public void DeleteRights(int id)
{
Rights rights = this._rightsRepository.FindBy(id);
if (rights == null)
{
throw new EntityIsInvalidException <string>(rights.ToString());
}
this._rightsRepository.Remove(rights);
this._uow.Commit();
}
public RightsView UpdateRights(int id, string name, string url, string description, bool isshow)
{
Rights rights = this._rightsRepository.FindBy(id);
if (rights == null)
{
throw new EntityIsInvalidException <string>(rights.ToString());
}
rights.UpdateRights(name, url, description, isshow);
this._uow.Commit();
return(rights.ConvertToRightsView());
}
/// <summary>
/// The ToString implementation.
/// </summary>
/// <param name="format">The format specifier to use,
/// e.g. <b>Console.WriteLine(permission.ToString("A"));</b></param>
/// <param name="provider">Allow clients to format output for their own types using
/// [ICustomFormatter](https://msdn.microsoft.com/en-us/library/system.icustomformatter.aspx).</param>
/// <returns>The formatted string.</returns>
/// <exception cref="FormatException">thrown if an invalid format string is specified.</exception>
/// \par Format specifiers:
/// \arg \c G Default when not using a format specifier.
/// \arg \c K Kind - whether the permission pertains to a depot or stream.
/// \arg \c N Name - name of the depot or stream this permission applies to.
/// \arg \c A AppliesTo - principal name of the group or user this permission applies to or one of the built-in types \b anyuser or \b authuser.
/// \arg \c T Type - whether [AppliesTo](@ref AcUtils#AcPermission#AppliesTo) is the principal name for a \b group, \b user, or \b builtin type.
/// \arg \c R Rights - whether permission rights to [Name](@ref AcUtils#AcPermission#Name) in [AppliesTo](@ref AcUtils#AcPermission#AppliesTo) is \b all or \b none.
/// \arg \c I Inheritable - For [depots](@ref AcUtils#PermKind), when \e true permission applies to the depot and its entire stream hierarchy,
/// when \e false permission applies only to AccuWork issues in the depot and not its version-controlled elements. For [streams](@ref AcUtils#PermKind),
/// when \e true permission applies to the stream and its entire subhierarchy, when \e false permission applies only to the stream.
public string ToString(string format, IFormatProvider provider)
{
if (provider != null)
{
ICustomFormatter fmt = provider.GetFormat(this.GetType()) as ICustomFormatter;
if (fmt != null)
{
return(fmt.Format(format, this, provider));
}
}
if (String.IsNullOrEmpty(format))
{
format = "G";
}
switch (format.ToUpperInvariant())
{
case "G":
{
string who = $"{((Type == PermType.builtin) ? AppliesTo : Type.ToString() + " " + AppliesTo)}";
return($@"Permission on {Name} {Kind} applies to {who} {{{Rights}, {(Inheritable ? "inherit" : "no inherit")}}}");
}
case "K": // whether the permission pertains to a depot or stream
return(Kind.ToString());
case "N": // name of the depot or stream this permission applies to
return(Name);
case "A": // principal name of the group or user this permission applies to or one of the built-in types "anyuser" or "authuser"
return(AppliesTo);
case "T": // whether AppliesTo is the principal name for a "group", "user", or a "builtin" type
return(Type.ToString());
case "R": // whether permission rights to Name in AppliesTo is "all" or "none"
return(Rights.ToString());
// For a depot, when true permission applies to the depot and its entire
// stream hierarchy, when false permission applies only to AccuWork issues
// in the depot and not its version-controlled elements.
// For a stream, when true permission applies to the stream and its entire
// subhierarchy, when false permission applies only to the stream.
