/// <summary>
/// Makes the specified user owner of the collection that this object protects.
/// </summary>
/// <param name="newOwner">Member object that is to become the new owner.</param>
/// <param name="oldOwnerRight">The rights that the old owner should be assigned.</param>
/// <returns>An array of Nodes which need to be committed to make this operation permanent.</returns>
public Node[] ChangeOwner(Member newOwner, Access.Rights oldOwnerRight)
{
// Find the existing owner.
Member oldOwner = collection.Owner;
if (oldOwner == null)
{
throw new DoesNotExistException(String.Format("The collection: {0} - ID: {1} does not have an owner.", collection.Name, collection.ID));
}
// Reset the old ace.
if (oldOwnerRight == Access.Rights.Deny)
{
// Old owner will have no rights to the collection.
collection.Delete(oldOwner);
}
else
{
// Set the new right for the old owner.
oldOwner.Rights = oldOwnerRight;
oldOwner.IsOwner = false;
}
// Just change the rights on the current ace and reset it.
newOwner.Rights = Access.Rights.Admin;
newOwner.IsOwner = true;
Node[] nodeList = { oldOwner, newOwner };
return(nodeList);
}
/// <summary>
/// Convert Rights
/// </summary>
/// <param name="rights"></param>
/// <returns></returns>
public static Rights Convert(Access.Rights rights)
{
Rights result;
switch (rights)
{
case Access.Rights.Admin:
result = Rights.Admin;
break;
case Access.Rights.Secondary:
result = Rights.Secondary;
break;
case Access.Rights.ReadWrite:
result = Rights.ReadWrite;
break;
case Access.Rights.ReadOnly:
result = Rights.ReadOnly;
break;
case Access.Rights.Deny:
result = Rights.Deny;
break;
default:
result = Rights.Unknown;
break;
}
return(result);
}
/// <summary>
/// Get the User Policy
/// </summary>
/// <param name="userID">The User ID</param>
/// <returns>The UserPolicy Object</returns>
public static UserPolicy GetPolicy(string userID, string AdminId)
{
UserPolicy props = new UserPolicy();
props.UserID = userID;
Store store = Store.GetStore();
Domain domain = store.GetDomain(store.DefaultDomain);
Member member = domain.GetMemberByID(userID);
if (member == null)
{
throw new UserDoesNotExistException(userID);
}
Access.Rights rights = (member != null) ? member.Rights : Access.Rights.Deny;
props.isAdmin = (rights == Access.Rights.Admin);
props.LoginEnabled = !(domain.GetLoginpolicy(userID));
// disk space
DiskSpaceQuota quota = DiskSpaceQuota.Get(member);
props.SpaceLimitEffective = quota.Limit;
//props.SpaceUsed = quota.UsedSpace;
props.SpaceUsed = Simias.Server.Catalog.GetUsedSpaceOfUserID(userID);
//props.SpaceAvailable = quota.AvailableSpace;
props.SpaceLimit = DiskSpaceQuota.GetLimit(member);
props.SpaceAvailable = props.SpaceLimitEffective - props.SpaceUsed;
props.EncryptionStatus = Simias.Policy.SecurityState.GetStatus(member);
// To return disable sharing value for an user
props.SharingStatus = Simias.Policy.Sharing.GetStatus(member);
// file size
props.FileSizeLimit = FileSizeFilter.GetLimit(member);
props.FileSizeLimitEffective = FileSizeFilter.Get(member).Limit;
//No of ifolders limit
props.NoiFoldersLimit = iFolderLimit.Get(member).Limit;
// sync interval
props.SyncInterval = Simias.Policy.SyncInterval.GetInterval(member);
props.SyncIntervalEffective = Simias.Policy.SyncInterval.Get(member).Interval;
// file types
SystemPolicy.SplitFileTypes(FileTypeFilter.GetPatterns(member),
out props.FileTypesIncludes, out props.FileTypesExcludes);
// file types effective
SystemPolicy.SplitFileTypes(FileTypeFilter.Get(member, false).FilterUserList,
out props.FileTypesIncludesEffective, out props.FileTypesExcludesEffective);
props.AdminGroupRights = iFolderUser.GetAdminRights(AdminId, userID);
return(props);
}
/// <summary>
/// Initializes a new instance of the object class where owner access is being requested.
