public AccessControlEntry(Permission permission, Operation operation, IAccessControlResource resource, Identity targetIdentity)
{
TargetIdentity = targetIdentity;
Resource = resource;
Operation = operation;
Permission = permission;
}
public override AccessControlContainer GetAccessControlContainer(IAccessControlResource resource)
{
if (!accessDict.ContainsKey(resource.Identifier))
{
throw new InvalidOperationException($"AccessControlContainer does not exist for resource: {resource.Identifier}");
}
return(accessDict[resource.Identifier]);
}
public override void CreateAccessControlContainer(IAccessControlResource resource, Identity owner)
{
if (accessDict.ContainsKey(resource.Identifier))
{
throw new InvalidOperationException($"AccessControlContainer already exist for resource: {resource.Identifier}");
}
accessDict[resource.Identifier] = new AccessControlContainer(owner);
}
private void EnsureCanEdit(IAccessControlResource resource, User opertor)
{
AccessControlContainer acc = GetAccessControlContainer(resource);
if (!acc.Owner.HasDescendant(opertor))
{
throw new InvalidOperationException($"{opertor.UniqueName} is not authorize to edit the ACL for resource: {resource.Identifier}");
}
}
public virtual bool ValidateAccess(IAccessControlResource resource, Operation operation, Identity requester)
{
bool premissionGranted = false;
AccessControlContainer accessControlContainer = GetAccessControlContainer(resource);
foreach (AccessControlEntry ace in accessControlContainer.Entries)
{
if (ace.TargetIdentity.HasDescendant(requester))
{
if (ace.Permission == Permission.Deny)
{
return(false);
}
premissionGranted = true;
}
}
return(premissionGranted);
}
public abstract void DeleteEntry(IAccessControlResource resource, AccessControlEntry entry, User requester);
public abstract void CreateAccessControlContainer(IAccessControlResource resource, Identity requester);
public abstract AccessControlContainer GetAccessControlContainer(IAccessControlResource resource);
public override void DeleteEntry(IAccessControlResource resource, AccessControlEntry entry, User requester)
{
EnsureCanEdit(resource, requester);
accessDict[resource.Identifier].Entries.Remove(entry);
}
