CAcert Code Development list.

[Benny Baumann <benbe AT cacert.org>]

Dear Critical,

we have a follow-up for Bug #1003 to fix the remaining issues mentioned
in Arbitration a20110118.1 to include Ad Admins and correct some more
issues found since deployment of the patch v1 on 29th March 2012 and v2
on 21st June 2012.

This follow-up introduces some minor debugging output when the script is
run to list the people that were sent mail by the script, mainly as
means to debug issues on the testserver: sometimes mails for people
didn't arrive although they were listed for a specific group as could be
seen in other groups. This output is logged to stdout and should be
redirected into an appropriate logfile or /dev/null in case this output
should not be logged (to avoid cron barking about the non-empty output
of the script).

The patch was reviewed by Michael Tänzer (NEOatNHNG) and me (BenBE).
Tests were performed by Eva, Marcus Mängel (INOPIAE), Martin Gummi
(magu) and Ulrich Schröter (uli60).

Please perform the usual update of the translations. In addition it
would be nice (but is not required) if you could compare the list of
sent mails (according to the script output) and the mailserver logs
after the next regular run of the permission review.

Best regards,
Benny Baumann
CAcert SWAT
diff --git a/scripts/cron/permissionreview.php b/scripts/cron/permissionreview.php
index 0f2fc2e..ca95f18 100755
--- a/scripts/cron/permissionreview.php
+++ b/scripts/cron/permissionreview.php
@@ -27,7 +27,7 @@ $ORGANISATION_ASSURANCE_OFFICER = 'oao AT cacert.org';
 
 //defines to whom to send the lists
 $flags = array(
-	'admin' => array(
+	'admin=1' => array(
 			'name'    => 'Support Engineer',
 			'own'     => false, //Don't send twice
 			'board'   => true,
@@ -35,8 +35,8 @@ $flags = array(
 			'ao'      => false,
 			'oao'     => false
 			),
-	
-	'orgadmin' => array(
+
+	'orgadmin=1' => array(
 			'name'    => 'Organisation Assurer',
 			'own'     => true,
 			'board'   => true,
@@ -44,8 +44,8 @@ $flags = array(
 			'ao'      => true,
 			'oao'     => true
 			),
-	
-	'board' => array(
+
+	'board=1' => array(
 			'name'    => 'Board Member',
 			'own'     => false,
 			'board'   => true,
@@ -53,8 +53,8 @@ $flags = array(
 			'ao'      => true,
 			'oao'     => false
 			),
-	
-	'ttpadmin' => array(
+
+	'ttpadmin=1' => array(
 			'name'    => 'Trusted Third Party Admin',
 			'own'     => true,
 			'board'   => true,
@@ -62,8 +62,17 @@ $flags = array(
 			'ao'      => true,
 			'oao'     => true
 			),
-	
-	'tverify' => array(
+
+	'ttpadmin=2' => array(
+			'name'    => 'Trusted Third Party TOPUP Admin',
+			'own'     => true,
+			'board'   => true,
+			'support' => true,
+			'ao'      => true,
+			'oao'     => true
+			),
+
+	'tverify=1' => array(
 			'name'    => 'Tverify Admin',
 			'own'     => false,
 			'board'   => true,
@@ -71,8 +80,8 @@ $flags = array(
 			'ao'      => true,
 			'oao'     => false
 			),
-	
-	'locadmin' => array(
+
+	'locadmin=1' => array(
 			'name'    => 'Location Admin',
 			'own'     => false,
 			'board'   => true,
@@ -80,30 +89,51 @@ $flags = array(
 			'ao'      => false,
 			'oao'     => false
 			),
+
+	'adadmin=1' => array(
+			'name'    => 'submit status for Advertising Admin',
+			'own'     => false,
+			'board'   => true,
+			'support' => true,
+			'ao'      => false,
+			'oao'     => false
+			),
+
+	'adadmin=2' => array(
+			'name'    => 'approve status for Advertising Admin',
+			'own'     => false,
+			'board'   => true,
+			'support' => true,
+			'ao'      => false,
+			'oao'     => false
+			),
+
+
 	);
 
 
 // Build up list of various admins
 $adminlist = array();
 foreach ($flags as $flag => $flag_properties) {
-	$query = "select `fname`, `lname`, `email` from `users` where `$flag` = 1";
+	$flagname = explode('=', $flag, 2 );
+	$query = "select `fname`, `lname`, `email` from `users` where `$flagname[0]` = '$flagname[1]'";
 	if(! $res = mysql_query($query) ) {
 		fwrite(STDERR,
 				"MySQL query for flag $flag failed:\n".
 				"\"$query\"\n".
 				mysql_error()
 			);
-		
+
 		continue;
 	}
-	
+
 	$adminlist[$flag] = array();
-	
+
 	while ($row = mysql_fetch_assoc($res)) {
 		$adminlist[$flag][] = $row;
 	}
-	
-	
+
+
 	// Send mail to admins of this group if 'own' is set
 	if ($flag_properties['own']) {
 		foreach ($adminlist[$flag] as $admin) {
@@ -117,19 +147,20 @@ and report to the responsible team leader or board
 
 
 EOF;
-			
+
 			foreach ($adminlist[$flag] as $colleague) {
 				$message .= "$colleague[fname] $colleague[lname] $colleague[email]\n";
 			}
-			
+
 			$message .= <<<EOF
 
 
 Best Regards,
 CAcert Support
 EOF;
-			
+
 			sendmail($admin['email'], "Permissions Review", $message, 'support AT cacert.org');
+			echo "Sent $flag_properties[name] mail to $admin[email]\n";
 		}
 	}
 }
@@ -152,7 +183,7 @@ foreach ($flags as $flag => $flag_properties) {
 		foreach ($adminlist[$flag] as $colleague) {
 			$message .= "$colleague[fname] $colleague[lname] $colleague[email]\n";
 		}
-		
+
 		$message .= "\n\n";
 	}
 }
@@ -163,12 +194,13 @@ Best Regards,
 CAcert Support
 EOF;
 
-foreach ($adminlist['admin'] as $support_engineer) {
+foreach ($adminlist['admin=1'] as $support_engineer) {
 	sendmail(
 			$support_engineer['email'],
 			"Permissions Review",
 			$message,
 			'support AT cacert.org');
+	echo "Sent Support Engineer mail to $support_engineer[email]\n";
 }
 
 
@@ -188,14 +220,14 @@ foreach (array(
 Dear $values[description],
 
 it's time for the permission review again. Here is the list of privileged users
-in the CAcert web application. Please review them and also ask the persons 
+in the CAcert web application. Please review them and also ask the persons
 responsible for an up-to-date copy of access lists not directly recorded in the
-web application (critical admins, software assessors etc.) 
+web application (critical admins, software assessors etc.)
 
 
 
 EOF;
-	
+
 	foreach ($flags as $flag => $flag_properties) {
 		if ($flag_properties[$key]) {
 			$message .= "List of $flag_properties[name]s:\n\n";
@@ -205,13 +237,14 @@ EOF;
 			$message .= "\n\n";
 		}
 	}
-	
+
 	$message .= <<<EOF
 
 
 Best Regards,
 CAcert Support
 EOF;
-	
+
 	sendmail($values['email'], "Permissions Review", $message, 'support AT cacert.org');
+	echo "Sent $values[description] mail to $values[email]\n";
 }

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature