/// <summary>
/// Determines whether [is in group] [the specified windows identity].
/// </summary>
/// <param name="windowsIdentity">The windows identity.</param>
/// <returns>
/// <c>true</c> if [is in group] [the specified windows identity]; otherwise, <c>false</c>.
/// </returns>
public bool IsInGroup(WindowsIdentity windowsIdentity)
{
if (windowsIdentity == null)
{
throw new ArgumentNullException("windowsIdentity");
}
List <byte> token = new List <byte>();
int userGroupsCount = windowsIdentity.Groups.Count;
if (userGroupsCount > 0)
{
token.AddRange(SqlAzManItem.getSqlBinarySid(windowsIdentity.User));
foreach (SecurityIdentifier userGroupSid in windowsIdentity.Groups)
{
token.AddRange(SqlAzManItem.getSqlBinarySid(userGroupSid));
}
}
else
{
byte[] bSid = new byte[windowsIdentity.User.BinaryLength];
windowsIdentity.User.GetBinaryForm(bSid, 0);
token.AddRange(bSid);
}
return(this.isAMemberOfGroup(false, this.sid.BinaryValue, this.Store.Storage.Mode == NetSqlAzManMode.Developer, DirectoryServicesUtils.rootDsePath, token.ToArray(), userGroupsCount));
}
/// <summary>
/// Checks the access.
/// </summary>
/// <param name="itemName">Name of the operation.</param>
/// <param name="validFor">The valid for.</param>
/// <param name="attributes">The attributes.</param>
/// <returns></returns>
public AuthorizationType CheckAccess(string itemName, DateTime validFor, out List <KeyValuePair <string, string> > attributes)
{
if ((from t in this.items
where String.Compare(t, itemName, true) == 0
select t).FirstOrDefault() == null)
{
throw SqlAzManException.ItemNotFoundException(itemName, this.storeName, this.applicationName, null);
}
AuthorizationType result = AuthorizationType.Neutral;
attributes = new List <KeyValuePair <string, string> >();
bool allowBecomesAllowWithDelegation = false;
foreach (ItemCheckAccessResult ca in this.checkAccessTimeSlice)
{
if (String.Compare(ca.ItemName, itemName, true) == 0)
{
if (validFor >= ca.ValidFrom && validFor <= ca.ValidTo)
{
if (ca.AuthorizationType == AuthorizationType.AllowWithDelegation && !ca.Inherited)
{
allowBecomesAllowWithDelegation = true;
}
result = SqlAzManItem.mergeAuthorizations(result, ca.AuthorizationType);
//Inherited Attributes
if (this.retrieveAttributes)
{
foreach (KeyValuePair <string, string> kvp in ca.Attributes)
{
if (!attributes.Contains(new KeyValuePair <string, string>(kvp.Key, kvp.Value)))
{
attributes.Add(kvp);
}
}
}
//Owner Attributes
if (this.retrieveAttributes && (result == AuthorizationType.AllowWithDelegation || result == AuthorizationType.Allow))
{
var ia = this.itemAttributes[ca.ItemName];
if (ia != null)
{
foreach (KeyValuePair <string, string> kvp in ia)
{
if (!attributes.Contains(new KeyValuePair <string, string>(kvp.Key, kvp.Value)))
{
attributes.Add(kvp);
}
}
}
}
}
}
}
if (result == AuthorizationType.Allow && allowBecomesAllowWithDelegation)
{
result = AuthorizationType.AllowWithDelegation;
}
return(result);
}
