public async Task OD_Security_GetPermissions_ACE()
{
await IsolatedODataTestAsync(async() =>
{
SnAclEditor.Create(new SnSecurityContext(User.Current))
.Allow(2, Identifiers.AdministratorUserId, false, PermissionType.Custom01)
.Allow(2, Identifiers.VisitorUserId, false, PermissionType.Custom02)
.Apply();
// ACTION
var response = await ODataPostAsync(
"/OData.svc/Root/IMS/BuiltIn/Portal('Administrators')/GetPermissions",
"",
"{identity:\"/root/ims/builtin/portal/visitor\"}")
.ConfigureAwait(false);
// ASSERT
AssertNoError(response);
var json = Deserialize(response.Result);
var entries = json as JArray;
Assert.IsNotNull(entries);
var expected = "Custom02:{value:allow,from:/Root,identity:/Root/IMS/BuiltIn/Portal/Visitor}";
var actual = response.Result
.Replace("\r", "")
.Replace("\n", "")
.Replace("\t", "")
.Replace(" ", "")
.Replace("\"", "");
Assert.IsTrue(actual.Contains(expected));
Assert.IsTrue(actual.Contains("Custom01:null"));
}).ConfigureAwait(false);
}
private static void ProcessPermission(SnAclEditor editor, int contentId, int identityId, bool localOnly, PermissionType permissionType, string requestValue)
{
switch (requestValue.ToLower())
{
case "0":
case "u":
case "undefined":
// PermissionValue.Undefined;
editor.ClearPermission(contentId, identityId, localOnly, permissionType);
break;
case "1":
case "a":
case "allow":
// PermissionValue.Allowed;
editor.Allow(contentId, identityId, localOnly, permissionType);
break;
case "2":
case "d":
case "deny":
// PermissionValue.Denied;
editor.Deny(contentId, identityId, localOnly, permissionType);
break;
default:
throw new ArgumentException("Invalid permission value: " + requestValue);
}
}
private static void CopyPermissions(Node source, Node target)
{
if (source == null || source.ParentId == 0 || target == null)
{
return;
}
// copy permissions from the source content, without reseting the permission system
Providers.Instance.SecurityHandler.CopyPermissionsFrom(source.Id, target.Id, CopyPermissionMode.BreakAndClear);
// If there were any permission settings for the Creators group on the source content, we
// need to place an explicite entry with the same permissions onto the target for the creator
// user, as the creator of the trashbag (the user who deletes the content) may be different
// than the creator of the original document.
var aces = Providers.Instance.SecurityHandler.GetEffectiveEntriesAsSystemUser(source.Id, new[] { Identifiers.OwnersGroupId }, EntryType.Normal);
foreach (var ace in aces)
{
Providers.Instance.SecurityHandler.CreateAclEditor()
.Set(target.Id, ace.IdentityId, ace.LocalOnly, ace.AllowBits, ace.DenyBits);
}
aces = Providers.Instance.SecurityHandler.GetEffectiveEntriesAsSystemUser(source.Id, new[] { Identifiers.OwnersGroupId }, EntryType.Sharing);
foreach (var ace in aces)
{
SnAclEditor.Create(Providers.Instance.SecurityHandler.SecurityContext, EntryType.Sharing)
.Set(target.Id, ace.IdentityId, ace.LocalOnly, ace.AllowBits, ace.DenyBits);
}
}
public async Task OD_Security_GetPermissions_ACL()
{
await ODataTestAsync(async() =>
{
SnAclEditor.Create(SecurityHandler.SecurityContext)
.Allow(2, 1, false, PermissionType.Custom01)
.Apply();
// ACTION
var response = await ODataPostAsync(
"/OData.svc/Root/IMS/BuiltIn/Portal('Administrators')/GetPermissions",
"",
null)
.ConfigureAwait(false);
// ASSERT
AssertNoError(response);
var json = Deserialize(response.Result);
var entries = json["entries"];
Assert.IsNotNull(entries);
var expected = "Custom01:{value:allow,from:/Root,identity:/Root/IMS/BuiltIn/Portal/Admin}";
var actual = response.Result
.Replace("\r", "")
.Replace("\n", "")
.Replace("\t", "")
.Replace(" ", "")
.Replace("\"", "");
Assert.IsTrue(actual.Contains(expected));
}).ConfigureAwait(false);
}
