public void SetPermissionsBits(ulong allowBits, ulong denyBits)
{
foreach (var perm in this.Permissions)
{
var index = PermissionType.GetByName(perm.Name).Index;
var mask = 1uL << index;
perm.Deny = (denyBits & mask) != 0;
perm.Allow = (allowBits & mask) == mask;
}
}
private PermissionType GetPermissionTypeByName(string name)
{
var permissionType = PermissionType.GetByName(name);
if (permissionType != null)
{
return(permissionType);
}
throw new ArgumentException("Unknown permission: " + name);
}
private static void SetPermissions(AclEditor aclEditor, int contentId, int identityId, bool localOnly,
Dictionary <string, object> permissions, List <string> messages)
{
foreach (var item in permissions)
{
var permissionType = PermissionType.GetByName(item.Key);
if (permissionType == null)
{
messages.Add($"WARING: Unknown permission: {item.Key}");
continue;
}
SetPermission(aclEditor, contentId, identityId, localOnly, permissionType, item.Value, messages);
}
}
private static IEnumerable <PermissionType> GetPermissionTypes(string[] names)
{
var types = new PermissionType[names.Length];
for (int i = 0; i < names.Length; i++)
{
var pt = PermissionType.GetByName(names[i]);
if (pt == null)
{
throw new ArgumentException("Unknown permission: " + names[i]);
}
types[i] = pt;
}
return(types);
}
public void GetPermissionBits(out ulong allowBits, out ulong denyBits)
{
allowBits = 0uL;
denyBits = 0uL;
foreach (var perm in this.Permissions)
{
var index = PermissionType.GetByName(perm.Name).Index;
if (perm.Deny)
{
denyBits |= 1uL << index;
}
else if (perm.Allow)
{
allowBits |= 1uL << index;
}
}
}
protected IEnumerable <PermissionType> GetPermissionTypes(string permissionNames)
{
if (string.IsNullOrEmpty(permissionNames))
{
return(new PermissionType[0]);
}
var permissionTypeNames = permissionNames.Split(new[] { ',', ';' }, StringSplitOptions.RemoveEmptyEntries);
var permissionTypes = permissionTypeNames.Select(ptn => PermissionType.GetByName(ptn))
.Where(pt => pt != null).ToArray();
if (permissionTypeNames.Length > permissionTypes.Length)
{
throw new PackagingException("Invalid permission types: " + permissionNames);
}
return(permissionTypes);
}
public string PermissionsToString()
{
var chars = new char[PermissionType.PermissionCount];
foreach (var perm in Permissions)
{
var i = chars.Length - PermissionType.GetByName(perm.Name).Index - 1;
if (perm.Allow)
{
chars[i] = '+';
}
else if (perm.Deny)
{
chars[i] = '-';
}
else
{
chars[i] = '_';
}
}
return(new String(chars));
}
private static object[] GetAggregatedPermissions(SnAccessControlEntry[] relatedEntries)
{
// "permissions": [
// {
// "name": "See",
// "index": 0,
// "type": "allowed" // "denied" | "deniedandallowed"
// "allowfrom": [
// "path": "/Root/Sites/Default_Site/workspaces"
// "identity": "..../IdentitfiedUsers"
// ]
// "denyfrom": [
// "path": "/Root/Sites/Default_Site"
// "identity": "..../alba"
// ]
// },
var aggregatedPermissions = new List <AggregatedPermission>();
for (var i = 0; i < relatedEntries.Length; i++)
{
var entry = relatedEntries[i];
if (i == 0)
{
aggregatedPermissions.AddRange(entry.Permissions.Select(permission => new AggregatedPermission
{
Name = permission.Name, Index = PermissionType.GetByName(permission.Name).Index
}));
}
foreach (var perm in entry.Permissions)
{
