コード例 #1
0
ファイル: Resource.cs プロジェクト: ratnazone/ratna
        public bool HasPermission(Principal principal, AclType aclType)
        {
            if (principal == null)
            {
                throw new ArgumentNullException("principal");
            }

            bool hasPermission = false;

            // if the principal and owner are the same, there is no need to
            // go to the DB

            if (principal.PrincipalId == this.Owner.PrincipalId)
            {
                hasPermission = true;
            }
            else
            {
                AclType permissions = AclsDbInteractor.Instance.GetAcls(this.ResourceId, GetActorId(), principal.PrincipalId);
                if (permissions != AclType.None)
                {
                    if ((permissions | aclType) == aclType)
                    {
                        hasPermission = true;
                    }
                }
            }

            return hasPermission;
        }
コード例 #2
0
 /// <summary>
 /// Public constructor
 /// </summary>
 /// <param name="type">Type of ACL entry: User/group/Other/mask</param>
 /// <param name="userOrGroupId">Object ID of the object depending on the type of the ACL entry. For acl type other and mask it should be null</param>
 /// <param name="scope">ACCESS or DEFAULT</param>
 /// <param name="action">The type of ACL to set</param>
 public AclEntry(AclType type, string userOrGroupId, AclScope scope, AclAction action)
 {
     Type          = type;
     UserOrGroupId = userOrGroupId;
     Scope         = scope;
     Action        = action;
 }
コード例 #3
0
 public AclItem(string id, string extraId, string name, AclType type)
 {
     this.id      = id;
     this.extraId = extraId;
     this.name    = name;
     this.type    = type;
 }
コード例 #4
0
 public AclEntry(AclScope scope, AclType type, string upnOrObjectId, GrantType grant)
 {
     Scope         = scope;
     AclType       = type;
     UpnOrObjectId = upnOrObjectId;
     Grant         = grant;
 }
コード例 #5
0
        public static string AclTypeToString(AclType type)
        {
            string aclType = "ERROR";

            if (type == AclType.Mask)
            {
                aclType = "mask";
            }
            else if (type == AclType.NamedGroup)
            {
                aclType = "group";
            }
            else if (type == AclType.NamedUser)
            {
                aclType = "user";
            }
            else if (type == AclType.Other)
            {
                aclType = "other";
            }
            else if (type == AclType.OwningGroup)
            {
                aclType = "group";
            }
            else if (type == AclType.OwningUser)
            {
                aclType = "user";
            }
            else
            {
                throw new ArgumentOutOfRangeException();
            }
            return(aclType);
        }
 public static async Task <AclRuleType> CreateAclRule(
     this IComputeApiClient client,
     string networkId,
     string aclRuleName,
     int position,
     AclActionType action,
     AclProtocolType protocol,
     PortRangeTypeType portRangeType,
     IPAddress sourceIpAddress = null,
     IPAddress sourceNetmask   = null,
     IPAddress destIpAddress   = null,
     IPAddress destNetmask     = null,
     int port1       = 0,
     int port2       = 0,
     AclType aclType = AclType.OUTSIDE_ACL)
 {
     return
         (await
          client.NetworkingLegacy.Network.CreateAclRule(
              networkId,
              aclRuleName,
              position,
              action,
              protocol,
              portRangeType,
              sourceIpAddress,
              sourceNetmask,
              destIpAddress,
              destNetmask,
              port1,
              port2,
              aclType));
 }
コード例 #7
0
        public FsAclEntry(AclType type, string name, FsPermission permission)
        {
            this.Type = type;

            if (name == null)
            {
                name = "";
            }
            this.Name       = name;
            this.Permission = permission;
        }
        private IEnumerable <Ace> FilterWithFilter(Func <Ace, bool> filter)
        {
            List <Ace> removed = new List <Ace>();

            if (AclType.HasFlag(RemoveAclType.Dacl))
            {
                FilterWithFilter(removed, SecurityDescriptor.Dacl, true, filter);
            }
            if (AclType.HasFlag(RemoveAclType.Sacl))
            {
                FilterWithFilter(removed, SecurityDescriptor.Sacl, false, filter);
            }
            return(removed);
        }
コード例 #9
0
        private protected IEnumerable <Ace> FilterWithFilter(Func <Ace, bool> filter, Action <Acl, Predicate <Ace> > run_on_acl)
        {
            List <Ace> list = new List <Ace>();

