Implements tools supporting athorization management.
Exemplo n.º 1
0
        /// <summary>
        /// Sets a permission for a global resource.
        /// </summary>
        /// <param name="status">The authorization status.</param>
        /// <param name="action">The action of which to modify the authorization status.</param>
        /// <param name="subject">The subject of the authorization change.</param>
        /// <returns><c>true</c> if the authorization status is changed, <c>false</c> otherwise.</returns>
        private bool SetPermissionForGlobals(AuthStatus status, string action, string subject)
        {
            if (action == null)
            {
                throw new ArgumentNullException("action");
            }
            if (action.Length == 0)
            {
                throw new ArgumentException("Action cannot be empty", "action");
            }
            if (action != Actions.FullControl && !AuthTools.IsValidAction(action, Actions.ForGlobals.All))
            {
                throw new ArgumentException("Invalid action", "action");
            }

            if (status == AuthStatus.Delete)
            {
                bool done = _settingsProvider.AclManager.DeleteEntry(Actions.ForGlobals.ResourceMasterPrefix, action, subject);

                if (done)
                {
                    Log.LogEntry(MessageDeleteSuccess + GetLogMessage(Actions.ForGlobals.ResourceMasterPrefix, "",
                                                                      action, subject, Delete), EntryType.General, Log.SystemUsername, _settingsProvider.CurrentWiki);
                }
                else
                {
                    Log.LogEntry(MessageDeleteFailure + GetLogMessage(Actions.ForGlobals.ResourceMasterPrefix, "",
                                                                      action, subject, Delete), EntryType.Error, Log.SystemUsername, _settingsProvider.CurrentWiki);
                }

                return(done);
            }
            else
            {
                bool done = _settingsProvider.AclManager.StoreEntry(Actions.ForGlobals.ResourceMasterPrefix,
                                                                    action, subject, status == AuthStatus.Grant ? Value.Grant : Value.Deny);

                if (done)
                {
                    Log.LogEntry(MessageSetSuccess + GetLogMessage(Actions.ForGlobals.ResourceMasterPrefix, "",
                                                                   action, subject, Set + status.ToString()), EntryType.General, Log.SystemUsername, _settingsProvider.CurrentWiki);
                }
                else
                {
                    Log.LogEntry(MessageSetFailure + GetLogMessage(Actions.ForGlobals.ResourceMasterPrefix, "",
                                                                   action, subject, Set + status.ToString()), EntryType.Error, Log.SystemUsername, _settingsProvider.CurrentWiki);
                }

                return(done);
            }
        }
Exemplo n.º 2
0
        private static void MigrateDirectories(IFilesStorageProviderV30 source, IFilesStorageProviderV30 destination, string current, ISettingsStorageProviderV30 settingsProvider)
        {
            // Copy files
            var files = source.ListFiles(current);

            foreach (var file in files)
            {
                // Copy file content
                using (var ms = new MemoryStream(1048576))
                {
                    source.RetrieveFile(file, ms, false);
                    ms.Seek(0, SeekOrigin.Begin);
                    destination.StoreFile(file, ms, false);
                }

                // Copy download count
                FileDetails fileDetails = source.GetFileDetails(file);
                destination.SetFileRetrievalCount(file, fileDetails.RetrievalCount);

                // Delete source file, if root
                if (current == "/")
                {
                    source.DeleteFile(file);
                }
            }

            settingsProvider.AclManager.RenameResource(
                Actions.ForDirectories.ResourceMasterPrefix + AuthTools.GetDirectoryName(source, current),
                Actions.ForDirectories.ResourceMasterPrefix + AuthTools.GetDirectoryName(destination, current));

            // Copy directories
            var directories = source.ListDirectories(current);

            foreach (var dir in directories)
            {
                destination.CreateDirectory(current, dir.Substring(dir.TrimEnd('/').LastIndexOf("/") + 1).Trim('/'));
                MigrateDirectories(source, destination, dir, settingsProvider);

