public override void InitializeEnlistmentACLs(string enlistmentPath)
{
// The following permissions are typically present on deskop and missing on Server
//
// ACCESS_ALLOWED_ACE_TYPE: NT AUTHORITY\Authenticated Users
// [OBJECT_INHERIT_ACE]
// [CONTAINER_INHERIT_ACE]
// [INHERIT_ONLY_ACE]
// DELETE
// GENERIC_EXECUTE
// GENERIC_WRITE
// GENERIC_READ
DirectorySecurity rootSecurity = Directory.GetAccessControl(enlistmentPath);
AccessRule authenticatedUsersAccessRule = rootSecurity.AccessRuleFactory(
new SecurityIdentifier(WellKnownSidType.AuthenticatedUserSid, null),
unchecked ((int)(NativeMethods.FileAccess.DELETE | NativeMethods.FileAccess.GENERIC_EXECUTE | NativeMethods.FileAccess.GENERIC_WRITE | NativeMethods.FileAccess.GENERIC_READ)),
true,
InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
PropagationFlags.None,
AccessControlType.Allow);
// The return type of the AccessRuleFactory method is the base class, AccessRule, but the return value can be cast safely to the derived class.
// https://msdn.microsoft.com/en-us/library/system.security.accesscontrol.filesystemsecurity.accessrulefactory(v=vs.110).aspx
rootSecurity.AddAccessRule((FileSystemAccessRule)authenticatedUsersAccessRule);
Directory.SetAccessControl(enlistmentPath, rootSecurity);
}
public void Test_InvalidateEntries_AccessRule()
{
AccessRule accessRule;
Subject subject;
ICache <SubjectPermissionTypesTuple, IEnumerable <AccessRuleQuery> > dictionaryCache;
SecurityQueryCacheInvalidator securityQueryCacheInvalidator;
subject = new Subject();
subject.Save();
accessRule = new AccessRule();
accessRule.AllowAccessBy = subject;
accessRule.Save();
dictionaryCache = new DictionaryCache <SubjectPermissionTypesTuple, IEnumerable <AccessRuleQuery> >
{
{ new SubjectPermissionTypesTuple(subject.Id, 2, new long[0]), new AccessRuleQuery[0] },
{ new SubjectPermissionTypesTuple(subject.Id, 3, new long[0]), new AccessRuleQuery[0] },
{ new SubjectPermissionTypesTuple(subject.Id + 1, 3, new long[0]), new AccessRuleQuery[0] },
{ new SubjectPermissionTypesTuple(subject.Id + 2, 3, new long[0]), new AccessRuleQuery[0] }
};
securityQueryCacheInvalidator = new SecurityQueryCacheInvalidator(dictionaryCache);
securityQueryCacheInvalidator.InvalidateCacheEntries(new []
{
new SubjectPermissionTypesTuple(subject.Id, 2, new long[0]),
new SubjectPermissionTypesTuple(subject.Id, 3, new long[0]),
}, () => "test");
Assert.That(dictionaryCache, Has.None.Property("Key").Property("SubjectId").EqualTo(subject.Id));
}
public void Test_WithRoleWithOverlappingRules( )
{
long userId = 1;
long roleId = 2;
AccessRule accessRule1 = new AccessRule( );
AccessRule accessRule2 = new AccessRule( );
AccessRule accessRule3 = new AccessRule( );
Mock <IUserRoleRepository> mockRoles = new Mock <IUserRoleRepository>(MockBehavior.Strict);
Mock <IRuleRepository> mockRules = new Mock <IRuleRepository>(MockBehavior.Strict);
UserRuleSet userRuleSet;
mockRoles.Setup(x => x.GetUserRoles(userId)).Returns(new HashSet <long> {
roleId
});
mockRules.Setup(x => x.GetAccessRules(userId, Permissions.Read, null)).Returns(new List <AccessRule> {
accessRule1, accessRule2
});
mockRules.Setup(x => x.GetAccessRules(roleId, Permissions.Read, null)).Returns(new List <AccessRule> {
accessRule2, accessRule3
});
UserRuleSetProvider userRuleSetprovider = new UserRuleSetProvider(mockRoles.Object, mockRules.Object);
userRuleSet = null;
Assert.That(() => userRuleSet = userRuleSetprovider.GetUserRuleSet(userId, Permissions.Read), Throws.Nothing);
Assert.That(userRuleSet, Is.Not.Null);
Assert.That(userRuleSet.Key, Is.EqualTo(CryptoHelper.HashValues(new [] { accessRule1.Id, accessRule2.Id, accessRule3.Id }.OrderBy(id => id))));
mockRoles.VerifyAll( );
mockRules.VerifyAll( );
}
private static void Main()
{
// If the binary is a different architecture than the system.
