internal SecurityEntry[] SetAcl(SnAccessControlList acl) { var result = new List <SecurityEntry>(); //var acl0 = GetAcl(nodeId, path, creatorId); foreach (var entry in acl.Entries) { var values = new PermissionValue[ActiveSchema.PermissionTypes.Count]; foreach (var perm in entry.Permissions) { //var id = ActiveSchema.PermissionTypes[perm.Name].Id; //var allow = perm.AllowFrom == null ? perm.Allow : false; //var deny = perm.DenyFrom == null ? perm.Deny : false; //var value = deny ? PermissionValue.Deny : (allow ? PermissionValue.Allow : PermissionValue.NonDefined); //values[id - 1] = value; var id = ActiveSchema.PermissionTypes[perm.Name].Id; var value = perm.Deny ? PermissionValue.Deny : (perm.Allow ? PermissionValue.Allow : PermissionValue.NonDefined); values[id - 1] = value; } result.Add(new SecurityEntry(acl.NodeId, entry.Identity.NodeId, entry.Propagates, values)); } return(result.ToArray()); }
//============================================================================= for editing internal SnAccessControlList GetAcl(int nodeId, string path, int creatorId, int lastModifierId) { var acl = new SnAccessControlList { Path = path, NodeId = nodeId, Creator = SnIdentity.Create(creatorId), LastModifier = SnIdentity.Create(lastModifierId) }; var firstPermInfo = GetFirstInfo(path); if (firstPermInfo == null) { return(acl); } return(firstPermInfo.BuildAcl(acl)); }
internal SnAccessControlList BuildAcl(SnAccessControlList acl) { //var principals = GetEffectedPrincipals(); var aces = new Dictionary <int, SnAccessControlEntry>(); for (var permInfo = this; permInfo != null; permInfo = permInfo.Inherits ? permInfo.Parent : null) { foreach (var permSet in permInfo.PermissionSets) { // get ace by princ var princ = permSet.PrincipalId; SnAccessControlEntry ace; if (!aces.TryGetValue(princ, out ace)) { ace = SnAccessControlEntry.CreateEmpty(princ, permSet.Propagates); aces.Add(princ, ace); } // get permissions and paths int mask = 1; for (int i = 0; i < ActiveSchema.PermissionTypes.Count; i++) { var permission = ace.Permissions.ElementAt(i); if (!permission.Deny) { if ((permSet.DenyBits & mask) != 0) { permission.Deny = true; permission.DenyFrom = SearchFirstPath(acl.Path, permInfo, permSet, mask, true); } } if (!permission.Allow) { var allow = (permSet.AllowBits & mask) != 0; if ((permSet.AllowBits & mask) != 0) { permission.Allow = true; permission.AllowFrom = SearchFirstPath(acl.Path, permInfo, permSet, mask, false); } } mask = mask << 1; } } } acl.Inherits = acl.Path == this.Path ? this.Inherits : true; acl.Entries = aces.Values.ToArray(); return(acl); }
internal void RebuildAceVisiblityList(SnAccessControlList acl) { this.AceVisiblityList.Clear(); foreach (var entry in acl.Entries) { this.AceVisiblityList.Add(Guid.NewGuid().ToString().Replace("-", ""), "0"); } }
private static IEnumerable<SecurityEntry> GetEntriesFromAcl(AclEditor ed, SnAccessControlList origAcl, SnAccessControlList acl) { var newEntries = new List<SecurityEntry>(); foreach (var entry in acl.Entries) { var origEntry = origAcl.Entries.Where(x => x.Identity.NodeId == entry.Identity.NodeId && x.Propagates == entry.Propagates).FirstOrDefault(); if (origEntry == null) { ed.AddEntry(entry); } else { //---- play modifications var ident = entry.Identity.NodeId; var propagates = entry.Propagates; var perms = entry.Permissions.ToArray(); var origPerms = origEntry.Permissions.ToArray(); //---- reset deny bits for (int i = ActiveSchema.PermissionTypes.Count - 1; i >= 0; i--) { var perm = perms[i]; var origPerm = origPerms[i]; if (perm.DenyEnabled) if (origPerm.Deny && !perm.Deny) // reset { ed.SetPermission(ident, propagates, ActiveSchema.PermissionTypes[perm.Name], PermissionValue.NonDefined); //Trace.WriteLine("@> Reset deny " + perm.Name); } } //---- reset allow bits for (int i = 0; i < ActiveSchema.PermissionTypes.Count; i++) { var perm = perms[i]; var origPerm = origPerms[i]; if (perm.AllowEnabled) if (origPerm.Allow && !perm.Allow) // reset { ed.SetPermission(ident, propagates, ActiveSchema.PermissionTypes[perm.Name], PermissionValue.NonDefined); //Trace.WriteLine("@> Reset allow " + perm.Name); } } //---- set allow bits for (int i = 0; i < ActiveSchema.PermissionTypes.Count; i++) { var perm = perms[i]; var origPerm = origPerms[i]; if (perm.AllowEnabled) if (!origPerm.Allow && perm.Allow) // set { ed.SetPermission(ident, propagates, ActiveSchema.PermissionTypes[perm.Name], PermissionValue.Allow); //Trace.WriteLine("@> Set allow " + perm.Name); } } //---- set deny bits for (int i = ActiveSchema.PermissionTypes.Count - 1; i >= 0; i--) { var perm = perms[i]; var origPerm = origPerms[i]; if (perm.DenyEnabled) if (!origPerm.Deny && perm.Deny) // set { ed.SetPermission(ident, propagates, ActiveSchema.PermissionTypes[perm.Name], PermissionValue.Deny); //Trace.WriteLine("@> Set deny " + perm.Name); } } //---- reset entry if it is subset of the original (entry will be removed) var newEntry = ed.GetEntry(entry.Identity.NodeId, entry.Propagates); var newPerms = newEntry.Permissions.ToArray(); var deletable = true; for (int i = 0; i < newPerms.Length; i++) { var newPerm = newPerms[i]; var origPerm = origPerms[i]; if (newPerm.AllowEnabled && newPerm.Allow) { deletable = false; break; } if (newPerm.DenyEnabled && newPerm.Deny) { deletable = false; break; } } if (deletable) newEntry.SetPermissionsBits(0, 0); } } var entries = PermissionEvaluator.Instance.SetAcl(ed.Acl); return entries; }
private static void SetAcl(Node node, SnAccessControlList acl) { Assert(node, PermissionType.SetPermissions); var entriesToSet = GetEntriesFromAcl(new AclEditor(node), new AclEditor(node).Acl, acl); WriteEntries(entriesToSet); Reset(); }
public static void SetAcl(SnAccessControlList acl, string path) { var node = Node.LoadNode(path); if (node == null) throw GetNodeNotFoundEx(path); SetAcl(node, acl); }
//============================================================================= for editing internal SnAccessControlList GetAcl(int nodeId, string path, int creatorId, int lastModifierId) { var acl = new SnAccessControlList { Path = path, NodeId = nodeId, Creator = SnIdentity.Create(creatorId), LastModifier = SnIdentity.Create(lastModifierId) }; var firstPermInfo = GetFirstInfo(path); if (firstPermInfo == null) return acl; return firstPermInfo.BuildAcl(acl); }
public void SetAcl(SnAccessControlList acl) { SetAcl(this._node, acl); }
public AclEditor(Node node) { this.node = node; this.acl = node.Security.GetAcl(); }
public ActionResult SetACL(SnAccessControlList acl) { var node = Node.LoadNode(acl.Path); node.Security.SetAcl(acl); return null; }
private string SetAclTest(int operationNumber, string initial, string readOnlyMask, string set, string expected) { if (readOnlyMask == null) readOnlyMask = initial.Replace("+", "r").Replace("-", "r"); //Trace.WriteLine(String.Format("@> TEST #{0}: {1} | {2} | {3} | {4}", operationNumber, initial, readOnlyMask, set, expected)); var node = TestRoot; var visitor = User.Visitor; var ident = new SnIdentity { Kind = SnIdentityKind.User, Name = "Visitor", NodeId = visitor.Id, Path = visitor.Path }; var permsEd = GetPermsFromString(initial, readOnlyMask); var entryEd = new SnAccessControlEntry { Identity = ident, Propagates = true, Permissions = permsEd }; var aclEd = new SnAccessControlList { NodeId = 9999, Creator = ident, Inherits = true, LastModifier = ident, Path = "asdf", Entries = new[] { entryEd } }; var perms0 = GetPermsFromString(initial, readOnlyMask); var entry0 = new SnAccessControlEntry { Identity = ident, Propagates = true, Permissions = perms0 }; var acl0 = new SnAccessControlList { NodeId = 9999, Creator = ident, Inherits = true, LastModifier = ident, Path = "asdf", Entries = new[] { entry0 } }; var perms1 = GetPermsFromString(set, readOnlyMask); var entry1 = new SnAccessControlEntry { Identity = ident, Propagates = true, Permissions = perms1 }; var acl1 = new SnAccessControlList { NodeId = 9999, Creator = ident, Inherits = true, LastModifier = ident, Path = "asdf", Entries = new[] { entry1 } }; var ed = node.Security.GetAclEditor(); ed.Acl = aclEd; // clone of acl0 var edAcc = new AclEditorAccessor(ed); var secAcc = new SecurityHandlerAccessor(node.Security); var entries = secAcc.GetEntriesFromAcl(ed, acl0, acl1); var resultEntry = SearchEntry(entries, User.Visitor, true); var result = resultEntry.ValuesToString(); if (result == expected) return null; return String.Concat("State is '", result, "', expected '", expected, "' at operation ", operationNumber); }
