/// <summary> /// Makes the specified user owner of the collection that this object protects. /// </summary> /// <param name="newOwner">Member object that is to become the new owner.</param> /// <param name="oldOwnerRight">The rights that the old owner should be assigned.</param> /// <returns>An array of Nodes which need to be committed to make this operation permanent.</returns> public Node[] ChangeOwner(Member newOwner, Access.Rights oldOwnerRight) { // Find the existing owner. Member oldOwner = collection.Owner; if (oldOwner == null) { throw new DoesNotExistException(String.Format("The collection: {0} - ID: {1} does not have an owner.", collection.Name, collection.ID)); } // Reset the old ace. if (oldOwnerRight == Access.Rights.Deny) { // Old owner will have no rights to the collection. collection.Delete(oldOwner); } else { // Set the new right for the old owner. oldOwner.Rights = oldOwnerRight; oldOwner.IsOwner = false; } // Just change the rights on the current ace and reset it. newOwner.Rights = Access.Rights.Admin; newOwner.IsOwner = true; Node[] nodeList = { oldOwner, newOwner }; return(nodeList); }
/// <summary> /// Convert Rights /// </summary> /// <param name="rights"></param> /// <returns></returns> public static Rights Convert(Access.Rights rights) { Rights result; switch (rights) { case Access.Rights.Admin: result = Rights.Admin; break; case Access.Rights.Secondary: result = Rights.Secondary; break; case Access.Rights.ReadWrite: result = Rights.ReadWrite; break; case Access.Rights.ReadOnly: result = Rights.ReadOnly; break; case Access.Rights.Deny: result = Rights.Deny; break; default: result = Rights.Unknown; break; } return(result); }
/// <summary> /// Get the User Policy /// </summary> /// <param name="userID">The User ID</param> /// <returns>The UserPolicy Object</returns> public static UserPolicy GetPolicy(string userID, string AdminId) { UserPolicy props = new UserPolicy(); props.UserID = userID; Store store = Store.GetStore(); Domain domain = store.GetDomain(store.DefaultDomain); Member member = domain.GetMemberByID(userID); if (member == null) { throw new UserDoesNotExistException(userID); } Access.Rights rights = (member != null) ? member.Rights : Access.Rights.Deny; props.isAdmin = (rights == Access.Rights.Admin); props.LoginEnabled = !(domain.GetLoginpolicy(userID)); // disk space DiskSpaceQuota quota = DiskSpaceQuota.Get(member); props.SpaceLimitEffective = quota.Limit; //props.SpaceUsed = quota.UsedSpace; props.SpaceUsed = Simias.Server.Catalog.GetUsedSpaceOfUserID(userID); //props.SpaceAvailable = quota.AvailableSpace; props.SpaceLimit = DiskSpaceQuota.GetLimit(member); props.SpaceAvailable = props.SpaceLimitEffective - props.SpaceUsed; props.EncryptionStatus = Simias.Policy.SecurityState.GetStatus(member); // To return disable sharing value for an user props.SharingStatus = Simias.Policy.Sharing.GetStatus(member); // file size props.FileSizeLimit = FileSizeFilter.GetLimit(member); props.FileSizeLimitEffective = FileSizeFilter.Get(member).Limit; //No of ifolders limit props.NoiFoldersLimit = iFolderLimit.Get(member).Limit; // sync interval props.SyncInterval = Simias.Policy.SyncInterval.GetInterval(member); props.SyncIntervalEffective = Simias.Policy.SyncInterval.Get(member).Interval; // file types SystemPolicy.SplitFileTypes(FileTypeFilter.GetPatterns(member), out props.FileTypesIncludes, out props.FileTypesExcludes); // file types effective SystemPolicy.SplitFileTypes(FileTypeFilter.Get(member, false).FilterUserList, out props.FileTypesIncludesEffective, out props.FileTypesExcludesEffective); props.AdminGroupRights = iFolderUser.GetAdminRights(AdminId, userID); return(props); }
/// <summary> /// Initializes a new instance of the object class where owner access is being requested. /// </summary> /// <param name="collection">Collection where access violation occurred.</param> /// <param name="member">Member that is requesting the access.</param> /// <param name="message">Message to pass to exception.</param> public AccessException(Collection collection, Member member, string message) : base(message) { this.collection = collection; this.desiredRights = Access.Rights.Admin; this.currentUserGuid = member.UserID; this.ownerAccess = true; }
