internal GenericMember(string name, IAzManSid sid, WhereDefined whereDefined)
{
this.Name = name;
this.sid = sid;
this.WhereDefined = whereDefined;
this.Description = String.Empty;
}
/// <summary>
/// Creates the store group member.
/// </summary>
/// <param name="sid">The object owner.</param>
/// <param name="whereDefined">Where member is defined.</param>
/// <param name="isMember">if set to <c>true</c> [is member].</param>
/// <returns></returns>
public IAzManStoreGroupMember CreateStoreGroupMember(IAzManSid sid, WhereDefined whereDefined, bool isMember)
{
if (this.groupType != GroupType.Basic)
{
throw new InvalidOperationException("Method not supported for LDAP Groups");
}
if (this.store.Storage.Mode == NetSqlAzManMode.Administrator && whereDefined == WhereDefined.Local)
{
throw new SqlAzManException("Cannot create Store Group members defined on local in Administrator Mode");
}
//Loop detection
if (whereDefined == WhereDefined.Store)
{
IAzManStoreGroup storeGroupToAdd = this.store.GetStoreGroup(sid);
if (this.detectLoop(storeGroupToAdd))
{
throw new SqlAzManException(String.Format("Cannot add '{0}'. A loop has been detected.", storeGroupToAdd.Name));
}
}
int retV = this.db.StoreGroupMemberInsert(this.store.StoreId, this.storeGroupId, sid.BinaryValue, (byte)whereDefined, isMember);
IAzManStoreGroupMember result = new SqlAzManStoreGroupMember(this.db, this, retV, sid, whereDefined, isMember, this.ens);
this.raiseStoreGroupMemberCreated(this, result);
if (this.ens != null)
{
this.ens.AddPublisher(result);
}
return(result);
}
private void btnAddWindowsUsersAndGroups_Click(object sender, EventArgs e)
{
try
{
ADObject[] res = ((List <ADObject>) this.Session["selectedADObjects"]).ToArray();
this.Session["selectedADObjects"] = null;
if (res != null)
{
List <DataRow> rowsAdded = new List <DataRow>();
foreach (ADObject o in res)
{
WhereDefined wd = WhereDefined.LDAP;
if (!o.ADSPath.StartsWith("LDAP"))
{
wd = WhereDefined.Local;
}
string displayName = String.Empty;
bool isAGroup = false;
bool isLocal = false;
GenericMember gm = null;
DirectoryServicesWebUtils.GetMemberInfo(o.Sid, out displayName, out isAGroup, out isLocal);
gm = new GenericMember(new SqlAzManSID(o.Sid), wd, AuthorizationType.Neutral, null, null);
gm.Name = displayName;
rowsAdded.Add(this.AddLDapDataRow(gm, isAGroup));
this.modified = true;
}
}
this.saveSessionVariables();
this.bindGridView();
}
catch (Exception ex)
{
this.ShowError(ex.Message);
}
}
private void btnMembersAddWindowsUsersAndGroups_Click(object sender, EventArgs e)
{
try
{
this.HourGlass(true);
ADObject[] res = DirectoryServicesUtils.ADObjectPickerShowDialog(this, this.applicationGroup.Application.Store.Storage.Mode == NetSqlAzManMode.Developer);
/*Application.DoEvents();*/
if (res != null)
{
foreach (ADObject o in res)
{
if (!this.MembersToRemove.Remove(o.Sid) && !this.FindMember(this.applicationGroup.GetApplicationGroupMembers(), o.Sid) && !this.FindMember(this.MembersToAdd, o.Sid))
{
WhereDefined wd = WhereDefined.LDAP;
if (!o.ADSPath.StartsWith("LDAP"))
{
wd = WhereDefined.Local;
}
this.MembersToAdd.Add(new GenericMember(o.Name, new SqlAzManSID(o.Sid), wd));
this.modified = true;
}
}
this.RefreshApplicationGroupProperties();
}
this.HourGlass(false);
}
catch (Exception ex)
{
this.HourGlass(false);
MessageBox.Show(ex.Message);
}
}
/// <summary>
/// Updates the specified authorization type.
