1: <?php
2: 3: 4: 5: 6: 7: 8: 9: 10: 11: 12: 13: 14: 15: 16: 17:
18:
19: App::uses('AppShell', 'Console/Command');
20: App::uses('ComponentCollection', 'Controller');
21: App::uses('AclComponent', 'Controller/Component');
22: App::uses('DbAcl', 'Model');
23:
24: 25: 26: 27: 28: 29:
30: class AclShell extends AppShell {
31:
32: 33: 34: 35: 36:
37: public $Acl;
38:
39: 40: 41: 42: 43:
44: public $args;
45:
46: 47: 48: 49: 50:
51: public $connection = 'default';
52:
53: 54: 55: 56: 57:
58: public $tasks = array('DbConfig');
59:
60: 61: 62: 63: 64:
65: public function startup() {
66: parent::startup();
67: if (isset($this->params['connection'])) {
68: $this->connection = $this->params['connection'];
69: }
70:
71: if (!in_array(Configure::read('Acl.classname'), array('DbAcl', 'DB_ACL'))) {
72: $out = "--------------------------------------------------\n";
73: $out .= __d('cake_console', 'Error: Your current Cake configuration is set to an ACL implementation other than DB.') . "\n";
74: $out .= __d('cake_console', 'Please change your core config to reflect your decision to use DbAcl before attempting to use this script') . "\n";
75: $out .= "--------------------------------------------------\n";
76: $out .= __d('cake_console', 'Current ACL Classname: %s', Configure::read('Acl.classname')) . "\n";
77: $out .= "--------------------------------------------------\n";
78: $this->err($out);
79: $this->_stop();
80: }
81:
82: if ($this->command) {
83: if (!config('database')) {
84: $this->out(__d('cake_console', 'Your database configuration was not found. Take a moment to create one.'), true);
85: $this->args = null;
86: return $this->DbConfig->execute();
87: }
88: require_once (APP . 'Config' . DS . 'database.php');
89:
90: if (!in_array($this->command, array('initdb'))) {
91: $collection = new ComponentCollection();
92: $this->Acl = new AclComponent($collection);
93: $controller = null;
94: $this->Acl->startup($controller);
95: }
96: }
97: }
98:
99: 100: 101: 102: 103:
104: public function main() {
105: $this->out($this->OptionParser->help());
106: }
107:
108: 109: 110: 111: 112:
113: public function create() {
114: extract($this->_dataVars());
115:
116: $class = ucfirst($this->args[0]);
117: $parent = $this->parseIdentifier($this->args[1]);
118:
119: if (!empty($parent) && $parent != '/' && $parent != 'root') {
120: $parent = $this->_getNodeId($class, $parent);
121: } else {
122: $parent = null;
123: }
124:
125: $data = $this->parseIdentifier($this->args[2]);
126: if (is_string($data) && $data != '/') {
127: $data = array('alias' => $data);
128: } elseif (is_string($data)) {
129: $this->error(__d('cake_console', '/ can not be used as an alias!') . __d('cake_console', " / is the root, please supply a sub alias"));
130: }
131:
132: $data['parent_id'] = $parent;
133: $this->Acl->{$class}->create();
134: if ($this->Acl->{$class}->save($data)) {
135: $this->out(__d('cake_console', "<success>New %s</success> '%s' created.", $class, $this->args[2]), 2);
136: } else {
137: $this->err(__d('cake_console', "There was a problem creating a new %s '%s'.", $class, $this->args[2]));
138: }
139: }
140:
141: 142: 143: 144: 145:
146: public function delete() {
147: extract($this->_dataVars());
148:
149: $identifier = $this->parseIdentifier($this->args[1]);
150: $nodeId = $this->_getNodeId($class, $identifier);
151:
152: if (!$this->Acl->{$class}->delete($nodeId)) {
153: $this->error(__d('cake_console', 'Node Not Deleted') . __d('cake_console', 'There was an error deleting the %s. Check that the node exists.', $class) . "\n");
154: }
155: $this->out(__d('cake_console', '<success>%s deleted.</success>', $class), 2);
156: }
157:
158: 159: 160: 161: 162:
163: public function setParent() {
164: extract($this->_dataVars());
165: $target = $this->parseIdentifier($this->args[1]);
166: $parent = $this->parseIdentifier($this->args[2]);
167:
168: $data = array(
169: $class => array(
170: 'id' => $this->_getNodeId($class, $target),
171: 'parent_id' => $this->_getNodeId($class, $parent)
172: )
173: );
174: $this->Acl->{$class}->create();
175: if (!$this->Acl->{$class}->save($data)) {
176: $this->out(__d('cake_console', 'Error in setting new parent. Please make sure the parent node exists, and is not a descendant of the node specified.'), true);
177: } else {
178: $this->out(__d('cake_console', 'Node parent set to %s', $this->args[2]) . "\n", true);
179: }
180: }
181:
182: 183: 184: 185: 186:
187: public function getPath() {
188: extract($this->_dataVars());
189: $identifier = $this->parseIdentifier($this->args[1]);
190:
191: $id = $this->_getNodeId($class, $identifier);
192: $nodes = $this->Acl->{$class}->getPath($id);
193:
194: if (empty($nodes)) {
195: $this->error(
196: __d('cake_console', "Supplied Node '%s' not found", $this->args[1]),
197: __d('cake_console', 'No tree returned.')