public ProvisionInfo InitializeUserInfo(string user) { ProvisionInfo info = null; Simias.Server.EnterpriseDomain enterpriseDomain = new Simias.Server.EnterpriseDomain(false); if (enterpriseDomain == null) { throw new SimiasException("Enterprise server domain does not exist."); } Store store = Store.GetStore(); Simias.Storage.Domain domain = store.GetDomain(enterpriseDomain.ID); if (domain == null) { throw new SimiasException("Enterprise server domain does not exist."); } // find user Member member = domain.GetMemberByName(user); if (member != null) { info = new ProvisionInfo(); info.UserID = member.UserID; // post-office box //POBox.POBox poBox = POBox.POBox.GetPOBox( store, domain.ID, info.UserID ); //info.POBoxID = poBox.ID; //info.POBoxName = poBox.Name; //Member poMember = poBox.GetMemberByID( member.UserID ); //info.MemberNodeName = poMember.Name; //info.MemberNodeID = poMember.ID; //info.MemberRights = poMember.Rights.ToString(); info.MemberNodeName = member.Name; info.MemberNodeID = member.ID; // Clients before this build do not understand "Secondary" rights so change that to ReadWrite. Also, Secondary rights // are relevant only for server and not for clients, so makes sense. Access.Rights rights = (Access.Rights)member.Rights; // ( Access.Rights )Enum.Parse( typeof( Access.Rights ), member.Rights ); Access.Rights NewRight = rights; if (rights == Access.Rights.Secondary) { NewRight = Access.Rights.ReadWrite; } info.MemberRights = NewRight.ToString(); } else { throw new SimiasException("User: "******" does not exist"); } return(info); }
/// <summary> /// Is the User an Administrator /// </summary> /// <remarks> /// A User is a system administrator if the user has "Admin" rights in the domain. /// </remarks> /// <param name="userID">The User ID</param> /// <returns>true, if the User is a System Administrator</returns> private bool IsAdministrator(string userID) { Store store = Store.GetStore(); Domain domain = store.GetDomain(store.DefaultDomain); Member member = domain.GetMemberByID(userID); Access.Rights rights = (member != null) ? member.Rights : Access.Rights.Deny; return(rights == Access.Rights.Admin); }
/// <summary> /// Determines if the current user has the desired access rights. /// </summary> /// <param name="member">Member object to check access for.</param> /// <param name="desiredRights">Desired rights.</param> /// <returns>True if the user has the desired access rights, otherwise false.</returns> public bool IsAccessAllowed(Member member, Access.Rights desiredRights) { bool allowed = true; // Check if the member has sufficient rights. if (member.ValidateAce.Rights < desiredRights) { allowed = IsWorldAccessAllowed(desiredRights); } return(allowed); }
public DomainInfo GetDomainInfo(string userID) { Simias.Server.EnterpriseDomain enterpriseDomain = new Simias.Server.EnterpriseDomain(false); if (enterpriseDomain == null) { throw new SimiasException("Enterprise server domain does not exist."); } Store store = Store.GetStore(); Simias.Storage.Domain domain = store.GetDomain(enterpriseDomain.ID); if (domain == null) { throw new SimiasException("Enterprise server domain does not exist."); } DomainInfo info = new DomainInfo(); info.ID = domain.ID; info.Name = domain.Name; info.Description = domain.Description; // member info Member member = domain.GetMemberByID(userID); if (member != null) { info.MemberNodeName = member.Name; info.MemberNodeID = member.ID; // Clients before this build do not understand "Secondary" rights so change that to ReadWrite. Also, Secondary rights // are relevant only for server and not for clients, so makes sense. Access.Rights rights = (Access.Rights)member.Rights; // ( Access.Rights )Enum.Parse( typeof( Access.Rights ), member.Rights ); Access.Rights NewRight = rights; if (rights == Access.Rights.Secondary) { NewRight = Access.Rights.ReadWrite; } info.MemberRights = NewRight.ToString(); } else { throw new SimiasException("User: "******" does not exist"); } return(info); }
/// <summary> /// Constructs a SyncStartInfo from a serialized object. /// </summary> /// <param name="reader"></param> public StartSyncInfo(BinaryReader reader) { CollectionID = new Guid(reader.ReadBytes(16)).ToString(); Context = reader.ReadString(); ChangesOnly = reader.ReadBoolean(); ClientHasChanges = reader.ReadBoolean(); Status = (StartSyncStatus)reader.ReadByte(); Access = (Access.Rights)reader.ReadByte(); try { HostID = reader.ReadString(); } catch (Exception) { HostID = null; } }
/// <summary> /// Constructor for the AccessControlEntry object. /// </summary> /// <param name="aceProperty">A Property object that contains access control information.</param> internal AccessControlEntry(Property aceProperty) { this.aceProperty = aceProperty; // Find the delimiting character in the string. string acs = aceProperty.ToString(); int delimiter = acs.IndexOf(':'); if (delimiter == 0) { throw new CollectionStoreException(String.Format("Invalid access control format: {0}.", acs)); } // Get the id out of the string. id = acs.Substring(0, delimiter); // Get the rights out of the string. rights = (Access.Rights)Enum.Parse(typeof(Access.Rights), acs.Substring(delimiter + 1)); }
