public static IsValidAction ( string action, string validActions ) : bool | ||
action | string | The action to validate. |
validActions | string | The list of valid actions. |
Résultat | bool |
/// <summary> /// Sets a permission for a page. /// </summary> /// <param name="status">The authorization status.</param> /// <param name="pageFullName">The page full name.</param> /// <param name="action">The action of which to modify the authorization status.</param> /// <param name="subject">The subject of the authorization change.</param> /// <returns><c>true</c> if the authorization status is changed, <c>false</c> otherwise.</returns> private bool SetPermissionForPage(AuthStatus status, string pageFullName, string action, string subject) { if (pageFullName == null) { throw new ArgumentNullException("page"); } if (pageFullName.Length == 0) { throw new ArgumentException("Page cannot be empty", "page"); } if (action == null) { throw new ArgumentNullException("action"); } if (action.Length == 0) { throw new ArgumentException("Action cannot be empty", "action"); } if (action != Actions.FullControl && !AuthTools.IsValidAction(action, Actions.ForPages.All)) { throw new ArgumentException("Invalid action", "action"); } if (status == AuthStatus.Delete) { bool done = _settingsProvider.AclManager.DeleteEntry(Actions.ForPages.ResourceMasterPrefix + pageFullName, action, subject); if (done) { Log.LogEntry(MessageDeleteSuccess + GetLogMessage(Actions.ForPages.ResourceMasterPrefix, pageFullName, action, subject, Delete), EntryType.General, Log.SystemUsername, _settingsProvider.CurrentWiki); } else { Log.LogEntry(MessageDeleteFailure + GetLogMessage(Actions.ForPages.ResourceMasterPrefix, pageFullName, action, subject, Delete), EntryType.Error, Log.SystemUsername, _settingsProvider.CurrentWiki); } return(done); } else { bool done = _settingsProvider.AclManager.StoreEntry(Actions.ForPages.ResourceMasterPrefix + pageFullName, action, subject, status == AuthStatus.Grant ? Value.Grant : Value.Deny); if (done) { Log.LogEntry(MessageSetSuccess + GetLogMessage(Actions.ForPages.ResourceMasterPrefix, pageFullName, action, subject, Set + status.ToString()), EntryType.General, Log.SystemUsername, _settingsProvider.CurrentWiki); } else { Log.LogEntry(MessageSetFailure + GetLogMessage(Actions.ForPages.ResourceMasterPrefix, pageFullName, action, subject, Set + status.ToString()), EntryType.Error, Log.SystemUsername, _settingsProvider.CurrentWiki); } return(done); } }
/// <summary> /// Sets a permission for a namespace. /// </summary> /// <param name="status">The authorization status.</param> /// <param name="nspace">The namespace (<c>null</c> for the root).</param> /// <param name="action">The action of which to modify the authorization status.</param> /// <param name="subject">The subject of the authorization change.</param> /// <returns><c>true</c> if the authorization status is changed, <c>false</c> otherwise.</returns> private static bool SetPermissionForNamespace(AuthStatus status, NamespaceInfo nspace, string action, string subject) { if (action == null) { throw new ArgumentNullException("action"); } if (action.Length == 0) { throw new ArgumentException("Action cannot be empty", "action"); } if (action != Actions.FullControl && !AuthTools.IsValidAction(action, Actions.ForNamespaces.All)) { throw new ArgumentException("Invalid action", "action"); } var namespaceName = nspace != null ? nspace.Name : ""; if (status == AuthStatus.Delete) { var done = SettingsProvider.AclManager.DeleteEntry(Actions.ForNamespaces.ResourceMasterPrefix + namespaceName, action, subject); if (done) { Log.LogEntry(MessageDeleteSuccess + GetLogMessage(Actions.ForNamespaces.ResourceMasterPrefix, namespaceName, action, subject, Delete), EntryType.General, Log.SystemUsername); } else { Log.LogEntry(MessageDeleteFailure + GetLogMessage(Actions.ForNamespaces.ResourceMasterPrefix, namespaceName, action, subject, Delete), EntryType.Error, Log.SystemUsername); } return(done); } else { var done = SettingsProvider.AclManager.StoreEntry(Actions.ForNamespaces.ResourceMasterPrefix + namespaceName, action, subject, status == AuthStatus.Grant ? Value.Grant : Value.Deny); if (done) { Log.LogEntry(MessageSetSuccess + GetLogMessage(Actions.ForNamespaces.ResourceMasterPrefix, namespaceName, action, subject, Set + status.ToString()), EntryType.General, Log.SystemUsername); } else { Log.LogEntry(MessageSetFailure + GetLogMessage(Actions.ForNamespaces.ResourceMasterPrefix, namespaceName, action, subject, Set + status.ToString()), EntryType.Error, Log.SystemUsername); } return(done); } }
