public static Dictionary <int, object> TemporaryPublicReadAccessUserObjects = new Dictionary <int, object>(); // dict of objects with temp read access
/// <summary>
/// Return true if the user object is shared with anyone other than the owner
/// </summary>
/// <param name="userName"></param>
/// <param name="uo"></param>
/// <returns></returns>
public static bool IsShared(
UserObject uo)
{
if (uo.AccessLevel == UserObjectAccess.Public)
{
return(true);
}
else if (uo.AccessLevel == UserObjectAccess.Private)
{
return(false);
}
else if (uo.AccessLevel == UserObjectAccess.ACL)
{
AccessControlList acl = AccessControlList.Deserialize(uo.ACL);
if (acl.ReaderCount >= 2)
{
return(true); // say shared if two or more readers
}
else
{
return(false);
}
}
else
{
return(false); // unexpected AccessLevel
}
}
/// <summary>
/// See if the supplied user name can write the user object the supplied object
/// </summary>
/// <param name="userName"></param>
/// <param name="uo"></param>
/// <returns></returns>
public static bool UserHasWriteAccess(
string userName,
UserObject uo)
{
if (uo == null)
{
return(false);
}
else if (Lex.Eq(uo.Owner, userName))
{
return(true);
}
else if (uo.AccessLevel == UserObjectAccess.Public)
{
return(false);
}
else if (uo.AccessLevel == UserObjectAccess.ACL)
{
AccessControlList acl = AccessControlList.Deserialize(uo.ACL);
return(acl.UserHasWriteAccess(userName));
}
else
{
return(false); // unexpected AccessLevel
}
}
/// <summary>
/// Get permissions for specified user object
/// </summary>
/// <param name="userName"></param>
/// <param name="id"></param>
/// <returns></returns>
public static PermissionEnum GetUserObjectPermissions(
string userName,
int id)
{
PermissionEnum permissions = PermissionEnum.None;
UserObject uo = InterfaceRefs.IUserObjectDao.ReadHeader(id);
AccessControlList acl = AccessControlList.Deserialize(uo);
permissions = acl.GetUserPermissions(userName);
return(permissions);
}
/// <summary>
/// See if the supplied user name can read the user object the supplied object
/// </summary>
/// <param name="userName"></param>
/// <param name="uo"></param>
/// <returns></returns>
public static bool UserHasReadAccess(
string userName,
UserObject uo)
{
if (uo == null)
{
return(false);
}
else if (Lex.Eq(uo.Owner, userName) || // do we own it
Lex.Eq(uo.Owner, "Mobius") || // allow anyone to read these
Lex.Eq(uo.Owner, "AlertMonitor")) // or these
{
return(true);
}
else if (uo.AccessLevel == UserObjectAccess.None)
{
return(true); // allow all to read if no security
}
else if (uo.AccessLevel == UserObjectAccess.Public)
{
return(true);
}
else if (TemporaryPublicReadAccessUserObjects.ContainsKey(uo.Id))
{
return(true); // temp read turned on for this object
}
else if (AllowTemporaryPublicReadAccessToAllUserObjects) // temp read all turned on
{
Permissions.TemporaryPublicReadAccessUserObjects[uo.Id] = null; // mark to allow temp read later also
return(true);
}
else if (uo.AccessLevel == UserObjectAccess.ACL) // check the acl
{
AccessControlList acl = AccessControlList.Deserialize(uo.ACL);
if (acl.UserHasReadAccess(userName))
{
return(true);
}
else
{
return(false);
}
}
else
{
return(false); // unexpected AccessLevel
}
}
/// <summary>
/// Update permissions to reflect a change in ownership
/// </summary>
/// <param name="uo"></param>
/// <param name="userName"></param>
public static void UpdateAclForNewOwner(
UserObject uo,
string oldOwner,
string newOwner)
{
if (uo.AccessLevel != UserObjectAccess.ACL)
{
return; // only need to do for ACL
}
AccessControlList acl = AccessControlList.Deserialize(uo.ACL);
acl.RemoveUserItem(oldOwner);
acl.AddReadWriteUserItem(newOwner);
uo.ACL = acl.Serialize();
}
/// <summary>
/// Get the list of permissions the user has for the specified object
/// </summary>
/// <param name="userName"></param>
/// <param name="internalObjectName"></param>
/// <returns></returns>
public static PermissionEnum GetUserPermissions(
string userName,
string internalObjectName)
{
PermissionEnum permissions = PermissionEnum.None;
if (UserObject.IsUserObjectInternalName(internalObjectName)) // UserObject
{
UserObjectType type;
int id;
string key = userName.ToUpper() + "_" + internalObjectName.ToUpper();
if (PermissionsCache.ContainsKey(key))
{
return(PermissionsCache[key]);
}
UserObject.ParseObjectTypeAndIdFromInternalName(internalObjectName, out type, out id);
if (id <= 0)
{
if (ClientState.IsAdministrator())
{
return(PermissionEnum.Read);
}
else
{
return(PermissionEnum.None);
}
}
UserObject uo = InterfaceRefs.IUserObjectDao.ReadHeader(id);
AccessControlList acl = AccessControlList.Deserialize(uo);
permissions = acl.GetUserPermissions(userName);
PermissionsCache[key] = permissions; // update cache
}
else // assume database table name with full access
{
permissions = PermissionEnum.Read | PermissionEnum.Write;
}
return(permissions);
}
