static void Main(string[] args)
{
string pace = " {\r\n \"UId\": \"5595682b-1045-4114-af8b-090307242578\",\r\n \"RightType\": \"Suplex.Security.AclModel.FileSystemRight, Suplex.Security.Core, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null\",\r\n \"Right\": \"TakeOwnership\",\r\n \"Allowed\": true,\r\n \"Inheritable\": true,\r\n \"InheritedFrom\": \"9570128e-fba8-4455-b328-f30af56eabef\",\r\n \"TrusteeUId\": \"d8adefb2-a142-4397-82b3-9b0d9df37d08\"\r\n }";
string aace = "{\r\n \"UId\": \"3ac08eaa-700a-4ab4-9a90-1659db9ea25d\",\r\n \"RightType\": \"Suplex.Security.AclModel.RecordRight, Suplex.Security.Core, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null\",\r\n \"Right\": \"List, Insert, Delete\",\r\n \"Allowed\": true,\r\n \"Denied\": false,\r\n \"Inheritable\": true,\r\n \"InheritedFrom\": \"9733efc2-1cde-415e-af79-ff2d74f5e69d\",\r\n \"TrusteeUId\": \"d8adefb2-a142-4397-82b3-9b0d9df37d08\"\r\n}";
JsonAceConverter aceConverter = new JsonAceConverter();
IAccessControlEntry ace = JsonConvert.DeserializeObject <IAccessControlEntry>(aace, aceConverter);
string json = JsonConvert.SerializeObject(ace, aceConverter);
SuplexSecurityHttpApiClient client = new SuplexSecurityHttpApiClient("http://localhost:20000/suplex/");
// test secure object
SecureObject so = client.GetSecureObjectByUniqueName("New Root1", includeChildren: false, includeDisabled: true);
Console.WriteLine($"Original Parent {so.ParentUId}");
SecureObject soDest = client.GetSecureObjectByUniqueName("top.edited", includeChildren: false, includeDisabled: true);
//client.UpdateSecureObjectParentUId( so, soDest.UId );
//client.UpdateSecureObjectParentUId( so, null );
//client.UpdateSecureObjectParentUId( so.UId, soDest.UId );
client.UpdateSecureObjectParentUId(so.UId, null);
SecureObject found = client.GetSecureObjectByUniqueName("New Root1", includeChildren: false, includeDisabled: true);
Console.WriteLine($"After update Parent {found.ParentUId}");
Console.WriteLine("pause");
}
public virtual ISecureObject UpsertSecureObject(ISecureObject secureObject)
{
IList <SecureObject> list = Store.SecureObjects;
if (secureObject.ParentUId.HasValue)
{
SecureObject found = Store.SecureObjects.FindRecursive <SecureObject>(o => o.UId == secureObject.ParentUId);
if (found != null)
{
list = found.Children;
}
else
{
throw new KeyNotFoundException($"Could not find SecureContainer with ParentId: {secureObject.ParentUId}");
}
}
int index = list.FindIndex(o => o.UId == secureObject.UId);
if (index >= 0)
{
list[index].Sync((SecureObject)secureObject, shallow: false);
}
else
{
list.Add((SecureObject)secureObject);
}
return(secureObject);
}
/// <summary>
/// Initializes the <see cref="ProtectedType"/> with the <see cref="byte"/>[] and additional <see cref="SecureObject"/> instances to use to encrypt the data.
