Пример #1
0
        private static void CheckRight(DummyFileInfoWrapper fileInfo, string action)
        {
            bool isActionAllowed = false;

            int userId = Security.CurrentUser.UserID;

            if (fileInfo.ContainerKey.StartsWith("ForumNodeId_"))
            {
                // Extract forumNodeId
                int forumNodeId = int.Parse(fileInfo.ContainerKey.Split('_')[1]);

                // Find incidentId by ForumNodeId
                string forumContainerKey = ForumThreadNodeInfo.GetOwnerContainerKey(forumNodeId);
                int    incidentId        = int.Parse(forumContainerKey.Split('_')[1]);

                // Check Security
                switch (action)
                {
                case "Read":
                    isActionAllowed = Incident.CanRead(incidentId);
                    break;

                case "Write":
                    isActionAllowed = Incident.CanUpdate(incidentId);
                    break;
                }
            }
            else if (fileInfo.ContainerKey.StartsWith("DocumentVers_"))
            {
                // Extract documentVersionId
                int documentId = int.Parse(fileInfo.ContainerKey.Split('_')[1]);

                // Check Security
                switch (action)
                {
                case "Read":
                    isActionAllowed = Document.CanRead(documentId);
                    break;

                case "Write":
                    isActionAllowed = Document.CanAddVersion(documentId);
                    break;
                }
            }
            else
            {
                isActionAllowed = FileStorage.CanUserRunAction(userId, fileInfo.ContainerKey, fileInfo.ParrentDirectoryId, action);
                //retVal = FileStorage.CanUserRead(Security.CurrentUser.UserID, fileInfo.ContainerKey, fileInfo.ParrentDirectoryId);
            }

            if (!isActionAllowed)
            {
                throw new HttpException(403, "Operation '" + action + "' is forbidden.");
            }
        }
Пример #2
0
        private static bool CheckFileStorageRight(FileInfo fileInfo, string action, int userId)
        {
            bool isActionAllowed = false;

            if (fileInfo.ContainerKey.StartsWith("ForumNodeId_"))
            {
                // Extract forumNodeId
                int forumNodeId = int.Parse(fileInfo.ContainerKey.Split('_')[1]);

                // Find incidentId by ForumNodeId
                string forumContainerKey = ForumThreadNodeInfo.GetOwnerContainerKey(forumNodeId);
                int    incidentId        = int.Parse(forumContainerKey.Split('_')[1]);

                // Check Security
                switch (action)
                {
                case "Read":
                    isActionAllowed = Incident.CanRead(incidentId);
                    break;

                case "Write":
                    isActionAllowed = Incident.CanUpdate(incidentId);
                    break;
                }
            }
            else if (fileInfo.ContainerKey.StartsWith("DocumentVers_"))
            {
                // Extract documentVersionId
                int documentId = int.Parse(fileInfo.ContainerKey.Split('_')[1]);

                // Check Security
                switch (action)
                {
                case "Read":
                    isActionAllowed = Document.CanRead(documentId);
                    break;

                case "Write":
                    isActionAllowed = Document.CanAddVersion(documentId);
                    break;
                }
            }
            else
            {
                isActionAllowed = FileStorage.CanUserRunAction(userId, fileInfo.ContainerKey, fileInfo.ParentDirectoryId, action);
            }

            return(isActionAllowed);
        }
Пример #3
0
        /// <summary>
        /// Sets the ACL.
        /// </summary>
        /// <param name="control">The control.</param>
        /// <param name="acl">The acl.</param>
        /// <param name="ValidateACL">if set to <c>true</c> [validate ACL].</param>
        public static void SetACL(IIbnControl control, AccessControlList acl, bool ValidateACL)
        {
            if (control == null)
            {
                throw new ArgumentNullException("control");
            }

            if (acl == null)
            {
                throw new ArgumentNullException("acl");
            }

            if (acl.OwnerDirectoryId == 0)
            {
                throw new ArgumentException("You can not use a dettached ACL.", "acl");
            }

            // Validation 1 - 2
            if (ValidateACL)
            {
                if (acl.Count == 0)
                {
                    throw new AllUserAccessWillBeDeniedException();
                }
            }

            using (Mediachase.IBN.Database.DbTransaction tran = Mediachase.IBN.Database.DbTransaction.Begin())
            {
                // Step 2. Update Inherited ACEs
                if (acl.IsInheritedChanged)
                {
                    if (acl.IsInherited)
                    {
                        DBAccessControlList.TurnOnIsInherited(acl.Id);
                    }
                    else
                    {
                        DBAccessControlList.TurnOffIsInherited(acl.Id, false);
                    }
                }

                // Step 3. Update Common ACEs
                if (acl.IsChanged)
                {
                    DBAccessControlList.Clear(acl.Id);

                    foreach (AccessControlEntry ace in acl)
                    {
                        if (!ace.IsIherited)
                        {
                            DBAccessControlList.AddAce(acl.Id, ace.Role, ace.PrincipalId, ace.Action, ace.Allow, false, ace.OwnerKey);

                            if (ace.Allow)
                            {
                                foreach (string BaseAction in control.GetBaseActions(ace.Action))
                                {
                                    DBAccessControlList.AddAce(acl.Id, ace.Role, ace.PrincipalId, BaseAction, ace.Allow, true, ace.OwnerKey);
                                }
                            }
                            else
                            {
                                foreach (string BaseAction in control.GetDerivedActions(ace.Action))
                                {
                                    DBAccessControlList.AddAce(acl.Id, ace.Role, ace.PrincipalId, BaseAction, ace.Allow, true, ace.OwnerKey);
                                }
                            }
                        }
                    }
                }

                // Step 4. Update child ACL
                DBAccessControlList.RefreshInheritedACL(acl.OwnerDirectoryId);

                // Validation 2 - 2
                if (ValidateACL)
                {
                    if (!FileStorage.CanUserRunAction(Security.CurrentUser.UserID, control.OwnerContainer.Key, acl.OwnerDirectoryId, "Admin"))
                    {
                        throw new AdminAccessWillBeDeniedException();
                    }
                }

                tran.Commit();
            }
        }