/// </summary>
/// <param name="collection">Collection where access violation occurred.</param>
/// <param name="member">Member that is requesting the access.</param>
/// <param name="message">Message to pass to exception.</param>
public AccessException(Collection collection, Member member, string message) :
base(message)
{
this.collection = collection;
this.desiredRights = Access.Rights.Admin;
this.currentUserGuid = member.UserID;
this.ownerAccess = true;
}
public ProvisionInfo InitializeUserInfo(string user)
{
ProvisionInfo info = null;
Simias.Server.EnterpriseDomain enterpriseDomain =
new Simias.Server.EnterpriseDomain(false);
if (enterpriseDomain == null)
{
throw new SimiasException("Enterprise server domain does not exist.");
}
Store store = Store.GetStore();
Simias.Storage.Domain domain = store.GetDomain(enterpriseDomain.ID);
if (domain == null)
{
throw new SimiasException("Enterprise server domain does not exist.");
}
// find user
Member member = domain.GetMemberByName(user);
if (member != null)
{
info = new ProvisionInfo();
info.UserID = member.UserID;
// post-office box
//POBox.POBox poBox = POBox.POBox.GetPOBox( store, domain.ID, info.UserID );
//info.POBoxID = poBox.ID;
//info.POBoxName = poBox.Name;
//Member poMember = poBox.GetMemberByID( member.UserID );
//info.MemberNodeName = poMember.Name;
//info.MemberNodeID = poMember.ID;
//info.MemberRights = poMember.Rights.ToString();
info.MemberNodeName = member.Name;
info.MemberNodeID = member.ID;
// Clients before this build do not understand "Secondary" rights so change that to ReadWrite. Also, Secondary rights
// are relevant only for server and not for clients, so makes sense.
Access.Rights rights = (Access.Rights)member.Rights; // ( Access.Rights )Enum.Parse( typeof( Access.Rights ), member.Rights );
Access.Rights NewRight = rights;
if (rights == Access.Rights.Secondary)
{
NewRight = Access.Rights.ReadWrite;
}
info.MemberRights = NewRight.ToString();
}
else
{
throw new SimiasException("User: "******" does not exist");
}
return(info);
}
/// <summary>
/// Is the User an Administrator
/// </summary>
/// <remarks>
/// A User is a system administrator if the user has "Admin" rights in the domain.
/// </remarks>
/// <param name="userID">The User ID</param>
/// <returns>true, if the User is a System Administrator</returns>
private bool IsAdministrator(string userID)
{
Store store = Store.GetStore();
Domain domain = store.GetDomain(store.DefaultDomain);
Member member = domain.GetMemberByID(userID);
Access.Rights rights = (member != null) ? member.Rights : Access.Rights.Deny;
return(rights == Access.Rights.Admin);
}
/// <summary>
/// Determines if the current user has the desired access rights.
/// </summary>
/// <param name="member">Member object to check access for.</param>
/// <param name="desiredRights">Desired rights.</param>
/// <returns>True if the user has the desired access rights, otherwise false.</returns>
public bool IsAccessAllowed(Member member, Access.Rights desiredRights)
{
bool allowed = true;
// Check if the member has sufficient rights.
if (member.ValidateAce.Rights < desiredRights)
{
allowed = IsWorldAccessAllowed(desiredRights);
}
return(allowed);
}
public DomainInfo GetDomainInfo(string userID)
{
Simias.Server.EnterpriseDomain enterpriseDomain =
new Simias.Server.EnterpriseDomain(false);
if (enterpriseDomain == null)
{
throw new SimiasException("Enterprise server domain does not exist.");
}
Store store = Store.GetStore();
Simias.Storage.Domain domain = store.GetDomain(enterpriseDomain.ID);
if (domain == null)
{
throw new SimiasException("Enterprise server domain does not exist.");
}
DomainInfo info = new DomainInfo();
info.ID = domain.ID;
info.Name = domain.Name;
info.Description = domain.Description;
// member info
Member member = domain.GetMemberByID(userID);
if (member != null)
{
info.MemberNodeName = member.Name;
info.MemberNodeID = member.ID;
// Clients before this build do not understand "Secondary" rights so change that to ReadWrite. Also, Secondary rights
// are relevant only for server and not for clients, so makes sense.
Access.Rights rights = (Access.Rights)member.Rights; // ( Access.Rights )Enum.Parse( typeof( Access.Rights ), member.Rights );
Access.Rights NewRight = rights;
if (rights == Access.Rights.Secondary)
{
NewRight = Access.Rights.ReadWrite;
}
info.MemberRights = NewRight.ToString();
}
else
{
throw new SimiasException("User: "******" does not exist");
}
return(info);
}
/// <summary>
/// Constructs a SyncStartInfo from a serialized object.
/// </summary>
/// <param name="reader"></param>
public StartSyncInfo(BinaryReader reader)
{
CollectionID = new Guid(reader.ReadBytes(16)).ToString();
Context = reader.ReadString();
ChangesOnly = reader.ReadBoolean();
ClientHasChanges = reader.ReadBoolean();
Status = (StartSyncStatus)reader.ReadByte();
Access = (Access.Rights)reader.ReadByte();
try
{
HostID = reader.ReadString();
}
catch (Exception)
{
HostID = null;
}
}
/// <summary>
/// Constructor for the AccessControlEntry object.