/// </summary>
/// <param name="value"> The <see cref="byte"/>[] value to protect. </param>
/// <param name="encryptionObjects"> The additional <see cref="SecureObject"/> instances to apply to the encryption. </param>
protected ProtectedType(byte[] value, params SecureObject[] encryptionObjects)
{
SecureObject[] currentEncryptionObj = new SecureObject[] { this };
memoryEncryptor = new MemoryEncryptor(encryptionObjects == null ? currentEncryptionObj : encryptionObjects.Concat(currentEncryptionObj).ToArray());
SetValue(value);
}
/// <summary>
/// Utility method to validate security access for a given right on Employee records
/// </summary>
/// <param name="recordRight">The right for which to validate access</param>
bool HasAccess(RecordRight recordRight)
{
//Look up security information by SecureObject->UniqueName => "EmployeeRecords" for the CurrentUser
SecureObject employeeSecurity = (SecureObject)_suplexDal.EvalSecureObjectSecurity("EmployeeRecords", CurrentUser);
//Assess AccessAllowed
return(employeeSecurity?.Security.Results.GetByTypeRight(recordRight).AccessAllowed ?? false);
}
public void Init()
{
_store = new SuplexStore();
_dal = new MemoryDal(_store);
so = new SecureObject {
UniqueName = "top"
};
_dal.UpsertSecureObject(so);
}
/// <summary>
/// Utility method to validate security access for a given right on Employee records
/// </summary>
/// <param name="recordRight">The right for which to validate access</param>
void HasAccessOrException(RecordRight recordRight)
{
//Look up security information by SecureObject->UniqueName => "EmployeeRecords" for the CurrentUser
SecureObject employeeSecurity = (SecureObject)_suplexDal.EvalSecureObjectSecurity("EmployeeRecords", CurrentUser);
//Assess AccessAllowed, throw Exception if no rights
if (!employeeSecurity?.Security.Results.GetByTypeRight(recordRight).AccessAllowed ?? true)
{
throw new Exception($"{CurrentUser} does not have rights to {recordRight} Employee records.");
}
}
public virtual ISecureObject GetSecureObjectByUniqueName(string uniqueName, bool includeChildren = true, bool includeDisabled = false)
{
SecureObject found = Store.SecureObjects.FindRecursive <SecureObject>(o => o.UniqueName.Equals(uniqueName, StringComparison.OrdinalIgnoreCase) && (o.IsEnabled || includeDisabled));
if (found != null && !includeChildren)
{
found = found.Clone(shallow: false);
}
return(found);
}
public virtual ISecureObject GetSecureObjectByUId(Guid secureObjectUId, bool includeChildren = false, bool includeDisabled = false)
{
SecureObject found = Store.SecureObjects.FindRecursive <SecureObject>(o => o.UId == secureObjectUId && (o.IsEnabled || includeDisabled));
if (found != null && !includeChildren)
{
found = found.Clone(shallow: false);
}
return(found);
}
void ShallowCloneTo(IList <SecureObject> source, IList <SecureObject> destination)
{
foreach (SecureObject item in source)
{
SecureObject clone = item.Clone();
destination.Add(clone);
if (item.Children != null && item.Children.Count > 0)
{
ShallowCloneTo(item.Children, clone.Children);
}
}
}
public void UpsertSecureObject()
{
SecureObject child = new SecureObject()
{
UniqueName = "child"
};
ISecureObject top = _dal.GetSecureObjectByUniqueName(so.UniqueName);
child.ParentUId = top.UId;
_dal.UpsertSecureObject(child);
ISecureObject found = _dal.GetSecureObjectByUniqueName(child.UniqueName);
Assert.IsNotNull(found);
bool eq = child.UniqueName.Equals(found.UniqueName);
Assert.IsTrue(eq);
}
public virtual void UpdateSecureObjectParentUId(ISecureObject secureObject, Guid?newParentUId)
{
IList <SecureObject> list = Store.SecureObjects;
if (secureObject.ParentUId.HasValue)
{
SecureObject found = Store.SecureObjects.FindRecursive <SecureObject>(o => o.UId == secureObject.ParentUId);