public IEnumerable<SecurityEntry> GetEntriesFromAcl(AclEditor ed, SnAccessControlList origAcl, SnAccessControlList acl) { return (IEnumerable<SecurityEntry>)CallPrivateStaticMethod("GetEntriesFromAcl", new Type[] { typeof(AclEditor), typeof(SnAccessControlList), typeof(SnAccessControlList) }, ed, origAcl, acl); }
internal SecurityEntry[] SetAcl(SnAccessControlList acl) { var result = new List<SecurityEntry>(); //var acl0 = GetAcl(nodeId, path, creatorId); foreach (var entry in acl.Entries) { var values = new PermissionValue[ActiveSchema.PermissionTypes.Count]; foreach (var perm in entry.Permissions) { //var id = ActiveSchema.PermissionTypes[perm.Name].Id; //var allow = perm.AllowFrom == null ? perm.Allow : false; //var deny = perm.DenyFrom == null ? perm.Deny : false; //var value = deny ? PermissionValue.Deny : (allow ? PermissionValue.Allow : PermissionValue.NonDefined); //values[id - 1] = value; var id = ActiveSchema.PermissionTypes[perm.Name].Id; var value = perm.Deny ? PermissionValue.Deny : (perm.Allow ? PermissionValue.Allow : PermissionValue.NonDefined); values[id - 1] = value; } result.Add(new SecurityEntry(acl.NodeId, entry.Identity.NodeId, entry.Propagates, values)); } return result.ToArray(); }
public static void SetAcl(SnAccessControlList acl, int nodeId) { var node = Node.LoadNode(nodeId); if (node == null) throw GetNodeNotFoundEx(nodeId); SetAcl(node, acl); }
internal SnAccessControlList BuildAcl(SnAccessControlList acl) { //var principals = GetEffectedPrincipals(); var aces = new Dictionary<int, SnAccessControlEntry>(); for (var permInfo = this; permInfo != null; permInfo = permInfo.Inherits ? permInfo.Parent : null) { foreach (var permSet in permInfo.PermissionSets) { // get ace by princ var princ = permSet.PrincipalId; SnAccessControlEntry ace; if (!aces.TryGetValue(princ, out ace)) { ace = SnAccessControlEntry.CreateEmpty(princ, permSet.Propagates); aces.Add(princ, ace); } // get permissions and paths int mask = 1; for (int i = 0; i < ActiveSchema.PermissionTypes.Count; i++) { var permission = ace.Permissions.ElementAt(i); if (!permission.Deny) { if ((permSet.DenyBits & mask) != 0) { permission.Deny = true; permission.DenyFrom = SearchFirstPath(acl.Path, permInfo, permSet, mask, true); } } if (!permission.Allow) { var allow = (permSet.AllowBits & mask) != 0; if ((permSet.AllowBits & mask) != 0) { permission.Allow = true; permission.AllowFrom = SearchFirstPath(acl.Path, permInfo, permSet, mask, false); } } mask = mask << 1; } } } acl.Inherits = acl.Path == this.Path ? this.Inherits : true; acl.Entries = aces.Values.ToArray(); return acl; }
private string AclEntriesToString(SnAccessControlList acl) { var sb = new StringBuilder(); sb.AppendLine(" <Entries>"); foreach (var ace in acl.Entries) { sb.Append(" <Entry identityId='").Append(ace.Identity.NodeId).Append("'"); sb.Append(" identityKind='").Append(ace.Identity.Kind).Append("'"); sb.Append(" propagates='").Append(ace.Propagates).Append("'"); sb.AppendLine("/>"); foreach (var perm in ace.Permissions) { sb.Append(" <Perm name='").Append(perm.Name).Append("'"); sb.Append(" allow='").Append(perm.Allow).Append("'"); sb.Append(" allowEnabled='").Append(perm.AllowEnabled).Append("'"); sb.Append(" allowFrom='").Append(perm.AllowFrom).Append("'"); sb.Append(" deny='").Append(perm.Deny).Append("'"); sb.Append(" denyEnabled='").Append(perm.DenyEnabled).Append("'"); sb.Append(" denyFrom='").Append(perm.DenyFrom).Append("'"); sb.AppendLine("/>"); } sb.AppendLine(" </Entry>"); } sb.AppendLine(" </Entries>"); return sb.ToString(); }