public void DeleteRights(int id) { Rights rights = this._rightsRepository.FindBy(id); if (rights == null) { throw new EntityIsInvalidException <string>(rights.ToString()); } this._rightsRepository.Remove(rights); this._uow.Commit(); }
public RightsView UpdateRights(int id, string name, string url, string description, bool isshow) { Rights rights = this._rightsRepository.FindBy(id); if (rights == null) { throw new EntityIsInvalidException <string>(rights.ToString()); } rights.UpdateRights(name, url, description, isshow); this._uow.Commit(); return(rights.ConvertToRightsView()); }
/// <summary> /// The ToString implementation. /// </summary> /// <param name="format">The format specifier to use, /// e.g. <b>Console.WriteLine(permission.ToString("A"));</b></param> /// <param name="provider">Allow clients to format output for their own types using /// [ICustomFormatter](https://msdn.microsoft.com/en-us/library/system.icustomformatter.aspx).</param> /// <returns>The formatted string.</returns> /// <exception cref="FormatException">thrown if an invalid format string is specified.</exception> /// \par Format specifiers: /// \arg \c G Default when not using a format specifier. /// \arg \c K Kind - whether the permission pertains to a depot or stream. /// \arg \c N Name - name of the depot or stream this permission applies to. /// \arg \c A AppliesTo - principal name of the group or user this permission applies to or one of the built-in types \b anyuser or \b authuser. /// \arg \c T Type - whether [AppliesTo](@ref AcUtils#AcPermission#AppliesTo) is the principal name for a \b group, \b user, or \b builtin type. /// \arg \c R Rights - whether permission rights to [Name](@ref AcUtils#AcPermission#Name) in [AppliesTo](@ref AcUtils#AcPermission#AppliesTo) is \b all or \b none. /// \arg \c I Inheritable - For [depots](@ref AcUtils#PermKind), when \e true permission applies to the depot and its entire stream hierarchy, /// when \e false permission applies only to AccuWork issues in the depot and not its version-controlled elements. For [streams](@ref AcUtils#PermKind), /// when \e true permission applies to the stream and its entire subhierarchy, when \e false permission applies only to the stream. public string ToString(string format, IFormatProvider provider) { if (provider != null) { ICustomFormatter fmt = provider.GetFormat(this.GetType()) as ICustomFormatter; if (fmt != null) { return(fmt.Format(format, this, provider)); } } if (String.IsNullOrEmpty(format)) { format = "G"; } switch (format.ToUpperInvariant()) { case "G": { string who = $"{((Type == PermType.builtin) ? AppliesTo : Type.ToString() + " " + AppliesTo)}"; return($@"Permission on {Name} {Kind} applies to {who} {{{Rights}, {(Inheritable ? "inherit" : "no inherit")}}}"); } case "K": // whether the permission pertains to a depot or stream return(Kind.ToString()); case "N": // name of the depot or stream this permission applies to return(Name); case "A": // principal name of the group or user this permission applies to or one of the built-in types "anyuser" or "authuser" return(AppliesTo); case "T": // whether AppliesTo is the principal name for a "group", "user", or a "builtin" type return(Type.ToString()); case "R": // whether permission rights to Name in AppliesTo is "all" or "none" return(Rights.ToString()); // For a depot, when true permission applies to the depot and its entire // stream hierarchy, when false permission applies only to AccuWork issues // in the depot and not its version-controlled elements. // For a stream, when true permission applies to the stream and its entire // subhierarchy, when false permission applies only to the stream. case "I": return(Inheritable.ToString()); default: throw new FormatException($"The {format} format string is not supported."); } }
public bool HasRight(Rights right) { int currentUser = CurrentUserID(); if (CurrentUserRole() == "Administrator") { return(true); } var temp = cacheManager.Get <List <string> >(currentUser.ToString()); string rightName = right.ToString("G"); return(temp.Contains(rightName)); }
public bool HasRight(Rights right) { if (this.Id.IsEmpty()) { return(false); // anonim user has no right } if (this.SuperUser) { return(true); // super user has all rights } return(Provider.Database.GetBool("select count(*) from MemberRole where MemberId={0} AND RoleId in (select RoleId from RoleRight where [Right]={1})", Provider.CurrentMember.Id, right.ToString())); }
public override string ToString() { return(PrincipalName + ":" + AccessType + "(" + Rights.ToString() + ")"); }
/// <summary> /// Check and if required, fix permissions on HKEY_CLASSES_ROOT /// </summary> /// <param name="FixPermissions">True to fix missing permissions, false just to check and report permission state</param> protected static void CheckHKCRPermissions(bool FixPermissions) { try { LogMessage("CheckHKCRPermissions", "Starting HKCR permission check, FixPermissions: " + FixPermissions.ToString()); bool FoundCreatorOwnerGenericAccess = false; bool FoundSystemGenericAccess = false; bool FoundSystemSpecificAccess = false; bool FoundAdministratorGenericAccess = false; bool FoundAdministratorSpecificAccess = false; bool FoundUserGenericAccess = false; bool FoundUserSpecificAccess = false; AccessRights Rights; RegistrySecurity HKCRAccessControl = Registry.ClassesRoot.GetAccessControl(); //Iterate over the rule set and list them for Built in users foreach (RegistryAccessRule RegRule in HKCRAccessControl.GetAccessRules(true, true, typeof(NTAccount))) { Rights = (AccessRights)RegRule.RegistryRights; LogMessage("CheckHKCRPermissions", "Found rule: " + RegRule.AccessControlType.ToString() + " " + RegRule.IdentityReference.ToString() + " " + Rights.ToString() + " / " + (RegRule.IsInherited ? "Inherited" : "NotInherited") + " / " + RegRule.InheritanceFlags.ToString() + " / " + RegRule.PropagationFlags.ToString()); // Allow CREATOR OWNER GenericAll / NotInherited / ContainerInherit / InheritOnly if ((RegRule.IdentityReference.ToString().Equals(GetLocalAccountName(CreatorOwnerSID), StringComparison.OrdinalIgnoreCase)) & Rights == AccessRights.GenericAll & RegRule.InheritanceFlags == InheritanceFlags.ContainerInherit & RegRule.PropagationFlags == PropagationFlags.InheritOnly) { FoundCreatorOwnerGenericAccess = true; } // Allow NT AUTHORITY\SYSTEM GenericAll / NotInherited / ContainerInherit / InheritOnly if ((RegRule.IdentityReference.ToString().Equals(GetLocalAccountName(NTAuthoritySystemSID), StringComparison.OrdinalIgnoreCase)) & Rights == AccessRights.GenericAll & RegRule.InheritanceFlags == InheritanceFlags.ContainerInherit & RegRule.PropagationFlags == PropagationFlags.InheritOnly) { FoundSystemGenericAccess = true; } // Allow NT AUTHORITY\SYSTEM Query, SetKey, CreateSubKey, EnumSubkey, Notify, CreateLink, StandardDelete, StandardReadControl, StandardWriteDAC, StandardWriteOwner / NotInherited / None / None if ((RegRule.IdentityReference.ToString().Equals(GetLocalAccountName(NTAuthoritySystemSID), StringComparison.OrdinalIgnoreCase)) & Rights == FullRights & RegRule.InheritanceFlags == InheritanceFlags.None & RegRule.PropagationFlags == PropagationFlags.None) { FoundSystemSpecificAccess = true; } // Allow BUILTIN\Administrators GenericAll / NotInherited / ContainerInherit / InheritOnly if ((RegRule.IdentityReference.ToString().Equals(GetLocalAccountName(BuiltInAdministratorsSID), StringComparison.OrdinalIgnoreCase)) & Rights == AccessRights.GenericAll & RegRule.InheritanceFlags == InheritanceFlags.ContainerInherit & RegRule.PropagationFlags == PropagationFlags.InheritOnly) { FoundAdministratorGenericAccess = true; } // Allow BUILTIN\Administrators Query, SetKey, CreateSubKey, EnumSubkey, Notify, CreateLink, StandardDelete, StandardReadControl, StandardWriteDAC, StandardWriteOwner / NotInherited / None / None if ((RegRule.IdentityReference.ToString().Equals(GetLocalAccountName(BuiltInAdministratorsSID), StringComparison.OrdinalIgnoreCase)) & Rights == FullRights & RegRule.InheritanceFlags == InheritanceFlags.None & RegRule.PropagationFlags == PropagationFlags.None) { FoundAdministratorSpecificAccess = true; } // Allow BUILTIN\Users GenericRead / NotInherited / ContainerInherit / InheritOnly if ((RegRule.IdentityReference.ToString().Equals(GetLocalAccountName(BuiltInUsersSID), StringComparison.OrdinalIgnoreCase)) & Rights == AccessRights.GenericRead & RegRule.InheritanceFlags == InheritanceFlags.ContainerInherit & RegRule.PropagationFlags == PropagationFlags.InheritOnly) { FoundUserGenericAccess = true; } // Allow BUILTIN\Users Query, EnumSubkey, Notify, StandardReadControl / NotInherited / None / None if ((RegRule.IdentityReference.ToString().Equals(GetLocalAccountName(BuiltInUsersSID), StringComparison.OrdinalIgnoreCase)) & Rights == ReadRights & RegRule.InheritanceFlags == InheritanceFlags.None & RegRule.PropagationFlags == PropagationFlags.None) { FoundUserSpecificAccess = true; } } LogMessage("CheckHKCRPermissions", " "); if (FoundCreatorOwnerGenericAccess) { LogMessage("CheckHKCRPermissions", "OK - HKCR\\ does have CreatorOwnerGenericAccess"); } else { LogError("CheckHKCRPermissions", "HKCR\\ does not have CreatorOwnerGenericAccess!"); } if (FoundSystemGenericAccess) { LogMessage("CheckHKCRPermissions", "OK - HKCR\\ does have SystemGenericAccess"); } else { LogError("CheckHKCRPermissions", "HKCR\\ does not have SystemGenericAccess!"); } if (FoundSystemSpecificAccess) { LogMessage("CheckHKCRPermissions", "OK - HKCR\\ does have SystemSpecificAccess"); } else { LogError("CheckHKCRPermissions", "HKCR\\ does not have SystemSpecificAccess!"); } if (FoundAdministratorGenericAccess) { LogMessage("CheckHKCRPermissions", "OK - HKCR\\ does have AdministratorGenericAccess"); } else { LogError("CheckHKCRPermissions", "HKCR\\ does not have AdministratorGenericAccess!"); } if (FoundAdministratorSpecificAccess) { LogMessage("CheckHKCRPermissions", "OK - HKCR\\ does have AdministratorSpecificAccess"); } else { LogError("CheckHKCRPermissions", "HKCR\\ does not have AdministratorSpecificAccess!"); } if (FoundUserGenericAccess) { LogMessage("CheckHKCRPermissions", "OK - HKCR\\ does have UserGenericAccess"); } else { LogError("CheckHKCRPermissions", "HKCR\\ does not have UserGenericAccess!"); } if (FoundUserSpecificAccess) { LogMessage("CheckHKCRPermissions", "OK - HKCR\\ does have UserSpecificAccess"); } else { LogError("CheckHKCRPermissions", "HKCR\\ does not have UserSpecificAccess!"); } LogMessage("CheckHKCRPermissions", " "); if (FixPermissions) { Stopwatch swLocal = null; try { swLocal = Stopwatch.StartNew(); LogMessage("SetRegistryACL", "Fixing registry permissions"); //Set a security ACL on the ASCOM Profile key giving the Users group Full Control of the key LogMessage("SetRegistryACL", "Creating security identifiers"); SecurityIdentifier DomainSid = new SecurityIdentifier("S-1-0-0"); //Create a starting point domain SID //Create security identifiers for the various accounts to be passed to the new access rule SecurityIdentifier BuiltinUsersIdentifier = new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, DomainSid); SecurityIdentifier AdministratorsIdentifier = new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, DomainSid); SecurityIdentifier CreatorOwnerIdentifier = new SecurityIdentifier(WellKnownSidType.CreatorOwnerSid, DomainSid); SecurityIdentifier SystemIdentifier = new SecurityIdentifier(WellKnownSidType.LocalSystemSid, DomainSid); LogMessage("SetRegistryACL", "Creating new ACL rules"); // Create the new access permission rules RegistryAccessRule CreatorOwnerGenericAccessRule = new RegistryAccessRule(CreatorOwnerIdentifier, (RegistryRights)AccessRights.GenericAll, InheritanceFlags.ContainerInherit, PropagationFlags.InheritOnly, AccessControlType.Allow); RegistryAccessRule SystemGenericAccessRule = new RegistryAccessRule(SystemIdentifier, (RegistryRights)AccessRights.GenericAll, InheritanceFlags.ContainerInherit, PropagationFlags.InheritOnly, AccessControlType.Allow); RegistryAccessRule SystemFullAccessRule = new RegistryAccessRule(SystemIdentifier, (RegistryRights)FullRights, InheritanceFlags.None, PropagationFlags.None, AccessControlType.Allow); RegistryAccessRule