private static Tenant CreateOwningTenantEntry(AclProbe aclProbe, User user, AccessControlEntry ace)
{
Tenant owningTenant;
switch (ace.TenantCondition)
{
case TenantCondition.OwningTenant:
// Undecideable constraint: For ACE to match the SecurityToken.OwningTenant must be equal to the user's tenant.
// Since this is undecideable, set the owning tenant so he will match, and record the constraint as an access condition,
// keeping in mind the TenantHierarchyCondition.
// Owning tenant will be set to the user's tenant, which should never be empty.
Assertion.IsNotNull(user.Tenant);
// TenantHierarchyCondition should always contain the flag for "this tenant";
// if this condition is violated, using owningTenant = user.Tenant will no longer work, since it will not match.
Assertion.IsTrue((ace.TenantHierarchyCondition & TenantHierarchyCondition.This) != 0);
owningTenant = user.Tenant;
aclProbe.AccessConditions.OwningTenant = owningTenant;
aclProbe.AccessConditions.TenantHierarchyCondition = ace.TenantHierarchyCondition;
break;
case TenantCondition.SpecificTenant:
owningTenant = null; // Decideable constraint => no condition. Either Principal.Tenant matches or he does not.
break;
case TenantCondition.None:
owningTenant = null; // No constraint => no condition (will always match).
break;
default:
throw new ArgumentException(String.Format("ace.TenantSelection={0} is currently not supported by this method. Please extend method to handle the new TenantSelection state.", ace.TenantCondition));
}
return(owningTenant);
}
public void SetPermissions_Accesscontrollist()
{
// <snippet26>
// Connect to a queue on the local computer.
MessageQueue queue = new MessageQueue(".\\exampleQueue");
// Create an AccessControlList.
AccessControlList list = new AccessControlList();
// Create a new trustee to represent the "Everyone" user group.
Trustee tr = new Trustee("Everyone");
// Create an AccessControlEntry, granting the trustee read access to
// the queue.
AccessControlEntry entry = new AccessControlEntry(
tr, GenericAccessRights.Read,
StandardAccessRights.Read,
AccessControlEntryType.Allow);
// Add the AccessControlEntry to the AccessControlList.
list.Add(entry);
// Apply the AccessControlList to the queue.
queue.SetPermissions(list);
// </snippet26>
}
private static User CreateOwningUserEntry(AclProbe aclProbe, User user, AccessControlEntry ace)
{
User owningUser;
switch (ace.UserCondition)
{
case UserCondition.Owner:
// Undecideable constraint: For ACE to match the SecurityToken.OwningUser must be equal to the user's user.
// Since this is undeciadeable, set the owning user so he will match, and record the constraint as an access condition.
owningUser = user;
aclProbe.AccessConditions.IsOwningUserRequired = true;
break;
case UserCondition.SpecificUser:
owningUser = null; // Decideable constraint => no condition. Either Principal matches or he does not.
break;
case UserCondition.SpecificPosition:
owningUser = null; // Decideable constraint => no condition. Either Principal's position matches or it does not.
break;
case UserCondition.None:
owningUser = null; // No constraint => no condition (will always match).