            if (AclType.HasFlag(SecurityDescriptorAclType.Dacl))
            {
                FilterWithFilter(list, SecurityDescriptor.Dacl, true, filter, run_on_acl);
            }
            if (AclType.HasFlag(SecurityDescriptorAclType.Sacl))
            {
                FilterWithFilter(list, SecurityDescriptor.Sacl, false, filter, run_on_acl);
            }
            return(list);
        }
コード例 #10
0
        private DataLakeStoreEnums.AceType MapAclEntryType(AclType aclType)
        {
            switch (aclType)
            {
            case AclType.group: return(DataLakeStoreEnums.AceType.Group);

            case AclType.user: return(DataLakeStoreEnums.AceType.User);

            case AclType.mask: return(DataLakeStoreEnums.AceType.Mask);

            case AclType.other: return(DataLakeStoreEnums.AceType.Other);

            default: throw new ArgumentException("AclType is invalid");
            }
        }
コード例 #11
0
        /// <summary>
        /// Parses a AclEntry string into acl type, acl type Id, acl scope and acl action (permissions).
        /// Throws exception if the acl string is not correct.
        /// </summary>
        /// <param name="aclEntry">Acl Entry string delimited by ':'</param>
        /// <param name="removeAcl">Whether this string is for removing Acl.</param>
        /// <returns>Acl Entry instance</returns>
        public static AclEntry ParseAclEntryString(string aclEntry, bool removeAcl)
        {
            aclEntry = aclEntry.Trim();
            string[] parts = aclEntry.Split(':');
            if (parts.Length > 4)
            {
                throw new ArgumentException("Invalid AclEntry string: " + aclEntry);
            }
            if (parts.Length == 4 && !parts[0].Equals("default"))
            {
                throw new ArgumentException("Invalid AclEntry string: " + aclEntry);
            }
            int      strtPartIndx = 0;
            AclScope scope;

            if (parts.Length == 4) //Because it is of AclScope default
            {
                strtPartIndx++;
                scope = AclScope.Default;
            }
            else
            {
                scope = AclScope.Access;
            }
            AclType aclType = (AclType)Enum.Parse(typeof(AclType), parts[strtPartIndx].Trim());//This will throw exception
            string  aclNm   = parts[strtPartIndx + 1].Trim();

            if (aclType == AclType.mask && !String.IsNullOrEmpty(aclNm))
            {
                throw new ArgumentException("AclType Mask should not contain userId or group Id");
            }
            if (aclType == AclType.other && !String.IsNullOrEmpty(aclNm))
            {
                throw new ArgumentException("AclType Other should not contain userId or group Id");
            }
            AclAction action = AclAction.None;

            if (!removeAcl)
            {
                AclAction?ac = AclActionExtension.GetAclAction(parts[strtPartIndx + 2].Trim());
                if (ac == null)
                {
                    throw new ArgumentException("Invalid permission in aclentry " + aclEntry);
                }
                action = ac.Value;
            }
            return(new AclEntry(aclType, aclNm, scope, action));
        }
コード例 #12
0
        public FsAclEntry(string entry)
        {
            var tokens = entry.Split(':');

            string type_str = tokens[0].ToLowerInvariant();
            string user     = tokens[1];

            if ((type_str == "user") && (user.Length == 0))
            {
                this.Type = AclType.OwningUser;
            }
            else if ((type_str == "user") && (user.Length > 0))
            {
                this.Type = AclType.NamedUser;
            }
            else if ((type_str == "group") && (user.Length == 0))
            {
                this.Type = AclType.OwningGroup;
            }
            else if ((type_str == "group") && (user.Length > 0))
            {
                this.Type = AclType.NamedGroup;
            }
            else if (type_str == "mask")
            {
                this.Type = AclType.Mask;
            }
            else if (type_str == "other")
            {
                this.Type = AclType.Other;
            }
            else
            {
                throw new ArgumentOutOfRangeException();
            }

