public async Task OD_Security_GetPermissions_ACE() { await IsolatedODataTestAsync(async() => { SnAclEditor.Create(new SnSecurityContext(User.Current)) .Allow(2, Identifiers.AdministratorUserId, false, PermissionType.Custom01) .Allow(2, Identifiers.VisitorUserId, false, PermissionType.Custom02) .Apply(); // ACTION var response = await ODataPostAsync( "/OData.svc/Root/IMS/BuiltIn/Portal('Administrators')/GetPermissions", "", "{identity:\"/root/ims/builtin/portal/visitor\"}") .ConfigureAwait(false); // ASSERT AssertNoError(response); var json = Deserialize(response.Result); var entries = json as JArray; Assert.IsNotNull(entries); var expected = "Custom02:{value:allow,from:/Root,identity:/Root/IMS/BuiltIn/Portal/Visitor}"; var actual = response.Result .Replace("\r", "") .Replace("\n", "") .Replace("\t", "") .Replace(" ", "") .Replace("\"", ""); Assert.IsTrue(actual.Contains(expected)); Assert.IsTrue(actual.Contains("Custom01:null")); }).ConfigureAwait(false); }
private static void ProcessPermission(SnAclEditor editor, int contentId, int identityId, bool localOnly, PermissionType permissionType, string requestValue) { switch (requestValue.ToLower()) { case "0": case "u": case "undefined": // PermissionValue.Undefined; editor.ClearPermission(contentId, identityId, localOnly, permissionType); break; case "1": case "a": case "allow": // PermissionValue.Allowed; editor.Allow(contentId, identityId, localOnly, permissionType); break; case "2": case "d": case "deny": // PermissionValue.Denied; editor.Deny(contentId, identityId, localOnly, permissionType); break; default: throw new ArgumentException("Invalid permission value: " + requestValue); } }
private static void CopyPermissions(Node source, Node target) { if (source == null || source.ParentId == 0 || target == null) { return; } // copy permissions from the source content, without reseting the permission system Providers.Instance.SecurityHandler.CopyPermissionsFrom(source.Id, target.Id, CopyPermissionMode.BreakAndClear); // If there were any permission settings for the Creators group on the source content, we // need to place an explicite entry with the same permissions onto the target for the creator // user, as the creator of the trashbag (the user who deletes the content) may be different // than the creator of the original document. var aces = Providers.Instance.SecurityHandler.GetEffectiveEntriesAsSystemUser(source.Id, new[] { Identifiers.OwnersGroupId }, EntryType.Normal); foreach (var ace in aces) { Providers.Instance.SecurityHandler.CreateAclEditor() .Set(target.Id, ace.IdentityId, ace.LocalOnly, ace.AllowBits, ace.DenyBits); } aces = Providers.Instance.SecurityHandler.GetEffectiveEntriesAsSystemUser(source.Id, new[] { Identifiers.OwnersGroupId }, EntryType.Sharing); foreach (var ace in aces) { SnAclEditor.Create(Providers.Instance.SecurityHandler.SecurityContext, EntryType.Sharing) .Set(target.Id, ace.IdentityId, ace.LocalOnly, ace.AllowBits, ace.DenyBits); } }
public async Task OD_Security_GetPermissions_ACL() { await ODataTestAsync(async() => { SnAclEditor.Create(SecurityHandler.SecurityContext) .Allow(2, 1, false, PermissionType.Custom01) .Apply(); // ACTION var response = await ODataPostAsync( "/OData.svc/Root/IMS/BuiltIn/Portal('Administrators')/GetPermissions", "", null) .ConfigureAwait(false); // ASSERT AssertNoError(response); var json = Deserialize(response.Result); var entries = json["entries"]; Assert.IsNotNull(entries); var expected = "Custom01:{value:allow,from:/Root,identity:/Root/IMS/BuiltIn/Portal/Admin}"; var actual = response.Result .Replace("\r", "") .Replace("\n", "") .Replace("\t", "") .Replace(" ", "") .Replace("\"", ""); Assert.IsTrue(actual.Contains(expected)); }).ConfigureAwait(false); }
