public bool HasFlag(GlobalPermissionType flags)
{
if (Global != null)
{
return(Global.Permissions.HasFlag(flags));
}
return(false);
}
public static bool IsAuthorized(List <UsageRight> usageRights, GlobalPermissionType requiredPermissions, List <Group> groupMembership, string username)
{
List <UsageRight> applicableGroupRights;
UsageRight userRights;
GlobalPermissionType cumulativeGroupRights = GlobalPermissionType.None;
// User rights override group rights when specified, thus we want to check user rights first and bail with the answer if possible
userRights = GetRightsOfUser(usageRights, username);
if (userRights != null)
{
// If the user has the required rights, we are done.
if (userRights.HasFlags(requiredPermissions))
{
return(true);
}
else // Now, if the user has any rights, we know it is denied because rights are either set or not set as a whole
{
return(false);
}
}
// So, if we are here, the user does not have specific rights, we need to check group rights
applicableGroupRights = GetRightsOfGroupsToWhichUserBelongs(usageRights, groupMembership);
// If nothing is applicable then we know access is denied.
if (applicableGroupRights == null)
{
return(false);
}
/* Now, group rights are granting cumulative. For instance, if a user is a member of groups A and B where A has readonly access and B has only checkout access then
* the user would have both readonly and checkout access. Only user flags are applied to decline access as the system defaults to no access. Thus the simple way to
* look at it is that by making a user a member of a group you are granting the specified permissions of that group.
*/
// So, we need to cumulate permissions, this is easily accomplished with a bitwise or operation
for (int i = 0; i < applicableGroupRights.Count; i++)
{
cumulativeGroupRights |= applicableGroupRights[i].Permissions.Global.Permissions;
}
return(cumulativeGroupRights.HasFlag(requiredPermissions));
}
public static bool IsAuthorized(List<UsageRight> usageRights, GlobalPermissionType requiredPermissions, List<Group> groupMembership, string username)
{
List<UsageRight> applicableGroupRights;
UsageRight userRights;
GlobalPermissionType cumulativeGroupRights = GlobalPermissionType.None;
// User rights override group rights when specified, thus we want to check user rights first and bail with the answer if possible
userRights = GetRightsOfUser(usageRights, username);
if (userRights != null)
{
// If the user has the required rights, we are done.
if (userRights.HasFlags(requiredPermissions))
return true;
else // Now, if the user has any rights, we know it is denied because rights are either set or not set as a whole
return false;
}
// So, if we are here, the user does not have specific rights, we need to check group rights
applicableGroupRights = GetRightsOfGroupsToWhichUserBelongs(usageRights, groupMembership);
// If nothing is applicable then we know access is denied.
if (applicableGroupRights == null)
return false;
/* Now, group rights are granting cumulative. For instance, if a user is a member of groups A and B where A has readonly access and B has only checkout access then
* the user would have both readonly and checkout access. Only user flags are applied to decline access as the system defaults to no access. Thus the simple way to
* look at it is that by making a user a member of a group you are granting the specified permissions of that group.
*/
// So, we need to cumulate permissions, this is easily accomplished with a bitwise or operation
for (int i = 0; i < applicableGroupRights.Count; i++)
cumulativeGroupRights |= applicableGroupRights[i].Permissions.Global.Permissions;
return cumulativeGroupRights.HasFlag(requiredPermissions);
}
public GlobalPermission(GlobalPermissionType permissions)
{
Permissions = permissions;
}
public ResourceRequest(string user, Data.ResourceId id, GlobalPermissionType global, ResourcePermissionType resource)
: base(user, id.ToString(), global, resource)
{
}
public GlobalRequest(string user, GlobalPermissionType global, ResourcePermissionType resource)
: base(user, GLOBAL_FILE_ID, global, resource)
{
}
public GlobalRequest(string user, GlobalPermissionType global, ResourcePermissionType resource)
: base(user, GLOBAL_FILE_ID, global, resource)
{
}
public Request(string user, string id, GlobalPermissionType global, ResourcePermissionType resource)
: this(user, id, new GlobalPermission(global), new ResourcePermission(resource))
{
}
public ResourceRequest(string user, Data.ResourceId id, GlobalPermissionType global, ResourcePermissionType resource)
: base(user, id.ToString(), global, resource)
{
}
public GlobalPermission(GlobalPermissionType permissions)
{
Permissions = permissions;
}
public bool HasFlag(GlobalPermissionType flags)
{
if (Global != null)
return Global.Permissions.HasFlag(flags);
return false;
}
public Request(string user, string id, GlobalPermissionType global, ResourcePermissionType resource)
: this(user, id, new GlobalPermission(global), new ResourcePermission(resource))
{
}
