private static void CheckRight(DummyFileInfoWrapper fileInfo, string action)
{
bool isActionAllowed = false;
int userId = Security.CurrentUser.UserID;
if (fileInfo.ContainerKey.StartsWith("ForumNodeId_"))
{
// Extract forumNodeId
int forumNodeId = int.Parse(fileInfo.ContainerKey.Split('_')[1]);
// Find incidentId by ForumNodeId
string forumContainerKey = ForumThreadNodeInfo.GetOwnerContainerKey(forumNodeId);
int incidentId = int.Parse(forumContainerKey.Split('_')[1]);
// Check Security
switch (action)
{
case "Read":
isActionAllowed = Incident.CanRead(incidentId);
break;
case "Write":
isActionAllowed = Incident.CanUpdate(incidentId);
break;
}
}
else if (fileInfo.ContainerKey.StartsWith("DocumentVers_"))
{
// Extract documentVersionId
int documentId = int.Parse(fileInfo.ContainerKey.Split('_')[1]);
// Check Security
switch (action)
{
case "Read":
isActionAllowed = Document.CanRead(documentId);
break;
case "Write":
isActionAllowed = Document.CanAddVersion(documentId);
break;
}
}
else
{
isActionAllowed = FileStorage.CanUserRunAction(userId, fileInfo.ContainerKey, fileInfo.ParrentDirectoryId, action);
//retVal = FileStorage.CanUserRead(Security.CurrentUser.UserID, fileInfo.ContainerKey, fileInfo.ParrentDirectoryId);
}
if (!isActionAllowed)
{
throw new HttpException(403, "Operation '" + action + "' is forbidden.");
}
}
private static bool CheckFileStorageRight(FileInfo fileInfo, string action, int userId)
{
bool isActionAllowed = false;
if (fileInfo.ContainerKey.StartsWith("ForumNodeId_"))
{
// Extract forumNodeId
int forumNodeId = int.Parse(fileInfo.ContainerKey.Split('_')[1]);
// Find incidentId by ForumNodeId
string forumContainerKey = ForumThreadNodeInfo.GetOwnerContainerKey(forumNodeId);
int incidentId = int.Parse(forumContainerKey.Split('_')[1]);
// Check Security
switch (action)
{
case "Read":
isActionAllowed = Incident.CanRead(incidentId);
break;
case "Write":
isActionAllowed = Incident.CanUpdate(incidentId);
break;
}
}
else if (fileInfo.ContainerKey.StartsWith("DocumentVers_"))
{
// Extract documentVersionId
int documentId = int.Parse(fileInfo.ContainerKey.Split('_')[1]);
// Check Security
switch (action)
{
case "Read":
isActionAllowed = Document.CanRead(documentId);
break;
case "Write":
isActionAllowed = Document.CanAddVersion(documentId);
break;
}
}
else
{
isActionAllowed = FileStorage.CanUserRunAction(userId, fileInfo.ContainerKey, fileInfo.ParentDirectoryId, action);
}
return(isActionAllowed);
}
/// <summary>
/// Sets the ACL.
/// </summary>
/// <param name="control">The control.</param>
/// <param name="acl">The acl.</param>
/// <param name="ValidateACL">if set to <c>true</c> [validate ACL].</param>
public static void SetACL(IIbnControl control, AccessControlList acl, bool ValidateACL)
{
if (control == null)
{
throw new ArgumentNullException("control");
}
if (acl == null)
{
throw new ArgumentNullException("acl");
}
if (acl.OwnerDirectoryId == 0)
{
throw new ArgumentException("You can not use a dettached ACL.", "acl");
}
// Validation 1 - 2
if (ValidateACL)
{
if (acl.Count == 0)
{
throw new AllUserAccessWillBeDeniedException();
}
}
using (Mediachase.IBN.Database.DbTransaction tran = Mediachase.IBN.Database.DbTransaction.Begin())
{
// Step 2. Update Inherited ACEs
if (acl.IsInheritedChanged)
{
if (acl.IsInherited)
{
DBAccessControlList.TurnOnIsInherited(acl.Id);
}
else
{
DBAccessControlList.TurnOffIsInherited(acl.Id, false);
}
}
// Step 3. Update Common ACEs
if (acl.IsChanged)
{
DBAccessControlList.Clear(acl.Id);
foreach (AccessControlEntry ace in acl)
{
if (!ace.IsIherited)
{
DBAccessControlList.AddAce(acl.Id, ace.Role, ace.PrincipalId, ace.Action, ace.Allow, false, ace.OwnerKey);
if (ace.Allow)
{
foreach (string BaseAction in control.GetBaseActions(ace.Action))
{
DBAccessControlList.AddAce(acl.Id, ace.Role, ace.PrincipalId, BaseAction, ace.Allow, true, ace.OwnerKey);
}
}
else
{
foreach (string BaseAction in control.GetDerivedActions(ace.Action))
{
DBAccessControlList.AddAce(acl.Id, ace.Role, ace.PrincipalId, BaseAction, ace.Allow, true, ace.OwnerKey);
}
}
}
}
}
// Step 4. Update child ACL
DBAccessControlList.RefreshInheritedACL(acl.OwnerDirectoryId);
// Validation 2 - 2
if (ValidateACL)
{
if (!FileStorage.CanUserRunAction(Security.CurrentUser.UserID, control.OwnerContainer.Key, acl.OwnerDirectoryId, "Admin"))
{
throw new AdminAccessWillBeDeniedException();
}
}
tran.Commit();
}
}