private void ProcessPermissions(AclInfo aclInfo, AceInfo aceInfo, AccessControlEntry ace, bool isLocal) { var perms = ace.Permissions; for (var i = 0; i < ace.Permissions.Length; i++) { var mask = 1ul << i; var perm = perms[i]; if (!perm.Allow && !perm.Deny) { if ((aceInfo.DenyBits & mask) != 0) { perm.Deny = true; if (!isLocal) { perm.DenyFrom = aclInfo.EntityId; } } else if ((aceInfo.AllowBits & mask) == mask) { perm.Allow = true; if (!isLocal) { perm.AllowFrom = aclInfo.EntityId; } } } } }
private AclInfo EnsureAcl(int entityId) { if (!_acls.TryGetValue(entityId, out var aclInfo)) { aclInfo = SecurityEntity.GetAclInfoCopy(this.Context, entityId, this.EntryType); if (aclInfo == null) { // creating an empty acl this.Context.GetSecurityEntity(entityId); aclInfo = new AclInfo(entityId); } _acls.Add(entityId, aclInfo); } return(aclInfo); }
private List <AceInfo> GetExplicitEntriesSafe(int entityId, AclInfo acl, IEnumerable <int> relatedIdentities) { var aces = new List <AceInfo>(); //==> if (acl != null && entityId == acl.EntityId) { aces = relatedIdentities == null ? acl.Entries.Select(x => x.Copy()).ToList() : acl.Entries.Where(x => relatedIdentities.Contains(x.IdentityId)).Select(x => x.Copy()).ToList(); } //==< return(aces); }
internal AccessControlList GetAccessControlList(int entityId, EntryType entryType = EntryType.Normal) { EnterReadLock(); try { var entity = GetEntitySafe(entityId, true); var aclInfo = GetFirstAclSafe(entityId, false); return(aclInfo == null ? AclInfo.CreateEmptyAccessControlList(entityId, entity.IsInherited) : aclInfo.ToAccessControlList(entityId, entryType)); } finally { ExitReadLock(); } }
internal void SetAclSafe(AclInfo acl) { if (acl == null) { // break dependency if exists if (_acl != null) { _acl.Entity = null; } } else { // set dependency acl.Entity = this; } _acl = acl; }
private void SetAclSafe(AclInfo aclInfo) { var entity = GetEntitySafe(aclInfo.EntityId, false); if (entity == null) { SnTrace.Security.WriteError("Entity in AclInfo not found: {0}", aclInfo.EntityId); return; } var origAcl = entity.Acl; if (origAcl != null) { // merge ACLs foreach (var newAce in aclInfo.Entries) { var origAce = origAcl.Entries.FirstOrDefault(x => x.EntryType == newAce.EntryType && x.IdentityId == newAce.IdentityId && x.LocalOnly == newAce.LocalOnly); if (origAce != null) { origAce.AllowBits = newAce.AllowBits; origAce.DenyBits = newAce.DenyBits; if ((origAce.AllowBits | origAce.DenyBits) == 0) { origAcl.Entries.Remove(origAce); } } else { if ((newAce.AllowBits | newAce.DenyBits) != 0) { origAcl.Entries.Add(newAce); } } } if (origAcl.Inherits && origAcl.Entries.Count == 0) { entity.SetAclSafe(null); } } else { // brand new acl entity.SetAclSafe(aclInfo); } }
internal static AccessControlList GetAccessControlList(SecurityContext ctx, int entityId, EntryType entryType = EntryType.Normal) { EnterReadLock(); try { var entity = SecurityEntity.GetEntitySafe(ctx, entityId, true); var aclInfo = GetFirstAclSafe(ctx, entityId, false); if (aclInfo == null) { return(AclInfo.CreateEmptyAccessControlList(entityId, entity.IsInherited)); //means breaked and cleared } return(aclInfo.ToAccessContolList(entityId, entryType)); } finally { ExitReadLock(); } }
