hauke
/
Magallanes
mirror of https://github.com/hauke68/Magallanes
1
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

Merge pull request #170 from jhuet/feature/task-permissions 

Feature/task permissions
1.0
Andrés Montañez 10 years ago
parent
15295afc0b 5643616e50
commit
39841a5678
3 changed files with 450 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 60
      Mage/Task/BuiltIn/Filesystem/PermissionsReadableOnlyByWebServerTask.php
  2. 330
      Mage/Task/BuiltIn/Filesystem/PermissionsTask.php
  3. 60
      Mage/Task/BuiltIn/Filesystem/PermissionsWritableByWebServerTask.php

60
Mage/Task/BuiltIn/Filesystem/PermissionsReadableOnlyByWebServerTask.php
Unescape View File

@ -0,0 +1,60 @@
<?php
namespace Mage\Task\BuiltIn\Filesystem;
use Mage\Task\SkipException;
/**
* Task for giving only to web server read permissions on given paths.
*
* Usage :
* pre-deploy:
* - filesystem/permissions-readable-only-by-web-server: {paths: /var/www/myapp/app/config/config.yml:/var/www/myapp/app/config/parameters.yml, recursive: false, checkPathsExist: true}
* - filesystem/permissions-readable-only-by-web-server:
* paths:
* - /var/www/myapp/app/config/config.yml
* - /var/www/myapp/app/config/parameters.yml
* recursive: false
* checkPathsExist: true
* on-deploy:
* - filesystem/permissions-readable-only-by-web-server: {paths: app/config/config.yml:app/config/parameters.yml, recursive: false, checkPathsExist: true}
*
* @author Jérémy Huet <jeremy.huet@gmail.com>
*/
class PermissionsReadableOnlyByWebServerTask extends PermissionsTask
{
/**
* Set group with web server user and give group write permissions.
*/
public function init()
{
parent::init();
$this->setGroup($this->getParameter('group') ? $this->getParameter('group') : $this->getWebServerUser())
->setRights('040');
}
/**
* @return string
*/
public function getName()
{
return "Giving read permissions only to web server user for given paths [built-in]";
}
/**
* Tries to guess the web server user by going thru the running processes.
*
* @return string
* @throws SkipException
*/
protected function getWebServerUser()
{
$this->runCommand("ps aux | grep -E '[a]pache|[h]ttpd|[_]www|[w]ww-data|[n]ginx' | grep -v root | head -1 | cut -d\ -f1", $webServerUser);
if (empty($webServerUser)) {
throw new SkipException("Can't guess web server user. Please check if it is running or force it by setting the group parameter");
}
return $webServerUser;
}
}

