Ejemplo n.º 1
0
 public void SetRequestTypesAcl(ISecurityObject project, ISecurityObject organization, ISecurityObject dataMart, ILookup <BigTuple <Guid>, AclEntry> reqAcls)
 {
     foreach (var rt in Plugins.GetPluginRequestTypes().Values)
     {
         var reqTarget = Sec.Target(project, organization, dataMart, rt.RequestType.AsSecurityObject());
         Security.SetAcl(reqTarget, reqAcls[reqTarget.Id()]);
     }
 }
Ejemplo n.º 2
0
 public void SetObjectInheritanceParent(ISecurityObject obj, ISecurityObject parent)
 {
     if (obj.Kind != parent.Kind)
     {
         throw new InvalidOperationException("Trying to set an object of kind " + parent.Kind + " as a parent for object of kind " + obj.Kind + ". Parent and child in access control inheritance tree must be of same kind.");
     }
     Dag.SetAdjacency(obj.ID, new[] { parent.ID });
 }
Ejemplo n.º 3
0
 public ObjectRule(ISecurityObject iobject,
                   IOperator ioperator,
                   OperatorMethod method)
 {
     this.securityObject = iobject;
     this.ioperator      = ioperator;
     this.method         = method;
     this.ruleId         = Guid.NewGuid();
 }
Ejemplo n.º 4
0
 public ObjectRule(ISecurityObject iobject,
     IOperator ioperator,
     OperatorMethod method)
 {
     this.securityObject = iobject;
     this.ioperator = ioperator;
     this.method = method;
     this.ruleId = Guid.NewGuid();
 }
        private void FillObjects(SecurityObjectBuilder securityObjectBuilder)
        {
            ISecurityObject securityObject = securityObjectBuilder.SecurityObject as ISecurityObject;

            if (securityObject != null)
            {
                securityObject.BlockedMembers        = securityObjectBuilder.GetBlockedMembers();
                securityObject.ReadOnlyMembers       = processor.GetReadOnlyMembersString(securityObject.GetType());
                securityObject.ReadOnlyMembersOnLoad = GetReadOnlyMembersOnLoad(securityObjectBuilder);
            }
        }
Ejemplo n.º 6
0
        public RequestTypesAclModel RequestTypesPrivilegesForEdit(ISecurityObject project, ISecurityObject organization, ISecurityObject dataMart, Func <PluginRequestType, bool> filter = null)
        {
            return(new RequestTypesAclModel
            {
                Targets = Plugins.GetPluginRequestTypes()
                          .Select(rt => rt.Value)
                          .Where(rt => filter == null || filter(rt))
                          .Select(rt => Pair.Create(Sec.Target(project, organization, dataMart, rt.RequestType.AsSecurityObject()), rt)),

                Privileges = new[] {
                    Pair.Create(SecPrivileges.RequestType.SubmitManual, "Manual"),
                    Pair.Create(SecPrivileges.RequestType.SubmitAuto, "Auto")
                }
            });
        }
Ejemplo n.º 7
0
        private bool CheckPermissions(ISecurityObject securityObj, ASC.Common.Security.Authorizing.Action action, bool silent)
        {
            if (securityObj == null)
            {
                throw new Exception(Resources.CalendarApiResource.ErrorItemNotFound);
            }

            if (silent)
            {
                return(SecurityContext.CheckPermissions(securityObj, action));
            }
            else
            {
                SecurityContext.DemandPermissions(securityObj, action);
            }

            return(true);
        }
Ejemplo n.º 8
0
        public AjaxResponse SaveMembers(int id, bool isCategory, string userIDs)
        {
            AjaxResponse resp = new AjaxResponse();

            resp.rs2 = id.ToString();
            resp.rs4 = isCategory ? "1" : "0";

            ISecurityObject securityObj = null;

            try
            {
                if (!ForumManager.Instance.ValidateAccessSecurityAction(ASC.Forum.ForumAction.GetAccessForumEditor, null))
                {
                    new Exception(Resources.ForumResource.ErrorAccessDenied);
                }

                var categories = new List <ThreadCategory>();
                var threads    = new List <Thread>();
                ForumDataProvider.GetThreadCategories(TenantProvider.CurrentTenantID, out categories, out threads);

                if (isCategory)
                {
                    securityObj = categories.Find(c => c.ID == id);
                }

                else
                {
                    securityObj = threads.Find(t => t.ID == id);
                }

                resp.rs1 = "1";
            }
            catch (Exception e)
            {
                resp.rs1 = "0";
                resp.rs3 = "<div>" + e.Message.HtmlEncode() + "</div>";
            }

            return(resp);
        }
Ejemplo n.º 9
0
        private void ValidateAccessHandler(object sender, SecurityAccessEventArgs e)
        {
            ISecurityObject securityObject = null;

            if (e.TargetObject is ISecurityObject)
            {
                securityObject = (ISecurityObject)e.TargetObject;
            }

            switch (e.Action)
            {
            case ForumAction.ReadPosts:
                _view.IsAccessible = CommunitySecurity.CheckPermissions(securityObject, Constants.ReadPostsAction);
                break;

            case ForumAction.PostCreate:

                Topic topic = (Topic)e.TargetObject;
                if (CommunitySecurity.CheckPermissions(topic, Constants.PostCreateAction))
                {
                    if (!topic.Closed)
                    {
                        _view.IsAccessible = true;
                    }

                    else if (topic.Closed && CommunitySecurity.CheckPermissions(topic, Constants.TopicCloseAction))
                    {
                        _view.IsAccessible = true;
                    }

                    else
                    {
                        _view.IsAccessible = false;
                    }
                }
                else
                {
                    _view.IsAccessible = false;
                }

                break;

            case ForumAction.ApprovePost:
                _view.IsAccessible = CommunitySecurity.CheckPermissions(securityObject, Constants.PostApproveAction);
                break;

            case ForumAction.PostEdit:
                _view.IsAccessible = CommunitySecurity.CheckPermissions(securityObject, Constants.PostEditAction);
                break;

            case ForumAction.PostDelete:
                _view.IsAccessible = CommunitySecurity.CheckPermissions(securityObject, Constants.PostDeleteAction);
                break;

            case ForumAction.TopicCreate:
                _view.IsAccessible = CommunitySecurity.CheckPermissions(securityObject, Constants.TopicCreateAction);
                break;

            case ForumAction.PollCreate:
                _view.IsAccessible = CommunitySecurity.CheckPermissions(securityObject, Constants.PollCreateAction);
                break;

            case ForumAction.TopicClose:
                _view.IsAccessible = CommunitySecurity.CheckPermissions(securityObject, Constants.TopicCloseAction);
                break;

            case ForumAction.TopicSticky:
                _view.IsAccessible = CommunitySecurity.CheckPermissions(securityObject, Constants.TopicStickyAction);
                break;

            case ForumAction.TopicEdit:
                _view.IsAccessible = CommunitySecurity.CheckPermissions(securityObject, Constants.TopicEditAction);
                break;

            case ForumAction.TopicDelete:
                _view.IsAccessible = CommunitySecurity.CheckPermissions(securityObject, Constants.TopicDeleteAction);
                break;

            case ForumAction.PollVote:

                Question question = (Question)e.TargetObject;
                _view.IsAccessible = CommunitySecurity.CheckPermissions(new Topic()
                {
                    ID = question.TopicID
                }, Constants.PollVoteAction);
                break;


            case ForumAction.TagCreate:
                _view.IsAccessible = CommunitySecurity.CheckPermissions(securityObject, Constants.TagCreateAction);
                break;

            case ForumAction.AttachmentCreate:
                _view.IsAccessible = CommunitySecurity.CheckPermissions(securityObject, Constants.AttachmentCreateAction);
                break;

            case ForumAction.AttachmentDelete:
                _view.IsAccessible = CommunitySecurity.CheckPermissions(securityObject, Constants.AttachmentDeleteAction);
                break;

            case ForumAction.GetAccessForumEditor:
                _view.IsAccessible = CommunitySecurity.CheckPermissions(securityObject, Constants.ForumManagementAction);
                break;

            case ForumAction.GetAccessTagEditor:
                _view.IsAccessible = CommunitySecurity.CheckPermissions(securityObject, Constants.TagManagementAction);
                break;
            }
        }
 public static bool HasPrivilege <TDomain>(
     this ISecurityService <TDomain> service, ISecurityObject obj, ISecuritySubject subject, SecurityPrivilege privilege)
 {
     return(service.HasPrivilege(Sec.Target(obj), subject, privilege));
 }
Ejemplo n.º 11
0
 public static void DemandPermissions(ISecurityObject securityObject, params IAction[] actions)
 {
     DemandPermissions(securityObject, null, actions);
 }
Ejemplo n.º 12
0
        public ILookup <BigTuple <Guid>, AnnotatedAclEntry> RequestTypesEntriesForEdit(ISecurityObject project, ISecurityObject organization, ISecurityObject dataMart, Func <PluginRequestType, bool> filter = null)
        {
            var allReqTypes = Plugins.GetPluginRequestTypes();

            var requestTypeIDs = allReqTypes.Select(a => a.Key).ToArray();

            var result = Security
                         .GetAllAcls(SecTargetKinds.RequestTypePerDataMart.ObjectKindsInOrder.Count())
                         .WhereFirstIs(project.ID)
                         .WhereSecondIs(organization.ID)
                         .WhereThirdIs(dataMart.ID)
                         .Where(s => requestTypeIDs.Contains(s.TargetId.X3))
                         .ToArray();

            var result2 = result
                          .Where(e =>
            {
                var rt = allReqTypes[e.TargetId.X3];
                return(rt != null && (filter == null || filter(rt)));
            });

            var result3 = result2
                          .ToLookup(
                e => e.TargetId,
                e => e.Entries.Where(ee => !ee.ViaMembership).Select(en => Security.ResolveAclEntry(en, SecTargetKinds.RequestTypePerDataMart))
                );

            return(result3);
        }
Ejemplo n.º 13
0
 public static bool CheckPermissions(ISecurityObject securityObject, params IAction[] actions)
 {
     return CheckPermissions(securityObject, null, actions);
 }
Ejemplo n.º 14
0
 public IQueryable <Guid> GetObjectTransitiveChildren(ISecurityObject obj, bool includeSelf = false)
 {
     //Contract.Requires( obj != null );
     //Contract.Ensures( //Contract.Result<IQueryable<Guid>>() != null );
     return(null);
 }
Ejemplo n.º 15
0
 private void CheckPermissions(ISecurityObject securityObj, ASC.Common.Security.Authorizing.Action action)
 {
     CheckPermissions(securityObj, action, false);
 }
Ejemplo n.º 16
0
 public IQueryable <Guid> GetObjectTransitiveChildren(ISecurityObject obj, bool includeSelf = false)
 {
     return(Dag.GetAdjacentStarts(obj.ID, false, includeSelf));
 }
 public static void Demand <TDomain>(this ISecurityService <TDomain> service, ISecurityObject o, ISecuritySubject subject, params SecurityPrivilege[] ps)
 {
     service.Demand(Sec.Target(o), subject, ps);
 }
Ejemplo n.º 18
0
 public void SetRequestTypesAcl(ISecurityObject project, ISecurityObject organization, ISecurityObject dataMart, string acl, Guid replaceNullObjectWith)
 {
     SetRequestTypesAcl(project, organization, dataMart, SecurityUI.ParseAcls(acl).ReplaceObject(Sec.NullObject, replaceNullObjectWith));
 }
Ejemplo n.º 19
0
        public IJsControlledView RequestTypesPrivilegesEditor(ISecurityObject project, ISecurityObject organization, ISecurityObject dataMart, Func <PluginRequestType, bool> filter = null)
        {
            var mdl = RequestTypesPrivilegesForEdit(project, organization, dataMart, filter);

            return(null);
        }
Ejemplo n.º 20
0
 private void CheckPermissions(ISecurityObject securityObj, ASC.Common.Security.Authorizing.Action action)
 {
     CheckPermissions(securityObj, action, false);
 }
Ejemplo n.º 21
0
 public static bool CheckPermissions(ISecurityObject securityObject, params IAction[] actions)
 {
     return(CheckPermissions(securityObject, null, actions));
 }
        private void ValidateAccessHandler(object sender, SecurityAccessEventArgs e)
        {
            ISecurityObject securityObject = null;
            if (e.TargetObject is ISecurityObject)
                securityObject = (ISecurityObject)e.TargetObject;
            var topic = e.TargetObject as Topic;
            var isTopicAutor = topic != null && topic.PosterID == SecurityContext.CurrentAccount.ID;

            switch (e.Action)
            {
                case ForumAction.ReadPosts:
                    _view.IsAccessible = CommunitySecurity.CheckPermissions(securityObject, Constants.ReadPostsAction);
                    break;

                case ForumAction.PostCreate:
                    if (topic == null || CommunitySecurity.CheckPermissions(topic, Constants.PostCreateAction))
                    {
                        if (!topic.Closed)
                            _view.IsAccessible = true;

