123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430 |
- <?php
- define('ADB_DEVEL_MIN_TEXTAREA', 50);
- /**
- * Implements hook_menu().
- */
- function adb_menu() {
- $items['admin/reports/access-denied/backtrace'] = array(
- 'title' => "Last access denied errors backtrace",
- 'description' => "View 'access denied' errors backtrace (403s).",
- 'page callback' => 'adb_last',
- 'access arguments' => array('access site reports'),
- );
- $items['admin/reports/event/backtrace/%'] = array(
- 'title' => 'Details',
- 'page callback' => 'adb_event',
- 'page arguments' => array(4),
- 'access arguments' => array('access site reports'),
- );
- $items['admin/config/development/access-denied-backtrace/configure'] = array(
- 'title' => 'Access denied backtrace settings',
- 'page callback' => 'drupal_get_form',
- 'page arguments' => array('adb_settings'),
- 'access arguments' => array('administer access denied backtrace'),
- );
- return $items;
- }
- /**
- * Implements hook_permission().
- */
- function adb_permission() {
- return array(
- 'administer access denied backtrace' => array(
- 'title' => t('administer access denied backtrace'),
- 'description' => t('Change which roles are enabled to record access denied backtrace using the admin interface.'),
- ),
- );
- } // fontyourface_perm
- /**
- * Generate a adb settings form.
- *
- * @ingroup forms
- * @see filter_admin_format_form_validate()
- * @see filter_admin_format_form_submit()
- */
- function adb_settings($form, &$form_state) {
- // Add user role access selection.
- $form['adb_roles'] = array(
- '#type' => 'checkboxes',
- '#title' => t('Roles'),
- '#options' => array_map('check_plain', user_roles()),
- '#default_value' => variable_get('adb_roles',array()),
- '#description' => t('Configure what roles will be able to record access denied backtrace'),
- );
- return system_settings_form($form);
- }
- /**
- * Menu callback; displays details about access denied backtrace log message.
- */
- function adb_event($id) {
- $severity = watchdog_severity_levels();
- $result = db_query('SELECT adb.*, u.name, u.uid FROM {adb} adb INNER JOIN {users} u ON adb.uid = u.uid WHERE adb.adbid = :id', array(':id' => $id))->fetchObject();
- if ($dblog = $result) {
- $rows = array(
- array(
- array('data' => t('Date'), 'header' => TRUE),
- format_date($dblog->timestamp, 'long'),
- ),
- array(
- array('data' => t('User'), 'header' => TRUE),
- theme('username', array('account' => $dblog)),
- ),
- array(
- array('data' => t('Location'), 'header' => TRUE),
- l($dblog->location, $dblog->location),
- ),
- array(
- array('data' => t('User permissions'), 'header' => TRUE),
- $dblog->permissions,
- ),
- array(
- array('data' => t('User role permissions'), 'header' => TRUE),
- $dblog->role_permissions,
- ),
- array(
- array('data' => t('Node access denied'), 'header' => TRUE),
- $dblog->node_access_denied,
- ),
- array(
- array('data' => t('Backtrace'), 'header' => TRUE),
- theme('adb_message', array('event' => $dblog)),
- ),
- );
- $build['dblog_table'] = array(
- '#theme' => 'table',
- '#rows' => $rows,
- '#attributes' => array('class' => array('dblog-event')),
- );
- return $build;
- }
- else {
- return '';
- }
- }
- /**
- * Implements hook_theme().
- */
- function adb_theme() {
- return array(
- 'adb_message' => array(
- 'variables' => array('event' => NULL),
- ),
- );
- }
- /**
- * Returns HTML for a log message.
- *
- * @param $variables
- * An associative array containing:
- * - event: An object with at least the message and variables properties.
- * - link: (optional) Format message as link, event->wid is required.
- *
- * @ingroup themeable
- */
- function theme_adb_message($variables) {
- $event = $variables['event'];
- $link = (isset($variables['link']))?$variables['link']:FALSE;
- $output = $event->backtrace;
- // Truncate message to 56 chars.
- if($link) {
- $output = truncate_utf8(filter_xss($output, array()), 56, TRUE, TRUE);
- $output = l($output, 'admin/reports/event/backtrace/' . $event->adbid, array('html' => TRUE));
- }
- return $output;
- }
- /**
- * Menu callback; generic function to display a page of the last access denied
- * backtrace.
- *
- * Messages are not truncated because events from this page have no detail view.
