cacert
/
cacert-webdb
8
0
Fork 0
Code Issues Pull Requests 4 Projects Releases 2 Wiki Activity

Fix for http://bugs.cacert.org/view.php?id=1003

Browse Source 
"Provide a possibility to regularly review the permissions in the system"
pull/1/head
Wytze van der Raay 11 years ago
parent fc979343e1
commit 8c125fd8c7
1 changed files with 60 additions and 27 deletions
Show Stats Download Patch File Download Diff File

87
scripts/cron/permissionreview.php
Unescape Escape View File

@ -27,7 +27,7 @@ $ORGANISATION_ASSURANCE_OFFICER = 'oao@cacert.org';
//defines to whom to send the lists //defines to whom to send the lists
$flags = array( $flags = array(
'admin' => array( 'admin=1' => array(
'name' => 'Support Engineer', 'name' => 'Support Engineer',
'own' => false, //Don't send twice 'own' => false, //Don't send twice
'board' => true, 'board' => true,
@ -35,8 +35,8 @@ $flags = array(
'ao' => false, 'ao' => false,
'oao' => false 'oao' => false
), ),
'orgadmin' => array( 'orgadmin=1' => array(
'name' => 'Organisation Assurer', 'name' => 'Organisation Assurer',
'own' => true, 'own' => true,
'board' => true, 'board' => true,
@ -44,8 +44,8 @@ $flags = array(
'ao' => true, 'ao' => true,
'oao' => true 'oao' => true
), ),
'board' => array( 'board=1' => array(
'name' => 'Board Member', 'name' => 'Board Member',
'own' => false, 'own' => false,
'board' => true, 'board' => true,
@ -53,8 +53,8 @@ $flags = array(
'ao' => true, 'ao' => true,
'oao' => false 'oao' => false
), ),
'ttpadmin' => array( 'ttpadmin=1' => array(
'name' => 'Trusted Third Party Admin', 'name' => 'Trusted Third Party Admin',
'own' => true, 'own' => true,
'board' => true, 'board' => true,
@ -62,8 +62,17 @@ $flags = array(
'ao' => true, 'ao' => true,
'oao' => true 'oao' => true
), ),
'tverify' => array( 'ttpadmin=2' => array(
'name' => 'Trusted Third Party TOPUP Admin',
'own' => true,
'board' => true,
'support' => true,
'ao' => true,
'oao' => true
),
'tverify=1' => array(
'name' => 'Tverify Admin', 'name' => 'Tverify Admin',
'own' => false, 'own' => false,
'board' => true, 'board' => true,
@ -71,8 +80,8 @@ $flags = array(
'ao' => true, 'ao' => true,
'oao' => false 'oao' => false
), ),
'locadmin' => array( 'locadmin=1' => array(
'name' => 'Location Admin', 'name' => 'Location Admin',
'own' => false, 'own' => false,
'board' => true, 'board' => true,
@ -80,30 +89,51 @@ $flags = array(
'ao' => false, 'ao' => false,
'oao' => false 'oao' => false
), ),
'adadmin=1' => array(
'name' => 'submit status for Advertising Admin',
'own' => false,
'board' => true,
'support' => true,
'ao' => false,
'oao' => false
),
'adadmin=2' => array(
'name' => 'approve status for Advertising Admin',
'own' => false,
'board' => true,
'support' => true,
'ao' => false,
'oao' => false
),
); );
// Build up list of various admins // Build up list of various admins
$adminlist = array(); $adminlist = array();
foreach ($flags as $flag => $flag_properties) { foreach ($flags as $flag => $flag_properties) {
$query = "select `fname`, `lname`, `email` from `users` where `$flag` = 1"; $flagname = explode('=', $flag, 2 );
$query = "select `fname`, `lname`, `email` from `users` where `$flagname[0]` = '$flagname[1]'";
if(! $res = mysql_query($query) ) { if(! $res = mysql_query($query) ) {
fwrite(STDERR, fwrite(STDERR,
"MySQL query for flag $flag failed:\n". "MySQL query for flag $flag failed:\n".