if (Environment.Is64BitOperatingSystem != Environment.Is64BitProcess)
{
MessageBox.Show("You are using the wrong version of CScan for your architecture. Please download the " + (Environment.Is64BitProcess ? "x86" : "x64") + " version of CScan.",
"Architecture Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
Environment.Exit(1);
}
SafeHandle handle = Process.GetCurrentProcess().SafeHandle;
ProcessSecurity manager = new ProcessSecurity(handle);
IdentityReference identityReference = new SecurityIdentifier(WellKnownSidType.WorldSid, null);
int accessMask = (int)ProcessAccessRights.PROCESS_ALL_ACCESS | (int)ProcessAccessRights.PROCESS_QUERY_INFORMATION;
InheritanceFlags inheritanceFlags = InheritanceFlags.None;
PropagationFlags propagationFlags = PropagationFlags.None;
AccessControlType type = AccessControlType.Deny;
AccessRule rule = manager.AccessRuleFactory(identityReference, accessMask, true, inheritanceFlags, propagationFlags, type);
manager.AddAccessRule((ProcessAccessRule)rule);
manager.SaveChanges(handle);
Application.EnableVisualStyles();
Application.SetCompatibleTextRenderingDefault(false);
Application.Run(new Main());
}
public void TestFixtureSetUp()
{
// Create test content
m_home = Sitecore.Context.Database.GetItem("/sitecore/content/home");
using (new SecurityDisabler())
{
try
{
m_home.Paste(File.ReadAllText(HttpContext.Current.Server.MapPath(@"~\test data\blog manager content.xml")), true, PasteMode.Overwrite);
}
catch
{
// this "catch" is used to debug issues with the Paste() method call above
int y = 0;
y++;
}
Initialize();
// Create test user
try
{
var user = Sitecore.Security.Accounts.User.Create("sitecore\\" + TESTUSERNAME, TESTUSERNAME);
Roles.AddUserToRole("sitecore\\" + TESTUSERNAME, "sitecore\\sitecore client authoring");
var accessRule = AccessRule.Create(user, AccessRight.ItemWrite, PropagationType.Any, AccessPermission.Allow);
var accessRules = new AccessRuleCollection();
accessRules.Add(accessRule);
m_blog1.Security.SetAccessRules(accessRules);
}
catch
{
Membership.DeleteUser("sitecore\\" + TESTUSERNAME);
}
}
}
public IEnumerable <AccessRule> GetAcls(string resource, string verb)
{
OrderedList <string, AccessRule> acls = new OrderedList <string, AccessRule>();
foreach (KeyValuePair <string, IAclProvider> provider in GetConcernedProviders(resource))
{
foreach (AccessRule acl in provider.Value.GetAcls(provider.Key == AclManager.ROOT ? resource : resource.Substring(provider.Key.Length), verb))
{
AccessRule computedAcl = null;
switch (acl.Type)
{
case AccessRules.Allow:
computedAcl = new Allow(acl.Resource == AclManager.ROOT ? provider.Key : provider.Key + acl.Resource, acl.Verb, acl.Subject);
break;
case AccessRules.Deny:
computedAcl = new Deny(acl.Resource == AclManager.ROOT ? provider.Key : provider.Key + acl.Resource, acl.Verb, acl.Subject);
break;
}
if (computedAcl != null)
{
acls.Add(computedAcl.Resource, computedAcl);
}
}
}
return(acls);
}
public void TestFixtureSetUp()
{
// Create test content
using (new SecurityDisabler())
{
