From 9d6c0b749784d1deb6bc212f9387d4a6b383aa4f Mon Sep 17 00:00:00 2001 From: xdrm-brackets Date: Sun, 22 May 2016 12:22:38 +0200 Subject: [PATCH] =?UTF-8?q?Gestion=20des=20droits=20automatis=C3=A9=20('su?= =?UTF-8?q?do=20doc/set=5Fpermissions.php')?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .htaccess | 2 +- config/.htaccess | 2 +- doc/.htaccess | 2 + doc/permissions.json | 44 +++++++++++ doc/permissions.json~ | 39 ++++++++++ doc/set_permissions.php | 157 ++++++++++++++++++++++++++++++++++++++++ manager/.htaccess | 2 + src/.htaccess | 2 + 8 files changed, 248 insertions(+), 2 deletions(-) create mode 100644 doc/.htaccess create mode 100644 doc/permissions.json create mode 100644 doc/permissions.json~ create mode 100644 doc/set_permissions.php create mode 100644 manager/.htaccess create mode 100644 src/.htaccess diff --git a/.htaccess b/.htaccess index 640cd49..dac494d 100755 --- a/.htaccess +++ b/.htaccess @@ -1,5 +1,5 @@ # Gestion des pages d'erreur personnalisées -ErrorDocument 403 view/error.php +ErrorDocument 403 /index.php # Redirection vers index.php (Router) diff --git a/config/.htaccess b/config/.htaccess index 93169e4..896fbc5 100644 --- a/config/.htaccess +++ b/config/.htaccess @@ -1,2 +1,2 @@ Order deny,allow -Deny from all +Deny from all \ No newline at end of file diff --git a/doc/.htaccess b/doc/.htaccess new file mode 100644 index 0000000..896fbc5 --- /dev/null +++ b/doc/.htaccess @@ -0,0 +1,2 @@ +Order deny,allow +Deny from all \ No newline at end of file diff --git a/doc/permissions.json b/doc/permissions.json new file mode 100644 index 0000000..efe2cfe --- /dev/null +++ b/doc/permissions.json @@ -0,0 +1,44 @@ +{ + "root": "/var/www/socioview", + + "umask": 2, + + + + "permissions": { + ".htaccess": { "chown": "xdrm:www-data", "chmod": "750" }, + "public": { "chown": "xdrm:www-data", "chmod": "750" }, + "private": { "chown": "xdrm:xdrm", "chmod": "700", ".htaccess": "Order deny,allow\nDeny from all" }, + "phponly": { "chown": "xdrm:www-data", "chmod": "770", ".htaccess": "Order deny,allow\nDeny from all" }, + "php": { "chown": "xdrm:www-data", "chmod": "770" } + }, + + + + + "files": { + "permissions": "public", + + ".git": { "permissions": "private" }, + + "config": { "permissions": "private" }, + "manager": { "permissions": "private" }, + + "src": { + "permissions": "phponly", + "static": "public" + }, + + + "tmp": { + "permissions": "php" + }, + + ".htaccess": { "permissions": "public" }, + + "doc": { "permissions": "private" } + + } + + +} diff --git a/doc/permissions.json~ b/doc/permissions.json~ new file mode 100644 index 0000000..13b71d2 --- /dev/null +++ b/doc/permissions.json~ @@ -0,0 +1,39 @@ +{ + "root": "/var/www/socioview", + + + + "permissions": { + "public": { "chown": "xdrm:www-data", "chmod": 750 }, + "private": { "chown": "xdrm:xdrm", "chmod": 700, ".htaccess": "Order deny,allow\nDeny from all" }, + "phponly": { "chown": "xdrm:www-data", "chmod": 770, ".htaccess": "Order deny,allow\nDeny from all" }, + "php": { "chown": "xdrm:www-data", "chmod": 770 } + }, + + + + + "files": { + "permissions": "public", + + ".git": { "permissions": "private" }, + + "config": { "permissions": "private" }, + "manager": { "permissions": "private" }, + + "src": { + "permissions": "phponly", + "static": "public" + }, + + + "tmp": { + "permissions": "php" + }, + + + ".htaccess": { "permissions": "private" } + } + + +} diff --git a/doc/set_permissions.php b/doc/set_permissions.php new file mode 100644 index 0000000..ed9bd8f --- /dev/null +++ b/doc/set_permissions.php @@ -0,0 +1,157 @@ +$file){ + // Si c'est . ou .., on passe au suivant + if( $file == '.' || $file == '..' ){ + unset($content[$i]); + continue; + } + + // Sinon, on lance recursivement + chmodR( implode('/', array_merge(explode('/', $dirOrFile), array($file))), $chmod, $chown ); + } + + } + + } + + + + + + /* APPLIQUE LES DROITS SUR UN DOSSIER EN FONCTION DE LA CONFIG + * + */ + function applyPermissions($parent, $children, $permissions){ + + /* [0] Si une permission est définie, on l'applique + =========================================================*/ + /* (0) Si la permission existe et est référencée */ + if( isset($children['permissions']) && isset($permissions[$children['permissions']]) ){ + // On récupère les permissions + $permission = $permissions[$children['permissions']]; + + + /* (1) Valeur par défaut des propriétaires si n'est pas défini */ + if( !isset($permission['chown']) ) + $permission['chown'] = null; + + /* (2) Valeur par défaut des droits si n'est pas défini */ + if( !isset($permission['chmod']) ) + $permission['chmod'] = null; + + /* (3) Gestion du .htaccess, si défini et si un dossier */ + if( isset($permission['.htaccess']) && is_dir($parent) ){ + + echo 'creating '."$parent/.htaccess\n"; + $fht = fopen("$parent/.htaccess", 'w'); + fwrite($fht, $permission['.htaccess']); + fclose($fht); + + /* (4) On applique les permissions sur le .htaccess (par défaut depuis config) */ + chmodR("$parent/.htaccess", $permissions['.htaccess']['chmod'], $permissions['.htaccess']['chown']); + } + + + + /* (5) On retire les permissions de la liste des enfants pour la suite */ + unset($children['permissions']); + } + + + /* [1] Pour chaque enfant, s'il y en a + =========================================================*/ + /* (1) On lance récursivement sur tous les enfants */ + if( is_array($children) ) + foreach($children as $child=>$subChildren) + applyPermissions("$parent/$child", $subChildren, $permissions); + + } + + + + /* [1] On charge la configuration + =========================================================*/ + $config = loadConfig(); + + // Si erreur de configuration + if( is_null($config) ){ + echo 'Config error'; + exit(); + } + + + /* [2] Gestion de 'umask' si défini + =========================================================*/ + chdir($config['root']); + + if( isset($config['umask']) ) + umask( decoct($config['umask']) ); + + + /* [3] On traite toute l'arborescence + =========================================================*/ + applyPermissions($config['root'], $config['files'], $config['permissions']); + +?> diff --git a/manager/.htaccess b/manager/.htaccess new file mode 100644 index 0000000..896fbc5 --- /dev/null +++ b/manager/.htaccess @@ -0,0 +1,2 @@ +Order deny,allow +Deny from all \ No newline at end of file diff --git a/src/.htaccess b/src/.htaccess new file mode 100644 index 0000000..896fbc5 --- /dev/null +++ b/src/.htaccess @@ -0,0 +1,2 @@ +Order deny,allow +Deny from all \ No newline at end of file