/// <summary>
/// Gets the authorizations.
/// </summary>
/// <returns></returns>
public IAzManAuthorization[] GetAuthorizations()
{
var auths = (from tf in this.db.Authorizations()
where
(this.application.Store.Storage.Mode == NetSqlAzManMode.Administrator && tf.ObjectSidWhereDefined != (byte)WhereDefined.Local
||
this.application.Store.Storage.Mode != NetSqlAzManMode.Administrator)
&&
tf.ItemId == this.itemId
select tf).ToList();
int index = 0;
IAzManAuthorization[] authorizations = new SqlAzManAuthorization[auths.Count];
foreach (var row in auths)
{
authorizations[index] = new SqlAzManAuthorization(this.db, this, row.AuthorizationId.Value, new SqlAzManSID(row.OwnerSid.ToArray(), row.OwnerSidWhereDefined == (byte)(WhereDefined.Database)), (WhereDefined)row.OwnerSidWhereDefined, new SqlAzManSID(row.ObjectSid.ToArray(), row.ObjectSidWhereDefined == (byte)(WhereDefined.Database)), (WhereDefined)row.ObjectSidWhereDefined, (AuthorizationType)row.AuthorizationType, row.ValidFrom, row.ValidTo, this.ens);
if (this.ens != null)
this.ens.AddPublisher(authorizations[index]);
index++;
}
return authorizations;
}
/// <summary>
/// Creates the delegation [DB Users].
/// </summary>
/// <param name="delegatingUser">The delegating user.</param>
/// <param name="delegateUser">The delegate user.</param>
/// <param name="authorizationType">Type of the authorization.</param>
/// <param name="validFrom">The valid from.</param>
/// <param name="validTo">The valid to.</param>
/// <returns>IAzManAuthorization</returns>
public IAzManAuthorization CreateDelegateAuthorization(IAzManDBUser delegatingUser, IAzManSid delegateUser, RestrictedAuthorizationType authorizationType, DateTime? validFrom, DateTime? validTo)
{
//DateTime range check
if (validFrom.HasValue && validTo.HasValue)
{
if (validFrom.Value > validTo.Value)
throw new InvalidOperationException("ValidFrom cannot be greater then ValidTo if supplied.");
}
string delegatedName;
bool isLocal;
DirectoryServicesUtils.GetMemberInfo(delegateUser.StringValue, out delegatedName, out isLocal);
//Check if user has AllowWithDelegation permission on this Item.
if (this.CheckAccess(delegatingUser, DateTime.Now) != AuthorizationType.AllowWithDelegation)
{
string msg = String.Format("Create Delegate permission deny for user '{0}' ({1}) to user '{2}' ({3}).", delegatingUser.UserName, delegatingUser.CustomSid.StringValue, delegatedName, delegateUser.StringValue);
throw new SqlAzManException(msg);
}
WhereDefined sidWhereDefined = isLocal ? WhereDefined.Local : WhereDefined.LDAP;
if (this.application.Store.Storage.Mode == NetSqlAzManMode.Administrator && sidWhereDefined == WhereDefined.Local)
{
throw new SqlAzManException("Cannot create a Delegate defined on local in Administrator Mode");
}
IAzManSid owner = delegatingUser.CustomSid;
string ownerName = delegatingUser.UserName;
WhereDefined ownerSidWhereDefined = WhereDefined.Database;
int? authorizationId = 0;
this.db.CreateDelegate(this.itemId, owner.BinaryValue, (byte)ownerSidWhereDefined, delegateUser.BinaryValue, (byte)sidWhereDefined, (byte)authorizationType, (validFrom.HasValue ? validFrom.Value : new DateTime?()), (validTo.HasValue ? validTo.Value : new DateTime?()), ref authorizationId);
IAzManAuthorization result = new SqlAzManAuthorization(this.db, this, authorizationId.Value, owner, ownerSidWhereDefined, delegateUser, sidWhereDefined, (AuthorizationType)authorizationType, validFrom, validTo, this.ens);
this.raiseDelegateCreated(this, result);
if (this.ens != null)
this.ens.AddPublisher(result);
return result;
}
/// <summary>
/// Gets the authorization.
