6d9b94c4c9f5687f09b5557cdb1597319372bc3c
[cacert-devel.git] / scripts / cron / permissionreview.php
1 #!/usr/bin/php -q
2 <?php
3 /*
4 LibreSSL - CAcert web application
5 Copyright (C) 2004-2012 CAcert Inc.
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; version 2 of the License.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
19 */
20
21 require_once(dirname(__FILE__).'/../../includes/mysql.php');
22
23 $BOARD_PRIVATE = 'cacert-board-private@lists.cacert.org';
24 $ASSURANCE_OFFICER = 'ao@cacert.org';
25 $ORGANISATION_ASSURANCE_OFFICER = 'oao@cacert.org';
26
27
28 //defines to whom to send the lists
29 $flags = array(
30 'admin=1' => array(
31 'name' => 'Support Engineer',
32 'own' => false, //Don't send twice
33 'board' => true,
34 'support' => true,
35 'ao' => false,
36 'oao' => false,
37 'level' =>1
38 ),
39
40 'orgadmin=1' => array(
41 'name' => 'Organisation Assurer',
42 'own' => true,
43 'board' => true,
44 'support' => true,
45 'ao' => true,
46 'oao' => true,
47 'level' =>1
48 ),
49
50 'board=1' => array(
51 'name' => 'Board Member',
52 'own' => false,
53 'board' => true,
54 'support' => true,
55 'ao' => true,
56 'oao' => false,
57 'level' =>1
58 ),
59
60 'ttpadmin=1' => array(
61 'name' => 'Trusted Third Party Admin',
62 'own' => true,
63 'board' => true,
64 'support' => true,
65 'ao' => true,
66 'oao' => true,
67 'level' =>1
68 ),
69
70 'ttpadmin=2' => array(
71 'name' => 'Trusted Third Party TOPUP Admin',
72 'own' => true,
73 'board' => true,
74 'support' => true,
75 'ao' => true,
76 'oao' => true,
77 'level' =>2
78 ),
79
80 'tverify=1' => array(
81 'name' => 'Tverify Admin',
82 'own' => false,
83 'board' => true,
84 'support' => true,
85 'ao' => true,
86 'oao' => false,
87 'level' =>1
88 ),
89
90 'locadmin=1' => array(
91 'name' => 'Location Admin',
92 'own' => false,
93 'board' => true,
94 'support' => true,
95 'ao' => false,
96 'oao' => false,
97 'level' =>1
98 ),
99
100 'adadmin=1' => array(
101 'name' => 'submit status for Advertising Admin',
102 'own' => false,
103 'board' => true,
104 'support' => true,
105 'ao' => false,
106 'oao' => false,
107 'level' =>1
108 ),
109
110 'adadmin=2' => array(
111 'name' => 'approve status for Advertising Admin',
112 'own' => false,
113 'board' => true,
114 'support' => true,
115 'ao' => false,
116 'oao' => false,
117 'level' =>2
118 ),
119
120
121 );
122
123
124 // Build up list of various admins
125 $adminlist = array();
126 foreach ($flags as $flag => $flag_properties) {
127 $flagname=explode('=', $flag, 2 );
128 $query = "select `fname`, `lname`, `email` from `users` where `$flagname[0]` = $flag_properties[level]";
129 if(! $res = mysql_query($query) ) {
130 fwrite(STDERR,
131 "MySQL query for flag $flag failed:\n".
132 "\"$query\"\n".
133 mysql_error()
134 );
135
136 continue;
137 }
138
139 $adminlist[$flag] = array();
140
141 while ($row = mysql_fetch_assoc($res)) {
142 $adminlist[$flag][] = $row;
143 }
144
145
146 // Send mail to admins of this group if 'own' is set
147 if ($flag_properties['own']) {
148 foreach ($adminlist[$flag] as $admin) {
149 $message = <<<EOF
150 Hello $admin[fname],
151
152 you get this message, because you are listed as $flag_properties[name] on
153 CAcert.org. Please review the following list of persons with the same privilege
154 and report to the responsible team leader or board
155 ($BOARD_PRIVATE) if you spot any errors.
156
157
158 EOF;
159
160 foreach ($adminlist[$flag] as $colleague) {
161 $message .= "$colleague[fname] $colleague[lname] $colleague[email]\n";
162 }
163
164 $message .= <<<EOF
165
166
167 Best Regards,
168 CAcert Support
169 EOF;
170
171 sendmail($admin['email'], "Permissions Review", $message, 'support@cacert.org');
172 }
173 }
174 }
175
176
177
178 // Send to support engineers
179 $message = <<<EOF
180 Dear Support Engineers,
181
182 it's time for the permission review again. Here is the list of privileged users
183 in the CAcert web application. Please review them.
184
185
186 EOF;
187
188 foreach ($flags as $flag => $flag_properties) {
189 if ($flag_properties['support']) {
190 $message .= "List of $flag_properties[name]s:\n\n";
191 foreach ($adminlist[$flag] as $colleague) {
192 $message .= "$colleague[fname] $colleague[lname] $colleague[email]\n";
193 }
194
195 $message .= "\n\n";
196 }
197 }
198
199 $message .= <<<EOF
200
201 Best Regards,
202 CAcert Support
203 EOF;
204
205 foreach ($adminlist['admin=1'] as $support_engineer) {
206 sendmail(
207 $support_engineer['email'],
208 "Permissions Review",
209 $message,
210 'support@cacert.org');
211 }
212
213
214 // Send to one-email addresses
215 foreach (array(
216 'ao' => array(
217 'description' => 'Assurance Officer',
218 'email' => $ASSURANCE_OFFICER),
219 'oao' => array(
220 'description' => 'Organisation Assurance Officer',
221 'email' => $ORGANISATION_ASSURANCE_OFFICER),
222 'board' => array(
223 'description' => 'Board Members',
224 'email' => $BOARD_PRIVATE)
225 ) as $key => $values) {
226 $message = <<<EOF
227 Dear $values[description],
228
229 it's time for the permission review again. Here is the list of privileged users
230 in the CAcert web application. Please review them and also ask the persons
231 responsible for an up-to-date copy of access lists not directly recorded in the
232 web application (critical admins, software assessors etc.)
233
234
235
236 EOF;
237
238 foreach ($flags as $flag => $flag_properties) {
239 if ($flag_properties[$key]) {
240 $message .= "List of $flag_properties[name]s:\n\n";
241 foreach ($adminlist[$flag] as $colleague) {
242 $message .= "$colleague[fname] $colleague[lname] $colleague[email]\n";
243 }
244 $message .= "\n\n";
245 }
246 }
247
248 $message .= <<<EOF
249
250
251 Best Regards,
252 CAcert Support
253 EOF;
254
255 sendmail($values['email'], "Permissions Review", $message, 'support@cacert.org');
256 }