198: );
199: }
200: $this->out(__d('cake_console', 'Path:'));
201: $this->hr();
202: for ($i = 0; $i < count($nodes); $i++) {
203: $this->_outputNode($class, $nodes[$i], $i);
204: }
205: }
206:
207: 208: 209: 210: 211: 212: 213: 214:
215: protected function _outputNode($class, $node, $indent) {
216: $indent = str_repeat(' ', $indent);
217: $data = $node[$class];
218: if ($data['alias']) {
219: $this->out($indent . "[" . $data['id'] . "] " . $data['alias']);
220: } else {
221: $this->out($indent . "[" . $data['id'] . "] " . $data['model'] . '.' . $data['foreign_key']);
222: }
223: }
224:
225: 226: 227: 228: 229:
230: public function check() {
231: extract($this->_getParams());
232:
233: if ($this->Acl->check($aro, $aco, $action)) {
234: $this->out(__d('cake_console', '%s is <success>allowed</success>.', $aroName), true);
235: } else {
236: $this->out(__d('cake_console', '%s is <error>not allowed</error>.', $aroName), true);
237: }
238: }
239:
240: 241: 242: 243: 244:
245: public function grant() {
246: extract($this->_getParams());
247:
248: if ($this->Acl->allow($aro, $aco, $action)) {
249: $this->out(__d('cake_console', 'Permission <success>granted</success>.'), true);
250: } else {
251: $this->out(__d('cake_console', 'Permission was <error>not granted</error>.'), true);
252: }
253: }
254:
255: 256: 257: 258: 259:
260: public function deny() {
261: extract($this->_getParams());
262:
263: if ($this->Acl->deny($aro, $aco, $action)) {
264: $this->out(__d('cake_console', 'Permission denied.'), true);
265: } else {
266: $this->out(__d('cake_console', 'Permission was not denied.'), true);
267: }
268: }
269:
270: 271: 272: 273: 274:
275: public function inherit() {
276: extract($this->_getParams());
277:
278: if ($this->Acl->inherit($aro, $aco, $action)) {
279: $this->out(__d('cake_console', 'Permission inherited.'), true);
280: } else {
281: $this->out(__d('cake_console', 'Permission was not inherited.'), true);
282: }
283: }
284:
285: 286: 287: 288: 289:
290: public function view() {
291: extract($this->_dataVars());
292:
293: if (isset($this->args[1])) {
294: $identity = $this->parseIdentifier($this->args[1]);
295:
296: $topNode = $this->Acl->{$class}->find('first', array(
297: 'conditions' => array($class . '.id' => $this->_getNodeId($class, $identity))
298: ));
299:
300: $nodes = $this->Acl->{$class}->find('all', array(
301: 'conditions' => array(
302: $class . '.lft >=' => $topNode[$class]['lft'],
303: $class . '.lft <=' => $topNode[$class]['rght']
304: ),
305: 'order' => $class . '.lft ASC'
306: ));
307: } else {
308: $nodes = $this->Acl->{$class}->find('all', array('order' => $class . '.lft ASC'));
309: }
310:
311: if (empty($nodes)) {
312: if (isset($this->args[1])) {
313: $this->error(__d('cake_console', '%s not found', $this->args[1]), __d('cake_console', 'No tree returned.'));
314: } elseif (isset($this->args[0])) {
315: $this->error(__d('cake_console', '%s not found', $this->args[0]), __d('cake_console', 'No tree returned.'));
316: }
317: }
318: $this->out($class . ' tree:');
319: $this->hr();
320:
321: $stack = array();
322: $last = null;
323:
324: foreach ($nodes as $n) {
325: $stack[] = $n;
326: if (!empty($last)) {
327: $end = end($stack);
328: if ($end[$class]['rght'] > $last) {
329: foreach ($stack as $k => $v) {
330: $end = end($stack);
331: if ($v[$class]['rght'] < $end[$class]['rght']) {
332: unset($stack[$k]);
333: }
334: }
335: }
336: }
337: $last = $n[$class]['rght'];
338: $count = count($stack);
339:
340: $this->_outputNode($class, $n, $count);
341: }
342: $this->hr();
343: }
344:
345: 346: 347: 348: 349:
350: public function initdb() {
351: return $this->dispatchShell('schema create DbAcl');
352: }
353:
354: 355: 356: 357: 358:
359: public function getOptionParser() {
360: $parser = parent::getOptionParser();
361:
362: $type = array(
363: 'choices' => array('aro', 'aco'),
364: 'required' => true,
365: 'help' => __d('cake_console', 'Type of node to create.')
