private static void CheckRight(DummyFileInfoWrapper fileInfo, string action) { bool isActionAllowed = false; int userId = Security.CurrentUser.UserID; if (fileInfo.ContainerKey.StartsWith("ForumNodeId_")) { // Extract forumNodeId int forumNodeId = int.Parse(fileInfo.ContainerKey.Split('_')[1]); // Find incidentId by ForumNodeId string forumContainerKey = ForumThreadNodeInfo.GetOwnerContainerKey(forumNodeId); int incidentId = int.Parse(forumContainerKey.Split('_')[1]); // Check Security switch (action) { case "Read": isActionAllowed = Incident.CanRead(incidentId); break; case "Write": isActionAllowed = Incident.CanUpdate(incidentId); break; } } else if (fileInfo.ContainerKey.StartsWith("DocumentVers_")) { // Extract documentVersionId int documentId = int.Parse(fileInfo.ContainerKey.Split('_')[1]); // Check Security switch (action) { case "Read": isActionAllowed = Document.CanRead(documentId); break; case "Write": isActionAllowed = Document.CanAddVersion(documentId); break; } } else { isActionAllowed = FileStorage.CanUserRunAction(userId, fileInfo.ContainerKey, fileInfo.ParrentDirectoryId, action); //retVal = FileStorage.CanUserRead(Security.CurrentUser.UserID, fileInfo.ContainerKey, fileInfo.ParrentDirectoryId); } if (!isActionAllowed) { throw new HttpException(403, "Operation '" + action + "' is forbidden."); } }
private static bool CheckFileStorageRight(FileInfo fileInfo, string action, int userId) { bool isActionAllowed = false; if (fileInfo.ContainerKey.StartsWith("ForumNodeId_")) { // Extract forumNodeId int forumNodeId = int.Parse(fileInfo.ContainerKey.Split('_')[1]); // Find incidentId by ForumNodeId string forumContainerKey = ForumThreadNodeInfo.GetOwnerContainerKey(forumNodeId); int incidentId = int.Parse(forumContainerKey.Split('_')[1]); // Check Security switch (action) { case "Read": isActionAllowed = Incident.CanRead(incidentId); break; case "Write": isActionAllowed = Incident.CanUpdate(incidentId); break; } } else if (fileInfo.ContainerKey.StartsWith("DocumentVers_")) { // Extract documentVersionId int documentId = int.Parse(fileInfo.ContainerKey.Split('_')[1]); // Check Security switch (action) { case "Read": isActionAllowed = Document.CanRead(documentId); break; case "Write": isActionAllowed = Document.CanAddVersion(documentId); break; } } else { isActionAllowed = FileStorage.CanUserRunAction(userId, fileInfo.ContainerKey, fileInfo.ParentDirectoryId, action); } return(isActionAllowed); }
/// <summary> /// Sets the ACL. /// </summary> /// <param name="control">The control.</param> /// <param name="acl">The acl.</param> /// <param name="ValidateACL">if set to <c>true</c> [validate ACL].</param> public static void SetACL(IIbnControl control, AccessControlList acl, bool ValidateACL) { if (control == null) { throw new ArgumentNullException("control"); } if (acl == null) { throw new ArgumentNullException("acl"); } if (acl.OwnerDirectoryId == 0) { throw new ArgumentException("You can not use a dettached ACL.", "acl"); } // Validation 1 - 2 if (ValidateACL) { if (acl.Count == 0) { throw new AllUserAccessWillBeDeniedException(); } } using (Mediachase.IBN.Database.DbTransaction tran = Mediachase.IBN.Database.DbTransaction.Begin()) { // Step 2. Update Inherited ACEs if (acl.IsInheritedChanged) { if (acl.IsInherited) { DBAccessControlList.TurnOnIsInherited(acl.Id); } else { DBAccessControlList.TurnOffIsInherited(acl.Id, false); } } // Step 3. Update Common ACEs if (acl.IsChanged) { DBAccessControlList.Clear(acl.Id); foreach (AccessControlEntry ace in acl) { if (!ace.IsIherited) { DBAccessControlList.AddAce(acl.Id, ace.Role, ace.PrincipalId, ace.Action, ace.Allow, false, ace.OwnerKey); if (ace.Allow) { foreach (string BaseAction in control.GetBaseActions(ace.Action)) { DBAccessControlList.AddAce(acl.Id, ace.Role, ace.PrincipalId, BaseAction, ace.Allow, true, ace.OwnerKey); } } else { foreach (string BaseAction in control.GetDerivedActions(ace.Action)) { DBAccessControlList.AddAce(acl.Id, ace.Role, ace.PrincipalId, BaseAction, ace.Allow, true, ace.OwnerKey); } } } } } // Step 4. Update child ACL DBAccessControlList.RefreshInheritedACL(acl.OwnerDirectoryId); // Validation 2 - 2 if (ValidateACL) { if (!FileStorage.CanUserRunAction(Security.CurrentUser.UserID, control.OwnerContainer.Key, acl.OwnerDirectoryId, "Admin")) { throw new AdminAccessWillBeDeniedException(); } } tran.Commit(); } }