if (found != null)
{
list = found.Children;
}
else
{
throw new KeyNotFoundException($"Could not find SecureContainer with ParentId: {secureObject.ParentUId}");
}
}
int index = list.FindIndex(o => o.UId == secureObject.UId);
if (index >= 0)
{
SecureObject so = list[index];
so.ParentUId = newParentUId;
list.RemoveAt(index);
IList <SecureObject> newlist = Store.SecureObjects;
if (newParentUId.HasValue)
{
SecureObject found = Store.SecureObjects.FindRecursive <SecureObject>(o => o.UId == newParentUId);
if (found != null)
{
newlist = found.Children;
}
else
{
throw new KeyNotFoundException($"Could not find SecureContainer with ParentId: {newParentUId}");
}
}
newlist.Add(so);
}
}
/// <summary>
/// Simulates switching the current security context
/// </summary>
private void cmbUsers_SelectedIndexChanged(object sender, EventArgs e)
{
string currentUser = ((User)cmbUsers.SelectedItem).Name;
//set the "current user" on the Employees DAL
_employeeDal.CurrentUser = currentUser;
//refresh the Employees list based on "currentUser"
RefreshEmployeesList();
//Evaluate the security information, starting from the top-most control
SecureObject secureObject = (SecureObject)_suplexDal.EvalSecureObjectSecurity("frmEditor", currentUser);
//apply security to frmEditor/children
ApplyRecursive(secureObject);
//alternate, manual method (not preferred)
//ApplyDirect( secureObject );
}
private void OnDrop(object sender, Telerik.Windows.DragDrop.DragEventArgs e)
{
if (e.Data != null && e.AllowedEffects != DragDropEffects.None)
{
SecureObject sourceItem = DragDropPayloadManager.GetDataFromObject(e.Data, __dragSource) as SecureObject;
SecureObject targetItem = DragDropPayloadManager.GetDataFromObject(e.Data, __dragTarget) as SecureObject;
IList <SecureObject> storeList = AssociatedTreeListView.DataContext as IList <SecureObject>;
if (sourceItem != null && storeList != null)
{
sourceItem.ChangeParent(targetItem, storeList);
}
if (targetItem == null)
{
AssociatedTreeListView.Rebind();
}
}
}
public virtual void DeleteSecureObject(Guid secureObjectUId)
{
IList <SecureObject> list = Store.SecureObjects;
SecureObject found = Store.SecureObjects.FindRecursive <SecureObject>(o => o.UId == secureObjectUId);
if (found != null)
{
if (found.Parent != null)
{
list = found.Parent.Children;
}
int index = list.FindIndex(o => o.UId == secureObjectUId);
if (index >= 0)
{
list.RemoveAt(index);
}
}
}
static void Main(string[] args)
{
#region foo
string foo = @"---
SecureObjects:
- UId: e724bfde-c3d5-424f-a0c6-9497958167f0
UniqueName: top
Security:
DaclAllowInherit: true
SaclAllowInherit: true
SaclAuditTypeFilter: SuccessAudit, FailureAudit, Information, Warning, Error
Dacl:
- UId: a86dac02-cad3-4a51-9b16-1a3b20dbab37
RightType: Suplex.Security.AclModel.FileSystemRight, Suplex.Core, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
Right: FullControl
Allowed: True
Inheritable: True
- UId: 7fb267d9-b4ce-4d56-a052-02aa9e9855d5
RightType: Suplex.Security.AclModel.FileSystemRight, Suplex.Core, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
Right: List, Execute
Allowed: False
Inheritable: False
- UId: e7ea73a3-a5ec-4f63-8461-66feec42bb12
RightType: Suplex.Security.AclModel.UIRight, Suplex.Core, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
Right: Visible, Operate
Allowed: True
Inheritable: True
Sacl: []
Results: {}
Children: []
Users:
- UId: 0bdfe71c-5663-4f7f-be8b-3884373f97be
Name: x
IsLocal: true
IsBuiltIn: true
IsEnabled: true
- UId: 1bda1876-3281-4a67-b5de-198e9e72ad53
Name: y
IsEnabled: true
- UId: 20d134e9-a5ac-46ef-bc7e-fa6dc210e1f9
Name: z
IsLocal: true
IsBuiltIn: true
Groups:
- UId: ff8abe51-116b-4d42-b01a-48f167f71dc7
