internal void SpecialSplit(ref TokenBasedSet unrestrictedPermSet, ref TokenBasedSet normalPermSet, bool ignoreTypeLoadFailures)
{
int maxUsedIndex = this.GetMaxUsedIndex();
for (int i = this.GetStartingIndex(); i <= maxUsedIndex; i++)
{
object item = this.GetItem(i);
if (item != null)
{
IPermission perm = item as IPermission;
if (perm == null)
{
perm = PermissionSet.CreatePerm(item, ignoreTypeLoadFailures);
}
PermissionToken token = PermissionToken.GetToken(perm);
if ((perm != null) && (token != null))
{
if (perm is IUnrestrictedPermission)
{
if (unrestrictedPermSet == null)
{
unrestrictedPermSet = new TokenBasedSet();
}
unrestrictedPermSet.SetItem(token.m_index, perm);
}
else
{
if (normalPermSet == null)
{
normalPermSet = new TokenBasedSet();
}
normalPermSet.SetItem(token.m_index, perm);
}
}
}
}
}
protected void UpdateEntity <TEntity>(int id, Action <TEntity> func, PermissionToken permissionFlags, bool skipLog = false)
{
var typeName = typeof(TEntity).Name;
SysLog(string.Format("is about to update {0} with Id {1}", typeName, id));
PermissionContext.VerifyPermission(permissionFlags);
HandleTransaction(session => {
var entity = session.Load <TEntity>(id);
if (!skipLog)
{
AuditLog("updating " + entity, session);
}
else
{
SysLog("updating " + entity);
}
func(entity);
session.Update(entity);
}, "Unable to update " + typeName);
}
public bool HasPermission(PermissionToken token)
{
if (token == PermissionToken.Nothing)
return true;
if (!IsLoggedIn || !LoggedUser.Active)
return false;
if (token == PermissionToken.ManageDatabase && LockdownEnabled)
return false;
return (LoggedUser.EffectivePermissions.Contains(token));
}
public void VerifyPermission(PermissionToken flag)
{
if (!HasPermission(flag)) {
log.Warn("User '{0}' does not have the requested permission '{1}'", Name, flag);
throw new NotAllowedException();
}
}
public ServerOnlyUserWithPermissionsContract ToContract()
{
return(new ServerOnlyUserWithPermissionsContract
{
Active = Active,
Email = Email ?? string.Empty,
GroupId = GroupId,
Id = Id,
Name = Name,
OwnedArtistEntries = OwnedArtists.ToArray(),
Poisoned = Poisoned,
Supporter = Supporter,
AdditionalPermissions = new HashSet <PermissionToken>(Permissions.Where(p => p.HasFlag).Select(p => PermissionToken.GetById(p.PermissionType.Id)))
});
}
public static void UpdateEntity <TEntity, TRepositoryContext>(this IRepositoryBase <TRepositoryContext> repository, int id,
Action <TRepositoryContext, TEntity> func, PermissionToken permissionFlags, IUserPermissionContext permissionContext,
bool skipLog = false) where TRepositoryContext : IDatabaseContext
{
var typeName = typeof(TEntity).Name;
permissionContext.VerifyPermission(permissionFlags);
repository.HandleTransaction(session => {
session.AuditLogger.SysLog(string.Format("is about to update {0} with Id {1}", typeName, id));
var entity = session.Load <TEntity>(id);
if (!skipLog)
{
session.AuditLogger.AuditLog("updating " + entity);
}
else
{
session.AuditLogger.SysLog("updating " + entity);
}
func(session, entity);
session.OfType <TEntity>().Update(entity);
}, "Unable to update " + typeName);
}
public static string PermissionTokenName(PermissionToken token)
{
var t = PermissionToken.GetById(token.Id);
return PermissionTokenNames.ResourceManager.GetString(t.Name) ?? t.Name;
}
/// <summary>
/// 根据Token字符串获得PermissionToken对象
/// </summary>
/// <param name="TokenStr">Token字符串</param>
/// <returns></returns>
public PermissionToken GetPermissionTokenByTokenStr(string TokenStr)
{
PermissionToken permissionToken = context.PermissionToken.Where(P => P.TokenStr == TokenStr).FirstOrDefault();
return(permissionToken);
}
public UserWithPermissionsContract ToContract()
{
return(new UserWithPermissionsContract {
Active = this.Active,
GroupId = this.GroupId,
Id = this.Id,
Name = this.Name,
OwnedArtistEntries = OwnedArtists.ToArray(),
Poisoned = this.Poisoned,
AdditionalPermissions = new HashSet <PermissionToken>(Permissions.Where(p => p.HasFlag).Select(p => PermissionToken.GetById(p.PermissionType.Id)))