366: );
367:
368: $parser->description(__d('cake_console', 'A console tool for managing the DbAcl'))
369: ->addSubcommand('create', array(
370: 'help' => __d('cake_console', 'Create a new ACL node'),
371: 'parser' => array(
372: 'description' => __d('cake_console', 'Creates a new ACL object <node> under the parent'),
373: 'arguments' => array(
374: 'type' => $type,
375: 'parent' => array(
376: 'help' => __d('cake_console', 'The node selector for the parent.'),
377: 'required' => true
378: ),
379: 'alias' => array(
380: 'help' => __d('cake_console', 'The alias to use for the newly created node.'),
381: 'required' => true
382: )
383: )
384: )
385: ))->addSubcommand('delete', array(
386: 'help' => __d('cake_console', 'Deletes the ACL object with the given <node> reference'),
387: 'parser' => array(
388: 'description' => __d('cake_console', 'Delete an ACL node.'),
389: 'arguments' => array(
390: 'type' => $type,
391: 'node' => array(
392: 'help' => __d('cake_console', 'The node identifier to delete.'),
393: 'required' => true,
394: )
395: )
396: )
397: ))->addSubcommand('setparent', array(
398: 'help' => __d('cake_console', 'Moves the ACL node under a new parent.'),
399: 'parser' => array(
400: 'description' => __d('cake_console', 'Moves the ACL object specified by <node> beneath <parent>'),
401: 'arguments' => array(
402: 'type' => $type,
403: 'node' => array(
404: 'help' => __d('cake_console', 'The node to move'),
405: 'required' => true,
406: ),
407: 'parent' => array(
408: 'help' => __d('cake_console', 'The new parent for <node>.'),
409: 'required' => true
410: )
411: )
412: )
413: ))->addSubcommand('getpath', array(
414: 'help' => __d('cake_console', 'Print out the path to an ACL node.'),
415: 'parser' => array(
416: 'description' => array(
417: __d('cake_console', "Returns the path to the ACL object specified by <node>."),
418: __d('cake_console', "This command is useful in determining the inheritance of permissions for a certain object in the tree.")
419: ),
420: 'arguments' => array(
421: 'type' => $type,
422: 'node' => array(
423: 'help' => __d('cake_console', 'The node to get the path of'),
424: 'required' => true,
425: )
426: )
427: )
428: ))->addSubcommand('check', array(
429: 'help' => __d('cake_console', 'Check the permissions between an ACO and ARO.'),
430: 'parser' => array(
431: 'description' => array(
432: __d('cake_console', 'Use this command to check ACL permissions.')
433: ),
434: 'arguments' => array(
435: 'aro' => array('help' => __d('cake_console', 'ARO to check.'), 'required' => true),
436: 'aco' => array('help' => __d('cake_console', 'ACO to check.'), 'required' => true),
437: 'action' => array('help' => __d('cake_console', 'Action to check'), 'default' => 'all')
438: )
439: )
440: ))->addSubcommand('grant', array(
441: 'help' => __d('cake_console', 'Grant an ARO permissions to an ACO.'),
442: 'parser' => array(
443: 'description' => array(
444: __d('cake_console', 'Use this command to grant ACL permissions. Once executed, the ARO specified (and its children, if any) will have ALLOW access to the specified ACO action (and the ACO\'s children, if any).')
445: ),
446: 'arguments' => array(
447: 'aro' => array('help' => __d('cake_console', 'ARO to grant permission to.'), 'required' => true),
448: 'aco' => array('help' => __d('cake_console', 'ACO to grant access to.'), 'required' => true),
449: 'action' => array('help' => __d('cake_console', 'Action to grant'), 'default' => 'all')
450: )
451: )
452: ))->addSubcommand('deny', array(
453: 'help' => __d('cake_console', 'Deny an ARO permissions to an ACO.'),
454: 'parser' => array(
455: 'description' => array(
456: __d('cake_console', 'Use this command to deny ACL permissions. Once executed, the ARO specified (and its children, if any) will have DENY access to the specified ACO action (and the ACO\'s children, if any).')
457: ),
458: 'arguments' => array(
459: 'aro' => array('help' => __d('cake_console', 'ARO to deny.'), 'required' => true),
460: 'aco' => array('help' => __d('cake_console', 'ACO to deny.'), 'required' => true),
461: 'action' => array('help' => __d('cake_console', 'Action to deny'), 'default' => 'all')
462: )
463: )
464: ))->addSubcommand('inherit', array(
465: 'help' => __d('cake_console', 'Inherit an ARO\'s parent permissions.'),
466: 'parser' => array(
467: 'description' => array(
468: __d('cake_console', "Use this command to force a child ARO object to inherit its permissions settings from its parent.")
