internal SecurityEntry[] SetAcl(SnAccessControlList acl)
{
var result = new List <SecurityEntry>();
//var acl0 = GetAcl(nodeId, path, creatorId);
foreach (var entry in acl.Entries)
{
var values = new PermissionValue[ActiveSchema.PermissionTypes.Count];
foreach (var perm in entry.Permissions)
{
//var id = ActiveSchema.PermissionTypes[perm.Name].Id;
//var allow = perm.AllowFrom == null ? perm.Allow : false;
//var deny = perm.DenyFrom == null ? perm.Deny : false;
//var value = deny ? PermissionValue.Deny : (allow ? PermissionValue.Allow : PermissionValue.NonDefined);
//values[id - 1] = value;
var id = ActiveSchema.PermissionTypes[perm.Name].Id;
var value = perm.Deny ? PermissionValue.Deny : (perm.Allow ? PermissionValue.Allow : PermissionValue.NonDefined);
values[id - 1] = value;
}
result.Add(new SecurityEntry(acl.NodeId, entry.Identity.NodeId, entry.Propagates, values));
}
return(result.ToArray());
}
//============================================================================= for editing
internal SnAccessControlList GetAcl(int nodeId, string path, int creatorId, int lastModifierId)
{
var acl = new SnAccessControlList {
Path = path, NodeId = nodeId, Creator = SnIdentity.Create(creatorId), LastModifier = SnIdentity.Create(lastModifierId)
};
var firstPermInfo = GetFirstInfo(path);
if (firstPermInfo == null)
{
return(acl);
}
return(firstPermInfo.BuildAcl(acl));
}
internal SnAccessControlList BuildAcl(SnAccessControlList acl)
{
//var principals = GetEffectedPrincipals();
var aces = new Dictionary <int, SnAccessControlEntry>();
for (var permInfo = this; permInfo != null; permInfo = permInfo.Inherits ? permInfo.Parent : null)
{
foreach (var permSet in permInfo.PermissionSets)
{
// get ace by princ
var princ = permSet.PrincipalId;
SnAccessControlEntry ace;
if (!aces.TryGetValue(princ, out ace))
{
ace = SnAccessControlEntry.CreateEmpty(princ, permSet.Propagates);
aces.Add(princ, ace);
}
// get permissions and paths
int mask = 1;
for (int i = 0; i < ActiveSchema.PermissionTypes.Count; i++)
{
var permission = ace.Permissions.ElementAt(i);
if (!permission.Deny)
{
if ((permSet.DenyBits & mask) != 0)
{
permission.Deny = true;
permission.DenyFrom = SearchFirstPath(acl.Path, permInfo, permSet, mask, true);
}
}
if (!permission.Allow)
{
var allow = (permSet.AllowBits & mask) != 0;
if ((permSet.AllowBits & mask) != 0)
{
permission.Allow = true;
permission.AllowFrom = SearchFirstPath(acl.Path, permInfo, permSet, mask, false);
}
}
mask = mask << 1;
}
}
}
acl.Inherits = acl.Path == this.Path ? this.Inherits : true;
acl.Entries = aces.Values.ToArray();
return(acl);
}
internal void RebuildAceVisiblityList(SnAccessControlList acl)
{
this.AceVisiblityList.Clear();
foreach (var entry in acl.Entries)
{
this.AceVisiblityList.Add(Guid.NewGuid().ToString().Replace("-", ""), "0");
}
}
private static IEnumerable<SecurityEntry> GetEntriesFromAcl(AclEditor ed, SnAccessControlList origAcl, SnAccessControlList acl)
{
var newEntries = new List<SecurityEntry>();
foreach (var entry in acl.Entries)
{
var origEntry = origAcl.Entries.Where(x => x.Identity.NodeId == entry.Identity.NodeId && x.Propagates == entry.Propagates).FirstOrDefault();
if (origEntry == null)
{
ed.AddEntry(entry);
}
else
{
//---- play modifications
var ident = entry.Identity.NodeId;
var propagates = entry.Propagates;
var perms = entry.Permissions.ToArray();
var origPerms = origEntry.Permissions.ToArray();
//---- reset deny bits
for (int i = ActiveSchema.PermissionTypes.Count - 1; i >= 0; i--)
{
var perm = perms[i];
var origPerm = origPerms[i];
if (perm.DenyEnabled)
if (origPerm.Deny && !perm.Deny) // reset
{
ed.SetPermission(ident, propagates, ActiveSchema.PermissionTypes[perm.Name], PermissionValue.NonDefined);
//Trace.WriteLine("@> Reset deny " + perm.Name);
}
}
//---- reset allow bits
for (int i = 0; i < ActiveSchema.PermissionTypes.Count; i++)
{
var perm = perms[i];
var origPerm = origPerms[i];
if (perm.AllowEnabled)
if (origPerm.Allow && !perm.Allow) // reset
{
ed.SetPermission(ident, propagates, ActiveSchema.PermissionTypes[perm.Name], PermissionValue.NonDefined);
