internal static bool CheckAccessFromUserNameImp(Services.Packages.Package _object, string userName, string securityDescriptor) { if (!PackageSecureService.IsSecurableImp) return true; // Owner can do anything if (CheckUserRightsImp(userName, "Owner")) return true; // User could have constant rights on the class if (CheckUserRightsImp(userName, securityDescriptor + " " + typeof(Services.Packages.Package).FullName)) return true; if (_object.Owner != null && _object.Owner.Name == userName) return true; PackageAccessControlListCollection acls = _object.GetACLs(userName); if (acls.Count == 0) { if (userName.ToLowerInvariant() != "everyone") return CheckAccessFromUserNameImp(_object, "Everyone", securityDescriptor); else return false; } PackageAccessControlList acl = acls[0]; PackageAccessControlEntryCollection entries = PackageAccessControlEntry.GetEntries(securityDescriptor.ToLowerInvariant(), acl); if (entries.Count == 0) { // Descriptor missing; Add-it PackageAccessControlEntry entry = new PackageAccessControlEntry(); entry.Descriptor = securityDescriptor.ToLowerInvariant(); entry.UserName = userName; entry.Allow = false; entry.ACL = acl; entry.Create(); return false; } if (!entries[0].Allow) { if (userName.ToLowerInvariant() != "everyone") return CheckAccessFromUserNameImp(_object, "Everyone", securityDescriptor); else return false; } return true; }
internal static void ChangeAccessImp(Services.Packages.Package _object, string userName, string securityDescriptor, bool allow, string SessionToken) { // Check if user can do that ModelSession session = CheckSessionImp(SessionToken); if (CheckAccessImp(_object, SessionToken, "ChangeAccess")) { try { PackageAccessControlListCollection acls = _object.GetACLs(userName); PackageAccessControlList acl; if (acls.Count == 0) { acl = new PackageAccessControlList(); acl.UserName = userName; acl.Package = _object; acl.Create(); } else { acl = acls[0]; } PackageAccessControlEntry entry = new PackageAccessControlEntry(); entry.Descriptor = securityDescriptor.ToLowerInvariant(); entry.UserName = userName; entry.Allow = allow; entry.ACL = acl; entry.Create(); return; } catch { } } throw new UnauthorizedAccessException("Access Denied"); }