break;
default:
throw new ArgumentException(String.Format("ace.UserSelection={0} is currently not supported by this method. Please extend method to handle the new UserSelection state.", ace.UserCondition));
}
return(owningUser);
}
public SecurityTokenMatcher(AccessControlEntry ace)
{
ArgumentUtility.CheckNotNull("ace", ace);
_ace = ace;
_clientTransaction = ace.RootTransaction;
}
private void setManagedBy(string managerLDAPPath, bool managerUpdateMembershipList, DirectoryEntry group)
{
DirectoryEntry managedBy = new DirectoryEntry(managerLDAPPath, credentials.UserName + "@" + credentials.Domain, credentials.Password);
string managedBymanagerDistinguishedName = managedBy.Properties["distinguishedName"].Value.ToString();
string userPrincipalName = managedBy.Properties["userPrincipalName"].Value.ToString();
string managedBysAMAccountName = userPrincipalName.Split('@')[0];
string managedByDomainName = userPrincipalName.Split('@')[1].Replace(".com", "");
setSinglePropertyValue(group, "managedBy", managedBymanagerDistinguishedName);
if (managerUpdateMembershipList)
{
IADsSecurityDescriptor sd = (IADsSecurityDescriptor)group.Properties["ntSecurityDescriptor"].Value;
IADsAccessControlList dacl = (IADsAccessControlList)sd.DiscretionaryAcl;
IADsAccessControlEntry ace = new AccessControlEntry();
ace.Trustee = string.Format("{0}\\{1}", managedByDomainName, managedBysAMAccountName);
ace.AccessMask = (int)ADS_RIGHTS_ENUM.ADS_RIGHT_DS_WRITE_PROP;
ace.AceFlags = (int)ADS_ACEFLAG_ENUM.ADS_ACEFLAG_NO_PROPAGATE_INHERIT_ACE;
ace.AceType = (int)ADS_ACETYPE_ENUM.ADS_ACETYPE_ACCESS_ALLOWED_OBJECT;
ace.Flags = (int)ADS_FLAGTYPE_ENUM.ADS_FLAG_OBJECT_TYPE_PRESENT;
ace.ObjectType = "{BF9679C0-0DE6-11D0-A285-00AA003049E2}";
dacl.AddAce(ace);
sd.DiscretionaryAcl = dacl;
((IADsGroup)group.NativeObject).Put("ntSecurityDescriptor", sd);
((IADsGroup)group.NativeObject).SetInfo();
}
}
private void ButtonAdd_Click(object sender, EventArgs e)
{
if (InputBox.Show("Add User or Group", "Enter the User or Group Name:", out var accountName) == DialogResult.OK)
{
try
{
var sid = SecurityIdentity.SecurityIdentityFromName(accountName);
if (MessageBox.Show(string.Format("Add user or group: {0}?", sid.Name), "User or Group Found", MessageBoxButtons.YesNo, MessageBoxIcon.Question) == DialogResult.Yes)
{
if (!userList.Contains(sid))
{
var ace = new AccessControlEntry(sid)
{
AceType = AceType.AccessAllowed
};
acl.Add(ace);
userList.Add(sid);
ListUsersAndGroups.Items.Add(sid);
ListUsersAndGroups.SelectedItem = sid;
}
else
{
MessageBox.Show("The selected user or group already exists.", "Duplicate User or Group", MessageBoxButtons.OK, MessageBoxIcon.Warning);
}
}
}
catch (Exception ex)
{
MessageBox.Show("User or group name was not found. " + ex.Message, "User or Group Not Found", MessageBoxButtons.OK, MessageBoxIcon.Warning);
}
}
}
public void TestExplicitDenyGroup()
{
User user_a = new User("User_A");
User user_b = new User("User_B");
Group group_root = new Group("Group_root");
group_root.AddDescendant(user_b);
Group group_a = new Group("Group_A");
group_a.AddDescendant(user_a);
group_root.AddDescendant(group_a);
InMemoryAccessManager accessManager = new InMemoryAccessManager();
SampleResource sampleResource = new SampleResource()
{
Identifier = "Key1"
};
accessManager.CreateAccessControlContainer(sampleResource, user_a);
AccessControlEntry accessControlEntry = new AccessControlEntry(Permission.Allow, Operation.Read, sampleResource, group_root);
accessManager.AddEntry(sampleResource, accessControlEntry, user_a);
AccessControlEntry denyEntry = new AccessControlEntry(Permission.Deny, Operation.Read, sampleResource, group_a);
accessManager.AddEntry(sampleResource, denyEntry, user_a);
Assert.True(accessManager.ValidateAccess(sampleResource, Operation.Read, group_root));
Assert.True(accessManager.ValidateAccess(sampleResource, Operation.Read, user_b));
Assert.False(accessManager.ValidateAccess(sampleResource, Operation.Read, group_a));
Assert.False(accessManager.ValidateAccess(sampleResource, Operation.Read, user_a));
}
public void Commit_DeletedStateCombination()
{
SecurableClassDefinition orderClass = _testHelper.CreateOrderClassDefinition();
using (_testHelper.Transaction.CreateSubTransaction().EnterDiscardingScope())
{
orderClass.EnsureDataAvailable();
Assert.That(orderClass.State, Is.EqualTo(StateType.Unchanged));
using (ClientTransaction.Current.CreateSubTransaction().EnterDiscardingScope())
{
StateCombination combination = _testHelper.CreateStateCombination(orderClass, ClientTransaction.Current);
combination.AccessControlList.AccessControlEntries.Add(AccessControlEntry.NewObject());
using (ClientTransaction.Current.CreateSubTransaction().EnterDiscardingScope())
{
orderClass.EnsureDataAvailable();
Assert.That(orderClass.State, Is.EqualTo(StateType.Unchanged));
combination.AccessControlList.Delete();
Assert.That(combination.Class, Is.Null);
Assert.That(orderClass.State, Is.EqualTo(StateType.Changed));
ClientTransaction.Current.Commit();
}
ClientTransaction.Current.Commit();
}
Assert.That(orderClass.State, Is.EqualTo(StateType.Changed));
}
}
private IBusinessObjectEnumerationProperty GetPropertyDefinition(AccessControlEntry ace, string propertyName)
{
var property = (IBusinessObjectEnumerationProperty)((IBusinessObject)ace).BusinessObjectClass.GetPropertyDefinition(propertyName);
Assert.That(property, Is.Not.Null, propertyName);
return(property);
}
public ActionResult Unshare(int Id, int trainingId)
{
Training training = db.Trainings
.Where(t => t.Id == trainingId)
.Include(t => t.SharedWith)
.FirstOrDefault();
if (training != null)
{
if (training.CreatedBy == (System.Security.Claims.ClaimsPrincipal.Current).
FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value)
{
AccessControlEntry ace = db.AccessControlEntries.Find(Id);
db.AccessControlEntries.Remove(ace);
db.SaveChanges();
training.SharedWith.Remove(ace);
}
}
else
{
return(new ViewResult {
ViewName = "Error", ViewBag = { message = "Unauthorized - only creator can unshare training." }
});
}
return(View("Details", training));
}
private void HandleCheckBoxClick(CheckBox source, AceType aceType, AceRights aceRight)
{
foreach (var ace in acl)
{
if (ace.AceType == aceType && ace.AccountSID == selectedUser)
{
if (source.Checked)
{
ace.Add(aceRight);
}
else
{
ace.Remove(aceRight);
}
return;
}
}
// The ace type doesn't exist
var newAce = new AccessControlEntry(selectedUser)
{
AceType = aceType
};
newAce.Add(aceRight);
acl.Add(newAce);
}
/// <summary>
/// Factory method to create an <see cref="AclProbe"/> from the passed <see cref="User"/>, <see cref="Role"/> and <see cref="AccessControlEntry"/>.
/// </summary>
/// <returns></returns>
public static AclProbe CreateAclProbe(User user, Role role, AccessControlEntry ace)
{
ArgumentUtility.CheckNotNull("user", user);
ArgumentUtility.CheckNotNull("role", role);
ArgumentUtility.CheckNotNull("ace", ace);
var aclProbe = new AclProbe();
var owningUser = CreateOwningUserEntry(aclProbe, user, ace);
var owningGroup = CreateOwningGroupEntry(aclProbe, role, ace);
var owningTenant = CreateOwningTenantEntry(aclProbe, user, ace);
var abstractRoles = CreateAbstractRolesEntry(aclProbe, ace);
// Create a new Principal which has only the one role we are currently probing for.
// If we don't do that and set all the user's roles for the principal,
// another role of the user could match the ACE.SpecificPosition
// for case GroupSelection.All or GroupSelection.OwningGroup, giving access rights
// which the user does not have due to the currently tested role.
// (Note that the user is in fact always in all roles at the same time, so he will, in fact,
// always have the access rights returned; this is just not the information we want to present in the
// ACL-expansion, where we distinguish which role gives rise to which access rights).
