public bool HasPermission(Principal principal, AclType aclType) { if (principal == null) { throw new ArgumentNullException("principal"); } bool hasPermission = false; // if the principal and owner are the same, there is no need to // go to the DB if (principal.PrincipalId == this.Owner.PrincipalId) { hasPermission = true; } else { AclType permissions = AclsDbInteractor.Instance.GetAcls(this.ResourceId, GetActorId(), principal.PrincipalId); if (permissions != AclType.None) { if ((permissions | aclType) == aclType) { hasPermission = true; } } } return hasPermission; }
/// <summary> /// Public constructor /// </summary> /// <param name="type">Type of ACL entry: User/group/Other/mask</param> /// <param name="userOrGroupId">Object ID of the object depending on the type of the ACL entry. For acl type other and mask it should be null</param> /// <param name="scope">ACCESS or DEFAULT</param> /// <param name="action">The type of ACL to set</param> public AclEntry(AclType type, string userOrGroupId, AclScope scope, AclAction action) { Type = type; UserOrGroupId = userOrGroupId; Scope = scope; Action = action; }
public AclItem(string id, string extraId, string name, AclType type) { this.id = id; this.extraId = extraId; this.name = name; this.type = type; }
public AclEntry(AclScope scope, AclType type, string upnOrObjectId, GrantType grant) { Scope = scope; AclType = type; UpnOrObjectId = upnOrObjectId; Grant = grant; }
public static string AclTypeToString(AclType type) { string aclType = "ERROR"; if (type == AclType.Mask) { aclType = "mask"; } else if (type == AclType.NamedGroup) { aclType = "group"; } else if (type == AclType.NamedUser) { aclType = "user"; } else if (type == AclType.Other) { aclType = "other"; } else if (type == AclType.OwningGroup) { aclType = "group"; } else if (type == AclType.OwningUser) { aclType = "user"; } else { throw new ArgumentOutOfRangeException(); } return(aclType); }
public static async Task <AclRuleType> CreateAclRule( this IComputeApiClient client, string networkId, string aclRuleName, int position, AclActionType action, AclProtocolType protocol, PortRangeTypeType portRangeType, IPAddress sourceIpAddress = null, IPAddress sourceNetmask = null, IPAddress destIpAddress = null, IPAddress destNetmask = null, int port1 = 0, int port2 = 0, AclType aclType = AclType.OUTSIDE_ACL) { return (await client.NetworkingLegacy.Network.CreateAclRule( networkId, aclRuleName, position, action, protocol, portRangeType, sourceIpAddress, sourceNetmask, destIpAddress, destNetmask, port1, port2, aclType)); }
public FsAclEntry(AclType type, string name, FsPermission permission) { this.Type = type; if (name == null) { name = ""; } this.Name = name; this.Permission = permission; }
private IEnumerable <Ace> FilterWithFilter(Func <Ace, bool> filter) { List <Ace> removed = new List <Ace>(); if (AclType.HasFlag(RemoveAclType.Dacl)) { FilterWithFilter(removed, SecurityDescriptor.Dacl, true, filter); } if (AclType.HasFlag(RemoveAclType.Sacl)) { FilterWithFilter(removed, SecurityDescriptor.Sacl, false, filter); } return(removed); }
private protected IEnumerable <Ace> FilterWithFilter(Func <Ace, bool> filter, Action <Acl, Predicate <Ace> > run_on_acl) { List <Ace> list = new List <Ace>(); if (AclType.HasFlag(SecurityDescriptorAclType.Dacl)) { FilterWithFilter(list, SecurityDescriptor.Dacl, true, filter, run_on_acl); } if (AclType.HasFlag(SecurityDescriptorAclType.Sacl)) { FilterWithFilter(list, SecurityDescriptor.Sacl, false, filter, run_on_acl); } return(list); }
private DataLakeStoreEnums.AceType MapAclEntryType(AclType aclType) { switch (aclType) { case AclType.group: return(DataLakeStoreEnums.AceType.Group); case AclType.user: return(DataLakeStoreEnums.AceType.User); case AclType.mask: return(DataLakeStoreEnums.AceType.Mask); case AclType.other: return(DataLakeStoreEnums.AceType.Other); default: throw new ArgumentException("AclType is invalid"); } }
