public ReadOnlySecurity()
{
FolderClaimsResolverFunc = fi =>
{
var claims = FolderClaims.CreateRestricted();
claims.AllowListContents = true;
return(claims);
};
FileClaimsResolverFunc = fi =>
{
var claims = FileClaims.CreateRestricted();
claims.AllowReadData = true;
return(claims);
};
}
private TTransfer InitTransferImpl(string submittedResourceFilePath, bool overwrite, long resourceLength, string contentType)
{
const FileSystemTask context = FileSystemTask.UploadTokenRequest;
//validate maximum file size
var maxFileSize = GetMaxFileUploadSize();
if (maxFileSize.HasValue && maxFileSize < resourceLength)
{
string msg = "Upload for file [{0}] denied: Resource length of [{1}] is above the maximum upload limit of [{2}] bytes.";
msg = String.Format(msg, submittedResourceFilePath, resourceLength, maxFileSize.Value);
throw new ResourceAccessException(msg);
}
//of course, the length cannot be negative
if (resourceLength < 0)
{
string msg = "Upload for file [{0}] denied: Resource length cannot be negative [{1}].";
msg = String.Format(msg, submittedResourceFilePath, resourceLength);
throw new ResourceAccessException(msg);
}
TFile fileItem = CreateFileItemImpl(submittedResourceFilePath, false, context);
if (fileItem.Exists && !overwrite)
{
AuditHelper.AuditDeniedOperation(Auditor, context, AuditEvent.FileAlreadyExists, fileItem);
string msg = String.Format("Cannot upload file [{0}] without overwriting existing data - a file already exists at this location.", submittedResourceFilePath);
throw new ResourceOverwriteException(msg)
{
IsAudited = true
};
}
//get authorization
TFolder parentFolder = GetParentFolder(fileItem, context);
//validate file system specific restrictions
VerifyCanUploadFileToFileSystemLocation(submittedResourceFilePath, parentFolder, fileItem);
//get parent folder and check whether files can be added
FolderClaims folderClaims = GetParentFolderClaims(fileItem, parentFolder);
if (!folderClaims.AllowAddFiles)
{
//deny adding a file to that folder
AuditHelper.AuditDeniedOperation(Auditor, context, AuditEvent.CreateFileDenied, fileItem);
string msg = "Cannot create file at [{0}] - adding files to the folder is not permitted.";
msg = String.Format(msg, submittedResourceFilePath);
throw new ResourceAccessException(msg)
{
IsAudited = true
};
}
//only overwrite a file if explicitly requested
FileClaims claims = GetFileClaims(fileItem);
if (fileItem.Exists)
{
if (!claims.AllowOverwrite)
{
AuditHelper.AuditDeniedOperation(Auditor, context, AuditEvent.FileDataOverwriteDenied, fileItem);
string msg = "Overwriting file [{0}] was denied due to missing permission.";
msg = String.Format(msg, submittedResourceFilePath);
throw new ResourceOverwriteException(msg)
{
IsAudited = true
};
}
}
//try to get lock
ResourceLockGuard writeLock = LockResourceForUpload(fileItem);
if (writeLock != null && !writeLock.IsLockEnabled)
{
AuditHelper.AuditDeniedOperation(Auditor, context, AuditEvent.FileReadLockDenied, fileItem);
string msg = "The file [{0}] is currently locked and cannot be accessed.";
msg = String.Format(msg, submittedResourceFilePath);
throw new ResourceLockedException(msg)
{
IsAudited = true
};
}
//create upload token
UploadToken token = CreateUploadToken(submittedResourceFilePath, fileItem, resourceLength, contentType);
//create expiration job if we have an expiration time
Job <UploadToken> job = null;
if (token.ExpirationTime.HasValue)
{
job = ScheduleExpiration(token);
}
//create and cache transfer instance
TTransfer transfer = CreateTransfer(submittedResourceFilePath, fileItem, parentFolder, token, claims, writeLock, job);
TransferStore.AddTransfer(transfer);
AuditHelper.AuditResourceOperation(Auditor, context, AuditEvent.UploadTokenIssued, fileItem);
return(transfer);
}
