public AccessControlList GetACL(string ContainerKey) { AccessControlList retVal = AccessControlList.CreateDettachedACL(); foreach (DACLItem item in _items) { if (PatternMatch(ContainerKey, item.Filter)) { retVal.Add(item.Ace); } } return(retVal); }
/// <summary> /// Loads the file library acl. /// </summary> /// <param name="entity">The entity.</param> /// <returns></returns> private bool LoadFileLibraryAcl(WorkflowInstanceEntity entity, out FileStorage fs, out AccessControlList acl) { acl = null; fs = null; // Resolve ContainerKey string containerName = "FileLibrary"; string containerKey = string.Empty; if (entity.OwnerDocumentId.HasValue) containerKey = UserRoleHelper.CreateDocumentContainerKey(entity.OwnerDocumentId.Value); //else // TODO: Extend Owner Processing // Check ContainerKey if (string.IsNullOrEmpty(containerKey)) return false; // Open ACL BaseIbnContainer bic = BaseIbnContainer.Create(containerName, containerKey); fs = (FileStorage)bic.LoadControl("FileStorage"); acl = AccessControlList.GetACL(fs.Root.Id); return true; }
private DataTable ACLToDateTable(AccessControlList ACLr) { DataTable dt = new DataTable(); DataRow dr; dt.Columns.Add(new DataColumn("ID", typeof(int))); dt.Columns.Add(new DataColumn("Weight", typeof(int))); dt.Columns.Add(new DataColumn("Name", typeof(string))); dt.Columns.Add(new DataColumn("Rights", typeof(string))); dt.Columns.Add(new DataColumn("Allow", typeof(bool))); dt.Columns.Add(new DataColumn("IsInherited", typeof(bool))); dt.Columns.Add(new DataColumn("HasOwnerKey", typeof(bool))); foreach (AccessControlEntry ACEr in ACLr) { if (ACEr.IsInternal) continue; dr = dt.NewRow(); dr["ID"] = ACEr.Id; dr["Weight"] = (ACEr.IsRoleAce) ? 0 : ((Mediachase.IBN.Business.User.IsGroup(ACEr.PrincipalId)) ? 1 : 2); dr["Name"] = (ACEr.IsRoleAce) ? ACEr.Role : ACEr.PrincipalId.ToString(); dr["Allow"] = ACEr.Allow; switch (ACEr.Action) { case "Admin": dr["Rights"] = LocRM.GetString("tAdmin"); break; case "Read": dr["Rights"] = LocRM.GetString("tRead"); break; case "Write": dr["Rights"] = LocRM.GetString("tWrite"); break; default: break; } dr["IsInherited"] = ACEr.IsIherited; if (ACEr.OwnerKey == Guid.Empty) dr["HasOwnerKey"] = false; else dr["HasOwnerKey"] = true; dt.Rows.Add(dr); } return dt; }
/// <summary> /// Sets the ACL. /// </summary> /// <param name="control">The control.</param> /// <param name="acl">The acl.</param> public static void SetACL(IIbnControl control, AccessControlList acl) { SetACL(control, acl, true); }
/// <summary> /// Sets the ACL. /// </summary> /// <param name="control">The control.</param> /// <param name="acl">The acl.</param> /// <param name="ValidateACL">if set to <c>true</c> [validate ACL].</param> public static void SetACL(IIbnControl control, AccessControlList acl, bool ValidateACL) { if(control==null) throw new ArgumentNullException("control"); if(acl==null) throw new ArgumentNullException("acl"); if(acl.OwnerDirectoryId == 0) throw new ArgumentException("You can not use a dettached ACL.","acl"); // Validation 1 - 2 if(ValidateACL) { if(acl.Count==0) throw new AllUserAccessWillBeDeniedException(); } using(Mediachase.IBN.Database.DbTransaction tran = Mediachase.IBN.Database.DbTransaction.Begin()) { // Step 2. Update Inherited ACEs if(acl.IsInheritedChanged) { if(acl.IsInherited) { DBAccessControlList.TurnOnIsInherited(acl.Id); } else { DBAccessControlList.TurnOffIsInherited(acl.Id,false); } } // Step 3. Update