public AccessControlList GetACL(string ContainerKey)
{
AccessControlList retVal = AccessControlList.CreateDettachedACL();
foreach (DACLItem item in _items)
{
if (PatternMatch(ContainerKey, item.Filter))
{
retVal.Add(item.Ace);
}
}
return(retVal);
}
/// <summary>
/// Loads the file library acl.
/// </summary>
/// <param name="entity">The entity.</param>
/// <returns></returns>
private bool LoadFileLibraryAcl(WorkflowInstanceEntity entity, out FileStorage fs, out AccessControlList acl)
{
acl = null;
fs = null;
// Resolve ContainerKey
string containerName = "FileLibrary";
string containerKey = string.Empty;
if (entity.OwnerDocumentId.HasValue)
containerKey = UserRoleHelper.CreateDocumentContainerKey(entity.OwnerDocumentId.Value);
//else
// TODO: Extend Owner Processing
// Check ContainerKey
if (string.IsNullOrEmpty(containerKey))
return false;
// Open ACL
BaseIbnContainer bic = BaseIbnContainer.Create(containerName, containerKey);
fs = (FileStorage)bic.LoadControl("FileStorage");
acl = AccessControlList.GetACL(fs.Root.Id);
return true;
}
private DataTable ACLToDateTable(AccessControlList ACLr)
{
DataTable dt = new DataTable();
DataRow dr;
dt.Columns.Add(new DataColumn("ID", typeof(int)));
dt.Columns.Add(new DataColumn("Weight", typeof(int)));
dt.Columns.Add(new DataColumn("Name", typeof(string)));
dt.Columns.Add(new DataColumn("Rights", typeof(string)));
dt.Columns.Add(new DataColumn("Allow", typeof(bool)));
dt.Columns.Add(new DataColumn("IsInherited", typeof(bool)));
dt.Columns.Add(new DataColumn("HasOwnerKey", typeof(bool)));
foreach (AccessControlEntry ACEr in ACLr)
{
if (ACEr.IsInternal)
continue;
dr = dt.NewRow();
dr["ID"] = ACEr.Id;
dr["Weight"] = (ACEr.IsRoleAce) ? 0 : ((Mediachase.IBN.Business.User.IsGroup(ACEr.PrincipalId)) ? 1 : 2);
dr["Name"] = (ACEr.IsRoleAce) ? ACEr.Role : ACEr.PrincipalId.ToString();
dr["Allow"] = ACEr.Allow;
switch (ACEr.Action)
{
case "Admin":
dr["Rights"] = LocRM.GetString("tAdmin");
break;
case "Read":
dr["Rights"] = LocRM.GetString("tRead");
break;
case "Write":
dr["Rights"] = LocRM.GetString("tWrite");
break;
default:
break;
}
dr["IsInherited"] = ACEr.IsIherited;
if (ACEr.OwnerKey == Guid.Empty)
dr["HasOwnerKey"] = false;
else
dr["HasOwnerKey"] = true;
dt.Rows.Add(dr);
}
return dt;
}
/// <summary>
/// Sets the ACL.
/// </summary>
/// <param name="control">The control.</param>
/// <param name="acl">The acl.</param>
public static void SetACL(IIbnControl control, AccessControlList acl)
{
SetACL(control, acl, true);
}
/// <summary>
/// Sets the ACL.