protected override void ChangePermissions(int contentId, int identityId, SnAclEditor aclEditor, PermissionBitMask permissionBitMmask)
{
if (!string.IsNullOrEmpty(Clear))
{
var clearBits = SecurityHandler.GetPermissionMask(GetPermissionTypes(Clear));
aclEditor.Reset(contentId, identityId, LocalOnly,
new PermissionBitMask {
AllowBits = clearBits, DenyBits = clearBits
});
}
aclEditor.Set(contentId, identityId, LocalOnly, permissionBitMmask);
}
private void SetInheritance(Content content, SetPermissionsRequest request, SnAclEditor editor)
{
if (request.r != null)
{
throw new InvalidOperationException("Cannot use 'r' and 'inheritance' parameters at the same time.");
}
switch (request.inheritance.ToLower())
{
default:
throw new ArgumentException("The value of the 'inheritance' must be 'break' or 'unbreak'.");
case "break":
editor.BreakInheritance(content.Id);
break;
case "unbreak":
editor.UnbreakInheritance(content.Id);
break;
}
}
private static void SetPermissions(Content content, SetPermissionsRequest request, SnAclEditor editor)
{
var contentId = content.Id;
foreach (var permReq in request.r)
{
var member = LoadMember(permReq.identity);
var localOnly = permReq.localOnly.HasValue ? permReq.localOnly.Value : false;
if (permReq.See != null) /**/ ProcessPermission{
(editor, contentId, member.Id, localOnly, PermissionType.See, permReq.See);
}
if (permReq.Preview != null) /**/ ProcessPermission{
(editor, contentId, member.Id, localOnly, PermissionType.Preview, permReq.Preview);
}
if (permReq.PreviewWithoutWatermark != null) /**/ ProcessPermission{
(editor, contentId, member.Id, localOnly, PermissionType.PreviewWithoutWatermark, permReq.PreviewWithoutWatermark);
}
if (permReq.PreviewWithoutRedaction != null) /**/ ProcessPermission{
(editor, contentId, member.Id, localOnly, PermissionType.PreviewWithoutRedaction, permReq.PreviewWithoutRedaction);
}
if (permReq.Open != null) /**/ ProcessPermission{
(editor, contentId, member.Id, localOnly, PermissionType.Open, permReq.Open);
}
if (permReq.OpenMinor != null) /**/ ProcessPermission{
(editor, contentId, member.Id, localOnly, PermissionType.OpenMinor, permReq.OpenMinor);
}
if (permReq.Save != null) /**/ ProcessPermission{
(editor, contentId, member.Id, localOnly, PermissionType.Save, permReq.Save);
}
if (permReq.Publish != null) /**/ ProcessPermission{
(editor, contentId, member.Id, localOnly, PermissionType.Publish, permReq.Publish);
}
if (permReq.ForceCheckin != null) /**/ ProcessPermission{
(editor, contentId, member.Id, localOnly, PermissionType.ForceCheckin, permReq.ForceCheckin);
}
if (permReq.AddNew != null) /**/ ProcessPermission{
(editor, contentId, member.Id, localOnly, PermissionType.AddNew, permReq.AddNew);
}
if (permReq.Approve != null) /**/ ProcessPermission{
(editor, contentId, member.Id, localOnly, PermissionType.Approve, permReq.Approve);
}
if (permReq.Delete != null) /**/ ProcessPermission{
(editor, contentId, member.Id, localOnly, PermissionType.Delete, permReq.Delete);
}
if (permReq.RecallOldVersion != null) /**/ ProcessPermission{
(editor, contentId, member.Id, localOnly, PermissionType.RecallOldVersion, permReq.RecallOldVersion);
}
if (permReq.DeleteOldVersion != null) /**/ ProcessPermission{
(editor, contentId, member.Id, localOnly, PermissionType.DeleteOldVersion, permReq.DeleteOldVersion);
}
if (permReq.SeePermissions != null) /**/ ProcessPermission{
(editor, contentId, member.Id, localOnly, PermissionType.SeePermissions, permReq.SeePermissions);
}
if (permReq.SetPermissions != null) /**/ ProcessPermission{
(editor, contentId, member.Id, localOnly, PermissionType.SetPermissions, permReq.SetPermissions);
}
if (permReq.RunApplication != null) /**/ ProcessPermission{
(editor, contentId, member.Id, localOnly, PermissionType.RunApplication, permReq.RunApplication);
}