/// </summary>
/// <param name="authorizationId">The authorization id.</param>
/// <returns></returns>
public IAzManAuthorization GetAuthorization(int authorizationId)
{
AuthorizationsResult ar;
if ((ar = (from t in this.db.Authorizations() where t.ItemId == this.itemId && t.AuthorizationId == authorizationId select t).FirstOrDefault()) != null)
{
if (this.application.Store.Storage.Mode == NetSqlAzManMode.Administrator && ar.ObjectSidWhereDefined == (byte)WhereDefined.Local)
{
throw SqlAzManException.AuthorizationNotFoundException(authorizationId, this, null);
}
else
{
IAzManAuthorization result = new SqlAzManAuthorization(this.db, this, ar.AuthorizationId.Value, new SqlAzManSID(ar.OwnerSid.ToArray(), ar.OwnerSidWhereDefined == (byte)(WhereDefined.Database)), (WhereDefined)ar.OwnerSidWhereDefined, new SqlAzManSID(ar.ObjectSid.ToArray(), ar.ObjectSidWhereDefined == (byte)(WhereDefined.Database)), (WhereDefined)(ar.ObjectSidWhereDefined), (AuthorizationType)ar.AuthorizationType, ar.ValidFrom, ar.ValidTo, this.ens);
if (this.ens != null)
this.ens.AddPublisher(result);
return result;
}
}
else
{
throw SqlAzManException.AuthorizationNotFoundException(authorizationId, this, null);
}
}
/// <summary>
/// Creates the authorization.
/// </summary>
/// <param name="owner">The owner owner.</param>
/// <param name="ownerSidWhereDefined">The owner sid where defined.</param>
/// <param name="sid">The object owner.</param>
/// <param name="sidWhereDefined">The object owner where defined.</param>
/// <param name="authorizationType">Type of the authorization.</param>
/// <param name="validFrom">The valid from.</param>
/// <param name="validTo">The valid to.</param>
/// <returns></returns>
public IAzManAuthorization CreateAuthorization(IAzManSid owner, WhereDefined ownerSidWhereDefined, IAzManSid sid, WhereDefined sidWhereDefined, AuthorizationType authorizationType, DateTime? validFrom, DateTime? validTo)
{
//DateTime range check
if (validFrom.HasValue && validTo.HasValue)
{
if (validFrom.Value > validTo.Value)
throw new InvalidOperationException("ValidFrom cannot be greater then ValidTo if supplied.");
}
if (this.application.Store.Storage.Mode == NetSqlAzManMode.Administrator && sidWhereDefined == WhereDefined.Local)
{
throw new SqlAzManException("Cannot create an Authorization on members defined on local in Administrator Mode");
}
var existing = (from aut in this.db.Authorizations()
where aut.ItemId == this.itemId && aut.OwnerSid == owner.BinaryValue && aut.OwnerSidWhereDefined == (byte)ownerSidWhereDefined && aut.ObjectSid == sid.BinaryValue && aut.AuthorizationType == (byte)authorizationType && aut.ValidFrom == validFrom && aut.ValidTo == validTo
select aut).FirstOrDefault();
if (existing == null)
{
int id = this.db.AuthorizationInsert(this.itemId, owner.BinaryValue, (byte)ownerSidWhereDefined, sid.BinaryValue, (byte)sidWhereDefined, (byte)authorizationType, (validFrom.HasValue ? validFrom.Value : new DateTime?()), (validTo.HasValue ? validTo.Value : new DateTime?()), this.application.ApplicationId);
IAzManAuthorization result = new SqlAzManAuthorization(this.db, this, id, owner, ownerSidWhereDefined, sid, sidWhereDefined, authorizationType, validFrom, validTo, this.ens);
this.raiseAuthorizationCreated(this, result);
if (this.ens != null)
this.ens.AddPublisher(result);
this.authorizations = null; //Force cache refresh
return result;
}
else
{
IAzManAuthorization result = new SqlAzManAuthorization(this.db, this, existing.ItemId.Value, new SqlAzManSID(existing.OwnerSid.ToArray()), (WhereDefined)existing.OwnerSidWhereDefined, new SqlAzManSID(existing.ObjectSid.ToArray()), (WhereDefined)existing.ObjectSidWhereDefined, (AuthorizationType)existing.AuthorizationType.Value, existing.ValidFrom, existing.ValidTo, this.ens);
return result;
}
}
