internal void SpecialSplit(ref TokenBasedSet unrestrictedPermSet, ref TokenBasedSet normalPermSet, bool ignoreTypeLoadFailures) { int maxUsedIndex = this.GetMaxUsedIndex(); for (int i = this.GetStartingIndex(); i <= maxUsedIndex; i++) { object item = this.GetItem(i); if (item != null) { IPermission perm = item as IPermission; if (perm == null) { perm = PermissionSet.CreatePerm(item, ignoreTypeLoadFailures); } PermissionToken token = PermissionToken.GetToken(perm); if ((perm != null) && (token != null)) { if (perm is IUnrestrictedPermission) { if (unrestrictedPermSet == null) { unrestrictedPermSet = new TokenBasedSet(); } unrestrictedPermSet.SetItem(token.m_index, perm); } else { if (normalPermSet == null) { normalPermSet = new TokenBasedSet(); } normalPermSet.SetItem(token.m_index, perm); } } } } }
protected void UpdateEntity <TEntity>(int id, Action <TEntity> func, PermissionToken permissionFlags, bool skipLog = false) { var typeName = typeof(TEntity).Name; SysLog(string.Format("is about to update {0} with Id {1}", typeName, id)); PermissionContext.VerifyPermission(permissionFlags); HandleTransaction(session => { var entity = session.Load <TEntity>(id); if (!skipLog) { AuditLog("updating " + entity, session); } else { SysLog("updating " + entity); } func(entity); session.Update(entity); }, "Unable to update " + typeName); }
public bool HasPermission(PermissionToken token) { if (token == PermissionToken.Nothing) return true; if (!IsLoggedIn || !LoggedUser.Active) return false; if (token == PermissionToken.ManageDatabase && LockdownEnabled) return false; return (LoggedUser.EffectivePermissions.Contains(token)); }
public void VerifyPermission(PermissionToken flag) { if (!HasPermission(flag)) { log.Warn("User '{0}' does not have the requested permission '{1}'", Name, flag); throw new NotAllowedException(); } }
public ServerOnlyUserWithPermissionsContract ToContract() { return(new ServerOnlyUserWithPermissionsContract { Active = Active, Email = Email ?? string.Empty, GroupId = GroupId, Id = Id, Name = Name, OwnedArtistEntries = OwnedArtists.ToArray(), Poisoned = Poisoned, Supporter = Supporter, AdditionalPermissions = new HashSet <PermissionToken>(Permissions.Where(p => p.HasFlag).Select(p => PermissionToken.GetById(p.PermissionType.Id))) }); }
public static void UpdateEntity <TEntity, TRepositoryContext>(this IRepositoryBase <TRepositoryContext> repository, int id, Action <TRepositoryContext, TEntity> func, PermissionToken permissionFlags, IUserPermissionContext permissionContext, bool skipLog = false) where TRepositoryContext : IDatabaseContext { var typeName = typeof(TEntity).Name; permissionContext.VerifyPermission(permissionFlags); repository.HandleTransaction(session => { session.AuditLogger.SysLog(string.Format("is about to update {0} with Id {1}", typeName, id)); var entity = session.Load <TEntity>(id); if (!skipLog) { session.AuditLogger.AuditLog("updating " + entity); } else { session.AuditLogger.SysLog("updating " + entity); } func(session, entity); session.OfType <TEntity>().Update(entity); }, "Unable to update " + typeName); }
public static string PermissionTokenName(PermissionToken token) { var t = PermissionToken.GetById(token.Id); return PermissionTokenNames.ResourceManager.GetString(t.Name) ?? t.Name; }
/// <summary> /// 根据Token字符串获得PermissionToken对象 /// </summary> /// <param name="TokenStr">Token字符串</param> /// <returns></returns> public PermissionToken GetPermissionTokenByTokenStr(string TokenStr) { PermissionToken permissionToken = context.PermissionToken.Where(P => P.TokenStr == TokenStr).FirstOrDefault(); return(permissionToken); }
public UserWithPermissionsContract ToContract() { return(new UserWithPermissionsContract { Active = this.Active, GroupId = this.GroupId, Id = this.Id, Name = this.Name, OwnedArtistEntries = OwnedArtists.ToArray(), Poisoned = this.Poisoned, AdditionalPermissions = new HashSet <PermissionToken>(Permissions.Where(p => p.HasFlag).Select(p => PermissionToken.GetById(p.PermissionType.Id))) }); }