var principal = new Principal(
user.Tenant.GetHandle(),
user.GetSafeHandle(),
EnumerableUtility.Singleton(new PrincipalRole(role.Position.GetHandle(), role.Group.GetHandle())));
aclProbe._securityToken = SecurityToken.Create(principal, owningTenant, owningGroup, owningUser, abstractRoles);
return(aclProbe);
}
public void EmptyToken_DoesNotMatch()
{
AccessControlEntry entry = TestHelper.CreateAceWithAbstractRole();
SecurityTokenMatcher matcher = new SecurityTokenMatcher(entry);
SecurityToken token = TestHelper.CreateTokenWithoutUser();
Assert.That(matcher.MatchesToken(token), Is.False);
}
public void TokenWithAbstractRole_Matches()
{
AccessControlEntry entry = TestHelper.CreateAceWithAbstractRole();
SecurityTokenMatcher matcher = new SecurityTokenMatcher(entry);
SecurityToken token = TestHelper.CreateTokenWithAbstractRole(entry.SpecificAbstractRole);
Assert.That(matcher.MatchesToken(token), Is.True);
}
public AccessControlEntry CreateAceWithNoMatchingRestrictions()
{
using (_transaction.EnterNonDiscardingScope())
{
AccessControlEntry entry = AccessControlEntry.NewObject();
return(entry);
}
}
public void Validate_IsValid()
{
AccessControlEntry ace = AccessControlEntry.NewObject();
AccessControlEntryValidationResult result = ace.Validate();
Assert.That(result.IsValid, Is.True);
}
public void ValidateGroupHierarchyCondition_IsValid_IfOwningGroup()
{
AccessControlEntry ace = _testHelper.CreateAceWithOwningGroup();
AccessControlEntryValidationResult result = ace.Validate();
Assert.That(result.IsValid, Is.True);
}
protected AccessControlEntry CreateAceForStateless()
{
var ace = AccessControlEntry.NewObject();
ace.AccessControlList = StatelessAccessControlList.NewObject();
return(ace);
}
public void AddAccessTypesContributingAce(AccessControlEntry ace)
{
ArgumentUtility.CheckNotNull("ace", ace);
if (!IsInAccessTypesContributingAces(ace))
{
AccessTypesSupplyingAces.Add(ace);
}
}
private AccessControlEntry CreateAceForStateful()
{
var ace = AccessControlEntry.NewObject();
ace.AccessControlList = StatefulAccessControlList.NewObject();
return(ace);
}
public void AddMatchingAce(AccessControlEntry ace)
{
ArgumentUtility.CheckNotNull("ace", ace);
if (!IsInMatchingAces(ace))
{
_matchingAces.Add(ace);
}
}
public void TokenWithAbstractRole_Matches()
{
AccessControlEntry entry = AccessControlEntry.NewObject();
SecurityTokenMatcher matcher = new SecurityTokenMatcher(entry);
SecurityToken token = TestHelper.CreateTokenWithAbstractRole(TestHelper.CreateTestAbstractRole());
Assert.That(matcher.MatchesToken(token), Is.True);
}
public void EmptyAce_Matches()
{
AccessControlEntry entry = AccessControlEntry.NewObject();
SecurityTokenMatcher matcher = new SecurityTokenMatcher(entry);
SecurityToken token = TestHelper.CreateTokenWithoutUser();
Assert.That(matcher.MatchesToken(token), Is.True);
}
public void TokenWithNullPrincipal_NotMatches()
{
AccessControlEntry entry = AccessControlEntry.NewObject();
SecurityTokenMatcher matcher = new SecurityTokenMatcher(entry);
SecurityToken token = TestHelper.CreateTokenWithNullPrincipal();
Assert.That(matcher.MatchesToken(token), Is.False);
}
public void CreateAclProbe_Tenant_Test()
{
AccessControlEntry ace = TestHelper.CreateAceWithAbstractRole();
FleshOutAccessControlEntryForTest(ace);
AclProbe aclProbe = AclProbe.CreateAclProbe(User, Role, ace);
Assert.That(aclProbe.SecurityToken.Principal.Tenant.ObjectID, Is.EqualTo(User.Tenant.ID));
}
public void Commit_OneError()
{
Tenant tenant = _testHelper.CreateTenant("TestTenant");
AccessControlEntry ace = _testHelper.CreateAceWithSpecificTenant(tenant);
ace.SpecificTenant = null;
ClientTransactionScope.CurrentTransaction.Commit();
}
public void ValidateTenantHierarchyCondition_IsValid_IfSpecificTenant()
{
Tenant tenant = _testHelper.CreateTenant("TestTenant");
AccessControlEntry ace = _testHelper.CreateAceWithSpecificTenant(tenant);
AccessControlEntryValidationResult result = ace.Validate();
