2 files changed, 147 insertions, 73 deletions

diff --git a/scripts/cron/permissionreview.php b/scripts/cron/permissionreview.php
index 572c1fd..0f2fc2e 100755
--- a/scripts/cron/permissionreview.php
+++ b/scripts/cron/permissionreview.php
@@ -21,19 +21,71 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 require_once(dirname(__FILE__).'/../../includes/mysql.php');
 
 $BOARD_PRIVATE = 'cacert-board-private@lists.cacert.org';
+$ASSURANCE_OFFICER = 'ao@cacert.org';
+$ORGANISATION_ASSURANCE_OFFICER = 'oao@cacert.org';
 
+
+//defines to whom to send the lists
 $flags = array(
-	'admin' => 'Support Engineer',
-	'orgadmin' => 'Organisation Assurer',
-	'board' => 'Board Member',
-	'ttpadmin' => 'Trusted Third Party Admin',
-	'tverify' => 'Tverify Admin',
-	'locadmin' => 'Location Admin'
+	'admin' => array(
+			'name'    => 'Support Engineer',
+			'own'     => false, //Don't send twice
+			'board'   => true,
+			'support' => true,
+			'ao'      => false,
+			'oao'     => false
+			),
+	
+	'orgadmin' => array(
+			'name'    => 'Organisation Assurer',
+			'own'     => true,
+			'board'   => true,
+			'support' => true,
+			'ao'      => true,
+			'oao'     => true
+			),
+	
+	'board' => array(
+			'name'    => 'Board Member',
+			'own'     => false,
+			'board'   => true,
+			'support' => true,
+			'ao'      => true,
+			'oao'     => false
+			),
+	
+	'ttpadmin' => array(
+			'name'    => 'Trusted Third Party Admin',
+			'own'     => true,
+			'board'   => true,
+			'support' => true,
+			'ao'      => true,
+			'oao'     => true
+			),
+	
+	'tverify' => array(
+			'name'    => 'Tverify Admin',
+			'own'     => false,
+			'board'   => true,
+			'support' => true,
+			'ao'      => true,
+			'oao'     => false
+			),
+	
+	'locadmin' => array(
+			'name'    => 'Location Admin',
+			'own'     => false,
+			'board'   => true,
+			'support' => true,
+			'ao'      => false,
+			'oao'     => false
+			),
 	);
 
-$adminlist = array();
 
-foreach ($flags as $flag => $description) {
+// Build up list of various admins
+$adminlist = array();
+foreach ($flags as $flag => $flag_properties) {
 	$query = "select `fname`, `lname`, `email` from `users` where `$flag` = 1";
 	if(! $res = mysql_query($query) ) {
 		fwrite(STDERR,
@@ -45,52 +97,64 @@ foreach ($flags as $flag => $description) {
 		continue;
 	}
 	
-	$admins = array();
-	$adminlist[$flag] = "";
+	$adminlist[$flag] = array();
 	
 	while ($row = mysql_fetch_assoc($res)) {
-		$admins[] = $row;
-		$adminlist[$flag] .= "$row[fname] $row[lname] $row[email]\n";
+		$adminlist[$flag][] = $row;
 	}
 	
-	foreach ($admins as $admin) {
-		$message = <<<EOF
+	
+	// Send mail to admins of this group if 'own' is set
+	if ($flag_properties['own']) {
+		foreach ($adminlist[$flag] as $admin) {
+			$message = <<<EOF
 Hello $admin[fname],
 
-you get this message, because you are listed as $description on
+you get this message, because you are listed as $flag_properties[name] on
 CAcert.org. Please review the following list of persons with the same privilege
 and report to the responsible team leader or board
 ($BOARD_PRIVATE) if you spot any errors.
 
-$adminlist[$flag]
+
+EOF;
+			
+			foreach ($adminlist[$flag] as $colleague) {
+				$message .= "$colleague[fname] $colleague[lname] $colleague[email]\n";
+			}
+			
+			$message .= <<<EOF
 
 
 Best Regards,
 CAcert Support
 EOF;
-		sendmail($admin['email'], "Permissions Review", $message, 'support@cacert.org');
+			
+			sendmail($admin['email'], "Permissions Review", $message, 'support@cacert.org');
+		}
 	}
 }
 
 
 
+// Send to support engineers
 $message = <<<EOF
-Dear Board Members,
+Dear Support Engineers,
 
 it's time for the permission review again. Here is the list of privileged users
-in the CAcert web application. Please review them and also ask the persons 
-responsible for an up-to-date copy of access lists not directly recorded in the
-web application (critical admins, software assessors etc.) 
+in the CAcert web application. Please review them.
 
