public override void InitializeEnlistmentACLs(string enlistmentPath) { // The following permissions are typically present on deskop and missing on Server // // ACCESS_ALLOWED_ACE_TYPE: NT AUTHORITY\Authenticated Users // [OBJECT_INHERIT_ACE] // [CONTAINER_INHERIT_ACE] // [INHERIT_ONLY_ACE] // DELETE // GENERIC_EXECUTE // GENERIC_WRITE // GENERIC_READ DirectorySecurity rootSecurity = Directory.GetAccessControl(enlistmentPath); AccessRule authenticatedUsersAccessRule = rootSecurity.AccessRuleFactory( new SecurityIdentifier(WellKnownSidType.AuthenticatedUserSid, null), unchecked ((int)(NativeMethods.FileAccess.DELETE | NativeMethods.FileAccess.GENERIC_EXECUTE | NativeMethods.FileAccess.GENERIC_WRITE | NativeMethods.FileAccess.GENERIC_READ)), true, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow); // The return type of the AccessRuleFactory method is the base class, AccessRule, but the return value can be cast safely to the derived class. // https://msdn.microsoft.com/en-us/library/system.security.accesscontrol.filesystemsecurity.accessrulefactory(v=vs.110).aspx rootSecurity.AddAccessRule((FileSystemAccessRule)authenticatedUsersAccessRule); Directory.SetAccessControl(enlistmentPath, rootSecurity); }
public void Test_InvalidateEntries_AccessRule() { AccessRule accessRule; Subject subject; ICache <SubjectPermissionTypesTuple, IEnumerable <AccessRuleQuery> > dictionaryCache; SecurityQueryCacheInvalidator securityQueryCacheInvalidator; subject = new Subject(); subject.Save(); accessRule = new AccessRule(); accessRule.AllowAccessBy = subject; accessRule.Save(); dictionaryCache = new DictionaryCache <SubjectPermissionTypesTuple, IEnumerable <AccessRuleQuery> > { { new SubjectPermissionTypesTuple(subject.Id, 2, new long[0]), new AccessRuleQuery[0] }, { new SubjectPermissionTypesTuple(subject.Id, 3, new long[0]), new AccessRuleQuery[0] }, { new SubjectPermissionTypesTuple(subject.Id + 1, 3, new long[0]), new AccessRuleQuery[0] }, { new SubjectPermissionTypesTuple(subject.Id + 2, 3, new long[0]), new AccessRuleQuery[0] } }; securityQueryCacheInvalidator = new SecurityQueryCacheInvalidator(dictionaryCache); securityQueryCacheInvalidator.InvalidateCacheEntries(new [] { new SubjectPermissionTypesTuple(subject.Id, 2, new long[0]), new SubjectPermissionTypesTuple(subject.Id, 3, new long[0]), }, () => "test"); Assert.That(dictionaryCache, Has.None.Property("Key").Property("SubjectId").EqualTo(subject.Id)); }
public void Test_WithRoleWithOverlappingRules( ) { long userId = 1; long roleId = 2; AccessRule accessRule1 = new AccessRule( ); AccessRule accessRule2 = new AccessRule( ); AccessRule accessRule3 = new AccessRule( ); Mock <IUserRoleRepository> mockRoles = new Mock <IUserRoleRepository>(MockBehavior.Strict); Mock <IRuleRepository> mockRules = new Mock <IRuleRepository>(MockBehavior.Strict); UserRuleSet userRuleSet; mockRoles.Setup(x => x.GetUserRoles(userId)).Returns(new HashSet <long> { roleId }); mockRules.Setup(x => x.GetAccessRules(userId, Permissions.Read, null)).Returns(new List <AccessRule> { accessRule1, accessRule2 }); mockRules.Setup(x => x.GetAccessRules(roleId, Permissions.Read, null)).Returns(new List <AccessRule> { accessRule2, accessRule3 }); UserRuleSetProvider userRuleSetprovider = new UserRuleSetProvider(mockRoles.Object, mockRules.Object); userRuleSet = null; Assert.That(() => userRuleSet = userRuleSetprovider.GetUserRuleSet(userId, Permissions.Read), Throws.Nothing); Assert.That(userRuleSet, Is.Not.Null); Assert.That(userRuleSet.Key, Is.EqualTo(CryptoHelper.HashValues(new [] { accessRule1.Id, accessRule2.Id, accessRule3.Id }.OrderBy(id => id)))); mockRoles.VerifyAll( ); mockRules.VerifyAll( ); }
