예제 #1
0
        public void AddMatchingAceAndIsInMatchingAcesTest()
        {
            AccessTypeStatistics accessTypeStatistics = new AccessTypeStatistics();
            var ace  = _testHelper.CreateAceWithAbstractRole();
            var ace2 = _testHelper.CreateAceWithoutGroupCondition();

            Assert.That(accessTypeStatistics.IsInMatchingAces(ace), Is.False);
            Assert.That(accessTypeStatistics.IsInMatchingAces(ace2), Is.False);

            accessTypeStatistics.AddMatchingAce(ace);
            Assert.That(accessTypeStatistics.IsInMatchingAces(ace), Is.True);
            Assert.That(accessTypeStatistics.IsInMatchingAces(ace2), Is.False);

            accessTypeStatistics.AddMatchingAce(ace2);
            Assert.That(accessTypeStatistics.IsInMatchingAces(ace), Is.True);
            Assert.That(accessTypeStatistics.IsInMatchingAces(ace2), Is.True);
        }
예제 #2
0
        public AccessInformation GetAccessTypes(SecurityToken token, AccessTypeStatistics accessTypeStatistics)
        {
            ArgumentUtility.CheckNotNull("token", token);

            var allowedAccessTypesResult = new HashSet <AccessTypeDefinition> ();
            var deniedAccessTypesResult  = new HashSet <AccessTypeDefinition> ();

            foreach (var ace in FindMatchingEntries(token))
            {
                var allowedAccesTypesForCurrentAce = ace.GetAllowedAccessTypes();
                var deniedAccessTypesForCurrentAce = ace.GetDeniedAccessTypes();

                // Add allowed/denied access types of ACE to result
                allowedAccessTypesResult.UnionWith(allowedAccesTypesForCurrentAce);
                deniedAccessTypesResult.UnionWith(deniedAccessTypesForCurrentAce);

                // Record the ACEs that contribute to the resulting AccessTypeDefinition-array.
                // The recorded information allows deduction of whether the probing ACE was matched for ACL-expansion code
                // (see AclExpander.AddAclExpansionEntry).
                if (accessTypeStatistics != null)
                {
                    accessTypeStatistics.AddMatchingAce(ace);
                    if (allowedAccesTypesForCurrentAce.Length > 0 || deniedAccessTypesForCurrentAce.Length > 0)
                    {
                        accessTypeStatistics.AddAccessTypesContributingAce(ace);
                    }
                }
            }

            // Deny always wins => Remove allowed access types which are also denied from result.
            foreach (var deniedAccessType in deniedAccessTypesResult)
            {
                allowedAccessTypesResult.Remove(deniedAccessType);
            }

            return(new AccessInformation(allowedAccessTypesResult.ToArray(), deniedAccessTypesResult.ToArray()));
        }