public PermissionDescriptor(string contentPath, IUser user, PermissionType permissionType, PermissionValue permissionValue) { AffectedPath = contentPath; AffectedUser = user; PType = permissionType; NewValue = permissionValue; }
public void SetPermission(ISecurityMember securityMember, bool isInheritable, PermissionType permissionType, PermissionValue permissionValue) { if (securityMember == null) throw new ArgumentNullException("securityMember"); if (permissionType == null) throw new ArgumentNullException("permissionType"); Assert(PermissionType.SetPermissions); var entry = PermissionEvaluator.Instance.GetExplicitEntry(this._node.Path, securityMember.Id); var allowBits = 0; var denyBits = 0; if (entry != null) { allowBits = entry.AllowBits; denyBits = entry.DenyBits; } SetBits(ref allowBits, ref denyBits, permissionType, permissionValue); var memberId = securityMember.Id; var permSet = new PermissionSet(memberId, isInheritable, allowBits, denyBits); entry = permSet.ToEntry(this.NodeId); DataProvider.Current.SetPermission(entry); Reset(); }
internal AclEditor SetPermission(int principalId, bool propagates, PermissionType permissionType, PermissionValue permissionValue) { var entry = GetEntry(principalId, propagates); var perm = GetSnPerm(entry, permissionType); int allowBits; int denyBits; entry.GetPermissionBits(out allowBits, out denyBits); SecurityHandler.SetBits(ref allowBits, ref denyBits, permissionType, permissionValue); entry.SetPermissionsBits(allowBits, denyBits); return this; }
private static string GetMessage(string msg, string path, int nodeId, PermissionType permissionType, IUser user) { var sb = new StringBuilder(msg ?? "Access denied."); if (path != null) sb.Append(" Path: ").Append(path); if (nodeId != 0) sb.Append(" NodeId: ").Append(nodeId); if (permissionType != null) sb.Append(" PermissionType: ").Append(permissionType.Name); if (user != null) sb.Append(" User: "******" UserId: ").Append(user.Id); return sb.ToString(); }
/*!!!*/ private static Exception GetAccessDeniedException(string path, int creatorId, int lastModifierId, string message, PermissionType[] permissionTypes, IUser user) { //TODO: #### az exception-ben legyen informacio, hogy a see pattant-e el! PermissionType deniedPermission = null; foreach (var permType in permissionTypes) { if (!HasSubTreePermission(path, creatorId, lastModifierId, permType)) { deniedPermission = permType; break; } } if (deniedPermission == null) throw new SenseNetSecurityException(path, null, user); if (message != null) throw new SenseNetSecurityException(path, deniedPermission, user, message); else throw new SenseNetSecurityException(path, deniedPermission, user); }
//======================================================================================================== Administration methods public void SetPermission(IUser user, bool isInheritable, PermissionType permissionType, PermissionValue permissionValue) { if (user == null) throw new ArgumentNullException("user"); SetPermission(user as ISecurityMember, isInheritable, permissionType, permissionValue); }
public SenseNetSecurityException(int nodeId, PermissionType permissionType, IUser user, string message) : base(GetMessage(message, null, nodeId, permissionType, user)) { }
internal PermissionValue GetSubtreePermission(string path, IUser user, bool isCreator, bool isLastModifier, PermissionType[] permissionTypes) { if (user.Id == -1) return PermissionValue.Allow; //======== #1: startbits: getpermbits //==> var principals = GetPrincipals(user, isCreator, isLastModifier); var allow = 0; var deny = 0; var firstPermInfo = GetFirstInfo(path); if (firstPermInfo.Path == path) firstPermInfo.AggregateLevelOnlyValues(principals, ref allow, ref deny); for (var permInfo = firstPermInfo; permInfo != null; permInfo = permInfo.Inherits ? permInfo.Parent : null) permInfo.AggregateEffectiveValues(principals, ref allow, ref deny); //==< var mask = GetPermissionMask(permissionTypes); if ((deny & mask) != 