internal static bool CheckAccessFromUserNameImp(Services.Packages.ApiKey _object, string userName, string securityDescriptor) { if (!ApiKeySecureService.IsSecurableImp) return true; // Owner can do anything if (CheckUserRightsImp(userName, "Owner")) return true; // User could have constant rights on the class if (CheckUserRightsImp(userName, securityDescriptor + " " + typeof(Services.Packages.ApiKey).FullName)) return true; if (_object.Owner != null && _object.Owner.Name == userName) return true; ApiKeyAccessControlListCollection acls = _object.GetACLs(userName); if (acls.Count == 0) { if (userName.ToLowerInvariant() != "everyone") return CheckAccessFromUserNameImp(_object, "Everyone", securityDescriptor); else return false; } ApiKeyAccessControlList acl = acls[0]; ApiKeyAccessControlEntryCollection entries = ApiKeyAccessControlEntry.GetEntries(securityDescriptor.ToLowerInvariant(), acl); if (entries.Count == 0) { // Descriptor missing; Add-it ApiKeyAccessControlEntry entry = new ApiKeyAccessControlEntry(); entry.Descriptor = securityDescriptor.ToLowerInvariant(); entry.UserName = userName; entry.Allow = false; entry.ACL = acl; entry.Create(); return false; } if (!entries[0].Allow) { if (userName.ToLowerInvariant() != "everyone") return CheckAccessFromUserNameImp(_object, "Everyone", securityDescriptor); else return false; } return true; }
internal static void ChangeAccessImp(Services.Packages.ApiKey _object, string userName, string securityDescriptor, bool allow, string SessionToken) { // Check if user can do that ModelSession session = CheckSessionImp(SessionToken); if (CheckAccessImp(_object, SessionToken, "ChangeAccess")) { try { ApiKeyAccessControlListCollection acls = _object.GetACLs(userName); ApiKeyAccessControlList acl; if (acls.Count == 0) { acl = new ApiKeyAccessControlList(); acl.UserName = userName; acl.ApiKey = _object; acl.Create(); } else { acl = acls[0]; } ApiKeyAccessControlEntry entry = new ApiKeyAccessControlEntry(); entry.Descriptor = securityDescriptor.ToLowerInvariant(); entry.UserName = userName; entry.Allow = allow; entry.ACL = acl; entry.Create(); return; } catch { } } throw new UnauthorizedAccessException("Access Denied"); }