private void ProcessPermissions(AclInfo aclInfo, AceInfo aceInfo, AccessControlEntry ace, bool isLocal) { var perms = ace.Permissions; for (var i = 0; i < ace.Permissions.Length; i++) { var mask = 1ul << i; var perm = perms[i]; if (!perm.Allow && !perm.Deny) { if ((aceInfo.DenyBits & mask) != 0) { perm.Deny = true; if (!isLocal) { perm.DenyFrom = aclInfo.EntityId; } } else if ((aceInfo.AllowBits & mask) == mask) { perm.Allow = true; if (!isLocal) { perm.AllowFrom = aclInfo.EntityId; } } } } }
internal List <AceInfo> GetEffectiveEntries(bool withLocalOnly) { var aces = new Dictionary <int, AceInfo>(); // IdentityId => aceInfo var localOnlyAces = new Dictionary <int, AceInfo>(); // IdentityId => aceInfo var aclInfo = this; while (aclInfo != null) { foreach (var aceInfo in aclInfo.Entries) { AceInfo ace; if (aceInfo.LocalOnly) { if (this == aclInfo && withLocalOnly) { if (!localOnlyAces.TryGetValue(aceInfo.IdentityId, out ace)) { ace = new AceInfo { IdentityId = aceInfo.IdentityId, LocalOnly = true }; localOnlyAces.Add(ace.IdentityId, ace); } ace.AllowBits |= aceInfo.AllowBits; ace.DenyBits |= aceInfo.DenyBits; } } else { if (!aces.TryGetValue(aceInfo.IdentityId, out ace)) { ace = new AceInfo { IdentityId = aceInfo.IdentityId, LocalOnly = false }; aces.Add(ace.IdentityId, ace); } ace.AllowBits |= aceInfo.AllowBits; ace.DenyBits |= aceInfo.DenyBits; } } if (!aclInfo.Inherits) { break; } aclInfo = aclInfo.Parent; } var result = aces.Values.Concat(localOnlyAces.Values).OrderBy(x => x.IdentityId).ThenBy(x => x.LocalOnly).ToList(); return(result); }
private AceInfo EnsureAce(int entityId, int identityId, bool localOnly) { var aclInfo = EnsureAcl(entityId); var aceInfo = aclInfo.Entries.FirstOrDefault(x => x.IdentityId == identityId && x.LocalOnly == localOnly); if (aceInfo == null) { aclInfo.Entries.Add(aceInfo = new AceInfo { IdentityId = identityId, LocalOnly = localOnly }); } return(aceInfo); }
private AceInfo EnsureAce(AceInfo predicate, List <AceInfo> refAces) { foreach (var refAce in refAces) { if (refAce.IdentityId == predicate.IdentityId && refAce.LocalOnly == predicate.LocalOnly) { return(refAce); } } var newAce = new AceInfo { IdentityId = predicate.IdentityId, LocalOnly = predicate.LocalOnly }; refAces.Add(newAce); return(newAce); }
/// <summary> /// Copies the permission settings from the passed entry to the requested entity's explicit entry. /// </summary> /// <param name="entityId">Id of the requested entity.</param> /// <param name="entry">The source entry.</param> /// <param name="reset">If true, the original allowed and denied permissions will be cleared before copy. /// Otherwise the result set will contain the original and source entry permission settings.</param> /// <returns>A reference to this instance for calling more operations.</returns> public AclEditor SetEntry(int entityId, AceInfo entry, bool reset) { var ace = EnsureAce(entityId, entry.IdentityId, entry.LocalOnly); if (reset) { ace.AllowBits = entry.AllowBits; ace.DenyBits = entry.DenyBits; } else { ace.AllowBits |= entry.AllowBits; ace.DenyBits |= entry.DenyBits; } return(this); }
private AccessControlEntry CreateEmptyAce(AceInfo aceInfo) { var perms = new Permission[PermissionTypeBase.PermissionCount]; for (var i = 0; i < perms.Length; i++) { perms[i] = new Permission { Name = PermissionTypeBase.GetPermissionTypeByIndex(i).Name } } ; return(new AccessControlEntry { IdentityId = aceInfo.IdentityId, LocalOnly = aceInfo.LocalOnly, Permissions = perms }); }
/// <summary> /// Copies the permission settings from the passed entry to the requested entity's explicit entry. /// </summary> /// <param name="entityId">Id of the requested entity.</param> /// <param name="entry">The source entry.</param> /// <param name="reset">If true, the original allowed and denied permissions will be cleared before copy. /// Otherwise the result set will contain the original and source entry permission settings.</param> /// <returns>A reference to this instance for calling more operations.</returns> public AclEditor SetEntry(int entityId, AceInfo entry, bool reset) { if (entry.EntryType != this.EntryType) { throw new InvalidOperationException( $"Inconsistent entry type. EntryType.{entry.EntryType} is not allowed. Expected: {this.EntryType}"); } var ace = EnsureAce(entityId, EntryType, entry.IdentityId, entry.LocalOnly); if (reset) { ace.AllowBits = entry.AllowBits; ace.DenyBits = entry.DenyBits; } else { ace.AllowBits |= entry.AllowBits; ace.DenyBits |= entry.DenyBits; } return(this); }