Assert.That(result.IsValid, Is.True);
}
public static ACE ConvertFrom(AccessControlEntry ace)
{
return(new ACE
{
Name = ace.Name,
Access = ace.Access,
EntityType = ace.EntityType
});
}
public void CreateAclProbe_Role_Test()
{
AccessControlEntry ace = TestHelper.CreateAceWithAbstractRole();
FleshOutAccessControlEntryForTest(ace);
AclProbe aclProbe = AclProbe.CreateAclProbe(User, Role, ace);
Assert.That(aclProbe.SecurityToken.Principal.Roles, Is.EquivalentTo(new[] { Role }).Using(PrincipalRoleComparer.Instance));
}
public void GetAccessTypes_WithMultipleMatchingAces()
{
AbstractRoleDefinition role1 = AbstractRoleDefinition.NewObject(Guid.NewGuid(), "QualityManager", 0);
AccessControlEntry ace1 = AccessControlEntry.NewObject();
ace1.SpecificAbstractRole = role1;
AccessTypeDefinition readAccessType = _testHelper.CreateAccessTypeForAce(ace1, true, Guid.NewGuid(), "Read", 0);
AccessTypeDefinition copyAccessType = _testHelper.CreateAccessTypeForAce(ace1, true, Guid.NewGuid(), "Copy", 1);
AccessTypeDefinition indexAccessType = _testHelper.CreateAccessTypeForAce(ace1, true, Guid.NewGuid(), "Index", 2);
AccessTypeDefinition moveAccessType = _testHelper.CreateAccessTypeForAce(ace1, false, Guid.NewGuid(), "Move", 3);
AccessTypeDefinition appendAccessType = _testHelper.CreateAccessTypeForAce(ace1, false, Guid.NewGuid(), "Append", 4);
AccessTypeDefinition renameAccessType = _testHelper.CreateAccessTypeForAce(ace1, false, Guid.NewGuid(), "Rename", 5);
AccessTypeDefinition writeAccessType = _testHelper.CreateAccessTypeForAce(ace1, true, Guid.NewGuid(), "Write", 6);
AccessTypeDefinition deleteAccessType = _testHelper.CreateAccessTypeForAce(ace1, true, Guid.NewGuid(), "Delete", 7);
AccessTypeDefinition findAccessType = _testHelper.CreateAccessTypeForAce(ace1, null, Guid.NewGuid(), "Find", 8);
AbstractRoleDefinition role2 = AbstractRoleDefinition.NewObject(Guid.NewGuid(), "SoftwareDeveloper", 1);
AccessControlEntry ace2 = AccessControlEntry.NewObject();
ace2.SpecificAbstractRole = role2;
_testHelper.AttachAccessType(ace2, readAccessType, true);
_testHelper.AttachAccessType(ace2, copyAccessType, false);
_testHelper.AttachAccessType(ace2, indexAccessType, null);
_testHelper.AttachAccessType(ace2, moveAccessType, true);
_testHelper.AttachAccessType(ace2, appendAccessType, false);
_testHelper.AttachAccessType(ace2, renameAccessType, null);
_testHelper.AttachAccessType(ace2, writeAccessType, true);
_testHelper.AttachAccessType(ace2, deleteAccessType, false);
_testHelper.AttachAccessType(ace2, findAccessType, null);
AccessControlList acl = _testHelper.CreateStatefulAcl(ace1, ace2);
SecurityToken token = _testHelper.CreateTokenWithAbstractRole(role1, role2);
AccessInformation accessInformation = acl.GetAccessTypes(token);
//read y y y
//copy y n n
//index y - y
//move n y n
//append n n n
//rename n - n
//write - y y
//delete - n n
//find - - -
Assert.That(
accessInformation.AllowedAccessTypes,
Is.EquivalentTo(new[] { readAccessType, indexAccessType, writeAccessType }));
Assert.That(
accessInformation.DeniedAccessTypes,
Is.EquivalentTo(new[] { copyAccessType, moveAccessType, appendAccessType, renameAccessType, deleteAccessType }));
}
private AccessControlEntry GetOperations(string resource)
{
var key = Sanitize(resource);
AccessControlEntry value;
if (!_operations.ContainsKey(key))
{
value = new AccessControlEntry();
_operations.Add(key, value);
}
else
{
value = _operations[key];
}
return value;
}
public int IndexOf(AccessControlEntry entry) {}
public static ActionResult AddNamespace(Session session)
{
session.Log("Begin AddNamespace");
HttpApi nsManager = null;
try
{
nsManager = new HttpApi();
List<SecurityIdentity> userList = new List<SecurityIdentity>();
Dictionary<string, SecurityDescriptor> nsTable = nsManager.QueryHttpNamespaceAcls();
string url = "http://+:8888/";
SecurityDescriptor newSd = new SecurityDescriptor();