m_testContentRoot.Paste(File.ReadAllText(HttpContext.Current.Server.MapPath(@"~\test data\blog manager content.xml")), true, PasteMode.Overwrite);
Initialize();
// Create test user
try
{
var user = Sitecore.Security.Accounts.User.Create("sitecore\\" + TESTUSERNAME, TESTUSERNAME);
Roles.AddUserToRole("sitecore\\" + TESTUSERNAME, "sitecore\\sitecore client authoring");
var accessRule = AccessRule.Create(user, AccessRight.ItemWrite, PropagationType.Any, AccessPermission.Allow);
var accessRules = new AccessRuleCollection();
accessRules.Add(accessRule);
m_blog1.Security.SetAccessRules(accessRules);
}
catch
{
Membership.DeleteUser("sitecore\\" + TESTUSERNAME);
}
}
}
public void TestOnDeleteAccessRule()
{
bool success = true;
string subjectName = "Role" + Guid.NewGuid();
string typeName = "Type" + Guid.NewGuid();
string reportName = "Report" + Guid.NewGuid();
var mockAuditLog = new Mock <IAuditLog>(MockBehavior.Strict);
mockAuditLog.Setup(al => al.OnDeleteAccessRule(success, subjectName, typeName, reportName));
var eventTarget = new AuditLogAccessRuleEventTarget(mockAuditLog.Object);
var subject = new Role {
Name = subjectName
};
var type = new EntityType {
Name = typeName
};
var report = new Report {
Name = reportName
};
var accessRule = new AccessRule {
AllowAccessBy = subject.As <Subject>(), ControlAccess = type.As <SecurableEntity>(), AccessRuleReport = report
};
IDictionary <string, object> state = new Dictionary <string, object>();
eventTarget.GatherAuditLogEntityDetailsForDelete(accessRule, state);
eventTarget.WriteDeleteAuditLogEntries(success, accessRule.Id, state);
mockAuditLog.VerifyAll();
}
public void HideCoreEveryoneRoles()
{
IList <AccessRule> accessRules;
Solution consoleSolution;
using (DatabaseContext databaseContext = DatabaseContext.GetContext(true))
using (new SecurityBypassContext())
{
consoleSolution = Entity.Get <Solution>("core:consoleSolution");
accessRules = Entity.GetInstancesOfType <AccessRule>(false, "accessRuleHidden, allowAccess.{alias}, inSolution.{name}, controlAccess.{name}")
.ToList();
foreach (AccessRule accessRule in accessRules)
{
if (accessRule.AllowAccessBy.Alias == "core:everyoneRole" &&
accessRule.InSolution != null && accessRule.InSolution.Name == "ReadiNow Core Data")
{
AccessRule writeableAccessRule = accessRule.AsWritable <AccessRule>();
writeableAccessRule.AccessRuleHidden = true;
if (writeableAccessRule.InSolution == consoleSolution)
{
writeableAccessRule.InSolution = null;
}
Console.Out.WriteLine("Making access rule on type {0} hidden", writeableAccessRule.ControlAccess.Name);
writeableAccessRule.Save();
}
}
databaseContext.CommitTransaction();
}
}
internal string SaveAccessRule(AccessRule rule, string BankCode)
{
try
{
DateTime ModifyDate = DateTime.Now;
//string ModifyDate = CreateDate;
command = CbDatabase.GetStoredProcCommand("AccessRules_Update",
rule.Id,
rule.RuleName,
rule.UserType,
rule.BankCode,
rule.CanAccess,
rule.UserId,
rule.BranchCode,
rule.IsActive,
ModifyDate,
rule.ModifiedBy
);
DataTable datatable = CbDatabase.ExecuteDataSet(command).Tables[0];
return(datatable.Rows[0][0].ToString());
}
catch (Exception ex)
