diff options
Diffstat (limited to 'scripts')
| -rwxr-xr-x | scripts/cron/permissionreview.php | 161 |
1 files changed, 135 insertions, 26 deletions
diff --git a/scripts/cron/permissionreview.php b/scripts/cron/permissionreview.php index 572c1fd..a33c9ca 100755 --- a/scripts/cron/permissionreview.php +++ b/scripts/cron/permissionreview.php @@ -21,19 +21,71 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA require_once(dirname(__FILE__).'/../../includes/mysql.php'); $BOARD_PRIVATE = 'cacert-board-private@lists.cacert.org'; +$ASSURANCE_OFFICER = 'ao@cacert.org'; +$ORGANISATION_ASSURANCE_OFFICER = 'oao@cacert.org'; + +//defines to whom to send the lists $flags = array( - 'admin' => 'Support Engineer', - 'orgadmin' => 'Organisation Assurer', - 'board' => 'Board Member', - 'ttpadmin' => 'Trusted Third Party Admin', - 'tverify' => 'Tverify Admin', - 'locadmin' => 'Location Admin' + 'admin' => array( + 'name' => 'Support Engineer', + 'own' => false, //Don't send twice + 'board' => true, + 'support' => true, + 'ao' => false, + 'oao' => false + ), + + 'orgadmin' => array( + 'name' => 'Organisation Assurer', + 'own' => true, + 'board' => true, + 'support' => true, + 'ao' => true, + 'oao' => true + ), + + 'board' => array( + 'name' => 'Board Member', + 'own' => false, + 'board' => true, + 'support' => true, + 'ao' => true, + 'oao' => false + ), + + 'ttpadmin' => array( + 'name' => 'Trusted Third Party Admin', + 'own' => true, + 'board' => true, + 'support' => true, + 'ao' => true, + 'oao' => true + ), + + 'tverify' => array( + 'name' => 'Tverify Admin', + 'own' => false, + 'board' => true, + 'support' => true, + 'ao' => true, + 'oao' => false + ), + + 'locadmin' => array( + 'name' => 'Location Admin', + 'own' => false, + 'board' => true, + 'support' => true, + 'ao' => false, + 'oao' => false + ), ); -$adminlist = array(); -foreach ($flags as $flag => $description) { +// Build up list of various admins +$adminlist = array(); +foreach ($flags as $flag => $flag_properties) { $query = "select `fname`, `lname`, `email` from `users` where `$flag` = 1"; if(! $res = mysql_query($query) ) { fwrite(STDERR, @@ -45,16 +97,17 @@ foreach ($flags as $flag => $description) { continue; } - $admins = array(); - $adminlist[$flag] = ""; + $adminlist[$flag] = array(); while ($row = mysql_fetch_assoc($res)) { - $admins[] = $row; - $adminlist[$flag] .= "$row[fname] $row[lname] $row[email]\n"; + $adminlist[$flag][] = $row; } - foreach ($admins as $admin) { - $message = <<<EOF + + // Send mail to admins of this group if 'own' is set + if ($flag_properties['own']) { + foreach ($adminlist[$flag] as $admin) { + $message = <<<EOF Hello $admin[fname], you get this message, because you are listed as $description on @@ -62,41 +115,97 @@ CAcert.org. Please review the following list of persons with the same privilege and report to the responsible team leader or board ($BOARD_PRIVATE) if you spot any errors. -$adminlist[$flag] +EOF; + + foreach ($adminlist[$flag] as $colleague) { + $message .= "$colleague[fname] $colleague[lname] $colleague[email]\n"; + } + + $message .= <<<EOF Best Regards, CAcert Support EOF; - sendmail($admin['email'], "Permissions Review", $message, 'support@cacert.org'); + + sendmail($admin['email'], "Permissions Review", $message, 'support@cacert.org'); + } } } +// Send to support engineers $message = <<<EOF -Dear Board Members, +Dear Support Engineers, it's time for the permission review again. Here is the list of privileged users -in the CAcert web application. Please review them and also ask the persons -responsible for an up-to-date copy of access lists not directly recorded in the -web application (critical admins, software assessors etc.) +in the CAcert web application. Please review them. EOF; -foreach ($flags as $flag => $description) { - $message .= <<<EOF -List of ${description}s: -$adminlist[$flag] +foreach ($flags as $flag => $flag_properties) { + if ($flag_properties['support']) { + $message .= "List of $flag_properties[name]s:\n"; + foreach ($adminlist[$flag] as $colleague) { + $message .= "$colleague[fname] $colleague[lname] $colleague[email]\n"; + } + } +} + +$message .= <<<EOF +Best Regards, +CAcert Support EOF; + +foreach ($adminlist['admin'] as $support_engineer) { + sendmail( + $support_engineer['email'], + "Permissions Review", + $message, + 'support@cacert.org'); } -$message .= <<<EOF + +// Send to one-email addresses +foreach (array( + 'ao' => array( + 'description' => 'Assurance Officer', + 'email' => $ASSURANCE_OFFICER), + 'oao' => array( + 'description' => 'Organisation Assurance Officer', + 'email' => $ORGANISATION_ASSURANCE_OFFICER), + 'board' => array( + 'description' => 'Board Members', + 'email' => $BOARD_PRIVATE) + ) as $key => $values) { + $message = <<<EOF +Dear $values[description], + +it's time for the permission review again. Here is the list of privileged users +in the CAcert web application. Please review them and also ask the persons +responsible for an up-to-date copy of access lists not directly recorded in the +web application (critical admins, software assessors etc.) + + +EOF; + + foreach ($flags as $flag => $flag_properties) { + if ($flag_properties[$key]) { + $message .= "List of $flag_properties[name]s:\n"; + foreach ($adminlist[$flag] as $colleague) { + $message .= "$colleague[fname] $colleague[lname] $colleague[email]\n"; + } + } + } + + $message .= <<<EOF Best Regards, CAcert Support EOF; -sendmail($BOARD_PRIVATE, "Permissions Review", $message, 'support@cacert.org'); + sendmail($values['email'], "Permissions Review", $message, 'support@cacert.org'); +} |