private void ProcessPermissions(AclInfo aclInfo, AceInfo aceInfo, AccessControlEntry ace, bool isLocal)
{
var perms = ace.Permissions;
for (var i = 0; i < ace.Permissions.Length; i++)
{
var mask = 1ul << i;
var perm = perms[i];
if (!perm.Allow && !perm.Deny)
{
if ((aceInfo.DenyBits & mask) != 0)
{
perm.Deny = true;
if (!isLocal)
{
perm.DenyFrom = aclInfo.EntityId;
}
}
else if ((aceInfo.AllowBits & mask) == mask)
{
perm.Allow = true;
if (!isLocal)
{
perm.AllowFrom = aclInfo.EntityId;
}
}
}
}
}
private AclInfo EnsureAcl(int entityId)
{
if (!_acls.TryGetValue(entityId, out var aclInfo))
{
aclInfo = SecurityEntity.GetAclInfoCopy(this.Context, entityId, this.EntryType);
if (aclInfo == null)
{
// creating an empty acl
this.Context.GetSecurityEntity(entityId);
aclInfo = new AclInfo(entityId);
}
_acls.Add(entityId, aclInfo);
}
return(aclInfo);
}
private List <AceInfo> GetExplicitEntriesSafe(int entityId, AclInfo acl, IEnumerable <int> relatedIdentities)
{
var aces = new List <AceInfo>();
//==>
if (acl != null && entityId == acl.EntityId)
{
aces = relatedIdentities == null
? acl.Entries.Select(x => x.Copy()).ToList()
: acl.Entries.Where(x => relatedIdentities.Contains(x.IdentityId)).Select(x => x.Copy()).ToList();
}
//==<
return(aces);
}
internal AccessControlList GetAccessControlList(int entityId, EntryType entryType = EntryType.Normal)
{
EnterReadLock();
try
{
var entity = GetEntitySafe(entityId, true);
var aclInfo = GetFirstAclSafe(entityId, false);
return(aclInfo == null
? AclInfo.CreateEmptyAccessControlList(entityId, entity.IsInherited)
: aclInfo.ToAccessControlList(entityId, entryType));
}
finally
{
ExitReadLock();
}
}
internal void SetAclSafe(AclInfo acl)
{
if (acl == null)
{
// break dependency if exists
if (_acl != null)
{
_acl.Entity = null;
}
}
else
{
// set dependency
acl.Entity = this;
}
_acl = acl;
}
private void SetAclSafe(AclInfo aclInfo)
{
var entity = GetEntitySafe(aclInfo.EntityId, false);
if (entity == null)
{
SnTrace.Security.WriteError("Entity in AclInfo not found: {0}", aclInfo.EntityId);
return;
}
var origAcl = entity.Acl;
if (origAcl != null)
{
// merge ACLs
foreach (var newAce in aclInfo.Entries)
{
var origAce = origAcl.Entries.FirstOrDefault(x => x.EntryType == newAce.EntryType && x.IdentityId == newAce.IdentityId && x.LocalOnly == newAce.LocalOnly);
if (origAce != null)
{
origAce.AllowBits = newAce.AllowBits;
origAce.DenyBits = newAce.DenyBits;
if ((origAce.AllowBits | origAce.DenyBits) == 0)
{
origAcl.Entries.Remove(origAce);
}
}
else
{
if ((newAce.AllowBits | newAce.DenyBits) != 0)
{
origAcl.Entries.Add(newAce);
}
}
}
if (origAcl.Inherits && origAcl.Entries.Count == 0)
{
entity.SetAclSafe(null);
}
}
else
{
// brand new acl
entity.SetAclSafe(aclInfo);
}
}
internal static AccessControlList GetAccessControlList(SecurityContext ctx, int entityId, EntryType entryType = EntryType.Normal)
{
EnterReadLock();
try
{
var entity = SecurityEntity.GetEntitySafe(ctx, entityId, true);
var aclInfo = GetFirstAclSafe(ctx, entityId, false);
if (aclInfo == null)
{
return(AclInfo.CreateEmptyAccessControlList(entityId, entity.IsInherited)); //means breaked and cleared
}
return(aclInfo.ToAccessContolList(entityId, entryType));
}
finally
{
ExitReadLock();
}
}
/// <summary>
/// Loads a security entity. If the entity cannot be found in the cache, it loads it
/// from the database and puts it into the cache. It the entity cannot be loaded
/// from the db either, a callback is made to the host application using the
/// <see cref="SecurityContext.GetMissingEntity"/> method to compensate possible
/// concurrency errors.