/// <summary> /// Parses a AclEntry string into acl type, acl type Id, acl scope and acl action (permissions). /// Throws exception if the acl string is not correct. /// </summary> /// <param name="aclEntry">Acl Entry string delimited by ':'</param> /// <param name="removeAcl">Whether this string is for removing Acl.</param> /// <returns>Acl Entry instance</returns> public static AclEntry ParseAclEntryString(string aclEntry, bool removeAcl) { aclEntry = aclEntry.Trim(); string[] parts = aclEntry.Split(':'); if (parts.Length > 4) { throw new ArgumentException("Invalid AclEntry string: " + aclEntry); } if (parts.Length == 4 && !parts[0].Equals("default")) { throw new ArgumentException("Invalid AclEntry string: " + aclEntry); } int strtPartIndx = 0; AclScope scope; if (parts.Length == 4) //Because it is of AclScope default { strtPartIndx++; scope = AclScope.Default; } else { scope = AclScope.Access; } AclType aclType = (AclType)Enum.Parse(typeof(AclType), parts[strtPartIndx].Trim());//This will throw exception string aclNm = parts[strtPartIndx + 1].Trim(); if (aclType == AclType.mask && !String.IsNullOrEmpty(aclNm)) { throw new ArgumentException("AclType Mask should not contain userId or group Id"); } if (aclType == AclType.other && !String.IsNullOrEmpty(aclNm)) { throw new ArgumentException("AclType Other should not contain userId or group Id"); } AclAction action = AclAction.None; if (!removeAcl) { AclAction?ac = AclActionExtension.GetAclAction(parts[strtPartIndx + 2].Trim()); if (ac == null) { throw new ArgumentException("Invalid permission in aclentry " + aclEntry); } action = ac.Value; } return(new AclEntry(aclType, aclNm, scope, action)); }
public FsAclEntry(string entry) { var tokens = entry.Split(':'); string type_str = tokens[0].ToLowerInvariant(); string user = tokens[1]; if ((type_str == "user") && (user.Length == 0)) { this.Type = AclType.OwningUser; } else if ((type_str == "user") && (user.Length > 0)) { this.Type = AclType.NamedUser; } else if ((type_str == "group") && (user.Length == 0)) { this.Type = AclType.OwningGroup; } else if ((type_str == "group") && (user.Length > 0)) { this.Type = AclType.NamedGroup; } else if (type_str == "mask") { this.Type = AclType.Mask; } else if (type_str == "other") { this.Type = AclType.Other; } else { throw new ArgumentOutOfRangeException(); } this.Name = user; this.Permission = new FsPermission(tokens[2]); }
/// <summary> /// The create acl rule. /// </summary> /// <param name="networkId"> /// The network id. /// </param> /// <param name="aclRuleName"> /// The acl rule name. /// </param> /// <param name="position"> /// The position. /// </param> /// <param name="action"> /// The action. /// </param> /// <param name="protocol"> /// The protocol. /// </param> /// <param name="portRangeType"> /// The port range type. /// </param> /// <param name="sourceIpAddress"> /// The source ip address. /// </param> /// <param name="sourceNetmask"> /// The source netmask. /// </param> /// <param name="destIpAddress"> /// The dest ip address. /// </param> /// <param name="destNetmask"> /// The dest netmask. /// </param> /// <param name="port1"> /// The port 1. /// </param> /// <param name="port2"> /// The port 2. /// </param> /// <param name="aclType"> /// The acl type. /// </param> /// <returns> /// The <see cref="Task"/>. /// </returns> /// <exception cref="ArgumentOutOfRangeException"> /// </exception> public async Task <AclRuleType> CreateAclRule( string networkId, string aclRuleName, int position, AclActionType action, AclProtocolType protocol, PortRangeTypeType portRangeType, IPAddress sourceIpAddress = null, IPAddress sourceNetmask = null, IPAddress destIpAddress = null, IPAddress destNetmask = null, int port1 = 0, int port2 = 0, AclType aclType = AclType.OUTSIDE_ACL) { var portRange = new PortRangeType { type = portRangeType }; // Validate that the ports are specified when needed switch (portRangeType) { case PortRangeTypeType.EQUAL_TO: case PortRangeTypeType.GREATER_THAN: case PortRangeTypeType.LESS_THAN: { if (port1 < 1 || port1 > 65535) { throw new ArgumentOutOfRangeException( "port1", port1, string.Format( "Port1 must be between 1-65535 when the port range type is {0}", portRangeType)); } portRange.port1 = port1; portRange.port1Specified = true; break; } case PortRangeTypeType.RANGE: { if (port1 < 1 || port1 > 65535) { throw new ArgumentOutOfRangeException( "port1", port1, string.Format( "Port1 must be between 1-65535 when the port range type is {0}", portRangeType)); } if (port2 < 1 || port2 > 65535) { throw new ArgumentOutOfRangeException( "port2", port2, string.Format( "Port2 must be between 1-65535 when the port range type is {0}", portRangeType)); } portRange.port1 = port1; portRange.port2 = port2; portRange.port1Specified = portRange.port2Specified = true; break; } } // create the acl rule object var rule = new AclRuleType { name = aclRuleName, action = action, position = position, protocol = protocol.ToString(), portRange = portRange, type = aclType }; if (sourceIpAddress != null) { rule.sourceIpRange = new IpRangeType { ipAddress = sourceIpAddress.ToString() }; if (sourceNetmask != null) { rule.sourceIpRange.netmask = sourceNetmask.ToString(); } } if (destIpAddress != null) { rule.destinationIpRange = new IpRangeType { ipAddress = destIpAddress.ToString() }; if (destNetmask != null) { rule.destinationIpRange.netmask = destNetmask.ToString(); } } return (await _apiClient.PostAsync <AclRuleType, AclRuleType>( ApiUris.CreateAclRule(_apiClient.OrganizationId, networkId), rule)); }
public void SetAcl(Principal principal, AclType acls) { AclsStore.Instance.SetAcls(this, GetActorId(), principal.PrincipalId, acls); }
public void RemoveAcl(Principal principal, AclType aclType) { AclType permissions = AclsDbInteractor.Instance.GetAcls(this.ResourceId, GetActorId(), principal.PrincipalId); if (permissions != AclType.None) { AclType acls = permissions & ~aclType; SetAcl(principal, acls); } }
/// <summary> /// Creates a new ACL rule at a specified line using your organization ID and the ID of the target network. /// It is possible to create both inbound (OUTSIDE_ACL) and outbound (INSIDE_ACL) rule types. /// </summary> /// <param name="client"> /// The <see cref="ComputeApiClient"/> object. /// </param> /// <param name="networkId"> /// The target network id. /// </param> /// <param name="aclRuleName"> /// The name of the ACL rule. /// </param> /// <param name="position"> /// The position of the rule between 100-500 inclusive. /// </param> /// <param name="action"> /// The action (Permit/deny) of the ACL rule. /// </param> /// <param name="protocol"> /// The protocol to use (IP, ICMP, TCP, UDP). /// </param> /// <param name="portRangeType"> /// The port range type (ALL, EQUAL_TO, RANGE, GREATER_THAN, LESS_THAN). /// </param> /// <param name="sourceIpAddress"> /// Optional. If no source IP Address is supplied, the assumption is that any source IP address is allowed. /// If a source IP address is supplied without the <paramref name="sourceNetmask"/>, source IP Address represent a /// single host. /// </param> /// <param name="sourceNetmask"> /// Optional. When specified, the <paramref name="sourceIpAddress"/> must be the CIDR boundary for the network. /// </param> /// <param name="destIpAddress"> /// Optional. If no destination IP Address is supplied, the assumption is that any destination IP address is allowed. /// If a destination IP address is supplied without the <paramref name="destNetmask"/>, source IP Address represent a /// single host. /// </param> /// <param name="destNetmask"> /// Optional. When specified, the <paramref name="destIpAddress"/> must be the CIDR boundary for the