public bool AddPermissOrForbid(CS505Project1.Domains.Permission permission) { //Check than an entry isn't conflicting with another entry if (IsConflicting(permission)) { return(false); } int userId = GetUserId(permission.user_name); if (userId == 0) { return(false); //User was not found } try { if (permission.type == Domains.Permission_Type.FORBIDDEN) { //Check that this isn't already in forbidden table string check_query = string.Format(query_FORBIDDENRULE_EXISTS, userId, permission.table_name, BoolToInt(permission.write), BoolToInt(permission.grant)); List <string> result = GetRecords(check_query); if (result.Count != 0 && !string.IsNullOrEmpty(result[0]) && (result[0] != "0")) { throw new Exception("Attempted grant permission already exists or is superseded by a more powerful permission", null); } NonQuery(string.Format(query_ADDTOFORBIDDEN, userId, permission.table_name, BoolToInt(permission.write), BoolToInt(permission.grant))); } else { //Check that this isn't already in forbidden table string check_query = string.Format(query_PERMITTEDRULE_EXISTS, userId, permission.table_name, BoolToInt(permission.write), BoolToInt(permission.grant)); List <string> result = GetRecords(check_query); if (result.Count != 0 && !string.IsNullOrEmpty(result[0]) && (result[0] != "0")) { throw new Exception("Attempted grant permission already exists or is superseded by a more powerful permission", null); } NonQuery(string.Format(query_ADDTOPERMITTED, userId, permission.table_name, BoolToInt(permission.write), BoolToInt(permission.grant))); } } catch (Exception ex) { if (_connection.State == System.Data.ConnectionState.Open) { _connection.Close(); } throw ex; } return(true); }
/// <summary> /// ISCONFLICTING /// Checks that a suggested permission (either permit or forbid) doesn't conflict with an existing entry /// </summary> /// <param name="permission"></param> /// <returns>TRUE if conflict exists. False if this is a completely legal action</returns> private bool IsConflicting(CS505Project1.Domains.Permission permission) { //Get UserID: int userId = GetUserId(permission.user_name); //Using a grantAction object because it's the same idea, and Admin has all permissions permitted Domains.GrantAction grantAction = new Domains.GrantAction() { grantor_name = "admin", grantee_name = permission.user_name, table_name = permission.table_name, grant = permission.grant }; if (permission.write) { grantAction.operation = Domains.Operation_Type.INSERT; } else { grantAction.operation = Domains.Operation_Type.SELECT; } //Check if permitting or forbidding an action: if (permission.type == Domains.Permission_Type.PERMITTED) { //Check that this isn't already forbidden: if (IsGrantForbidden(grantAction)) { throw new Exception("CONFLICT while attempting to permit action!", null); return(true); //conflict } else { return(false); } } else { if (IsPermitted(grantAction)) { throw new Exception("CONFLICT while attempting to forbid action!", null); return(true); //conflict } else { return(false); } } }