public static GetDirectoryName ( IFilesStorageProviderV30 prov, string name ) : string | ||
prov | IFilesStorageProviderV30 | The provider. |
name | string | The directory name. |
Résultat | string |
/// <summary> /// Gets all the actions for a directory that are denied to a subject. /// </summary> /// <param name="subject">The subject.</param> /// <param name="provider">The provider.</param> /// <param name="directory">The directory.</param> /// <returns>The denied actions.</returns> private static string[] RetrieveDenialsForDirectory(string subject, IFilesStorageProviderV30 provider, string directory) { if (provider == null) { throw new ArgumentNullException("provider"); } if (directory == null) { throw new ArgumentNullException("directory"); } if (directory.Length == 0) { throw new ArgumentException("Directory cannot be empty", "directory"); } string resourceName = Actions.ForDirectories.ResourceMasterPrefix + AuthTools.GetDirectoryName(provider, directory); AclEntry[] entries = SettingsProvider.AclManager.RetrieveEntriesForSubject(subject); List <string> result = new List <string>(entries.Length); foreach (AclEntry entry in entries) { if (entry.Value == Value.Deny && entry.Resource == resourceName) { result.Add(entry.Action); } } return(result.ToArray()); }
/// <summary> /// Processes the renaming of a directory. /// </summary> /// <param name="provider">The provider.</param> /// <param name="oldName">The old directory name (full path).</param> /// <param name="newName">The new directory name (full path).</param> /// <returns><c>true</c> if the operation completed successfully, <c>false</c> otherwise.</returns> /// <remarks>The method <b>does not</b> recurse in sub-directories.</remarks> public bool ProcessDirectoryRenaming(IFilesStorageProviderV40 provider, string oldName, string newName) { if (provider == null) { throw new ArgumentNullException("provider"); } if (oldName == null) { throw new ArgumentNullException("oldName"); } if (oldName.Length == 0) { throw new ArgumentException("Old Name cannot be empty", "oldName"); } if (newName == null) { throw new ArgumentNullException("newName"); } if (newName.Length == 0) { throw new ArgumentException("New Name cannot be empty", "newName"); } return(_settingsProvider.AclManager.RenameResource( Actions.ForDirectories.ResourceMasterPrefix + AuthTools.GetDirectoryName(provider, oldName), Actions.ForDirectories.ResourceMasterPrefix + AuthTools.GetDirectoryName(provider, newName))); }
/// <summary> /// Removes all the ACL Entries for a directory that are bound to a subject. /// </summary> /// <param name="subject">The subject.</param> /// <param name="provider">The provider.</param> /// <param name="directory">The directory.</param> /// <returns><c>true</c> if the operation succeeded, <c>false</c> otherwise.</returns> private bool RemoveEntriesForDirectory(string subject, IFilesStorageProviderV40 provider, string directory) { if (provider == null) { throw new ArgumentNullException("provider"); } if (directory == null) { throw new ArgumentNullException("directory"); } if (directory.Length == 0) { throw new ArgumentException("Directory cannot be empty", "directory"); } string resourceName = Actions.ForDirectories.ResourceMasterPrefix + AuthTools.GetDirectoryName(provider, directory); AclEntry[] entries = _settingsProvider.AclManager.RetrieveEntriesForSubject(subject); foreach (AclEntry entry in entries) { if (entry.Resource == resourceName) { // This call automatically logs the operation result bool done = SetPermissionForDirectory(AuthStatus.Delete, provider, directory, entry.Action, subject); if (!done) { return(false); } } } return(true); }
