static void Main(string[] args) { string pace = " {\r\n \"UId\": \"5595682b-1045-4114-af8b-090307242578\",\r\n \"RightType\": \"Suplex.Security.AclModel.FileSystemRight, Suplex.Security.Core, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null\",\r\n \"Right\": \"TakeOwnership\",\r\n \"Allowed\": true,\r\n \"Inheritable\": true,\r\n \"InheritedFrom\": \"9570128e-fba8-4455-b328-f30af56eabef\",\r\n \"TrusteeUId\": \"d8adefb2-a142-4397-82b3-9b0d9df37d08\"\r\n }"; string aace = "{\r\n \"UId\": \"3ac08eaa-700a-4ab4-9a90-1659db9ea25d\",\r\n \"RightType\": \"Suplex.Security.AclModel.RecordRight, Suplex.Security.Core, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null\",\r\n \"Right\": \"List, Insert, Delete\",\r\n \"Allowed\": true,\r\n \"Denied\": false,\r\n \"Inheritable\": true,\r\n \"InheritedFrom\": \"9733efc2-1cde-415e-af79-ff2d74f5e69d\",\r\n \"TrusteeUId\": \"d8adefb2-a142-4397-82b3-9b0d9df37d08\"\r\n}"; JsonAceConverter aceConverter = new JsonAceConverter(); IAccessControlEntry ace = JsonConvert.DeserializeObject <IAccessControlEntry>(aace, aceConverter); string json = JsonConvert.SerializeObject(ace, aceConverter); SuplexSecurityHttpApiClient client = new SuplexSecurityHttpApiClient("http://localhost:20000/suplex/"); // test secure object SecureObject so = client.GetSecureObjectByUniqueName("New Root1", includeChildren: false, includeDisabled: true); Console.WriteLine($"Original Parent {so.ParentUId}"); SecureObject soDest = client.GetSecureObjectByUniqueName("top.edited", includeChildren: false, includeDisabled: true); //client.UpdateSecureObjectParentUId( so, soDest.UId ); //client.UpdateSecureObjectParentUId( so, null ); //client.UpdateSecureObjectParentUId( so.UId, soDest.UId ); client.UpdateSecureObjectParentUId(so.UId, null); SecureObject found = client.GetSecureObjectByUniqueName("New Root1", includeChildren: false, includeDisabled: true); Console.WriteLine($"After update Parent {found.ParentUId}"); Console.WriteLine("pause"); }
public virtual ISecureObject UpsertSecureObject(ISecureObject secureObject) { IList <SecureObject> list = Store.SecureObjects; if (secureObject.ParentUId.HasValue) { SecureObject found = Store.SecureObjects.FindRecursive <SecureObject>(o => o.UId == secureObject.ParentUId); if (found != null) { list = found.Children; } else { throw new KeyNotFoundException($"Could not find SecureContainer with ParentId: {secureObject.ParentUId}"); } } int index = list.FindIndex(o => o.UId == secureObject.UId); if (index >= 0) { list[index].Sync((SecureObject)secureObject, shallow: false); } else { list.Add((SecureObject)secureObject); } return(secureObject); }
/// <summary> /// Initializes the <see cref="ProtectedType"/> with the <see cref="byte"/>[] and additional <see cref="SecureObject"/> instances to use to encrypt the data. /// </summary> /// <param name="value"> The <see cref="byte"/>[] value to protect. </param> /// <param name="encryptionObjects"> The additional <see cref="SecureObject"/> instances to apply to the encryption. </param> protected ProtectedType(byte[] value, params SecureObject[] encryptionObjects) { SecureObject[] currentEncryptionObj = new SecureObject[] { this }; memoryEncryptor = new MemoryEncryptor(encryptionObjects == null ? currentEncryptionObj : encryptionObjects.Concat(currentEncryptionObj).ToArray()); SetValue(value); }
