81 lines
2.6 KiB
PHP
81 lines
2.6 KiB
PHP
|
<?php
|
||
|
|
||
|
/**
|
||
|
* Class that represents an access rule granting access from one entity to another
|
||
|
*/
|
||
|
class Access extends Record {
|
||
|
/**
|
||
|
* Defines the database table that this object is stored in
|
||
|
*/
|
||
|
protected $table = 'access';
|
||
|
|
||
|
/**
|
||
|
* Add an SSH access option to the access rule
|
||
|
* Access options include "command", "from", "no-port-forwarding" etc.
|
||
|
* @param AccessOption $option to be added
|
||
|
*/
|
||
|
public function add_option(AccessOption $option) {
|
||
|
if(is_null($this->id)) throw new BadMethodCallException('Access rule must be in directory before options can be added');
|
||
|
$stmt = $this->database->prepare("INSERT INTO access_option SET access_id = ?, `option` = ?, value = ?");
|
||
|
$stmt->bind_param('dss', $this->id, $option->option, $option->value);
|
||
|
$stmt->execute();
|
||
|
$stmt->close();
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Remove an SSH option from the access rule
|
||
|
* @param AccessOption $option to be removed
|
||
|
*/
|
||
|
public function delete_option(AccessOption $option) {
|
||
|
if(is_null($this->id)) throw new BadMethodCallException('Access rule must be in directory before options can be deleted');
|
||
|
$stmt = $this->database->prepare("DELETE FROM access_option WHERE access_id = ? AND `option` = ?");
|
||
|
$stmt->bind_param('ds', $this->id, $option->option);
|
||
|
$stmt->execute();
|
||
|
$stmt->close();
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Replace the current list of SSH access options with the provided array of options.
|
||
|
* This is a crude implementation - just deletes all existing options and adds new ones, with
|
||
|
* table locking for a small measure of safety.
|
||
|
* @param array $options array of AccessOption objects
|
||
|
*/
|
||
|
public function update_options(array $options) {
|
||
|
$stmt = $this->database->query("LOCK TABLES access_option WRITE");
|
||
|
$oldoptions = $this->list_options();
|
||
|
foreach($oldoptions as $oldoption) {
|
||
|
$this->delete_option($oldoption);
|
||
|
}
|
||
|
foreach($options as $option) {
|
||
|
$this->add_option($option);
|
||
|
}
|
||
|
$stmt = $this->database->query("UNLOCK TABLES");
|
||
|
$this->dest_entity->sync_access();
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* List all current SSH access options applied to the access rule.
|
||
|
* @return array of AccessOption objects
|
||
|
*/
|
||
|
public function list_options() {
|
||
|
if(is_null($this->id)) throw new BadMethodCallException('Access rule must be in directory before options can be listed');
|
||
|
$stmt = $this->database->prepare("
|
||
|
SELECT *
|
||
|
FROM access_option
|
||
|
WHERE access_id = ?
|
||
|
ORDER BY `option`
|
||
|
");
|
||
|
$stmt->bind_param('d', $this->id);
|
||
|
$stmt->execute();
|
||
|
$result = $stmt->get_result();
|
||
|
$options = array();
|
||
|
while($row = $result->fetch_assoc()) {
|
||
|
$options[$row['option']] = new AccessOption($row['option'], $row);
|
||
|
}
|
||
|
$stmt->close();
|
||
|
return $options;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
class AccessNotFoundException extends Exception {}
|