/// <summary> /// Grants permissions to the specified folder for the /// specified user. /// </summary> /// <param name="path">Full path to the folder.</param> /// <param name="username">Username to grant access for.</param> private void AddUserPermissionsToFolder(string path, string username, FileAccessPermission permission) { #region Old way of setting permissions with ICACLS as external process //switch (permission) //{ // case FileAccessPermission.ReadExecute: // { // System.Diagnostics.Process.Start("ICACLS", path + " /grant:r " + username + ":(OI)(CI)RX /T"); // } // break; // case FileAccessPermission.Full: // { // System.Diagnostics.Process.Start("ICACLS", path + " /grant:r " + username + ":(OI)(CI)F /T"); // } // break; //} #endregion var dirInfo = new DirectoryInfo(path); var dirSecurity = dirInfo.GetAccessControl(); switch (permission) { case FileAccessPermission.ReadExecute: dirSecurity.AddAccessRule( new FileSystemAccessRule ( username, FileSystemRights.ReadAndExecute | FileSystemRights.ExecuteFile | FileSystemRights.ListDirectory, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow ) ); break; case FileAccessPermission.Full: dirSecurity.AddAccessRule( new FileSystemAccessRule ( username, FileSystemRights.FullControl, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow ) ); break; } dirInfo.SetAccessControl(dirSecurity); }
private AuthoriseUserRequestHandler(AuthenticatedUser authenticatedUser, FileAccessPermission fileAccessPermission, File file) : base(false) { if (authenticatedUser is null) { throw new ArgumentNullException(nameof(authenticatedUser)); } if (file.IsEmpty) { throw new ArgumentOutOfRangeException(nameof(file)); } if (!Enum.IsDefined(typeof(FileAccessPermission), fileAccessPermission)) { fileAccessPermission = FileAccessPermission.View; } _authenticatedUser = authenticatedUser; _file = file; _fileAccessPermission = fileAccessPermission; }
public static AuthoriseUserRequestHandler With(AuthenticatedUser authenticatedUser, FileAccessPermission permission, File file) => new (authenticatedUser, permission, file);
async Task <UserFileAccessToken> IUserAuthenticationService.GenerateAccessToken(AuthenticatedUser authenticatedUser, File file, FileAccessPermission fileAccessPermission, CancellationToken cancellationToken) { if (authenticatedUser is null) { throw new ArgumentNullException(nameof(authenticatedUser)); } if (file.IsEmpty) { throw new ArgumentNullException(nameof(file)); } var expiresAtUtc = _systemClock.UtcNow.AddHours(3); // TODO - Could be a configuration setting var accessToken = await _userFileAccessTokenRepository.GenerateAsync(authenticatedUser, file, fileAccessPermission, expiresAtUtc, cancellationToken); return(accessToken); }
async Task <UserFileAccessToken> IUserFileAccessTokenRepository.GenerateAsync(AuthenticatedUser authenticatedUser, File file, FileAccessPermission fileAccessPermission, DateTimeOffset expiresAtUtc, CancellationToken cancellationToken) { if (authenticatedUser is null) { throw new ArgumentNullException(nameof(authenticatedUser)); } if (authenticatedUser.Id == Guid.Empty) { throw new ArgumentOutOfRangeException(nameof(authenticatedUser)); } if (file.IsEmpty) { throw new ArgumentNullException(nameof(file)); } if (expiresAtUtc == DateTimeOffset.MinValue) { throw new ArgumentOutOfRangeException(nameof(expiresAtUtc)); } if (expiresAtUtc == DateTimeOffset.MaxValue) { throw new ArgumentOutOfRangeException(nameof(expiresAtUtc)); } if (authenticatedUser.FileMetadata is null) { throw new ArgumentOutOfRangeException(nameof(authenticatedUser)); } if (file != authenticatedUser.FileMetadata.AsFile()) { throw new ArgumentOutOfRangeException(nameof(authenticatedUser)); } cancellationToken.ThrowIfCancellationRequested(); Debug.Assert(file.Id is not null); var id = Guid.NewGuid(); var accessToken = new UserFileAccessToken(id, authenticatedUser, fileAccessPermission, expiresAtUtc); var serialisedAccessToken = JsonSerializer.Serialize(accessToken); var partitionKey = file.Id; var rowKey = id.ToString(); var record = new Dictionary <string, object>() { { "UserId", authenticatedUser.Id }, { "FileId", file.Id }, { "ExpiresAtUtc", expiresAtUtc }, { "Token", serialisedAccessToken }, }; await _azureTableStoreClient.AddRecordAsync(_azureTableName, partitionKey, rowKey, record, cancellationToken); return(accessToken); }