/// <summary> /// Checks whether an action is allowed for the global resources. /// </summary> /// <param name="action">The action the user is attempting to perform.</param> /// <param name="currentUser">The current user.</param> /// <param name="groups">The groups the user is member of.</param> /// <returns><c>true</c> if the action is allowed.</returns> public static bool CheckActionForGlobals(string action, string currentUser, string[] groups) { if (action == null) { throw new ArgumentNullException("action"); } if (action.Length == 0) { throw new ArgumentException("Action cannot be empty", "action"); } if (!AuthTools.IsValidAction(action, Actions.ForGlobals.All)) { throw new ArgumentException("Invalid action", "action"); } if (currentUser == null) { throw new ArgumentNullException("currentUser"); } if (currentUser.Length == 0) { throw new ArgumentException("Current User cannot be empty", "currentUser"); } if (groups == null) { throw new ArgumentNullException("groups"); } if (currentUser == "admin") { return(true); } AclEntry[] entries = SettingsProvider.AclManager.RetrieveEntriesForResource(Actions.ForGlobals.ResourceMasterPrefix); Authorization auth = AclEvaluator.AuthorizeAction(Actions.ForGlobals.ResourceMasterPrefix, action, AuthTools.PrepareUsername(currentUser), AuthTools.PrepareGroups(groups), entries); return(auth == Authorization.Granted); }
/// <summary> /// Checks whether an action is allowed for a page. /// </summary> /// <param name="page">The current page.</param> /// <param name="action">The action the user is attempting to perform.</param> /// <param name="currentUser">The current user.</param> /// <param name="groups">The groups the user is member of.</param> /// <param name="localEscalator"><c>true</c> is the method is called in a local escalator process.</param> /// <returns><c>true</c> if the action is allowed, <c>false</c> otherwise.</returns> public static bool CheckActionForPage(PageInfo page, string action, string currentUser, string[] groups, bool localEscalator = false) { if (page == null) { throw new ArgumentNullException("page"); } if (action == null) { throw new ArgumentNullException("action"); } if (action.Length == 0) { throw new ArgumentException("Action cannot be empty", "action"); } if (!AuthTools.IsValidAction(action, Actions.ForPages.All)) { throw new ArgumentException("Invalid action", "action"); } if (currentUser == null) { throw new ArgumentNullException("currentUser"); } if (currentUser.Length == 0) { throw new ArgumentException("Current User cannot be empty", "currentUser"); } if (groups == null) { throw new ArgumentNullException("groups"); } if (currentUser == "admin") { return(true); } return(LocalCheckActionForPage(page, action, currentUser, groups, localEscalator) == Authorization.Granted); }
/// <summary> /// Checks whether an action is allowed for the global resources. /// </summary> /// <param name="action">The action the user is attempting to perform.</param> /// <param name="currentUser">The current user.</param> /// <param name="groups">The groups the user is member of.</param> /// <returns><c>true</c> if the action is allowed.</returns> public static bool CheckActionForGlobals(string action, string currentUser, string[] groups) { if (action == null) { throw new ArgumentNullException("action"); } if (action.Length == 0) { throw new ArgumentException("Action cannot be empty", "action"); } if (!AuthTools.IsValidAction(action, Actions.ForGlobals.All)) { throw new ArgumentException("Invalid action", "action"); } if (currentUser == null) { throw new ArgumentNullException("currentUser"); } if (currentUser.Length == 0) { throw new ArgumentException("Current User cannot be empty", "currentUser"); } if (groups == null) { throw new ArgumentNullException("groups"); } if (currentUser == "admin") { return(true); } return(LocalCheckActionForGlobals(action, currentUser, groups) == Authorization.Granted); }