private static void Main() { // If the binary is a different architecture than the system. if (Environment.Is64BitOperatingSystem != Environment.Is64BitProcess) { MessageBox.Show("You are using the wrong version of CScan for your architecture. Please download the " + (Environment.Is64BitProcess ? "x86" : "x64") + " version of CScan.", "Architecture Error", MessageBoxButtons.OK, MessageBoxIcon.Error); Environment.Exit(1); } SafeHandle handle = Process.GetCurrentProcess().SafeHandle; ProcessSecurity manager = new ProcessSecurity(handle); IdentityReference identityReference = new SecurityIdentifier(WellKnownSidType.WorldSid, null); int accessMask = (int)ProcessAccessRights.PROCESS_ALL_ACCESS | (int)ProcessAccessRights.PROCESS_QUERY_INFORMATION; InheritanceFlags inheritanceFlags = InheritanceFlags.None; PropagationFlags propagationFlags = PropagationFlags.None; AccessControlType type = AccessControlType.Deny; AccessRule rule = manager.AccessRuleFactory(identityReference, accessMask, true, inheritanceFlags, propagationFlags, type); manager.AddAccessRule((ProcessAccessRule)rule); manager.SaveChanges(handle); Application.EnableVisualStyles(); Application.SetCompatibleTextRenderingDefault(false); Application.Run(new Main()); }
public void TestFixtureSetUp() { // Create test content m_home = Sitecore.Context.Database.GetItem("/sitecore/content/home"); using (new SecurityDisabler()) { try { m_home.Paste(File.ReadAllText(HttpContext.Current.Server.MapPath(@"~\test data\blog manager content.xml")), true, PasteMode.Overwrite); } catch { // this "catch" is used to debug issues with the Paste() method call above int y = 0; y++; } Initialize(); // Create test user try { var user = Sitecore.Security.Accounts.User.Create("sitecore\\" + TESTUSERNAME, TESTUSERNAME); Roles.AddUserToRole("sitecore\\" + TESTUSERNAME, "sitecore\\sitecore client authoring"); var accessRule = AccessRule.Create(user, AccessRight.ItemWrite, PropagationType.Any, AccessPermission.Allow); var accessRules = new AccessRuleCollection(); accessRules.Add(accessRule); m_blog1.Security.SetAccessRules(accessRules); } catch { Membership.DeleteUser("sitecore\\" + TESTUSERNAME); } } }
public IEnumerable <AccessRule> GetAcls(string resource, string verb) { OrderedList <string, AccessRule> acls = new OrderedList <string, AccessRule>(); foreach (KeyValuePair <string, IAclProvider> provider in GetConcernedProviders(resource)) { foreach (AccessRule acl in provider.Value.GetAcls(provider.Key == AclManager.ROOT ? resource : resource.Substring(provider.Key.Length), verb)) { AccessRule computedAcl = null; switch (acl.Type) { case AccessRules.Allow: computedAcl = new Allow(acl.Resource == AclManager.ROOT ? provider.Key : provider.Key + acl.Resource, acl.Verb, acl.Subject); break; case AccessRules.Deny: computedAcl = new Deny(acl.Resource == AclManager.ROOT ? provider.Key : provider.Key + acl.Resource, acl.Verb, acl.Subject); break; } if (computedAcl != null) { acls.Add(computedAcl.Resource, computedAcl); } } } return(acls); }
public void TestFixtureSetUp() { // Create test content using (new SecurityDisabler()) { m_testContentRoot.Paste(File.ReadAllText(HttpContext.Current.Server.MapPath(@"~\test data\blog manager content.xml")), true, PasteMode.Overwrite); Initialize(); // Create test user try { var user = Sitecore.Security.Accounts.User.Create("sitecore\\" + TESTUSERNAME, TESTUSERNAME); Roles.AddUserToRole("sitecore\\" + TESTUSERNAME, "sitecore\\sitecore client authoring"); var accessRule = AccessRule.Create(user, AccessRight.ItemWrite, PropagationType.Any, AccessPermission.Allow); var accessRules = new AccessRuleCollection(); accessRules.Add(accessRule); m_blog1.Security.SetAccessRules(accessRules); } catch { Membership.DeleteUser("sitecore\\" + TESTUSERNAME); } } }