private static void MigrateDirectories(IFilesStorageProviderV30 source, IFilesStorageProviderV30 destination, string current, ISettingsStorageProviderV30 settingsProvider) { // Copy files var files = source.ListFiles(current); foreach (var file in files) { // Copy file content using (var ms = new MemoryStream(1048576)) { source.RetrieveFile(file, ms, false); ms.Seek(0, SeekOrigin.Begin); destination.StoreFile(file, ms, false); } // Copy download count FileDetails fileDetails = source.GetFileDetails(file); destination.SetFileRetrievalCount(file, fileDetails.RetrievalCount); // Delete source file, if root if (current == "/") { source.DeleteFile(file); } } settingsProvider.AclManager.RenameResource( Actions.ForDirectories.ResourceMasterPrefix + AuthTools.GetDirectoryName(source, current), Actions.ForDirectories.ResourceMasterPrefix + AuthTools.GetDirectoryName(destination, current)); // Copy directories var directories = source.ListDirectories(current); foreach (var dir in directories) { destination.CreateDirectory(current, dir.Substring(dir.TrimEnd('/').LastIndexOf("/") + 1).Trim('/')); MigrateDirectories(source, destination, dir, settingsProvider); // Delete directory, if root if (current == "/") { source.DeleteDirectory(dir); } } }
/// <summary> /// Clears all the ACL entries for a directory. /// </summary> /// <param name="provider">The provider.</param> /// <param name="directory">The directory.</param> public void ClearEntriesForDirectory(IFilesStorageProviderV40 provider, string directory) { if (provider == null) { throw new ArgumentNullException("provider"); } if (directory == null) { throw new ArgumentNullException("directory"); } if (directory.Length == 0) { throw new ArgumentException("Directory cannot be empty", "directory"); } string resourceName = Actions.ForDirectories.ResourceMasterPrefix + AuthTools.GetDirectoryName(provider, directory); _settingsProvider.AclManager.DeleteEntriesForResource(resourceName); }
/// <summary> /// Retrieves the subjects that have ACL entries set for a directory. /// </summary> /// <param name="provider">The provider.</param> /// <param name="directory">The directory.</param> /// <returns>The subjects.</returns> public static SubjectInfo[] RetrieveSubjectsForDirectory(IFilesStorageProviderV30 provider, string directory) { if (provider == null) { throw new ArgumentNullException("provider"); } if (directory == null) { throw new ArgumentNullException("directory"); } if (directory.Length == 0) { throw new ArgumentException("Directory cannot be empty", "directory"); } AclEntry[] entries = SettingsProvider.AclManager.RetrieveEntriesForResource(Actions.ForDirectories.ResourceMasterPrefix + AuthTools.GetDirectoryName(provider, directory)); List <SubjectInfo> result = new List <SubjectInfo>(entries.Length); for (int i = 0; i < entries.Length; i++) { SubjectType type = AuthTools.IsGroup(entries[i].Subject) ? SubjectType.Group : SubjectType.User; // Remove the subject qualifier ('U.' or 'G.') string name = entries[i].Subject.Substring(2); if (result.Find(delegate(SubjectInfo x) { return(x.Name == name && x.Type == type); }) == null) { result.Add(new SubjectInfo(name, type)); } } return(result.ToArray()); }
/// <summary> /// Checks whether an action is allowed for a directory. /// </summary> /// <param name="provider">The provider that manages the directory.</param> /// <param name="directory">The full path of the directory.</param> /// <param name="action">The action the user is attempting to perform.</param> /// <param name="currentUser">The current user.</param> /// <param name="groups">The groups the user is member of.</param> /// <returns><c>true</c> if the action is allowed, <c>false</c> otherwise.</returns> public static bool CheckActionForDirectory(IFilesStorageProviderV30 provider, string directory, string action, string currentUser, string[] groups) { if (provider == null) { throw new ArgumentNullException("provider"); } if (directory == null) { throw new ArgumentNullException("directory"); } if (directory.Length == 0) { throw new ArgumentException("Directory cannot be empty", "directory"); } if (action == null) { throw new ArgumentNullException("action"); } if (action.Length == 0) { throw new ArgumentException("Action cannot be empty", "action"); } if (!AuthTools.IsValidAction(action, Actions.ForDirectories.All)) { throw new ArgumentException("Invalid action", "action"); } if (currentUser == null) { throw new ArgumentNullException("currentUser"); } if (currentUser.Length == 0) { throw new ArgumentException("Current User cannot be empty", "currentUser"); } if (groups == null) { throw new ArgumentNullException("groups"); } if (currentUser == "admin") { return(true); } string resourceName = Actions.ForDirectories.ResourceMasterPrefix + AuthTools.GetDirectoryName(provider, directory); AclEntry[] entries = SettingsProvider.AclManager.RetrieveEntriesForResource(resourceName); Authorization