            this.Name       = user;
            this.Permission = new FsPermission(tokens[2]);
        }
コード例 #13
0
        /// <summary>
        /// The create acl rule.
        /// </summary>
        /// <param name="networkId">
        /// The network id.
        /// </param>
        /// <param name="aclRuleName">
        /// The acl rule name.
        /// </param>
        /// <param name="position">
        /// The position.
        /// </param>
        /// <param name="action">
        /// The action.
        /// </param>
        /// <param name="protocol">
        /// The protocol.
        /// </param>
        /// <param name="portRangeType">
        /// The port range type.
        /// </param>
        /// <param name="sourceIpAddress">
        /// The source ip address.
        /// </param>
        /// <param name="sourceNetmask">
        /// The source netmask.
        /// </param>
        /// <param name="destIpAddress">
        /// The dest ip address.
        /// </param>
        /// <param name="destNetmask">
        /// The dest netmask.
        /// </param>
        /// <param name="port1">
        /// The port 1.
        /// </param>
        /// <param name="port2">
        /// The port 2.
        /// </param>
        /// <param name="aclType">
        /// The acl type.
        /// </param>
        /// <returns>
        /// The <see cref="Task"/>.
        /// </returns>
        /// <exception cref="ArgumentOutOfRangeException">
        /// </exception>
        public async Task <AclRuleType> CreateAclRule(
            string networkId,
            string aclRuleName,
            int position,
            AclActionType action,
            AclProtocolType protocol,
            PortRangeTypeType portRangeType,
            IPAddress sourceIpAddress = null,
            IPAddress sourceNetmask   = null,
            IPAddress destIpAddress   = null,
            IPAddress destNetmask     = null,
            int port1       = 0,
            int port2       = 0,
            AclType aclType = AclType.OUTSIDE_ACL)
        {
            var portRange = new PortRangeType {
                type = portRangeType
            };

            // Validate that the ports are specified when needed
            switch (portRangeType)
            {
            case PortRangeTypeType.EQUAL_TO:
            case PortRangeTypeType.GREATER_THAN:
            case PortRangeTypeType.LESS_THAN:
            {
                if (port1 < 1 || port1 > 65535)
                {
                    throw new ArgumentOutOfRangeException(
                              "port1",
                              port1,
                              string.Format(
                                  "Port1 must be between 1-65535 when the port range type is {0}",
                                  portRangeType));
                }
                portRange.port1          = port1;
                portRange.port1Specified = true;
                break;
            }

            case PortRangeTypeType.RANGE:
            {
                if (port1 < 1 || port1 > 65535)
                {
                    throw new ArgumentOutOfRangeException(
                              "port1",
                              port1,
                              string.Format(
                                  "Port1 must be between 1-65535 when the port range type is {0}",
                                  portRangeType));
                }
                if (port2 < 1 || port2 > 65535)
                {
                    throw new ArgumentOutOfRangeException(
                              "port2",
                              port2,
                              string.Format(
                                  "Port2 must be between 1-65535 when the port range type is {0}",
                                  portRangeType));
                }
                portRange.port1          = port1;
                portRange.port2          = port2;
                portRange.port1Specified = portRange.port2Specified = true;
                break;
            }
            }

            // create the acl rule object
            var rule = new AclRuleType
            {
                name      = aclRuleName,
                action    = action,
                position  = position,
                protocol  = protocol.ToString(),
                portRange = portRange,
                type      = aclType
            };

            if (sourceIpAddress != null)
            {
                rule.sourceIpRange = new IpRangeType {
                    ipAddress = sourceIpAddress.ToString()
                };
                if (sourceNetmask != null)
                {
                    rule.sourceIpRange.netmask = sourceNetmask.ToString();
                }
            }

            if (destIpAddress != null)
            {
                rule.destinationIpRange = new IpRangeType {
                    ipAddress = destIpAddress.ToString()
                };
                if (destNetmask != null)
                {
                    rule.destinationIpRange.netmask = destNetmask.ToString();
                }
            }

