| public static SetPermissionForDirectory ( AuthStatus status, IFilesStorageProviderV30 provider, string directory, string action, UserGroup group ) : bool | ||
| status | AuthStatus | The authorization status. |
| provider | IFilesStorageProviderV30 | The provider that handles the directory. |
| directory | string | The directory. |
| action | string | The action of which to modify the authorization status. |
| group | UserGroup | The group subject of the authorization change. |
| return | bool | |
/// <summary>
/// Adds some ACL entries for a subject.
/// </summary>
/// <param name="subject">The subject.</param>
/// <param name="provider">The provider.</param>
/// <param name="directory">The directory.</param>
/// <param name="grants">The granted actions.</param>
/// <param name="denials">The denies actions.</param>
/// <returns><c>true</c> if the operation succeeded, <c>false</c> otherwise.</returns>
private bool AddAclEntriesForDirectory(string subject, IFilesStorageProviderV40 provider, string directory, string[] grants, string[] denials)
{
bool isGroup = subject.StartsWith("G.");
subject = subject.Substring(2);
UserGroup group = null;
UserInfo user = null;
if (isGroup)
{
group = Users.FindUserGroup(currentWiki, subject);
}
else
{
user = Users.FindUser(currentWiki, subject);
}
AuthWriter authWriter = new AuthWriter(Collectors.CollectorsBox.GetSettingsProvider(currentWiki));
foreach (string action in grants)
{
bool done = false;
if (isGroup)
{
done = authWriter.SetPermissionForDirectory(AuthStatus.Grant,
provider, directory, action, group);
}
else
{
done = authWriter.SetPermissionForDirectory(AuthStatus.Grant,
provider, directory, action, user);
}
if (!done)
{
return(false);
}
}
foreach (string action in denials)
{
bool done = false;
if (isGroup)
{
done = authWriter.SetPermissionForDirectory(AuthStatus.Deny,
provider, directory, action, group);
}
else
{
done = authWriter.SetPermissionForDirectory(AuthStatus.Deny,
provider, directory, action, user);
}
if (!done)
{
return(false);
}
}
return(true);
}
/// <summary>
/// Sets file management permissions for the users or anonymous users group in the given wiki, importing version 2.0 values.
/// </summary>
/// <param name="wiki">The wiki.</param>
/// <param name="group">The group.</param>
/// <returns><c>true</c> if the operation succeeded, <c>false</c> otherwise.</returns>
private static bool SetupFileManagementPermissions(string wiki, UserGroup group)
{
bool done = true;
AuthWriter authWriter = new AuthWriter(Collectors.CollectorsBox.GetSettingsProvider(wiki));
if (Settings.GetUsersCanViewFiles(wiki))
{
done &= authWriter.SetPermissionForNamespace(AuthStatus.Grant, null, Actions.ForNamespaces.DownloadAttachments, group);
foreach (IFilesStorageProviderV60 prov in Collectors.CollectorsBox.FilesProviderCollector.GetAllProviders(wiki))
{
done &= authWriter.SetPermissionForDirectory(AuthStatus.Grant, prov, "/", Actions.ForDirectories.DownloadFiles, group);
}
}
if (Settings.GetUsersCanUploadFiles(wiki))
{
done &= authWriter.SetPermissionForNamespace(AuthStatus.Grant, null, Actions.ForNamespaces.UploadAttachments, group);
foreach (IFilesStorageProviderV60 prov in Collectors.CollectorsBox.FilesProviderCollector.GetAllProviders(wiki))
{
done &= authWriter.SetPermissionForDirectory(AuthStatus.Grant, prov, "/", Actions.ForDirectories.UploadFiles, group);
done &= authWriter.SetPermissionForDirectory(AuthStatus.Grant, prov, "/", Actions.ForDirectories.CreateDirectories, group);
}
}
if (Settings.GetUsersCanDeleteFiles(wiki))
{
done &= authWriter.SetPermissionForNamespace(AuthStatus.Grant, null, Actions.ForNamespaces.DeleteAttachments, group);
foreach (IFilesStorageProviderV60 prov in Collectors.CollectorsBox.FilesProviderCollector.GetAllProviders(wiki))
{
done &= authWriter.SetPermissionForDirectory(AuthStatus.Grant, prov, "/", Actions.ForDirectories.DeleteFiles, group);
done &= authWriter.SetPermissionForDirectory(AuthStatus.Grant, prov, "/", Actions.ForDirectories.DeleteDirectories, group);
}
}
return(done);
}
/// <summary>
/// Sets file management permissions for the users or anonymous users group, importing version 2.0 values.
