/// <summary>
/// Inserts a list of <see cref="AccessRuleItem" />s to the specified <paramref name="item" />.
/// </summary>
/// <param name="objectType">The type of the shared object to be inserted.</param>
/// <param name="objectId">The primary key for the shared object to be inserted.</param>
/// <param name="rule">The ACEs (Access Control Entries) to insert.</param>
/// <param name="cancellationToken">A token to observe while waiting for the task to complete.</param>
/// <returns>
/// A task that represents the asynchronous operation.
/// </returns>
public virtual async Task <ValidationResult> AddAccessRuleAsync(AccessObjectType objectType, int objectId, AccessRuleItem rule, CancellationToken cancellationToken)
{
cancellationToken.ThrowIfCancellationRequested();
ThrowIfDisposed();
if (rule == null)
{
throw new ArgumentNullException(nameof(rule));
}
if (await AccessRules.Where(objectType, objectId, rule.User?.Id).AnyAsync(cancellationToken))
{
return(ValidationResult.Failed("Duplicated ACE entry."));
}
AccessRules.Add(new SecurityAccessRule
{
ObjectType = objectType,
ObjectId = objectId,
UserId = rule.User?.Id,
Permission = rule.Permission,
Visibility = rule.Visibility
});
await SaveChangesAsync(cancellationToken);
return(ValidationResult.Success);
}
/// <summary>
/// Retrieves the <see cref="AccessRuleItem" /> associated with the key, as an asynchronous operation.
/// </summary>
/// <param name="objectType">The type of the shared object to be found.</param>
/// <param name="objectId">The primary key of the shared object to be found.</param>
/// <param name="cancellationToken">The <see cref="CancellationToken" /> used to propagate notifications that the operation should be canceled.</param>
/// <returns>
/// The <see cref="Task" /> for the asynchronous operation, containing the contact, if any which matched the specified key.
/// </returns>
public virtual Task <AccessRuleItem> GetAccessRuleAsync(AccessObjectType objectType, int objectId, CancellationToken cancellationToken)
{
cancellationToken.ThrowIfCancellationRequested();
ThrowIfDisposed();
return(AccessRules
.Where(objectType, objectId, null)
.Select(ace => new AccessRuleItem
{
Permission = ace.Permission,
Visibility = ace.Visibility
})
.SingleOrDefaultAsync(cancellationToken));
}
/// <summary>
/// Retrieves the <see cref="AccessRuleItem" /> associated with the key, as an asynchronous operation.
/// </summary>
/// <param name="objectType">The type of the shared object to be found.</param>
/// <param name="objectId">The primary key of the shared object to be found.</param>
/// <param name="userId">The primary key of the user to be found.</param>
/// <param name="cancellationToken">The <see cref="CancellationToken" /> used to propagate notifications that the operation should be canceled.</param>
/// <returns>
/// The <see cref="Task" /> for the asynchronous operation, containing the contact, if any which matched the specified key.
/// </returns>
public virtual Task <AccessRuleItem> GetAccessRuleByUserAsync(AccessObjectType objectType, int objectId, int userId, CancellationToken cancellationToken)
{
cancellationToken.ThrowIfCancellationRequested();
ThrowIfDisposed();
return(AccessRules.Where(objectType, objectId, userId).Select(ace => new AccessRuleItem
{
Permission = ace.Permission,
Visibility = ace.Visibility,
User = new AccountItem
{
Id = ace.User.Id,
Email = ace.User.Email,
FirstName = ace.User.FirstName,
LastName = ace.User.LastName,
Gender = ace.User.Gender,
Birthday = ace.User.Birthday
}
}).SingleOrDefaultAsync(cancellationToken));
}
/// <summary>
/// Deletes a list of <see cref="AccessRuleItem" />s from the specified <paramref name="item" />.
/// </summary>
/// <param name="objectType">The type of the shared object to be removed.</param>
/// <param name="objectId">The primary key for the shared object to be removed.</param>
/// <param name="rule">The ACEs (Access Control Entries) to delete.</param>
/// <param name="cancellationToken">A token to observe while waiting for the task to complete.</param>
/// <returns>
/// A task that represents the asynchronous operation.
/// </returns>
public virtual async Task <ValidationResult> RemoveAccessRuleAsync(AccessObjectType objectType, int objectId, AccessRuleItem rule, CancellationToken cancellationToken)
{
cancellationToken.ThrowIfCancellationRequested();
ThrowIfDisposed();
if (rule == null)
{
throw new ArgumentNullException(nameof(rule));
}
var aceEntity = await AccessRules.Where(objectType, objectId, rule.User?.Id).SingleOrDefaultAsync(cancellationToken);
if (aceEntity == null)
{
throw new InvalidOperationException("ACE does not exist.");
}
Context.Remove(aceEntity);
await SaveChangesAsync(cancellationToken);
return(ValidationResult.Success);
}
public FileSystemRights GetEffectiveRights(UserGroup user)
{
var userSids = new List <string> {
user.Sid
};
userSids.AddRange(user.Groups);
FileSystemRights inheritedDenyRights = 0, denyRights = 0;
FileSystemRights inheritedAllowRights = 0, allowRights = 0;
foreach (FileSystemAccessRuleForUI Rule in AccessRules.Where(x => userSids.Contains(x.IdentityReference)))
{
if (Rule.AccessControlType == AccessControlType.Deny)
{
if (Rule.IsInherited)
{
inheritedDenyRights |= Rule.FileSystemRights;
}
else
{
denyRights |= Rule.FileSystemRights;
}
}
else if (Rule.AccessControlType == AccessControlType.Allow)
{
if (Rule.IsInherited)
{
inheritedAllowRights |= Rule.FileSystemRights;
}
else
{
allowRights |= Rule.FileSystemRights;
}
}
}
return((inheritedAllowRights & ~inheritedDenyRights) | (allowRights & ~denyRights));
}