network. /// </param> /// <param name="port1"> /// Optional depending on <paramref name="portRangeType"/>. Value within a range of 1-65535. /// </param> /// <param name="port2"> /// Optional depending on <paramref name="portRangeType"/>. Value within a range of 1-65535. /// </param> /// <param name="aclType"> /// Optional. One of (OUTSIDE_ACL, INSIDE_ACL). Default if not specified is OUTSIDE_ACL. /// </param> /// <returns> /// The ACL rules. /// </returns> public static async Task<AclRuleType> CreateAclRule( this IComputeApiClient client, string networkId, string aclRuleName, int position, AclActionType action, AclProtocolType protocol, PortRangeTypeType portRangeType, IPAddress sourceIpAddress = null, IPAddress sourceNetmask = null, IPAddress destIpAddress = null, IPAddress destNetmask = null, int port1 = 0, int port2 = 0, AclType aclType = AclType.OUTSIDE_ACL) { Contract.Requires(!string.IsNullOrEmpty(aclRuleName), "The ACL rule name must NOT be empty or null!"); Contract.Requires(aclRuleName.Length < 60, "ACL rule name cannot exceed 60 chars"); Contract.Requires(position >= 100 && position <= 500, "Position must be between 100 and 500 inclusive"); Contract.Requires(aclType == AclType.INSIDE_ACL || aclType == AclType.OUTSIDE_ACL, "ACL Type must be one of (OUTSIDE_ACL, INSIDE_ACL)"); var portRange = new PortRangeType {type = portRangeType}; // Validate that the ports are specified when needed switch (portRangeType) { case PortRangeTypeType.EQUAL_TO: case PortRangeTypeType.GREATER_THAN: case PortRangeTypeType.LESS_THAN: { if (port1 < 1 || port1 > 65535) throw new ArgumentOutOfRangeException( "port1", port1, string.Format( "Port1 must be between 1-65535 when the port range type is {0}", portRangeType)); portRange.port1 = port1; portRange.port1Specified = true; break; } case PortRangeTypeType.RANGE: { if (port1 < 1 || port1 > 65535) throw new ArgumentOutOfRangeException( "port1", port1, string.Format( "Port1 must be between 1-65535 when the port range type is {0}", portRangeType)); if (port2 < 1 || port2 > 65535) throw new ArgumentOutOfRangeException( "port2", port2, string.Format( "Port2 must be between 1-65535 when the port range type is {0}", portRangeType)); portRange.port1 = port1; portRange.port2 = port2; portRange.port1Specified = portRange.port2Specified = true; break; } } // create the acl rule object var rule = new AclRuleType { name = aclRuleName, action = action, position = position, protocol = protocol.ToString(), portRange = portRange, type = aclType }; if (sourceIpAddress != null) { rule.sourceIpRange = new IpRangeType {ipAddress = sourceIpAddress.ToString()}; if (sourceNetmask != null) rule.sourceIpRange.netmask = sourceNetmask.ToString(); } if (destIpAddress != null) { rule.destinationIpRange = new IpRangeType {ipAddress = destIpAddress.ToString()}; if (destNetmask != null) rule.destinationIpRange.netmask = destNetmask.ToString(); } return await client.WebApi.ApiPostAsync<AclRuleType, AclRuleType>( ApiUris.CreateAclRule(client.Account.OrganizationId, networkId), rule); }
/// <summary> /// The create acl rule. /// </summary> /// <param name="networkId"> /// The network id. /// </param> /// <param name="aclRuleName"> /// The acl rule name. /// </param> /// <param name="position"> /// The position. /// </param> /// <param name="action"> /// The action. /// </param> /// <param name="protocol"> /// The protocol. /// </param> /// <param name="portRangeType"> /// The port range type. /// </param> /// <param name="sourceIpAddress"> /// The source ip address. /// </param> /// <param name="sourceNetmask"> /// The source netmask. /// </param> /// <param name="destIpAddress"> /// The dest ip address. /// </param> /// <param name="destNetmask"> /// The dest netmask. /// </param> /// <param name="port1"> /// The port 1. /// </param> /// <param name="port2"> /// The port 2. /// </param> /// <param name="aclType"> /// The acl type. /// </param> /// <returns> /// The <see cref="Task"/>. /// </returns> /// <exception cref="ArgumentOutOfRangeException"> /// </exception> public async Task <AclRuleType> CreateAclRule( string networkId, string aclRuleName, int position, AclActionType action, AclProtocolType protocol, PortRangeTypeType portRangeType, IPAddress sourceIpAddress = null, IPAddress sourceNetmask = null, IPAddress destIpAddress = null, IPAddress destNetmask = null, int port1 = 0, int port2 = 0, AclType aclType = AclType.OUTSIDE_ACL) { Contract.Requires(!string.IsNullOrEmpty(aclRuleName), "The ACL rule name must NOT be empty or null!"); Contract.Requires(aclRuleName.Length < 60, "ACL rule name cannot exceed 60 chars"); Contract.Requires(position >= 100 && position <= 500, "Position must be between 100 and 500 inclusive"); Contract.Requires(aclType == AclType.INSIDE_ACL || aclType == AclType.OUTSIDE_ACL, "ACL Type must be one of (OUTSIDE_ACL, INSIDE_ACL)"); var portRange = new PortRangeType { type = portRangeType }; // Validate that the ports are specified when needed switch (portRangeType) { case PortRangeTypeType.EQUAL_TO: case PortRangeTypeType.GREATER_THAN: case PortRangeTypeType.LESS_THAN: { if (port1 < 1 || port1 > 65535) { throw new ArgumentOutOfRangeException( "port1", port1, string.Format( "Port1 must be between 1-65535 when the port range type is {0}", portRangeType)); } portRange.port1 = port1; portRange.port1Specified = true; break; } case PortRangeTypeType.RANGE: { if (port1 < 1 || port1 > 65535) { throw new ArgumentOutOfRangeException( "port1", port1, string.Format( "Port1 must be between 1-65535 when the port range type is {0}", portRangeType)); } if (port2 < 1 || port2 > 65535) { throw new ArgumentOutOfRangeException( "port2", port2, string.Format( "Port2 must be between 1-65535 when the port range type is {0}", portRangeType)); } portRange.port1 = port1; portRange.port2 = port2; portRange.port1Specified = portRange.port2Specified = true; break; } } // create the acl rule object var rule = new AclRuleType { name = aclRuleName, action = action, position = position, protocol = protocol.ToString(), portRange = portRange, type = aclType }; if (sourceIpAddress != null) { rule.sourceIpRange = new IpRangeType { ipAddress = sourceIpAddress.ToString() }; if (sourceNetmask != null) { rule.sourceIpRange.netmask = sourceNetmask.ToString(); } } if (destIpAddress != null) { rule.destinationIpRange = new IpRangeType { ipAddress = destIpAddress.ToString() }; if (destNetmask != null) { rule.destinationIpRange.netmask = destNetmask.ToString(); } } return (await _apiClient.PostAsync <AclRuleType, AclRuleType>( ApiUris.CreateAclRule(_apiClient.OrganizationId, networkId), rule)); }
/// <summary> /// Creates a new ACL rule at a specified line using your organization ID and the ID of the target network. /// It is possible to create both inbound (OUTSIDE_ACL) and outbound (INSIDE_ACL) rule types. /// </summary> /// <param name="client">The <see cref="ComputeApiClient"/> object.</param> /// <param name="networkId">The target network id.</param> /// <param name="aclRuleName">The name of the ACL rule.</param> /// <param name="position">The position of the rule between 100-500 inclusive.</param> /// <param name="action">The action (Permit/deny) of the ACL rule.</param> /// <param name="protocol">The protocol to use (IP, ICMP, TCP, UDP).</param> /// <param name="portRangeType">The port range type (ALL, EQUAL_TO, RANGE, GREATER_THAN, LESS_THAN).