private SnAccessControlEntry CreateEntry(int principalId, bool propagates)
{
var entry = SnAccessControlEntry.CreateEmpty(principalId, propagates); //TODO: CreateEmpty(principal);
var list = acl.Entries.ToList();
list.Add(entry);
acl.Entries = list;
return(entry);
}
internal void AddEntry(SnAccessControlEntry entry)
{
var newEntry = CreateEntry(entry.Identity.NodeId, entry.Propagates);
uint allowBits, denyBits;
entry.GetPermissionBits(out allowBits, out denyBits);
PermissionBits.SetBits(ref allowBits, ref denyBits);
newEntry.SetPermissionsBits(allowBits, denyBits);
var list = acl.Entries.ToList();
list.Add(newEntry);
acl.Entries = list.ToArray();
}
internal SnAccessControlList BuildAcl(SnAccessControlList acl)
{
//var principals = GetEffectedPrincipals();
var aces = new Dictionary <int, SnAccessControlEntry>();
var localOnlyAces = new List <SnAccessControlEntry>();
if (this.Path == acl.Path)
{
foreach (var permSet in this.PermissionSets)
{
if (permSet.Propagates)
{
continue;
}
var princ = permSet.PrincipalId;
SnAccessControlEntry ace;
ace = SnAccessControlEntry.CreateEmpty(princ, permSet.Propagates);
localOnlyAces.Add(ace);
// get permissions and paths
int mask = 1;
for (int i = 0; i < ActiveSchema.PermissionTypes.Count; i++)
{
var permission = ace.Permissions.ElementAt(i);
if ((permSet.DenyBits & mask) != 0)
{
permission.Deny = true;
permission.DenyFrom = null;
}
var allow = (permSet.AllowBits & mask) != 0;
if ((permSet.AllowBits & mask) != 0)
{
permission.Allow = true;
permission.AllowFrom = null;
}
mask = mask << 1;
}
}
}
for (var permInfo = this; permInfo != null; permInfo = permInfo.Inherits ? permInfo.Parent : null)
{
foreach (var permSet in permInfo.PermissionSets)
{
if (!permSet.Propagates)
{
continue;
}
var localEntry = acl.Path == permInfo.Path;
// get ace by princ
var princ = permSet.PrincipalId;
SnAccessControlEntry ace;
if (!aces.TryGetValue(princ, out ace))
{
ace = SnAccessControlEntry.CreateEmpty(princ, permSet.Propagates);
aces.Add(princ, ace);
}
// get permissions and paths
int mask = 1;
for (int i = 0; i < ActiveSchema.PermissionTypes.Count; i++)
{
var permission = ace.Permissions.ElementAt(i);
if (!permission.Deny)
{
if ((permSet.DenyBits & mask) != 0)
{
permission.Deny = true;
permission.DenyFrom = SearchFirstPath(acl.Path, permInfo, permSet, mask, true);
}
}
if (!permission.Allow)
{
var allow = (permSet.AllowBits & mask) != 0;
if ((permSet.AllowBits & mask) != 0)
{
permission.Allow = true;
permission.AllowFrom = SearchFirstPath(acl.Path, permInfo, permSet, mask, false);
}
}
mask = mask << 1;
}
}
}
acl.Inherits = acl.Path == this.Path ? this.Inherits : true;
localOnlyAces.AddRange(aces.Values);
acl.Entries = localOnlyAces.ToArray();
return(acl);
}
private void RemoveEntry(SnAccessControlEntry entry)
{
acl.Entries = acl.Entries.Except(new SnAccessControlEntry[] { entry }).ToList();
}
private SnPermission GetSnPerm(SnAccessControlEntry entry, PermissionType permType)
{
return(entry.Permissions.Where(p => p.Name == permType.Name).First());
}