});
}
public static string PermissionTokenName(PermissionTokenContract token)
{
return(PermissionTokenNames.ResourceManager.GetString(PermissionToken.GetNameById(token.Id)));
}
public static string PermissionTokenName(PermissionTokenContract token)
{
var t = PermissionToken.GetById(token.Id);
return(PermissionTokenNames.ResourceManager.GetString(t.Name) ?? t.Name);
}
public PermissionTokenContract(PermissionToken token)
{
Id = token.Id;
Name = token.Name;
}
public PermissionTokenContract(PermissionToken token)
{
Id = token.Id;
Name = token.Name;
}
public static string PermissionTokenName(PermissionToken token)
{
return PermissionTokenNames.ResourceManager.GetString(PermissionToken.GetNameById(token.Id));
}
internal void GetZoneAndOrigin(ArrayList zoneList, ArrayList originList, PermissionToken zoneToken, PermissionToken originToken)
{
this.CompleteConstruction((CompressedStack)null);
if (this.PLS == null)
{
return;
}
this.PLS.GetZoneAndOrigin(zoneList, originList, zoneToken, originToken);
}
[System.Security.SecurityCritical] // auto-generated
internal void GetZoneAndOrigin(ArrayList zoneList, ArrayList originList, PermissionToken zoneToken, PermissionToken originToken)
{
CompleteConstruction(null);
if (PLS != null)
{
PLS.GetZoneAndOrigin(zoneList, originList, zoneToken, originToken);
}
return;
}
ParseElementForObjectCreation(SecurityElement el,
String requiredNamespace,
out String className,
out int classNameStart,
out int classNameLength)
{
className = null;
classNameStart = 0;
classNameLength = 0;
int requiredNamespaceLength = requiredNamespace.Length;
String fullClassName = el.Attribute("class");
if (fullClassName == null)
{
throw new ArgumentException(Environment.GetResourceString("Argument_NoClass"));
}
if (fullClassName.IndexOf('\'') >= 0)
{
fullClassName = fullClassName.Replace('\'', '\"');
}
if (!PermissionToken.IsMscorlibClassName(fullClassName))
{
return(false);
}
int commaIndex = fullClassName.IndexOf(',');
int namespaceClassNameLength;
// If the classname is tagged with assembly information, find where
// the assembly information begins.
if (commaIndex == -1)
{
namespaceClassNameLength = fullClassName.Length;
}
else
{
namespaceClassNameLength = commaIndex;
}
// Only if the length of the class name is greater than the namespace info
// on our requiredNamespace do we continue
// with our check.
if (namespaceClassNameLength > requiredNamespaceLength)
{
// Make sure we are in the required namespace.
if (fullClassName.StartsWith(requiredNamespace, StringComparison.Ordinal))
{
className = fullClassName;
classNameLength = namespaceClassNameLength - requiredNamespaceLength;
classNameStart = requiredNamespaceLength;
return(true);
}
}
return(false);
}
// Used to merge two distinct TokenBasedSets (used currently only in PermissionSet Deserialization)
internal TokenBasedSet SpecialUnion(TokenBasedSet other, ref bool canUnrestrictedOverride)
{
// This gets called from PermissionSet.OnDeserialized and it's possible that the TokenBasedSets have
// not been subjected to VTS callbacks yet
OnDeserializedInternal();
TokenBasedSet unionSet = new TokenBasedSet();
int maxMax;
if (other != null)
{
other.OnDeserializedInternal();
maxMax = this.GetMaxUsedIndex() > other.GetMaxUsedIndex() ? this.GetMaxUsedIndex() : other.GetMaxUsedIndex();
}
else
{
maxMax = this.GetMaxUsedIndex();
}
for (int i = 0; i <= maxMax; ++i)
{
Object thisObj = this.GetItem(i);
IPermission thisPerm = thisObj as IPermission;
ISecurityElementFactory thisElem = thisObj as ISecurityElementFactory;
Object otherObj = (other != null)?other.GetItem(i):null;
IPermission otherPerm = otherObj as IPermission;
ISecurityElementFactory otherElem = otherObj as ISecurityElementFactory;
if (thisObj == null && otherObj == null)
{
continue;
}
if (thisObj == null)
{
if (otherElem != null)
{
otherPerm = PermissionSet.CreatePerm(otherElem, false);
}
PermissionToken token = PermissionToken.GetToken(otherPerm);