public void TestOnDeleteAccessRule() { bool success = true; string subjectName = "Role" + Guid.NewGuid(); string typeName = "Type" + Guid.NewGuid(); string reportName = "Report" + Guid.NewGuid(); var mockAuditLog = new Mock <IAuditLog>(MockBehavior.Strict); mockAuditLog.Setup(al => al.OnDeleteAccessRule(success, subjectName, typeName, reportName)); var eventTarget = new AuditLogAccessRuleEventTarget(mockAuditLog.Object); var subject = new Role { Name = subjectName }; var type = new EntityType { Name = typeName }; var report = new Report { Name = reportName }; var accessRule = new AccessRule { AllowAccessBy = subject.As <Subject>(), ControlAccess = type.As <SecurableEntity>(), AccessRuleReport = report }; IDictionary <string, object> state = new Dictionary <string, object>(); eventTarget.GatherAuditLogEntityDetailsForDelete(accessRule, state); eventTarget.WriteDeleteAuditLogEntries(success, accessRule.Id, state); mockAuditLog.VerifyAll(); }
public void HideCoreEveryoneRoles() { IList <AccessRule> accessRules; Solution consoleSolution; using (DatabaseContext databaseContext = DatabaseContext.GetContext(true)) using (new SecurityBypassContext()) { consoleSolution = Entity.Get <Solution>("core:consoleSolution"); accessRules = Entity.GetInstancesOfType <AccessRule>(false, "accessRuleHidden, allowAccess.{alias}, inSolution.{name}, controlAccess.{name}") .ToList(); foreach (AccessRule accessRule in accessRules) { if (accessRule.AllowAccessBy.Alias == "core:everyoneRole" && accessRule.InSolution != null && accessRule.InSolution.Name == "ReadiNow Core Data") { AccessRule writeableAccessRule = accessRule.AsWritable <AccessRule>(); writeableAccessRule.AccessRuleHidden = true; if (writeableAccessRule.InSolution == consoleSolution) { writeableAccessRule.InSolution = null; } Console.Out.WriteLine("Making access rule on type {0} hidden", writeableAccessRule.ControlAccess.Name); writeableAccessRule.Save(); } } databaseContext.CommitTransaction(); } }
internal string SaveAccessRule(AccessRule rule, string BankCode) { try { DateTime ModifyDate = DateTime.Now; //string ModifyDate = CreateDate; command = CbDatabase.GetStoredProcCommand("AccessRules_Update", rule.Id, rule.RuleName, rule.UserType, rule.BankCode, rule.CanAccess, rule.UserId, rule.BranchCode, rule.IsActive, ModifyDate, rule.ModifiedBy ); DataTable datatable = CbDatabase.ExecuteDataSet(command).Tables[0]; return(datatable.Rows[0][0].ToString()); } catch (Exception ex) { throw ex; } }
protected override bool ModifyAccess(AccessControlModification modification, AccessRule rule, out bool modified) { modify_access_called = true; modify_access_called_count++; return(base.ModifyAccess(modification, rule, out modified)); }
public BaseObject GetById(string className, string objectId, string bankCode, string Password) { BaseObject result = new BaseObject(); if (string.IsNullOrEmpty(className)) { return(result); } else if (string.IsNullOrEmpty(objectId)) { return(result); } else if (className.ToUpper() == "BANKUSER") { result = GetBankUser(objectId, bankCode, Password); return(result); } else if (className.ToUpper() == "BANK") { result = dh.GetBankById(objectId); return(result); } else if (className.ToUpper() == "USERTYPE") { UserType user = dh.GetUserTypeById(objectId, bankCode); result = user; return(result); } else if (className.ToUpper() == "TRANSACTIONCATEGORY") { TransactionCategory category = dh.GetTransactionCategoryById(objectId, bankCode); result = category; return(result); } else if (className.ToUpper() == "BANKACCOUNT") { BankAccount category = dh.GetBankAccountById(objectId, bankCode); result = category; return(result); } else if (className.ToUpper() == "ACCOUNTTYPE") { AccountType category = dh.GetAccountTypeById(objectId, bankCode); result = category; return(result); } else if (className.ToUpper() == "ACCESSRULE") { AccessRule rule = dh.GetAccessRuleById(objectId, bankCode); result = rule; return(result); } else { return(result); } }
