cake.console.libs */ class AclShell extends Shell { /** * Contains instance of AclComponent * * @var object * @access public */ var $Acl; /** * Contains arguments parsed from the command line. * * @var array * @access public */ var $args; /** * Contains database source to use * * @var string * @access public */ var $dataSource = 'default'; /** * Contains tasks to load and instantiate * * @var array * @access public */ var $tasks = array('DbConfig'); /** * Override startup of the Shell * * @access public */ function startup() { $this->dataSource = 'default'; if (isset($this->params['datasource'])) { $this->dataSource = $this->params['datasource']; } if (Configure::read('Acl.classname') != 'DB_ACL') { $out = "--------------------------------------------------\n"; $out .= __("Error: Your current Cake configuration is set to", true) . "\n"; $out .= __("an ACL implementation other than DB. Please change", true) . "\n"; $out .= __("your core config to reflect your decision to use", true) . "\n"; $out .= __("DB_ACL before attempting to use this script", true) . ".\n"; $out .= "--------------------------------------------------\n"; $out .= sprintf(__("Current ACL Classname: %s", true), Configure::read('Acl.classname')) . "\n"; $out .= "--------------------------------------------------\n"; $this->err($out); exit(); } if ($this->command && !in_array($this->command, array('help'))) { if (!config('database')) { $this->out(__("Your database configuration was not found. Take a moment to create one.", true), true); $this->args = null; return $this->DbConfig->execute(); } require_once (CONFIGS.'database.php'); if (!in_array($this->command, array('initdb'))) { $this->Acl = new AclComponent(); $controller = null; $this->Acl->startup($controller); } } } /** * Override main() for help message hook * * @access public */ function main() { $out = __("Available ACL commands:", true) . "\n"; $out .= "\t - create\n"; $out .= "\t - delete\n"; $out .= "\t - setParent\n"; $out .= "\t - getPath\n"; $out .= "\t - grant\n"; $out .= "\t - deny\n"; $out .= "\t - inherit\n"; $out .= "\t - view\n"; $out .= "\t - initdb\n"; $out .= "\t - help\n\n"; $out .= __("For help, run the 'help' command. For help on a specific command, run 'help '", true); $this->out($out); } /** * Creates an ARO/ACO node * * @access public */ function create() { $this->_checkArgs(3, 'create'); $this->checkNodeType(); extract($this->__dataVars()); $class = ucfirst($this->args[0]); $object = new $class(); if (preg_match('/^([\w]+)\.(.*)$/', $this->args[1], $matches) && count($matches) == 3) { $parent = array( 'model' => $matches[1], 'foreign_key' => $matches[2], ); } else { $parent = $this->args[1]; } if (!empty($parent) && $parent != '/' && $parent != 'root') { @$parent = $object->node($parent); if (empty($parent)) { $this->err(sprintf(__('Could not find parent node using reference "%s"', true), $this->args[1])); return; } else { $parent = Set::extract($parent, "0.{$class}.id"); } } else { $parent = null; } if (preg_match('/^([\w]+)\.(.*)$/', $this->args[2], $matches) && count($matches) == 3) { $data = array( 'model' => $matches[1], 'foreign_key' => $matches[2], ); } else { if (!($this->args[2] == '/')) { $data = array('alias' => $this->args[2]); } else { $this->error(__('/ can not be used as an alias!', true), __('\t/ is the root, please supply a sub alias', true)); } } $data['parent_id'] = $parent; $object->create(); if ($object->save($data)) { $this->out(sprintf(__("New %s '%s' created.\n", true), $class, $this->args[2]), true); } else { $this->err(sprintf(__("There was a problem creating a new %s '%s'.", true), $class, $this->args[2])); } } /** * Delete an ARO/ACO node. * * @access public */ function delete() { $this->_checkArgs(2, 'delete'); $this->checkNodeType(); extract($this->__dataVars()); if (!