if (token == null)
{
throw new SerializationException(Environment.GetResourceString("Serialization_InsufficientState"));
}
unionSet.SetItem(token.m_index, otherPerm);
if (!CodeAccessPermission.CanUnrestrictedOverride(otherPerm))
{
canUnrestrictedOverride = false;
}
}
else if (otherObj == null)
{
if (thisElem != null)
{
thisPerm = PermissionSet.CreatePerm(thisElem, false);
}
PermissionToken token = PermissionToken.GetToken(thisPerm);
if (token == null)
{
throw new SerializationException(Environment.GetResourceString("Serialization_InsufficientState"));
}
unionSet.SetItem(token.m_index, thisPerm);
if (!CodeAccessPermission.CanUnrestrictedOverride(thisPerm))
{
canUnrestrictedOverride = false;
}
}
else
{
BCLDebug.Assert((thisObj == null || otherObj == null), "Permission cannot be in both TokenBasedSets");
}
}
return(unionSet);
}
/// <summary>
/// 根据Uid获得Token字符串
/// </summary>
/// <param name="Uid">用户Id</param>
/// <returns></returns>
public string GetTokenStrByUid(string Uid)
{
PermissionToken permissionToken = context.PermissionToken.Find(Uid);
return(permissionToken != null ? permissionToken.TokenStr : null);
}
public PermissionFlagEntry(PermissionToken permissionType, bool hasFlag, bool hasPermission)
{
PermissionType = new PermissionTokenContract(permissionType);
HasFlag = hasFlag;
HasPermission = hasPermission;
}
internal bool CheckDemandNoHalt(CodeAccessPermission demand, PermissionToken permToken, RuntimeMethodHandle rmh)
{
this.CompleteConstruction(null);
return((this.PLS == null) || this.PLS.CheckDemand(demand, permToken, rmh));
}
/// <summary>
/// 根据Uid获得Role
/// </summary>
/// <param name="Uid">用户Id</param>
/// <returns></returns>
public string GetRoleByUid(string Uid)
{
PermissionToken permissionToken = context.PermissionToken.Find(Uid);
return(permissionToken != null ? permissionToken.Role : null);
}
public void GrantPermission(PermissionToken permissionToken)
{
LoggedUser?.EffectivePermissions.Add(permissionToken);
}
/// <summary>
/// 根据Token字符串获得Uid
/// </summary>
/// <param name="TokenStr">Token字符串</param>
/// <returns></returns>
public string GetUidByTokenStr(string TokenStr)
{
PermissionToken permissionToken = context.PermissionToken.Where(P => P.TokenStr == TokenStr).FirstOrDefault();
return(permissionToken != null ? permissionToken.Uid : null);
}
public void UpdateUser(UserWithPermissionsContract contract)
{
ParamIs.NotNull(() => contract);
UpdateEntity <User>(contract.Id, (session, user) => {
if (!EntryPermissionManager.CanEditUser(PermissionContext, user.GroupId))
{
var loggedUser = GetLoggedUser(session);
var msg = string.Format("{0} (level {1}) not allowed to edit {2}", loggedUser, loggedUser.GroupId, user);
log.Error(msg);
throw new NotAllowedException(msg);
}
if (EntryPermissionManager.CanEditGroupTo(PermissionContext, contract.GroupId))
{
user.GroupId = contract.GroupId;
}
if (EntryPermissionManager.CanEditAdditionalPermissions(PermissionContext))
{
user.AdditionalPermissions = new PermissionCollection(contract.AdditionalPermissions.Select(p => PermissionToken.GetById(p.Id)));
}
var diff = OwnedArtistForUser.Sync(user.AllOwnedArtists, contract.OwnedArtistEntries, a => user.AddOwnedArtist(session.Load <Artist>(a.Artist.Id)));
SessionHelper.Sync(session, diff);
user.Active = contract.Active;
AuditLog(string.Format("updated {0}", EntryLinkFactory.CreateEntryLink(user)), session);
}, PermissionToken.ManageUserPermissions, skipLog: true);
}
/// <summary>
/// 根据Uid获得PermissionToken对象
/// </summary>
/// <param name="Uid">用户Id</param>
/// <returns></returns>
public PermissionToken GetPermissionTokenByUid(string Uid)
{
PermissionToken permissionToken = context.PermissionToken.Where(P => P.Uid == Uid).FirstOrDefault();
return(permissionToken);
}
public PermissionFlagEntry(PermissionToken permissionType, bool hasFlag, bool hasPermission)
{
PermissionType = new PermissionTokenContract(permissionType);
HasFlag = hasFlag;
HasPermission = hasPermission;
}