/// <summary> /// Checks whether an action is allowed for a directory. /// </summary> /// <param name="provider">The provider that manages the directory.</param> /// <param name="directory">The full path of the directory.</param> /// <param name="action">The action the user is attempting to perform.</param> /// <param name="currentUser">The current user.</param> /// <param name="groups">The groups the user is member of.</param> /// <returns><c>true</c> if the action is allowed, <c>false</c> otherwise.</returns> public static bool CheckActionForDirectory(IFilesStorageProviderV30 provider, string directory, string action, string currentUser, string[] groups) { if (provider == null) { throw new ArgumentNullException("provider"); } if (directory == null) { throw new ArgumentNullException("directory"); } if (directory.Length == 0) { throw new ArgumentException("Directory cannot be empty", "directory"); } if (action == null) { throw new ArgumentNullException("action"); } if (action.Length == 0) { throw new ArgumentException("Action cannot be empty", "action"); } if (!AuthTools.IsValidAction(action, Actions.ForDirectories.All)) { throw new ArgumentException("Invalid action", "action"); } if (currentUser == null) { throw new ArgumentNullException("currentUser"); } if (currentUser.Length == 0) { throw new ArgumentException("Current User cannot be empty", "currentUser"); } if (groups == null) { throw new ArgumentNullException("groups"); } if (currentUser == "admin") { return(true); } string resourceName = Actions.ForDirectories.ResourceMasterPrefix + AuthTools.GetDirectoryName(provider, directory); AclEntry[] entries = SettingsProvider.AclManager.RetrieveEntriesForResource(resourceName); Authorization auth = AclEvaluator.AuthorizeAction(resourceName, action, AuthTools.PrepareUsername(currentUser), AuthTools.PrepareGroups(groups), entries); if (auth != Authorization.Unknown) { return(auth == Authorization.Granted); } // Try local escalators string[] localEscalators = null; if (Actions.ForDirectories.LocalEscalators.TryGetValue(action, out localEscalators)) { foreach (string localAction in localEscalators) { bool authorized = CheckActionForDirectory(provider, directory, localAction, currentUser, groups); if (authorized) { return(true); } } } // Try directory escalation (extract parent directory and check its permissions) // Path manipulation keeps the format used by the caller (leading and trailing slashes are preserved if appropriate) string trimmedDirectory = directory.Trim('/'); if (trimmedDirectory.Length > 0) { int slashIndex = trimmedDirectory.LastIndexOf('/'); string parentDir = ""; if (slashIndex > 0) { // Navigate one level up, using the same slash format as the current one parentDir = (directory.StartsWith("/") ? "/" : "") + trimmedDirectory.Substring(0, slashIndex) + (directory.EndsWith("/") ? "/" : ""); } else { // This is the root parentDir = directory.StartsWith("/") ? "/" : ""; } bool authorized = CheckActionForDirectory(provider, parentDir, action, currentUser, groups); if (authorized) { return(true); } } // Try global escalators string[] globalEscalators = null; if (Actions.ForDirectories.GlobalEscalators.TryGetValue(action, out globalEscalators)) { foreach (string globalAction in globalEscalators) { bool authorized = CheckActionForGlobals(globalAction, currentUser, groups); if (authorized) { return(true); } } } return(false); }
/// <summary> /// Checks whether an action is allowed for a namespace. /// </summary> /// <param name="nspace">The current namespace (<c>null</c> for the root).</param> /// <param name="action">The action the user is attempting to perform.</param> /// <param name="currentUser">The current user.</param> /// <param name="groups">The groups the user is member of.</param> /// <returns><c>true</c> if the action is allowed, <c>false</c> otherwise.