{
throw ex;
}
}
protected override bool ModifyAccess(AccessControlModification modification,
AccessRule rule, out bool modified)
{
modify_access_called = true;
modify_access_called_count++;
return(base.ModifyAccess(modification, rule, out modified));
}
public BaseObject GetById(string className, string objectId, string bankCode, string Password)
{
BaseObject result = new BaseObject();
if (string.IsNullOrEmpty(className))
{
return(result);
}
else if (string.IsNullOrEmpty(objectId))
{
return(result);
}
else if (className.ToUpper() == "BANKUSER")
{
result = GetBankUser(objectId, bankCode, Password);
return(result);
}
else if (className.ToUpper() == "BANK")
{
result = dh.GetBankById(objectId);
return(result);
}
else if (className.ToUpper() == "USERTYPE")
{
UserType user = dh.GetUserTypeById(objectId, bankCode);
result = user;
return(result);
}
else if (className.ToUpper() == "TRANSACTIONCATEGORY")
{
TransactionCategory category = dh.GetTransactionCategoryById(objectId, bankCode);
result = category;
return(result);
}
else if (className.ToUpper() == "BANKACCOUNT")
{
BankAccount category = dh.GetBankAccountById(objectId, bankCode);
result = category;
return(result);
}
else if (className.ToUpper() == "ACCOUNTTYPE")
{
AccountType category = dh.GetAccountTypeById(objectId, bankCode);
result = category;
return(result);
}
else if (className.ToUpper() == "ACCESSRULE")
{
AccessRule rule = dh.GetAccessRuleById(objectId, bankCode);
result = rule;
return(result);
}
else
{
return(result);
}
}
/// <summary>
/// Creates the memory mapped file used for storage info synchronization
/// </summary>
/// <returns>Memory mapped file</returns>
protected virtual MemoryMappedFile CreateMemoryMappedFile()
{
var security = new MemoryMappedFileSecurity();
var rule = new AccessRule <MemoryMappedFileRights>(new SecurityIdentifier(WellKnownSidType.WorldSid, null), MemoryMappedFileRights.FullControl, AccessControlType.Allow);
security.AddAccessRule(rule);
return(MemoryMappedFile.CreateOrOpen($"{(IsGlobal ? "Global\\" : "")}BlobStorage-{Id}-Info", 25 * 1024 * 1024, MemoryMappedFileAccess.ReadWrite, MemoryMappedFileOptions.None, security, HandleInheritability.None));
}
public static bool HasLocalAces(AuthorizationRuleCollection rules)
{
bool res = false;
AccessRule locaACE = rules.Cast <AccessRule>().FirstOrDefault(a => a.IsInherited == false);
res = (locaACE == null ? false : true);
return(res);
}
public void Visit(ScheduledAccessRule rule)
{
var schedule = new WeeklySchedule(rule.TimeZone);
rule.Entries.ForEach(x => schedule.DailyTimeRange.Add(x.Day, new TimeRange(x.FromTime, x.ToTime)));
var dto = AccessRule.Scheduled(rule.AccessPoint.AccessPointId, schedule);
Scheduled.Add(dto);
}
public AccessRule CreateNewAccessRule()
{
var entity = new AccessRule();
entity.Identity = ProvideRandomString(MaxLength.Name);
entity.AccessLevel = ProvideRandomEnumValue <AccessLevel>();
return(entity);
}
private void AddSystemHighRules(Configuration config)
{
AccessRule systemHighaccessRule;
var allModuleNames = config.GetAllModules().Select(module => module.FriendlyName());