/// </summary>
/// <param name="owner">The owner Sid.</param>
/// <param name="sid">The member Sid.</param>
/// <param name="sidWhereDefined">The object owner where defined.</param>
/// <param name="authorizationType">Type of the authorization.</param>
/// <param name="validFrom">The valid from.</param>
/// <param name="validTo">The valid to.</param>
public void Update(IAzManSid owner, IAzManSid sid, WhereDefined sidWhereDefined, AuthorizationType authorizationType, DateTime?validFrom, DateTime?validTo)
{
if (this.owner.StringValue != owner.StringValue || this.sid.StringValue != sid.StringValue || this.sidWhereDefined != sidWhereDefined || this.authorizationType != authorizationType || this.validFrom != validFrom || this.validTo != validTo)
{
//DateTime range check
if (validFrom.HasValue && validTo.HasValue)
{
if (validFrom.Value > validTo.Value)
{
throw new InvalidOperationException("ValidFrom cannot be greater then ValidTo if supplied.");
}
}
SqlAzManSID oldOwner = new SqlAzManSID(this.owner.StringValue, this.ownerSidWhereDefined == WhereDefined.Database);
SqlAzManSID oldSid = new SqlAzManSID(this.sid.StringValue, this.sidWhereDefined == WhereDefined.Database);
WhereDefined oldOwnerSidWhereDefined = this.ownerSidWhereDefined;
WhereDefined oldSidWhereDefined = this.SidWhereDefined;
AuthorizationType oldAuthorizationType = this.AuthorizationType;
DateTime? oldValidFrom = this.validFrom;
DateTime? oldValidTo = this.validTo;
string memberName;
bool isLocal;
DirectoryServicesUtils.GetMemberInfo(owner.StringValue, out memberName, out isLocal);
WhereDefined ownerSidWhereDefined = isLocal ? WhereDefined.Local : WhereDefined.LDAP;
this.db.AuthorizationUpdate(this.item.ItemId, owner.BinaryValue, (byte)ownerSidWhereDefined, sid.BinaryValue, (byte)sidWhereDefined, (byte)authorizationType, (validFrom.HasValue ? validFrom.Value : new DateTime?()), (validTo.HasValue ? validTo.Value : new DateTime?()), this.authorizationId, this.item.Application.ApplicationId);
this.owner = new SqlAzManSID(owner.BinaryValue);
this.ownerSidWhereDefined = ownerSidWhereDefined;
this.sid = sid;
this.sidWhereDefined = sidWhereDefined;
this.authorizationType = authorizationType;
this.validFrom = validFrom;
this.validTo = validTo;
this.raiseAuthorizationUpdated(this, oldOwner, oldOwnerSidWhereDefined, oldSid, oldSidWhereDefined, oldAuthorizationType, oldValidFrom, oldValidTo);
}
}
internal GenericMember(string name, IAzManSid sid, WhereDefined whereDefined)
{
this.Name = name;
this.sid = sid;
this.WhereDefined = whereDefined;
this.Description = String.Empty;
}
/// <summary>
/// Adds the specified user names to the specified roles for the configured applicationName.
/// </summary>
/// <param name="usernames">A string array of user names to be added to the specified roles.</param>
/// <param name="roleNames">A string array of the role names to add the specified user names to.</param>
public override void AddUsersToRoles(string[] usernames, string[] roleNames)
{
using (IAzManStorage storage = new SqlAzManStorage(this.storageCache.ConnectionString))
{
try
{
storage.OpenConnection();
storage.BeginTransaction();
IAzManApplication application = storage[this.storeName][this.applicationName];
foreach (string roleName in roleNames)
{
IAzManItem role = application.GetItem(roleName);
if (role.ItemType != ItemType.Role)
{
throw new ArgumentException(String.Format("{0} must be a Role.", roleName));
}
foreach (string username in usernames)
{
IAzManSid owner = new SqlAzManSID(((System.Threading.Thread.CurrentPrincipal.Identity as WindowsIdentity) ?? WindowsIdentity.GetCurrent()).User);
WhereDefined whereDefined = WhereDefined.LDAP;
if (this.userLookupType == "LDAP")
{
string fqun = this.getFQUN(username);
