Пример #1
0
        /// <summary>
        /// Calculates the rights that a user effectively has for a page. 
        /// </summary>
        /// <param name="permissions">Struct consisting of the following:
        /// Rights of specific to user is added to rights given to groups to which to user belongs
        /// Restriction flags associated with a page. These work to counter the effectiveUserGroupRights
        /// Effective grants associated with a page as a combinatation of user and group grants
        /// </param>
        /// <returns>The effective rights represented as a bitmask to a page</returns>
        public static ulong CalculateEffectivePageRights(PermissionStruct permissions) {

            //If a user's effective rights (independent of page) has admin flag, the effective page rights are same as user's effective rights.
            if((permissions.UserPermissions & Permissions.ADMIN) == Permissions.ADMIN) {
                return (ulong)permissions.UserPermissions;
            }
            return (ulong)(((permissions.UserPermissions & permissions.PageRestrictionsMask) | permissions.PageGrantPermissions) | (permissions.UserPermissions & PermissionSets.PAGE_INDEPENDENT));
        }
Пример #2
0
        private Dictionary <T, PermissionStruct> Grants_CalculateEffectivePermissions <T>(IEnumerable <uint> userIds, IEnumerable <ulong> pageIds, bool keyByUser)
        {
            Dictionary <T, PermissionStruct> ret = new Dictionary <T, PermissionStruct>();

            pageIds = pageIds.Distinct();
            userIds = userIds.Distinct();

            // check if there are any results to return at all
            if ((pageIds.Count() == 0) || (userIds.Count() == 0))
            {
                return(ret);
            }
            string pageIdsStr = pageIds.ToCommaDelimitedString();
            string userIdsStr = userIds.ToCommaDelimitedString();

            string selectUserPermissions = @"       
        ( (
        SELECT  CAST(r.role_perm_flags AS unsigned)
        FROM    users      AS u
                JOIN roles AS r
                ON      u.user_role_id = r.role_id
        WHERE   u.user_id              =  mainu.user_id
        ) |
        (
        SELECT  CAST(bit_or(r.role_perm_flags) AS unsigned)
        FROM    user_groups AS ug
                JOIN groups AS g
                ON      ug.group_id = g.group_id
                JOIN roles AS r
                ON      g.group_role_id = r.role_id
        WHERE   ug.user_id              =  mainu.user_id
        ) ) AS effective_rights_flags";

            string selectForZeroPageId = string.Format(@"
SELECT  mainp.page_id as pageid, mainu.user_id as userid,
0 AS page_restriction_flags, 
0 AS effective_grant_flags,
{0}
FROM (select 0 as page_id) mainp
JOIN users mainu
WHERE   mainu.user_id IN ({1})", selectUserPermissions, userIdsStr);

            string selectForNonZeroPageIds = string.Format(@"
SELECT  mainp.page_id as pageid, mainu.user_id as userid,
        (SELECT rs.restriction_perm_flags
        FROM    pages p
                LEFT JOIN restrictions rs
                ON      p.page_restriction_id = rs.restriction_id
        WHERE   p.page_id                     = mainp.page_id
        ) AS page_restriction_flags,	
    (select (
	select ifnull((
	SELECT  r.role_perm_flags AS user_grant_flags
        FROM    user_grants u
                JOIN roles r
                ON      u.role_id = r.role_id
        WHERE   u.user_id         = mainu.user_id
            AND u.page_id         = mainp.page_id
	),0)
	) | (        
	select ifnull((
	SELECT  bit_or(r.role_perm_flags) AS group_grant_flags
        FROM    user_groups ug
                JOIN groups g
                ON      ug.group_id = g.group_id
                JOIN group_grants gg
                ON      ug.group_id=gg.group_id
                JOIN roles AS r
                ON      gg.role_id = r.role_id
        WHERE   ug.user_id         = mainu.user_id
            AND gg.page_id         = mainp.page_id
	),0)
    )) as effective_grant_flags,
    {0}
FROM    pages mainp
JOIN    users mainu
WHERE   mainp.page_id IN ({1})
AND     mainu.user_id IN ({2})
", selectUserPermissions, pageIdsStr, userIdsStr);

            string query;

            if (pageIds.Contains <ulong>(0))
            {
                if (pageIds.Count() > 1)
                {
                    query = String.Format("({0}) UNION ({1})", selectForZeroPageId, selectForNonZeroPageIds);
                }
                else
                {
                    query = selectForZeroPageId;
                }
            }
            else
            {
                query = selectForNonZeroPageIds;
            }

            Catalog.NewQuery(query)
            .Execute(delegate(IDataReader dr) {
                while (dr.Read())
                {
                    T pageid = dr.Read <T>("pageid", default(T));
                    T userid = dr.Read <T>("userid", default(T));
                    ulong effective_rights_flags = dr.Read <ulong>("effective_rights_flags", 0);
                    ulong effective_grant_flags  = dr.Read <ulong>("effective_grant_flags", 0);
                    ulong page_restriction_flags = dr.Read <ulong>("page_restriction_flags", 0);
                    if (page_restriction_flags == 0)
                    {
                        page_restriction_flags = ulong.MaxValue;
                    }
                    PermissionStruct flags = new PermissionStruct(effective_rights_flags, page_restriction_flags, effective_grant_flags);
                    if (keyByUser)
                    {
                        ret[userid] = flags;
                    }
                    else
                    {
                        ret[pageid] = flags;
                    }
                }
            });

            return(ret);
        }