/// <summary> /// Adds check for scope policy without adding the policy to the file access manifest. /// </summary> public void AddScopeCheck(string path, AbsolutePath scopePath, FileAccessPolicy policy) { DataItems.Add( new ValidationData { Path = path, PathId = scopePath.Value.Value, ConePolicy = policy, NodePolicy = null, ExpectedUsn = ReportedFileAccess.NoUsn }); }
/// <summary> /// Adds path policy. /// </summary> public void AddPath( string path, FileAccessPolicy policy, FileAccessPolicy?expectedEffectivePolicy = null, Usn?expectedUsn = null) { AbsolutePath absolutePath = AbsolutePath.Create(m_pathTable, path); var dataItem = new ValidationData { Path = path, PathId = absolutePath.Value.Value, ConePolicy = null, NodePolicy = expectedEffectivePolicy ?? policy, ExpectedUsn = expectedUsn ?? ReportedFileAccess.NoUsn }; DataItems.Add(dataItem); m_manifest.AddPath(absolutePath, values: policy, mask: FileAccessPolicy.MaskNothing, expectedUsn: expectedUsn); }
/// <summary> /// Adds scope policy. /// </summary> public AbsolutePath AddScope( string path, FileAccessPolicy values, FileAccessPolicy mask = FileAccessPolicy.Deny, FileAccessPolicy basePolicy = FileAccessPolicy.Deny) { AbsolutePath scopeAbsolutePath = AbsolutePath.Create(m_pathTable, path); var dataItem = new ValidationData { Path = path, PathId = scopeAbsolutePath.Value.Value, NodePolicy = (basePolicy & mask) | values, ConePolicy = null, ExpectedUsn = ReportedFileAccess.NoUsn }; DataItems.Add(dataItem); m_manifest.AddScope(scopeAbsolutePath, mask, values); return(scopeAbsolutePath); }
protected override async Task <string> GetTokenAsync(string containerName, string filePath, FileAccessPolicy accessPolicy, IPAddress sourceIPAddress) { var storageAccount = CloudStorageAccount.Parse(this._storageAccountConnectionString); var filesContainer = storageAccount.CreateCloudBlobClient().GetContainerReference(containerName); var file = await filesContainer.GetBlobReferenceFromServerAsync(filePath); var blobPolicy = new SharedAccessBlobPolicy() { SharedAccessExpiryTime = new DateTimeOffset(DateTime.UtcNow.Add(accessPolicy.TTL)), Permissions = (SharedAccessBlobPermissions)accessPolicy.Permissions }; // Return the SAS token for a blob. return(file.GetSharedAccessSignature(blobPolicy, null, null, (SharedAccessProtocol)accessPolicy.Protocol, new IPAddressOrRange(sourceIPAddress.ToString()))); }
// TODO: May need to replace multiple parameters for file access policies with a dictionary parameter. public StorageAccountSASTokenProvider(string storageAccountConnectionString, FileAccessPolicy readAccessPolicy, FileAccessPolicy deleteAccessPolicy, FileAccessPolicy readDeleteAccessPolicy) : base(readAccessPolicy, deleteAccessPolicy, readDeleteAccessPolicy) { this._storageAccountConnectionString = storageAccountConnectionString; }
public TokenProvider(FileAccessPolicy readAccessPolicy, FileAccessPolicy deleteAccessPolicy, FileAccessPolicy readDeleteAccessPolicy) { this._readAccessPolicy = readAccessPolicy; this._deleteAccessPolicy = deleteAccessPolicy; this._readDeleteAccessPolicy = readDeleteAccessPolicy; }
protected abstract Task <string> GetTokenAsync(string containerName, string filePath, FileAccessPolicy tokenPolicy, IPAddress sourceIPAddress);