if (permReq.ManageListsAndWorkspaces != null) /**/ ProcessPermission{
(editor, contentId, member.Id, localOnly, PermissionType.ManageListsAndWorkspaces, permReq.ManageListsAndWorkspaces);
}
if (permReq.TakeOwnership != null) /**/ ProcessPermission{
(editor, contentId, member.Id, localOnly, PermissionType.TakeOwnership, permReq.TakeOwnership);
}
if (permReq.Custom01 != null)
{
ProcessPermission(editor, contentId, member.Id, localOnly, PermissionType.Custom01, permReq.Custom01);
}
if (permReq.Custom02 != null)
{
ProcessPermission(editor, contentId, member.Id, localOnly, PermissionType.Custom02, permReq.Custom02);
}
if (permReq.Custom03 != null)
{
ProcessPermission(editor, contentId, member.Id, localOnly, PermissionType.Custom03, permReq.Custom03);
}
if (permReq.Custom04 != null)
{
ProcessPermission(editor, contentId, member.Id, localOnly, PermissionType.Custom04, permReq.Custom04);
}
if (permReq.Custom05 != null)
{
ProcessPermission(editor, contentId, member.Id, localOnly, PermissionType.Custom05, permReq.Custom05);
}
if (permReq.Custom06 != null)
{
ProcessPermission(editor, contentId, member.Id, localOnly, PermissionType.Custom06, permReq.Custom06);
}
if (permReq.Custom07 != null)
{
ProcessPermission(editor, contentId, member.Id, localOnly, PermissionType.Custom07, permReq.Custom07);
}
if (permReq.Custom08 != null)
{
ProcessPermission(editor, contentId, member.Id, localOnly, PermissionType.Custom08, permReq.Custom08);
}
if (permReq.Custom09 != null)
{
ProcessPermission(editor, contentId, member.Id, localOnly, PermissionType.Custom09, permReq.Custom09);
}
if (permReq.Custom10 != null)
{
ProcessPermission(editor, contentId, member.Id, localOnly, PermissionType.Custom10, permReq.Custom10);
}
if (permReq.Custom11 != null)
{
ProcessPermission(editor, contentId, member.Id, localOnly, PermissionType.Custom11, permReq.Custom11);
}
if (permReq.Custom12 != null)
{
ProcessPermission(editor, contentId, member.Id, localOnly, PermissionType.Custom12, permReq.Custom12);
}
if (permReq.Custom13 != null)
{
ProcessPermission(editor, contentId, member.Id, localOnly, PermissionType.Custom13, permReq.Custom13);
}
if (permReq.Custom14 != null)
{
ProcessPermission(editor, contentId, member.Id, localOnly, PermissionType.Custom14, permReq.Custom14);
}
if (permReq.Custom15 != null)
{
ProcessPermission(editor, contentId, member.Id, localOnly, PermissionType.Custom15, permReq.Custom15);
}
if (permReq.Custom16 != null)
{
ProcessPermission(editor, contentId, member.Id, localOnly, PermissionType.Custom16, permReq.Custom16);
}
if (permReq.Custom17 != null)
{
ProcessPermission(editor, contentId, member.Id, localOnly, PermissionType.Custom17, permReq.Custom17);
}
if (permReq.Custom18 != null)
{
ProcessPermission(editor, contentId, member.Id, localOnly, PermissionType.Custom18, permReq.Custom18);
}
if (permReq.Custom19 != null)
{
ProcessPermission(editor, contentId, member.Id, localOnly, PermissionType.Custom19, permReq.Custom19);
}
if (permReq.Custom20 != null)
{
ProcessPermission(editor, contentId, member.Id, localOnly, PermissionType.Custom20, permReq.Custom20);
}
if (permReq.Custom21 != null)
{
ProcessPermission(editor, contentId, member.Id, localOnly, PermissionType.Custom21, permReq.Custom21);
}
if (permReq.Custom22 != null)
{
ProcessPermission(editor, contentId, member.Id, localOnly, PermissionType.Custom22, permReq.Custom22);
}
if (permReq.Custom23 != null)
{
ProcessPermission(editor, contentId, member.Id, localOnly, PermissionType.Custom23, permReq.Custom23);
}
if (permReq.Custom24 != null)
{
ProcessPermission(editor, contentId, member.Id, localOnly, PermissionType.Custom24, permReq.Custom24);
}
if (permReq.Custom25 != null)
{
ProcessPermission(editor, contentId, member.Id, localOnly, PermissionType.Custom25, permReq.Custom25);