NTAccount ntaccount = new NTAccount(fqun);
if (ntaccount == null)
{
throw SqlAzManException.UserNotFoundException(username, null);
}
IAzManSid sid = new SqlAzManSID(((SecurityIdentifier)(ntaccount.Translate(typeof(SecurityIdentifier)))));
if (sid == null)
{
throw SqlAzManException.UserNotFoundException(username, null);
}
role.CreateAuthorization(owner, whereDefined, sid, WhereDefined.LDAP, AuthorizationType.Allow, null, null);
}
else
{
var dbuser = application.GetDBUser(username);
IAzManSid sid = dbuser.CustomSid;
role.CreateAuthorization(owner, whereDefined, sid, WhereDefined.Database, AuthorizationType.Allow, null, null);
}
}
}
storage.CommitTransaction();
//Rebuild StorageCache
this.InvalidateCache(false);
}
catch
{
storage.RollBackTransaction();
throw;
}
finally
{
storage.CloseConnection();
}
}
}
public frmItemAuthorizations()
{
InitializeComponent();
string memberName;
bool isLocal;
DirectoryServicesUtils.GetMemberInfo(this.currentOwnerSid.StringValue, out memberName, out isLocal);
this.currentOwnerSidWhereDefined = isLocal ? WhereDefined.Local : WhereDefined.LDAP;
this.dtAuthorizations = new DataTable();
DataColumn dcAuthorizationId = new DataColumn("AuthorizationID", typeof(int));
dcAuthorizationId.AutoIncrement = true;
dcAuthorizationId.AutoIncrementSeed = -1;
dcAuthorizationId.AutoIncrementStep = -1;
dcAuthorizationId.AllowDBNull = false;
dcAuthorizationId.Unique = true;
DataColumn dcMemberTypeEnum = new DataColumn("MemberTypeEnum", typeof(MemberType));
DataColumn dcMemberType = new DataColumn("MemberType", typeof(Bitmap));
DataColumn dcOwner = new DataColumn("Owner", typeof(string));
DataColumn dcOwnerSid = new DataColumn("OwnerSID", typeof(string));
DataColumn dcName = new DataColumn("Name", typeof(string));
DataColumn dcObjectSid = new DataColumn("ObjectSID", typeof(string));
DataColumn dcWhereDefined = new DataColumn("WhereDefined", typeof(string));
DataColumn dcWhereDefinedEnum = new DataColumn("WhereDefinedEnum", typeof(WhereDefined));
DataColumn dcAuthorizationType = new DataColumn("AuthorizationType", typeof(Bitmap));
DataColumn dcAuthorizationTypeEnum = new DataColumn("AuthorizationTypeEnum", typeof(AuthorizationType));
DataColumn dcValidFrom = new DataColumn("ValidFrom", typeof(DateTime));
dcValidFrom.AllowDBNull = true;
DataColumn dcValidTo = new DataColumn("ValidTo", typeof(DateTime));
dcValidTo.AllowDBNull = true;
dcMemberType.Caption = Globalization.MultilanguageResource.GetString("DGColumn_10");
dcOwner.Caption = Globalization.MultilanguageResource.GetString("DGColumn_20");
dcOwnerSid.Caption = Globalization.MultilanguageResource.GetString("DGColumn_30");
dcName.Caption = Globalization.MultilanguageResource.GetString("DGColumn_40");
dcObjectSid.Caption = Globalization.MultilanguageResource.GetString("DGColumn_50");
dcWhereDefined.Caption = Globalization.MultilanguageResource.GetString("DGColumn_60");
dcAuthorizationType.Caption = Globalization.MultilanguageResource.GetString("DGColumn_70");
dcValidFrom.Caption = Globalization.MultilanguageResource.GetString("DGColumn_80");
dcValidTo.Caption = Globalization.MultilanguageResource.GetString("DGColumn_90");
this.dtAuthorizations.Columns.AddRange(
new DataColumn[]
{
dcAuthorizationId,
dcMemberType,
dcName,
dcAuthorizationType,
dcWhereDefined,
dcOwner,
dcOwnerSid,
dcValidFrom,
dcValidTo,
dcObjectSid,
dcAuthorizationTypeEnum,
dcWhereDefinedEnum,
dcMemberTypeEnum,
});
this.modified = false;
}
internal GenericMember(IAzManSid sid, WhereDefined whereDefined, AuthorizationType authorizationType, DateTime? validFrom, DateTime? validTo)
{
this.sid = sid;
this.WhereDefined = whereDefined;
this.authorizationType = authorizationType;
this.validFrom = validFrom;
this.validTo = validTo;
}