var aggregatedPermission = aggregatedPermissions.First(x => x.Name == perm.Name);
if (perm.Allow)
{
aggregatedPermission.AllowedFrom.Add(new PermissionSource
{
Path = perm.AllowFrom,
Identity = GetIdentity(entry)
});
}
else if (perm.Deny)
{
aggregatedPermission.DeniedFrom.Add(new PermissionSource
{
Path = perm.DenyFrom,
Identity = GetIdentity(entry)
});
}
}
}
if (!aggregatedPermissions.Any())
{
aggregatedPermissions.AddRange(PermissionType.PermissionTypes.Select(permissionType => new AggregatedPermission
{
Name = permissionType.Name,
Index = permissionType.Index
}));
}
return(aggregatedPermissions.ToArray());
}
internal static void ApplyAclModifications(SnAclEditor ed, AccessControlList origAcl, AccessControlList acl)
{
if (origAcl.EntityId != acl.EntityId)
{
throw new InvalidOperationException();
}
var newEntries = new List <AceInfo>();
var entityId = origAcl.EntityId;
foreach (var entry in acl.Entries)
{
if (entry.IdentityId == Identifiers.SomebodyUserId)
{
continue;
}
var origEntry = origAcl.Entries.Where(x => x.IdentityId == entry.IdentityId && x.LocalOnly == entry.LocalOnly).FirstOrDefault();
// play modifications
var ident = entry.IdentityId;
var localOnly = entry.LocalOnly;
var perms = entry.Permissions.ToArray();
if (origEntry == null)
{
ed.Set(entityId, ident, localOnly, GetEditedBits(entry.Permissions));
}
else
{
var origPerms = origEntry.Permissions.ToArray();
// reset readonly bits
for (int i = PermissionType.PermissionCount - 1; i >= 0; i--)
{
var perm = perms[i];
var origPerm = origPerms[i];
if (!perm.DenyEnabled && origPerm.Deny)
{
ed.SetPermission(entityId, ident, localOnly, PermissionType.GetByName(perm.Name), PermissionValue.Undefined);
}
if (!perm.AllowEnabled && origPerm.Allow)
{
ed.SetPermission(entityId, ident, localOnly, PermissionType.GetByName(perm.Name), PermissionValue.Undefined);
}
}
// reset deny bits
for (int i = PermissionType.PermissionCount - 1; i >= 0; i--)
{
var perm = perms[i];
var origPerm = origPerms[i];
if (perm.DenyEnabled)
{
if (origPerm.Deny && !perm.Deny) // reset
{
ed.SetPermission(entityId, ident, localOnly, PermissionType.GetByName(perm.Name), PermissionValue.Undefined);
}
}
}
// reset allow bits
for (int i = 0; i < PermissionType.PermissionCount; i++)
{
var perm = perms[i];
var origPerm = origPerms[i];
if (perm.AllowEnabled)
{
if (origPerm.Allow && !perm.Allow) // reset
{
ed.SetPermission(entityId, ident, localOnly, PermissionType.GetByName(perm.Name), PermissionValue.Undefined);
}
}
}
// set allow bits
for (int i = 0; i < PermissionType.PermissionCount; i++)
{
var perm = perms[i];
var origPerm = origPerms[i];
if (origPerm.AllowEnabled)
{
if (!origPerm.Allow && perm.Allow) // set
{
ed.SetPermission(entityId, ident, localOnly, PermissionType.GetByName(perm.Name), PermissionValue.Allowed);
}
}
}
// set deny bits
for (int i = PermissionType.PermissionCount - 1; i >= 0; i--)
{
var perm = perms[i];
var origPerm = origPerms[i];
if (perm.DenyEnabled)
{
if (!origPerm.Deny && perm.Deny) // set
{
ed.SetPermission(entityId, ident, localOnly, PermissionType.GetByName(perm.Name), PermissionValue.Denied);
}
}
}
}
}
ed.Apply();
}
public static IEnumerable <PermissionType> GetPermissionTypesByNames(IEnumerable <string> names)
{
return(names.Select(n => PermissionType.GetByName(n)).ToArray());
}