            return
                (await
                 _apiClient.PostAsync <AclRuleType, AclRuleType>(
                     ApiUris.CreateAclRule(_apiClient.OrganizationId, networkId),
                     rule));
        }
コード例 #14
0
ファイル: Resource.cs プロジェクト: ratnazone/ratna
 public void SetAcl(Principal principal, AclType acls)
 {
     AclsStore.Instance.SetAcls(this, GetActorId(), principal.PrincipalId, acls);
 }
コード例 #15
0
ファイル: Resource.cs プロジェクト: ratnazone/ratna
 public void RemoveAcl(Principal principal, AclType aclType)
 {
     AclType permissions = AclsDbInteractor.Instance.GetAcls(this.ResourceId, GetActorId(), principal.PrincipalId);
     if (permissions != AclType.None)
     {
         AclType acls = permissions & ~aclType;
         SetAcl(principal, acls);
     }
 }
		/// <summary>
		/// Creates a new ACL rule at a specified line using your organization ID and the ID of the target network.
		///     It is possible to create both inbound (OUTSIDE_ACL) and outbound (INSIDE_ACL) rule types.
		/// </summary>
		/// <param name="client">
		/// The <see cref="ComputeApiClient"/> object.
		/// </param>
		/// <param name="networkId">
		/// The target network id.
		/// </param>
		/// <param name="aclRuleName">
		/// The name of the ACL rule.
		/// </param>
		/// <param name="position">
		/// The position of the rule between 100-500 inclusive.
		/// </param>
		/// <param name="action">
		/// The action (Permit/deny) of the ACL rule.
		/// </param>
		/// <param name="protocol">
		/// The protocol to use (IP, ICMP, TCP, UDP).
		/// </param>
		/// <param name="portRangeType">
		/// The port range type (ALL, EQUAL_TO, RANGE, GREATER_THAN, LESS_THAN).
		/// </param>
		/// <param name="sourceIpAddress">
		/// Optional. If no source IP Address is supplied, the assumption is that any source IP address is allowed.
		///     If a source IP address is supplied without the <paramref name="sourceNetmask"/>, source IP Address represent a
		///     single host.
		/// </param>
		/// <param name="sourceNetmask">
		/// Optional. When specified, the <paramref name="sourceIpAddress"/> must be the CIDR boundary for the network.
		/// </param>
		/// <param name="destIpAddress">
		/// Optional. If no destination IP Address is supplied, the assumption is that any destination IP address is allowed.
		///     If a destination IP address is supplied without the <paramref name="destNetmask"/>, source IP Address represent a
		///     single host.
		/// </param>
		/// <param name="destNetmask">
		/// Optional. When specified, the <paramref name="destIpAddress"/> must be the CIDR boundary for the network.
		/// </param>
		/// <param name="port1">
		/// Optional depending on <paramref name="portRangeType"/>. Value within a range of 1-65535.
		/// </param>
		/// <param name="port2">
		/// Optional depending on <paramref name="portRangeType"/>. Value within a range of 1-65535.
		/// </param>
		/// <param name="aclType">
		/// Optional. One of (OUTSIDE_ACL, INSIDE_ACL). Default if not specified is OUTSIDE_ACL.
		/// </param>
		/// <returns>
		/// The ACL rules.
		/// </returns>
		public static async Task<AclRuleType> CreateAclRule(
			this IComputeApiClient client, 
			string networkId, 
			string aclRuleName, 
			int position, 
			AclActionType action, 
			AclProtocolType protocol, 
			PortRangeTypeType portRangeType, 
			IPAddress sourceIpAddress = null, 
			IPAddress sourceNetmask = null, 
			IPAddress destIpAddress = null, 
			IPAddress destNetmask = null, 
			int port1 = 0, 
			int port2 = 0, 
			AclType aclType = AclType.OUTSIDE_ACL)
		{
			Contract.Requires(!string.IsNullOrEmpty(aclRuleName), "The ACL rule name must NOT be empty or null!");
			Contract.Requires(aclRuleName.Length < 60, "ACL rule name cannot exceed 60 chars");
			Contract.Requires(position >= 100 && position <= 500, "Position must be between 100 and 500 inclusive");
			Contract.Requires(aclType == AclType.INSIDE_ACL || aclType == AclType.OUTSIDE_ACL, 
				"ACL Type must be one of (OUTSIDE_ACL, INSIDE_ACL)");

			var portRange = new PortRangeType {type = portRangeType};