Name: gx
IsEnabled: true
- UId: c05c6deb-6a01-459b-9c87-916003f44429
Name: gy
IsEnabled: true
- UId: 66f89524-cc5d-4938-9cd3-b2ce6ec6d75b
Name: gz
IsEnabled: true
GroupMembership:
- GroupUId: ff8abe51-116b-4d42-b01a-48f167f71dc7
MemberUId: 0bdfe71c-5663-4f7f-be8b-3884373f97be
IsMemberUser: true
- GroupUId: ff8abe51-116b-4d42-b01a-48f167f71dc7
MemberUId: 1bda1876-3281-4a67-b5de-198e9e72ad53
IsMemberUser: true
- GroupUId: ff8abe51-116b-4d42-b01a-48f167f71dc7
MemberUId: c05c6deb-6a01-459b-9c87-916003f44429";
#endregion
SecureObject top = new SecureObject()
{
UniqueName = "top"
};
DiscretionaryAcl topdacl = new DiscretionaryAcl
{
new AccessControlEntry <FileSystemRight> {
Allowed = true, Right = FileSystemRight.FullControl
},
new AccessControlEntry <FileSystemRight> {
Allowed = false, Right = FileSystemRight.Execute | FileSystemRight.List, Inheritable = false
},
new AccessControlEntry <UIRight> {
Right = UIRight.Operate | UIRight.Visible
}
};
top.Security.Dacl = topdacl;
List <User> users = new List <User>
{
new User {
Name = "x", IsBuiltIn = true, IsEnabled = true, IsLocal = true
},
new User {
Name = "y", IsBuiltIn = false, IsEnabled = true, IsLocal = false
},
new User {
Name = "z", IsBuiltIn = true, IsEnabled = false, IsLocal = true
}
};
List <Group> groups = new List <Group>
{
new Group {
Name = "gx", IsEnabled = true, IsLocal = false
},
new Group {
Name = "gy", IsEnabled = true, IsLocal = false
},
new Group {
Name = "gz", IsEnabled = true, IsLocal = false
}
};
GroupMembershipItem mx = new GroupMembershipItem
{
GroupUId = groups[0].UId,
MemberUId = users[0].UId,
IsMemberUser = true
};
GroupMembershipItem my = new GroupMembershipItem
{
GroupUId = groups[0].UId,
MemberUId = users[1].UId,
IsMemberUser = true
};
GroupMembershipItem mz = new GroupMembershipItem
{
GroupUId = groups[0].UId,
MemberUId = groups[1].UId,
IsMemberUser = false
};
List <GroupMembershipItem> gm = new List <GroupMembershipItem>
{
mx, my, mz
};
////FileStore store = new FileStore()
////{
//// SecureObjects = new List<SecureObject>() { top },
//// Users = users,
//// Groups = groups,
//// GroupMembership = gm
////};
////User ux = store.Users.GetByName<User>( "x" );
////string x = store.ToYaml();
////FileStore f = FileStore.FromYaml( x );
////bool contains = f.GroupMembership.ContainsItem( mx );
////bool ok = f.GroupMembership.Resolve( f.Groups, f.Users );
////f = FileStore.FromYaml( foo );
////User u0 = new User { Name = "g" };
////User u1 = new User { Name = "f", UId = u0.UId };
////f.Dal.UpsertUser( u0 );
////f.Dal.UpsertUser( u1 );
}
/// <summary>
/// Brute-force permissioning - direct lookup of results with "known" translation of non-UI rights (not preferred)
/// </summary>
/// <param name="secureObject">A reference to the resolved/evaluated security object.</param>
void ApplyDirect(SecureObject secureObject)
{
frmEditor.Visible = secureObject?.Security.Results.GetByTypeRight(UIRight.Visible).AccessAllowed ?? false;
lblEmployeeId.Visible = secureObject?.FindChild <SecureObject>("lblEmployeeId").Security.Results.GetByTypeRight(UIRight.Visible).AccessAllowed ?? false;
btnUpdate.Enabled = secureObject?.FindChild <SecureObject>("btnUpdate").Security.Results.GetByTypeRight(RecordRight.Update).AccessAllowed ?? false;
}
/// <summary>
/// Recursively examines frmEditor and its children for applying security; see UIExtensions
/// </summary>
/// <param name="secureObject">The matching SecureObject to frmEditor</param>
void ApplyRecursive(SecureObject secureObject)
{
frmEditor.ApplySecurity(secureObject);
}
public void UpdateSecureObjectParentUId([FromBody] SecureObject secureObject, Guid?newParentUId = null)
{