                // Delete directory, if root
                if (current == "/")
                {
                    source.DeleteDirectory(dir);
                }
            }
        }
Exemplo n.º 3
0
        /// <summary>
        /// Checks whether an action is allowed for the global resources.
        /// </summary>
        /// <param name="action">The action the user is attempting to perform.</param>
        /// <param name="currentUser">The current user.</param>
        /// <param name="groups">The groups the user is member of.</param>
        /// <returns><c>true</c> if the action is allowed.</returns>
        public static bool CheckActionForGlobals(string action, string currentUser, string[] groups)
        {
            if (action == null)
            {
                throw new ArgumentNullException("action");
            }

            if (action.Length == 0)
            {
                throw new ArgumentException("Action cannot be empty", "action");
            }

            if (!AuthTools.IsValidAction(action, Actions.ForGlobals.All))
            {
                throw new ArgumentException("Invalid action", "action");
            }

            if (currentUser == null)
            {
                throw new ArgumentNullException("currentUser");
            }

            if (currentUser.Length == 0)
            {
                throw new ArgumentException("Current User cannot be empty", "currentUser");
            }

            if (groups == null)
            {
                throw new ArgumentNullException("groups");
            }

            if (currentUser == "admin")
            {
                return(true);
            }

            AclEntry[]    entries = SettingsProvider.AclManager.RetrieveEntriesForResource(Actions.ForGlobals.ResourceMasterPrefix);
            Authorization auth    = AclEvaluator.AuthorizeAction(Actions.ForGlobals.ResourceMasterPrefix, action,
                                                                 AuthTools.PrepareUsername(currentUser), AuthTools.PrepareGroups(groups), entries);

            return(auth == Authorization.Granted);
        }
Exemplo n.º 4
0
        /// <summary>
        /// Clears all the ACL entries for a directory.
        /// </summary>
        /// <param name="provider">The provider.</param>
        /// <param name="directory">The directory.</param>
        public void ClearEntriesForDirectory(IFilesStorageProviderV40 provider, string directory)
        {
            if (provider == null)
            {
                throw new ArgumentNullException("provider");
            }

            if (directory == null)
            {
                throw new ArgumentNullException("directory");
            }
            if (directory.Length == 0)
            {
                throw new ArgumentException("Directory cannot be empty", "directory");
            }

            string resourceName = Actions.ForDirectories.ResourceMasterPrefix + AuthTools.GetDirectoryName(provider, directory);

            _settingsProvider.AclManager.DeleteEntriesForResource(resourceName);
        }
Exemplo n.º 5
0
        /// <summary>
        /// Checks whether an action is allowed for a page.
        /// </summary>
        /// <param name="page">The current page.</param>
        /// <param name="action">The action the user is attempting to perform.</param>
        /// <param name="currentUser">The current user.</param>
        /// <param name="groups">The groups the user is member of.</param>
        /// <param name="localEscalator"><c>true</c> is the method is called in a local escalator process.</param>
        /// <returns><c>true</c> if the action is allowed, <c>false</c> otherwise.</returns>
        public static bool CheckActionForPage(PageInfo page, string action, string currentUser, string[] groups, bool localEscalator = false)
        {
            if (page == null)
            {
                throw new ArgumentNullException("page");
            }

            if (action == null)
            {
                throw new ArgumentNullException("action");
            }
            if (action.Length == 0)
            {
                throw new ArgumentException("Action cannot be empty", "action");
            }
            if (!AuthTools.IsValidAction(action, Actions.ForPages.All))
            {
                throw new ArgumentException("Invalid action", "action");
            }

            if (currentUser == null)
            {
                throw new ArgumentNullException("currentUser");
            }
            if (currentUser.Length == 0)
            {
                throw new ArgumentException("Current User cannot be empty", "currentUser");
            }

            if (groups == null)
            {
                throw new ArgumentNullException("groups");
            }

            if (currentUser == "admin")
            {
                return(true);
            }

            return(LocalCheckActionForPage(page, action, currentUser, groups, localEscalator) == Authorization.Granted);
        }
Exemplo n.º 6
0
        /// <summary>
        /// Retrieves the subjects that have ACL entries set for a directory.
        /// </summary>
        /// <param name="provider">The provider.</param>
        /// <param name="directory">The directory.</param>
        /// <returns>The subjects.</returns>
        public static SubjectInfo[] RetrieveSubjectsForDirectory(IFilesStorageProviderV30 provider, string directory)
        {
            if (provider == null)
            {
                throw new ArgumentNullException("provider");
            }

            if (directory == null)
            {
                throw new ArgumentNullException("directory");
            }

            if (directory.Length == 0)
            {
                throw new ArgumentException("Directory cannot be empty", "directory");
            }

            AclEntry[] entries = SettingsProvider.AclManager.RetrieveEntriesForResource(Actions.ForDirectories.ResourceMasterPrefix + AuthTools.GetDirectoryName(provider, directory));