/// <summary> /// Utility method to validate security access for a given right on Employee records /// </summary> /// <param name="recordRight">The right for which to validate access</param> bool HasAccess(RecordRight recordRight) { //Look up security information by SecureObject->UniqueName => "EmployeeRecords" for the CurrentUser SecureObject employeeSecurity = (SecureObject)_suplexDal.EvalSecureObjectSecurity("EmployeeRecords", CurrentUser); //Assess AccessAllowed return(employeeSecurity?.Security.Results.GetByTypeRight(recordRight).AccessAllowed ?? false); }
public void Init() { _store = new SuplexStore(); _dal = new MemoryDal(_store); so = new SecureObject { UniqueName = "top" }; _dal.UpsertSecureObject(so); }
/// <summary> /// Utility method to validate security access for a given right on Employee records /// </summary> /// <param name="recordRight">The right for which to validate access</param> void HasAccessOrException(RecordRight recordRight) { //Look up security information by SecureObject->UniqueName => "EmployeeRecords" for the CurrentUser SecureObject employeeSecurity = (SecureObject)_suplexDal.EvalSecureObjectSecurity("EmployeeRecords", CurrentUser); //Assess AccessAllowed, throw Exception if no rights if (!employeeSecurity?.Security.Results.GetByTypeRight(recordRight).AccessAllowed ?? true) { throw new Exception($"{CurrentUser} does not have rights to {recordRight} Employee records."); } }
public virtual ISecureObject GetSecureObjectByUniqueName(string uniqueName, bool includeChildren = true, bool includeDisabled = false) { SecureObject found = Store.SecureObjects.FindRecursive <SecureObject>(o => o.UniqueName.Equals(uniqueName, StringComparison.OrdinalIgnoreCase) && (o.IsEnabled || includeDisabled)); if (found != null && !includeChildren) { found = found.Clone(shallow: false); } return(found); }
public virtual ISecureObject GetSecureObjectByUId(Guid secureObjectUId, bool includeChildren = false, bool includeDisabled = false) { SecureObject found = Store.SecureObjects.FindRecursive <SecureObject>(o => o.UId == secureObjectUId && (o.IsEnabled || includeDisabled)); if (found != null && !includeChildren) { found = found.Clone(shallow: false); } return(found); }
void ShallowCloneTo(IList <SecureObject> source, IList <SecureObject> destination) { foreach (SecureObject item in source) { SecureObject clone = item.Clone(); destination.Add(clone); if (item.Children != null && item.Children.Count > 0) { ShallowCloneTo(item.Children, clone.Children); } } }
public void UpsertSecureObject() { SecureObject child = new SecureObject() { UniqueName = "child" }; ISecureObject top = _dal.GetSecureObjectByUniqueName(so.UniqueName); child.ParentUId = top.UId; _dal.UpsertSecureObject(child); ISecureObject found = _dal.GetSecureObjectByUniqueName(child.UniqueName); Assert.IsNotNull(found); bool eq = child.UniqueName.Equals(found.UniqueName); Assert.IsTrue(eq); }
public virtual void UpdateSecureObjectParentUId(ISecureObject secureObject, Guid?newParentUId) { IList <SecureObject> list = Store.SecureObjects; if (secureObject.ParentUId.HasValue) { SecureObject found = Store.SecureObjects.FindRecursive <SecureObject>(o => o.UId == secureObject.ParentUId); if (found != null) { list = found.Children; } else { throw new KeyNotFoundException($"Could not find SecureContainer with ParentId: {secureObject.ParentUId}"); } } int index = list.FindIndex(o => o.UId == secureObject.UId); if (index >= 0) { SecureObject so = list[index]; so.ParentUId = newParentUId; list.RemoveAt(index); IList <SecureObject> newlist = Store.SecureObjects; if (newParentUId.HasValue) { SecureObject found = Store.SecureObjects.FindRecursive <SecureObject>(o => o.UId == newParentUId); if (found != null) { newlist = found.Children; } else { throw new KeyNotFoundException($"Could not find SecureContainer with ParentId: {newParentUId}"); } } newlist.Add(so); } }