internal GenericMember(IAzManSid sid, WhereDefined whereDefined, AuthorizationType authorizationType, DateTime?validFrom, DateTime?validTo)
{
this.sid = sid;
this.WhereDefined = whereDefined;
this.authorizationType = authorizationType;
this.validFrom = validFrom;
this.validTo = validTo;
}
internal SqlAzManStoreGroupMember(NetSqlAzManStorageDataContext db, IAzManStoreGroup storeGroup, int storeGroupMemberId, IAzManSid sid, WhereDefined whereDefined, bool isMember, SqlAzManENS ens)
{
this.db = db;
this.storeGroup = storeGroup;
this.storeGroupMemberId = storeGroupMemberId;
this.sid = sid;
this.whereDefined = whereDefined;
this.isMember = isMember;
this.ens = ens;
}
internal SqlAzManStoreGroupMember(NetSqlAzManStorageDataContext db, IAzManStoreGroup storeGroup, int storeGroupMemberId, IAzManSid sid, WhereDefined whereDefined, bool isMember, SqlAzManENS ens)
{
this.db = db;
this.storeGroup = storeGroup;
this.storeGroupMemberId = storeGroupMemberId;
this.sid = sid;
this.whereDefined = whereDefined;
this.isMember = isMember;
this.ens = ens;
}
internal SqlAzManAuthorization(NetSqlAzManStorageDataContext db, IAzManItem item, int authorizationId, IAzManSid owner, WhereDefined ownerSidWhereDefined, IAzManSid sid, WhereDefined objectSidWhereDefined, AuthorizationType authorizationType, DateTime?validFrom, DateTime?validTo, SqlAzManENS ens)
{
this.db = db;
this.authorizationId = authorizationId;
this.item = item;
this.owner = owner;
this.ownerSidWhereDefined = ownerSidWhereDefined;
this.sid = sid;
this.sidWhereDefined = objectSidWhereDefined;
this.authorizationType = authorizationType;
this.validFrom = validFrom;
this.validTo = validTo;
this.ens = ens;
}
internal SqlAzManAuthorization(NetSqlAzManStorageDataContext db, IAzManItem item, int authorizationId, IAzManSid owner, WhereDefined ownerSidWhereDefined, IAzManSid sid, WhereDefined objectSidWhereDefined, AuthorizationType authorizationType, DateTime? validFrom, DateTime? validTo, SqlAzManENS ens)
{
this.db = db;
this.authorizationId = authorizationId;
this.item = item;
this.owner = owner;
this.ownerSidWhereDefined = ownerSidWhereDefined;
this.sid = sid;
this.sidWhereDefined = objectSidWhereDefined;
this.authorizationType = authorizationType;
this.validFrom = validFrom;
this.validTo = validTo;
this.ens = ens;
}
private void loadSessionVariables()
{
if (this.Session["modified"] != null)
{
this.modified = (bool)this.Session["modified"];
}
else
{
this.modified = false;
}
this.item = this.Session["selectedObject"] as IAzManItem;
this.dtAuthorizations = this.Session["dtAuthorizations"] as DataTable;
this.currentOwnerName = (string)this.Session["currentOwnerName"];
this.currentOwnerSid = this.Session["currentOwnerSid"] as IAzManSid;
this.currentOwnerSidWhereDefined = (WhereDefined)this.Session["currentOwnerSidWhereDefined"];
}
private void btnAddWindowsUsersAndGroups_Click(object sender, EventArgs e)
{
try
{
this.HourGlass(true);
ADObject[] res = DirectoryServicesUtils.ADObjectPickerShowDialog(this, this.item.Application.Store.Storage.Mode == NetSqlAzManMode.Developer);
/*Application.DoEvents();*/
if (res != null)
{
List <DataRow> rowsAdded = new List <DataRow>();
foreach (ADObject o in res)
{
WhereDefined wd = WhereDefined.LDAP;
if (!o.ADSPath.StartsWith("LDAP"))
{
wd = WhereDefined.Local;
}
string displayName;
bool isAGroup;
bool isLocal;
DirectoryServicesUtils.GetMemberInfo(o.Sid, out displayName, out isAGroup, out isLocal);
GenericMember gm = new GenericMember(new SqlAzManSID(o.Sid), wd, AuthorizationType.Neutral, null, null);
gm.Name = displayName;
rowsAdded.Add(this.AddLDapDataRow(gm, isAGroup));
this.modified = true;
}
this.SelectDataGridViewRows(rowsAdded);
}
this.btnApply.Enabled = this.modified;
//Adjust columns Width
