/// <summary>
/// Update permissions to reflect a change in ownership
/// </summary>
/// <param name="uo"></param>
/// <param name="userName"></param>
public static void UpdateAclForNewOwner(
UserObject uo,
string oldOwner,
string newOwner)
{
if (uo.AccessLevel != UserObjectAccess.ACL)
{
return; // only need to do for ACL
}
AccessControlList acl = AccessControlList.Deserialize(uo.ACL);
acl.RemoveUserItem(oldOwner);
acl.AddReadWriteUserItem(newOwner);
uo.ACL = acl.Serialize();
}
/// <summary>
/// Add or update a group in the in-memory collecion
/// </summary>
/// <param name="name"></param>
/// <param name="acl"></param>
public static void UpdateInMemoryCollection(
string name,
AccessControlList acl)
{
UserGroup g = LookupExternalName(name);
if (g == null)
{
g = new UserGroup();
g.ExternalName = name;
UserGroups.Items.Add(g);
}
g.ACL = acl;
return;
}
/// <summary>
/// Deserialize assuming the initial AccessControlList element has be read in already
/// </summary>
/// <param name="tr"></param>
/// <returns></returns>
public static AccessControlList Deserialize(
XmlTextReader tr)
{
string txt;
int i1 = 0;
AccessControlList acl = new AccessControlList();
while (true) // loop on list of permissions
{
tr.Read(); // move to next permission
tr.MoveToContent();
if (tr.NodeType == XmlNodeType.EndElement)
{
break; // end AccessControlList tag
}
else if (Lex.Ne(tr.Name, "Item"))
{
throw new Exception("Unexpected element: " + tr.Name);
}
AclItem p = new AclItem();
acl.Items.Add(p);
XmlUtil.GetBoolAttribute(tr, "GroupItem", ref p.IsGroup);
XmlUtil.GetStringAttribute(tr, "AssignedTo", ref p.AssignedTo);
if (XmlUtil.GetIntAttribute(tr, "Permissions", ref i1))
{
p.Permissions = (PermissionEnum)i1;
}
if (!tr.IsEmptyElement)
{
tr.Read(); tr.MoveToContent();
if (tr.NodeType != XmlNodeType.EndElement)
{
throw new Exception("Expected EndElement");
}
}
}
return(acl);
}
/// <summary>
/// Get the list of permissions the user has for the specified object
/// </summary>
/// <param name="userName"></param>
/// <param name="internalObjectName"></param>
/// <returns></returns>
public static PermissionEnum GetUserPermissions(
string userName,
string internalObjectName)
{
PermissionEnum permissions = PermissionEnum.None;
if (UserObject.IsUserObjectInternalName(internalObjectName)) // UserObject
{
UserObjectType type;
int id;
string key = userName.ToUpper() + "_" + internalObjectName.ToUpper();
if (PermissionsCache.ContainsKey(key))
{
return(PermissionsCache[key]);
}
UserObject.ParseObjectTypeAndIdFromInternalName(internalObjectName, out type, out id);
if (id <= 0)
{
if (ClientState.IsAdministrator())
{
return(PermissionEnum.Read);
}
else
{
return(PermissionEnum.None);
}
}
UserObject uo = InterfaceRefs.IUserObjectDao.ReadHeader(id);
AccessControlList acl = AccessControlList.Deserialize(uo);
permissions = acl.GetUserPermissions(userName);
PermissionsCache[key] = permissions; // update cache
}
else // assume database table name with full access
{
permissions = PermissionEnum.Read | PermissionEnum.Write;
}
return(permissions);
}
