internal SecurityEntry[] SetAcl(SnAccessControlList acl) { var result = new List <SecurityEntry>(); //var acl0 = GetAcl(nodeId, path, creatorId); foreach (var entry in acl.Entries) { if (entry.Identity.NodeId == RepositoryConfiguration.SomebodyUserId) { continue; } var values = new PermissionValue[ActiveSchema.PermissionTypes.Count]; foreach (var perm in entry.Permissions) { //var id = ActiveSchema.PermissionTypes[perm.Name].Id; //var allow = perm.AllowFrom == null ? perm.Allow : false; //var deny = perm.DenyFrom == null ? perm.Deny : false; //var value = deny ? PermissionValue.Deny : (allow ? PermissionValue.Allow : PermissionValue.NonDefined); //values[id - 1] = value; var index = ActiveSchema.PermissionTypes[perm.Name].Index; var value = perm.Deny ? PermissionValue.Deny : (perm.Allow ? PermissionValue.Allow : PermissionValue.NonDefined); values[index - 1] = value; } result.Add(new SecurityEntry(acl.NodeId, entry.Identity.NodeId, entry.Propagates, values)); } return(result.ToArray()); }
//============================================================================= for editing internal SnAccessControlList GetAcl(int nodeId, string path, int creatorId, int lastModifierId) { var acl = new SnAccessControlList { Path = path, NodeId = nodeId, Creator = SnIdentity.Create(creatorId), LastModifier = SnIdentity.Create(lastModifierId) }; var firstPermInfo = GetFirstInfo(path); if (firstPermInfo == null) { return(acl); } return(firstPermInfo.BuildAcl(acl)); }
internal SnAccessControlList BuildAcl(SnAccessControlList acl) { //var principals = GetEffectedPrincipals(); var aces = new Dictionary <int, SnAccessControlEntry>(); var localOnlyAces = new List <SnAccessControlEntry>(); if (this.Path == acl.Path) { foreach (var permSet in this.PermissionSets) { if (permSet.Propagates) { continue; } var princ = permSet.PrincipalId; SnAccessControlEntry ace; ace = SnAccessControlEntry.CreateEmpty(princ, permSet.Propagates); localOnlyAces.Add(ace); // get permissions and paths int mask = 1; for (int i = 0; i < ActiveSchema.PermissionTypes.Count; i++) { var permission = ace.Permissions.ElementAt(i); if ((permSet.DenyBits & mask) != 0) { permission.Deny = true; permission.DenyFrom = null; } var allow = (permSet.AllowBits & mask) != 0; if ((permSet.AllowBits & mask) != 0) { permission.Allow = true; permission.AllowFrom = null; } mask = mask << 1; } } } for (var permInfo = this; permInfo != null; permInfo = permInfo.Inherits ? permInfo.Parent : null) { foreach (var permSet in permInfo.PermissionSets) { if (!permSet.Propagates) { continue; } var localEntry = acl.Path == permInfo.Path; // get ace by princ var princ = permSet.PrincipalId; SnAccessControlEntry ace; if (!aces.TryGetValue(princ, out ace)) { ace = SnAccessControlEntry.CreateEmpty(princ, permSet.Propagates); aces.Add(princ, ace); } // get permissions and paths int mask = 1; for (int i = 0; i < ActiveSchema.PermissionTypes.Count; i++) { var permission = ace.Permissions.ElementAt(i); if (!permission.Deny) { if ((permSet.DenyBits & mask) != 0) { permission.Deny = true; permission.DenyFrom = SearchFirstPath(acl.Path, permInfo, permSet, mask, true); } } if (!permission.Allow) { var allow = (permSet.AllowBits & mask) != 0; if ((permSet.AllowBits & mask) != 0) { permission.Allow = true; permission.AllowFrom = SearchFirstPath(acl.Path, permInfo, permSet, mask, false); } } mask = mask << 1; } } } acl.Inherits = acl.Path == this.Path ? this.Inherits : true; localOnlyAces.AddRange(aces.Values); acl.Entries = localOnlyAces.ToArray(); return(acl); }
public AclEditor(Node node) { this.node = node; this.acl = node.Security.GetAcl(); }