public override ACL GetACL(Type type)
{
ACL acl = base.GetACL(type);
acl.Add(new ACLEveryoneAllowRetrieve());
acl.Add(new ACLAccount(mInstance.AccountBlog.Account, DataOperation.All));
return(acl);
}
public override ACL GetACL(Type type)
{
ACL acl = base.GetACL(type);
acl.Add(new ACLEveryoneAllowRetrieve());
acl.Add(new ACLAuthenticatedAllowCreate());
return(acl);
}
public override ACL GetACL(Type type)
{
ACL acl = base.GetACL(type);
acl.Add(new ACLEveryoneAllowRetrieve());
acl.Add(new ACLAuthenticatedAllowCreate());
acl.Add(new ACLAccountId(mInstance.AccountId, DataOperation.All));
return(acl);
}
public override ACL GetACL(Type type)
{
ACL acl = base.GetACL(type);
acl.Add(new ACLAuthenticatedAllowCreate());
acl.Add(new ACLAccount(mInstance.Account, DataOperation.All));
acl.Add(new ACLAccount(mInstance.Keen, DataOperation.Update | DataOperation.Retreive | DataOperation.Delete));
return(acl);
}
public override ACL GetACL(Type type)
{
ACL acl = base.GetACL(type);
acl.Add(new ACLEveryoneAllowRetrieve());
acl.Add(new ACLAuthenticatedAllowCreate());
// website owner can delete/edit his own addition
acl.Add(new ACLAccount(mInstance.Account, DataOperation.All));
// place owners have the same rights to linked websites
acl.AddRange(new ManagedPlace(Session, mInstance.Place).GetACL(type).AccessControlList);
return(acl);
}
public override ACL GetACL(Type type)
{
ACL acl = base.GetACL(type);
acl.Add(new ACLEveryoneAllowRetrieve());
acl.Add(new ACLAccount(mInstance.Place.Account, DataOperation.All));
foreach (AccountPlace relationship in Collection <AccountPlace> .GetSafeCollection(mInstance.Place.AccountPlaces))
{
acl.Add(new ACLAccount(relationship.Account,
relationship.Type.CanWrite ? DataOperation.All : DataOperation.Retreive));
}
return(acl);
}
public override ACL GetACL(Type type)
{
ACL acl = base.GetACL(type);
// members can create or see the places depending on their permissions
foreach (AccountGroupAccount account in Collection <AccountGroupAccount> .GetSafeCollection(mInstance.AccountGroup.AccountGroupAccounts))
{
acl.Add(new ACLAccount(account.Account, account.IsAdministrator
? DataOperation.All
: DataOperation.Retreive | DataOperation.Create));
}
return(acl);
}
public override ACL GetACL(Type type)
{
ACL acl = base.GetACL(type);
acl.Add(new ACLEveryoneAllowRetrieve());
acl.Add(new ACLAccount(mInstance.AccountFeed.Account, DataOperation.All));
if (ManagedDiscussion.IsDiscussionType(type))
{
acl.Add(new ACLAuthenticatedAllowCreate());
}
return(acl);
}
public override ACL GetACL(Type type)
{
ACL acl = base.GetACL(type);
acl.Add(new ACLAuthenticatedAllowCreate());
Account acct = null;
try
{
acct = Session.Load <Account>(mInstance.AccountId);
if (acct.Id == 0)
{
throw new ObjectNotFoundException(mInstance.AccountId, typeof(Account));
}
}
catch (ObjectNotFoundException)
{
acct = null;
}
if (acct != null)
{
// user can view his own activity and delete broadcasts
acl.Add(new ACLAccount(acct, mInstance.IsBroadcast ? DataOperation.AllExceptUpdate : DataOperation.Retreive));
if (!mInstance.IsPrivate && !mInstance.IsSystem)
{
// friends can retrieve public audit entries
if (acct.AccountFriends != null)
{
foreach (AccountFriend friend in acct.AccountFriends)
{
acl.Add(new ACLAccount(friend.Keen, DataOperation.Retreive));
}
}
if (acct.KeenAccountFriends != null)
{
foreach (AccountFriend friend in acct.KeenAccountFriends)
{
acl.Add(new ACLAccount(friend.Account, DataOperation.Retreive));
}
}
}
}
return(acl);
}
/// <summary>
/// all-admin ACL
/// </summary>
/// <param name="sec"></param>
/// <returns></returns>
public static ACL GetAdministrativeACL(ISession session)
{
lock (s_AdminACL)
{
if (s_AdminACL.Count == 0)
{
IList <Account> admins = session.CreateCriteria(typeof(Account)).Add(Expression.Eq("IsAdministrator", true)).List <Account>();
s_AdminACL.AddRange(ACLAccountId.GetACLEntries(admins, (int)DataOperation.All, DataOperationPermission.Allow));
}
}
ACL acl = new ACL(s_AdminACL);
return(acl);
}
public override ACL GetACL(Type type)
{
ACL acl = base.GetACL(type);
acl.Add(new ACLAuthenticatedAllowCreateAndDelete());
acl.Add(new ACLAccount(mInstance.Account, DataOperation.Delete | DataOperation.Retreive));