_dal.UpdateSecureObjectParentUId(secureObject, newParentUId);
}
public SecureObject UpsertSecureObject([FromBody] SecureObject secureObject)
{
return(_dal.UpsertSecureObject(secureObject) as SecureObject);
}
public void TestMethod1()
{
#region foo
string foo = @"---
SecureObjects:
- UId: e724bfde-c3d5-424f-a0c6-9497958167f0
UniqueName: top
Security:
DaclAllowInherit: true
SaclAllowInherit: true
SaclAuditTypeFilter: SuccessAudit, FailureAudit, Information, Warning, Error
Dacl:
- UId: a86dac02-cad3-4a51-9b16-1a3b20dbab37
RightType: Suplex.Security.AclModel.FileSystemRight, Suplex.Security.Core, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
Right: FullControl
Allowed: True
Inheritable: True
- UId: 7fb267d9-b4ce-4d56-a052-02aa9e9855d5
RightType: Suplex.Security.AclModel.FileSystemRight, Suplex.Security.Core, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
Right: List, Execute
Allowed: False
Inheritable: False
- UId: e7ea73a3-a5ec-4f63-8461-66feec42bb12
RightType: Suplex.Security.AclModel.UIRight, Suplex.Security.Core, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
Right: Visible, Operate
Allowed: True
Inheritable: True
Sacl: []
Results: {}
Children: []
Users:
- UId: 0bdfe71c-5663-4f7f-be8b-3884373f97be
Name: x
IsLocal: true
IsBuiltIn: true
IsEnabled: true
- UId: 1bda1876-3281-4a67-b5de-198e9e72ad53
Name: y
IsEnabled: true
- UId: 20d134e9-a5ac-46ef-bc7e-fa6dc210e1f9
Name: z
IsLocal: true
IsBuiltIn: true
Groups:
- UId: ff8abe51-116b-4d42-b01a-48f167f71dc7
Name: gx
IsEnabled: true
- UId: c05c6deb-6a01-459b-9c87-916003f44429
Name: gy
IsEnabled: true
- UId: 66f89524-cc5d-4938-9cd3-b2ce6ec6d75b
Name: gz
IsEnabled: true
GroupMembership:
- GroupUId: ff8abe51-116b-4d42-b01a-48f167f71dc7
MemberUId: 0bdfe71c-5663-4f7f-be8b-3884373f97be
IsMemberUser: true
- GroupUId: ff8abe51-116b-4d42-b01a-48f167f71dc7
MemberUId: 1bda1876-3281-4a67-b5de-198e9e72ad53
IsMemberUser: true
- GroupUId: ff8abe51-116b-4d42-b01a-48f167f71dc7
MemberUId: c05c6deb-6a01-459b-9c87-916003f44429";
#endregion
SecureObject top = new SecureObject()
{
UniqueName = "top"
};
DiscretionaryAcl topdacl = new DiscretionaryAcl
{
new AccessControlEntry <FileSystemRight> {
Allowed = true, Right = FileSystemRight.FullControl
},
new AccessControlEntry <FileSystemRight> {
Allowed = false, Right = FileSystemRight.Execute | FileSystemRight.List, Inheritable = false
},
new AccessControlEntry <UIRight> {
Right = UIRight.Operate | UIRight.Visible
}
};
top.Security.Dacl = topdacl;
top.Security.DaclAllowInherit = false;
SystemAcl topsacl = new SystemAcl
{
new AccessControlEntryAudit <FileSystemRight> {
Allowed = true, Denied = true, Right = FileSystemRight.Execute
}
};
top.Security.Sacl = topsacl;
top.Security.SaclAllowInherit = false;
top.Security.SaclAuditTypeFilter = AuditType.FailureAudit | AuditType.Error;
List <User> users = new List <User>
{
new User {
Name = "x", IsBuiltIn = true, IsEnabled = true, IsLocal = true
},
new User {
Name = "y", IsBuiltIn = false, IsEnabled = true, IsLocal = false
},
new User {
Name = "z", IsBuiltIn = true, IsEnabled = false, IsLocal = true
}
};
List <Group> groups = new List <Group>
{
new Group {
Name = "gx", IsEnabled = true, IsLocal = false
},
new Group {
Name = "gy", IsEnabled = true, IsLocal = false
},
new Group {
Name = "gz", IsEnabled = true, IsLocal = false
}
};
GroupMembershipItem mx = new GroupMembershipItem
{
GroupUId = groups[0].UId,
MemberUId = users[0].UId,
IsMemberUser = true
};
GroupMembershipItem my = new GroupMembershipItem
{
GroupUId = groups[0].UId,
MemberUId = users[1].UId,
IsMemberUser = true
};
GroupMembershipItem mz = new GroupMembershipItem
{
GroupUId = groups[0].UId,
MemberUId = groups[1].UId,
IsMemberUser = false
};
