Merge pull request #170 from jhuet/feature/task-permissions

Feature/task permissions
10 years ago · 39841a5678
3 changed files with 450 additions and 0 deletions
--- a/Mage/Task/BuiltIn/Filesystem/PermissionsReadableOnlyByWebServerTask.php
+++ b/Mage/Task/BuiltIn/Filesystem/PermissionsReadableOnlyByWebServerTask.php
@ -0,0 +1,60 @@
+<?php
+namespace Mage\Task\BuiltIn\Filesystem;
+
+use Mage\Task\SkipException;
+
+/**
+ * Task for giving only to web server read permissions on given paths.
+ *
+ * Usage :
+ *   pre-deploy:
+ *     - filesystem/permissions-readable-only-by-web-server: {paths: /var/www/myapp/app/config/config.yml:/var/www/myapp/app/config/parameters.yml, recursive: false, checkPathsExist: true}
+ *     - filesystem/permissions-readable-only-by-web-server:
+ *         paths:
+ *             - /var/www/myapp/app/config/config.yml
+ *             - /var/www/myapp/app/config/parameters.yml
+ *         recursive: false
+ *         checkPathsExist: true
+ *   on-deploy:
+ *     - filesystem/permissions-readable-only-by-web-server: {paths: app/config/config.yml:app/config/parameters.yml, recursive: false, checkPathsExist: true}
+ *
+ * @author Jérémy Huet <jeremy.huet@gmail.com>
+ */
+class PermissionsReadableOnlyByWebServerTask extends PermissionsTask
+{
+    /**
+     * Set group with web server user and give group write permissions.
+     */
+    public function init()
+    {
+        parent::init();
+
+        $this->setGroup($this->getParameter('group') ? $this->getParameter('group') : $this->getWebServerUser())
+             ->setRights('040');
+    }
+
+    /**
+     * @return string
+     */
+    public function getName()
+    {
+        return "Giving read permissions only to web server user for given paths [built-in]";
+    }
+
+    /**
+     * Tries to guess the web server user by going thru the running processes.
+     *
+     * @return string
+     * @throws SkipException
+     */
+    protected function getWebServerUser()
+    {
+        $this->runCommand("ps aux | grep -E '[a]pache|[h]ttpd|[_]www|[w]ww-data|[n]ginx' | grep -v root | head -1 | cut -d\  -f1", $webServerUser);
+
+        if (empty($webServerUser)) {
+            throw new SkipException("Can't guess web server user. Please check if it is running or force it by setting the group parameter");
+        }
+
+        return $webServerUser;
+    }
+}
--- a/Mage/Task/BuiltIn/Filesystem/PermissionsTask.php
+++ b/Mage/Task/BuiltIn/Filesystem/PermissionsTask.php
@ -0,0 +1,330 @@
+<?php
+namespace Mage\Task\BuiltIn\Filesystem;
+
+use Mage\Task\AbstractTask;
+use Mage\Task\SkipException;
+
+/**
+ * Task for setting permissions on given paths. Change will be done on local or
+ * remote host depending on the stage of the deployment.
+ *
+ * Usage :
+ *   pre-deploy:
+ *     - filesystem/permissions: {paths: /var/www/myapp/app/cache:/var/www/myapp/app/cache, recursive: false, checkPathsExist: true, owner: www-data, group: www-data, rights: 775}
+ *     - filesystem/permissions:
+ *         paths:
+ *             - /var/www/myapp/app/cache
+ *             - /var/www/myapp/app/logs
+ *         recursive: false
+ *         checkPathsExist: true
+ *         owner: www-data:www-data
+ *         rights: 775
+ *   on-deploy:
+ *     - filesystem/permissions: {paths: app/cache:app/logs, recursive: false, checkPathsExist: true, owner: www-data, group: www-data, rights: 775}
+ *
+ * @author Jérémy Huet <jeremy.huet@gmail.com>
+ */
+class PermissionsTask extends AbstractTask
+{
+    /**
+     * Paths to change of permissions in an array or a string separated by
+     * PATH_SEPARATOR.
+     *
+     * If the stage is on local host you should give full paths. If on remote
+     * you may give full or relative to the current release directory paths.
+     *
+     * @var string
+     */
+    private $paths;
+
+    /**
+     * If set to true, will check existance of given paths on the host and
+     * throw SkipException if at least one does not exist.