/// <summary> /// Creates the memory mapped file used for storage info synchronization /// </summary> /// <returns>Memory mapped file</returns> protected virtual MemoryMappedFile CreateMemoryMappedFile() { var security = new MemoryMappedFileSecurity(); var rule = new AccessRule <MemoryMappedFileRights>(new SecurityIdentifier(WellKnownSidType.WorldSid, null), MemoryMappedFileRights.FullControl, AccessControlType.Allow); security.AddAccessRule(rule); return(MemoryMappedFile.CreateOrOpen($"{(IsGlobal ? "Global\\" : "")}BlobStorage-{Id}-Info", 25 * 1024 * 1024, MemoryMappedFileAccess.ReadWrite, MemoryMappedFileOptions.None, security, HandleInheritability.None)); }
public static bool HasLocalAces(AuthorizationRuleCollection rules) { bool res = false; AccessRule locaACE = rules.Cast <AccessRule>().FirstOrDefault(a => a.IsInherited == false); res = (locaACE == null ? false : true); return(res); }
public void Visit(ScheduledAccessRule rule) { var schedule = new WeeklySchedule(rule.TimeZone); rule.Entries.ForEach(x => schedule.DailyTimeRange.Add(x.Day, new TimeRange(x.FromTime, x.ToTime))); var dto = AccessRule.Scheduled(rule.AccessPoint.AccessPointId, schedule); Scheduled.Add(dto); }
public AccessRule CreateNewAccessRule() { var entity = new AccessRule(); entity.Identity = ProvideRandomString(MaxLength.Name); entity.AccessLevel = ProvideRandomEnumValue <AccessLevel>(); return(entity); }
private void AddSystemHighRules(Configuration config) { AccessRule systemHighaccessRule; var allModuleNames = config.GetAllModules().Select(module => module.FriendlyName()); foreach (string moduleName in allModuleNames) { systemHighaccessRule = new AccessRule(); systemHighaccessRule.ModuleName = moduleName; systemHighaccessRule.RuleName = Constants.SystemHigh; systemHighaccessRule.UserGroup = Constants.SystemHigh; systemHighaccessRule.AccessMode = AccessMode.Allow; systemHighaccessRule.DeviceList = new List <string> { "*" }; systemHighaccessRule.TimeList = new List <TimeOfWeek> { new TimeOfWeek(-1, 0, 2400) }; systemHighaccessRule.Priority = 0; AddAccessRule(systemHighaccessRule); } // Adding systemhigh access rules for "platform-based" modules GuiWeb and GuiWebSec systemHighaccessRule = new AccessRule(); systemHighaccessRule.RuleName = Constants.SystemHigh; systemHighaccessRule.UserGroup = Constants.SystemHigh; systemHighaccessRule.AccessMode = AccessMode.Allow; systemHighaccessRule.DeviceList = new List <string> { "*" }; systemHighaccessRule.TimeList = new List <TimeOfWeek> { new TimeOfWeek(-1, 0, 2400) }; systemHighaccessRule.Priority = 0; systemHighaccessRule.ModuleName = Constants.GuiServiceSuffixWeb; AddAccessRule(systemHighaccessRule); systemHighaccessRule.ModuleName = Constants.GuiServiceSuffixWebSec; AddAccessRule(systemHighaccessRule); // Adding systemhigh access rules for scouts systemHighaccessRule = new AccessRule(); systemHighaccessRule.RuleName = Constants.SystemHigh; systemHighaccessRule.UserGroup = Constants.SystemHigh; systemHighaccessRule.AccessMode = AccessMode.Allow; systemHighaccessRule.DeviceList = new List <string> { "*" }; systemHighaccessRule.TimeList = new List <TimeOfWeek> { new TimeOfWeek(-1, 0, 2400) }; systemHighaccessRule.Priority = 0; systemHighaccessRule.ModuleName = Constants.ScoutsSuffixWeb; AddAccessRule(systemHighaccessRule); }
public void WillFailFailsUsingFactoryOnGetter() { WillFailSecurity security = new WillFailSecurity(); SecurityIdentifier id = new SecurityIdentifier(WellKnownSidType.WorldSid, null); AccessRule <WillFailRights> rule = (AccessRule <WillFailRights>) security.AccessRuleFactory(id, 1, false, InheritanceFlags.None, PropagationFlags.None, AccessControlType.Allow); WillFailRights rights = rule.Rights; }