acl.Add(new ACLAccount(mInstance.Place.Account, DataOperation.AllExceptUpdate));
foreach (AccountPlace relationship in Collection <AccountPlace> .GetSafeCollection(mInstance.Place.AccountPlaces))
{
if (relationship.Type.CanWrite)
{
acl.Add(new ACLAccount(relationship.Account, DataOperation.AllExceptUpdate));
}
}
return(acl);
}
public override ACL GetACL(Type type)
{
ACL acl = base.GetACL(type);
// members can create invitations or approve / deny them depending on their permissions
foreach (AccountGroupAccount account in Collection <AccountGroupAccount> .GetSafeCollection(mInstance.AccountGroup.AccountGroupAccounts))
{
acl.Add(new ACLAccount(account.Account, account.IsAdministrator
? DataOperation.All
: DataOperation.Create));
}
// the person who the invitation is for can retreive and delete it
if (Id > 0)
{
acl.Add(new ACLAccount(mInstance.Account, DataOperation.AllExceptUpdate));
}
return(acl);
}
public override ACL GetACL(Type type)
{
ManagedDiscussionMapEntry mapentry = null;
ACL acl = null;
if (mInstance.Personal && ManagedDiscussionMap.TryFind(mInstance.DataObject, out mapentry))
{
acl = mapentry.GetACL(Session, mInstance.ObjectId, typeof(Discussion));
}
else
{
acl = base.GetACL(type);
acl.Add(new ACLEveryoneAllowRetrieve());
}
acl.Add(new ACLAccount(mInstance.Account, DataOperation.All));
return(acl);
}
public override ACL GetACL(Type type)
{
ManagedDiscussionMapEntry mapentry = null;
ACL acl = null;
if (mInstance.Discussion.Personal && ManagedDiscussionMap.TryFind(mInstance.Discussion.DataObject, out mapentry))
{
acl = mapentry.GetACL(Session, mInstance.Discussion.ObjectId, typeof(DiscussionThread));
}
else
{
acl = base.GetACL(type);
acl.Add(new ACLEveryoneAllowRetrieve());
acl.Add(new ACLAuthenticatedAllowCreate());
}
return(acl);
}
public override ACL GetACL(Type type)
{
ACL acl = base.GetACL(type);
// everyone is able to request membership in a group
// TODO: invitation-only groups
// if (!mInstance.AccountGroup.IsInviteOnly)
acl.Add(new ACLAuthenticatedAllowCreate());
// requester can cancel and fetch his own request
acl.Add(new ACLAccount(mInstance.Account, DataOperation.Delete | DataOperation.Retreive));
// members can delete (approve or deny) this request based on their permissions
foreach (AccountGroupAccount account in Collection <AccountGroupAccount> .GetSafeCollection(mInstance.AccountGroup.AccountGroupAccounts))
{
if (account.IsAdministrator)
{
acl.Add(new ACLAccount(account.Account, DataOperation.AllExceptUpdate));
}
}
return(acl);
}
public override ACL GetACL(Type type)
{
ACL acl = base.GetACL(type);
// everyone is able to see this membership if the group is public
if (!mInstance.AccountGroup.IsPrivate)
{
acl.Add(new ACLEveryoneAllowRetrieve());
}
// the user who has uploaded the picture can do anything to it
// members can create or see the pictures depending on their permissions
foreach (AccountGroupAccount account in Collection <AccountGroupAccount> .GetSafeCollection(mInstance.AccountGroup.AccountGroupAccounts))
{
// account that uploaded the picture or the admin can do anything with it
acl.Add(new ACLAccount(account.Account, account.IsAdministrator || (Id > 0 && mInstance.Account == account.Account)
? DataOperation.All
: DataOperation.Retreive | DataOperation.Create));
}
return(acl);
}
public override ACL GetACL(Type type)
{
ACL acl = base.GetACL(type);
return(acl);
}
/// <summary>
/// all-admin ACL
/// </summary>
/// <param name="sec"></param>
/// <returns></returns>
public static ACL GetAdministrativeACL(ISession session)
{
lock (s_AdminACL)
{
if (s_AdminACL.Count == 0)
{
IList<Account> admins = session.CreateCriteria(typeof(Account)).Add(Expression.Eq("IsAdministrator", true)).List<Account>();
s_AdminACL.AddRange(ACLAccountId.GetACLEntries(admins, (int)DataOperation.All, DataOperationPermission.Allow));
}
}
ACL acl = new ACL(s_AdminACL);
return acl;
}
public ACL(ACL value)
{
mAccessControlList.AddRange(value.mAccessControlList);
}
public ACL(ACL value)
{
mAccessControlList.AddRange(value.mAccessControlList);
}
public virtual ACL GetACL(Type type)
{
return(ACL.GetAdministrativeACL(Session));
}