- *
- */
- function adb_last() {
- $rows = array();
- $build['dblog_clear_log_form'] = drupal_get_form('adb_clear_log_form');
- $header = array(
- array('data' => t('Date'), 'field' => 'adb.adbid', 'sort' => 'desc'),
- t('Backtrace'),
- array('data' => t('User'), 'field' => 'u.name'),
- );
- $query = db_select('adb', 'adb')->extend('PagerDefault')->extend('TableSort');
- $query->leftJoin('users', 'u', 'adb.uid = u.uid');
- $query
- ->fields('adb', array('adbid', 'uid', 'timestamp', 'backtrace'))
- ->addField('u', 'name');
- $result = $query
- ->limit(50)
- ->orderByHeader($header)
- ->execute();
- foreach ($result as $dblog) {
- $rows[] = array('data' =>
- array(
- // Cells
- format_date($dblog->timestamp, 'short'),
- theme('adb_message', array('event' => $dblog, 'link' => TRUE)),
- theme('username', array('account' => $dblog)),
- ),
- // Attributes for tr
- 'class' => array(drupal_html_class('adb')),
- );
- }
- $build['dblog_table'] = array(
- '#theme' => 'table',
- '#header' => $header,
- '#rows' => $rows,
- '#attributes' => array('id' => 'admin-dblog'),
- '#empty' => t('No access denied bractrace log available.'),
- );
- $build['dblog_pager'] = array('#theme' => 'pager');
- return $build;
- }
- /**
- * Invokes a hook in all enabled modules that implement it.
- *
- * @param $hook
- * The name of the hook to invoke.
- * @param ...
- * Arguments to pass to the hook.
- *
- * @return
- * An array of return values of the hook implementations. If modules return
- * arrays from their implementations, those are merged into one array.
- */
- function adb_validate_module_access($node, $op, $account) {
- $args = array($node, $op, $account);
- $hook = 'node_access';
- $return = array();
- foreach (module_implements($hook) as $module) {
- $function = $module . '_' . $hook;
- if (function_exists($function)) {
- $result = call_user_func_array($function, $args);
- if (isset($result) && is_array($result)) {
- foreach ($result as $subaccess) {
- if ($subaccess == NODE_ACCESS_DENY) {
- $return[] = $module;
- break;
- }
- }
- $return = array_merge_recursive($return, $result);
- } elseif (isset($result) && $result == NODE_ACCESS_DENY) {
- $return[] = $module;
- }
- }
- }
- return t('Modules denying') . " " . implode(',', $return);
- }
- /**
- * Implements hook_watchdog().
- *
- * If an 'access denied' error is logged and user role is enabled for debug, the
- * execution trace is stored to try to fix what is wrong.
- */
- function adb_watchdog($log_entry) {
- $account = user_load($log_entry['uid']);
- $adb_roles = array_filter(variable_get('adb_roles',array()));
- $valid_role = array_intersect_key($adb_roles,$log_entry['user']->roles);
- $account_rights = '';
- $rights = drupal_static('node_access', array());
- $permissions_denied = '';
- if (isset($rights[$log_entry['uid']])) {
- $account_rights = $rights[$log_entry['uid']];
- foreach ($account_rights as $node => $rights) {
- foreach ($rights as $action => $access) {
- if (!$access) {
- $permissions_denied .= $action . ' ' . $node . ". ";
- $permissions_denied .= adb_validate_module_access($node, $action, $log_entry['user']) . ".<br/>";
- }
- }
- }
- }
- else {
- // Common message for annonymous users.
- $permissions_denied = t('There are not explicit access denied for this user');
- }
- $user_access = drupal_static('user_access', array());
- $role_permissions = user_role_permissions($account->roles);
- //Validate if entry is access denied and current user belog to enabled role to
- //record backtrace
- if (!empty($valid_role) && $log_entry['type'] == 'access denied' ) {
- $backtrace = _ddebug_backtrace(TRUE);
- // Pop the stack up to the drupal_access_denied() call.
- for ($i = 0; $i < 5; ++$i) {
- array_shift($backtrace);
- }
- $user_role_permissions = (isset($role_permissions[$log_entry['uid']])?$role_permissions[$log_entry['uid']]:array());
- $user_access_permissions = (isset($user_access[$log_entry['uid']]))?$user_access[$log_entry['uid']]:array();
- /* print_r($user_access[$log_entry['uid']]);
- print_r($user_role_permissions);*/
- Database::getConnection('default', 'default')->insert('adb')
- ->fields(array(
- 'uid' => $log_entry['uid'],
- 'node_access_denied' => $permissions_denied,
- 'permissions' => _dprint_r($user_access_permissions, TRUE),
- 'role_permissions' => _dprint_r($user_role_permissions, TRUE),
- 'backtrace' => _dprint_r($backtrace, TRUE),
- 'location' => $log_entry['request_uri'],
- 'timestamp' => $log_entry['timestamp'],
- ))
- ->execute();
- }
- }
- /**
- * Return form for dblog clear button.