            List <SubjectInfo> result = new List <SubjectInfo>(entries.Length);

            for (int i = 0; i < entries.Length; i++)
            {
                SubjectType type = AuthTools.IsGroup(entries[i].Subject) ? SubjectType.Group : SubjectType.User;

                // Remove the subject qualifier ('U.' or 'G.')
                string name = entries[i].Subject.Substring(2);

                if (result.Find(delegate(SubjectInfo x) { return(x.Name == name && x.Type == type); }) == null)
                {
                    result.Add(new SubjectInfo(name, type));
                }
            }

            return(result.ToArray());
        }
Exemplo n.º 7
0
        /// <summary>
        /// Checks whether an action is allowed for the global resources.
        /// </summary>
        /// <param name="action">The action the user is attempting to perform.</param>
        /// <param name="currentUser">The current user.</param>
        /// <param name="groups">The groups the user is member of.</param>
        /// <returns><c>true</c> if the action is allowed.</returns>
        public static bool CheckActionForGlobals(string action, string currentUser, string[] groups)
        {
            if (action == null)
            {
                throw new ArgumentNullException("action");
            }
            if (action.Length == 0)
            {
                throw new ArgumentException("Action cannot be empty", "action");
            }
            if (!AuthTools.IsValidAction(action, Actions.ForGlobals.All))
            {
                throw new ArgumentException("Invalid action", "action");
            }

            if (currentUser == null)
            {
                throw new ArgumentNullException("currentUser");
            }
            if (currentUser.Length == 0)
            {
                throw new ArgumentException("Current User cannot be empty", "currentUser");
            }

            if (groups == null)
            {
                throw new ArgumentNullException("groups");
            }

            if (currentUser == "admin")
            {
                return(true);
            }

            return(LocalCheckActionForGlobals(action, currentUser, groups) == Authorization.Granted);
        }
Exemplo n.º 8
0
        /// <summary>
        /// Removes all the ACL Entries for a directory that are bound to a subject.
        /// </summary>
        /// <param name="subject">The subject.</param>
        /// <param name="provider">The provider.</param>
        /// <param name="directory">The directory.</param>
        /// <returns><c>true</c> if the operation succeeded, <c>false</c> otherwise.</returns>
        private static bool RemoveEntriesForDirectory(string subject, IFilesStorageProviderV30 provider, string directory)
        {
            if (provider == null)
            {
                throw new ArgumentNullException("provider");
            }

            if (directory == null)
            {
                throw new ArgumentNullException("directory");
            }

            if (directory.Length == 0)
            {
                throw new ArgumentException("Directory cannot be empty", "directory");
            }

            string resourceName = Actions.ForDirectories.ResourceMasterPrefix + AuthTools.GetDirectoryName(provider, directory);

            AclEntry[] entries = SettingsProvider.AclManager.RetrieveEntriesForSubject(subject);

            foreach (AclEntry entry in entries)
            {
                if (entry.Resource == resourceName)
                {
                    // This call automatically logs the operation result
                    bool done = SetPermissionForDirectory(AuthStatus.Delete, provider, directory, entry.Action, subject);
                    if (!done)
                    {
                        return(false);
                    }
                }
            }

            return(true);
        }
Exemplo n.º 9
0
        private static Authorization LocalCheckActionForGlobals(string action, string currentUser, string[] groups)
        {
            AclEntry[]    entries = SettingsProvider.AclManager.RetrieveEntriesForResource(Actions.ForGlobals.ResourceMasterPrefix);
            Authorization auth    = AclEvaluator.AuthorizeAction(Actions.ForGlobals.ResourceMasterPrefix, action,
                                                                 AuthTools.PrepareUsername(currentUser), AuthTools.PrepareGroups(groups), entries);

            return(auth);
        }
Exemplo n.º 10
0
        /// <summary>
        /// Checks whether an action is allowed for a directory.
        /// </summary>
        /// <param name="provider">The provider that manages the directory.</param>
        /// <param name="directory">The full path of the directory.</param>
        /// <param name="action">The action the user is attempting to perform.</param>
        /// <param name="currentUser">The current user.</param>
        /// <param name="groups">The groups the user is member of.</param>
        /// <returns><c>true</c> if the action is allowed, <c>false</c> otherwise.</returns>
        public static bool CheckActionForDirectory(IFilesStorageProviderV30 provider, string directory, string action, string currentUser, string[] groups)
        {
            if (provider == null)
            {
                throw new ArgumentNullException("provider");
            }