/// <summary> /// Accept the subscription on the master side /// </summary> public Member Accept(Store store, Access.Rights rights) { Collection c = store.GetCollectionByID(this.SubscriptionCollectionID); // check collection if (c == null) { throw new DoesNotExistException("Collection does not exist."); } // member Member member = new Member(this.ToName, this.ToIdentity, rights, this.ToPublicKey); // commit c.Commit(member); // state update this.SubscriptionState = SubscriptionStates.Responded; this.SubscriptionDisposition = SubscriptionDispositions.Accepted; this.ToMemberNodeID = member.ID; return(member); }
public string CreateMaster(string collectionID, string collectionName, string rootDirID, string rootDirName, string userID, string memberName, string memberID, string memberRights) { Simias.Server.EnterpriseDomain enterpriseDomain = new Simias.Server.EnterpriseDomain(false); if (enterpriseDomain == null) { throw new SimiasException("Enterprise server domain does not exist."); } Store store = Store.GetStore(); Simias.Storage.Domain domain = store.GetDomain(enterpriseDomain.ID); if (domain == null) { throw new SimiasException("Enterprise server domain does not exist."); } ArrayList nodeList = new ArrayList(); Collection c = new Collection(store, collectionName, collectionID, domain.ID); c.Proxy = true; nodeList.Add(c); string existingUserID = Thread.CurrentPrincipal.Identity.Name; Member existingMember = domain.GetMemberByID(existingUserID); if (existingMember == null) { throw new SimiasException(String.Format("Impersonating user: {0} is not a member of the domain.", Thread.CurrentPrincipal.Identity.Name)); } // Make sure the creator and the owner are the same ID. if (existingUserID != userID) { throw new SimiasException(String.Format("Creator ID {0} is not the same as the caller ID {1}.", existingUserID, userID)); } // member node. Access.Rights rights = (Access.Rights)Enum.Parse(typeof(Access.Rights), memberRights); Member member = new Member(memberName, memberID, userID, rights, null); member.IsOwner = true; member.Proxy = true; nodeList.Add(member); // check for a root dir node if (((rootDirID != null) && (rootDirID.Length > 0)) && (rootDirName != null) && (rootDirName.Length > 0)) { // Get the collections Unmanaged Path string path = c.UnmanagedPath; path = Path.Combine(path, rootDirName); // create root directory node DirNode dn = new DirNode(c, path, rootDirID); if (!System.IO.Directory.Exists(path)) { System.IO.Directory.CreateDirectory(path); } dn.Proxy = true; nodeList.Add(dn); } // Create the collection. c.Commit(nodeList.ToArray(typeof(Node)) as Node[]); // get the collection master url Uri request = Context.Request.Url; UriBuilder uri = new UriBuilder(request.Scheme, request.Host, request.Port, Context.Request.ApplicationPath.TrimStart(new char[] { '/' })); return(uri.ToString()); }
/// <summary> /// Initializes a new instance of the object class where access is being requested. /// </summary> /// <param name="collection">Collection where access violation occurred.</param> /// <param name="member">Member that is requesting the access.</param> /// <param name="desiredRights">Requested access rights.</param> public AccessException(Collection collection, Member member, Access.Rights desiredRights) : this(collection, member, desiredRights, "Current user does not have collection modify rights.") { }
/// <summary> /// Determines if the world role has the desired access rights. /// </summary> /// <param name="desiredRights">Desired rights.</param> /// <returns>True if the world role has the desired access rights, otherwise false.</returns> private bool IsWorldAccessAllowed(Access.Rights desiredRights) { Member member = GetMember(Access.World); return(((member != null) && (member.ValidateAce.Rights >= desiredRights)) ? true : false); }
/// <summary> /// Constructor for the AccessControlEntry object. /// </summary> /// <param name="ID">Identifier for user.</param> /// <param name="accessRights">Access control rights to assign to user.</param> internal AccessControlEntry(string ID, Access.Rights accessRights) { id = ID.ToLower(); rights = accessRights; aceProperty = new Property(PropertyTags.Ace, id + ":" + Enum.GetName(typeof(Access.Rights), rights)); }