newSd.DACL = new AccessControlList();
foreach (AccessControlEntry ace in newSd.DACL)
{
if (!userList.Contains(ace.AccountSID))
{
userList.Add(ace.AccountSID);
}
}
try
{
SecurityIdentity sid = SecurityIdentity.SecurityIdentityFromWellKnownSid(WELL_KNOWN_SID_TYPE.WinWorldSid);
if (!userList.Contains(sid))
{
AccessControlEntry ace = new AccessControlEntry(sid);
ace.AceType = AceType.AccessAllowed;
ace.Add(AceRights.GenericAll);
ace.Add(AceRights.GenericExecute);
ace.Add(AceRights.GenericRead);
ace.Add(AceRights.GenericWrite);
newSd.DACL.Add(ace);
userList.Add(sid);
}
}
catch (Exception ex)
{
session.Log("User or group name was not found. " + ex.Message);
return ActionResult.Failure;
}
// If entry already exists, rebuild it
// as security settings could be wrong
if (nsTable.ContainsKey(url))
{
AccessControlList original = nsTable[url].DACL;
bool removed = false;
try
{
nsManager.RemoveHttpHamespaceAcl(url);
removed = true;
nsTable[url].DACL = newSd.DACL;
nsManager.SetHttpNamespaceAcl(url, nsTable[url]);
}
catch (Exception ex)
{
session.Log("Error Setting ACL. " + ex.Message);
if (removed)
{
try
{
nsTable[url].DACL = original;
nsManager.SetHttpNamespaceAcl(url, nsTable[url]);
}
catch (Exception ex2)
{
session.Log("Unable to Restore Original ACL, ACL may be corrupt. " + ex2.Message);
return ActionResult.Failure;
}
}
session.Log("Original ACL restored.");
return ActionResult.Failure;
}
}
else
{
try
{
nsManager.SetHttpNamespaceAcl(url, newSd);
nsTable.Add(url, newSd);
}
catch (Exception ex)
{
session.Log("Error Adding ACL. " + ex.Message);
return ActionResult.Failure;
}
}
return ActionResult.Success;
}
finally
{
if (nsManager != null)
{
nsManager.Dispose();
}
}
}
public bool Contains(AccessControlEntry entry) {}
public void Remove(AccessControlEntry entry) {}
private void HandleCheckBoxClick(CheckBox source, AceType aceType, AceRights aceRight)
{
foreach (AccessControlEntry ace in this.acl)
{
if (ace.AceType == aceType && ace.AccountSID == this.selectedUser)
{
if (source.Checked)
{
ace.Add(aceRight);
}
else
{
ace.Remove(aceRight);
}
return;
}
}
// The ace type doesn't exist
AccessControlEntry newAce = new AccessControlEntry(this.selectedUser);
newAce.AceType = aceType;
newAce.Add(aceRight);
this.acl.Add(newAce);
}
public void CopyTo(AccessControlEntry[] array, int index) {}
public void Insert(int index, AccessControlEntry entry) {}
// Methods
public int Add(AccessControlEntry entry) {}
private void buttonAdd_Click(object sender, EventArgs e)
{
string accountName;
if (InputBox.Show("Add User or Group", "Enter the User or Group Name:", out accountName) == DialogResult.OK)
{
try
{
SecurityIdentity sid = SecurityIdentity.SecurityIdentityFromName(accountName);
if (MessageBox.Show(String.Format("Add user or group: {0}?", sid.Name), "User or Group Found", MessageBoxButtons.YesNo, MessageBoxIcon.Question) == DialogResult.Yes)
{
if (!this.userList.Contains(sid))
{
AccessControlEntry ace = new AccessControlEntry(sid);
ace.AceType = AceType.AccessAllowed;
this.acl.Add(ace);
this.userList.Add(sid);
this.listUsersAndGroups.Items.Add(sid);
}
else
{
MessageBox.Show("The selected user or group already exists.", "Duplicate User or Group", MessageBoxButtons.OK, MessageBoxIcon.Warning);
}
}
}
catch (Exception ex)
{
MessageBox.Show("User or group name was not found. " + ex.Message, "User or Group Not Found", MessageBoxButtons.OK, MessageBoxIcon.Warning);
}
}
}
public void SetBit( Permission mask, AccessControlEntry accessControl )
{
switch( accessControl )
{
case AccessControlEntry.Allow:
allowMask |= (Permission)((long)mask & (long)-1);
denyMask &= ~(Permission)((long)mask & (long)-1);
break;
case AccessControlEntry.NotSet:
allowMask &= ~(Permission)((long)mask & (long)-1);
denyMask &= ~(Permission)((long)mask & (long)-1);
break;
default:
allowMask &= ~(Permission)((long)mask & (long)-1);
denyMask |= (Permission)((long)mask & (long)-1);
break;
}
}