$this->Acl->{$class}->delete($this->args[1])) { $this->error(__("Node Not Deleted", true), sprintf(__("There was an error deleting the %s. Check that the node exists", true), $class) . ".\n"); } $this->out(sprintf(__("%s deleted", true), $class) . ".\n", true); } /** * Set parent for an ARO/ACO node. * * @access public */ function setParent() { $this->_checkArgs(3, 'setParent'); $this->checkNodeType(); extract($this->__dataVars()); if (!$this->Acl->{$class}->setParent($this->args[2], $this->args[1])) { $this->out(__("Error in setting new parent. Please make sure the parent node exists, and is not a descendant of the node specified.", true), true); } else { $this->out(sprintf(__("Node parent set to %s", true), $this->args[2]) . "\n", true); } } /** * Get path to specified ARO/ACO node. * * @access public */ function getPath() { $this->_checkArgs(2, 'getPath'); $this->checkNodeType(); extract($this->__dataVars()); $id = ife(is_numeric($this->args[1]), intval($this->args[1]), $this->args[1]); $nodes = $this->Acl->{$class}->getPath($id); if (empty($nodes)) { $this->error(sprintf(__("Supplied Node '%s' not found", true), $this->args[1]), __("No tree returned.", true)); } for ($i = 0; $i < count($nodes); $i++) { $this->out(str_repeat(' ', $i) . "[" . $nodes[$i][$class]['id'] . "]" . $nodes[$i][$class]['alias'] . "\n"); } } /** * Grant permission for a given ARO to a given ACO. * * @access public */ function grant() { $this->_checkArgs(3, 'grant'); //add existence checks for nodes involved $aro = ife(is_numeric($this->args[0]), intval($this->args[0]), $this->args[0]); $aco = ife(is_numeric($this->args[1]), intval($this->args[1]), $this->args[1]); if ($this->Acl->allow($aro, $aco, $this->args[2])) { $this->out(__("Permission granted.", true), true); } } /** * Deny access for an ARO to an ACO. * * @access public */ function deny() { $this->_checkArgs(3, 'deny'); //add existence checks for nodes involved $aro = ife(is_numeric($this->args[0]), intval($this->args[0]), $this->args[0]); $aco = ife(is_numeric($this->args[1]), intval($this->args[1]), $this->args[1]); $this->Acl->deny($aro, $aco, $this->args[2]); $this->out(__("Requested permission successfully denied.", true), true); } /** * Set an ARO to inhermit permission to an ACO. * * @access public */ function inherit() { $this->_checkArgs(3, 'inherit'); $aro = ife(is_numeric($this->args[0]), intval($this->args[0]), $this->args[0]); $aco = ife(is_numeric($this->args[1]), intval($this->args[1]), $this->args[1]); $this->Acl->inherit($aro, $aco, $this->args[2]); $this->out(__("Requested permission successfully inherited.", true), true); } /** * Show a specific ARO/ACO node. * * @access public */ function view() { $this->_checkArgs(1, 'view'); $this->checkNodeType(); extract($this->__dataVars()); if (isset($this->args[1]) && !is_null($this->args[1])) { $key = ife(is_numeric($this->args[1]), $secondary_id, 'alias'); $conditions = array($class . '.' . $key => $this->args[1]); } else { $conditions = null; } $nodes = $this->Acl->{$class}->findAll($conditions, null, 'lft ASC'); if (empty($nodes)) { if(isset($this->args[1])) { $this->error(sprintf(__("%s not found", true), $this->args[1]), __("No tree returned.", true)); } elseif (isset($this->args[0])) { $this->error(sprintf(__("%s not found", true), $this->args[0]), __("No tree returned.", true)); } } $this->out($class . " tree:"); $this->hr(); $stack = array(); $last = null; foreach ($nodes as $n) { $stack[] = $n; if (!empty($last)) { $end = end($stack); if ($end[$class]['rght'] > $last) { foreach ($stack as $k => $v) { $end = end($stack); if ($v[$class]['rght'] < $end[$class]['rght']) { unset($stack[$k]); } } } } $last = $n[$class]['rght']; $count = count($stack); $this->out(str_repeat(' ', $count) . "[" . $n[$class]['id'] . "]" . $n[$class]['alias']."