0) return PermissionValue.Deny; if ((allow & mask) != mask) return PermissionValue.NonDefined; // +r +1+++ | +1_++ | +1+++ // +r/a +1_++ | +1+++ | +1-++ // ==============|=======|======= // +++ | _++ | -++ // +r +1+++ | +1_++ | +1+++ // +r/a -1_++ | -1+++ | -1-++ // ==============|=======|======= // +++ | _++ | -++ // +r +1+++ | +1_++ | +1+++ // -r/a +1_++ | +1+++ | +1-++ // ==============|=======|======= // _++ | _++ | -++ // nem fugg a permissionset.inheritable ertektol // denybits: or, break: nem kell ujraszamolni // allowbits or, break: ujraszamolni //PermissionInfo subTreePermInfo; //if (entries.TryGetValue(path, out subTreePermInfo)) //{ // subTreePermInfo.GetSubtreePermission(path, principals, isCreator, isLastModifier, mask, ref allow, ref deny); //} //else //{ var p = path + "/"; var permInfos = from key in permissionTable.Keys where key.StartsWith(p) orderby key select permissionTable[key]; foreach (var permInfo in permInfos) { if (!permInfo.Inherits) { allow = 0; foreach (var entry in permInfo.PermissionSets) { if (!principals.Contains(entry.PrincipalId)) continue; allow |= entry.AllowBits; deny |= entry.DenyBits; } } foreach (var entry in permInfo.PermissionSets) { if (!principals.Contains(entry.PrincipalId)) continue; deny |= entry.DenyBits; } } //} if ((deny & mask) != 0) return PermissionValue.Deny; if ((allow & mask) != mask) return PermissionValue.NonDefined; return PermissionValue.Allow; }
public void DeletePermissionType(PermissionType permissionType) { _target.GetType().GetMethod("DeletePermissionType").Invoke(_target, new object[] { permissionType }); }
public SenseNetSecurityException(string path, PermissionType permissionType, IUser user, string message) : base(GetMessage(message, path, 0, permissionType, user)) { }
private string SetPermForcedSettingsTest(int operationNumber, Node node, ISecurityMember member, string startState, string expectedState, PermissionType permType, PermissionValue value) { return SetForcedSettingsTest(operationNumber, node, member, startState, expectedState, permType, value, false); }
internal bool HasPermission(string path, IUser user, bool isCreator, bool isLastModifier, PermissionType[] permissionTypes) { if (user.Id == -1) return true; var value = GetPermission(path, user, isCreator, isLastModifier, permissionTypes); if (RepositoryConfiguration.TracePermissionCheck) if (value != PermissionValue.Allow) Debug.WriteLine(String.Format("HasPermission> {0}, {1}, {2}, {3}", value, String.Join("|", permissionTypes.Select(x => x.Name).ToArray()), user.Username, path)); return value == PermissionValue.Allow; }
public override void DeletePermissionType(PermissionType permissionType) { StringBuilder sb = new StringBuilder(); if (permissionType == null) throw new ArgumentNullException("permissionType"); sb.Append(CreateCommentLine("Delete PermissionType: ", permissionType.Name)); sb.Append("DELETE FROM [dbo].[SchemaPermissionTypes] WHERE PermissionId = "); sb.Append(permissionType.Id).AppendLine(); AddScript(sb); }
protected internal override void SetPermission(int principalId, int nodeId, PermissionType permissionType, bool isInheritable, PermissionValue permissionValue) { WriteLog(MethodInfo.GetCurrentMethod(), principalId, nodeId, permissionType, isInheritable, permissionValue); base.SetPermission(principalId, nodeId, permissionType, isInheritable, permissionValue); }
internal bool HasSubTreePermission(string path, IUser user, bool isCreator, bool isLastModifier, PermissionType[] permissionTypes) { if (user.Id == -1) return true; var value = GetSubtreePermission(path, user, isCreator, isLastModifier, permissionTypes); return value == PermissionValue.Allow; }
private static void WriteDeletePermissionType(SchemaWriter writer, PermissionType permType) { writer.DeletePermissionType(permType); }
private int GetPermissionMask(PermissionType[] permissionTypes) { int mask = 0; foreach (var permissionType in permissionTypes) mask = mask | (1 << (permissionType.Id - 1)); return mask; }
