/// <summary> /// Determines whether [is in group] [the specified windows identity]. /// </summary> /// <param name="windowsIdentity">The windows identity.</param> /// <returns> /// <c>true</c> if [is in group] [the specified windows identity]; otherwise, <c>false</c>. /// </returns> public bool IsInGroup(WindowsIdentity windowsIdentity) { if (windowsIdentity == null) { throw new ArgumentNullException("windowsIdentity"); } List <byte> token = new List <byte>(); int userGroupsCount = windowsIdentity.Groups.Count; if (userGroupsCount > 0) { token.AddRange(SqlAzManItem.getSqlBinarySid(windowsIdentity.User)); foreach (SecurityIdentifier userGroupSid in windowsIdentity.Groups) { token.AddRange(SqlAzManItem.getSqlBinarySid(userGroupSid)); } } else { byte[] bSid = new byte[windowsIdentity.User.BinaryLength]; windowsIdentity.User.GetBinaryForm(bSid, 0); token.AddRange(bSid); } return(this.isAMemberOfGroup(false, this.sid.BinaryValue, this.Store.Storage.Mode == NetSqlAzManMode.Developer, DirectoryServicesUtils.rootDsePath, token.ToArray(), userGroupsCount)); }
/// <summary> /// Checks the access. /// </summary> /// <param name="itemName">Name of the operation.</param> /// <param name="validFor">The valid for.</param> /// <param name="attributes">The attributes.</param> /// <returns></returns> public AuthorizationType CheckAccess(string itemName, DateTime validFor, out List <KeyValuePair <string, string> > attributes) { if ((from t in this.items where String.Compare(t, itemName, true) == 0 select t).FirstOrDefault() == null) { throw SqlAzManException.ItemNotFoundException(itemName, this.storeName, this.applicationName, null); } AuthorizationType result = AuthorizationType.Neutral; attributes = new List <KeyValuePair <string, string> >(); bool allowBecomesAllowWithDelegation = false; foreach (ItemCheckAccessResult ca in this.checkAccessTimeSlice) { if (String.Compare(ca.ItemName, itemName, true) == 0) { if (validFor >= ca.ValidFrom && validFor <= ca.ValidTo) { if (ca.AuthorizationType == AuthorizationType.AllowWithDelegation && !ca.Inherited) { allowBecomesAllowWithDelegation = true; } result = SqlAzManItem.mergeAuthorizations(result, ca.AuthorizationType); //Inherited Attributes if (this.retrieveAttributes) { foreach (KeyValuePair <string, string> kvp in ca.Attributes) { if (!attributes.Contains(new KeyValuePair <string, string>(kvp.Key, kvp.Value))) { attributes.Add(kvp); } } } //Owner Attributes if (this.retrieveAttributes && (result == AuthorizationType.AllowWithDelegation || result == AuthorizationType.Allow)) { var ia = this.itemAttributes[ca.ItemName]; if (ia != null) { foreach (KeyValuePair <string, string> kvp in ia) { if (!attributes.Contains(new KeyValuePair <string, string>(kvp.Key, kvp.Value))) { attributes.Add(kvp); } } } } } } } if (result == AuthorizationType.Allow && allowBecomesAllowWithDelegation) { result = AuthorizationType.AllowWithDelegation; } return(result); }