public static void PopulatePermissionFromIDataReader( PermissionBase p, IDataReader reader) { p.Name = (string) reader["RoleName"]; p.RoleID = (Guid) reader["RoleID"]; p.SectionID = (int) reader["SectionID"]; p.Implied = (bool)reader["Implied"]; p.AllowMask = (Permission) (long)reader["AllowMask"]; p.DenyMask = (Permission) (long)reader["DenyMask"]; }
public abstract void CreateUpdateDeletePermission(PermissionBase p, DataProviderAction action);
/// <summary> /// This method merges the supplied permissions with the current permissions to come up with an /// updated permission set. The logic is that and Implied Allow overrides an Implied Deny, but /// and Explicit Deny overrides an Implicit Allow, while an Explicit Allow overrides an Explicit /// Deny. This gives us a least restrictive security system. /// </summary> /// <param name="permissionBase">The permission to merge with the current permission set</param> public void Merge( PermissionBase permissionBase ) { this.allowMask |= permissionBase.AllowMask; this.denyMask |= permissionBase.DenyMask; if( this.implied ) { if( permissionBase.Implied ) { this.allowMask |= permissionBase.AllowMask; this.denyMask |= permissionBase.DenyMask; } else { // this logic takes the DenyMasks and coverts the ON bits to off bits and the off bits to ON bits. This gives // us a reverse mask of the deny. Deny describes what is currently denied, but to turn off an allow bit we need // to perform an exclive or on the inverse of the deny mask. This has the result of turning any ALLOW bits off // that the deny bit was set to on (before doing the inverse). this.allowMask = (Permission)(( (long)this.allowMask & ( (long)-1 ^ (long)permissionBase.DenyMask )) | (long)permissionBase.AllowMask); this.denyMask |= permissionBase.DenyMask; this.implied = false; } } else { if( permissionBase.Implied ) { // this.allowMask |= permissionBase.AllowMask; // take the implied allow mask, and turn off any bits, that are explicited denied this.allowMask |= (Permission)(( (long)this.allowMask & ( (long)-1 ^ (long)this.DenyMask )) | (long)permissionBase.AllowMask); this.denyMask |= permissionBase.DenyMask; } else { // this.allowMask = (Permission)(( (long)this.allowMask & ( (long)-1 ^ (long)permissionBase.DenyMask )) | (long)permissionBase.AllowMask); this.allowMask |= permissionBase.AllowMask; this.denyMask |= permissionBase.DenyMask; } } }