AdministratorsGenericAccessRule = new RegistryAccessRule(AdministratorsIdentifier, (RegistryRights)AccessRights.GenericAll, InheritanceFlags.ContainerInherit, PropagationFlags.InheritOnly, AccessControlType.Allow); RegistryAccessRule AdministratorsFullAccessRule = new RegistryAccessRule(AdministratorsIdentifier, (RegistryRights)FullRights, InheritanceFlags.None, PropagationFlags.None, AccessControlType.Allow); RegistryAccessRule BuiltinUsersGenericAccessRule = new RegistryAccessRule(BuiltinUsersIdentifier, unchecked ((RegistryRights)AccessRights.GenericRead), InheritanceFlags.ContainerInherit, PropagationFlags.InheritOnly, AccessControlType.Allow); RegistryAccessRule BuiltinUsersReadAccessRule = new RegistryAccessRule(BuiltinUsersIdentifier, (RegistryRights)ReadRights, InheritanceFlags.None, PropagationFlags.None, AccessControlType.Allow); LogMessage("SetRegistryACL", "Retrieving current ACL rule"); LogMessage("SetRegistryACL", " "); RegistrySecurity KeySec = Registry.ClassesRoot.GetAccessControl(); // Get existing ACL rules on the key //Iterate over the rule set and list them foreach (RegistryAccessRule RegRule in KeySec.GetAccessRules(true, true, typeof(NTAccount))) { LogMessage("SetRegistryACL Before", RegRule.AccessControlType.ToString() + " " + RegRule.IdentityReference.ToString() + " " + ((AccessRights)RegRule.RegistryRights).ToString() + " " + RegRule.IsInherited.ToString() + " " + RegRule.InheritanceFlags.ToString() + " " + RegRule.PropagationFlags.ToString()); } LogMessage("SetRegistryACL", "Adding new ACL rules"); LogMessage("SetRegistryACL", " "); // Remove old rules KeySec.PurgeAccessRules(CreatorOwnerIdentifier); KeySec.PurgeAccessRules(AdministratorsIdentifier); KeySec.PurgeAccessRules(BuiltinUsersIdentifier); KeySec.PurgeAccessRules(SystemIdentifier); //Add the new rules to the existing rules KeySec.AddAccessRule(CreatorOwnerGenericAccessRule); KeySec.AddAccessRule(SystemGenericAccessRule); KeySec.AddAccessRule(SystemFullAccessRule); KeySec.AddAccessRule(AdministratorsGenericAccessRule); KeySec.AddAccessRule(AdministratorsFullAccessRule); KeySec.AddAccessRule(BuiltinUsersGenericAccessRule); KeySec.AddAccessRule(BuiltinUsersReadAccessRule); //Iterate over the new rule set and list them foreach (RegistryAccessRule RegRule in KeySec.GetAccessRules(true, true, typeof(NTAccount))) { LogMessage("SetRegistryACL After", RegRule.AccessControlType.ToString() + " " + RegRule.IdentityReference.ToString() + " " + ((AccessRights)RegRule.RegistryRights).ToString() + " " + RegRule.IsInherited.ToString() + " " + RegRule.InheritanceFlags.ToString() + " " + RegRule.PropagationFlags.ToString()); } LogMessage("SetRegistryACL", "Setting new ACL rule"); Registry.ClassesRoot.SetAccessControl(KeySec); //Apply the new rules to the Profile key LogMessage("SetRegistryACL", "Retrieving new rule set from key"); // Retrieve the new rule set and list them foreach (RegistryAccessRule RegRule in Registry.ClassesRoot.GetAccessControl().GetAccessRules(true, true, typeof(NTAccount))) { LogMessage("SetRegistryACL New", RegRule.AccessControlType.ToString() + " " + RegRule.IdentityReference.ToString() + " " + ((AccessRights)RegRule.RegistryRights).ToString() + " " + RegRule.IsInherited.ToString() + " " + RegRule.InheritanceFlags.ToString() + " " + RegRule.PropagationFlags.ToString()); } swLocal.Stop(); LogMessage("SetRegistryACL", "ElapsedTime " + swLocal.ElapsedMilliseconds + " milliseconds"); swLocal = null; } catch (Exception ex) { LogMessage("SetRegistryACLException", ex.ToString()); } } } catch (NullReferenceException ex) { SetReturnCode(5); LogError("CheckHKCRPermissions", "HKCR\\ does not exist. " + ex.ToString()); // Should never happen! } catch (SecurityException ex) { SetReturnCode(5); LogError("CheckHKCRPermissions", "Security exception when accessing HKCR\\ " + ex.ToString()); // Should never happen! } catch (Exception ex) { SetReturnCode(5); LogError("CheckHKCRPermissions", "Unexpected exception: " + ex.ToString()); } }