/// </summary>
/// <param name="aceProperty">A Property object that contains access control information.</param>
internal AccessControlEntry(Property aceProperty)
{
this.aceProperty = aceProperty;
// Find the delimiting character in the string.
string acs = aceProperty.ToString();
int delimiter = acs.IndexOf(':');
if (delimiter == 0)
{
throw new CollectionStoreException(String.Format("Invalid access control format: {0}.", acs));
}
// Get the id out of the string.
id = acs.Substring(0, delimiter);
// Get the rights out of the string.
rights = (Access.Rights)Enum.Parse(typeof(Access.Rights), acs.Substring(delimiter + 1));
}
/// <summary>
/// Accept the subscription on the master side
/// </summary>
public Member Accept(Store store, Access.Rights rights)
{
Collection c = store.GetCollectionByID(this.SubscriptionCollectionID);
// check collection
if (c == null)
{
throw new DoesNotExistException("Collection does not exist.");
}
// member
Member member = new Member(this.ToName, this.ToIdentity, rights, this.ToPublicKey);
// commit
c.Commit(member);
// state update
this.SubscriptionState = SubscriptionStates.Responded;
this.SubscriptionDisposition = SubscriptionDispositions.Accepted;
this.ToMemberNodeID = member.ID;
return(member);
}
public string CreateMaster(string collectionID, string collectionName, string rootDirID, string rootDirName, string userID, string memberName, string memberID, string memberRights)
{
Simias.Server.EnterpriseDomain enterpriseDomain =
new Simias.Server.EnterpriseDomain(false);
if (enterpriseDomain == null)
{
throw new SimiasException("Enterprise server domain does not exist.");
}
Store store = Store.GetStore();
Simias.Storage.Domain domain = store.GetDomain(enterpriseDomain.ID);
if (domain == null)
{
throw new SimiasException("Enterprise server domain does not exist.");
}
ArrayList nodeList = new ArrayList();
Collection c = new Collection(store, collectionName, collectionID, domain.ID);
c.Proxy = true;
nodeList.Add(c);
string existingUserID = Thread.CurrentPrincipal.Identity.Name;
Member existingMember = domain.GetMemberByID(existingUserID);
if (existingMember == null)
{
throw new SimiasException(String.Format("Impersonating user: {0} is not a member of the domain.", Thread.CurrentPrincipal.Identity.Name));
}
// Make sure the creator and the owner are the same ID.
if (existingUserID != userID)
{
throw new SimiasException(String.Format("Creator ID {0} is not the same as the caller ID {1}.", existingUserID, userID));
}
// member node.
Access.Rights rights = (Access.Rights)Enum.Parse(typeof(Access.Rights), memberRights);
Member member = new Member(memberName, memberID, userID, rights, null);
member.IsOwner = true;
member.Proxy = true;
nodeList.Add(member);
// check for a root dir node
if (((rootDirID != null) && (rootDirID.Length > 0)) &&
(rootDirName != null) && (rootDirName.Length > 0))
{
// Get the collections Unmanaged Path
string path = c.UnmanagedPath;
path = Path.Combine(path, rootDirName);
// create root directory node
DirNode dn = new DirNode(c, path, rootDirID);
if (!System.IO.Directory.Exists(path))
{
System.IO.Directory.CreateDirectory(path);
}
dn.Proxy = true;
nodeList.Add(dn);
}
// Create the collection.
c.Commit(nodeList.ToArray(typeof(Node)) as Node[]);
// get the collection master url
Uri request = Context.Request.Url;
UriBuilder uri =
new UriBuilder(request.Scheme, request.Host, request.Port, Context.Request.ApplicationPath.TrimStart(new char[] { '/' }));
return(uri.ToString());
}
/// <summary>
/// Initializes a new instance of the object class where access is being requested.
/// </summary>
/// <param name="collection">Collection where access violation occurred.</param>
/// <param name="member">Member that is requesting the access.</param>
/// <param name="desiredRights">Requested access rights.</param>
public AccessException(Collection collection, Member member, Access.Rights desiredRights) :
this(collection, member, desiredRights, "Current user does not have collection modify rights.")
{
}
/// <summary>
/// Determines if the world role has the desired access rights.
/// </summary>
/// <param name="desiredRights">Desired rights.</param>
/// <returns>True if the world role has the desired access rights, otherwise false.</returns>
private bool IsWorldAccessAllowed(Access.Rights desiredRights)
{
Member member = GetMember(Access.World);
return(((member != null) && (member.ValidateAce.Rights >= desiredRights)) ? true : false);
}
/// <summary>
/// Constructor for the AccessControlEntry object.
/// </summary>
/// <param name="ID">Identifier for user.</param>
/// <param name="accessRights">Access control rights to assign to user.</param>
internal AccessControlEntry(string ID, Access.Rights accessRights)
{
id = ID.ToLower();
rights = accessRights;
aceProperty = new Property(PropertyTags.Ace, id + ":" + Enum.GetName(typeof(Access.Rights), rights));
}