List <GroupMembershipItem> gm = new List <GroupMembershipItem>
{
mx, my, mz
};
FileSystemDal dal = new FileSystemDal()
{
};
dal.Store.SecureObjects = new List <SecureObject>()
{
top
};
dal.Store.Users = users;
dal.Store.Groups = groups;
dal.Store.GroupMembership = gm;
User ux = dal.Store.Users.GetByName <User>("x");
string x = dal.ToYaml();
FileSystemDal f = new FileSystemDal();
f.FromYaml(x);
f.CurrentPath = "meow.yaml";
f.AutomaticallyPersistChanges = true;
bool contains = f.Store.GroupMembership.ContainsItem(mx);
//bool ok = f.GroupMembership.Resolve( f.Groups, f.Users );
//FileSystemDal f2 = FileSystemDal.LoadFromYaml( foo );
User u0 = new User {
Name = "gurl"
};
User u1 = new User {
Name = "f", UId = u0.UId
};
f.Dal.UpsertUser(u0);
f.Dal.UpsertUser(u1);
bool parallel = false;
if (parallel)
{
Parallel.For(0, 49, i =>
{
f.UpsertGroup(new Group {
Name = $"{i}_{DateTime.Now.Ticks}"
});
});
}
else
{
for (int i = 0; i < 50; i++)
{
f.UpsertGroup(new Group {
Name = $"{i}_{DateTime.Now.Ticks}"
});
}
}
//if( f.IsWorking )
//{
// System.Timers.Timer SuplexPoller = new System.Timers.Timer( 1000 )
// {
// Enabled = true
// };
// SuplexPoller.Elapsed += (s, e) =>
// {
// while( f.IsWorking )
// System.Threading.Thread.Sleep( 500 );
// SuplexPoller.Enabled = false;
// };
//}
//while( f.IsWorking )
// f.WaitForExit();
Assert.IsTrue(true);
}
public SecureObject UpsertSecureObject(SecureObject secureObject)
{
return(UpsertSecureObjectAsync(secureObject).Result);
}
public async Task <SecureObject> UpsertSecureObjectAsync(SecureObject secureObject)
{
string requestUri = $"{_rootPath}/so/";
return(await PostAsync <SecureObject>(secureObject, requestUri, new JsonAceConverter()).ConfigureAwait(_configureAwaitContinueOnCapturedContext));
}
public void SecureObject()
{
SecureObject top = new SecureObject()
{
UniqueName = "top"
};
SecureObject ch00 = new SecureObject()
{
UniqueName = "ch00"
};
SecureObject ch01 = new SecureObject()
{
UniqueName = "ch01"
};
SecureObject ch02 = new SecureObject()
{
UniqueName = "ch02"
};
SecureObject ch10 = new SecureObject()
{
UniqueName = "ch10"
};
DiscretionaryAcl topdacl = new DiscretionaryAcl
{
new AccessControlEntry <FileSystemRight>()
{
Allowed = true, Right = FileSystemRight.FullControl
},
new AccessControlEntry <FileSystemRight>()
{
Allowed = false, Right = FileSystemRight.Execute, Inheritable = false
}
};
DiscretionaryAcl ch00dacl = new DiscretionaryAcl
{
new AccessControlEntry <UIRight>()
{
Allowed = true, Right = UIRight.FullControl
},
new AccessControlEntry <UIRight>()
{
Allowed = false, Right = UIRight.Enabled
}
};
top.Security.Dacl = topdacl;
ch00.Security.Dacl = ch00dacl;
ch01.Security.Dacl.AllowInherit = false;
ch00.Children.Add(ch01);
ch00.Children.Add(ch02);
top.Children.Add(ch00);
top.Children.Add(ch10);
top.Security.DaclAllowInherit = false;
////MemoryDal dal = new MemoryDal();
////SecureObject foo = (SecureObject)dal.GetSecureObjectByUniqueName( "top", true );
////top.EvalSecurity();
////myMvvm.Prop = top.Security.Results["FileSystem"][(int)FileSystemRight.Execute].AccessAllowed;
////class MyFormRights
////{
////bool ShowForm;
////bool ShowOkBtn;
////}
////SecureObject xx = new SecureObject
////{
//// UniqueName = "xx",
//// Security = new SecurityDescriptor
//// {
//// Dacl = new DiscretionaryAcl
//// {
//// new AccessControlEntry<FileSystemRight>() { Allowed = true, Right = FileSystemRight.FullControl }
//// }
//// }
////};
////FileStore store = new FileStore()
////{
//// SecureObjects = new List<SecureObject>() { top }
////};
////ISecureObject found = store.Dal.GetSecureObjectByUId( ch02.UId.Value );
////string x = store.ToYaml( serializeAsJson: false );
////FileStore f = FileStore.FromYaml( x );
}