            if (directory == null)
            {
                throw new ArgumentNullException("directory");
            }
            if (directory.Length == 0)
            {
                throw new ArgumentException("Directory cannot be empty", "directory");
            }

            if (action == null)
            {
                throw new ArgumentNullException("action");
            }
            if (action.Length == 0)
            {
                throw new ArgumentException("Action cannot be empty", "action");
            }
            if (!AuthTools.IsValidAction(action, Actions.ForDirectories.All))
            {
                throw new ArgumentException("Invalid action", "action");
            }

            if (currentUser == null)
            {
                throw new ArgumentNullException("currentUser");
            }
            if (currentUser.Length == 0)
            {
                throw new ArgumentException("Current User cannot be empty", "currentUser");
            }

            if (groups == null)
            {
                throw new ArgumentNullException("groups");
            }

            if (currentUser == "admin")
            {
                return(true);
            }

            string resourceName = Actions.ForDirectories.ResourceMasterPrefix + AuthTools.GetDirectoryName(provider, directory);

            AclEntry[] entries = SettingsProvider.AclManager.RetrieveEntriesForResource(resourceName);

            Authorization auth = AclEvaluator.AuthorizeAction(resourceName, action,
                                                              AuthTools.PrepareUsername(currentUser), AuthTools.PrepareGroups(groups), entries);

            if (auth != Authorization.Unknown)
            {
                return(auth == Authorization.Granted);
            }

            // Try local escalators
            string[] localEscalators = null;
            if (Actions.ForDirectories.LocalEscalators.TryGetValue(action, out localEscalators))
            {
                foreach (string localAction in localEscalators)
                {
                    bool authorized = CheckActionForDirectory(provider, directory, localAction, currentUser, groups);
                    if (authorized)
                    {
                        return(true);
                    }
                }
            }

            // Try directory escalation (extract parent directory and check its permissions)
            // Path manipulation keeps the format used by the caller (leading and trailing slashes are preserved if appropriate)
            string trimmedDirectory = directory.Trim('/');

            if (trimmedDirectory.Length > 0)
            {
                int    slashIndex = trimmedDirectory.LastIndexOf('/');
                string parentDir  = "";
                if (slashIndex > 0)
                {
                    // Navigate one level up, using the same slash format as the current one
                    parentDir = (directory.StartsWith("/") ? "/" : "") +
                                trimmedDirectory.Substring(0, slashIndex) + (directory.EndsWith("/") ? "/" : "");
                }
                else
                {
                    // This is the root
                    parentDir = directory.StartsWith("/") ? "/" : "";
                }
                bool authorized = CheckActionForDirectory(provider, parentDir, action, currentUser, groups);
                if (authorized)
                {
                    return(true);
                }
            }

            // Try global escalators
            string[] globalEscalators = null;
            if (Actions.ForDirectories.GlobalEscalators.TryGetValue(action, out globalEscalators))
            {
                foreach (string globalAction in globalEscalators)
                {
                    bool authorized = CheckActionForGlobals(globalAction, currentUser, groups);
                    if (authorized)
                    {
                        return(true);
                    }
                }
            }

            return(false);
        }
Exemplo n.º 11
0
        private static Authorization LocalCheckActionForPage(PageInfo page, string action, string currentUser, string[] groups, bool localEscalator = false)
        {
            AclEntry[]    entries = SettingsProvider.AclManager.RetrieveEntriesForResource(Actions.ForPages.ResourceMasterPrefix + page.FullName);
            Authorization auth    = AclEvaluator.AuthorizeAction(Actions.ForPages.ResourceMasterPrefix + page.FullName, action,
                                                                 AuthTools.PrepareUsername(currentUser), AuthTools.PrepareGroups(groups), entries);

            if (localEscalator || auth != Authorization.Unknown)
            {
                return(auth);
            }

            // Try local escalators
            string[] localEscalators = null;
            if (Actions.ForPages.LocalEscalators.TryGetValue(action, out localEscalators))
            {
                foreach (string localAction in localEscalators)
                {
                    Authorization authorization = LocalCheckActionForPage(page, localAction, currentUser, groups, true);
                    if (authorization != Authorization.Unknown)
                    {
                        return(authorization);
                    }
                }
            }

