Exemplo n.º 1
0
 public static void PopulatePermissionFromIDataReader( PermissionBase p, IDataReader reader)
 {
     p.Name          = (string) reader["RoleName"];
     p.RoleID        = (Guid) reader["RoleID"];
     p.SectionID       = (int) reader["SectionID"];
     p.Implied		= (bool)reader["Implied"];
     p.AllowMask		= (Permission) (long)reader["AllowMask"];
     p.DenyMask		= (Permission) (long)reader["DenyMask"];
 }
Exemplo n.º 2
0
 public abstract void CreateUpdateDeletePermission(PermissionBase p, DataProviderAction action);
Exemplo n.º 3
0
        /// <summary>
        /// This method merges the supplied permissions with the current permissions to come up with an
        /// updated permission set. The logic is that and Implied Allow overrides an Implied Deny, but 
        /// and Explicit Deny overrides an Implicit Allow, while an Explicit Allow overrides an Explicit
        /// Deny. This gives us a least restrictive security system.
        /// </summary>
        /// <param name="permissionBase">The permission to merge with the current permission set</param>
        public void Merge( PermissionBase permissionBase )
        {
            this.allowMask	|= permissionBase.AllowMask;
            this.denyMask	|= permissionBase.DenyMask;

            if( this.implied )
            {

                if( permissionBase.Implied )
                {
                    this.allowMask	|= permissionBase.AllowMask;
                    this.denyMask	|= permissionBase.DenyMask;
                }
                else
                {
                    // this logic takes the DenyMasks and coverts the ON bits to off bits and the off bits to ON bits. This gives
                    // us a reverse mask of the deny. Deny describes what is currently denied, but to turn off an allow bit we need
                    // to perform an exclive or on the inverse of the deny mask. This has the result of turning any ALLOW bits off
                    // that the deny bit was set to on (before doing the inverse).
                    this.allowMask	= (Permission)(( (long)this.allowMask & ( (long)-1 ^  (long)permissionBase.DenyMask )) | (long)permissionBase.AllowMask);
                    this.denyMask	|= permissionBase.DenyMask;
                    this.implied = false;
                }
            }
            else
            {

                if( permissionBase.Implied )
                {
            //                    this.allowMask |= permissionBase.AllowMask;
                    // take the implied allow mask, and turn off any bits, that are explicited denied
                    this.allowMask	|= (Permission)(( (long)this.allowMask & ( (long)-1 ^  (long)this.DenyMask )) | (long)permissionBase.AllowMask);
                    this.denyMask  |= permissionBase.DenyMask;
                }
                else
                {
            //                    this.allowMask	 = (Permission)(( (long)this.allowMask & ( (long)-1 ^ (long)permissionBase.DenyMask )) | (long)permissionBase.AllowMask);
                    this.allowMask	|= permissionBase.AllowMask;
                    this.denyMask	|= permissionBase.DenyMask;
                }
            }
        }