/// </summary>
/// <param name="ctx">The context to be used.</param>
/// <param name="entityId">Id of the entity</param>
/// <param name="throwError">Determines whether to throw an <see cref="EntityNotFoundException"/> if the entity was not found.</param>
/// <returns>The security entity.</returns>
internal static SecurityEntity GetEntitySafe(SecurityContext ctx, int entityId, bool throwError)
{
SecurityEntity entity;
ctx.Cache.Entities.TryGetValue(entityId, out entity);
if (entity == null)
{
// compensation: try to load the entity and its aces from the db
var storedEntity = DataHandler.GetStoredSecurityEntity(ctx.DataProvider, entityId);
if (storedEntity != null)
{
entity = CreateEntitySafe(ctx, entityId, storedEntity.ParentId, storedEntity.OwnerId, storedEntity.IsInherited, storedEntity.HasExplicitEntry);
var acl = new AclInfo(entityId);
var entries = ctx.DataProvider.LoadPermissionEntries(new[] { entityId });
foreach (var entry in entries)
{
acl.Entries.Add(new AceInfo {
EntryType = entry.EntryType, IdentityId = entry.IdentityId, LocalOnly = entry.LocalOnly, AllowBits = entry.AllowBits, DenyBits = entry.DenyBits
});
}
if (acl.Entries.Count > 0)
{
entity.SetAclSafe(acl);
}
}
else
{
int parentId, ownerId;
if (ctx.GetMissingEntity(entityId, out parentId, out ownerId))
{
DataHandler.CreateSecurityEntitySafe(ctx, entityId, parentId, ownerId);
entity = CreateEntitySafe(ctx, entityId, parentId, ownerId);
}
}
if (throwError && entity == null)
{
throw new EntityNotFoundException("Entity not found: " + entityId);
}
}
return(entity);
}
public static Dictionary <int, AclInfo> LoadAcls(ISecurityDataProvider dataProvider, IDictionary <int, SecurityEntity> entities)
{
var acls = new Dictionary <int, AclInfo>();
foreach (var storedAce in dataProvider.LoadAllAces())
{
AclInfo acl;
if (!acls.TryGetValue(storedAce.EntityId, out acl))
{
acl = new AclInfo(storedAce.EntityId);
acls.Add(acl.EntityId, acl);
}
acl.Entries.Add(new AceInfo {
IdentityId = storedAce.IdentityId, LocalOnly = storedAce.LocalOnly, AllowBits = storedAce.AllowBits, DenyBits = storedAce.DenyBits
});
}
return(acls);
}
private List <AceInfo> GetExplicitEntriesSafe(int entityId, AclInfo acl, IEnumerable <int> relatedIdentities, EntryType?entryType)
{
IEnumerable <AceInfo> aces = null;
//==>
if (acl != null && entityId == acl.EntityId)
{
aces = relatedIdentities == null
? acl.Entries.Select(x => x.Copy())
: acl.Entries.Where(x => relatedIdentities.Contains(x.IdentityId)).Select(x => x.Copy());
if (entryType != null)
{
aces = aces.Where(x => x.EntryType == entryType).ToList();
}
}
//==<
return(aces?.ToList() ?? new List <AceInfo>());
}
public Dictionary <int, AclInfo> LoadAcls()
{
if (!IsDatabaseReadyAsync(CancellationToken.None).GetAwaiter().GetResult())
{
return(new Dictionary <int, AclInfo>());
}
var acls = new Dictionary <int, AclInfo>();
foreach (var storedAce in _dataProvider.LoadAllAces())
{
if (!acls.TryGetValue(storedAce.EntityId, out var acl))
{
acl = new AclInfo(storedAce.EntityId);
acls.Add(acl.EntityId, acl);
}
acl.Entries.Add(new AceInfo {
EntryType = storedAce.EntryType, IdentityId = storedAce.IdentityId, LocalOnly = storedAce.LocalOnly, AllowBits = storedAce.AllowBits, DenyBits = storedAce.DenyBits
});
}
return(acls);
}
