bug 1003: Add debug output so we can trace where the mails got lost
[cacert-devel.git] / scripts / cron / permissionreview.php
1 #!/usr/bin/php -q
2 <?php
3 /*
4 LibreSSL - CAcert web application
5 Copyright (C) 2004-2012 CAcert Inc.
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; version 2 of the License.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
19 */
20
21 require_once(dirname(__FILE__).'/../../includes/mysql.php');
22
23 $BOARD_PRIVATE = 'cacert-board-private@lists.cacert.org';
24 $ASSURANCE_OFFICER = 'ao@cacert.org';
25 $ORGANISATION_ASSURANCE_OFFICER = 'oao@cacert.org';
26
27
28 //defines to whom to send the lists
29 $flags = array(
30 'admin=1' => array(
31 'name' => 'Support Engineer',
32 'own' => false, //Don't send twice
33 'board' => true,
34 'support' => true,
35 'ao' => false,
36 'oao' => false
37 ),
38
39 'orgadmin=1' => array(
40 'name' => 'Organisation Assurer',
41 'own' => true,
42 'board' => true,
43 'support' => true,
44 'ao' => true,
45 'oao' => true
46 ),
47
48 'board=1' => array(
49 'name' => 'Board Member',
50 'own' => false,
51 'board' => true,
52 'support' => true,
53 'ao' => true,
54 'oao' => false
55 ),
56
57 'ttpadmin=1' => array(
58 'name' => 'Trusted Third Party Admin',
59 'own' => true,
60 'board' => true,
61 'support' => true,
62 'ao' => true,
63 'oao' => true
64 ),
65
66 'ttpadmin=2' => array(
67 'name' => 'Trusted Third Party TOPUP Admin',
68 'own' => true,
69 'board' => true,
70 'support' => true,
71 'ao' => true,
72 'oao' => true
73 ),
74
75 'tverify=1' => array(
76 'name' => 'Tverify Admin',
77 'own' => false,
78 'board' => true,
79 'support' => true,
80 'ao' => true,
81 'oao' => false
82 ),
83
84 'locadmin=1' => array(
85 'name' => 'Location Admin',
86 'own' => false,
87 'board' => true,
88 'support' => true,
89 'ao' => false,
90 'oao' => false
91 ),
92
93 'adadmin=1' => array(
94 'name' => 'submit status for Advertising Admin',
95 'own' => false,
96 'board' => true,
97 'support' => true,
98 'ao' => false,
99 'oao' => false
100 ),
101
102 'adadmin=2' => array(
103 'name' => 'approve status for Advertising Admin',
104 'own' => false,
105 'board' => true,
106 'support' => true,
107 'ao' => false,
108 'oao' => false
109 ),
110
111
112 );
113
114
115 // Build up list of various admins
116 $adminlist = array();
117 foreach ($flags as $flag => $flag_properties) {
118 $flagname = explode('=', $flag, 2 );
119 $query = "select `fname`, `lname`, `email` from `users` where `$flagname[0]` = '$flagname[1]'";
120 if(! $res = mysql_query($query) ) {
121 fwrite(STDERR,
122 "MySQL query for flag $flag failed:\n".
123 "\"$query\"\n".
124 mysql_error()
125 );
126
127 continue;
128 }
129
130 $adminlist[$flag] = array();
131
132 while ($row = mysql_fetch_assoc($res)) {
133 $adminlist[$flag][] = $row;
134 }
135
136
137 // Send mail to admins of this group if 'own' is set
138 if ($flag_properties['own']) {
139 foreach ($adminlist[$flag] as $admin) {
140 $message = <<<EOF
141 Hello $admin[fname],
142
143 you get this message, because you are listed as $flag_properties[name] on
144 CAcert.org. Please review the following list of persons with the same privilege
145 and report to the responsible team leader or board
146 ($BOARD_PRIVATE) if you spot any errors.
147
148
149 EOF;
150
151 foreach ($adminlist[$flag] as $colleague) {
152 $message .= "$colleague[fname] $colleague[lname] $colleague[email]\n";
153 }
154
155 $message .= <<<EOF
156
157
158 Best Regards,
159 CAcert Support
160 EOF;
161
162 sendmail($admin['email'], "Permissions Review", $message, 'support@cacert.org');
163 echo "Sent $flag_properties[name] mail to $admin[email]\n";
164 }
165 }
166 }
167
168
169
170 // Send to support engineers
171 $message = <<<EOF
172 Dear Support Engineers,
173
174 it's time for the permission review again. Here is the list of privileged users
175 in the CAcert web application. Please review them.
176
177
178 EOF;
179
180 foreach ($flags as $flag => $flag_properties) {
181 if ($flag_properties['support']) {
182 $message .= "List of $flag_properties[name]s:\n\n";
183 foreach ($adminlist[$flag] as $colleague) {
184 $message .= "$colleague[fname] $colleague[lname] $colleague[email]\n";
185 }
186
187 $message .= "\n\n";
188 }
189 }
190
191 $message .= <<<EOF
192
193 Best Regards,
194 CAcert Support
195 EOF;
196
197 foreach ($adminlist['admin=1'] as $support_engineer) {
198 sendmail(
199 $support_engineer['email'],
200 "Permissions Review",
201 $message,
202 'support@cacert.org');
203 echo "Sent Support Engineer mail to $support_engineer[email]\n";
204 }
205
206
207 // Send to one-email addresses
208 foreach (array(
209 'ao' => array(
210 'description' => 'Assurance Officer',
211 'email' => $ASSURANCE_OFFICER),
212 'oao' => array(
213 'description' => 'Organisation Assurance Officer',
214 'email' => $ORGANISATION_ASSURANCE_OFFICER),
215 'board' => array(
216 'description' => 'Board Members',
217 'email' => $BOARD_PRIVATE)
218 ) as $key => $values) {
219 $message = <<<EOF
220 Dear $values[description],
221
222 it's time for the permission review again. Here is the list of privileged users
223 in the CAcert web application. Please review them and also ask the persons
224 responsible for an up-to-date copy of access lists not directly recorded in the
225 web application (critical admins, software assessors etc.)
226
227
228
229 EOF;
230
231 foreach ($flags as $flag => $flag_properties) {
232 if ($flag_properties[$key]) {
233 $message .= "List of $flag_properties[name]s:\n\n";
234 foreach ($adminlist[$flag] as $colleague) {
235 $message .= "$colleague[fname] $colleague[lname] $colleague[email]\n";
236 }
237 $message .= "\n\n";
238 }
239 }
240
241 $message .= <<<EOF
242
243
244 Best Regards,
245 CAcert Support
246 EOF;
247
248 sendmail($values['email'], "Permissions Review", $message, 'support@cacert.org');
249 echo "Sent $values[description] mail to $values[email]\n";
250 }