/// <summary> /// Inserts a list of <see cref="AccessRuleItem" />s to the specified <paramref name="item" />. /// </summary> /// <param name="objectType">The type of the shared object to be inserted.</param> /// <param name="objectId">The primary key for the shared object to be inserted.</param> /// <param name="rule">The ACEs (Access Control Entries) to insert.</param> /// <param name="cancellationToken">A token to observe while waiting for the task to complete.</param> /// <returns> /// A task that represents the asynchronous operation. /// </returns> public virtual async Task <ValidationResult> AddAccessRuleAsync(AccessObjectType objectType, int objectId, AccessRuleItem rule, CancellationToken cancellationToken) { cancellationToken.ThrowIfCancellationRequested(); ThrowIfDisposed(); if (rule == null) { throw new ArgumentNullException(nameof(rule)); } if (await AccessRules.Where(objectType, objectId, rule.User?.Id).AnyAsync(cancellationToken)) { return(ValidationResult.Failed("Duplicated ACE entry.")); } AccessRules.Add(new SecurityAccessRule { ObjectType = objectType, ObjectId = objectId, UserId = rule.User?.Id, Permission = rule.Permission, Visibility = rule.Visibility }); await SaveChangesAsync(cancellationToken); return(ValidationResult.Success); }
/// <summary> /// Retrieves the <see cref="AccessRuleItem" /> associated with the key, as an asynchronous operation. /// </summary> /// <param name="objectType">The type of the shared object to be found.</param> /// <param name="objectId">The primary key of the shared object to be found.</param> /// <param name="cancellationToken">The <see cref="CancellationToken" /> used to propagate notifications that the operation should be canceled.</param> /// <returns> /// The <see cref="Task" /> for the asynchronous operation, containing the contact, if any which matched the specified key. /// </returns> public virtual Task <AccessRuleItem> GetAccessRuleAsync(AccessObjectType objectType, int objectId, CancellationToken cancellationToken) { cancellationToken.ThrowIfCancellationRequested(); ThrowIfDisposed(); return(AccessRules .Where(objectType, objectId, null) .Select(ace => new AccessRuleItem { Permission = ace.Permission, Visibility = ace.Visibility }) .SingleOrDefaultAsync(cancellationToken)); }
/// <summary> /// Retrieves the <see cref="AccessRuleItem" /> associated with the key, as an asynchronous operation. /// </summary> /// <param name="objectType">The type of the shared object to be found.</param> /// <param name="objectId">The primary key of the shared object to be found.</param> /// <param name="userId">The primary key of the user to be found.</param> /// <param name="cancellationToken">The <see cref="CancellationToken" /> used to propagate notifications that the operation should be canceled.</param> /// <returns> /// The <see cref="Task" /> for the asynchronous operation, containing the contact, if any which matched the specified key. /// </returns> public virtual Task <AccessRuleItem> GetAccessRuleByUserAsync(AccessObjectType objectType, int objectId, int userId, CancellationToken cancellationToken) { cancellationToken.ThrowIfCancellationRequested(); ThrowIfDisposed(); return(AccessRules.Where(objectType, objectId, userId).Select(ace => new AccessRuleItem { Permission = ace.Permission, Visibility = ace.Visibility, User = new AccountItem { Id = ace.User.Id, Email = ace.User.Email, FirstName = ace.User.FirstName, LastName = ace.User.LastName, Gender = ace.User.Gender, Birthday = ace.User.Birthday } }).SingleOrDefaultAsync(cancellationToken)); }
/// <summary> /// Deletes a list of <see cref="AccessRuleItem" />s from the specified <paramref name="item" />. /// </summary> /// <param name="objectType">The type of the shared object to be removed.</param> /// <param name="objectId">The primary key for the shared object to be removed.</param> /// <param name="rule">The ACEs (Access Control Entries) to delete.</param> /// <param name="cancellationToken">A token to observe while waiting for the task to complete.</param> /// <returns> /// A task that represents the asynchronous operation. /// </returns> public virtual async Task <ValidationResult> RemoveAccessRuleAsync(AccessObjectType objectType, int objectId, AccessRuleItem rule, CancellationToken cancellationToken) { cancellationToken.ThrowIfCancellationRequested(); ThrowIfDisposed(); if (rule == null) { throw new ArgumentNullException(nameof(rule)); } var aceEntity = await AccessRules.Where(objectType, objectId, rule.User?.Id).SingleOrDefaultAsync(cancellationToken); if (aceEntity == null) { throw new InvalidOperationException("ACE does not exist."); } Context.Remove(aceEntity); await SaveChangesAsync(cancellationToken); return(ValidationResult.Success); }
public FileSystemRights GetEffectiveRights(UserGroup user) { var userSids = new List <string> { user.Sid }; userSids.AddRange(user.Groups); FileSystemRights inheritedDenyRights = 0, denyRights = 0; FileSystemRights inheritedAllowRights = 0, allowRights = 0; foreach (FileSystemAccessRuleForUI Rule in AccessRules.Where(x => userSids.Contains(x.IdentityReference))) { if (Rule.AccessControlType == AccessControlType.Deny) { if (Rule.IsInherited) { inheritedDenyRights |= Rule.FileSystemRights; } else { denyRights |= Rule.FileSystemRights; } } else if (Rule.AccessControlType == AccessControlType.Allow) { if (Rule.IsInherited) { inheritedAllowRights |= Rule.FileSystemRights; } else { allowRights |= Rule.FileSystemRights; } } } return((inheritedAllowRights & ~inheritedDenyRights) | (allowRights & ~denyRights)); }