private SnAccessControlEntry CreateEntry(int principalId, bool propagates)
{
var entry = SnAccessControlEntry.CreateEmpty(principalId, propagates); //TODO: CreateEmpty(principal);
var list = acl.Entries.ToList();
list.Add(entry);
acl.Entries = list;
return(entry);
}
internal void AddEntry(SnAccessControlEntry entry)
{
var newEntry = CreateEntry(entry.Identity.NodeId, entry.Propagates);
uint allowBits, denyBits;
entry.GetPermissionBits(out allowBits, out denyBits);
PermissionBits.SetBits(ref allowBits, ref denyBits);
newEntry.SetPermissionsBits(allowBits, denyBits);
var list = acl.Entries.ToList();
list.Add(newEntry);
acl.Entries = list.ToArray();
}
internal SnAccessControlList BuildAcl(SnAccessControlList acl)
{
//var principals = GetEffectedPrincipals();
var aces = new Dictionary <int, SnAccessControlEntry>();
for (var permInfo = this; permInfo != null; permInfo = permInfo.Inherits ? permInfo.Parent : null)
{
foreach (var permSet in permInfo.PermissionSets)
{
// get ace by princ
var princ = permSet.PrincipalId;
SnAccessControlEntry ace;
if (!aces.TryGetValue(princ, out ace))
{
ace = SnAccessControlEntry.CreateEmpty(princ, permSet.Propagates);
aces.Add(princ, ace);
}
// get permissions and paths
int mask = 1;
for (int i = 0; i < ActiveSchema.PermissionTypes.Count; i++)
{
var permission = ace.Permissions.ElementAt(i);
if (!permission.Deny)
{
if ((permSet.DenyBits & mask) != 0)
{
permission.Deny = true;
permission.DenyFrom = SearchFirstPath(acl.Path, permInfo, permSet, mask, true);
}
}
if (!permission.Allow)
{
var allow = (permSet.AllowBits & mask) != 0;
if ((permSet.AllowBits & mask) != 0)
{
permission.Allow = true;
permission.AllowFrom = SearchFirstPath(acl.Path, permInfo, permSet, mask, false);
}
}
mask = mask << 1;
}
}
}
acl.Inherits = acl.Path == this.Path ? this.Inherits : true;
acl.Entries = aces.Values.ToArray();
return(acl);
}
//======================================================================= Event handlers
protected void ListViewAcl_ItemDataBound(object sender, ListViewItemEventArgs e)
{
var dataItem = e.Item as ListViewDataItem;
if (dataItem == null)
return;
var ace = dataItem.DataItem as SnAccessControlEntry;
if (ace == null)
return;
//Pin the current entry. It is used by the
//permission list databinding method.
_currentAce = ace;
var lblName = GetIdentityControl(dataItem);
if (lblName != null)
{
var identity = Node.Load<GenericContent>(ace.Identity.Path);
var name = identity is User ? ((User) identity).Username : identity.Name;
if (!identity.Path.StartsWith(Repository.ImsFolderPath))
name = name + " " + HttpContext.GetGlobalResourceObject("Portal", "PermissionLocalGroup");
else
name = identity.Path.Substring(Repository.ImsFolderPath.Length + 1);
lblName.Text = string.Format("{0} ({1})", identity.DisplayName, name);
}
var lblIcon = GetIdentityIconControl(dataItem);
if (lblIcon != null)
{
try
{
lblIcon.CssClass += " snIconBig_" + ContentType.GetByName(Enum.GetName(typeof(SnIdentityKind), ace.Identity.Kind)).Icon;
}
catch (Exception ex)
{
Logger.WriteException(ex);
}
}
var lvAce = GetPermissionListViewControl(dataItem);
if (lvAce != null)
{
lvAce.ItemDataBound += ListViewAce_ItemDataBound;
lvAce.DataSource = ace.Permissions;
lvAce.DataBind();
}
var lblHidden = GetHiddenAceLabel(dataItem);
if (lblHidden != null)
lblHidden.Text = this.EntryIds[ace];
RefreshAcePanelVisibility(dataItem);
}
private void RemoveEntry(SnAccessControlEntry entry)
{
acl.Entries = acl.Entries.Except(new SnAccessControlEntry[] { entry }).ToList();
}
private SnPermission GetSnPerm(SnAccessControlEntry entry, PermissionType permType)
{
return(entry.Permissions.Where(p => p.Name == permType.Name).First());
}
private SnPermission GetSnPerm(SnAccessControlEntry entry, PermissionType permType)
{
return entry.Permissions.Where(p => p.Name == permType.Name).First();
}
internal void AddEntry(SnAccessControlEntry entry)
{
var newEntry = CreateEntry(entry.Identity.NodeId, entry.Propagates);
int allowBits, denyBits;
entry.GetPermissionBits(out allowBits, out denyBits);
SecurityHandler.SetBits(ref allowBits, ref denyBits);
newEntry.SetPermissionsBits(allowBits, denyBits);
var list = acl.Entries.ToList();
list.Add(newEntry);
acl.Entries = list.ToArray();
}
private void RemoveEntry(SnAccessControlEntry entry)
{
acl.Entries = acl.Entries.Except(new SnAccessControlEntry[] { entry }).ToList();
}
private string SetAclTest(int operationNumber, string initial, string readOnlyMask, string set, string expected)
{
if (readOnlyMask == null)
readOnlyMask = initial.Replace("+", "r").Replace("-", "r");
//Trace.WriteLine(String.Format("@> TEST #{0}: {1} | {2} | {3} | {4}", operationNumber, initial, readOnlyMask, set, expected));
var node = TestRoot;
var visitor = User.Visitor;
var ident = new SnIdentity { Kind = SnIdentityKind.User, Name = "Visitor", NodeId = visitor.Id, Path = visitor.Path };
var permsEd = GetPermsFromString(initial, readOnlyMask);
var entryEd = new SnAccessControlEntry { Identity = ident, Propagates = true, Permissions = permsEd };
var aclEd = new SnAccessControlList { NodeId = 9999, Creator = ident, Inherits = true, LastModifier = ident, Path = "asdf", Entries = new[] { entryEd } };
var perms0 = GetPermsFromString(initial, readOnlyMask);
var entry0 = new SnAccessControlEntry { Identity = ident, Propagates = true, Permissions = perms0 };
var acl0 = new SnAccessControlList { NodeId = 9999, Creator = ident, Inherits = true, LastModifier = ident, Path = "asdf", Entries = new[] { entry0 } };
var perms1 = GetPermsFromString(set, readOnlyMask);
var entry1 = new SnAccessControlEntry { Identity = ident, Propagates = true, Permissions = perms1 };
var acl1 = new SnAccessControlList { NodeId = 9999, Creator = ident, Inherits = true, LastModifier = ident, Path = "asdf", Entries = new[] { entry1 } };
var ed = node.Security.GetAclEditor();
ed.Acl = aclEd; // clone of acl0
var edAcc = new AclEditorAccessor(ed);
var secAcc = new SecurityHandlerAccessor(node.Security);
var entries = secAcc.GetEntriesFromAcl(ed, acl0, acl1);
var resultEntry = SearchEntry(entries, User.Visitor, true);
var result = resultEntry.ValuesToString();
if (result == expected)
return null;
return String.Concat("State is '", result, "', expected '", expected, "' at operation ", operationNumber);
}