"\"$query\"\n". "\"$query\"\n".
mysql_error() mysql_error()
); );
continue; continue;
} }
$adminlist[$flag] = array(); $adminlist[$flag] = array();
while ($row = mysql_fetch_assoc($res)) { while ($row = mysql_fetch_assoc($res)) {
$adminlist[$flag][] = $row; $adminlist[$flag][] = $row;
} }
// Send mail to admins of this group if 'own' is set // Send mail to admins of this group if 'own' is set
if ($flag_properties['own']) { if ($flag_properties['own']) {
foreach ($adminlist[$flag] as $admin) { foreach ($adminlist[$flag] as $admin) {
@ -117,19 +147,20 @@ and report to the responsible team leader or board
EOF; EOF;
foreach ($adminlist[$flag] as $colleague) { foreach ($adminlist[$flag] as $colleague) {
$message .= "$colleague[fname] $colleague[lname] $colleague[email]\n"; $message .= "$colleague[fname] $colleague[lname] $colleague[email]\n";
} }
$message .= <<<EOF $message .= <<<EOF
Best Regards, Best Regards,
CAcert Support CAcert Support
EOF; EOF;
sendmail($admin['email'], "Permissions Review", $message, 'support@cacert.org'); sendmail($admin['email'], "Permissions Review", $message, 'support@cacert.org');
echo "Sent $flag_properties[name] mail to $admin[email]\n";
} }
} }
} }
@ -152,7 +183,7 @@ foreach ($flags as $flag => $flag_properties) {
foreach ($adminlist[$flag] as $colleague) { foreach ($adminlist[$flag] as $colleague) {
$message .= "$colleague[fname] $colleague[lname] $colleague[email]\n"; $message .= "$colleague[fname] $colleague[lname] $colleague[email]\n";
} }
$message .= "\n\n"; $message .= "\n\n";
} }
} }
@ -163,12 +194,13 @@ Best Regards,
CAcert Support CAcert Support
EOF; EOF;
foreach ($adminlist['admin'] as $support_engineer) { foreach ($adminlist['admin=1'] as $support_engineer) {
sendmail( sendmail(
$support_engineer['email'], $support_engineer['email'],
"Permissions Review", "Permissions Review",
$message, $message,
'support@cacert.org'); 'support@cacert.org');
echo "Sent Support Engineer mail to $support_engineer[email]\n";
} }
@ -188,14 +220,14 @@ foreach (array(
Dear $values[description], Dear $values[description],
it's time for the permission review again. Here is the list of privileged users it's time for the permission review again. Here is the list of privileged users
in the CAcert web application. Please review them and also ask the persons in the CAcert web application. Please review them and also ask the persons
responsible for an up-to-date copy of access lists not directly recorded in the responsible for an up-to-date copy of access lists not directly recorded in the
web application (critical admins, software assessors etc.) web application (critical admins, software assessors etc.)
EOF; EOF;
foreach ($flags as $flag => $flag_properties) { foreach ($flags as $flag => $flag_properties) {
if ($flag_properties[$key]) { if ($flag_properties[$key]) {
$message .= "List of $flag_properties[name]s:\n\n"; $message .= "List of $flag_properties[name]s:\n\n";
@ -205,13 +237,14 @@ EOF;
$message .= "\n\n"; $message .= "\n\n";
} }
} }
$message .= <<<EOF $message .= <<<EOF
Best Regards, Best Regards,
CAcert Support CAcert Support
EOF; EOF;
sendmail($values['email'], "Permissions Review", $message, 'support@cacert.org'); sendmail($values['email'], "Permissions Review", $message, 'support@cacert.org');
echo "Sent $values[description] mail to $values[email]\n";
} }

Write Preview
Loading…
Cancel
Save