// Validate that the ports are specified when needed
			switch (portRangeType)
			{
				case PortRangeTypeType.EQUAL_TO:
				case PortRangeTypeType.GREATER_THAN:
				case PortRangeTypeType.LESS_THAN:
				{
					if (port1 < 1 || port1 > 65535)
						throw new ArgumentOutOfRangeException(
							"port1", 
							port1, 
							string.Format(
								"Port1 must be between 1-65535 when the port range type is {0}", 
								portRangeType));
					portRange.port1 = port1;
					portRange.port1Specified = true;
					break;
				}

				case PortRangeTypeType.RANGE:
				{
					if (port1 < 1 || port1 > 65535)
						throw new ArgumentOutOfRangeException(
							"port1", 
							port1, 
							string.Format(
								"Port1 must be between 1-65535 when the port range type is {0}", 
								portRangeType));
					if (port2 < 1 || port2 > 65535)
						throw new ArgumentOutOfRangeException(
							"port2", 
							port2, 
							string.Format(
								"Port2 must be between 1-65535 when the port range type is {0}", 
								portRangeType));
					portRange.port1 = port1;
					portRange.port2 = port2;
					portRange.port1Specified = portRange.port2Specified = true;
					break;
				}
			}

			// create the acl rule object
			var rule = new AclRuleType
			{
				name = aclRuleName, 
				action = action, 
				position = position, 
				protocol = protocol.ToString(), 
				portRange = portRange, 
				type = aclType
			};
			if (sourceIpAddress != null)
			{
				rule.sourceIpRange = new IpRangeType {ipAddress = sourceIpAddress.ToString()};
				if (sourceNetmask != null) rule.sourceIpRange.netmask = sourceNetmask.ToString();
			}

			if (destIpAddress != null)
			{
				rule.destinationIpRange = new IpRangeType {ipAddress = destIpAddress.ToString()};
				if (destNetmask != null) rule.destinationIpRange.netmask = destNetmask.ToString();
			}

			return
				await
					client.WebApi.ApiPostAsync<AclRuleType, AclRuleType>(
						ApiUris.CreateAclRule(client.Account.OrganizationId, networkId), 
						rule);
		}
コード例 #17
0
        /// <summary>
        /// The create acl rule.
        /// </summary>
        /// <param name="networkId">
        /// The network id.
        /// </param>
        /// <param name="aclRuleName">
        /// The acl rule name.
        /// </param>
        /// <param name="position">
        /// The position.
        /// </param>
        /// <param name="action">
        /// The action.
        /// </param>
        /// <param name="protocol">
        /// The protocol.
        /// </param>
        /// <param name="portRangeType">
        /// The port range type.
        /// </param>
        /// <param name="sourceIpAddress">
        /// The source ip address.
        /// </param>
        /// <param name="sourceNetmask">
        /// The source netmask.
        /// </param>
        /// <param name="destIpAddress">
        /// The dest ip address.
        /// </param>
        /// <param name="destNetmask">
        /// The dest netmask.
        /// </param>
        /// <param name="port1">
        /// The port 1.
        /// </param>
        /// <param name="port2">
        /// The port 2.
        /// </param>
        /// <param name="aclType">
        /// The acl type.
        /// </param>
        /// <returns>
        /// The <see cref="Task"/>.
        /// </returns>
        /// <exception cref="ArgumentOutOfRangeException">
        /// </exception>
        public async Task <AclRuleType> CreateAclRule(
            string networkId,
            string aclRuleName,
            int position,
            AclActionType action,
            AclProtocolType protocol,
            PortRangeTypeType portRangeType,
            IPAddress sourceIpAddress = null,
            IPAddress sourceNetmask   = null,
            IPAddress destIpAddress   = null,
            IPAddress destNetmask     = null,
            int port1       = 0,
            int port2       = 0,
            AclType aclType = AclType.OUTSIDE_ACL)
        {
            Contract.Requires(!string.IsNullOrEmpty(aclRuleName), "The ACL rule name must NOT be empty or null!");
            Contract.Requires(aclRuleName.Length < 60, "ACL rule name cannot exceed 60 chars");
            Contract.Requires(position >= 100 && position <= 500, "Position must be between 100 and 500 inclusive");
            Contract.Requires(aclType == AclType.INSIDE_ACL || aclType == AclType.OUTSIDE_ACL,
                              "ACL Type must be one of (OUTSIDE_ACL, INSIDE_ACL)");

            var portRange = new PortRangeType {
                type = portRangeType
            };