Common ACEs if(acl.IsChanged) { DBAccessControlList.Clear(acl.Id); foreach(AccessControlEntry ace in acl) { if(!ace.IsIherited) { DBAccessControlList.AddAce(acl.Id,ace.Role,ace.PrincipalId,ace.Action,ace.Allow, false, ace.OwnerKey); if(ace.Allow) { foreach(string BaseAction in control.GetBaseActions(ace.Action)) { DBAccessControlList.AddAce(acl.Id, ace.Role, ace.PrincipalId, BaseAction, ace.Allow, true, ace.OwnerKey); } } else { foreach(string BaseAction in control.GetDerivedActions(ace.Action)) { DBAccessControlList.AddAce(acl.Id, ace.Role, ace.PrincipalId, BaseAction, ace.Allow, true, ace.OwnerKey); } } } } } // Step 4. Update child ACL DBAccessControlList.RefreshInheritedACL(acl.OwnerDirectoryId); // Validation 2 - 2 if(ValidateACL) { if(!FileStorage.CanUserRunAction(Security.CurrentUser.UserID, control.OwnerContainer.Key, acl.OwnerDirectoryId, "Admin")) throw new AdminAccessWillBeDeniedException(); } tran.Commit(); } }
/// <summary> /// Gets the ACL. /// </summary> /// <param name="DirectoryId">The directory id.</param> /// <returns></returns> public static AccessControlList GetACL(int DirectoryId) { using(IDataReader reader = DBAccessControlList.GetAcl(DirectoryId)) { AccessControlList retVal = new AccessControlList(reader); return retVal; } }
/// <summary> /// Sets the ACL. /// </summary> /// <param name="control">The control.</param> /// <param name="acl">The acl.</param> /// <param name="ValidateACL">if set to <c>true</c> [validate ACL].</param> public static void SetACL(IIbnControl control, AccessControlList acl, bool ValidateACL) { if (control == null) { throw new ArgumentNullException("control"); } if (acl == null) { throw new ArgumentNullException("acl"); } if (acl.OwnerDirectoryId == 0) { throw new ArgumentException("You can not use a dettached ACL.", "acl"); } // Validation 1 - 2 if (ValidateACL) { if (acl.Count == 0) { throw new AllUserAccessWillBeDeniedException(); } } using (Mediachase.IBN.Database.DbTransaction tran = Mediachase.IBN.Database.DbTransaction.Begin()) { // Step 2. Update Inherited ACEs if (acl.IsInheritedChanged) { if (acl.IsInherited) { DBAccessControlList.TurnOnIsInherited(acl.Id); } else { DBAccessControlList.TurnOffIsInherited(acl.Id, false); } } // Step 3. Update Common ACEs if (acl.IsChanged) { DBAccessControlList.Clear(acl.Id); foreach (AccessControlEntry ace in acl) { if (!ace.IsIherited) { DBAccessControlList.AddAce(acl.Id, ace.Role, ace.PrincipalId, ace.Action, ace.Allow, false, ace.OwnerKey); if (ace.Allow) { foreach (string BaseAction in control.GetBaseActions(ace.Action)) { DBAccessControlList.AddAce(acl.Id, ace.Role, ace.PrincipalId, BaseAction, ace.Allow, true, ace.OwnerKey); } } else { foreach (string BaseAction in control.GetDerivedActions(ace.Action)) { DBAccessControlList.AddAce(acl.Id, ace.Role, ace.PrincipalId, BaseAction, ace.Allow, true, ace.OwnerKey); } } } } } // Step 4. Update child ACL DBAccessControlList.RefreshInheritedACL(acl.OwnerDirectoryId); // Validation 2 - 2 if (ValidateACL) { if (!FileStorage.CanUserRunAction(Security.CurrentUser.UserID, control.OwnerContainer.Key, acl.OwnerDirectoryId, "Admin")) { throw new AdminAccessWillBeDeniedException(); } } tran.Commit(); } }
/// <summary> /// Sets the ACL. /// </summary> /// <param name="control">The control.</param> /// <param name="acl">The acl.</param> public static void SetACL(IIbnControl control, AccessControlList acl) { SetACL(control, acl, true); }