330
Mage/Task/BuiltIn/Filesystem/PermissionsTask.php
Unescape View File

@ -0,0 +1,330 @@
<?php
namespace Mage\Task\BuiltIn\Filesystem;
use Mage\Task\AbstractTask;
use Mage\Task\SkipException;
/**
* Task for setting permissions on given paths. Change will be done on local or
* remote host depending on the stage of the deployment.
*
* Usage :
* pre-deploy:
* - filesystem/permissions: {paths: /var/www/myapp/app/cache:/var/www/myapp/app/cache, recursive: false, checkPathsExist: true, owner: www-data, group: www-data, rights: 775}
* - filesystem/permissions:
* paths:
* - /var/www/myapp/app/cache
* - /var/www/myapp/app/logs
* recursive: false
* checkPathsExist: true
* owner: www-data:www-data
* rights: 775
* on-deploy:
* - filesystem/permissions: {paths: app/cache:app/logs, recursive: false, checkPathsExist: true, owner: www-data, group: www-data, rights: 775}
*
* @author Jérémy Huet <jeremy.huet@gmail.com>
*/
class PermissionsTask extends AbstractTask
{
/**
* Paths to change of permissions in an array or a string separated by
* PATH_SEPARATOR.
*
* If the stage is on local host you should give full paths. If on remote
* you may give full or relative to the current release directory paths.
*
* @var string
*/
private $paths;
/**
* If set to true, will check existance of given paths on the host and
* throw SkipException if at least one does not exist.
*
* @var boolean
*/
private $checkPathsExist = true;
/**
* Owner to set for the given paths (ex : "www-data" or "www-data:www-data"
* to set both owner and group at the same time)
*
* @var string
*/
private $owner;
/**
* Group to set for the given paths (ex : "www-data")
*
* @var string
*/
private $group;
/**
* Rights to set for the given paths (ex: "755" or "g+w")
*
* @var string
*/
private $rights;
/**
* If set to true, will recursively change permissions on given paths.
*
* @var string
*/
private $recursive = false;
/**
* Initialize parameters.
*
* @throws SkipException
*/
public function init()
{
parent::init();
if (! is_null($this->getParameter('checkPathsExist'))) {
$this->setCheckPathsExist($this->getParameter('checkPathsExist'));
}
if (! $this->getParameter('paths')) {
throw new SkipException('Param paths is mandatory');
}
$this->setPaths(is_array($this->getParameter('paths')) ? $this->getParameter('paths') : explode(PATH_SEPARATOR, $this->getParameter('paths', '')));
if (! is_null($owner = $this->getParameter('owner'))) {
if (strpos($owner, ':') !== false) {
$this->setOwner(array_shift(explode(':', $owner)));
$this->setGroup(array_pop(explode(':', $owner)));
} else {
$this->setOwner($owner);
}
}
if (! is_null($group = $this->getParameter('group'))) {
$this->setGroup($group);
}
if (! is_null($rights = $this->getParameter('rights'))) {
$this->setRights($rights);
}
if (! is_null($recursive = $this->getParameter('recursive'))) {
$this->setRecursive($recursive);
}
}
/**
* @return string
*/
public function getName()
{
return "Changing rights / owner / group for given paths [built-in]";
}
/**
* @return boolean
*/
public function run()
{
$commands = array();
if ($this->paths && $this->owner) {
$commands []= 'chown '. $this->getOptionsForCmd() .' ' . $this->owner . ' ' . $this->getPathsForCmd();
}
if ($this->paths && $this->group) {
$commands []= 'chgrp '. $this->getOptionsForCmd() .' ' . $this->group . ' ' . $this->getPathsForCmd();
}
if ($this->paths && $this->rights) {
$commands []= 'chmod '. $this->getOptionsForCmd() .' ' . $this->rights . ' ' . $this->getPathsForCmd();
}
$result = $this->runCommand(implode(' && ', $commands));
return $result;
}
/**
* Returns the options for the commands to run. Only supports -R for now.
*
* @return string
*/
protected function getOptionsForCmd()
{
$optionsForCmd = '';
$options = array(
'R' => $this->recursive
);
foreach($options as $option => $apply) {
if ($apply == true) {
$optionsForCmd .= $option;
}
}
return $optionsForCmd ? '-' . $optionsForCmd : '';
}
/**
* Transforms paths array to a string separated by 1 space in order to use
* it in a command line.
*
* @return string
*/
protected function getPathsForCmd($paths = null)
{
if (is_null($paths)) {
$paths = $this->paths;
}
return implode(' ', $paths);
}
/**
* Set paths. Will check if they exist on the host depending on
* checkPathsExist flag.
*
* @param array $paths
* @return PermissionsTask
* @throws SkipException
*/
protected function setPaths(array $paths)
{
if ($this->checkPathsExist == true) {
$commands = array();
foreach ($paths as $path) {
$commands[] = '(([ -f ' . $path . ' ]) || ([ -d ' . $path . ' ]))';
}
$command = implode(' && ', $commands);
if (! $this->runCommand($command)) {
throw new SkipException('Make sure all paths given exist on the host : ' . $this->getPathsForCmd($paths));
}
}
$this->paths = $paths;
return $this;
}
/**
* @return string
*/
protected function getPaths()
{
return $this->paths;
}
/**
* Set checkPathsExist.
*
* @param boolean $checkPathsExist
* @return PermissionsTask
*/
protected function setCheckPathsExist($checkPathsExist)
{
$this->checkPathsExist = (bool) $checkPathsExist;
return $this;
}
/**
* @return boolean
*/
protected function getCheckPathsExist()
{
return $this->checkPathsExist;
}
/**
* Set owner.
*
* @todo check existance of $owner on host, might be different ways depending on OS.
*
* @param string $owner
* @return PermissionsTask
*/
protected function setOwner($owner)
{
$this->owner = $owner;
return $this;
}
/**
* @return string
*/
protected function getOwner()
{
return $this->owner;
}
/**
* Set group.
*
* @todo check existance of $group on host, might be different ways depending on OS.
*
* @param string $group
* @return PermissionsTask
*/
protected function setGroup($group)
{
$this->group = $group;
return $this;
}
/**
* @return string
*/
protected function getGroup()
{
return $this->group;
}
/**
* Set rights.
*
* @todo check if $rights is in a correct format.
*
* @param string $rights
* @return PermissionsTask
*/
protected function setRights($rights)
{
$this->rights = $rights;
return $this;
}
/**
* @return string
*/
protected function getRights()
{
return $this->rights;
}
/**
* Set recursive.
*
* @param boolean $recursive
* @return PermissionsTask
*/
protected function setRecursive($recursive)
{
$this->recursive = (bool) $recursive;
return $this;
}
/**
* @return boolean
*/
protected function getRecursive()
{
return $this->recursive;
}
}

60
Mage/Task/BuiltIn/Filesystem/PermissionsWritableByWebServerTask.php
Unescape View File

@ -0,0 +1,60 @@
<?php
namespace Mage\Task\BuiltIn\Filesystem;
use Mage\Task\SkipException;
/**
* Task for giving web server write permissions on given paths.
*
* Usage :
* pre-deploy:
* - filesystem/permissions-writable-by-web-server: {paths: /var/www/myapp/app/cache:/var/www/myapp/app/logs, recursive: false, checkPathsExist: true}
* - filesystem/permissions-writable-by-web-server:
* paths:
* - /var/www/myapp/app/cache
* - /var/www/myapp/app/logs
* recursive: false
* checkPathsExist: true
* on-deploy:
* - filesystem/permissions-writable-by-web-server: {paths: app/cache:app/logs, recursive: false, checkPathsExist: true}
*
* @author Jérémy Huet <jeremy.huet@gmail.com>
*/
class PermissionsWritableByWebServerTask extends PermissionsTask
{
/**
* Set group with web server user and give group write permissions.
*/
public function init()
{
parent::init();
$this->setGroup($this->getParameter('group') ? $this->getParameter('group') : $this->getWebServerUser())
->setRights('g+w');
}
/**
* @return string
*/
public function getName()
{
return "Giving write permissions to web server user for given paths [built-in]";
}
/**
* Tries to guess the web server user by going thru the running processes.
*
* @return string
* @throws SkipException
*/
protected function getWebServerUser()
{
$this->runCommand("ps aux | grep -E '[a]pache|[h]ttpd|[_]www|[w]ww-data|[n]ginx' | grep -v root | head -1 | cut -d\ -f1", $webServerUser);
if (empty($webServerUser)) {
throw new SkipException("Can't guess web server user. Please check if it is running or force it by setting the group parameter");
}
return $webServerUser;
}
}
Write Preview
Loading…
Cancel
Save