            // Try namespace escalators
            string[]      namespaceEscalators = null;
            string        nsName = NameTools.GetNamespace(page.FullName);
            NamespaceInfo ns     = string.IsNullOrEmpty(nsName) ? null : new NamespaceInfo(nsName, null, null);

            if (Actions.ForPages.NamespaceEscalators.TryGetValue(action, out namespaceEscalators))
            {
                foreach (string namespaceAction in namespaceEscalators)
                {
                    Authorization authorization = LocalCheckActionForNamespace(ns, namespaceAction, currentUser, groups, true);
                    if (authorization != Authorization.Unknown)
                    {
                        return(authorization);
                    }

                    // Try root escalation
                    if (ns != null)
                    {
                        authorization = LocalCheckActionForNamespace(null, namespaceAction, currentUser, groups, true);
                        if (authorization != Authorization.Unknown)
                        {
                            return(authorization);
                        }
                    }
                }
            }

            // Try global escalators
            string[] globalEscalators = null;
            if (Actions.ForPages.GlobalEscalators.TryGetValue(action, out globalEscalators))
            {
                foreach (string globalAction in globalEscalators)
                {
                    Authorization authorization = LocalCheckActionForGlobals(globalAction, currentUser, groups);
                    if (authorization != Authorization.Unknown)
                    {
                        return(authorization);
                    }
                }
            }

            return(Authorization.Unknown);
        }
Exemplo n.º 12
0
        private static Authorization LocalCheckActionForNamespace(NamespaceInfo nspace, string action, string currentUser, string[] groups, bool localEscalator = false)
        {
            string namespaceName = nspace != null ? nspace.Name : "";

            AclEntry[] entries = SettingsProvider.AclManager.RetrieveEntriesForResource(
                Actions.ForNamespaces.ResourceMasterPrefix + namespaceName);

            Authorization auth = AclEvaluator.AuthorizeAction(Actions.ForNamespaces.ResourceMasterPrefix + namespaceName,
                                                              action, AuthTools.PrepareUsername(currentUser), AuthTools.PrepareGroups(groups), entries);

            if (localEscalator || auth != Authorization.Unknown)
            {
                return(auth);
            }

            // Try local escalators
            string[] localEscalators = null;
            if (Actions.ForNamespaces.LocalEscalators.TryGetValue(action, out localEscalators))
            {
                foreach (string localAction in localEscalators)
                {
                    Authorization authorization = LocalCheckActionForNamespace(nspace, localAction, currentUser, groups, true);
                    if (authorization != Authorization.Unknown)
                    {
                        return(authorization);
                    }
                }
            }

            // Try root escalation
            if (nspace != null)
            {
                Authorization authorization = LocalCheckActionForNamespace(null, action, currentUser, groups);
                if (authorization != Authorization.Unknown)
                {
                    return(authorization);
                }
            }

            // Try global escalators
            string[] globalEscalators = null;
            if (Actions.ForNamespaces.GlobalEscalators.TryGetValue(action, out globalEscalators))
            {
                foreach (string globalAction in globalEscalators)
                {
                    Authorization authorization = LocalCheckActionForGlobals(globalAction, currentUser, groups);
                    if (authorization != Authorization.Unknown)
                    {
                        return(authorization);
                    }
                }
            }

            return(Authorization.Unknown);
        }
Exemplo n.º 13
0
        /// <summary>
        /// Checks whether an action is allowed for a namespace.
        /// </summary>
        /// <param name="nspace">The current namespace (<c>null</c> for the root).</param>
        /// <param name="action">The action the user is attempting to perform.</param>
        /// <param name="currentUser">The current user.</param>
        /// <param name="groups">The groups the user is member of.</param>
        /// <returns><c>true</c> if the action is allowed, <c>false</c> otherwise.</returns>
        public static bool CheckActionForNamespace(NamespaceInfo nspace, string action, string currentUser, string[] groups)
        {
            if (action == null)
            {
                throw new ArgumentNullException("action");
            }

            if (action.Length == 0)
            {
                throw new ArgumentException("Action cannot be empty", "action");
            }

            if (!AuthTools.IsValidAction(action, Actions.ForNamespaces.All))
            {
                throw new ArgumentException("Invalid action", "action");
            }

            if (currentUser == null)
            {
                throw new ArgumentNullException("currentUser");
            }

            if (currentUser.Length == 0)
            {
                throw new ArgumentException("Current User cannot be empty", "currentUser");
            }

            if (groups == null)
            {
                throw new ArgumentNullException("groups");
            }

            if (currentUser == "admin")
            {
                return(true);
            }

            string namespaceName = nspace != null ? nspace.Name : "";

