Exemplo n.º 1
0
        /// <summary>
        /// This gives either a friendly csv list of the sessions roles or a friendly string for Local root account.
        /// If Pre MR gives Pool Admin for AD users.
        /// </summary>
        public string FriendlyRoleDescription()
        {
            if (IsLocalSuperuser || XenAdmin.Core.Helpers.GetMaster(Connection).external_auth_type != Auth.AUTH_TYPE_AD)
            {
                return(Messages.AD_LOCAL_ROOT_ACCOUNT);
            }

            return(Role.FriendlyCSVRoleList(Roles));
        }
Exemplo n.º 2
0
        /// <summary>
        /// Changes a techy RBAC Failure into a pretty print one that shows the roles that would be required to complete the failed action.
        /// Requires context such as the the connection and current session to populate these fields.
        /// </summary>
        /// <param name="failure">The Failure to update</param>
        /// <param name="Connection">The current connection</param>
        /// <param name="Session">The current session, passed separately because it could be an elevated session, different to the heartbeat</param>
        public static void ParseRBACFailure(Failure failure, IXenConnection Connection, Session Session)
        {
            List <Role> authRoles = Role.ValidRoleList(failure.ErrorDescription[1], Connection);

            failure.ErrorDescription[0] = Failure.RBAC_PERMISSION_DENIED_FRIENDLY;
            // Current Role(s)
            failure.ErrorDescription[1] = Session.FriendlyRoleDescription();
            // Authorized roles
            failure.ErrorDescription[2] = Role.FriendlyCSVRoleList(authRoles);
            failure.Setup();
        }
Exemplo n.º 3
0
        /// <summary>
        /// This overload is for the special case of us doing an action over multiple connections. Assumes the role requirement is the same across all conections.
        /// </summary>
        /// <param name="failure">The Failure to update</param>
        /// <param name="Sessions">One session per connection, the ones used to perform the action. Passed separately because they could be elevated sessions, different to the heartbeat</param>
        public static void ParseRBACFailure(Failure failure, Session[] Sessions)
        {
            List <Role> authRoles = Role.ValidRoleList(failure.ErrorDescription[1], Sessions[0].Connection);

            failure.ErrorDescription[0] = Failure.RBAC_PERMISSION_DENIED_FRIENDLY;
            // Current Role(s)
            StringBuilder sb = new StringBuilder();

            foreach (Session s in Sessions)
            {
                sb.Append(string.Format(Messages.ROLE_ON_CONNECTION, s.FriendlyRoleDescription(), Helpers.GetName(s.Connection).Ellipsise(50)));
                sb.Append(", ");
            }
            string output = sb.ToString();

            // remove trailing comma and space
            output = output.Substring(0, output.Length - 2);
            failure.ErrorDescription[1] = output;
            // Authorized roles
            failure.ErrorDescription[2] = Role.FriendlyCSVRoleList(authRoles);
            failure.Setup();
        }