/// <summary>
///
/// </summary>
/// <param name="resource"></param>
/// <param name="subjects"></param>
/// <returns><see cref="true"/> if the <paramref name="subjects"/> specified have at least one rule that allow them to do something within the resource hierarchy</returns>
public static bool CanBrowse(string resource, params string[] subjects)
{
resource = resource.ToLower();
foreach (AccessRule acl in DefaultProvider.GetAcls(resource, "*"))
{
if (acl.Type == AccessRules.Allow)
{
return(true);
}
}
return(false);
}
public static bool IsAllowed(string resource, string verb, params string[] subjects)
{
OrderedList <string, AccessRule> acls = new OrderedList <string, AccessRule>(new ReverseComparer <string>());
//OrderedList<string, Acl> denied = new OrderedList<string, Acl>(new ReverseComparer<string>());
List <string> subjectList = new List <string>();
foreach (string subject in subjects)
{
subjectList.Add(subject.ToLower());
}
resource = resource.ToLower();
verb = verb.ToLower();
foreach (AccessRule acl in DefaultProvider.GetAcls(resource, verb))
{
acls.Add(acl.Resource, acl);
}
bool isExplicit = false;
AccessRules aclType = AccessRules.Deny;
bool set = false;
string mostAppropriateResourcePath = resource;
bool isFirst = true;
foreach (AccessRule acl in acls)
{
if (isFirst)
{
mostAppropriateResourcePath = acl.Resource;
isFirst = false;
}
if (set && mostAppropriateResourcePath != acl.Resource)
{
return(aclType == AccessRules.Allow);
}
if (acl.Subject == "*")
{
set = true;
aclType = acl.Type;
}
if (subjectList.Contains(acl.Subject))
{
set = true;
isExplicit = true;
aclType = acl.Type;
}
if (isExplicit)
{
return(aclType == AccessRules.Allow);
}
}
return(aclType == AccessRules.Allow);
// Search for explicit rule or inherit for parent at each level
// If two explicit rules are found, Deny has the priority
//bool isDenied = false;
//while (resource != string.Empty)
//{
// //foreach (string verb in verbs)
// //{
// if (denied.ContainsKey(resource))
// {
// foreach (Acl acl in denied[resource])
// {
// if (verbList.Contains(acl.verb))
// return false;
// }
// // if global rule, allow only if there is a specific user's rule for the current path
// if (denied[resource].Contains(new Deny(resource, "*")))
// isDenied = allowed.ContainsKey(resource) && allowed[resource].Contains(verb);
// }
// if (allowed.ContainsKey(resource) && (allowed[resource].Contains(verb) || (!isDenied && allowed[resource].Contains("*"))))
// return true;
//}
//if (isDenied)
// return false;
//if (resource == ROOT)
// return false;
//resource = resource.LastIndexOf(ROOT) <= 0 ? ROOT : resource.Substring(0, resource.LastIndexOf(ROOT));
//return false;
}