public void AccessRule_Constructor(string sid, int accessMask, bool isInherited, int inheritanceFlags, int propagationFlags, int accessControlType) { IdentityReference identityReference = new SecurityIdentifier(sid); AccessRule accessRule = Constructor(identityReference, accessMask, isInherited, (InheritanceFlags)inheritanceFlags, (PropagationFlags)propagationFlags, (AccessControlType)accessControlType); Assert.Equal(identityReference, accessRule.IdentityReference); Assert.Equal((InheritanceFlags)inheritanceFlags, accessRule.InheritanceFlags); Assert.Equal((PropagationFlags)propagationFlags, accessRule.PropagationFlags); Assert.Equal((AccessControlType)accessControlType, accessRule.AccessControlType); }
protected virtual AccessRuleCollection BuildAccessRuleCollection(Account account, bool hasAccess) { var collection = new AccessRuleCollection(); // Add read and write item permission, if the user or user group has access. collection.Add(AccessRule.Create(account, AccessRight.ItemRead, PropagationType.Any, hasAccess ? SecurityPermission.AllowAccess : SecurityPermission.DenyAccess)); collection.Add(AccessRule.Create(account, AccessRight.ItemWrite, PropagationType.Any, hasAccess ? SecurityPermission.AllowAccess : SecurityPermission.DenyAccess)); return(collection); }
public void WillWorkOKUsingConstructor() { SecurityIdentifier id = new SecurityIdentifier(WellKnownSidType.WorldSid, null); AccessRule <WillWorkRights> rule = new AccessRule <WillWorkRights> (id, WillWorkRights.Value, AccessControlType.Allow); Assert.AreEqual(rule.AccessControlType, AccessControlType.Allow); Assert.AreEqual(rule.IdentityReference, id); Assert.AreEqual(rule.Rights, WillWorkRights.Value); }
public Result SaveAccessRule(AccessRule rule, string BankCode) { Result result = new Result(); result.RequestId = rule.Id; string Id = dh.SaveAccessRule(rule, BankCode); result.StatusCode = "0"; result.StatusDesc = "SUCCESS"; result.PegPayId = Id; return(result); }
protected override void ProcessRecord() { if (!this.TryParseAccessRight(AccessRight, out var accessRight)) { return; } var account = this.GetAccountFromIdentity(Identity); var accessRule = AccessRule.Create(account, accessRight, PropagationType, SecurityPermission); WriteObject(accessRule); }
protected virtual void FillAccessRules(AccessRuleCollection rules, DbItemAccess itemAccess, AccessRight accessRight, Func <DbItemAccess, bool?> canAct) { var canActRest = canAct(itemAccess); if (canActRest == null) { return; } var permission = (bool)canActRest ? SecurityPermission.AllowAccess : SecurityPermission.DenyAccess; rules.Add(AccessRule.Create(Context.User, accessRight, PropagationType.Entity, permission)); }
public Result SaveAccessRule(AccessRule rule, string BankCode) { Result result = new Result(); result.RequestId = rule.Id; LogChangesInAuditLog(rule, rule.RuleName, rule.BankCode, rule.ModifiedBy); string Id = dh.SaveAccessRule(rule, BankCode); result.StatusCode = "0"; result.StatusDesc = "SUCCESS"; result.PegPayId = Id; return(result); }
public void MoveWorkItem(WorkGroup fromWorkGroup, WorkGroup toWorkGroup, Organization oe) { Util.WriteMethodInfoToConsole(); ProcessInstance PI = null; List <AccessRule> Rules = new List <AccessRule>(); AccessRule arRead = new AccessRule(session, CCD.Domea.Fw.Base.AccessType.Read, RuleType.SpecificOrganization, oe); AccessRule arWrite = new AccessRule(session, CCD.Domea.Fw.Base.AccessType.Write, RuleType.SpecificOrganization, oe); //Rules.Add(new AccessRule(session, CCD.Domea.Fw.Base.AccessType.Read, RuleType.SpecificOrganization, oe)); //Rules.Add(new AccessRule(session, CCD.Domea.Fw.Base.AccessType.Write, RuleType.SpecificOrganization, oe)); counter = 0; sWatchMovePI = new Stopwatch(); foreach (WorkItem wi in fromWorkGroup.GetWorkItems()) { try { sWatchMovePI.Reset(); sWatchMovePI.Start(); counter = counter + 1; PI = wi.GetProcessInstance(); HConsole.WriteLine(">> Verschieben des Aktes " + PI.Name + " beginnt..."); Rules.Clear(); Rules.AddRange(PI.GetAccessRules(CCD.Domea.Fw.Base.AccessType.Read)); Rules.Add(arRead); Rules.AddRange(PI.GetAccessRules(CCD.Domea.Fw.Base.AccessType.Write)); Rules.Add(arWrite); PI.SetActiveWorkItem(wi); PI.SetLock(ProcessInstanceLockLevel.Whole); wi.WriteHistoryLogEvent(30, "Start BIG Changes 2.0", new HistoryLogEventType(session, 99)); PI.SetCustomAttribute("CSVERANTWOE", oe.Id.ToString()); PI.AssignAccessRules(Rules.ToArray(), true); PI.Update(); wi.SetLock(WorkItemLockLevel.WorkItem); wi.DelegateTo(toWorkGroup); wi.ReleaseLock(WorkItemLockLevel.WorkItem); wi.WriteHistoryLogEvent(30, "BIG Changes 2.0 erfolgreich durchgeführt", new HistoryLogEventType(session, 99)); PI.ReleaseLock(ProcessInstanceLockLevel.Whole); sWatchMovePI.Stop(); HConsole.WriteLine(">> Verschieben des Aktes " + PI.Name + " abgeschlossen... (Zähler: " + counter + " / Stopwatch: " + sWatchMovePI.Elapsed.ToString("ss\\.ff") + ")"); } catch (Exception ex) { HConsole.WriteError(ex); } } }
private AccessRule GetAccessRuleDetails() { AccessRule rule = new AccessRule(); rule.BankCode = ddBank.SelectedValue; rule.BranchCode = ddBankBranch.SelectedValue; rule.CanAccess = txtAllowedAreas.Text; rule.Id = ""; rule.IsActive = ddIsActive.Text; rule.ModifiedBy = user.Id; rule.RuleName = txtRuleName.Text; rule.UserId = txtUserId.Text; rule.UserType = ddUserType.SelectedValue; return(rule); }
public void WillWorkOKUsingAccessFactory() { WillWorkSecurity security = new WillWorkSecurity(); SecurityIdentifier id = new SecurityIdentifier(WellKnownSidType.WorldSid, null); AccessRule <WillWorkRights> rule = (AccessRule <WillWorkRights>) security.AccessRuleFactory(id, 1, false, InheritanceFlags.None, PropagationFlags.None, AccessControlType.Allow); Assert.AreEqual(rule.AccessControlType, AccessControlType.Allow); Assert.AreEqual(rule.IdentityReference, id); Assert.AreEqual(rule.InheritanceFlags, InheritanceFlags.None); Assert.AreEqual(rule.PropagationFlags, PropagationFlags.None); Assert.AreEqual(rule.Rights, WillWorkRights.Value); }
public void TestOnChangeAccessRulePermissions() { bool success = true; string subjectName = "Role" + Guid.NewGuid(); string typeName = "Type" + Guid.NewGuid(); string reportName = "Report" + Guid.NewGuid(); var read = Entity.Get <Permission>("read"); var delete = Entity.Get <Permission>("delete"); ISet <string> oldPerm = new SortedSet <string> { read.Name }; ISet <string> newPerm = new SortedSet <string> { read.Name, delete.Name }; var mockAuditLog = new Mock <IAuditLog>(MockBehavior.Strict); mockAuditLog.Setup(al => al.OnChangeAccessRulePermissions(success, subjectName, typeName, reportName, It.Is <ISet <string> >(p => oldPerm.SetEquals(p)), It.Is <ISet <string> >(p => newPerm.SetEquals(p)))); var eventTarget = new AuditLogAccessRuleEventTarget(mockAuditLog.Object); var subject = new Role { Name = subjectName }; var type = new EntityType { Name = typeName }; var report = new Report { Name = reportName }; var accessRule = new AccessRule { AllowAccessBy = subject.As <Subject>(), ControlAccess = type.As <SecurableEntity>(), AccessRuleReport = report }; accessRule.PermissionAccess.Add(read); accessRule.Save(); // Change permissions accessRule.PermissionAccess.Add(delete); IDictionary <string, object> state = new Dictionary <string, object>(); eventTarget.GatherAuditLogEntityDetailsForSave(accessRule, state); eventTarget.WriteSaveAuditLogEntries(success, accessRule.Id, state); mockAuditLog.VerifyAll(); }