//Trace.WriteLine("@> Reset allow " + perm.Name);
}
}
//---- set allow bits
for (int i = 0; i < ActiveSchema.PermissionTypes.Count; i++)
{
var perm = perms[i];
var origPerm = origPerms[i];
if (perm.AllowEnabled)
if (!origPerm.Allow && perm.Allow) // set
{
ed.SetPermission(ident, propagates, ActiveSchema.PermissionTypes[perm.Name], PermissionValue.Allow);
//Trace.WriteLine("@> Set allow " + perm.Name);
}
}
//---- set deny bits
for (int i = ActiveSchema.PermissionTypes.Count - 1; i >= 0; i--)
{
var perm = perms[i];
var origPerm = origPerms[i];
if (perm.DenyEnabled)
if (!origPerm.Deny && perm.Deny) // set
{
ed.SetPermission(ident, propagates, ActiveSchema.PermissionTypes[perm.Name], PermissionValue.Deny);
//Trace.WriteLine("@> Set deny " + perm.Name);
}
}
//---- reset entry if it is subset of the original (entry will be removed)
var newEntry = ed.GetEntry(entry.Identity.NodeId, entry.Propagates);
var newPerms = newEntry.Permissions.ToArray();
var deletable = true;
for (int i = 0; i < newPerms.Length; i++)
{
var newPerm = newPerms[i];
var origPerm = origPerms[i];
if (newPerm.AllowEnabled && newPerm.Allow)
{
deletable = false;
break;
}
if (newPerm.DenyEnabled && newPerm.Deny)
{
deletable = false;
break;
}
}
if (deletable)
newEntry.SetPermissionsBits(0, 0);
}
}
var entries = PermissionEvaluator.Instance.SetAcl(ed.Acl);
return entries;
}
private static void SetAcl(Node node, SnAccessControlList acl)
{
Assert(node, PermissionType.SetPermissions);
var entriesToSet = GetEntriesFromAcl(new AclEditor(node), new AclEditor(node).Acl, acl);
WriteEntries(entriesToSet);
Reset();
}
public static void SetAcl(SnAccessControlList acl, string path)
{
var node = Node.LoadNode(path);
if (node == null)
throw GetNodeNotFoundEx(path);
SetAcl(node, acl);
}
//============================================================================= for editing
internal SnAccessControlList GetAcl(int nodeId, string path, int creatorId, int lastModifierId)
{
var acl = new SnAccessControlList { Path = path, NodeId = nodeId, Creator = SnIdentity.Create(creatorId), LastModifier = SnIdentity.Create(lastModifierId) };
var firstPermInfo = GetFirstInfo(path);
if (firstPermInfo == null)
return acl;
return firstPermInfo.BuildAcl(acl);
}
public void SetAcl(SnAccessControlList acl)
{
SetAcl(this._node, acl);
}
public AclEditor(Node node)
{
this.node = node;
this.acl = node.Security.GetAcl();
}
public ActionResult SetACL(SnAccessControlList acl)
{
var node = Node.LoadNode(acl.Path);
node.Security.SetAcl(acl);
return null;
}
public AclEditor(Node node)
{
this.node = node;
this.acl = node.Security.GetAcl();
}
private string SetAclTest(int operationNumber, string initial, string readOnlyMask, string set, string expected)
{
if (readOnlyMask == null)
readOnlyMask = initial.Replace("+", "r").Replace("-", "r");
//Trace.WriteLine(String.Format("@> TEST #{0}: {1} | {2} | {3} | {4}", operationNumber, initial, readOnlyMask, set, expected));
var node = TestRoot;
var visitor = User.Visitor;
var ident = new SnIdentity { Kind = SnIdentityKind.User, Name = "Visitor", NodeId = visitor.Id, Path = visitor.Path };
var permsEd = GetPermsFromString(initial, readOnlyMask);
var entryEd = new SnAccessControlEntry { Identity = ident, Propagates = true, Permissions = permsEd };
var aclEd = new SnAccessControlList { NodeId = 9999, Creator = ident, Inherits = true, LastModifier = ident, Path = "asdf", Entries = new[] { entryEd } };
var perms0 = GetPermsFromString(initial, readOnlyMask);
var entry0 = new SnAccessControlEntry { Identity = ident, Propagates = true, Permissions = perms0 };
var acl0 = new SnAccessControlList { NodeId = 9999, Creator = ident, Inherits = true, LastModifier = ident, Path = "asdf", Entries = new[] { entry0 } };
var perms1 = GetPermsFromString(set, readOnlyMask);
var entry1 = new SnAccessControlEntry { Identity = ident, Propagates = true, Permissions = perms1 };
var acl1 = new SnAccessControlList { NodeId = 9999, Creator = ident, Inherits = true, LastModifier = ident, Path = "asdf", Entries = new[] { entry1 } };