foreach (string moduleName in allModuleNames)
{
systemHighaccessRule = new AccessRule();
systemHighaccessRule.ModuleName = moduleName;
systemHighaccessRule.RuleName = Constants.SystemHigh;
systemHighaccessRule.UserGroup = Constants.SystemHigh;
systemHighaccessRule.AccessMode = AccessMode.Allow;
systemHighaccessRule.DeviceList = new List <string> {
"*"
};
systemHighaccessRule.TimeList = new List <TimeOfWeek> {
new TimeOfWeek(-1, 0, 2400)
};
systemHighaccessRule.Priority = 0;
AddAccessRule(systemHighaccessRule);
}
// Adding systemhigh access rules for "platform-based" modules GuiWeb and GuiWebSec
systemHighaccessRule = new AccessRule();
systemHighaccessRule.RuleName = Constants.SystemHigh;
systemHighaccessRule.UserGroup = Constants.SystemHigh;
systemHighaccessRule.AccessMode = AccessMode.Allow;
systemHighaccessRule.DeviceList = new List <string> {
"*"
};
systemHighaccessRule.TimeList = new List <TimeOfWeek> {
new TimeOfWeek(-1, 0, 2400)
};
systemHighaccessRule.Priority = 0;
systemHighaccessRule.ModuleName = Constants.GuiServiceSuffixWeb;
AddAccessRule(systemHighaccessRule);
systemHighaccessRule.ModuleName = Constants.GuiServiceSuffixWebSec;
AddAccessRule(systemHighaccessRule);
// Adding systemhigh access rules for scouts
systemHighaccessRule = new AccessRule();
systemHighaccessRule.RuleName = Constants.SystemHigh;
systemHighaccessRule.UserGroup = Constants.SystemHigh;
systemHighaccessRule.AccessMode = AccessMode.Allow;
systemHighaccessRule.DeviceList = new List <string> {
"*"
};
systemHighaccessRule.TimeList = new List <TimeOfWeek> {
new TimeOfWeek(-1, 0, 2400)
};
systemHighaccessRule.Priority = 0;
systemHighaccessRule.ModuleName = Constants.ScoutsSuffixWeb;
AddAccessRule(systemHighaccessRule);
}
public void WillFailFailsUsingFactoryOnGetter()
{
WillFailSecurity security = new WillFailSecurity();
SecurityIdentifier id = new SecurityIdentifier(WellKnownSidType.WorldSid, null);
AccessRule <WillFailRights> rule = (AccessRule <WillFailRights>)
security.AccessRuleFactory(id, 1, false,
InheritanceFlags.None, PropagationFlags.None,
AccessControlType.Allow);
WillFailRights rights = rule.Rights;
}
public void AccessRule_Constructor(string sid, int accessMask, bool isInherited, int inheritanceFlags, int propagationFlags, int accessControlType)
{
IdentityReference identityReference = new SecurityIdentifier(sid);
AccessRule accessRule = Constructor(identityReference, accessMask, isInherited, (InheritanceFlags)inheritanceFlags, (PropagationFlags)propagationFlags, (AccessControlType)accessControlType);
Assert.Equal(identityReference, accessRule.IdentityReference);
Assert.Equal((InheritanceFlags)inheritanceFlags, accessRule.InheritanceFlags);
Assert.Equal((PropagationFlags)propagationFlags, accessRule.PropagationFlags);
Assert.Equal((AccessControlType)accessControlType, accessRule.AccessControlType);
}
protected virtual AccessRuleCollection BuildAccessRuleCollection(Account account, bool hasAccess)
{
var collection = new AccessRuleCollection();
// Add read and write item permission, if the user or user group has access.