case "I":
return(Inheritable.ToString());
default:
throw new FormatException($"The {format} format string is not supported.");
}
}
public bool HasRight(Rights right)
{
int currentUser = CurrentUserID();
if (CurrentUserRole() == "Administrator")
{
return(true);
}
var temp = cacheManager.Get <List <string> >(currentUser.ToString());
string rightName = right.ToString("G");
return(temp.Contains(rightName));
}
public bool HasRight(Rights right)
{
if (this.Id.IsEmpty())
{
return(false); // anonim user has no right
}
if (this.SuperUser)
{
return(true); // super user has all rights
}
return(Provider.Database.GetBool("select count(*) from MemberRole where MemberId={0} AND RoleId in (select RoleId from RoleRight where [Right]={1})",
Provider.CurrentMember.Id,
right.ToString()));
}
public override string ToString()
{
return(PrincipalName + ":" + AccessType + "(" + Rights.ToString() + ")");
}
/// <summary>
/// Check and if required, fix permissions on HKEY_CLASSES_ROOT
/// </summary>
/// <param name="FixPermissions">True to fix missing permissions, false just to check and report permission state</param>
protected static void CheckHKCRPermissions(bool FixPermissions)
{
try
{
LogMessage("CheckHKCRPermissions", "Starting HKCR permission check, FixPermissions: " + FixPermissions.ToString());
bool FoundCreatorOwnerGenericAccess = false;
bool FoundSystemGenericAccess = false;
bool FoundSystemSpecificAccess = false;
bool FoundAdministratorGenericAccess = false;
bool FoundAdministratorSpecificAccess = false;
bool FoundUserGenericAccess = false;
bool FoundUserSpecificAccess = false;
AccessRights Rights;
RegistrySecurity HKCRAccessControl = Registry.ClassesRoot.GetAccessControl();
//Iterate over the rule set and list them for Built in users
foreach (RegistryAccessRule RegRule in HKCRAccessControl.GetAccessRules(true, true, typeof(NTAccount)))
{
Rights = (AccessRights)RegRule.RegistryRights;
LogMessage("CheckHKCRPermissions", "Found rule: " + RegRule.AccessControlType.ToString() + " " + RegRule.IdentityReference.ToString() + " " + Rights.ToString() + " / " + (RegRule.IsInherited ? "Inherited" : "NotInherited") + " / " + RegRule.InheritanceFlags.ToString() + " / " + RegRule.PropagationFlags.ToString());
// Allow CREATOR OWNER GenericAll / NotInherited / ContainerInherit / InheritOnly
if ((RegRule.IdentityReference.ToString().Equals(GetLocalAccountName(CreatorOwnerSID), StringComparison.OrdinalIgnoreCase)) &
Rights == AccessRights.GenericAll &
RegRule.InheritanceFlags == InheritanceFlags.ContainerInherit &
RegRule.PropagationFlags == PropagationFlags.InheritOnly)
{
FoundCreatorOwnerGenericAccess = true;
}
// Allow NT AUTHORITY\SYSTEM GenericAll / NotInherited / ContainerInherit / InheritOnly
if ((RegRule.IdentityReference.ToString().Equals(GetLocalAccountName(NTAuthoritySystemSID), StringComparison.OrdinalIgnoreCase)) &
Rights == AccessRights.GenericAll &
RegRule.InheritanceFlags == InheritanceFlags.ContainerInherit &
RegRule.PropagationFlags == PropagationFlags.InheritOnly)
{
FoundSystemGenericAccess = true;
}
// Allow NT AUTHORITY\SYSTEM Query, SetKey, CreateSubKey, EnumSubkey, Notify, CreateLink, StandardDelete, StandardReadControl, StandardWriteDAC, StandardWriteOwner / NotInherited / None / None
if ((RegRule.IdentityReference.ToString().Equals(GetLocalAccountName(NTAuthoritySystemSID), StringComparison.OrdinalIgnoreCase)) &
Rights == FullRights &
RegRule.InheritanceFlags == InheritanceFlags.None &
RegRule.PropagationFlags == PropagationFlags.None)
{
FoundSystemSpecificAccess = true;
}
// Allow BUILTIN\Administrators GenericAll / NotInherited / ContainerInherit / InheritOnly
if ((RegRule.IdentityReference.ToString().Equals(GetLocalAccountName(BuiltInAdministratorsSID), StringComparison.OrdinalIgnoreCase)) &
Rights == AccessRights.GenericAll &
RegRule.InheritanceFlags == InheritanceFlags.ContainerInherit &
RegRule.PropagationFlags == PropagationFlags.InheritOnly)
{
FoundAdministratorGenericAccess = true;
}
// Allow BUILTIN\Administrators Query, SetKey, CreateSubKey, EnumSubkey, Notify, CreateLink, StandardDelete, StandardReadControl, StandardWriteDAC, StandardWriteOwner / NotInherited / None / None