469: ),
470: 'arguments' => array(
471: 'aro' => array('help' => __d('cake_console', 'ARO to have permissions inherit.'), 'required' => true),
472: 'aco' => array('help' => __d('cake_console', 'ACO to inherit permissions on.'), 'required' => true),
473: 'action' => array('help' => __d('cake_console', 'Action to inherit'), 'default' => 'all')
474: )
475: )
476: ))->addSubcommand('view', array(
477: 'help' => __d('cake_console', 'View a tree or a single node\'s subtree.'),
478: 'parser' => array(
479: 'description' => array(
480: __d('cake_console', "The view command will return the ARO or ACO tree."),
481: __d('cake_console', "The optional node parameter allows you to return"),
482: __d('cake_console', "only a portion of the requested tree.")
483: ),
484: 'arguments' => array(
485: 'type' => $type,
486: 'node' => array('help' => __d('cake_console', 'The optional node to view the subtree of.'))
487: )
488: )
489: ))->addSubcommand('initdb', array(
490: 'help' => __d('cake_console', 'Initialize the DbAcl tables. Uses this command : cake schema create DbAcl')
491: ))->epilog(
492: array(
493: 'Node and parent arguments can be in one of the following formats:',
494: '',
495: ' - <model>.<id> - The node will be bound to a specific record of the given model.',
496: '',
497: ' - <alias> - The node will be given a string alias (or path, in the case of <parent>)',
498: " i.e. 'John'. When used with <parent>, this takes the form of an alias path,",
499: " i.e. <group>/<subgroup>/<parent>.",
500: '',
501: "To add a node at the root level, enter 'root' or '/' as the <parent> parameter."
502: )
503: );
504: return $parser;
505: }
506:
507: 508: 509: 510: 511:
512: public function nodeExists() {
513: if (!isset($this->args[0]) || !isset($this->args[1])) {
514: return false;
515: }
516: extract($this->_dataVars($this->args[0]));
517: $key = is_numeric($this->args[1]) ? $secondary_id : 'alias';
518: $conditions = array($class . '.' . $key => $this->args[1]);
519: $possibility = $this->Acl->{$class}->find('all', compact('conditions'));
520: if (empty($possibility)) {
521: $this->error(__d('cake_console', '%s not found', $this->args[1]), __d('cake_console', 'No tree returned.'));
522: }
523: return $possibility;
524: }
525:
526: 527: 528: 529: 530: 531: 532:
533: public function parseIdentifier($identifier) {
534: if (preg_match('/^([\w]+)\.(.*)$/', $identifier, $matches)) {
535: return array(
536: 'model' => $matches[1],
537: 'foreign_key' => $matches[2],
538: );
539: }
540: return $identifier;
541: }
542:
543: 544: 545: 546: 547: 548: 549: 550:
551: protected function _getNodeId($class, $identifier) {
552: $node = $this->Acl->{$class}->node($identifier);
553: if (empty($node)) {
554: if (is_array($identifier)) {
555: $identifier = var_export($identifier, true);
556: }
557: $this->error(__d('cake_console', 'Could not find node using reference "%s"', $identifier));
558: }
559: return Set::extract($node, "0.{$class}.id");
560: }
561:
562: 563: 564: 565: 566:
567: protected function _getParams() {
568: $aro = is_numeric($this->args[0]) ? intval($this->args[0]) : $this->args[0];
569: $aco = is_numeric($this->args[1]) ? intval($this->args[1]) : $this->args[1];
570: $aroName = $aro;
571: $acoName = $aco;
572:
573: if (is_string($aro)) {
574: $aro = $this->parseIdentifier($aro);
575: }
576: if (is_string($aco)) {
577: $aco = $this->parseIdentifier($aco);
578: }
579: $action = '*';
580: if (isset($this->args[2]) && !in_array($this->args[2], array('', 'all'))) {
581: $action = $this->args[2];
582: }
583: return compact('aro', 'aco', 'action', 'aroName', 'acoName');
584: }
585:
586: 587: 588: 589: 590: 591:
592: protected function _dataVars($type = null) {
593: if ($type == null) {
594: $type = $this->args[0];
595: }
596: $vars = array();
597: $class = ucwords($type);
598: $vars['secondary_id'] = (strtolower($class) == 'aro') ? 'foreign_key' : 'object_id';
599: $vars['data_name'] = $type;
600: $vars['table_name'] = $type . 's';
601: $vars['class'] = $class;
602: return $vars;
603: }
604: }
605: