private Dictionary <PermissionTypeBase, int> PermissionQueryWithLinq_GetRelatedPermissions(
SecurityContext ctx, int entityId, int identityId, PermissionLevel level)
{
var counters = new int[PermissionTypeBase.PermissionCount];
var permissionTypes = PermissionTypeBase.GetPermissionTypes();
void CountBits(ulong bits)
{
var mask = 1uL;
var b = bits;
foreach (var pt in permissionTypes)
{
if ((b & mask) > 0)
{
counters[pt.Index]++;
}
mask <<= 1;
}
}
var identities = new[] { identityId };
foreach (var change in SecurityQuery.Subtree(ctx)
.GetPermissionChanges(entityId, identities, BreakOptions.StopAtParentBreak)
.Where(x => x.EntryType == EntryType.Normal))
{
switch (level)
{
case PermissionLevel.Allowed:
CountBits(change.ChangedBits.AllowBits);
break;
case PermissionLevel.Denied:
CountBits(change.ChangedBits.DenyBits);
break;
case PermissionLevel.AllowedOrDenied:
CountBits(change.ChangedBits.AllowBits);
CountBits(change.ChangedBits.DenyBits);
break;
default:
throw new ArgumentOutOfRangeException(nameof(level), level, null);
}
}
var result = new Dictionary <PermissionTypeBase, int>();
for (var i = 0; i < PermissionTypeBase.PermissionCount; i++)
{
result.Add(PermissionTypeBase.GetPermissionTypeByIndex(i), counters[i]);
}
return(result);
}
private static PermissionTypeBase[] GetPermissionTypes(string bitMask)
{
var result = new List <PermissionTypeBase>();
var length = bitMask.Length;
for (var i = 0; i < length; i++)
{
if (bitMask[i] != '_')
{
result.Add(PermissionTypeBase.GetPermissionTypeByIndex(length - i - 1));
}
}
return(result.ToArray());
}
/// <summary>
/// Returns resolved permission types by the passed source string like this: "______________+"
/// </summary>
/// <param name="src">Use like tis: "______________+"</param>
/// <returns>PermissionType[]</returns>
internal PermissionTypeBase[] GetPermissionTypes(string src)
{
var result = new List <PermissionTypeBase>();
var index = 0;
for (var i = src.Length - 1; i >= 0; i--)
{
if (src[i] != '_')
{
result.Add(PermissionTypeBase.GetPermissionTypeByIndex(index));
}
index++;
}
return(result.ToArray());
}
private void CreatePlayground()
{
var u1 = TestUser.User1;
CreateEntity("E1", null, u1);
{
CreateEntity("E2", "E1", u1);
{
CreateEntity("E3", "E2", u1);
{
CreateEntity("E4", "E3", u1);
{
CreateEntity("E5", "E4", u1);
{
CreateEntity("E6", "E5", u1);
CreateEntity("E7", "E5", u1);
CreateEntity("E8", "E5", u1);
}
CreateEntity("E9", "E4", u1);
{
CreateEntity("E10", "E9", u1);
}
CreateEntity("E11", "E4", u1);
{
CreateEntity("E12", "E11", u1);
CreateEntity("E13", "E11", u1);
CreateEntity("E14", "E11", u1);
}
}
CreateEntity("E15", "E3", u1);
{
CreateEntity("E16", "E15", u1);
CreateEntity("E17", "E15", u1);
{
CreateEntity("E18", "E17", u1);
CreateEntity("E19", "E17", u1);
CreateEntity("E20", "E17", u1);
}
CreateEntity("E21", "E15", u1);
}
CreateEntity("E22", "E3", u1);
{
CreateEntity("E23", "E22", u1);
{
CreateEntity("E24", "E23", u1);
CreateEntity("E25", "E23", u1);
CreateEntity("E26", "E23", u1);
}
CreateEntity("E27", "E22", u1);
CreateEntity("E28", "E22", u1);
{
CreateEntity("E29", "E28", u1);
CreateEntity("E30", "E28", u1);
CreateEntity("E31", "E28", u1);
}
}
}
}
CreateEntity("E32", "E1", u1);
{
CreateEntity("E33", "E32", u1);
{
CreateEntity("E34", "E33", u1);
CreateEntity("E35", "E33", u1);
CreateEntity("E36", "E33", u1);
CreateEntity("E37", "E33", u1);
}
}
CreateEntity("E60", "E1", u1);
{
CreateEntity("E61", "E60", u1);
{
CreateEntity("E62", "E61", u1);
{
CreateEntity("E63", "E62", u1);
{
CreateEntity("E64", "E63", u1);
{
CreateEntity("E65", "E64", u1);
{
CreateEntity("E66", "E65", u1);
}
}
}
}
}
}
}
var ctx = CurrentContext.Security;
ctx.AddUsersToSecurityGroup(Id("G13"), new[] { Id("U13") });
ctx.AddUsersToSecurityGroup(Id("G12"), new[] { Id("U12") });
ctx.AddUsersToSecurityGroup(Id("G11"), new[] { Id("U11") });
ctx.AddUsersToSecurityGroup(Id("G10"), new[] { Id("U10") });
ctx.AddGroupToSecurityGroups(Id("G11"), new[] { Id("G10") });
ctx.AddGroupToSecurityGroups(Id("G13"), new[] { Id("G11") });
ctx.AddGroupToSecurityGroups(Id("G13"), new[] { Id("G12") });
ctx.CreateAclEditor()
.Allow(Id("E2"), Id("U1"), false, PermissionType.FullControl)
.Allow(Id("E2"), Id("U2"), false, PermissionType.FullControl)
.Allow(Id("E2"), Id("U3"), false, PermissionType.FullControl)
.Allow(Id("E2"), Id("G1"), false, PermissionType.FullControl)
.Deny(Id("E4"), Id("U3"), false, PermissionType.FullControl)
.Allow(Id("E4"), Id("G1"), false, PermissionType.FullControl)
.Allow(Id("E5"), Id("U3"), false, PermissionType.FullControl)
.Allow(Id("E5"), Id("G2"), false, PermissionType.FullControl)
.Allow(Id("E10"), Id("G2"), false, PermissionType.FullControl)
.Allow(Id("E11"), Id("G2"), false, PermissionType.FullControl)
.Allow(Id("E12"), Id("U1"), false, PermissionType.FullControl)
.Allow(Id("E15"), Id("U1"), false, PermissionType.FullControl)
.Allow(Id("E15"), Id("G2"), false, PermissionType.FullControl)
.Allow(Id("E16"), Id("U2"), false, PermissionType.FullControl)
.Allow(Id("E20"), Id("U1"), false, PermissionType.FullControl)
.BreakInheritance(Id("E22"), new[] { EntryType.Normal })
.Allow(Id("E25"), Id("U2"), false, PermissionType.FullControl)
.Allow(Id("E28"), Id("U1"), false, PermissionType.FullControl)
.Allow(Id("E28"), Id("G1"), false, PermissionType.FullControl)
.Allow(Id("E32"), Id("U1"), false, PermissionType.FullControl)
.BreakInheritance(Id("E34"), new[] { EntryType.Normal })
.Allow(Id("E34"), Id("U2"), false, PermissionType.FullControl)
.BreakInheritance(Id("E35"), new[] { EntryType.Normal })
.Allow(Id("E35"), Id("U2"), false, PermissionType.FullControl)
.ClearPermission(Id("E35"), Id("U1"), false, PermissionType.FullControl)
.BreakInheritance(Id("E36"), new[] { EntryType.Normal })
.ClearPermission(Id("E36"), Id("U1"), false, PermissionType.FullControl)
.BreakInheritance(Id("E37"), new[] { EntryType.Normal })
//---------------------------------------
.Allow(Id("E61"), Id("G13"), false, PermissionType.FullControl)
.Allow(Id("E62"), Id("G10"), false, PermissionType.FullControl)
.Allow(Id("E63"), Id("G12"), false, PermissionType.FullControl)
.Allow(Id("E64"), Id("U13"), false, PermissionType.FullControl)
.Allow(Id("E65"), Id("U10"), false, PermissionType.FullControl)
.Allow(Id("E66"), Id("U12"), false, PermissionType.FullControl)
.Apply();
var users = new[] { "U1", "U2", "U3", "U4", "U10", "U12" };
var sharingPerms = PermissionTypeBase.GetPermissionTypes();
var aclEd = ctx.CreateAclEditor(EntryType.Sharing);
foreach (var user in users)
{
var userId = Id(user);
aclEd
.Allow(Id("E2"), userId, false, sharingPerms)
.Allow(Id("E3"), userId, false, sharingPerms)
.Allow(Id("E4"), userId, false, sharingPerms)
.Allow(Id("E5"), userId, false, sharingPerms)
.Allow(Id("E6"), userId, false, sharingPerms)
.Allow(Id("E7"), userId, false, sharingPerms)
.Allow(Id("E8"), userId, false, sharingPerms)
.Allow(Id("E9"), userId, false, sharingPerms)
.Allow(Id("E10"), userId, false, sharingPerms)
.Allow(Id("E11"), userId, false, sharingPerms)
.Allow(Id("E12"), userId, false, sharingPerms)
.Allow(Id("E15"), userId, false, sharingPerms)
.Allow(Id("E16"), userId, false, sharingPerms)
.Allow(Id("E20"), userId, false, sharingPerms)
.Allow(Id("E22"), userId, false, sharingPerms)
.Allow(Id("E25"), userId, false, sharingPerms)
.Allow(Id("E28"), userId, false, sharingPerms)
.Allow(Id("E32"), userId, false, sharingPerms)
.Allow(Id("E34"), userId, false, sharingPerms)
.Allow(Id("E35"), userId, false, sharingPerms)
.Allow(Id("E36"), userId, false, sharingPerms)
.Allow(Id("E61"), userId, false, sharingPerms)
.Allow(Id("E62"), userId, false, sharingPerms)
.Allow(Id("E63"), userId, false, sharingPerms)
.Allow(Id("E64"), userId, false, sharingPerms)
.Allow(Id("E65"), userId, false, sharingPerms)
.Allow(Id("E66"), userId, false, sharingPerms);
}
aclEd.Apply();
}
private Dictionary <PermissionTypeBase, int> PermissionQueryWithLinq_GetRelatedPermissions_OLD(
TestSecurityContext ctx, int entityId, int identityId, PermissionLevel level)
{
var counters = new int[PermissionTypeBase.PermissionCount];
var permissionTypes = PermissionTypeBase.GetPermissionTypes();
void CountBits(ulong bits)
{
var mask = 1uL;
var b = bits;
foreach (var pt in permissionTypes)
{
if ((b & mask) > 0)
{
counters[pt.Index]++;
}
mask = mask << 1;
}
}
//var identities = new TestSecurityContext(new TestUser { Id = identityId }).GetGroups();
//identities.Add(identityId);
var identities = new[] { identityId };
var aces = SecurityQuery.ParentChain(ctx).GetEntities(entityId, BreakOptions.StopAtParentBreak)
.Where(e => e.Acl != null) // relevant entities
.SelectMany(e => e.Acl.Entries) // join
.Where(e => identities.Contains(e.IdentityId) && // identity filter
!e.LocalOnly && // local only entry is not affected on the parent chain
e.EntryType == EntryType.Normal) // only the normal entries are relevant
.Union(SecurityQuery.Subtree(ctx).GetEntities(entityId) // do not stop at breaks
.Where(e => e.Acl != null) // relevant entities
.SelectMany(e => e.Acl.Entries) // join
.Where(e => identities.Contains(e.IdentityId) && // identity filter
e.EntryType == EntryType.Normal) // only the normal entries are relevant
);
foreach (var ace in aces)
{
switch (level)
{
case PermissionLevel.Allowed:
CountBits(ace.AllowBits);
break;
case PermissionLevel.Denied:
CountBits(ace.DenyBits);
break;
case PermissionLevel.AllowedOrDenied:
CountBits(ace.AllowBits);
CountBits(ace.DenyBits);
break;
default:
throw new ArgumentOutOfRangeException(nameof(level), level, null);
}
}
var result = new Dictionary <PermissionTypeBase, int>();
for (var i = 0; i < PermissionTypeBase.PermissionCount; i++)
{
result.Add(PermissionTypeBase.GetPermissionTypeByIndex(i), counters[i]);
}
return(result);
}
