/// <summary> /// /// </summary> /// <param name="resource"></param> /// <param name="subjects"></param> /// <returns><see cref="true"/> if the <paramref name="subjects"/> specified have at least one rule that allow them to do something within the resource hierarchy</returns> public static bool CanBrowse(string resource, params string[] subjects) { resource = resource.ToLower(); foreach (AccessRule acl in DefaultProvider.GetAcls(resource, "*")) { if (acl.Type == AccessRules.Allow) { return(true); } } return(false); }
public static bool IsAllowed(string resource, string verb, params string[] subjects) { OrderedList <string, AccessRule> acls = new OrderedList <string, AccessRule>(new ReverseComparer <string>()); //OrderedList<string, Acl> denied = new OrderedList<string, Acl>(new ReverseComparer<string>()); List <string> subjectList = new List <string>(); foreach (string subject in subjects) { subjectList.Add(subject.ToLower()); } resource = resource.ToLower(); verb = verb.ToLower(); foreach (AccessRule acl in DefaultProvider.GetAcls(resource, verb)) { acls.Add(acl.Resource, acl); } bool isExplicit = false; AccessRules aclType = AccessRules.Deny; bool set = false; string mostAppropriateResourcePath = resource; bool isFirst = true; foreach (AccessRule acl in acls) { if (isFirst) { mostAppropriateResourcePath = acl.Resource; isFirst = false; } if (set && mostAppropriateResourcePath != acl.Resource) { return(aclType == AccessRules.Allow); } if (acl.Subject == "*") { set = true; aclType = acl.Type; } if (subjectList.Contains(acl.Subject)) { set = true; isExplicit = true; aclType = acl.Type; } if (isExplicit) { return(aclType == AccessRules.Allow); } } return(aclType == AccessRules.Allow); // Search for explicit rule or inherit for parent at each level // If two explicit rules are found, Deny has the priority //bool isDenied = false; //while (resource != string.Empty) //{ // //foreach (string verb in verbs) // //{ // if (denied.ContainsKey(resource)) // { // foreach (Acl acl in denied[resource]) // { // if (verbList.Contains(acl.verb)) // return false; // } // // if global rule, allow only if there is a specific user's rule for the current path // if (denied[resource].Contains(new Deny(resource, "*"))) // isDenied = allowed.ContainsKey(resource) && allowed[resource].Contains(verb); // } // if (allowed.ContainsKey(resource) && (allowed[resource].Contains(verb) || (!isDenied && allowed[resource].Contains("*")))) // return true; //} //if (isDenied) // return false; //if (resource == ROOT) // return false; //resource = resource.LastIndexOf(ROOT) <= 0 ? ROOT : resource.Substring(0, resource.LastIndexOf(ROOT)); //return false; }