public AccessControlEntry(Permission permission, Operation operation, IAccessControlResource resource, Identity targetIdentity) { TargetIdentity = targetIdentity; Resource = resource; Operation = operation; Permission = permission; }
public override AccessControlContainer GetAccessControlContainer(IAccessControlResource resource) { if (!accessDict.ContainsKey(resource.Identifier)) { throw new InvalidOperationException($"AccessControlContainer does not exist for resource: {resource.Identifier}"); } return(accessDict[resource.Identifier]); }
public override void CreateAccessControlContainer(IAccessControlResource resource, Identity owner) { if (accessDict.ContainsKey(resource.Identifier)) { throw new InvalidOperationException($"AccessControlContainer already exist for resource: {resource.Identifier}"); } accessDict[resource.Identifier] = new AccessControlContainer(owner); }
private void EnsureCanEdit(IAccessControlResource resource, User opertor) { AccessControlContainer acc = GetAccessControlContainer(resource); if (!acc.Owner.HasDescendant(opertor)) { throw new InvalidOperationException($"{opertor.UniqueName} is not authorize to edit the ACL for resource: {resource.Identifier}"); } }
public virtual bool ValidateAccess(IAccessControlResource resource, Operation operation, Identity requester) { bool premissionGranted = false; AccessControlContainer accessControlContainer = GetAccessControlContainer(resource); foreach (AccessControlEntry ace in accessControlContainer.Entries) { if (ace.TargetIdentity.HasDescendant(requester)) { if (ace.Permission == Permission.Deny) { return(false); } premissionGranted = true; } } return(premissionGranted); }
public abstract void DeleteEntry(IAccessControlResource resource, AccessControlEntry entry, User requester);
public abstract void CreateAccessControlContainer(IAccessControlResource resource, Identity requester);
public abstract AccessControlContainer GetAccessControlContainer(IAccessControlResource resource);
public override void DeleteEntry(IAccessControlResource resource, AccessControlEntry entry, User requester) { EnsureCanEdit(resource, requester); accessDict[resource.Identifier].Entries.Remove(entry); }