</returns> public static bool CheckActionForNamespace(NamespaceInfo nspace, string action, string currentUser, string[] groups) { if (action == null) { throw new ArgumentNullException("action"); } if (action.Length == 0) { throw new ArgumentException("Action cannot be empty", "action"); } if (!AuthTools.IsValidAction(action, Actions.ForNamespaces.All)) { throw new ArgumentException("Invalid action", "action"); } if (currentUser == null) { throw new ArgumentNullException("currentUser"); } if (currentUser.Length == 0) { throw new ArgumentException("Current User cannot be empty", "currentUser"); } if (groups == null) { throw new ArgumentNullException("groups"); } if (currentUser == "admin") { return(true); } string namespaceName = nspace != null ? nspace.Name : ""; AclEntry[] entries = SettingsProvider.AclManager.RetrieveEntriesForResource( Actions.ForNamespaces.ResourceMasterPrefix + namespaceName); Authorization auth = AclEvaluator.AuthorizeAction(Actions.ForNamespaces.ResourceMasterPrefix + namespaceName, action, AuthTools.PrepareUsername(currentUser), AuthTools.PrepareGroups(groups), entries); if (auth != Authorization.Unknown) { return(auth == Authorization.Granted); } // Try local escalators string[] localEscalators = null; if (Actions.ForNamespaces.LocalEscalators.TryGetValue(action, out localEscalators)) { foreach (string localAction in localEscalators) { bool authorized = CheckActionForNamespace(nspace, localAction, currentUser, groups); if (authorized) { return(true); } } } // Try root escalation if (nspace != null) { bool authorized = CheckActionForNamespace(null, action, currentUser, groups); if (authorized) { return(true); } } // Try global escalators string[] globalEscalators = null; if (Actions.ForNamespaces.GlobalEscalators.TryGetValue(action, out globalEscalators)) { foreach (string globalAction in globalEscalators) { bool authorized = CheckActionForGlobals(globalAction, currentUser, groups); if (authorized) { return(true); } } } return(false); }
/// <summary> /// Sets a permission for a directory. /// </summary> /// <param name="status">The authorization status.</param> /// <param name="provider">The provider that handles the directory.</param> /// <param name="directory">The directory.</param> /// <param name="action">The action of which to modify the authorization status.</param> /// <param name="subject">The subject of the authorization change.</param> /// <returns><c>true</c> if the authorization status is changed, <c>false</c> otherwise.</returns> private static bool SetPermissionForDirectory(AuthStatus status, IFilesStorageProviderV30 provider, string directory, string action, string subject) { if (provider == null) { throw new ArgumentNullException("provider"); } if (directory == null) { throw new ArgumentNullException("directory"); } if (directory.Length == 0) { throw new ArgumentException("Directory cannot be empty", "directory"); } if (action == null) { throw new ArgumentNullException("action"); } if (action.Length == 0) { throw new ArgumentException("Action cannot be empty", "action"); } if (action != Actions.FullControl && !AuthTools.IsValidAction(action, Actions.ForDirectories.All)) { throw new ArgumentException("Invalid action", "action"); } var directoryName = AuthTools.GetDirectoryName(provider, directory); if (status == AuthStatus.Delete) { var done = SettingsProvider.AclManager.DeleteEntry(Actions.ForDirectories.ResourceMasterPrefix + directoryName, action, subject); if (done) { Log.LogEntry(MessageDeleteSuccess + GetLogMessage(Actions.ForDirectories.ResourceMasterPrefix, directoryName, action, subject, Delete), EntryType.General, Log.SystemUsername); } else { Log.LogEntry(MessageDeleteFailure + GetLogMessage(Actions.ForDirectories.ResourceMasterPrefix, directoryName, action, subject, Delete), EntryType.Error, Log.SystemUsername); } return(done); } else { var done = SettingsProvider.AclManager.StoreEntry(Actions.ForDirectories.ResourceMasterPrefix + directoryName, action, subject, status == AuthStatus.Grant ? Value.Grant : Value.Deny); if (done) { Log.LogEntry(MessageSetSuccess + GetLogMessage(Actions.ForDirectories.ResourceMasterPrefix, directoryName, action, subject, Set + status.ToString()), EntryType.General, Log.SystemUsername); } else { Log.LogEntry(MessageSetFailure + GetLogMessage(Actions.ForDirectories.ResourceMasterPrefix, directoryName, action, subject, Set + status.ToString()), EntryType.Error, Log.SystemUsername); } return(done); } }