protected virtual AccessRuleCollection BuildAccessRuleCollectionFull(Account account, bool hasAccess) { var collection = new AccessRuleCollection(); // Add read and write item permission, if the user or user group has access. collection.Add(AccessRule.Create(account, AccessRight.ItemRead, PropagationType.Any, hasAccess ? SecurityPermission.AllowAccess : SecurityPermission.DenyAccess)); collection.Add(AccessRule.Create(account, AccessRight.ItemWrite, PropagationType.Any, hasAccess ? SecurityPermission.AllowAccess : SecurityPermission.DenyAccess)); // Deny all other rights besides Read and Write. These permissions will be inherited for the Catalogs and Categories. collection.Add(AccessRule.Create(account, AccessRight.ItemAdmin, PropagationType.Any, SecurityPermission.DenyAccess)); collection.Add(AccessRule.Create(account, AccessRight.ItemCreate, PropagationType.Any, SecurityPermission.DenyAccess)); collection.Add(AccessRule.Create(account, AccessRight.ItemDelete, PropagationType.Any, SecurityPermission.DenyAccess)); collection.Add(AccessRule.Create(account, AccessRight.ItemRename, PropagationType.Any, SecurityPermission.DenyAccess)); return(collection); }
protected void SetAccessRule(AccessRule rule);
protected void RemoveAccessRuleSpecific(AccessRule rule);
protected void ResetAccessRule(AccessRule rule);
protected bool RemoveAccessRule(AccessRule rule);
protected void RemoveAccessRuleAll(AccessRule rule);
protected override bool ModifyAccess(AccessControlModification modification, AccessRule rule, out bool modified);
protected void AddAccessRule(AccessRule rule);
protected abstract bool ModifyAccess(AccessControlModification modification, AccessRule rule, out bool modified);
public virtual bool ModifyAccessRule(AccessControlModification modification, AccessRule ruleout , System.Boolean& modified) {}
public static void RemoveSecurityRule(this Item item, AccessRule right, bool checkSecurity = false) { Assert.IsNotNull(item, "item cannot be null"); var state = SecurityState.Enabled; if (!checkSecurity) state = SecurityState.Disabled; using (new SecurityStateSwitcher(state)) { var accessRules = item.Security.GetAccessRules(); accessRules.Remove(right); item.Security.SetAccessRules(accessRules); } }
public virtual bool ModifyAccessRule(AccessControlModification modification, AccessRule rule, out bool modified);
private void ReadLines(string[] lines) { GlobalAccessRules = new List<AccessRule>(); SpecificAccessRules = new List<AccessRule>(); CrawlDelayRules = new List<CrawlDelayRule>(); Sitemaps = new List<Sitemap>(); string userAgent = String.Empty; int ruleCount = 0; for (int i = 0; i < lines.Length; i++) { var line = lines[i]; var robotsLine = new Line(line); switch (robotsLine.Type) { case LineType.Comment: //ignore the comments continue; case LineType.UserAgent: userAgent = robotsLine.Value; continue; case LineType.Sitemap: Sitemaps.Add(Sitemap.FromLine(robotsLine)); continue; case LineType.AccessRule: case LineType.CrawlDelayRule: if (String.IsNullOrEmpty(userAgent)) { //if there's a rule without user-agent declaration, ignore it Malformed = true; continue; } if (robotsLine.Type == LineType.AccessRule) { var accessRule = new AccessRule(userAgent, robotsLine, ++ruleCount); if (accessRule.For.Equals("*")) { GlobalAccessRules.Add(accessRule); } else { SpecificAccessRules.Add(accessRule); } if (!accessRule.Allowed && !String.IsNullOrEmpty(accessRule.Path)) { // We say !String.IsNullOrEmpty(x.Path) because the rule "Disallow: " means nothing is disallowed. IsAnyPathDisallowed = true; } } else { CrawlDelayRules.Add(new CrawlDelayRule(userAgent, robotsLine, ++ruleCount)); } HasRules = true; continue; case LineType.Unknown: Malformed = true; continue; } } }