collection.Add(AccessRule.Create(account, AccessRight.ItemRead, PropagationType.Any, hasAccess ? SecurityPermission.AllowAccess : SecurityPermission.DenyAccess));
collection.Add(AccessRule.Create(account, AccessRight.ItemWrite, PropagationType.Any, hasAccess ? SecurityPermission.AllowAccess : SecurityPermission.DenyAccess));
return(collection);
}
public void WillWorkOKUsingConstructor()
{
SecurityIdentifier id = new SecurityIdentifier(WellKnownSidType.WorldSid, null);
AccessRule <WillWorkRights> rule = new AccessRule <WillWorkRights> (id, WillWorkRights.Value,
AccessControlType.Allow);
Assert.AreEqual(rule.AccessControlType, AccessControlType.Allow);
Assert.AreEqual(rule.IdentityReference, id);
Assert.AreEqual(rule.Rights, WillWorkRights.Value);
}
public Result SaveAccessRule(AccessRule rule, string BankCode)
{
Result result = new Result();
result.RequestId = rule.Id;
string Id = dh.SaveAccessRule(rule, BankCode);
result.StatusCode = "0";
result.StatusDesc = "SUCCESS";
result.PegPayId = Id;
return(result);
}
protected override void ProcessRecord()
{
if (!this.TryParseAccessRight(AccessRight, out var accessRight))
{
return;
}
var account = this.GetAccountFromIdentity(Identity);
var accessRule = AccessRule.Create(account, accessRight, PropagationType, SecurityPermission);
WriteObject(accessRule);
}
protected virtual void FillAccessRules(AccessRuleCollection rules, DbItemAccess itemAccess, AccessRight accessRight, Func <DbItemAccess, bool?> canAct)
{
var canActRest = canAct(itemAccess);
if (canActRest == null)
{
return;
}
var permission = (bool)canActRest ? SecurityPermission.AllowAccess : SecurityPermission.DenyAccess;
rules.Add(AccessRule.Create(Context.User, accessRight, PropagationType.Entity, permission));
}
public Result SaveAccessRule(AccessRule rule, string BankCode)
{
Result result = new Result();
result.RequestId = rule.Id;
LogChangesInAuditLog(rule, rule.RuleName, rule.BankCode, rule.ModifiedBy);
string Id = dh.SaveAccessRule(rule, BankCode);
result.StatusCode = "0";
result.StatusDesc = "SUCCESS";
result.PegPayId = Id;
return(result);
}
public void MoveWorkItem(WorkGroup fromWorkGroup, WorkGroup toWorkGroup, Organization oe)
{
Util.WriteMethodInfoToConsole();
ProcessInstance PI = null;
List <AccessRule> Rules = new List <AccessRule>();
AccessRule arRead = new AccessRule(session, CCD.Domea.Fw.Base.AccessType.Read, RuleType.SpecificOrganization, oe);
AccessRule arWrite = new AccessRule(session, CCD.Domea.Fw.Base.AccessType.Write, RuleType.SpecificOrganization, oe);
//Rules.Add(new AccessRule(session, CCD.Domea.Fw.Base.AccessType.Read, RuleType.SpecificOrganization, oe));
//Rules.Add(new AccessRule(session, CCD.Domea.Fw.Base.AccessType.Write, RuleType.SpecificOrganization, oe));
counter = 0;
sWatchMovePI = new Stopwatch();
foreach (WorkItem wi in fromWorkGroup.GetWorkItems())
{
try
{
sWatchMovePI.Reset();
sWatchMovePI.Start();
counter = counter + 1;
PI = wi.GetProcessInstance();
HConsole.WriteLine(">> Verschieben des Aktes " + PI.Name + " beginnt...");
Rules.Clear();
Rules.AddRange(PI.GetAccessRules(CCD.Domea.Fw.Base.AccessType.Read));
Rules.Add(arRead);
Rules.AddRange(PI.GetAccessRules(CCD.Domea.Fw.Base.AccessType.Write));
Rules.Add(arWrite);
PI.SetActiveWorkItem(wi);
PI.SetLock(ProcessInstanceLockLevel.Whole);
wi.WriteHistoryLogEvent(30, "Start BIG Changes 2.0", new HistoryLogEventType(session, 99));