/// <summary> /// Loads a security entity. If the entity cannot be found in the cache, it loads it /// from the database and puts it into the cache. It the entity cannot be loaded /// from the db either, a callback is made to the host application using the /// <see cref="SecurityContext.GetMissingEntity"/> method to compensate possible /// concurrency errors. /// </summary> /// <param name="ctx">The context to be used.</param> /// <param name="entityId">Id of the entity</param> /// <param name="throwError">Determines whether to throw an <see cref="EntityNotFoundException"/> if the entity was not found.</param> /// <returns>The security entity.</returns> internal static SecurityEntity GetEntitySafe(SecurityContext ctx, int entityId, bool throwError) { SecurityEntity entity; ctx.Cache.Entities.TryGetValue(entityId, out entity); if (entity == null) { // compensation: try to load the entity and its aces from the db var storedEntity = DataHandler.GetStoredSecurityEntity(ctx.DataProvider, entityId); if (storedEntity != null) { entity = CreateEntitySafe(ctx, entityId, storedEntity.ParentId, storedEntity.OwnerId, storedEntity.IsInherited, storedEntity.HasExplicitEntry); var acl = new AclInfo(entityId); var entries = ctx.DataProvider.LoadPermissionEntries(new[] { entityId }); foreach (var entry in entries) { acl.Entries.Add(new AceInfo { EntryType = entry.EntryType, IdentityId = entry.IdentityId, LocalOnly = entry.LocalOnly, AllowBits = entry.AllowBits, DenyBits = entry.DenyBits }); } if (acl.Entries.Count > 0) { entity.SetAclSafe(acl); } } else { int parentId, ownerId; if (ctx.GetMissingEntity(entityId, out parentId, out ownerId)) { DataHandler.CreateSecurityEntitySafe(ctx, entityId, parentId, ownerId); entity = CreateEntitySafe(ctx, entityId, parentId, ownerId); } } if (throwError && entity == null) { throw new EntityNotFoundException("Entity not found: " + entityId); } } return(entity); }
public static Dictionary <int, AclInfo> LoadAcls(ISecurityDataProvider dataProvider, IDictionary <int, SecurityEntity> entities) { var acls = new Dictionary <int, AclInfo>(); foreach (var storedAce in dataProvider.LoadAllAces()) { AclInfo acl; if (!acls.TryGetValue(storedAce.EntityId, out acl)) { acl = new AclInfo(storedAce.EntityId); acls.Add(acl.EntityId, acl); } acl.Entries.Add(new AceInfo { IdentityId = storedAce.IdentityId, LocalOnly = storedAce.LocalOnly, AllowBits = storedAce.AllowBits, DenyBits = storedAce.DenyBits }); } return(acls); }
private List <AceInfo> GetExplicitEntriesSafe(int entityId, AclInfo acl, IEnumerable <int> relatedIdentities, EntryType?entryType) { IEnumerable <AceInfo> aces = null; //==> if (acl != null && entityId == acl.EntityId) { aces = relatedIdentities == null ? acl.Entries.Select(x => x.Copy()) : acl.Entries.Where(x => relatedIdentities.Contains(x.IdentityId)).Select(x => x.Copy()); if (entryType != null) { aces = aces.Where(x => x.EntryType == entryType).ToList(); } } //==< return(aces?.ToList() ?? new List <AceInfo>()); }
public Dictionary <int, AclInfo> LoadAcls() { if (!IsDatabaseReadyAsync(CancellationToken.None).GetAwaiter().GetResult()) { return(new Dictionary <int, AclInfo>()); } var acls = new Dictionary <int, AclInfo>(); foreach (var storedAce in _dataProvider.LoadAllAces()) { if (!acls.TryGetValue(storedAce.EntityId, out var acl)) { acl = new AclInfo(storedAce.EntityId); acls.Add(acl.EntityId, acl); } acl.Entries.Add(new AceInfo { EntryType = storedAce.EntryType, IdentityId = storedAce.IdentityId, LocalOnly = storedAce.LocalOnly, AllowBits = storedAce.AllowBits, DenyBits = storedAce.DenyBits }); } return(acls); }