/// </summary>
/// <param name="group">The group.</param>
/// <returns><c>true</c> if the operation succeeded, <c>false</c> otherwise.</returns>
private static bool SetupFileManagementPermissions(UserGroup group)
{
bool done = true;
if (Settings.UsersCanViewFiles)
{
done &= AuthWriter.SetPermissionForNamespace(AuthStatus.Grant, null, Actions.ForNamespaces.DownloadAttachments, group);
foreach (IFilesStorageProviderV30 prov in Collectors.FilesProviderCollector.AllProviders)
{
done &= AuthWriter.SetPermissionForDirectory(AuthStatus.Grant, prov, "/", Actions.ForDirectories.DownloadFiles, group);
}
}
if (Settings.UsersCanUploadFiles)
{
done &= AuthWriter.SetPermissionForNamespace(AuthStatus.Grant, null, Actions.ForNamespaces.UploadAttachments, group);
foreach (IFilesStorageProviderV30 prov in Collectors.FilesProviderCollector.AllProviders)
{
done &= AuthWriter.SetPermissionForDirectory(AuthStatus.Grant, prov, "/", Actions.ForDirectories.UploadFiles, group);
done &= AuthWriter.SetPermissionForDirectory(AuthStatus.Grant, prov, "/", Actions.ForDirectories.CreateDirectories, group);
}
}
if (Settings.UsersCanDeleteFiles)
{
done &= AuthWriter.SetPermissionForNamespace(AuthStatus.Grant, null, Actions.ForNamespaces.DeleteAttachments, group);
foreach (IFilesStorageProviderV30 prov in Collectors.FilesProviderCollector.AllProviders)
{
done &= AuthWriter.SetPermissionForDirectory(AuthStatus.Grant, prov, "/", Actions.ForDirectories.DeleteFiles, group);
done &= AuthWriter.SetPermissionForDirectory(AuthStatus.Grant, prov, "/", Actions.ForDirectories.DeleteDirectories, group);
}
}
return(done);
}
/// <summary>
/// Sets the default permissions for the anonymous users group in the given wiki, properly importing version 2.0 values.
