private bool IsPermitted(CS505Project1.Domains.GrantAction grantAction) { //Get UserID: int userId_grantor = GetUserId(grantAction.grantor_name); int userId_grantee = GetUserId(grantAction.grantee_name); //If attempting insert: if (grantAction.operation == Domains.Operation_Type.INSERT) { string query = string.Format(query_ISALLOWEDTOGRANT_INSERT, userId_grantor, grantAction.table_name); List <string> result = GetRecords(query); if (result.Count == 0 || string.IsNullOrEmpty(result[0]) || (result[0] == "0")) { return(false); //not permitted } else { return(true); } } else if (grantAction.operation == Domains.Operation_Type.SELECT) { string query = string.Format(query_ISALLOWEDTOGRANT_SELECT, userId_grantor, grantAction.table_name); List <string> result = GetRecords(query); if (result.Count == 0 || string.IsNullOrEmpty(result[0]) || (result[0] == "0")) { return(false); //not permitted } else { return(true); } } return(false); }
/// <summary> /// ISGRANTFORBIDDEN /// 1. Check that the USER IS FORBIDDEN TO PERFORM GRANT on this table (via forbidden_list) /// 2. Check that the USER BEING GRANTED is FORBIDDEN TO HAVE THIS PRIVILEGE (via forbidden_list) /// </summary> /// <param name="grantAction">Suggested action to perform (includes the user ATTEMPTING TO GRANT, the user BEING GRANTED, /// the table to give permission on, and the rights for the user (being granted) to pass this on to others</param> /// <returns>TRUE if either condition is met. FALSE if neither condition is met.</returns> public bool IsGrantForbidden(CS505Project1.Domains.GrantAction grantAction) { int userId_grantor = 0, userId_grantee = 0; string query = string.Empty; List <string> result = null; //Get user IDs for the grantor and grantee userId_grantor = GetUserId(grantAction.grantor_name); userId_grantee = GetUserId(grantAction.grantee_name); if (userId_grantor == 0 || userId_grantee == 0) { return(false); //User was not found } //Check to see if the grantor is forbidden to grant on this table if (grantAction.operation == Domains.Operation_Type.SELECT) { query = string.Format(query_ISFORBIDDENTOGRANTSELECT, userId_grantor, grantAction.table_name); } else { query = string.Format(query_ISFORBIDDENTOGRANTINSERT, userId_grantor, grantAction.table_name); } result = GetRecords(query); if (result.Count != 0 && !string.IsNullOrEmpty(result[0]) && (result[0] != "0")) { return(true); //on forbidden_list, return true (IS FORBIDDEN) } //Check to see if the grantee is forbidden to have this action query = string.Empty; result = null; if (grantAction.operation == Domains.Operation_Type.SELECT) { query = string.Format(query_ISFORBIDDENTOBEGRANTEDSELECT, userId_grantee, grantAction.table_name); } else { query = string.Format(query_ISFORBIDDENTOBEGRANTEDINSERT, userId_grantee, grantAction.table_name); } result = GetRecords(query); if (result.Count != 0 && !string.IsNullOrEmpty(result[0]) && (result[0] != "0")) { return(true); //on forbidden_list, return true (IS FORBIDDEN) } //Neither were forbidden return(false); }
/// <summary> /// ISGRANTPERMITTED /// 1. Checks that the user ATTEMPTING TO GRANT has permission to do so (via my_permissions table) /// 2. Checks that the user BEING GRANTED is allowed to have such an action (via permitted_list) /// </summary> /// <param name="grantAction">Suggested action to perform (includes the user ATTEMPTING TO GRANT, the user BEING GRANTED, /// the table to give permission on, and the rights for the user (being granted) to pass this on to others</param> /// <returns>TRUE if both conditions are met. FALSE if either condition is not met</returns> public bool IsGrantPermitted(CS505Project1.Domains.GrantAction grantAction) { int userId_grantor = 0, userId_grantee = 0; string query = string.Empty; List <string> result = null; //Get user IDs for the grantor and grantee userId_grantor = GetUserId(grantAction.grantor_name); userId_grantee = GetUserId(grantAction.grantee_name); if (userId_grantor == 0 || userId_grantee == 0) { return(false); //User was not found } //Check that the user has the grant option in MY_PERMISSIONS for this table and action if (grantAction.operation == Domains.Operation_Type.SELECT) { query = string.Format(query_ISALLOWEDTOGRANT_SELECT, userId_grantor, grantAction.table_name); } else { query = string.Format(query_ISALLOWEDTOGRANT_INSERT, userId_grantor, grantAction.table_name); } result = GetRecords(query); if (result.Count == 0 || string.IsNullOrEmpty(result[0]) || (result[0] == "0")) { return(false); //not in my_permissions, return false } /////////////////////////////////// //The user has the grant permission //check that the grantee is permitted to have this action query = null; if (grantAction.operation == Domains.Operation_Type.SELECT) { if (grantAction.grant) { query = string.Format(query_CANUSERBEGRANTED_SELECT_WITHGRANT, userId_grantee, grantAction.table_name); } else { query = string.Format(query_CANUSERBEGRANTED_SELECT, userId_grantee, grantAction.table_name); } } else { if (grantAction.grant) { query = string.Format(query_CANUSERBEGRANTED_INSERT_WITHGRANT, userId_grantee, grantAction.table_name); } else { query = string.Format(query_CANUSERBEGRANTED_INSERT, userId_grantee, grantAction.table_name); } } result = null; result = GetRecords(query); if (result.Count == 0 || string.IsNullOrEmpty(result[0]) || (result[0] == "0")) { return(false); //Not on the permitted list, return false } //Found on the permitted list return(true); }