auth = AclEvaluator.AuthorizeAction(resourceName, action, AuthTools.PrepareUsername(currentUser), AuthTools.PrepareGroups(groups), entries); if (auth != Authorization.Unknown) { return(auth == Authorization.Granted); } // Try local escalators string[] localEscalators = null; if (Actions.ForDirectories.LocalEscalators.TryGetValue(action, out localEscalators)) { foreach (string localAction in localEscalators) { bool authorized = CheckActionForDirectory(provider, directory, localAction, currentUser, groups); if (authorized) { return(true); } } } // Try directory escalation (extract parent directory and check its permissions) // Path manipulation keeps the format used by the caller (leading and trailing slashes are preserved if appropriate) string trimmedDirectory = directory.Trim('/'); if (trimmedDirectory.Length > 0) { int slashIndex = trimmedDirectory.LastIndexOf('/'); string parentDir = ""; if (slashIndex > 0) { // Navigate one level up, using the same slash format as the current one parentDir = (directory.StartsWith("/") ? "/" : "") + trimmedDirectory.Substring(0, slashIndex) + (directory.EndsWith("/") ? "/" : ""); } else { // This is the root parentDir = directory.StartsWith("/") ? "/" : ""; } bool authorized = CheckActionForDirectory(provider, parentDir, action, currentUser, groups); if (authorized) { return(true); } } // Try global escalators string[] globalEscalators = null; if (Actions.ForDirectories.GlobalEscalators.TryGetValue(action, out globalEscalators)) { foreach (string globalAction in globalEscalators) { bool authorized = CheckActionForGlobals(globalAction, currentUser, groups); if (authorized) { return(true); } } } return(false); }
/// <summary> /// Sets a permission for a directory. /// </summary> /// <param name="status">The authorization status.</param> /// <param name="provider">The provider that handles the directory.</param> /// <param name="directory">The directory.</param> /// <param name="action">The action of which to modify the authorization status.</param> /// <param name="subject">The subject of the authorization change.</param> /// <returns><c>true</c> if the authorization status is changed, <c>false</c> otherwise.</returns> private bool SetPermissionForDirectory(AuthStatus status, IFilesStorageProviderV40 provider, string directory, string action, string subject) { if (provider == null) { throw new ArgumentNullException("provider"); } if (directory == null) { throw new ArgumentNullException("directory"); } if (directory.Length == 0) { throw new ArgumentException("Directory cannot be empty", "directory"); } if (action == null) { throw new ArgumentNullException("action"); } if (action.Length == 0) { throw new ArgumentException("Action cannot be empty", "action"); } if (action != Actions.FullControl && !AuthTools.IsValidAction(action, Actions.ForDirectories.All)) { throw new ArgumentException("Invalid action", "action"); } string directoryName = AuthTools.GetDirectoryName(provider, directory); if (status == AuthStatus.Delete) { bool done = _settingsProvider.AclManager.DeleteEntry(Actions.ForDirectories.ResourceMasterPrefix + directoryName, action, subject); if (done) { Log.LogEntry(MessageDeleteSuccess + GetLogMessage(Actions.ForDirectories.ResourceMasterPrefix, directoryName, action, subject, Delete), EntryType.General, Log.SystemUsername, _settingsProvider.CurrentWiki); } else { Log.LogEntry(MessageDeleteFailure + GetLogMessage(Actions.ForDirectories.ResourceMasterPrefix, directoryName, action, subject, Delete), EntryType.Error, Log.SystemUsername, _settingsProvider.CurrentWiki); } return(done); } else { bool done = _settingsProvider.AclManager.StoreEntry(Actions.ForDirectories.ResourceMasterPrefix + directoryName, action, subject, status == AuthStatus.Grant ? Value.Grant : Value.Deny); if (done) { Log.LogEntry(MessageSetSuccess + GetLogMessage(Actions.ForDirectories.ResourceMasterPrefix, directoryName, action, subject, Set + status.ToString()), EntryType.General, Log.SystemUsername, _settingsProvider.CurrentWiki); } else { Log.LogEntry(MessageSetFailure + GetLogMessage(Actions.ForDirectories.ResourceMasterPrefix, directoryName, action, subject, Set + status.ToString()), EntryType.Error, Log.SystemUsername, _settingsProvider.CurrentWiki); } return(done); } }