/// <summary> /// Inits the specified owner. /// </summary> /// <param name="owner">The owner.</param> /// <param name="controlInfo">The control info.</param> public void Init(IIbnContainer owner, IbnControlInfo controlInfo) { _ownerContainer = owner; _info = controlInfo; using (IDataReader reader = DBDirectory.GetRoot(owner.Key)) { if (reader.Read()) { _root = new DirectoryInfo(this, reader); } } if (_root == null) { using (IDataReader reader = DBDirectory.CreateRoot(owner.Key, "root", this.CurrentUserId, DateTime.Now)) { if (reader.Read()) { _root = new DirectoryInfo(this, reader); } } AccessControlList rootAcl = AccessControlList.GetACL(_root.Id); foreach (AccessControlEntry ace in _info.DefaultAccessControlList.GetACL(_ownerContainer.Key)) { rootAcl.Add(ace); } if (rootAcl.Count > 0) { AccessControlList.SetACL(this, rootAcl); } } }
/// <summary> /// Sets the ACL. /// </summary> /// <param name="control">The control.</param> /// <param name="acl">The acl.</param> /// <param name="ValidateACL">if set to <c>true</c> [validate ACL].</param> public static void SetACL(IIbnControl control, AccessControlList acl) { if(control==null) throw new ArgumentNullException("control"); if(acl==null) throw new ArgumentNullException("acl"); if(acl.OwnerDirectoryId == 0) throw new ArgumentException("You can not use a dettached ACL.","acl"); using(DBTransaction tran = DBHelper2.DBHelper.BeginTransaction()) { // Step 2. Update Inherited ACEs if(acl.IsInheritedChanged) { if(acl.IsInherited) { DBAccessControlList.TurnOnIsInherited(acl.Id); } else { DBAccessControlList.TurnOffIsInherited(acl.Id,false); } } // Step 3. Update Common ACEs if(acl.IsChanged) { DBAccessControlList.Clear(acl.Id); foreach(AccessControlEntry ace in acl) { if(!ace.IsIherited) { DBAccessControlList.AddAce(acl.Id,ace.Role,ace.PrincipalId,ace.Action,ace.Allow, false); if(ace.Allow) { foreach(string BaseAction in control.GetBaseActions(ace.Action)) { DBAccessControlList.AddAce(acl.Id,ace.Role,ace.PrincipalId,BaseAction,ace.Allow, true); } } else { foreach(string BaseAction in control.GetDerivedActions(ace.Action)) { DBAccessControlList.AddAce(acl.Id,ace.Role,ace.PrincipalId,BaseAction,ace.Allow, true); } } } } } // Step 4. Update child ACL DBAccessControlList.RefreshInheritedACL(acl.OwnerDirectoryId); tran.Commit(); } }
/// <summary> /// Sets the ACL. /// </summary> /// <param name="control">The control.</param> /// <param name="acl">The acl.</param> /// <param name="ValidateACL">if set to <c>true</c> [validate ACL].</param> public static void SetACL(IIbnControl control, AccessControlList acl) { if (control == null) { throw new ArgumentNullException("control"); } if (acl == null) { throw new ArgumentNullException("acl"); } if (acl.OwnerDirectoryId == 0) { throw new ArgumentException("You can not use a dettached ACL.", "acl"); } using (DBTransaction tran = DBHelper2.DBHelper.BeginTransaction()) { // Step 2. Update Inherited ACEs if (acl.IsInheritedChanged) { if (acl.IsInherited) { DBAccessControlList.TurnOnIsInherited(acl.Id); } else { DBAccessControlList.TurnOffIsInherited(acl.Id, false); } } // Step 3. Update Common ACEs if (acl.IsChanged) { DBAccessControlList.Clear(acl.Id); foreach (AccessControlEntry ace in acl) { if (!ace.IsIherited) { DBAccessControlList.AddAce(acl.Id, ace.Role, ace.PrincipalId, ace.Action, ace.Allow, false); if (ace.Allow) { foreach (string BaseAction in control.GetBaseActions(ace.Action)) { DBAccessControlList.AddAce(acl.Id, ace.Role, ace.PrincipalId, BaseAction, ace.Allow, true); } } else { foreach (string BaseAction in control.GetDerivedActions(ace.Action)) { DBAccessControlList.AddAce(acl.Id, ace.Role, ace.PrincipalId, BaseAction, ace.Allow, true); } } } } } // Step 4. Update child ACL DBAccessControlList.RefreshInheritedACL(acl.OwnerDirectoryId); tran.Commit(); } }
/// <summary> /// Gets the ACL. /// </summary> /// <param name="DirectoryId">The directory id.</param> /// <returns></returns> public static AccessControlList GetACL(int DirectoryId) { using(IDataReader reader = DBAccessControlList.GetAcl(DirectoryId)) { AccessControlList retVal = new AccessControlList(reader); return retVal; } }