/// </summary>
/// <param name="wiki">The wiki.</param>
/// <param name="anonymous">The anonymous users group.</param>
/// <returns><c>true</c> if the operation succeeded, <c>false</c> otherwise.</returns>
public static bool SetAnonymousGroupDefaultPermissions(string wiki, UserGroup anonymous)
{
bool done = true;
AuthWriter authWriter = new AuthWriter(Collectors.CollectorsBox.GetSettingsProvider(wiki));
// Properly import Private/Public Mode wiki
if (Settings.GetPrivateAccess(wiki))
{
// Nothing to do, because without any explicit grant, Anonymous users cannot do anything
}
else if (Settings.GetPublicAccess(wiki))
{
// Public access, allow modification and propagate file management permissions if they were allowed for anonymous users
done &= authWriter.SetPermissionForNamespace(AuthStatus.Grant, null, Actions.ForNamespaces.ModifyPages, anonymous);
done &= authWriter.SetPermissionForNamespace(AuthStatus.Grant, null, Actions.ForNamespaces.DownloadAttachments, anonymous);
if (Settings.GetUsersCanCreateNewPages(wiki))
{
done &= authWriter.SetPermissionForNamespace(AuthStatus.Grant, null, Actions.ForNamespaces.CreatePages, anonymous);
}
if (Settings.GetUsersCanCreateNewCategories(wiki) || Settings.GetUsersCanManagePageCategories(wiki))
{
done &= authWriter.SetPermissionForNamespace(AuthStatus.Grant, null, Actions.ForNamespaces.ManageCategories, anonymous);
}
if (Settings.GetFileManagementInPublicAccessAllowed(wiki))
{
SetupFileManagementPermissions(wiki, anonymous);
}
}
else
{
// Standard configuration, only allow read permissions
done &= authWriter.SetPermissionForNamespace(AuthStatus.Grant, null, Actions.ForNamespaces.ReadPages, anonymous);
done &= authWriter.SetPermissionForNamespace(AuthStatus.Grant, null, Actions.ForNamespaces.ReadDiscussion, anonymous);
done &= authWriter.SetPermissionForNamespace(AuthStatus.Grant, null, Actions.ForNamespaces.DownloadAttachments, anonymous);
foreach (IFilesStorageProviderV60 prov in Collectors.CollectorsBox.FilesProviderCollector.GetAllProviders(wiki))
{
done &= authWriter.SetPermissionForDirectory(AuthStatus.Grant, prov, "/", Actions.ForDirectories.DownloadFiles, anonymous);
}
}
return(done);
}
protected void btnAdd_Click(object sender, EventArgs e)
{
// Add the selected subject with full control deny, then select it in the main list
string subject = lstFoundSubjects.SelectedValue.Substring(2);
bool isGroup = lstFoundSubjects.SelectedValue.StartsWith("G.");
bool done = false;
switch (CurrentResourceType)
{
case AclResources.Namespaces:
if (isGroup)
{
done = AuthWriter.SetPermissionForNamespace(AuthStatus.Deny,
Pages.FindNamespace(CurrentResourceName), Actions.FullControl,
Users.FindUserGroup(subject));
}
else
{
done = AuthWriter.SetPermissionForNamespace(AuthStatus.Deny,
Pages.FindNamespace(CurrentResourceName), Actions.FullControl,
Users.FindUser(subject));
}
break;
case AclResources.Pages:
if (isGroup)
{
done = AuthWriter.SetPermissionForPage(AuthStatus.Deny,
Pages.FindPage(CurrentResourceName), Actions.FullControl,
Users.FindUserGroup(subject));
}
else
{
done = AuthWriter.SetPermissionForPage(AuthStatus.Deny,
Pages.FindPage(CurrentResourceName), Actions.FullControl,
Users.FindUser(subject));
}
break;
case AclResources.Directories:
IFilesStorageProviderV30 prov = Collectors.FilesProviderCollector.GetProvider(CurrentFilesProvider);
if (isGroup)
{
done = AuthWriter.SetPermissionForDirectory(AuthStatus.Deny,
prov, CurrentResourceName, Actions.FullControl,
Users.FindUserGroup(subject));
}
else
{
done = AuthWriter.SetPermissionForDirectory(AuthStatus.Deny,
prov, CurrentResourceName, Actions.FullControl,
Users.FindUser(subject));
}
break;
default:
throw new NotSupportedException();
}
if (done)
{
PopulateSubjectsList();
// Select in main list and display permissions in actions matrix
foreach (ListItem item in lstSubjects.Items)
{
if (item.Value == lstFoundSubjects.SelectedValue)
{
item.Selected = true;
break;
}
}
DisplaySubjectPermissions(subject, isGroup ? SubjectType.Group : SubjectType.User);
txtNewSubject.Text = "";
lstFoundSubjects.Items.Clear();
btnAdd.Enabled = false;
}
else
{
lblAddResult.CssClass = "resulterror";
lblAddResult.Text = Properties.Messages.CouldNotStorePermissions;
}
}