/// <summary> /// Simulates switching the current security context /// </summary> private void cmbUsers_SelectedIndexChanged(object sender, EventArgs e) { string currentUser = ((User)cmbUsers.SelectedItem).Name; //set the "current user" on the Employees DAL _employeeDal.CurrentUser = currentUser; //refresh the Employees list based on "currentUser" RefreshEmployeesList(); //Evaluate the security information, starting from the top-most control SecureObject secureObject = (SecureObject)_suplexDal.EvalSecureObjectSecurity("frmEditor", currentUser); //apply security to frmEditor/children ApplyRecursive(secureObject); //alternate, manual method (not preferred) //ApplyDirect( secureObject ); }
private void OnDrop(object sender, Telerik.Windows.DragDrop.DragEventArgs e) { if (e.Data != null && e.AllowedEffects != DragDropEffects.None) { SecureObject sourceItem = DragDropPayloadManager.GetDataFromObject(e.Data, __dragSource) as SecureObject; SecureObject targetItem = DragDropPayloadManager.GetDataFromObject(e.Data, __dragTarget) as SecureObject; IList <SecureObject> storeList = AssociatedTreeListView.DataContext as IList <SecureObject>; if (sourceItem != null && storeList != null) { sourceItem.ChangeParent(targetItem, storeList); } if (targetItem == null) { AssociatedTreeListView.Rebind(); } } }
public virtual void DeleteSecureObject(Guid secureObjectUId) { IList <SecureObject> list = Store.SecureObjects; SecureObject found = Store.SecureObjects.FindRecursive <SecureObject>(o => o.UId == secureObjectUId); if (found != null) { if (found.Parent != null) { list = found.Parent.Children; } int index = list.FindIndex(o => o.UId == secureObjectUId); if (index >= 0) { list.RemoveAt(index); } } }
static void Main(string[] args) { #region foo string foo = @"--- SecureObjects: - UId: e724bfde-c3d5-424f-a0c6-9497958167f0 UniqueName: top Security: DaclAllowInherit: true SaclAllowInherit: true SaclAuditTypeFilter: SuccessAudit, FailureAudit, Information, Warning, Error Dacl: - UId: a86dac02-cad3-4a51-9b16-1a3b20dbab37 RightType: Suplex.Security.AclModel.FileSystemRight, Suplex.Core, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null Right: FullControl Allowed: True Inheritable: True - UId: 7fb267d9-b4ce-4d56-a052-02aa9e9855d5 RightType: Suplex.Security.AclModel.FileSystemRight, Suplex.Core, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null Right: List, Execute Allowed: False Inheritable: False - UId: e7ea73a3-a5ec-4f63-8461-66feec42bb12 RightType: Suplex.Security.AclModel.UIRight, Suplex.Core, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null Right: Visible, Operate Allowed: True Inheritable: True Sacl: [] Results: {} Children: [] Users: - UId: 0bdfe71c-5663-4f7f-be8b-3884373f97be Name: x IsLocal: true IsBuiltIn: true IsEnabled: true - UId: 1bda1876-3281-4a67-b5de-198e9e72ad53 Name: y IsEnabled: true - UId: 20d134e9-a5ac-46ef-bc7e-fa6dc210e1f9 Name: z IsLocal: true IsBuiltIn: true Groups: - UId: ff8abe51-116b-4d42-b01a-48f167f71dc7 Name: gx IsEnabled: true - UId: c05c6deb-6a01-459b-9c87-916003f44429 Name: gy IsEnabled: true - UId: 66f89524-cc5d-4938-9cd3-b2ce6ec6d75b Name: gz IsEnabled: true GroupMembership: - GroupUId: ff8abe51-116b-4d42-b01a-48f167f71dc7 MemberUId: 0bdfe71c-5663-4f7f-be8b-3884373f97be IsMemberUser: true - GroupUId: ff8abe51-116b-4d42-b01a-48f167f71dc7 MemberUId: 1bda1876-3281-4a67-b5de-198e9e72ad53 IsMemberUser: true - GroupUId: ff8abe51-116b-4d42-b01a-48f167f71dc7 MemberUId: c05c6deb-6a01-459b-9c87-916003f44429"; #endregion SecureObject top = new SecureObject() { UniqueName = "top" }; DiscretionaryAcl topdacl = new DiscretionaryAcl { new AccessControlEntry <FileSystemRight> { Allowed = true, Right = FileSystemRight.FullControl }, new AccessControlEntry <FileSystemRight> { Allowed = false, Right = FileSystemRight.Execute | FileSystemRight.List, Inheritable = false }, new AccessControlEntry <UIRight> { Right = UIRight.Operate | UIRight.Visible } }; top.Security.Dacl = topdacl; List <User> users = new List <User> { new User { Name = "x", IsBuiltIn = true, IsEnabled = true, IsLocal = true }, new User { Name = "y", IsBuiltIn = false, IsEnabled = true, IsLocal = false }, new User { Name = "z", IsBuiltIn = true, IsEnabled = false, IsLocal = true } }; List <Group> groups = new List <Group> { new Group { Name = "gx", IsEnabled = true, IsLocal = false }, new Group { Name = "gy", IsEnabled = true, IsLocal = false }, new Group { Name = "gz", IsEnabled = true, IsLocal = false } }; GroupMembershipItem mx = new GroupMembershipItem { GroupUId = groups[0].UId, MemberUId = users[0].UId, IsMemberUser = true }; GroupMembershipItem my = new GroupMembershipItem { GroupUId = groups[0].UId, MemberUId = users[1].UId, IsMemberUser = true }; GroupMembershipItem mz = new GroupMembershipItem { GroupUId = groups[0].UId, MemberUId = groups[1].UId, IsMemberUser = false }; List <GroupMembershipItem> gm = new List <GroupMembershipItem> { mx, my, mz }; ////FileStore store = new FileStore() ////{ //// SecureObjects = new List<SecureObject>() { top }, //// Users = users, //// Groups = groups, //// GroupMembership = gm ////}; ////User ux = store.Users.GetByName<User>( "x" ); ////string x = store.ToYaml(); ////FileStore f = FileStore.FromYaml( x ); ////bool contains = f.GroupMembership.ContainsItem( mx ); ////bool ok = f.GroupMembership.Resolve( f.Groups, f.Users ); ////f = FileStore.FromYaml( foo ); ////User u0 = new User { Name = "g" }; ////User u1 = new User { Name = "f", UId = u0.UId }; ////f.Dal.UpsertUser( u0 ); ////f.Dal.UpsertUser( u1 ); }
/// <summary> /// Brute-force permissioning - direct lookup of results with "known" translation of non-UI rights (not preferred) /// </summary> /// <param name="secureObject">A reference to the resolved/evaluated security object.</param> void ApplyDirect(SecureObject secureObject) { frmEditor.Visible = secureObject?.Security.Results.GetByTypeRight(UIRight.Visible).AccessAllowed ?? false; lblEmployeeId.Visible = secureObject?.FindChild <SecureObject>("lblEmployeeId").Security.Results.GetByTypeRight(UIRight.Visible).AccessAllowed ?? false; btnUpdate.Enabled = secureObject?.FindChild <SecureObject>("btnUpdate").Security.Results.GetByTypeRight(RecordRight.Update).AccessAllowed ?? false; }
/// <summary> /// Recursively examines frmEditor and its children for applying security; see UIExtensions /// </summary> /// <param name="secureObject">The matching SecureObject to frmEditor</param> void ApplyRecursive(SecureObject secureObject) { frmEditor.ApplySecurity(secureObject); }
public void UpdateSecureObjectParentUId([FromBody] SecureObject secureObject, Guid?newParentUId = null) { _dal.UpdateSecureObjectParentUId(secureObject, newParentUId); }
public SecureObject UpsertSecureObject([FromBody] SecureObject secureObject) { return(_dal.UpsertSecureObject(secureObject) as SecureObject); }