\n"); } $this->hr(); } /** * Initialize ACL database. * * @access public */ function initdb() { $db =& ConnectionManager::getDataSource($this->dataSource); $this->out(__("Initializing Database...", true), true); $this->out(__("Creating access control objects table (acos)...", true), true); $sql = " CREATE TABLE ".$db->fullTableName('acos')." ( ".$db->name('id')." ".$db->column($db->columns['primary_key']).", ".$db->name('parent_id')." ".$db->column($db->columns['integer'])." default NULL, ".$db->name('model')." ".$db->column($db->columns['string'])." default '', ".$db->name('foreign_key')." ".$db->column($db->columns['integer'])." default NULL, ".$db->name('alias')." ".$db->column($db->columns['string'])." default '', ".$db->name('lft')." ".$db->column($db->columns['integer'])." default NULL, ".$db->name('rght')." ".$db->column($db->columns['integer'])." default NULL, PRIMARY KEY (".$db->name('id').") )"; if ($db->query($sql) === false) { die("Error: " . $db->lastError() . "\n\n"); } $this->out(__("Creating access request objects table (aros)...", true), true); $sql2 = "CREATE TABLE ".$db->fullTableName('aros')." ( ".$db->name('id')." ".$db->column($db->columns['primary_key']).", ".$db->name('parent_id')." ".$db->column($db->columns['integer'])." default NULL, ".$db->name('model')." ".$db->column($db->columns['string'])." default '', ".$db->name('foreign_key')." ".$db->column($db->columns['integer'])." default NULL, ".$db->name('alias')." ".$db->column($db->columns['string'])." default '', ".$db->name('lft')." ".$db->column($db->columns['integer'])." default NULL, ".$db->name('rght')." ".$db->column($db->columns['integer'])." default NULL, PRIMARY KEY (".$db->name('id').") )"; if ($db->query($sql2) === false) { die("Error: " . $db->lastError() . "\n\n"); } $this->out(__("Creating relationships table (aros_acos)...", true), true); $sql3 = "CREATE TABLE ".$db->fullTableName('aros_acos')." ( ".$db->name('id')." ".$db->column($db->columns['primary_key']).", ".$db->name('aro_id')." ".$db->column($db->columns['integer'])." default NULL, ".$db->name('aco_id')." ".$db->column($db->columns['integer'])." default NULL, ".$db->name('_create')." ".$db->column($db->columns['integer'])." default '0' NOT NULL, ".$db->name('_read')." ".$db->column($db->columns['integer'])." default '0' NOT NULL, ".$db->name('_update')." ".$db->column($db->columns['integer'])." default '0' NOT NULL, ".$db->name('_delete')." ".$db->column($db->columns['integer'])." default '0' NOT NULL, PRIMARY KEY (".$db->name('id').") )"; if ($db->query($sql3) === false) { die("Error: " . $db->lastError() . "\n\n"); } $this->out("\n" . __("Done.", true), true); } /** * Show help screen. * * @access public */ function help() { $head = __("Usage: cake acl ...", true) . "\n"; $head .= "-----------------------------------------------\n"; $head .= __("Commands:", true) . "\n\n"; $commands = array( 'create' => "\tcreate aro|aco \n" . "\t\t" . __("Creates a new ACL object under the parent specified by , an id/alias.", true) . "\n" . "\t\t" . __("The and references can be in one of the following formats:", true) . "\n" . "\t\t\t- " . __(". - The node will be bound to a specific record of the given model", true) . "\n" . "\t\t\t- " . __(" - The node will be given a string alias (or path, in the case of ),", true) . "\n" . "\t\t\t " . __("i.e. 