public void SetPermission(IGroup group, bool isInheritable, PermissionType permissionType, PermissionValue permissionValue) { if (group == null) throw new ArgumentNullException("group"); SetPermission(group as ISecurityMember, isInheritable, permissionType, permissionValue); }
private string SetForcedSettingsTest(int operationNumber, Node node, ISecurityMember member, string startState, string expectedState, PermissionType permType, PermissionValue value, bool acl) { ResetSeeOpenOpenMinorPermissions(node, member); var perms = new PermissionValue[ActiveSchema.PermissionTypes.Count]; var permCount = perms.Length; for (int i = 0; i < startState.Length; i++) { if (startState[i] == '+') perms[permCount - i - 1] = PermissionValue.Allow; else if (startState[i] == '-') perms[permCount - i - 1] = PermissionValue.Deny; } //---- prerequisit node.Security.SetPermissions(member.Id, true, perms); //---- test operation if(acl) new AclEditor(node).SetPermission(member, true, permType, value).Apply(); else node.Security.SetPermission(member, true, permType, value); string result = null; SecurityEntry entry = null; foreach (var e in node.Security.GetExplicitEntries()) { if (e.PrincipalId == member.Id) { entry = e; break; } } if (entry == null) { result = "______________"; } else { var chars = new char[permCount]; var values = entry.PermissionValues; for (int i = 0; i < values.Length; i++) { if (values[i] == PermissionValue.Allow) chars[permCount - i - 1] = '+'; else if (values[i] == PermissionValue.Deny) chars[permCount - i - 1] = '-'; else chars[permCount - i - 1] = '_'; } result = new String(chars); } if (result == expectedState) return null; return String.Concat("State is '", result, "', expected '", expectedState, "' at operation ", operationNumber); }
public void SetPermission(IOrganizationalUnit orgUnit, bool isInheritable, PermissionType permissionType, PermissionValue permissionValue) { if (orgUnit == null) throw new ArgumentNullException("orgUnit"); SetPermission(orgUnit as ISecurityMember, isInheritable, permissionType, permissionValue); }
internal static PermissionType[] GetPermissionTypeFromIdArray(int[] idArray) { var result = new PermissionType[idArray.Length]; for (int i = 0; i < idArray.Length; i++) result[i] = PermissionType.GetById(idArray[i]); return result; }
internal static void SetBits(ref int allowBits, ref int denyBits, PermissionType permissionType, PermissionValue permissionValue) { var actionBit = 0x1 << (permissionType.Id - 1); switch (permissionValue) { case PermissionValue.Deny: if (actionBit == SEEBIT) denyBits |= SAVEGROUPBITS + OPENMINORBIT + OPENBIT + SEEBIT + MANAGELISTSANDWORKSPACESBIT; else if (actionBit == OPENBIT) denyBits |= SAVEGROUPBITS + OPENMINORBIT + OPENBIT + MANAGELISTSANDWORKSPACESBIT; else if (actionBit == OPENMINORBIT) denyBits |= SAVEGROUPBITS + OPENMINORBIT + MANAGELISTSANDWORKSPACESBIT; else if (actionBit == SEEPERMISSIONSBIT) denyBits |= SETPERMISSIONSBIT; else if (actionBit == SAVEBIT) denyBits |= MANAGELISTSANDWORKSPACESBIT; else if (actionBit == ADDNEWBIT) denyBits |= MANAGELISTSANDWORKSPACESBIT; else if (actionBit == DELETEBIT) denyBits |= MANAGELISTSANDWORKSPACESBIT; denyBits |= actionBit; allowBits &= ~denyBits; break; case PermissionValue.NonDefined: var abits = 0; var dbits = 0; if (actionBit == SEEBIT) { abits |= SAVEGROUPBITS + OPENMINORBIT + OPENBIT + SEEBIT; dbits |= ~(SEEBIT); } else if (actionBit == OPENBIT) { abits |= SAVEGROUPBITS + OPENMINORBIT + OPENBIT; dbits |= ~(SEEBIT | OPENBIT); } else if (actionBit == OPENMINORBIT) { abits |= SAVEGROUPBITS + OPENMINORBIT; dbits |= ~(SEEBIT | OPENBIT | OPENMINORBIT); } else if ((actionBit & SAVEGROUPBITS) != 0) { abits |= actionBit; dbits |= ~(actionBit | OPENMINORBIT | OPENBIT | SEEBIT); } else if (actionBit == SEEPERMISSIONSBIT) { abits |= SETPERMISSIONSBIT + SEEPERMISSIONSBIT; dbits |= ~SEEPERMISSIONSBIT; } else if (actionBit == SETPERMISSIONSBIT) { abits |= SETPERMISSIONSBIT; dbits |= ~(SETPERMISSIONSBIT | SEEPERMISSIONSBIT); } else if (actionBit == RUNAPPLICATIONBIT) { abits |= RUNAPPLICATIONBIT; dbits |= ~(RUNAPPLICATIONBIT); } else if (actionBit == MANAGELISTSANDWORKSPACESBIT) { abits |= MANAGELISTSANDWORKSPACESBIT; dbits |= ~(MANAGELISTSANDWORKSPACESBIT); } else { dbits = ~0; } allowBits &= ~abits; denyBits &= dbits; break; case PermissionValue.Allow: if ((actionBit & SAVEGROUPBITS) > 0) allowBits |= actionBit + SEEBIT + OPENBIT + OPENMINORBIT; else if (actionBit == OPENMINORBIT) allowBits |= actionBit + SEEBIT + OPENBIT; else if (actionBit == OPENBIT) allowBits |= actionBit + SEEBIT; else if (actionBit == SETPERMISSIONSBIT) allowBits |= SEEPERMISSIONSBIT; else if (actionBit == MANAGELISTSANDWORKSPACESBIT) allowBits |= actionBit + SEEBIT + OPENBIT + OPENMINORBIT + SAVEBIT + ADDNEWBIT + DELETEBIT; allowBits |= actionBit; denyBits &= ~allowBits; break; default: throw new NotSupportedException("Unknown PermissionValue: " + permissionValue); } }
public abstract void DeletePermissionType(PermissionType permissionType);
public SenseNetSecurityException(string path, PermissionType permissionType) : base(GetMessage(null, path, 0, permissionType, null)) { }
private static string GetPermissionCacheKey(int principalID, int nodeID, PermissionType type) { return string.Format(CultureInfo.InvariantCulture, "SN:NodePermissionCache:{0}:{1}:{2}", principalID, nodeID, type.Id); }
public SenseNetSecurityException(int nodeId, PermissionType permissionType) : base(GetMessage(null, null, nodeId, permissionType, null)) { }
public void DeletePermissionType(PermissionType permissionType) { if (permissionType.SchemaRoot != this) throw new SchemaEditorCommandException(SR.Exceptions.Schema.Msg_InconsistentHierarchy); this.PermissionTypes.Remove(permissionType); }
public AclEditor SetPermission(ISecurityMember securityMember, bool propagates, PermissionType permissionType, PermissionValue permissionValue) { return SetPermission(securityMember.Id, propagates, permissionType, permissionValue); }
internal PermissionValue GetPermission(string path, IUser user, bool isCreator, bool isLastModifier, PermissionType[] permissionTypes) { if (user.Id == -1) return PermissionValue.Allow; //==> var principals = GetPrincipals(user, isCreator, isLastModifier); var allow = 0; var deny = 0; var firstPermInfo = GetFirstInfo(path); if (firstPermInfo.Path == path) firstPermInfo.AggregateLevelOnlyValues(principals, ref allow, ref deny); for (var permInfo = firstPermInfo; permInfo != null; permInfo = permInfo.Inherits ? permInfo.Parent : null) permInfo.AggregateEffectiveValues(principals, ref allow, ref deny); //==< var mask = GetPermissionMask(permissionTypes); if ((deny & mask) != 0) return PermissionValue.Deny; if ((allow & mask) != mask) return PermissionValue.NonDefined; return PermissionValue.Allow; }
private static void PermissionTypeToXml(PermissionType permType, StringBuilder sb, string indent) { sb.Append(indent).AppendLine(String.Format(CultureInfo.CurrentCulture, "<PermissionType itemID=\"{0}\" name=\"{1}\" />", permType.Id, permType.Name)); }
private SnPermission GetSnPerm(SnAccessControlEntry entry, PermissionType permType) { return entry.Permissions.Where(p => p.Name == permType.Name).First(); }
protected internal override void SetPermission(int principalId, int nodeId, PermissionType permissionType, bool isInheritable, PermissionValue permissionValue) { SqlProcedure cmd = null; try { cmd = new SqlProcedure { CommandText = "proc_Security_SetPermission" }; cmd.Parameters.Add("@PrincipalId", SqlDbType.Int).Value = principalId; cmd.Parameters.Add("@NodeId", SqlDbType.Int).Value = nodeId; cmd.Parameters.Add("@PermissionTypeId", SqlDbType.Int).Value = permissionType.Id; cmd.Parameters.Add("@IsInheritable", SqlDbType.TinyInt).Value = isInheritable ? (byte)1 : (byte)0; cmd.Parameters.Add("@PermissionValue", SqlDbType.TinyInt).Value = (byte)permissionValue; cmd.ExecuteNonQuery(); } finally { cmd.Dispose(); } }