protected override void ChangePermissions(int contentId, int identityId, SnAclEditor aclEditor, PermissionBitMask permissionBitMmask) { if (!string.IsNullOrEmpty(Clear)) { var clearBits = SecurityHandler.GetPermissionMask(GetPermissionTypes(Clear)); aclEditor.Reset(contentId, identityId, LocalOnly, new PermissionBitMask { AllowBits = clearBits, DenyBits = clearBits }); } aclEditor.Set(contentId, identityId, LocalOnly, permissionBitMmask); }
private void SetInheritance(Content content, SetPermissionsRequest request, SnAclEditor editor) { if (request.r != null) { throw new InvalidOperationException("Cannot use 'r' and 'inheritance' parameters at the same time."); } switch (request.inheritance.ToLower()) { default: throw new ArgumentException("The value of the 'inheritance' must be 'break' or 'unbreak'."); case "break": editor.BreakInheritance(content.Id); break; case "unbreak": editor.UnbreakInheritance(content.Id); break; } }
private static void SetPermissions(Content content, SetPermissionsRequest request, SnAclEditor editor) { var contentId = content.Id; foreach (var permReq in request.r) { var member = LoadMember(permReq.identity); var localOnly = permReq.localOnly.HasValue ? permReq.localOnly.Value : false; if (permReq.See != null) /**/ ProcessPermission{ (editor, contentId, member.Id, localOnly, PermissionType.See, permReq.See); } if (permReq.Preview != null) /**/ ProcessPermission{ (editor, contentId, member.Id, localOnly, PermissionType.Preview, permReq.Preview); } if (permReq.PreviewWithoutWatermark != null) /**/ ProcessPermission{ (editor, contentId, member.Id, localOnly, PermissionType.PreviewWithoutWatermark, permReq.PreviewWithoutWatermark); } if (permReq.PreviewWithoutRedaction != null) /**/ ProcessPermission{ (editor, contentId, member.Id, localOnly, PermissionType.PreviewWithoutRedaction, permReq.PreviewWithoutRedaction); } if (permReq.Open != null) /**/ ProcessPermission{ (editor, contentId, member.Id, localOnly, PermissionType.Open, permReq.Open); } if (permReq.OpenMinor != null) /**/ ProcessPermission{ (editor, contentId, member.Id, localOnly, PermissionType.OpenMinor, permReq.OpenMinor); } if (permReq.Save != null) /**/ ProcessPermission{ (editor, contentId, member.Id, localOnly, PermissionType.Save, permReq.Save); } if (permReq.Publish != null) /**/ ProcessPermission{ (editor, contentId, member.Id, localOnly, PermissionType.Publish, permReq.Publish); } if (permReq.ForceCheckin != null) /**/ ProcessPermission{ (editor, contentId, member.Id, localOnly, PermissionType.ForceCheckin, permReq.ForceCheckin); } if (permReq.AddNew != null) /**/ ProcessPermission{ (editor, contentId, member.Id, localOnly, PermissionType.AddNew, permReq.AddNew); } if (permReq.Approve != null) /**/ ProcessPermission{ (editor, contentId, member.Id, localOnly, PermissionType.Approve, permReq.Approve); } if (permReq.Delete != null) /**/ ProcessPermission{ (editor, contentId, member.Id, localOnly, PermissionType.Delete, permReq.Delete); } if (permReq.RecallOldVersion != null) /**/ ProcessPermission{ (editor, contentId, member.Id, localOnly, PermissionType.RecallOldVersion, permReq.RecallOldVersion); } if (permReq.DeleteOldVersion != null) /**/ ProcessPermission{ (editor, contentId, member.Id, localOnly, PermissionType.DeleteOldVersion, permReq.DeleteOldVersion); } if (permReq.SeePermissions != null) /**/ ProcessPermission{ (editor, contentId, member.Id, localOnly, PermissionType.SeePermissions, permReq.SeePermissions); } if (permReq.SetPermissions != null) /**/ ProcessPermission{ (editor, contentId, member.Id, localOnly, PermissionType.SetPermissions, permReq.SetPermissions); } if (permReq.RunApplication != null) /**/ ProcessPermission{ (editor, contentId, member.Id, localOnly, PermissionType.RunApplication, permReq.RunApplication); } if (permReq.ManageListsAndWorkspaces != null) /**/ ProcessPermission{ (editor, contentId, member.Id, localOnly, PermissionType.ManageListsAndWorkspaces, permReq.ManageListsAndWorkspaces); } if (permReq.TakeOwnership != null) /**/ ProcessPermission{ (editor, contentId, member.Id, localOnly, PermissionType.TakeOwnership, permReq.TakeOwnership); } if (permReq.Custom01 != null) { ProcessPermission(editor, contentId, member.Id, localOnly, PermissionType.Custom01, permReq.Custom01); } if (permReq.Custom02 != null) { ProcessPermission(editor, contentId, member.Id, localOnly, PermissionType.Custom02, permReq.Custom02); } if (permReq.Custom03 != null) { ProcessPermission(editor, contentId, member.Id, localOnly, PermissionType.Custom03, permReq.Custom03); } if (permReq.Custom04 != null) { ProcessPermission(editor, contentId, member.Id, localOnly, PermissionType.Custom04, permReq.Custom04); } if (permReq.Custom05 != null) { ProcessPermission(editor, contentId, member.Id, localOnly, PermissionType.Custom05, permReq.Custom05); } if (permReq.Custom06 != null) { ProcessPermission(editor, contentId, member.Id, localOnly, PermissionType.Custom06, permReq.Custom06); } if (permReq.Custom07 != null) { ProcessPermission(editor, contentId, member.Id, localOnly, PermissionType.Custom07, permReq.Custom07); } if (permReq.Custom08 != null) { ProcessPermission(editor, contentId, member.Id, localOnly, PermissionType.Custom08, permReq.Custom08); } if (permReq.Custom09 != null) { ProcessPermission(editor, contentId, member.Id, localOnly, PermissionType.Custom09, permReq.Custom09); } if (permReq.Custom10 != null) { ProcessPermission(editor, contentId, member.Id, localOnly, PermissionType.Custom10, permReq.Custom10); } if (permReq.Custom11 != null) { ProcessPermission(editor, contentId, member.Id, localOnly, PermissionType.Custom11, permReq.Custom11); } if (permReq.Custom12 != null) { ProcessPermission(editor, contentId, member.Id, localOnly, PermissionType.Custom12, permReq.Custom12); } if (permReq.Custom13 != null) { ProcessPermission(editor, contentId, member.Id, localOnly, PermissionType.Custom13, permReq.Custom13); } if (permReq.Custom14 != null) { ProcessPermission(editor, contentId, member.Id, localOnly, PermissionType.Custom14, permReq.Custom14); } if (permReq.Custom15 != null) { ProcessPermission(editor, contentId, member.Id, localOnly, PermissionType.Custom15, permReq.Custom15); } if (permReq.Custom16 != null) { ProcessPermission(editor, contentId, member.Id, localOnly, PermissionType.Custom16, permReq.Custom16); } if (permReq.Custom17 != null) { ProcessPermission(editor, contentId, member.Id, localOnly, PermissionType.Custom17, permReq.Custom17); } if (permReq.Custom18 != null) { ProcessPermission(editor, contentId, member.Id, localOnly, PermissionType.Custom18, permReq.Custom18); } if (permReq.Custom19 != null) { ProcessPermission(editor, contentId, member.Id, localOnly, PermissionType.Custom19, permReq.Custom19); } if (permReq.Custom20 != null) { ProcessPermission(editor, contentId, member.Id, localOnly, PermissionType.Custom20, permReq.Custom20); } if (permReq.Custom21 != null) { ProcessPermission(editor, contentId, member.Id, localOnly, PermissionType.Custom21, permReq.Custom21); } if (permReq.Custom22 != null) { ProcessPermission(editor, contentId, member.Id, localOnly, PermissionType.Custom22, permReq.Custom22); } if (permReq.Custom23 != null) { ProcessPermission(editor, contentId, member.Id, localOnly, PermissionType.Custom23, permReq.Custom23); } if (permReq.Custom24 != null) { ProcessPermission(editor, contentId, member.Id, localOnly, PermissionType.Custom24, permReq.Custom24); } if (permReq.Custom25 != null) { ProcessPermission(editor, contentId, member.Id, localOnly, PermissionType.Custom25, permReq.Custom25); } if (permReq.Custom26 != null) { ProcessPermission(editor, contentId, member.Id, localOnly, PermissionType.Custom26, permReq.Custom26); } if (permReq.Custom27 != null) { ProcessPermission(editor, contentId, member.Id, localOnly, PermissionType.Custom27, permReq.Custom27); } if (permReq.Custom28 != null) { ProcessPermission(editor, contentId, member.Id, localOnly, PermissionType.Custom28, permReq.Custom28); } if (permReq.Custom29 != null) { ProcessPermission(editor, contentId, member.Id, localOnly, PermissionType.Custom29, permReq.Custom29); } if (permReq.Custom30 != null) { ProcessPermission(editor, contentId, member.Id, localOnly, PermissionType.Custom30, permReq.Custom30); } if (permReq.Custom31 != null) { ProcessPermission(editor, contentId, member.Id, localOnly, PermissionType.Custom31, permReq.Custom31); } if (permReq.Custom32 != null) { ProcessPermission(editor, contentId, member.Id, localOnly, PermissionType.Custom32, permReq.Custom32); } } editor.Apply(); }
internal static void ApplyAclModifications(SnAclEditor ed, AccessControlList origAcl, AccessControlList acl) { if (origAcl.EntityId != acl.EntityId) { throw new InvalidOperationException(); } var newEntries = new List <AceInfo>(); var entityId = origAcl.EntityId; foreach (var entry in acl.Entries) { if (entry.IdentityId == Identifiers.SomebodyUserId) { continue; } var origEntry = origAcl.Entries.Where(x => x.IdentityId == entry.IdentityId && x.LocalOnly == entry.LocalOnly).FirstOrDefault(); // play modifications var ident = entry.IdentityId; var localOnly = entry.LocalOnly; var perms = entry.Permissions.ToArray(); if (origEntry == null) { ed.Set(entityId, ident, localOnly, GetEditedBits(entry.Permissions)); } else { var origPerms = origEntry.Permissions.ToArray(); // reset readonly bits for (int i = PermissionType.PermissionCount - 1; i >= 0; i--) { var perm = perms[i]; var origPerm = origPerms[i]; if (!perm.DenyEnabled && origPerm.Deny) { ed.SetPermission(entityId, ident, localOnly, PermissionType.GetByName(perm.Name), PermissionValue.Undefined); } if (!perm.AllowEnabled && origPerm.Allow) { ed.SetPermission(entityId, ident, localOnly, PermissionType.GetByName(perm.Name), PermissionValue.Undefined); } } // reset deny bits for (int i = PermissionType.PermissionCount - 1; i >= 0; i--) { var perm = perms[i]; var origPerm = origPerms[i]; if (perm.DenyEnabled) { if (origPerm.Deny && !perm.Deny) // reset { ed.SetPermission(entityId, ident, localOnly, PermissionType.GetByName(perm.Name), PermissionValue.Undefined); } } } // reset allow bits for (int i = 0; i < PermissionType.PermissionCount; i++) { var perm = perms[i]; var origPerm = origPerms[i]; if (perm.AllowEnabled) { if (origPerm.Allow && !perm.Allow) // reset { ed.SetPermission(entityId, ident, localOnly, PermissionType.GetByName(perm.Name), PermissionValue.Undefined); } } } // set allow bits for (int i = 0; i < PermissionType.PermissionCount; i++) { var perm = perms[i]; var origPerm = origPerms[i]; if (origPerm.AllowEnabled) { if (!origPerm.Allow && perm.Allow) // set { ed.SetPermission(entityId, ident, localOnly, PermissionType.GetByName(perm.Name), PermissionValue.Allowed); } } } // set deny bits for (int i = PermissionType.PermissionCount - 1; i >= 0; i--) { var perm = perms[i]; var origPerm = origPerms[i]; if (perm.DenyEnabled) { if (!origPerm.Deny && perm.Deny) // set { ed.SetPermission(entityId, ident, localOnly, PermissionType.GetByName(perm.Name), PermissionValue.Denied); } } } } } ed.Apply(); }
protected virtual void ChangePermissions(int contentId, int identityId, SnAclEditor aclEditor, PermissionBitMask permissionBitMmask) { aclEditor.Reset(contentId, identityId, LocalOnly, PermissionBitMask.All); aclEditor.Set(contentId, identityId, LocalOnly, permissionBitMmask); }