public void TestMethod1() { #region foo string foo = @"--- SecureObjects: - UId: e724bfde-c3d5-424f-a0c6-9497958167f0 UniqueName: top Security: DaclAllowInherit: true SaclAllowInherit: true SaclAuditTypeFilter: SuccessAudit, FailureAudit, Information, Warning, Error Dacl: - UId: a86dac02-cad3-4a51-9b16-1a3b20dbab37 RightType: Suplex.Security.AclModel.FileSystemRight, Suplex.Security.Core, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null Right: FullControl Allowed: True Inheritable: True - UId: 7fb267d9-b4ce-4d56-a052-02aa9e9855d5 RightType: Suplex.Security.AclModel.FileSystemRight, Suplex.Security.Core, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null Right: List, Execute Allowed: False Inheritable: False - UId: e7ea73a3-a5ec-4f63-8461-66feec42bb12 RightType: Suplex.Security.AclModel.UIRight, Suplex.Security.Core, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null Right: Visible, Operate Allowed: True Inheritable: True Sacl: [] Results: {} Children: [] Users: - UId: 0bdfe71c-5663-4f7f-be8b-3884373f97be Name: x IsLocal: true IsBuiltIn: true IsEnabled: true - UId: 1bda1876-3281-4a67-b5de-198e9e72ad53 Name: y IsEnabled: true - UId: 20d134e9-a5ac-46ef-bc7e-fa6dc210e1f9 Name: z IsLocal: true IsBuiltIn: true Groups: - UId: ff8abe51-116b-4d42-b01a-48f167f71dc7 Name: gx IsEnabled: true - UId: c05c6deb-6a01-459b-9c87-916003f44429 Name: gy IsEnabled: true - UId: 66f89524-cc5d-4938-9cd3-b2ce6ec6d75b Name: gz IsEnabled: true GroupMembership: - GroupUId: ff8abe51-116b-4d42-b01a-48f167f71dc7 MemberUId: 0bdfe71c-5663-4f7f-be8b-3884373f97be IsMemberUser: true - GroupUId: ff8abe51-116b-4d42-b01a-48f167f71dc7 MemberUId: 1bda1876-3281-4a67-b5de-198e9e72ad53 IsMemberUser: true - GroupUId: ff8abe51-116b-4d42-b01a-48f167f71dc7 MemberUId: c05c6deb-6a01-459b-9c87-916003f44429"; #endregion SecureObject top = new SecureObject() { UniqueName = "top" }; DiscretionaryAcl topdacl = new DiscretionaryAcl { new AccessControlEntry <FileSystemRight> { Allowed = true, Right = FileSystemRight.FullControl }, new AccessControlEntry <FileSystemRight> { Allowed = false, Right = FileSystemRight.Execute | FileSystemRight.List, Inheritable = false }, new AccessControlEntry <UIRight> { Right = UIRight.Operate | UIRight.Visible } }; top.Security.Dacl = topdacl; top.Security.DaclAllowInherit = false; SystemAcl topsacl = new SystemAcl { new AccessControlEntryAudit <FileSystemRight> { Allowed = true, Denied = true, Right = FileSystemRight.Execute } }; top.Security.Sacl = topsacl; top.Security.SaclAllowInherit = false; top.Security.SaclAuditTypeFilter = AuditType.FailureAudit | AuditType.Error; List <User> users = new List <User> { new User { Name = "x", IsBuiltIn = true, IsEnabled = true, IsLocal = true }, new User { Name = "y", IsBuiltIn = false, IsEnabled = true, IsLocal = false }, new User { Name = "z", IsBuiltIn = true, IsEnabled = false, IsLocal = true } }; List <Group> groups = new List <Group> { new Group { Name = "gx", IsEnabled = true, IsLocal = false }, new Group { Name = "gy", IsEnabled = true, IsLocal = false }, new Group { Name = "gz", IsEnabled = true, IsLocal = false } }; GroupMembershipItem mx = new GroupMembershipItem { GroupUId = groups[0].UId, MemberUId = users[0].UId, IsMemberUser = true }; GroupMembershipItem my = new GroupMembershipItem { GroupUId = groups[0].UId, MemberUId = users[1].UId, IsMemberUser = true }; GroupMembershipItem mz = new GroupMembershipItem { GroupUId = groups[0].UId, MemberUId = groups[1].UId, IsMemberUser = false }; List <GroupMembershipItem> gm = new List <GroupMembershipItem> { mx, my, mz }; FileSystemDal dal = new FileSystemDal() { }; dal.Store.SecureObjects = new List <SecureObject>() { top }; dal.Store.Users = users; dal.Store.Groups = groups; dal.Store.GroupMembership = gm; User ux = dal.Store.Users.GetByName <User>("x"); string x = dal.ToYaml(); FileSystemDal f = new FileSystemDal(); f.FromYaml(x); f.CurrentPath = "meow.yaml"; f.AutomaticallyPersistChanges = true; bool contains = f.Store.GroupMembership.ContainsItem(mx); //bool ok = f.GroupMembership.Resolve( f.Groups, f.Users ); //FileSystemDal f2 = FileSystemDal.LoadFromYaml( foo ); User u0 = new User { Name = "gurl" }; User u1 = new User { Name = "f", UId = u0.UId }; f.Dal.UpsertUser(u0); f.Dal.UpsertUser(u1); bool parallel = false; if (parallel) { Parallel.For(0, 49, i => { f.UpsertGroup(new Group { Name = $"{i}_{DateTime.Now.Ticks}" }); }); } else { for (int i = 0; i < 50; i++) { f.UpsertGroup(new Group { Name = $"{i}_{DateTime.Now.Ticks}" }); } } //if( f.IsWorking ) //{ // System.Timers.Timer SuplexPoller = new System.Timers.Timer( 1000 ) // { // Enabled = true // }; // SuplexPoller.Elapsed += (s, e) => // { // while( f.IsWorking ) // System.Threading.Thread.Sleep( 500 ); // SuplexPoller.Enabled = false; // }; //} //while( f.IsWorking ) // f.WaitForExit(); Assert.IsTrue(true); }
public SecureObject UpsertSecureObject(SecureObject secureObject) { return(UpsertSecureObjectAsync(secureObject).Result); }
public async Task <SecureObject> UpsertSecureObjectAsync(SecureObject secureObject) { string requestUri = $"{_rootPath}/so/"; return(await PostAsync <SecureObject>(secureObject, requestUri, new JsonAceConverter()).ConfigureAwait(_configureAwaitContinueOnCapturedContext)); }
public void SecureObject() { SecureObject top = new SecureObject() { UniqueName = "top" }; SecureObject ch00 = new SecureObject() { UniqueName = "ch00" }; SecureObject ch01 = new SecureObject() { UniqueName = "ch01" }; SecureObject ch02 = new SecureObject() { UniqueName = "ch02" }; SecureObject ch10 = new SecureObject() { UniqueName = "ch10" }; DiscretionaryAcl topdacl = new DiscretionaryAcl { new AccessControlEntry <FileSystemRight>() { Allowed = true, Right = FileSystemRight.FullControl }, new AccessControlEntry <FileSystemRight>() { Allowed = false, Right = FileSystemRight.Execute, Inheritable = false } }; DiscretionaryAcl ch00dacl = new DiscretionaryAcl { new AccessControlEntry <UIRight>() { Allowed = true, Right = UIRight.FullControl }, new AccessControlEntry <UIRight>() { Allowed = false, Right = UIRight.Enabled } }; top.Security.Dacl = topdacl; ch00.Security.Dacl = ch00dacl; ch01.Security.Dacl.AllowInherit = false; ch00.Children.Add(ch01); ch00.Children.Add(ch02); top.Children.Add(ch00); top.Children.Add(ch10); top.Security.DaclAllowInherit = false; ////MemoryDal dal = new MemoryDal(); ////SecureObject foo = (SecureObject)dal.GetSecureObjectByUniqueName( "top", true ); ////top.EvalSecurity(); ////myMvvm.Prop = top.Security.Results["FileSystem"][(int)FileSystemRight.Execute].AccessAllowed; ////class MyFormRights ////{ ////bool ShowForm; ////bool ShowOkBtn; ////} ////SecureObject xx = new SecureObject ////{ //// UniqueName = "xx", //// Security = new SecurityDescriptor //// { //// Dacl = new DiscretionaryAcl //// { //// new AccessControlEntry<FileSystemRight>() { Allowed = true, Right = FileSystemRight.FullControl } //// } //// } ////}; ////FileStore store = new FileStore() ////{ //// SecureObjects = new List<SecureObject>() { top } ////}; ////ISecureObject found = store.Dal.GetSecureObjectByUId( ch02.UId.Value ); ////string x = store.ToYaml( serializeAsJson: false ); ////FileStore f = FileStore.FromYaml( x ); }