var ed = node.Security.GetAclEditor();
ed.Acl = aclEd; // clone of acl0
var edAcc = new AclEditorAccessor(ed);
var secAcc = new SecurityHandlerAccessor(node.Security);
var entries = secAcc.GetEntriesFromAcl(ed, acl0, acl1);
var resultEntry = SearchEntry(entries, User.Visitor, true);
var result = resultEntry.ValuesToString();
if (result == expected)
return null;
return String.Concat("State is '", result, "', expected '", expected, "' at operation ", operationNumber);
}
public IEnumerable<SecurityEntry> GetEntriesFromAcl(AclEditor ed, SnAccessControlList origAcl, SnAccessControlList acl)
{
return (IEnumerable<SecurityEntry>)CallPrivateStaticMethod("GetEntriesFromAcl", new Type[] { typeof(AclEditor), typeof(SnAccessControlList), typeof(SnAccessControlList) }, ed, origAcl, acl);
}
internal SecurityEntry[] SetAcl(SnAccessControlList acl)
{
var result = new List<SecurityEntry>();
//var acl0 = GetAcl(nodeId, path, creatorId);
foreach (var entry in acl.Entries)
{
var values = new PermissionValue[ActiveSchema.PermissionTypes.Count];
foreach (var perm in entry.Permissions)
{
//var id = ActiveSchema.PermissionTypes[perm.Name].Id;
//var allow = perm.AllowFrom == null ? perm.Allow : false;
//var deny = perm.DenyFrom == null ? perm.Deny : false;
//var value = deny ? PermissionValue.Deny : (allow ? PermissionValue.Allow : PermissionValue.NonDefined);
//values[id - 1] = value;
var id = ActiveSchema.PermissionTypes[perm.Name].Id;
var value = perm.Deny ? PermissionValue.Deny : (perm.Allow ? PermissionValue.Allow : PermissionValue.NonDefined);
values[id - 1] = value;
}
result.Add(new SecurityEntry(acl.NodeId, entry.Identity.NodeId, entry.Propagates, values));
}
return result.ToArray();
}
public static void SetAcl(SnAccessControlList acl, int nodeId)
{
var node = Node.LoadNode(nodeId);
if (node == null)
throw GetNodeNotFoundEx(nodeId);
SetAcl(node, acl);
}
internal SnAccessControlList BuildAcl(SnAccessControlList acl)
{
//var principals = GetEffectedPrincipals();
var aces = new Dictionary<int, SnAccessControlEntry>();
for (var permInfo = this; permInfo != null; permInfo = permInfo.Inherits ? permInfo.Parent : null)
{
foreach (var permSet in permInfo.PermissionSets)
{
// get ace by princ
var princ = permSet.PrincipalId;
SnAccessControlEntry ace;
if (!aces.TryGetValue(princ, out ace))
{
ace = SnAccessControlEntry.CreateEmpty(princ, permSet.Propagates);
aces.Add(princ, ace);
}
// get permissions and paths
int mask = 1;
for (int i = 0; i < ActiveSchema.PermissionTypes.Count; i++)
{
var permission = ace.Permissions.ElementAt(i);
if (!permission.Deny)
{
if ((permSet.DenyBits & mask) != 0)
{
permission.Deny = true;
permission.DenyFrom = SearchFirstPath(acl.Path, permInfo, permSet, mask, true);
}
}
if (!permission.Allow)
{
var allow = (permSet.AllowBits & mask) != 0;
if ((permSet.AllowBits & mask) != 0)
{
permission.Allow = true;
permission.AllowFrom = SearchFirstPath(acl.Path, permInfo, permSet, mask, false);
}
}
mask = mask << 1;
}
}
}
acl.Inherits = acl.Path == this.Path ? this.Inherits : true;
acl.Entries = aces.Values.ToArray();
return acl;
}
private string AclEntriesToString(SnAccessControlList acl)
{
var sb = new StringBuilder();
sb.AppendLine(" <Entries>");
foreach (var ace in acl.Entries)
{
sb.Append(" <Entry identityId='").Append(ace.Identity.NodeId).Append("'");
sb.Append(" identityKind='").Append(ace.Identity.Kind).Append("'");
sb.Append(" propagates='").Append(ace.Propagates).Append("'");
sb.AppendLine("/>");
foreach (var perm in ace.Permissions)
{
sb.Append(" <Perm name='").Append(perm.Name).Append("'");
sb.Append(" allow='").Append(perm.Allow).Append("'");
sb.Append(" allowEnabled='").Append(perm.AllowEnabled).Append("'");
sb.Append(" allowFrom='").Append(perm.AllowFrom).Append("'");
sb.Append(" deny='").Append(perm.Deny).Append("'");
sb.Append(" denyEnabled='").Append(perm.DenyEnabled).Append("'");
sb.Append(" denyFrom='").Append(perm.DenyFrom).Append("'");
sb.AppendLine("/>");
}
sb.AppendLine(" </Entry>");
}
sb.AppendLine(" </Entries>");
return sb.ToString();
}