</param> /// <param name="sourceIpAddress"> /// Optional. If no source IP Address is supplied, the assumption is that any source IP address is allowed. /// If a source IP address is supplied without the <paramref name="sourceNetmask"/>, source IP Address represent a single host. /// </param> /// <param name="sourceNetmask"> /// Optional. When specified, the <paramref name="sourceIpAddress"/> must be the CIDR boundary for the network. /// </param> /// <param name="destIpAddress"> /// Optional. If no destination IP Address is supplied, the assumption is that any destination IP address is allowed. /// If a destination IP address is supplied without the <paramref name="destNetmask"/>, source IP Address represent a single host. /// </param> /// <param name="destNetmask"> /// Optional. When specified, the <paramref name="destIpAddress"/> must be the CIDR boundary for the network. /// </param> /// <param name="port1">Optional depending on <paramref name="portRangeType"/>. Value within a range of 1-65535.</param> /// <param name="port2">Optional depending on <paramref name="portRangeType"/>. Value within a range of 1-65535.</param> /// <param name="aclType">Optional. One of (OUTSIDE_ACL, INSIDE_ACL). Default if not specified is OUTSIDE_ACL.</param> /// <returns>The ACL rules.</returns> public static async Task <AclRuleType> CreateAclRuleAsync( this IComputeApiClient client, string networkId, string aclRuleName, int position, AclActionType action, AclProtocolType protocol, PortRangeTypeType portRangeType, IPAddress sourceIpAddress = null, IPAddress sourceNetmask = null, IPAddress destIpAddress = null, IPAddress destNetmask = null, int port1 = 0, int port2 = 0, AclType aclType = AclType.OUTSIDE_ACL) { if (string.IsNullOrWhiteSpace(networkId)) { throw new ArgumentException("argument cannot be null, empty or composed of whitespaces only!", "networkId"); } if (string.IsNullOrWhiteSpace(aclRuleName)) { throw new ArgumentException("argument cannot be null, empty or composed of whitespaces only!", "aclRuleName"); } if (aclRuleName.Length >= 60) { throw new ArgumentException("ACL rule name cannot exceed 60 chars", "aclRuleName"); } if (position < 100 || position > 500) { throw new ArgumentException("Position must be between 100 and 500 inclusive", "position"); } if (aclType != AclType.INSIDE_ACL && aclType != AclType.OUTSIDE_ACL) { throw new ArgumentException("ACL Type must be one of (OUTSIDE_ACL, INSIDE_ACL)", "aclType"); } var portRange = new PortRangeType { type = portRangeType }; // Validate that the ports are specified when needed switch (portRangeType) { case PortRangeTypeType.EQUAL_TO: case PortRangeTypeType.GREATER_THAN: case PortRangeTypeType.LESS_THAN: { if (port1 < 1 || port1 > 65535) { throw new ArgumentOutOfRangeException( "port1", port1, string.Format( "Port1 must be between 1-65535 when the port range type is {0}", portRangeType)); } portRange.port1 = port1; portRange.port1Specified = true; break; } case PortRangeTypeType.RANGE: { if (port1 < 1 || port1 > 65535) { throw new ArgumentOutOfRangeException( "port1", port1, string.Format( "Port1 must be between 1-65535 when the port range type is {0}", portRangeType)); } if (port2 < 1 || port2 > 65535) { throw new ArgumentOutOfRangeException( "port2", port2, string.Format( "Port2 must be between 1-65535 when the port range type is {0}", portRangeType)); } portRange.port1 = port1; portRange.port2 = port2; portRange.port1Specified = portRange.port2Specified = true; break; } } // create the acl rule object var rule = new AclRuleType { name = aclRuleName, action = action, position = position, protocol = protocol.ToString(), portRange = portRange, type = aclType }; if (sourceIpAddress != null) { rule.sourceIpRange = new IpRangeType { ipAddress = sourceIpAddress.ToString() }; if (sourceNetmask != null) { rule.sourceIpRange.netmask = sourceNetmask.ToString(); } } if (destIpAddress != null) { rule.destinationIpRange = new IpRangeType { ipAddress = destIpAddress.ToString() }; if (destNetmask != null) { rule.destinationIpRange.netmask = destNetmask.ToString(); } } return (await client.WebApi.ApiPostAsync <AclRuleType, AclRuleType>( ApiUris.CreateAclRule(client.Account.OrganizationId, networkId), rule)); }