if ((RegRule.IdentityReference.ToString().Equals(GetLocalAccountName(BuiltInAdministratorsSID), StringComparison.OrdinalIgnoreCase)) &
Rights == FullRights &
RegRule.InheritanceFlags == InheritanceFlags.None &
RegRule.PropagationFlags == PropagationFlags.None)
{
FoundAdministratorSpecificAccess = true;
}
// Allow BUILTIN\Users GenericRead / NotInherited / ContainerInherit / InheritOnly
if ((RegRule.IdentityReference.ToString().Equals(GetLocalAccountName(BuiltInUsersSID), StringComparison.OrdinalIgnoreCase)) &
Rights == AccessRights.GenericRead &
RegRule.InheritanceFlags == InheritanceFlags.ContainerInherit &
RegRule.PropagationFlags == PropagationFlags.InheritOnly)
{
FoundUserGenericAccess = true;
}
// Allow BUILTIN\Users Query, EnumSubkey, Notify, StandardReadControl / NotInherited / None / None
if ((RegRule.IdentityReference.ToString().Equals(GetLocalAccountName(BuiltInUsersSID), StringComparison.OrdinalIgnoreCase)) &
Rights == ReadRights &
RegRule.InheritanceFlags == InheritanceFlags.None &
RegRule.PropagationFlags == PropagationFlags.None)
{
FoundUserSpecificAccess = true;
}
}
LogMessage("CheckHKCRPermissions", " ");
if (FoundCreatorOwnerGenericAccess)
{
LogMessage("CheckHKCRPermissions", "OK - HKCR\\ does have CreatorOwnerGenericAccess");
}
else
{
LogError("CheckHKCRPermissions", "HKCR\\ does not have CreatorOwnerGenericAccess!");
}
if (FoundSystemGenericAccess)
{
LogMessage("CheckHKCRPermissions", "OK - HKCR\\ does have SystemGenericAccess");
}
else
{
LogError("CheckHKCRPermissions", "HKCR\\ does not have SystemGenericAccess!");
}
if (FoundSystemSpecificAccess)
{
LogMessage("CheckHKCRPermissions", "OK - HKCR\\ does have SystemSpecificAccess");
}
else
{
LogError("CheckHKCRPermissions", "HKCR\\ does not have SystemSpecificAccess!");
}
if (FoundAdministratorGenericAccess)
{
LogMessage("CheckHKCRPermissions", "OK - HKCR\\ does have AdministratorGenericAccess");
}
else
{
LogError("CheckHKCRPermissions", "HKCR\\ does not have AdministratorGenericAccess!");
}
if (FoundAdministratorSpecificAccess)
{
LogMessage("CheckHKCRPermissions", "OK - HKCR\\ does have AdministratorSpecificAccess");
}
else
{
LogError("CheckHKCRPermissions", "HKCR\\ does not have AdministratorSpecificAccess!");
}
if (FoundUserGenericAccess)
{
LogMessage("CheckHKCRPermissions", "OK - HKCR\\ does have UserGenericAccess");
}
else
{
LogError("CheckHKCRPermissions", "HKCR\\ does not have UserGenericAccess!");
}
if (FoundUserSpecificAccess)
{
LogMessage("CheckHKCRPermissions", "OK - HKCR\\ does have UserSpecificAccess");
}
else
{
LogError("CheckHKCRPermissions", "HKCR\\ does not have UserSpecificAccess!");
}
LogMessage("CheckHKCRPermissions", " ");
if (FixPermissions)
{
Stopwatch swLocal = null;
try
{
swLocal = Stopwatch.StartNew();
LogMessage("SetRegistryACL", "Fixing registry permissions");
//Set a security ACL on the ASCOM Profile key giving the Users group Full Control of the key
LogMessage("SetRegistryACL", "Creating security identifiers");
SecurityIdentifier DomainSid = new SecurityIdentifier("S-1-0-0"); //Create a starting point domain SID
//Create security identifiers for the various accounts to be passed to the new access rule
SecurityIdentifier BuiltinUsersIdentifier = new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, DomainSid);
SecurityIdentifier AdministratorsIdentifier = new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, DomainSid);
SecurityIdentifier CreatorOwnerIdentifier = new SecurityIdentifier(WellKnownSidType.CreatorOwnerSid, DomainSid);
SecurityIdentifier SystemIdentifier = new SecurityIdentifier(WellKnownSidType.LocalSystemSid, DomainSid);
LogMessage("SetRegistryACL", "Creating new ACL rules"); // Create the new access permission rules
RegistryAccessRule CreatorOwnerGenericAccessRule = new RegistryAccessRule(CreatorOwnerIdentifier,
(RegistryRights)AccessRights.GenericAll,
InheritanceFlags.ContainerInherit,
PropagationFlags.InheritOnly,
AccessControlType.Allow);
RegistryAccessRule SystemGenericAccessRule = new RegistryAccessRule(SystemIdentifier,
(RegistryRights)AccessRights.GenericAll,
InheritanceFlags.ContainerInherit,
PropagationFlags.InheritOnly,
AccessControlType.Allow);