PI.SetCustomAttribute("CSVERANTWOE", oe.Id.ToString());
PI.AssignAccessRules(Rules.ToArray(), true);
PI.Update();
wi.SetLock(WorkItemLockLevel.WorkItem);
wi.DelegateTo(toWorkGroup);
wi.ReleaseLock(WorkItemLockLevel.WorkItem);
wi.WriteHistoryLogEvent(30, "BIG Changes 2.0 erfolgreich durchgeführt", new HistoryLogEventType(session, 99));
PI.ReleaseLock(ProcessInstanceLockLevel.Whole);
sWatchMovePI.Stop();
HConsole.WriteLine(">> Verschieben des Aktes " + PI.Name + " abgeschlossen... (Zähler: " + counter + " / Stopwatch: " + sWatchMovePI.Elapsed.ToString("ss\\.ff") + ")");
}
catch (Exception ex)
{
HConsole.WriteError(ex);
}
}
}
private AccessRule GetAccessRuleDetails()
{
AccessRule rule = new AccessRule();
rule.BankCode = ddBank.SelectedValue;
rule.BranchCode = ddBankBranch.SelectedValue;
rule.CanAccess = txtAllowedAreas.Text;
rule.Id = "";
rule.IsActive = ddIsActive.Text;
rule.ModifiedBy = user.Id;
rule.RuleName = txtRuleName.Text;
rule.UserId = txtUserId.Text;
rule.UserType = ddUserType.SelectedValue;
return(rule);
}
public void WillWorkOKUsingAccessFactory()
{
WillWorkSecurity security = new WillWorkSecurity();
SecurityIdentifier id = new SecurityIdentifier(WellKnownSidType.WorldSid, null);
AccessRule <WillWorkRights> rule = (AccessRule <WillWorkRights>)
security.AccessRuleFactory(id, 1, false,
InheritanceFlags.None, PropagationFlags.None,
AccessControlType.Allow);
Assert.AreEqual(rule.AccessControlType, AccessControlType.Allow);
Assert.AreEqual(rule.IdentityReference, id);
Assert.AreEqual(rule.InheritanceFlags, InheritanceFlags.None);
Assert.AreEqual(rule.PropagationFlags, PropagationFlags.None);
Assert.AreEqual(rule.Rights, WillWorkRights.Value);
}
public void TestOnChangeAccessRulePermissions()
{
bool success = true;
string subjectName = "Role" + Guid.NewGuid();
string typeName = "Type" + Guid.NewGuid();
string reportName = "Report" + Guid.NewGuid();
var read = Entity.Get <Permission>("read");
var delete = Entity.Get <Permission>("delete");
ISet <string> oldPerm = new SortedSet <string> {
read.Name
};
ISet <string> newPerm = new SortedSet <string> {
read.Name, delete.Name
};
var mockAuditLog = new Mock <IAuditLog>(MockBehavior.Strict);
mockAuditLog.Setup(al => al.OnChangeAccessRulePermissions(success, subjectName, typeName, reportName, It.Is <ISet <string> >(p => oldPerm.SetEquals(p)), It.Is <ISet <string> >(p => newPerm.SetEquals(p))));
var eventTarget = new AuditLogAccessRuleEventTarget(mockAuditLog.Object);
var subject = new Role {
Name = subjectName
};
var type = new EntityType {
Name = typeName
};
var report = new Report {
Name = reportName
};
var accessRule = new AccessRule {
AllowAccessBy = subject.As <Subject>(), ControlAccess = type.As <SecurableEntity>(), AccessRuleReport = report
};
accessRule.PermissionAccess.Add(read);
accessRule.Save();
// Change permissions
accessRule.PermissionAccess.Add(delete);
IDictionary <string, object> state = new Dictionary <string, object>();
eventTarget.GatherAuditLogEntityDetailsForSave(accessRule, state);
eventTarget.WriteSaveAuditLogEntries(success, accessRule.Id, state);
mockAuditLog.VerifyAll();
}
protected virtual AccessRuleCollection BuildAccessRuleCollectionFull(Account account, bool hasAccess)
{
var collection = new AccessRuleCollection();
// Add read and write item permission, if the user or user group has access.