public static string PermissionTokenName(PermissionTokenContract token) { return(PermissionTokenNames.ResourceManager.GetString(PermissionToken.GetNameById(token.Id))); }
public static string PermissionTokenName(PermissionTokenContract token) { var t = PermissionToken.GetById(token.Id); return(PermissionTokenNames.ResourceManager.GetString(t.Name) ?? t.Name); }
public PermissionTokenContract(PermissionToken token) { Id = token.Id; Name = token.Name; }
public static string PermissionTokenName(PermissionToken token) { return PermissionTokenNames.ResourceManager.GetString(PermissionToken.GetNameById(token.Id)); }
internal void GetZoneAndOrigin(ArrayList zoneList, ArrayList originList, PermissionToken zoneToken, PermissionToken originToken) { this.CompleteConstruction((CompressedStack)null); if (this.PLS == null) { return; } this.PLS.GetZoneAndOrigin(zoneList, originList, zoneToken, originToken); }
[System.Security.SecurityCritical] // auto-generated internal void GetZoneAndOrigin(ArrayList zoneList, ArrayList originList, PermissionToken zoneToken, PermissionToken originToken) { CompleteConstruction(null); if (PLS != null) { PLS.GetZoneAndOrigin(zoneList, originList, zoneToken, originToken); } return; }
ParseElementForObjectCreation(SecurityElement el, String requiredNamespace, out String className, out int classNameStart, out int classNameLength) { className = null; classNameStart = 0; classNameLength = 0; int requiredNamespaceLength = requiredNamespace.Length; String fullClassName = el.Attribute("class"); if (fullClassName == null) { throw new ArgumentException(Environment.GetResourceString("Argument_NoClass")); } if (fullClassName.IndexOf('\'') >= 0) { fullClassName = fullClassName.Replace('\'', '\"'); } if (!PermissionToken.IsMscorlibClassName(fullClassName)) { return(false); } int commaIndex = fullClassName.IndexOf(','); int namespaceClassNameLength; // If the classname is tagged with assembly information, find where // the assembly information begins. if (commaIndex == -1) { namespaceClassNameLength = fullClassName.Length; } else { namespaceClassNameLength = commaIndex; } // Only if the length of the class name is greater than the namespace info // on our requiredNamespace do we continue // with our check. if (namespaceClassNameLength > requiredNamespaceLength) { // Make sure we are in the required namespace. if (fullClassName.StartsWith(requiredNamespace, StringComparison.Ordinal)) { className = fullClassName; classNameLength = namespaceClassNameLength - requiredNamespaceLength; classNameStart = requiredNamespaceLength; return(true); } } return(false); }
// Used to merge two distinct TokenBasedSets (used currently only in PermissionSet Deserialization) internal TokenBasedSet SpecialUnion(TokenBasedSet other, ref bool canUnrestrictedOverride) { // This gets called from PermissionSet.OnDeserialized and it's possible that the TokenBasedSets have // not been subjected to VTS callbacks yet OnDeserializedInternal(); TokenBasedSet unionSet = new TokenBasedSet(); int maxMax; if (other != null) { other.OnDeserializedInternal(); maxMax = this.GetMaxUsedIndex() > other.GetMaxUsedIndex() ? this.GetMaxUsedIndex() : other.GetMaxUsedIndex(); } else { maxMax = this.GetMaxUsedIndex(); } for (int i = 0; i <= maxMax; ++i) { Object thisObj = this.GetItem(i); IPermission thisPerm = thisObj as IPermission; ISecurityElementFactory thisElem = thisObj as ISecurityElementFactory; Object otherObj = (other != null)?other.GetItem(i):null; IPermission otherPerm = otherObj as IPermission; ISecurityElementFactory otherElem = otherObj as ISecurityElementFactory; if (thisObj == null && otherObj == null) { continue; } if (thisObj == null) { if (otherElem != null) { otherPerm = PermissionSet.CreatePerm(otherElem, false); } PermissionToken token = PermissionToken.GetToken(otherPerm); if (token == null) { throw new SerializationException(Environment.GetResourceString("Serialization_InsufficientState")); } unionSet.SetItem(token.m_index, otherPerm); if (!CodeAccessPermission.CanUnrestrictedOverride(otherPerm)) { canUnrestrictedOverride = false; } } else if (otherObj == null) { if (thisElem != null) { thisPerm = PermissionSet.CreatePerm(thisElem, false); } PermissionToken token = PermissionToken.GetToken(thisPerm); if (token == null) { throw new SerializationException(Environment.GetResourceString("Serialization_InsufficientState")); } unionSet.SetItem(token.m_index, thisPerm); if (!CodeAccessPermission.CanUnrestrictedOverride(thisPerm)) { canUnrestrictedOverride = false; } } else { BCLDebug.Assert((thisObj == null || otherObj == null), "Permission cannot be in both TokenBasedSets"); } } return(unionSet); }
/// <summary> /// 根据Uid获得Token字符串 /// </summary> /// <param name="Uid">用户Id</param> /// <returns></returns> public string GetTokenStrByUid(string Uid) { PermissionToken permissionToken = context.PermissionToken.Find(Uid); return(permissionToken != null ? permissionToken.TokenStr : null); }
public PermissionFlagEntry(PermissionToken permissionType, bool hasFlag, bool hasPermission) { PermissionType = new PermissionTokenContract(permissionType); HasFlag = hasFlag; HasPermission = hasPermission; }
internal bool CheckDemandNoHalt(CodeAccessPermission demand, PermissionToken permToken, RuntimeMethodHandle rmh) { this.CompleteConstruction(null); return((this.PLS == null) || this.PLS.CheckDemand(demand, permToken, rmh)); }
/// <summary> /// 根据Uid获得Role /// </summary> /// <param name="Uid">用户Id</param> /// <returns></returns> public string GetRoleByUid(string Uid) { PermissionToken permissionToken = context.PermissionToken.Find(Uid); return(permissionToken != null ? permissionToken.Role : null); }
public void GrantPermission(PermissionToken permissionToken) { LoggedUser?.EffectivePermissions.Add(permissionToken); }
/// <summary> /// 根据Token字符串获得Uid /// </summary> /// <param name="TokenStr">Token字符串</param> /// <returns></returns> public string GetUidByTokenStr(string TokenStr) { PermissionToken permissionToken = context.PermissionToken.Where(P => P.TokenStr == TokenStr).FirstOrDefault(); return(permissionToken != null ? permissionToken.Uid : null); }
public void UpdateUser(UserWithPermissionsContract contract) { ParamIs.NotNull(() => contract); UpdateEntity <User>(contract.Id, (session, user) => { if (!EntryPermissionManager.CanEditUser(PermissionContext, user.GroupId)) { var loggedUser = GetLoggedUser(session); var msg = string.Format("{0} (level {1}) not allowed to edit {2}", loggedUser, loggedUser.GroupId, user); log.Error(msg); throw new NotAllowedException(msg); } if (EntryPermissionManager.CanEditGroupTo(PermissionContext, contract.GroupId)) { user.GroupId = contract.GroupId; } if (EntryPermissionManager.CanEditAdditionalPermissions(PermissionContext)) { user.AdditionalPermissions = new PermissionCollection(contract.AdditionalPermissions.Select(p => PermissionToken.GetById(p.Id))); } var diff = OwnedArtistForUser.Sync(user.AllOwnedArtists, contract.OwnedArtistEntries, a => user.AddOwnedArtist(session.Load <Artist>(a.Artist.Id))); SessionHelper.Sync(session, diff); user.Active = contract.Active; AuditLog(string.Format("updated {0}", EntryLinkFactory.CreateEntryLink(user)), session); }, PermissionToken.ManageUserPermissions, skipLog: true); }
/// <summary> /// 根据Uid获得PermissionToken对象 /// </summary> /// <param name="Uid">用户Id</param> /// <returns></returns> public PermissionToken GetPermissionTokenByUid(string Uid) { PermissionToken permissionToken = context.PermissionToken.Where(P => P.Uid == Uid).FirstOrDefault(); return(permissionToken); }