RegistryAccessRule SystemFullAccessRule = new RegistryAccessRule(SystemIdentifier,
(RegistryRights)FullRights,
InheritanceFlags.None,
PropagationFlags.None,
AccessControlType.Allow);
RegistryAccessRule AdministratorsGenericAccessRule = new RegistryAccessRule(AdministratorsIdentifier,
(RegistryRights)AccessRights.GenericAll,
InheritanceFlags.ContainerInherit,
PropagationFlags.InheritOnly,
AccessControlType.Allow);
RegistryAccessRule AdministratorsFullAccessRule = new RegistryAccessRule(AdministratorsIdentifier,
(RegistryRights)FullRights,
InheritanceFlags.None,
PropagationFlags.None,
AccessControlType.Allow);
RegistryAccessRule BuiltinUsersGenericAccessRule = new RegistryAccessRule(BuiltinUsersIdentifier,
unchecked ((RegistryRights)AccessRights.GenericRead),
InheritanceFlags.ContainerInherit,
PropagationFlags.InheritOnly,
AccessControlType.Allow);
RegistryAccessRule BuiltinUsersReadAccessRule = new RegistryAccessRule(BuiltinUsersIdentifier,
(RegistryRights)ReadRights,
InheritanceFlags.None,
PropagationFlags.None,
AccessControlType.Allow);
LogMessage("SetRegistryACL", "Retrieving current ACL rule");
LogMessage("SetRegistryACL", " ");
RegistrySecurity KeySec = Registry.ClassesRoot.GetAccessControl(); // Get existing ACL rules on the key
//Iterate over the rule set and list them
foreach (RegistryAccessRule RegRule in KeySec.GetAccessRules(true, true, typeof(NTAccount)))
{
LogMessage("SetRegistryACL Before", RegRule.AccessControlType.ToString() + " " +
RegRule.IdentityReference.ToString() + " " +
((AccessRights)RegRule.RegistryRights).ToString() + " " +
RegRule.IsInherited.ToString() + " " +
RegRule.InheritanceFlags.ToString() + " " +
RegRule.PropagationFlags.ToString());
}
LogMessage("SetRegistryACL", "Adding new ACL rules");
LogMessage("SetRegistryACL", " ");
// Remove old rules
KeySec.PurgeAccessRules(CreatorOwnerIdentifier);
KeySec.PurgeAccessRules(AdministratorsIdentifier);
KeySec.PurgeAccessRules(BuiltinUsersIdentifier);
KeySec.PurgeAccessRules(SystemIdentifier);
//Add the new rules to the existing rules
KeySec.AddAccessRule(CreatorOwnerGenericAccessRule);
KeySec.AddAccessRule(SystemGenericAccessRule);
KeySec.AddAccessRule(SystemFullAccessRule);
KeySec.AddAccessRule(AdministratorsGenericAccessRule);
KeySec.AddAccessRule(AdministratorsFullAccessRule);
KeySec.AddAccessRule(BuiltinUsersGenericAccessRule);
KeySec.AddAccessRule(BuiltinUsersReadAccessRule);
//Iterate over the new rule set and list them
foreach (RegistryAccessRule RegRule in KeySec.GetAccessRules(true, true, typeof(NTAccount)))
{
LogMessage("SetRegistryACL After", RegRule.AccessControlType.ToString() + " " +
RegRule.IdentityReference.ToString() + " " +
((AccessRights)RegRule.RegistryRights).ToString() + " " +
RegRule.IsInherited.ToString() + " " +
RegRule.InheritanceFlags.ToString() + " " +
RegRule.PropagationFlags.ToString());
}
LogMessage("SetRegistryACL", "Setting new ACL rule");
Registry.ClassesRoot.SetAccessControl(KeySec); //Apply the new rules to the Profile key
LogMessage("SetRegistryACL", "Retrieving new rule set from key");
// Retrieve the new rule set and list them
foreach (RegistryAccessRule RegRule in Registry.ClassesRoot.GetAccessControl().GetAccessRules(true, true, typeof(NTAccount)))
{
LogMessage("SetRegistryACL New", RegRule.AccessControlType.ToString() + " " +
RegRule.IdentityReference.ToString() + " " +
((AccessRights)RegRule.RegistryRights).ToString() + " " +
RegRule.IsInherited.ToString() + " " +
RegRule.InheritanceFlags.ToString() + " " +
RegRule.PropagationFlags.ToString());
}
swLocal.Stop();
LogMessage("SetRegistryACL", "ElapsedTime " + swLocal.ElapsedMilliseconds + " milliseconds");
swLocal = null;
}
catch (Exception ex)
{
LogMessage("SetRegistryACLException", ex.ToString());
}
}
}
catch (NullReferenceException ex)
{
SetReturnCode(5);
LogError("CheckHKCRPermissions", "HKCR\\ does not exist. " + ex.ToString()); // Should never happen!
}
catch (SecurityException ex)
{
SetReturnCode(5);
LogError("CheckHKCRPermissions", "Security exception when accessing HKCR\\ " + ex.ToString()); // Should never happen!
}
catch (Exception ex)
{
SetReturnCode(5);
LogError("CheckHKCRPermissions", "Unexpected exception: " + ex.ToString());
}
}