- *
- * @ingroup forms
- * @see dblog_clear_log_submit()
- */
- function adb_clear_log_form($form) {
- $form['adb_clear'] = array(
- '#type' => 'fieldset',
- '#title' => t('Clear access denied backtraces'),
- '#description' => t('This will permanently remove the access denied backtraces from the database.'),
- '#collapsible' => TRUE,
- '#collapsed' => TRUE,
- );
- $form['adb_clear']['clear'] = array(
- '#type' => 'submit',
- '#value' => t('Clear access denied backtraces'),
- '#submit' => array('adb_clear_log_submit'),
- );
- return $form;
- }
- /**
- * Submit callback: clear database with log messages.
- */
- function adb_clear_log_submit() {
- db_delete('adb')->execute();
- drupal_set_message(t('Database access denied backtrace cleared.'));
- }
- /**
- * Pretty-print a variable to the browser (no krumo).
- * Displays only for users with proper permissions. If
- * you want a string returned instead of a print, use the 2nd param.
- * based in devel function dprint_r
- */
- function _dprint_r($input, $return = FALSE, $name = NULL, $function = 'print_r', $check = TRUE) {
- if ($name) {
- $name .= ' => ';
- }
- if ($function == 'drupal_var_export') {
- include_once DRUPAL_ROOT . '/includes/utility.inc';
- $output = drupal_var_export($input);
- } else {
- ob_start();
- $function($input);
- $output = ob_get_clean();
- }
- if ($check) {
- $output = check_plain($output);
- }
- if (count($input, COUNT_RECURSIVE) > ADB_DEVEL_MIN_TEXTAREA) {
- // don't use fapi here because sometimes fapi will not be loaded
- $printed_value = "<textarea rows=30 style=\"width: 100%;\">\n" . $name . $output . '</textarea>';
- } else {
- $printed_value = '<pre>' . $name . $output . '</pre>';
- }
- if ($return) {
- return $printed_value;
- } else {
- print $printed_value;
- }
- }
- /**
- * Print the function call stack.
- * copied from devel module but with access for all roles
- */
- function _ddebug_backtrace($return = FALSE, $pop = 0) {
- $backtrace = debug_backtrace();
- while ($pop-- > 0) {
- array_shift($backtrace);
- }
- $counter = count($backtrace);
- $path = $backtrace[$counter - 1]['file'];
- $path = substr($path, 0, strlen($path) - 10);
- $paths[$path] = strlen($path) + 1;
- $paths[DRUPAL_ROOT] = strlen(DRUPAL_ROOT) + 1;
- $nbsp = "\xC2\xA0";
- // Show message if error_level is ERROR_REPORTING_DISPLAY_SOME or higher.
- // (This is Drupal's error_level, which is different from $error_level,
- // and we purposely ignore the difference between _SOME and _ALL,
- // see #970688!)
- if (variable_get('error_level', 1) >= 1) {
- while (!empty($backtrace)) {
- $call = array();
- if (isset($backtrace[0]['file'])) {
- $call['file'] = $backtrace[0]['file'];
- foreach ($paths as $path => $len) {
- if (strpos($backtrace[0]['file'], $path) === 0) {
- $call['file'] = substr($backtrace[0]['file'], $len);
- }
- }
- $call['file'] .= ':' . $backtrace[0]['line'];
- }
- if (isset($backtrace[1])) {
- if (isset($backtrace[1]['class'])) {
- $function = $backtrace[1]['class'] . $backtrace[1]['type'] . $backtrace[1]['function'] . '()';
- } else {
- $function = $backtrace[1]['function'] . '()';
- }
- $call['args'] = $backtrace[1]['args'];
- } else {
- $function = 'main()';
- $call['args'] = $_GET;
- }
- $nicetrace[($counter <= 10 ? $nbsp : '') . --$counter . ': ' . $function] = $call;
- array_shift($backtrace);
- }
- if ($return) {
- return $nicetrace;
- }
- kprint_r($nicetrace);
- }
- }
|