                        else if (topic.Closed && CommunitySecurity.CheckPermissions(topic, Constants.TopicCloseAction))
                            _view.IsAccessible = true;

                        else
                            _view.IsAccessible = false;
                    }
                    else
                        _view.IsAccessible = false;

                    break;

                case ForumAction.ApprovePost:
                    _view.IsAccessible = CommunitySecurity.CheckPermissions(securityObject, Constants.PostApproveAction);
                    break;

                case ForumAction.PostEdit:
                    _view.IsAccessible = CommunitySecurity.CheckPermissions(securityObject, Constants.PostEditAction);
                    break;

                case ForumAction.PostDelete:
                    _view.IsAccessible = CommunitySecurity.CheckPermissions(securityObject, Constants.PostDeleteAction);
                    break;

                case ForumAction.TopicCreate:
                    _view.IsAccessible = CommunitySecurity.CheckPermissions(securityObject, Constants.TopicCreateAction);
                    break;

                case ForumAction.PollCreate:
                    _view.IsAccessible = CommunitySecurity.CheckPermissions(securityObject, Constants.PollCreateAction);
                    break;

                case ForumAction.TopicClose:
                    _view.IsAccessible = isTopicAutor || CommunitySecurity.CheckPermissions(securityObject, Constants.TopicCloseAction);
                    break;

                case ForumAction.TopicSticky:
                    _view.IsAccessible = isTopicAutor || CommunitySecurity.CheckPermissions(securityObject, Constants.TopicStickyAction);
                    break;

                case ForumAction.TopicEdit:
                    _view.IsAccessible = isTopicAutor || CommunitySecurity.CheckPermissions(securityObject, Constants.TopicEditAction);
                    break;

                case ForumAction.TopicDelete:
                    _view.IsAccessible = isTopicAutor || CommunitySecurity.CheckPermissions(securityObject, Constants.TopicDeleteAction);
                    break;

                case ForumAction.PollVote:

                    Question question = (Question)e.TargetObject;
                    _view.IsAccessible = CommunitySecurity.CheckPermissions(new Topic() { ID = question.TopicID }, Constants.PollVoteAction);
                    break;


                case ForumAction.TagCreate:
                    _view.IsAccessible = CommunitySecurity.CheckPermissions(securityObject, Constants.TagCreateAction);
                    break;

                case ForumAction.AttachmentCreate:
                    _view.IsAccessible = CommunitySecurity.CheckPermissions(securityObject, Constants.AttachmentCreateAction);
                    break;

                case ForumAction.AttachmentDelete:
                    _view.IsAccessible = CommunitySecurity.CheckPermissions(securityObject, Constants.AttachmentDeleteAction);
                    break;

                case ForumAction.GetAccessForumEditor:
                    _view.IsAccessible = CommunitySecurity.CheckPermissions(securityObject, Constants.ForumManagementAction);
                    break;

                case ForumAction.GetAccessTagEditor:
                    _view.IsAccessible = CommunitySecurity.CheckPermissions(securityObject, Constants.TagManagementAction);
                    break;
            }
        }
Ejemplo n.º 23
0
 public static void DemandPermissions(ISecurityObject securityObject, params IAction[] actions)
 {
     DemandPermissions(securityObject, null, actions);
 }
Ejemplo n.º 24
0
 public IAclRight AddRightFor(ISecurityObject securityObject)
 {
     return(Query <IAclRight>(parameters: new object[] { securityObject }));
 }
Ejemplo n.º 25
0
 public void SetObjectInheritanceParent(ISecurityObject obj, ISecurityObject parent)
 {
     //Contract.Requires( obj != null );
     throw new NotImplementedException();
 }
Ejemplo n.º 26
0
        private bool CheckPermissions(ISecurityObject securityObj, ASC.Common.Security.Authorizing.Action action, bool silent)
        {
            if (securityObj == null)
                throw new Exception(Resources.CalendarApiResource.ErrorItemNotFound);

            if (silent)
                return SecurityContext.CheckPermissions(securityObj, action);
            else
                SecurityContext.DemandPermissions(securityObj, action);

            return true;
        }