            // Validate that the ports are specified when needed
            switch (portRangeType)
            {
            case PortRangeTypeType.EQUAL_TO:
            case PortRangeTypeType.GREATER_THAN:
            case PortRangeTypeType.LESS_THAN:
            {
                if (port1 < 1 || port1 > 65535)
                {
                    throw new ArgumentOutOfRangeException(
                              "port1",
                              port1,
                              string.Format(
                                  "Port1 must be between 1-65535 when the port range type is {0}",
                                  portRangeType));
                }
                portRange.port1          = port1;
                portRange.port1Specified = true;
                break;
            }

            case PortRangeTypeType.RANGE:
            {
                if (port1 < 1 || port1 > 65535)
                {
                    throw new ArgumentOutOfRangeException(
                              "port1",
                              port1,
                              string.Format(
                                  "Port1 must be between 1-65535 when the port range type is {0}",
                                  portRangeType));
                }
                if (port2 < 1 || port2 > 65535)
                {
                    throw new ArgumentOutOfRangeException(
                              "port2",
                              port2,
                              string.Format(
                                  "Port2 must be between 1-65535 when the port range type is {0}",
                                  portRangeType));
                }
                portRange.port1          = port1;
                portRange.port2          = port2;
                portRange.port1Specified = portRange.port2Specified = true;
                break;
            }
            }

            // create the acl rule object
            var rule = new AclRuleType
            {
                name      = aclRuleName,
                action    = action,
                position  = position,
                protocol  = protocol.ToString(),
                portRange = portRange,
                type      = aclType
            };

            if (sourceIpAddress != null)
            {
                rule.sourceIpRange = new IpRangeType {
                    ipAddress = sourceIpAddress.ToString()
                };
                if (sourceNetmask != null)
                {
                    rule.sourceIpRange.netmask = sourceNetmask.ToString();
                }
            }

            if (destIpAddress != null)
            {
                rule.destinationIpRange = new IpRangeType {
                    ipAddress = destIpAddress.ToString()
                };
                if (destNetmask != null)
                {
                    rule.destinationIpRange.netmask = destNetmask.ToString();
                }
            }

            return
                (await
                 _apiClient.PostAsync <AclRuleType, AclRuleType>(
                     ApiUris.CreateAclRule(_apiClient.OrganizationId, networkId),
                     rule));
        }
コード例 #18
0
        /// <summary>
        /// Creates a new ACL rule at a specified line using your organization ID and the ID of the target network.
        /// It is possible to create both inbound (OUTSIDE_ACL) and outbound (INSIDE_ACL) rule types.
        /// </summary>
        /// <param name="client">The <see cref="ComputeApiClient"/> object.</param>
        /// <param name="networkId">The target network id.</param>
        /// <param name="aclRuleName">The name of the ACL rule.</param>
        /// <param name="position">The position of the rule between 100-500 inclusive.</param>
        /// <param name="action">The action (Permit/deny) of the ACL rule.</param>
        /// <param name="protocol">The protocol to use (IP, ICMP, TCP, UDP).</param>
        /// <param name="portRangeType">The port range type (ALL, EQUAL_TO, RANGE, GREATER_THAN, LESS_THAN).</param>
        /// <param name="sourceIpAddress">
        /// Optional. If no source IP Address is supplied, the assumption is that any source IP address is allowed.
        /// If a source IP address is supplied without the <paramref name="sourceNetmask"/>, source IP Address represent a single host.
        /// </param>
        /// <param name="sourceNetmask">
        /// Optional. When specified, the <paramref name="sourceIpAddress"/> must be the CIDR boundary for the network.
        /// </param>
        /// <param name="destIpAddress">
        /// Optional. If no destination IP Address is supplied, the assumption is that any destination IP address is allowed.
        /// If a destination IP address is supplied without the <paramref name="destNetmask"/>, source IP Address represent a single host.
        /// </param>
        /// <param name="destNetmask">
        /// Optional. When specified, the <paramref name="destIpAddress"/> must be the CIDR boundary for the network.
        /// </param>
        /// <param name="port1">Optional depending on <paramref name="portRangeType"/>. Value within a range of 1-65535.</param>
        /// <param name="port2">Optional depending on <paramref name="portRangeType"/>. Value within a range of 1-65535.</param>
        /// <param name="aclType">Optional. One of (OUTSIDE_ACL, INSIDE_ACL). Default if not specified is OUTSIDE_ACL.</param>
        /// <returns>The ACL rules.</returns>
        public static async Task <AclRuleType> CreateAclRuleAsync(
            this IComputeApiClient client,
            string networkId,
            string aclRuleName,
            int position,
            AclActionType action,
            AclProtocolType protocol,
            PortRangeTypeType portRangeType,
            IPAddress sourceIpAddress = null,
            IPAddress sourceNetmask   = null,
            IPAddress destIpAddress   = null,
            IPAddress destNetmask     = null,
            int port1       = 0,
            int port2       = 0,
            AclType aclType = AclType.OUTSIDE_ACL)
        {
            if (string.IsNullOrWhiteSpace(networkId))
            {
                throw new ArgumentException("argument cannot be null, empty or composed of whitespaces only!", "networkId");
            }
            if (string.IsNullOrWhiteSpace(aclRuleName))
            {
                throw new ArgumentException("argument cannot be null, empty or composed of whitespaces only!", "aclRuleName");
            }
            if (aclRuleName.Length >= 60)
            {
                throw new ArgumentException("ACL rule name cannot exceed 60 chars", "aclRuleName");
            }
            if (position < 100 || position > 500)
            {
                throw new ArgumentException("Position must be between 100 and 500 inclusive", "position");
            }
            if (aclType != AclType.INSIDE_ACL && aclType != AclType.OUTSIDE_ACL)
            {
                throw new ArgumentException("ACL Type must be one of (OUTSIDE_ACL, INSIDE_ACL)", "aclType");
            }