collection.Add(AccessRule.Create(account, AccessRight.ItemRead, PropagationType.Any, hasAccess ? SecurityPermission.AllowAccess : SecurityPermission.DenyAccess));
collection.Add(AccessRule.Create(account, AccessRight.ItemWrite, PropagationType.Any, hasAccess ? SecurityPermission.AllowAccess : SecurityPermission.DenyAccess));
// Deny all other rights besides Read and Write. These permissions will be inherited for the Catalogs and Categories.
collection.Add(AccessRule.Create(account, AccessRight.ItemAdmin, PropagationType.Any, SecurityPermission.DenyAccess));
collection.Add(AccessRule.Create(account, AccessRight.ItemCreate, PropagationType.Any, SecurityPermission.DenyAccess));
collection.Add(AccessRule.Create(account, AccessRight.ItemDelete, PropagationType.Any, SecurityPermission.DenyAccess));
collection.Add(AccessRule.Create(account, AccessRight.ItemRename, PropagationType.Any, SecurityPermission.DenyAccess));
return(collection);
}
protected void SetAccessRule(AccessRule rule);
protected void RemoveAccessRuleSpecific(AccessRule rule);
protected void ResetAccessRule(AccessRule rule);
protected bool RemoveAccessRule(AccessRule rule);
protected void RemoveAccessRuleAll(AccessRule rule);
protected override bool ModifyAccess(AccessControlModification modification, AccessRule rule, out bool modified);
protected void AddAccessRule(AccessRule rule);
protected abstract bool ModifyAccess(AccessControlModification modification, AccessRule rule, out bool modified);
public virtual bool ModifyAccessRule(AccessControlModification modification, AccessRule ruleout , System.Boolean& modified) {}
public static void RemoveSecurityRule(this Item item, AccessRule right, bool checkSecurity = false)
{
Assert.IsNotNull(item, "item cannot be null");
var state = SecurityState.Enabled;
if (!checkSecurity) state = SecurityState.Disabled;
using (new SecurityStateSwitcher(state))
{
var accessRules = item.Security.GetAccessRules();
accessRules.Remove(right);
item.Security.SetAccessRules(accessRules);
}
}
public virtual bool ModifyAccessRule(AccessControlModification modification, AccessRule rule, out bool modified);
private void ReadLines(string[] lines)
{
GlobalAccessRules = new List<AccessRule>();
SpecificAccessRules = new List<AccessRule>();
CrawlDelayRules = new List<CrawlDelayRule>();
Sitemaps = new List<Sitemap>();
string userAgent = String.Empty;
int ruleCount = 0;
for (int i = 0; i < lines.Length; i++) {
var line = lines[i];
var robotsLine = new Line(line);
switch (robotsLine.Type) {
case LineType.Comment: //ignore the comments
continue;
case LineType.UserAgent:
userAgent = robotsLine.Value;
continue;
case LineType.Sitemap:
Sitemaps.Add(Sitemap.FromLine(robotsLine));
continue;
case LineType.AccessRule:
case LineType.CrawlDelayRule:
if (String.IsNullOrEmpty(userAgent)) { //if there's a rule without user-agent declaration, ignore it
Malformed = true;
continue;
}
if (robotsLine.Type == LineType.AccessRule) {
var accessRule = new AccessRule(userAgent, robotsLine, ++ruleCount);
if (accessRule.For.Equals("*")) {
GlobalAccessRules.Add(accessRule);
}
else {
SpecificAccessRules.Add(accessRule);
}
if (!accessRule.Allowed && !String.IsNullOrEmpty(accessRule.Path)) {
// We say !String.IsNullOrEmpty(x.Path) because the rule "Disallow: " means nothing is disallowed.
IsAnyPathDisallowed = true;
}
}
else {
CrawlDelayRules.Add(new CrawlDelayRule(userAgent, robotsLine, ++ruleCount));
}
HasRules = true;
continue;
case LineType.Unknown:
Malformed = true;
continue;
}
}
}