}
if (permReq.Custom26 != null)
{
ProcessPermission(editor, contentId, member.Id, localOnly, PermissionType.Custom26, permReq.Custom26);
}
if (permReq.Custom27 != null)
{
ProcessPermission(editor, contentId, member.Id, localOnly, PermissionType.Custom27, permReq.Custom27);
}
if (permReq.Custom28 != null)
{
ProcessPermission(editor, contentId, member.Id, localOnly, PermissionType.Custom28, permReq.Custom28);
}
if (permReq.Custom29 != null)
{
ProcessPermission(editor, contentId, member.Id, localOnly, PermissionType.Custom29, permReq.Custom29);
}
if (permReq.Custom30 != null)
{
ProcessPermission(editor, contentId, member.Id, localOnly, PermissionType.Custom30, permReq.Custom30);
}
if (permReq.Custom31 != null)
{
ProcessPermission(editor, contentId, member.Id, localOnly, PermissionType.Custom31, permReq.Custom31);
}
if (permReq.Custom32 != null)
{
ProcessPermission(editor, contentId, member.Id, localOnly, PermissionType.Custom32, permReq.Custom32);
}
}
editor.Apply();
}
internal static void ApplyAclModifications(SnAclEditor ed, AccessControlList origAcl, AccessControlList acl)
{
if (origAcl.EntityId != acl.EntityId)
{
throw new InvalidOperationException();
}
var newEntries = new List <AceInfo>();
var entityId = origAcl.EntityId;
foreach (var entry in acl.Entries)
{
if (entry.IdentityId == Identifiers.SomebodyUserId)
{
continue;
}
var origEntry = origAcl.Entries.Where(x => x.IdentityId == entry.IdentityId && x.LocalOnly == entry.LocalOnly).FirstOrDefault();
// play modifications
var ident = entry.IdentityId;
var localOnly = entry.LocalOnly;
var perms = entry.Permissions.ToArray();
if (origEntry == null)
{
ed.Set(entityId, ident, localOnly, GetEditedBits(entry.Permissions));
}
else
{
var origPerms = origEntry.Permissions.ToArray();
// reset readonly bits
for (int i = PermissionType.PermissionCount - 1; i >= 0; i--)
{
var perm = perms[i];
var origPerm = origPerms[i];
if (!perm.DenyEnabled && origPerm.Deny)
{
ed.SetPermission(entityId, ident, localOnly, PermissionType.GetByName(perm.Name), PermissionValue.Undefined);
}
if (!perm.AllowEnabled && origPerm.Allow)
{
ed.SetPermission(entityId, ident, localOnly, PermissionType.GetByName(perm.Name), PermissionValue.Undefined);
}
}
// reset deny bits
for (int i = PermissionType.PermissionCount - 1; i >= 0; i--)
{
var perm = perms[i];
var origPerm = origPerms[i];
if (perm.DenyEnabled)
{
if (origPerm.Deny && !perm.Deny) // reset
{
ed.SetPermission(entityId, ident, localOnly, PermissionType.GetByName(perm.Name), PermissionValue.Undefined);
}
}
}
// reset allow bits
for (int i = 0; i < PermissionType.PermissionCount; i++)
{
var perm = perms[i];
var origPerm = origPerms[i];
if (perm.AllowEnabled)
{
if (origPerm.Allow && !perm.Allow) // reset
{
ed.SetPermission(entityId, ident, localOnly, PermissionType.GetByName(perm.Name), PermissionValue.Undefined);
}
}
}
// set allow bits
for (int i = 0; i < PermissionType.PermissionCount; i++)
{
var perm = perms[i];
var origPerm = origPerms[i];
if (origPerm.AllowEnabled)
{
if (!origPerm.Allow && perm.Allow) // set
{
ed.SetPermission(entityId, ident, localOnly, PermissionType.GetByName(perm.Name), PermissionValue.Allowed);
}
}
}
// set deny bits
for (int i = PermissionType.PermissionCount - 1; i >= 0; i--)
{
var perm = perms[i];
var origPerm = origPerms[i];
if (perm.DenyEnabled)
{
if (!origPerm.Deny && perm.Deny) // set
{
ed.SetPermission(entityId, ident, localOnly, PermissionType.GetByName(perm.Name), PermissionValue.Denied);
}
}
}
}
}
ed.Apply();
}
protected virtual void ChangePermissions(int contentId, int identityId, SnAclEditor aclEditor, PermissionBitMask permissionBitMmask)
{
aclEditor.Reset(contentId, identityId, LocalOnly, PermissionBitMask.All);
aclEditor.Set(contentId, identityId, LocalOnly, permissionBitMmask);
}