 
 EOF;
 
-foreach ($flags as $flag => $description) {
-	$message .= <<<EOF
-List of ${description}s:
-$adminlist[$flag]
-
-EOF;
+foreach ($flags as $flag => $flag_properties) {
+	if ($flag_properties['support']) {
+		$message .= "List of $flag_properties[name]s:\n\n";
+		foreach ($adminlist[$flag] as $colleague) {
+			$message .= "$colleague[fname] $colleague[lname] $colleague[email]\n";
+		}
+		
+		$message .= "\n\n";
+	}
 }
 
 $message .= <<<EOF
@@ -99,4 +163,55 @@ Best Regards,
 CAcert Support
 EOF;
 
-sendmail($BOARD_PRIVATE, "Permissions Review", $message, 'support@cacert.org');
+foreach ($adminlist['admin'] as $support_engineer) {
+	sendmail(
+			$support_engineer['email'],
+			"Permissions Review",
+			$message,
+			'support@cacert.org');
+}
+
+
+// Send to one-email addresses
+foreach (array(
+			'ao' => array(
+					'description' => 'Assurance Officer',
+					'email' => $ASSURANCE_OFFICER),
+			'oao' => array(
+					'description' => 'Organisation Assurance Officer',
+					'email' => $ORGANISATION_ASSURANCE_OFFICER),
+			'board' => array(
+					'description' => 'Board Members',
+					'email' => $BOARD_PRIVATE)
+		) as $key => $values) {
+	$message = <<<EOF
+Dear $values[description],
+
+it's time for the permission review again. Here is the list of privileged users
+in the CAcert web application. Please review them and also ask the persons 
+responsible for an up-to-date copy of access lists not directly recorded in the
+web application (critical admins, software assessors etc.) 
+
+
+
+EOF;
+	
+	foreach ($flags as $flag => $flag_properties) {
+		if ($flag_properties[$key]) {
+			$message .= "List of $flag_properties[name]s:\n\n";
+			foreach ($adminlist[$flag] as $colleague) {
+				$message .= "$colleague[fname] $colleague[lname] $colleague[email]\n";
+			}
+			$message .= "\n\n";
+		}
+	}
+	
+	$message .= <<<EOF
+
+
+Best Regards,
+CAcert Support
+EOF;
+	
+	sendmail($values['email'], "Permissions Review", $message, 'support@cacert.org');
+}
diff --git a/scripts/cron/updatesort.php b/scripts/cron/updatesort.php
index 498eda2..051b179 100755
--- a/scripts/cron/updatesort.php
+++ b/scripts/cron/updatesort.php
@@ -17,55 +17,14 @@
     Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 */
 	require_once(dirname(__FILE__).'/../../includes/mysql.php');
+	require_once(dirname(__FILE__).'/../../includes/lib/account.php');
 
 
-
-	/* Set assurer flag for accounts who miss it
-
-	   See also includes/lib/account.php, function fix_assurer_flag($userID)
-
-	   We may have some performance problems here, there are 150k assurances and 220k users
-	   in the production database. The exists-clause on cats_passed should be a good filter... */
-	   
-  /* Synchronisation of assurer flag currently deactivated, see https://bugs.cacert.org/view.php?id=1003
-     and https://bugs.cacert.org/view.php?id=1024 */
-/*
-	$query = "select `n`.`to` as `uid` from `notary` as `n`, `users` as `u` ".
-	         "  where `n`.`to`=`u`.`id` and `u`.`assurer`<>'1' ".
-	         "    and (`n`.`expire` > now() OR `n`.`expire` IS NULL) ".
-	         "    and exists(select 1 from `cats_passed` as `cp`, `cats_variant` as `cv` ".
-	         "                 where `cp`.`variant_id`=`cv`.`id` and `cv`.`type_id` = 1 and `cp`.`user_id`=`n`.`to`)".
-	         "  group by `n`.`to` having sum(`n`.`points`)>=100";
-
-	$res = mysql_query($query);
-	while($row = mysql_fetch_assoc($res))
-	{
-		$query = "update users set `assurer`='1' where `id`='${row['uid']}'";
-		//echo $query."\n";
-		mysql_query($query);
+	// Recalculate assurer flag for all accounts
+	if (!fix_assurer_flag()) {
+		fwrite(STDERR, "ERROR on fixing the assurer flag. Continuing anyway");
 	}
-*/
-	/* Remove assurer flag from accounts not eligible.
-
-	   Also a bit performance critical, but assurer flag is only set at 5k accounts
 
-	*/
-  /* Synchronisation of assurer flag currently deactivated, see https://bugs.cacert.org/view.php?id=1003
-     and https://bugs.cacert.org/view.php?id=1024 */
-/*
-    $query = "select `u`.id as `uid` from `users` as `u` " .
-	         "  where `u`.`assurer` = '1' ".
-	         "    and (not exists(select 1 from `cats_passed` as `cp`, `cats_variant` as `cv` ".
-	         "                     where `cp`.`variant_id`=`cv`.`id` and `cv`.`type_id` = 1 and `cp`.`user_id`=`u`.`id`) ".
-	         "         or (select sum(`n`.`points`) from `notary` as `n` where `n`.`to`=`u`.`id` and (`n`.`expire` > now() OR `n`.`expire` IS NULL)) < 100) ";
-	$res = mysql_query($query);
-	while($row = mysql_fetch_assoc($res))
-	{
-		$query = "update users set `assurer`='0' where `id`='${row['uid']}'";
-		//echo $query."\n";
-		mysql_query($query);
-	}
-*/
 
 	mysql_query("update `locations` set `acount`=0");
 	$query = "SELECT `users`.`locid` AS `locid`, count(*) AS `total` FROM `users`