            AclEntry[] entries = SettingsProvider.AclManager.RetrieveEntriesForResource(
                Actions.ForNamespaces.ResourceMasterPrefix + namespaceName);

            Authorization auth = AclEvaluator.AuthorizeAction(Actions.ForNamespaces.ResourceMasterPrefix + namespaceName,
                                                              action, AuthTools.PrepareUsername(currentUser), AuthTools.PrepareGroups(groups), entries);

            if (auth != Authorization.Unknown)
            {
                return(auth == Authorization.Granted);
            }

            // Try local escalators
            string[] localEscalators = null;
            if (Actions.ForNamespaces.LocalEscalators.TryGetValue(action, out localEscalators))
            {
                foreach (string localAction in localEscalators)
                {
                    bool authorized = CheckActionForNamespace(nspace, localAction, currentUser, groups);
                    if (authorized)
                    {
                        return(true);
                    }
                }
            }

            // Try root escalation
            if (nspace != null)
            {
                bool authorized = CheckActionForNamespace(null, action, currentUser, groups);
                if (authorized)
                {
                    return(true);
                }
            }

            // Try global escalators
            string[] globalEscalators = null;
            if (Actions.ForNamespaces.GlobalEscalators.TryGetValue(action, out globalEscalators))
            {
                foreach (string globalAction in globalEscalators)
                {
                    bool authorized = CheckActionForGlobals(globalAction, currentUser, groups);
                    if (authorized)
                    {
                        return(true);
                    }
                }
            }

            return(false);
        }
Exemplo n.º 14
0
        /// <summary>
        /// Sets a permission for a directory.
        /// </summary>
        /// <param name="status">The authorization status.</param>
        /// <param name="provider">The provider that handles the directory.</param>
        /// <param name="directory">The directory.</param>
        /// <param name="action">The action of which to modify the authorization status.</param>
        /// <param name="subject">The subject of the authorization change.</param>
        /// <returns><c>true</c> if the authorization status is changed, <c>false</c> otherwise.</returns>
        private static bool SetPermissionForDirectory(AuthStatus status, IFilesStorageProviderV30 provider, string directory, string action, string subject)
        {
            if (provider == null)
            {
                throw new ArgumentNullException("provider");
            }
            if (directory == null)
            {
                throw new ArgumentNullException("directory");
            }
            if (directory.Length == 0)
            {
                throw new ArgumentException("Directory cannot be empty", "directory");
            }
            if (action == null)
            {
                throw new ArgumentNullException("action");
            }
            if (action.Length == 0)
            {
                throw new ArgumentException("Action cannot be empty", "action");
            }
            if (action != Actions.FullControl && !AuthTools.IsValidAction(action, Actions.ForDirectories.All))
            {
                throw new ArgumentException("Invalid action", "action");
            }

            var directoryName = AuthTools.GetDirectoryName(provider, directory);

            if (status == AuthStatus.Delete)
            {
                var done = SettingsProvider.AclManager.DeleteEntry(Actions.ForDirectories.ResourceMasterPrefix + directoryName,
                                                                   action, subject);

                if (done)
                {
                    Log.LogEntry(MessageDeleteSuccess + GetLogMessage(Actions.ForDirectories.ResourceMasterPrefix, directoryName,
                                                                      action, subject, Delete), EntryType.General, Log.SystemUsername);
                }
                else
                {
                    Log.LogEntry(MessageDeleteFailure + GetLogMessage(Actions.ForDirectories.ResourceMasterPrefix, directoryName,
                                                                      action, subject, Delete), EntryType.Error, Log.SystemUsername);
                }

                return(done);
            }
            else
            {
                var done = SettingsProvider.AclManager.StoreEntry(Actions.ForDirectories.ResourceMasterPrefix + directoryName,
                                                                  action, subject, status == AuthStatus.Grant ? Value.Grant : Value.Deny);

                if (done)
                {
                    Log.LogEntry(MessageSetSuccess + GetLogMessage(Actions.ForDirectories.ResourceMasterPrefix, directoryName,
                                                                   action, subject, Set + status.ToString()), EntryType.General, Log.SystemUsername);
                }
                else
                {
                    Log.LogEntry(MessageSetFailure + GetLogMessage(Actions.ForDirectories.ResourceMasterPrefix, directoryName,
                                                                   action, subject, Set + status.ToString()), EntryType.Error, Log.SystemUsername);
                }

                return(done);
            }
        }