liam-linux-account-manager/model/access.php

81 lines
2.6 KiB
PHP
Raw Normal View History

2021-11-16 15:11:32 +01:00
<?php
/**
* Class that represents an access rule granting access from one entity to another
*/
class Access extends Record {
/**
* Defines the database table that this object is stored in
*/
protected $table = 'access';
/**
* Add an SSH access option to the access rule
* Access options include "command", "from", "no-port-forwarding" etc.
* @param AccessOption $option to be added
*/
public function add_option(AccessOption $option) {
if(is_null($this->id)) throw new BadMethodCallException('Access rule must be in directory before options can be added');
$stmt = $this->database->prepare("INSERT INTO access_option SET access_id = ?, `option` = ?, value = ?");
$stmt->bind_param('dss', $this->id, $option->option, $option->value);
$stmt->execute();
$stmt->close();
}
/**
* Remove an SSH option from the access rule
* @param AccessOption $option to be removed
*/
public function delete_option(AccessOption $option) {
if(is_null($this->id)) throw new BadMethodCallException('Access rule must be in directory before options can be deleted');
$stmt = $this->database->prepare("DELETE FROM access_option WHERE access_id = ? AND `option` = ?");
$stmt->bind_param('ds', $this->id, $option->option);
$stmt->execute();
$stmt->close();
}
/**
* Replace the current list of SSH access options with the provided array of options.
* This is a crude implementation - just deletes all existing options and adds new ones, with
* table locking for a small measure of safety.
* @param array $options array of AccessOption objects
*/
public function update_options(array $options) {
$stmt = $this->database->query("LOCK TABLES access_option WRITE");
$oldoptions = $this->list_options();
foreach($oldoptions as $oldoption) {
$this->delete_option($oldoption);
}
foreach($options as $option) {
$this->add_option($option);
}
$stmt = $this->database->query("UNLOCK TABLES");
$this->dest_entity->sync_access();
}
/**
* List all current SSH access options applied to the access rule.
* @return array of AccessOption objects
*/
public function list_options() {
if(is_null($this->id)) throw new BadMethodCallException('Access rule must be in directory before options can be listed');
$stmt = $this->database->prepare("
SELECT *
FROM access_option
WHERE access_id = ?
ORDER BY `option`
");
$stmt->bind_param('d', $this->id);
$stmt->execute();
$result = $stmt->get_result();
$options = array();
while($row = $result->fetch_assoc()) {
$options[$row['option']] = new AccessOption($row['option'], $row);
}
$stmt->close();
return $options;
}
}
class AccessNotFoundException extends Exception {}