+     *
+     * @var boolean
+     */
+    private $checkPathsExist = true;
+
+    /**
+     * Owner to set for the given paths (ex : "www-data" or "www-data:www-data"
+     * to set both owner and group at the same time)
+     *
+     * @var string
+     */
+    private $owner;
+
+    /**
+     * Group to set for the given paths (ex : "www-data")
+     *
+     * @var string
+     */
+    private $group;
+
+    /**
+     * Rights to set for the given paths (ex: "755" or "g+w")
+     *
+     * @var string
+     */
+    private $rights;
+
+    /**
+     * If set to true, will recursively change permissions on given paths.
+     *
+     * @var string
+     */
+    private $recursive = false;
+
+    /**
+     * Initialize parameters.
+     *
+     * @throws SkipException
+     */
+    public function init()
+    {
+        parent::init();
+
+        if (! is_null($this->getParameter('checkPathsExist'))) {
+            $this->setCheckPathsExist($this->getParameter('checkPathsExist'));
+        }
+
+        if (! $this->getParameter('paths')) {
+            throw new SkipException('Param paths is mandatory');
+        }
+        $this->setPaths(is_array($this->getParameter('paths')) ? $this->getParameter('paths') : explode(PATH_SEPARATOR, $this->getParameter('paths', '')));
+
+        if (! is_null($owner = $this->getParameter('owner'))) {
+            if (strpos($owner, ':') !== false) {
+                $this->setOwner(array_shift(explode(':', $owner)));
+                $this->setGroup(array_pop(explode(':', $owner)));
+            } else {
+                $this->setOwner($owner);
+            }
+        }
+
+        if (! is_null($group = $this->getParameter('group'))) {
+            $this->setGroup($group);
+        }
+
+        if (! is_null($rights = $this->getParameter('rights'))) {
+            $this->setRights($rights);
+        }
+
+        if (! is_null($recursive = $this->getParameter('recursive'))) {
+            $this->setRecursive($recursive);
+        }
+    }
+
+    /**
+     * @return string
+     */
+    public function getName()
+    {
+        return "Changing rights / owner / group for given paths [built-in]";
+    }
+
+    /**
+     * @return boolean
+     */
+    public function run()
+    {
+        $commands = array();
+
+        if ($this->paths && $this->owner) {
+            $commands []= 'chown '. $this->getOptionsForCmd() .' ' . $this->owner . ' ' . $this->getPathsForCmd();
+        }
+
+        if ($this->paths && $this->group) {
+            $commands []= 'chgrp '. $this->getOptionsForCmd()  .' ' . $this->group . ' ' . $this->getPathsForCmd();
+        }
+
+        if ($this->paths && $this->rights) {
+            $commands []= 'chmod '. $this->getOptionsForCmd()  .' ' . $this->rights . ' ' . $this->getPathsForCmd();
+        }
+
+        $result = $this->runCommand(implode(' && ', $commands));
+
+        return $result;
+    }
+
+    /**
+     * Returns the options for the commands to run. Only supports -R for now.
+     *
+     * @return string
+     */
+    protected function getOptionsForCmd()
+    {
+        $optionsForCmd = '';
+        $options = array(
+            'R' => $this->recursive
+        );
+
+        foreach($options as $option => $apply) {
+            if ($apply == true) {
+                $optionsForCmd .= $option;
+            }
+        }
+
+        return $optionsForCmd ? '-' . $optionsForCmd : '';
+    }
+
+    /**
+     * Transforms paths array to a string separated by 1 space in order to use
+     * it in a command line.
+     *
+     * @return string
+     */
+    protected function getPathsForCmd($paths = null)
+    {
+        if (is_null($paths)) {
+            $paths = $this->paths;
+        }
+
+        return implode(' ', $paths);
+    }
+
+    /**
+     * Set paths. Will check if they exist on the host depending on
+     * checkPathsExist flag.
+     *
+     * @param array $paths
+     * @return PermissionsTask
+     * @throws SkipException
+     */
+    protected function setPaths(array $paths)
+    {
+        if ($this->checkPathsExist == true) {
+            $commands = array();
+            foreach ($paths as $path) {
+                $commands[] = '(([ -f ' . $path . ' ]) || ([ -d ' . $path . ' ]))';
+            }
+
+            $command = implode(' && ', $commands);
+            if (! $this->runCommand($command)) {
+                throw new SkipException('Make sure all paths given exist on the host : ' . $this->getPathsForCmd($paths));
+            }
+        }
+
+        $this->paths = $paths;
+
+        return $this;
+    }
+
+    /**
+     * @return string
+     */
+    protected function getPaths()
+    {
+        return $this->paths;
+    }
+
+    /**
+     * Set checkPathsExist.
