bug 1003: Adjust the script to be compliant to new intermediate ruling
authorMichael Tänzer <neo@nhng.de>
Mon, 7 May 2012 20:58:19 +0000 (22:58 +0200)
committerMichael Tänzer <neo@nhng.de>
Mon, 7 May 2012 20:58:19 +0000 (22:58 +0200)
- do not send to own group for all groups
- add Assurance Officer and Organisation Assurance Officer as receipient

Signed-off-by: Michael Tänzer <neo@nhng.de>
scripts/cron/permissionreview.php

index 572c1fd..a33c9ca 100755 (executable)
@@ -21,19 +21,71 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 require_once(dirname(__FILE__).'/../../includes/mysql.php');
 
 $BOARD_PRIVATE = 'cacert-board-private@lists.cacert.org';
+$ASSURANCE_OFFICER = 'ao@cacert.org';
+$ORGANISATION_ASSURANCE_OFFICER = 'oao@cacert.org';
 
+
+//defines to whom to send the lists
 $flags = array(
-       'admin' => 'Support Engineer',
-       'orgadmin' => 'Organisation Assurer',
-       'board' => 'Board Member',
-       'ttpadmin' => 'Trusted Third Party Admin',
-       'tverify' => 'Tverify Admin',
-       'locadmin' => 'Location Admin'
+       'admin' => array(
+                       'name'    => 'Support Engineer',
+                       'own'     => false, //Don't send twice
+                       'board'   => true,
+                       'support' => true,
+                       'ao'      => false,
+                       'oao'     => false
+                       ),
+       
+       'orgadmin' => array(
+                       'name'    => 'Organisation Assurer',
+                       'own'     => true,
+                       'board'   => true,
+                       'support' => true,
+                       'ao'      => true,
+                       'oao'     => true
+                       ),
+       
+       'board' => array(
+                       'name'    => 'Board Member',
+                       'own'     => false,
+                       'board'   => true,
+                       'support' => true,
+                       'ao'      => true,
+                       'oao'     => false
+                       ),
+       
+       'ttpadmin' => array(
+                       'name'    => 'Trusted Third Party Admin',
+                       'own'     => true,
+                       'board'   => true,
+                       'support' => true,
+                       'ao'      => true,
+                       'oao'     => true
+                       ),
+       
+       'tverify' => array(
+                       'name'    => 'Tverify Admin',
+                       'own'     => false,
+                       'board'   => true,
+                       'support' => true,
+                       'ao'      => true,
+                       'oao'     => false
+                       ),
+       
+       'locadmin' => array(
+                       'name'    => 'Location Admin',
+                       'own'     => false,
+                       'board'   => true,
+                       'support' => true,
+                       'ao'      => false,
+                       'oao'     => false
+                       ),
        );
 
-$adminlist = array();
 
-foreach ($flags as $flag => $description) {
+// Build up list of various admins
+$adminlist = array();
+foreach ($flags as $flag => $flag_properties) {
        $query = "select `fname`, `lname`, `email` from `users` where `$flag` = 1";
        if(! $res = mysql_query($query) ) {
                fwrite(STDERR,
@@ -45,16 +97,17 @@ foreach ($flags as $flag => $description) {
                continue;
        }
        
-       $admins = array();
-       $adminlist[$flag] = "";
+       $adminlist[$flag] = array();
        
        while ($row = mysql_fetch_assoc($res)) {
-               $admins[] = $row;
-               $adminlist[$flag] .= "$row[fname] $row[lname] $row[email]\n";
+               $adminlist[$flag][] = $row;
        }
        
-       foreach ($admins as $admin) {
-               $message = <<<EOF
+       
+       // Send mail to admins of this group if 'own' is set
+       if ($flag_properties['own']) {
+               foreach ($adminlist[$flag] as $admin) {
+                       $message = <<<EOF
 Hello $admin[fname],
 
 you get this message, because you are listed as $description on
@@ -62,41 +115,97 @@ CAcert.org. Please review the following list of persons with the same privilege
 and report to the responsible team leader or board
 ($BOARD_PRIVATE) if you spot any errors.
 
-$adminlist[$flag]
+EOF;
+                       
+                       foreach ($adminlist[$flag] as $colleague) {
+                               $message .= "$colleague[fname] $colleague[lname] $colleague[email]\n";
+                       }
+                       
+                       $message .= <<<EOF
 
 
 Best Regards,
 CAcert Support
 EOF;
-               sendmail($admin['email'], "Permissions Review", $message, 'support@cacert.org');
+                       
+                       sendmail($admin['email'], "Permissions Review", $message, 'support@cacert.org');
+               }
        }
 }
 
 
 
+// Send to support engineers
 $message = <<<EOF
-Dear Board Members,
+Dear Support Engineers,
 
 it's time for the permission review again. Here is the list of privileged users
-in the CAcert web application. Please review them and also ask the persons 
-responsible for an up-to-date copy of access lists not directly recorded in the
-web application (critical admins, software assessors etc.) 
+in the CAcert web application. Please review them.
 
 
 EOF;
 
-foreach ($flags as $flag => $description) {
-       $message .= <<<EOF
-List of ${description}s:
-$adminlist[$flag]
+foreach ($flags as $flag => $flag_properties) {
+       if ($flag_properties['support']) {
+               $message .= "List of $flag_properties[name]s:\n";
+               foreach ($adminlist[$flag] as $colleague) {
+                       $message .= "$colleague[fname] $colleague[lname] $colleague[email]\n";
+               }
+       }
+}
+
+$message .= <<<EOF
 
+Best Regards,
+CAcert Support
 EOF;
+
+foreach ($adminlist['admin'] as $support_engineer) {
+       sendmail(
+                       $support_engineer['email'],
+                       "Permissions Review",
+                       $message,
+                       'support@cacert.org');
 }
 
-$message .= <<<EOF
+
+// Send to one-email addresses
+foreach (array(
+                       'ao' => array(
+                                       'description' => 'Assurance Officer',
+                                       'email' => $ASSURANCE_OFFICER),
+                       'oao' => array(
+                                       'description' => 'Organisation Assurance Officer',
+                                       'email' => $ORGANISATION_ASSURANCE_OFFICER),
+                       'board' => array(
+                                       'description' => 'Board Members',
+                                       'email' => $BOARD_PRIVATE)
+               ) as $key => $values) {
+       $message = <<<EOF
+Dear $values[description],
+
+it's time for the permission review again. Here is the list of privileged users
+in the CAcert web application. Please review them and also ask the persons 
+responsible for an up-to-date copy of access lists not directly recorded in the
+web application (critical admins, software assessors etc.) 
+
+
+EOF;
+       
+       foreach ($flags as $flag => $flag_properties) {
+               if ($flag_properties[$key]) {
+                       $message .= "List of $flag_properties[name]s:\n";
+                       foreach ($adminlist[$flag] as $colleague) {
+                               $message .= "$colleague[fname] $colleague[lname] $colleague[email]\n";
+                       }
+               }
+       }
+       
+       $message .= <<<EOF
 
 Best Regards,
 CAcert Support
 EOF;
 
-sendmail($BOARD_PRIVATE, "Permissions Review", $message, 'support@cacert.org');
+       sendmail($values['email'], "Permissions Review", $message, 'support@cacert.org');
+}