private void ProcessPermissions(AclInfo aclInfo, AceInfo aceInfo, AccessControlEntry ace, bool isLocal)
{
var perms = ace.Permissions;
for (var i = 0; i < ace.Permissions.Length; i++)
{
var mask = 1ul << i;
var perm = perms[i];
if (!perm.Allow && !perm.Deny)
{
if ((aceInfo.DenyBits & mask) != 0)
{
perm.Deny = true;
if (!isLocal)
{
perm.DenyFrom = aclInfo.EntityId;
}
}
else if ((aceInfo.AllowBits & mask) == mask)
{
perm.Allow = true;
if (!isLocal)
{
perm.AllowFrom = aclInfo.EntityId;
}
}
}
}
}
internal List <AceInfo> GetEffectiveEntries(bool withLocalOnly)
{
var aces = new Dictionary <int, AceInfo>(); // IdentityId => aceInfo
var localOnlyAces = new Dictionary <int, AceInfo>(); // IdentityId => aceInfo
var aclInfo = this;
while (aclInfo != null)
{
foreach (var aceInfo in aclInfo.Entries)
{
AceInfo ace;
if (aceInfo.LocalOnly)
{
if (this == aclInfo && withLocalOnly)
{
if (!localOnlyAces.TryGetValue(aceInfo.IdentityId, out ace))
{
ace = new AceInfo {
IdentityId = aceInfo.IdentityId, LocalOnly = true
};
localOnlyAces.Add(ace.IdentityId, ace);
}
ace.AllowBits |= aceInfo.AllowBits;
ace.DenyBits |= aceInfo.DenyBits;
}
}
else
{
if (!aces.TryGetValue(aceInfo.IdentityId, out ace))
{
ace = new AceInfo {
IdentityId = aceInfo.IdentityId, LocalOnly = false
};
aces.Add(ace.IdentityId, ace);
}
ace.AllowBits |= aceInfo.AllowBits;
ace.DenyBits |= aceInfo.DenyBits;
}
}
if (!aclInfo.Inherits)
{
break;
}
aclInfo = aclInfo.Parent;
}
var result = aces.Values.Concat(localOnlyAces.Values).OrderBy(x => x.IdentityId).ThenBy(x => x.LocalOnly).ToList();
return(result);
}
private AceInfo EnsureAce(int entityId, int identityId, bool localOnly)
{
var aclInfo = EnsureAcl(entityId);
var aceInfo = aclInfo.Entries.FirstOrDefault(x => x.IdentityId == identityId && x.LocalOnly == localOnly);
if (aceInfo == null)
{
aclInfo.Entries.Add(aceInfo = new AceInfo {
IdentityId = identityId, LocalOnly = localOnly
});
}
return(aceInfo);
}
private AceInfo EnsureAce(AceInfo predicate, List <AceInfo> refAces)
{
foreach (var refAce in refAces)
{
if (refAce.IdentityId == predicate.IdentityId && refAce.LocalOnly == predicate.LocalOnly)
{
return(refAce);
}
}
var newAce = new AceInfo {
IdentityId = predicate.IdentityId, LocalOnly = predicate.LocalOnly
};
refAces.Add(newAce);
return(newAce);
}
/// <summary>
/// Copies the permission settings from the passed entry to the requested entity's explicit entry.
/// </summary>
/// <param name="entityId">Id of the requested entity.</param>
/// <param name="entry">The source entry.</param>
/// <param name="reset">If true, the original allowed and denied permissions will be cleared before copy.
/// Otherwise the result set will contain the original and source entry permission settings.</param>
/// <returns>A reference to this instance for calling more operations.</returns>
public AclEditor SetEntry(int entityId, AceInfo entry, bool reset)
{
var ace = EnsureAce(entityId, entry.IdentityId, entry.LocalOnly);
if (reset)
{
ace.AllowBits = entry.AllowBits;
ace.DenyBits = entry.DenyBits;
}
else
{
ace.AllowBits |= entry.AllowBits;
ace.DenyBits |= entry.DenyBits;
}
return(this);
}
private AccessControlEntry CreateEmptyAce(AceInfo aceInfo)
{
var perms = new Permission[PermissionTypeBase.PermissionCount];
for (var i = 0; i < perms.Length; i++)
{
perms[i] = new Permission {
Name = PermissionTypeBase.GetPermissionTypeByIndex(i).Name
}
}
;
return(new AccessControlEntry
{
IdentityId = aceInfo.IdentityId,
LocalOnly = aceInfo.LocalOnly,
Permissions = perms
});
}
/// <summary>
/// Copies the permission settings from the passed entry to the requested entity's explicit entry.
/// </summary>
/// <param name="entityId">Id of the requested entity.</param>
/// <param name="entry">The source entry.</param>
/// <param name="reset">If true, the original allowed and denied permissions will be cleared before copy.
/// Otherwise the result set will contain the original and source entry permission settings.</param>
/// <returns>A reference to this instance for calling more operations.</returns>
public AclEditor SetEntry(int entityId, AceInfo entry, bool reset)
{
if (entry.EntryType != this.EntryType)
{
throw new InvalidOperationException(
$"Inconsistent entry type. EntryType.{entry.EntryType} is not allowed. Expected: {this.EntryType}");
}
var ace = EnsureAce(entityId, EntryType, entry.IdentityId, entry.LocalOnly);
if (reset)
{
ace.AllowBits = entry.AllowBits;
ace.DenyBits = entry.DenyBits;
}
else
{
ace.AllowBits |= entry.AllowBits;
ace.DenyBits |= entry.DenyBits;
}
return(this);
}