/// </summary>
/// <param name="control">The control.</param>
/// <param name="acl">The acl.</param>
/// <param name="ValidateACL">if set to <c>true</c> [validate ACL].</param>
public static void SetACL(IIbnControl control, AccessControlList acl, bool ValidateACL)
{
if(control==null)
throw new ArgumentNullException("control");
if(acl==null)
throw new ArgumentNullException("acl");
if(acl.OwnerDirectoryId == 0)
throw new ArgumentException("You can not use a dettached ACL.","acl");
// Validation 1 - 2
if(ValidateACL)
{
if(acl.Count==0)
throw new AllUserAccessWillBeDeniedException();
}
using(Mediachase.IBN.Database.DbTransaction tran = Mediachase.IBN.Database.DbTransaction.Begin())
{
// Step 2. Update Inherited ACEs
if(acl.IsInheritedChanged)
{
if(acl.IsInherited)
{
DBAccessControlList.TurnOnIsInherited(acl.Id);
}
else
{
DBAccessControlList.TurnOffIsInherited(acl.Id,false);
}
}
// Step 3. Update Common ACEs
if(acl.IsChanged)
{
DBAccessControlList.Clear(acl.Id);
foreach(AccessControlEntry ace in acl)
{
if(!ace.IsIherited)
{
DBAccessControlList.AddAce(acl.Id,ace.Role,ace.PrincipalId,ace.Action,ace.Allow, false, ace.OwnerKey);
if(ace.Allow)
{
foreach(string BaseAction in control.GetBaseActions(ace.Action))
{
DBAccessControlList.AddAce(acl.Id, ace.Role, ace.PrincipalId, BaseAction, ace.Allow, true, ace.OwnerKey);
}
}
else
{
foreach(string BaseAction in control.GetDerivedActions(ace.Action))
{
DBAccessControlList.AddAce(acl.Id, ace.Role, ace.PrincipalId, BaseAction, ace.Allow, true, ace.OwnerKey);
}
}
}
}
}
// Step 4. Update child ACL
DBAccessControlList.RefreshInheritedACL(acl.OwnerDirectoryId);
// Validation 2 - 2
if(ValidateACL)
{
if(!FileStorage.CanUserRunAction(Security.CurrentUser.UserID, control.OwnerContainer.Key, acl.OwnerDirectoryId, "Admin"))
throw new AdminAccessWillBeDeniedException();
}
tran.Commit();
}
}
/// <summary>
/// Gets the ACL.
/// </summary>
/// <param name="DirectoryId">The directory id.</param>
/// <returns></returns>
public static AccessControlList GetACL(int DirectoryId)
{
using(IDataReader reader = DBAccessControlList.GetAcl(DirectoryId))
{
AccessControlList retVal = new AccessControlList(reader);
return retVal;
}
}
/// <summary>
/// Sets the ACL.
/// </summary>
/// <param name="control">The control.</param>
/// <param name="acl">The acl.</param>
/// <param name="ValidateACL">if set to <c>true</c> [validate ACL].</param>
public static void SetACL(IIbnControl control, AccessControlList acl, bool ValidateACL)
{
if (control == null)
{
throw new ArgumentNullException("control");
}
if (acl == null)
{
throw new ArgumentNullException("acl");
}
if (acl.OwnerDirectoryId == 0)
{
throw new ArgumentException("You can not use a dettached ACL.", "acl");
}
// Validation 1 - 2
if (ValidateACL)
{
if (acl.Count == 0)
{
throw new AllUserAccessWillBeDeniedException();
}
}
using (Mediachase.IBN.Database.DbTransaction tran = Mediachase.IBN.Database.DbTransaction.Begin())
{
// Step 2. Update Inherited ACEs
if (acl.IsInheritedChanged)
{
if (acl.IsInherited)
{
DBAccessControlList.TurnOnIsInherited(acl.Id);
}
else
{
DBAccessControlList.TurnOffIsInherited(acl.Id, false);
}
}
// Step 3. Update Common ACEs
if (acl.IsChanged)
{
DBAccessControlList.Clear(acl.Id);
foreach (AccessControlEntry ace in acl)
{
if (!ace.IsIherited)
{
DBAccessControlList.AddAce(acl.Id, ace.Role, ace.PrincipalId, ace.Action, ace.Allow, false, ace.OwnerKey);
if (ace.Allow)
{
foreach (string BaseAction in control.GetBaseActions(ace.Action))
{
DBAccessControlList.AddAce(acl.Id, ace.Role, ace.PrincipalId, BaseAction, ace.Allow, true, ace.OwnerKey);
}
}
else
{
foreach (string BaseAction in control.GetDerivedActions(ace.Action))
{
DBAccessControlList.AddAce(acl.Id, ace.Role, ace.PrincipalId, BaseAction, ace.Allow, true, ace.OwnerKey);
}
}
}
}
}
// Step 4. Update child ACL
DBAccessControlList.RefreshInheritedACL(acl.OwnerDirectoryId);
// Validation 2 - 2
if (ValidateACL)
{
if (!FileStorage.CanUserRunAction(Security.CurrentUser.UserID, control.OwnerContainer.Key, acl.OwnerDirectoryId, "Admin"))
{
throw new AdminAccessWillBeDeniedException();
}
}
tran.Commit();
}
}
/// <summary>
/// Sets the ACL.
/// </summary>
/// <param name="control">The control.</param>
/// <param name="acl">The acl.</param>
public static void SetACL(IIbnControl control, AccessControlList acl)
{
SetACL(control, acl, true);
}