+     *
+     * @param boolean $checkPathsExist
+     * @return PermissionsTask
+     */
+    protected function setCheckPathsExist($checkPathsExist)
+    {
+        $this->checkPathsExist = (bool) $checkPathsExist;
+
+        return $this;
+    }
+
+    /**
+     * @return boolean
+     */
+    protected function getCheckPathsExist()
+    {
+        return $this->checkPathsExist;
+    }
+
+    /**
+     * Set owner.
+     *
+     * @todo check existance of $owner on host, might be different ways depending on OS.
+     *
+     * @param string $owner
+     * @return PermissionsTask
+     */
+    protected function setOwner($owner)
+    {
+        $this->owner = $owner;
+
+        return $this;
+    }
+
+    /**
+     * @return string
+     */
+    protected function getOwner()
+    {
+        return $this->owner;
+    }
+
+    /**
+     * Set group.
+     *
+     * @todo check existance of $group on host, might be different ways depending on OS.
+     *
+     * @param string $group
+     * @return PermissionsTask
+     */
+    protected function setGroup($group)
+    {
+        $this->group = $group;
+
+        return $this;
+    }
+
+    /**
+     * @return string
+     */
+    protected function getGroup()
+    {
+        return $this->group;
+    }
+
+    /**
+     * Set rights.
+     *
+     * @todo check if $rights is in a correct format.
+     *
+     * @param string $rights
+     * @return PermissionsTask
+     */
+    protected function setRights($rights)
+    {
+        $this->rights = $rights;
+
+        return $this;
+    }
+
+    /**
+     * @return string
+     */
+    protected function getRights()
+    {
+        return $this->rights;
+    }
+
+    /**
+     * Set recursive.
+     *
+     * @param boolean $recursive
+     * @return PermissionsTask
+     */
+    protected function setRecursive($recursive)
+    {
+        $this->recursive = (bool) $recursive;
+
+        return $this;
+    }
+
+    /**
+     * @return boolean
+     */
+    protected function getRecursive()
+    {
+        return $this->recursive;
+    }
+}
--- a/Mage/Task/BuiltIn/Filesystem/PermissionsWritableByWebServerTask.php
+++ b/Mage/Task/BuiltIn/Filesystem/PermissionsWritableByWebServerTask.php
@ -0,0 +1,60 @@
+<?php
+namespace Mage\Task\BuiltIn\Filesystem;
+
+use Mage\Task\SkipException;
+
+/**
+ * Task for giving web server write permissions on given paths.
+ *
+ * Usage :
+ *   pre-deploy:
+ *     - filesystem/permissions-writable-by-web-server: {paths: /var/www/myapp/app/cache:/var/www/myapp/app/logs, recursive: false, checkPathsExist: true}
+ *     - filesystem/permissions-writable-by-web-server:
+ *         paths:
+ *             - /var/www/myapp/app/cache
+ *             - /var/www/myapp/app/logs
+ *         recursive: false
+ *         checkPathsExist: true
+ *   on-deploy:
+ *     - filesystem/permissions-writable-by-web-server: {paths: app/cache:app/logs, recursive: false, checkPathsExist: true}
+ *
+ * @author Jérémy Huet <jeremy.huet@gmail.com>
+ */
+class PermissionsWritableByWebServerTask extends PermissionsTask
+{
+    /**
+     * Set group with web server user and give group write permissions.
+     */
+    public function init()
+    {
+        parent::init();
+
+        $this->setGroup($this->getParameter('group') ? $this->getParameter('group') : $this->getWebServerUser())
+             ->setRights('g+w');
+    }
+
+    /**
+     * @return string
+     */
+    public function getName()
+    {
+        return "Giving write permissions to web server user for given paths [built-in]";
+    }
+
+    /**
+     * Tries to guess the web server user by going thru the running processes.
+     *
+     * @return string
+     * @throws SkipException
+     */
+    protected function getWebServerUser()
+    {
+        $this->runCommand("ps aux | grep -E '[a]pache|[h]ttpd|[_]www|[w]ww-data|[n]ginx' | grep -v root | head -1 | cut -d\  -f1", $webServerUser);
+
+        if (empty($webServerUser)) {
+            throw new SkipException("Can't guess web server user. Please check if it is running or force it by setting the group parameter");
+        }
+
+        return $webServerUser;
+    }
+}