            var portRange = new PortRangeType {
                type = portRangeType
            };

            // Validate that the ports are specified when needed
            switch (portRangeType)
            {
            case PortRangeTypeType.EQUAL_TO:
            case PortRangeTypeType.GREATER_THAN:
            case PortRangeTypeType.LESS_THAN:
            {
                if (port1 < 1 || port1 > 65535)
                {
                    throw new ArgumentOutOfRangeException(
                              "port1",
                              port1,
                              string.Format(
                                  "Port1 must be between 1-65535 when the port range type is {0}",
                                  portRangeType));
                }
                portRange.port1          = port1;
                portRange.port1Specified = true;
                break;
            }

            case PortRangeTypeType.RANGE:
            {
                if (port1 < 1 || port1 > 65535)
                {
                    throw new ArgumentOutOfRangeException(
                              "port1",
                              port1,
                              string.Format(
                                  "Port1 must be between 1-65535 when the port range type is {0}",
                                  portRangeType));
                }
                if (port2 < 1 || port2 > 65535)
                {
                    throw new ArgumentOutOfRangeException(
                              "port2",
                              port2,
                              string.Format(
                                  "Port2 must be between 1-65535 when the port range type is {0}",
                                  portRangeType));
                }
                portRange.port1          = port1;
                portRange.port2          = port2;
                portRange.port1Specified = portRange.port2Specified = true;
                break;
            }
            }

            // create the acl rule object
            var rule = new AclRuleType
            {
                name      = aclRuleName,
                action    = action,
                position  = position,
                protocol  = protocol.ToString(),
                portRange = portRange,
                type      = aclType
            };

            if (sourceIpAddress != null)
            {
                rule.sourceIpRange = new IpRangeType {
                    ipAddress = sourceIpAddress.ToString()
                };
                if (sourceNetmask != null)
                {
                    rule.sourceIpRange.netmask = sourceNetmask.ToString();
                }
            }
            if (destIpAddress != null)
            {
                rule.destinationIpRange = new IpRangeType {
                    ipAddress = destIpAddress.ToString()
                };
                if (destNetmask != null)
                {
                    rule.destinationIpRange.netmask = destNetmask.ToString();
                }
            }

            return
                (await
                 client.WebApi.ApiPostAsync <AclRuleType, AclRuleType>(
                     ApiUris.CreateAclRule(client.Account.OrganizationId, networkId),
                     rule));
        }