'John'. When used with , this takes the form of an alias path,", true) . "\n" . "\t\t\t " . __("i.e. //.", true) . "\n" . "\t\t" . __("To add a node at the root level, enter 'root' or '/' as the parameter.", true) . "\n", 'delete' => "\tdelete aro|aco \n" . "\t\t" . __("Deletes the ACL object with the given reference (see 'create' for info on node references).", true) . "\n", 'setparent' => "\tsetParent aro|aco \n" . "\t\t" . __("Moves the ACL object specified by beneath the parent ACL object specified by .", true) . "\n", 'getpath' => "\tgetPath aro|aco \n" . "\t\t" . __("Returns the path to the ACL object specified by . This command", true) . "\n" . "\t\t" . __("is useful in determining the inhertiance of permissions for a certain", true) . "\n" . "\t\t" . __("object in the tree.", true) . "\n", 'grant' => "\tgrant [] " . __("or", true) . " '*' " . __("(quotes required)", true) . "\n" . "\t\t" . __("Use this command to grant ACL permissions. Once executed, the ARO", true) . "\n" . "\t\t" . __("specified (and its children, if any) will have ALLOW access to the", true) . "\n" . "\t\t" . __("specified ACO action (and the ACO's children, if any).", true) . "\n", 'deny' => "\tdeny []\n" . "\t\t" . __("Use this command to deny ACL permissions. Once executed, the ARO", true) . "\n" . "\t\t" . __("specified (and its children, if any) will have DENY access to the", true) . "\n" . "\t\t" . __("specified ACO action (and the ACO's children, if any).", true) . "\n", 'inherit' => "\tinherit []\n" . "\t\t" . __("Use this command to force a child ARO object to inherit its", true) . "\n" . "\t\t" . __("permissions settings from its parent.", true) . "\n", 'view' => "\tview aro|aco []\n" . "\t\t" . __("The view command will return the ARO or ACO tree. The optional", true) . "\n" . "\t\t" . __("id/alias parameter allows you to return only a portion of the requested tree.", true) . "\n", 'initdb' => "\tinitdb\n". "\t\t" . __("Use this command to create the database tables needed to use DB ACL.", true) . "\n", 'help' => "\thelp []\n" . "\t\t" . __("Displays this help message, or a message on a specific command.", true) . "\n" ); $this->out($head); if (!isset($this->args[0])) { foreach ($commands as $cmd) { $this->out("{$cmd}\n\n"); } } elseif (isset($commands[low($this->args[0])])) { $this->out($commands[low($this->args[0])] . "\n\n"); } else { $this->out(sprintf(__("Command '%s' not found", true), $this->args[0])); } } /** * Check that first argument specifies a valid Node type (ARO/ACO) * * @access public */ function checkNodeType() { if (!isset($this->args[0])) { return false; } if ($this->args[0] != 'aco' && $this->args[0] != 'aro') { $this->error(sprintf(__("Missing/Unknown node type: '%s'", true), $this->args[1]), __('Please specify which ACL object type you wish to create.', true)); } } /** * Checks that given node exists * * @param string $type Node type (ARO/ACO) * @param int $id Node id * @return boolean Success * @access public */ function nodeExists() { if (!$this->checkNodeType() && !isset($this->args[1])) { return false; } extract($this->__dataVars($this->args[0])); $key = (ife(is_numeric($this->args[1]), $secondary_id, 'alias')); $conditions = array($class . '.' . $key => $this->args[1]); $possibility = $this->Acl->{$class}->findAll($conditions); if (empty($possibility)) { $this->error(sprintf(__("%s not found", true), $this->args[1]), __("No tree returned.", true)); } return $possibility; } /** * Build data parameters based on node type * * @param string $type Node type (ARO/ACO) * @return array Variables * @access private */ function __dataVars($type = null) { if ($type == null) { $type = $this->args[0]; } $vars = array(); $class = ucwords($type); $vars['secondary_id'] = ife(strtolower($class) == 'aro', 'foreign_key', 'object_id'); $vars['data_name'] = $type; $vars['table_name'] = $type . 's'; $vars['class'] = $class; return $vars; } } ?>