foreach (DataGridViewColumn dgvc in this.dgAuthorizations.Columns)
{
dgvc.Width = dgvc.GetPreferredWidth(DataGridViewAutoSizeColumnMode.AllCells, true);
}
this.HourGlass(false);
}
catch (Exception ex)
{
this.HourGlass(false);
this.ShowError(ex.Message, Globalization.MultilanguageResource.GetString("frmItemAuthorizations_Msg10"));
}
finally
{
this.btnApply.Enabled = this.modified;
}
}
public static String GetWhereDefinedName(WhereDefined where)
{
switch (where)
{
case WhereDefined.Database:
return("DB User");
case WhereDefined.LDAP:
return("LDAP User");
case WhereDefined.Store:
return("Store User");
case WhereDefined.Application:
return("Application User");
case WhereDefined.Local:
default:
return("Local User");
}
}
protected void btnNonMembersAddWindowsUsersAndGroup_Click(object sender, EventArgs e)
{
ADObject[] res = ((List <ADObject>) this.Session["selectedADObjects"]).ToArray();
this.Session["selectedADObjects"] = null;
if (res != null)
{
foreach (ADObject o in res)
{
if (!this.NonMembersToRemove.Remove(o.Sid) && !this.FindMember(this.applicationGroup.GetApplicationGroupNonMembers(), new SqlAzManSID(o.Sid)) && !this.FindMember(this.NonMembersToAdd, new SqlAzManSID(o.Sid)))
{
WhereDefined wd = WhereDefined.LDAP;
if (!o.ADSPath.StartsWith("LDAP"))
{
wd = WhereDefined.Local;
}
this.NonMembersToAdd.Add(new GenericMember(o.Name, new SqlAzManSID(o.Sid), wd));
this.modified = true;
}
}
this.RefreshApplicationGroupProperties();
}
}
private void btnNonMembersAddWindowsUsersAndGroup_Click(object sender, EventArgs e)
{
this.HourGlass(true);
ADObject[] res = DirectoryServicesUtils.ADObjectPickerShowDialog(this, this.storeGroup.Store.Storage.Mode == NetSqlAzManMode.Developer);
if (res != null)
{
foreach (ADObject o in res)
{
if (!this.NonMembersToRemove.Remove(o.Sid) && !this.FindMember(this.storeGroup.GetStoreGroupNonMembers(), new SqlAzManSID(o.Sid)) && !this.FindMember(this.NonMembersToAdd, new SqlAzManSID(o.Sid)))
{
WhereDefined wd = WhereDefined.LDAP;
if (!o.ADSPath.StartsWith("LDAP"))
{
wd = WhereDefined.Local;
}
this.NonMembersToAdd.Add(new GenericMember(o.Name, new SqlAzManSID(o.Sid), wd));
this.modified = true;
}
}
this.RefreshStoreGroupProperties();
}
this.HourGlass(false);
}
public frmImportFromAzMan()
{
InitializeComponent();
try
{
string memberName;
bool isLocal;
DirectoryServicesUtils.GetMemberInfo(this.currentOwnerSid.StringValue, out memberName, out isLocal);
if (!isLocal)
{
this.currentOwnerSidWhereDefined = WhereDefined.LDAP;
}
else
{
this.currentOwnerSidWhereDefined = WhereDefined.Local;
}
}
catch
{
this.currentOwnerSidWhereDefined = WhereDefined.LDAP;
}
}
public frmImportFromAzMan()
{
InitializeComponent();
try
{
string memberName;
bool isLocal;
DirectoryServicesUtils.GetMemberInfo(this.currentOwnerSid.StringValue, out memberName, out isLocal);
if (!isLocal)
{
this.currentOwnerSidWhereDefined = WhereDefined.LDAP;
}
else
{
this.currentOwnerSidWhereDefined = WhereDefined.Local;
}
}
catch
{
this.currentOwnerSidWhereDefined = WhereDefined.LDAP;
}
}
protected void Page_Init(object sender, EventArgs e)
{
this.setImage("NetSqlAzMan_32x32.gif");
this.setOkHandler(new EventHandler(this.btnOk_Click));
this.currentOwnerSid = new SqlAzManSID(this.Request.LogonUserIdentity.User);
try
{
string memberName;
bool isLocal;
DirectoryServicesWebUtils.GetMemberInfo(this.currentOwnerSid.StringValue, out memberName, out isLocal);
if (!isLocal)
{
this.currentOwnerSidWhereDefined = WhereDefined.LDAP;
}
else
{
this.currentOwnerSidWhereDefined = WhereDefined.Local;
}
}
catch
{
this.currentOwnerSidWhereDefined = WhereDefined.LDAP;
}
}
protected void Page_Init(object sender, EventArgs e)
{
this.setImage("NetSqlAzMan_32x32.gif");
this.setOkHandler(new EventHandler(this.btnOk_Click));
this.currentOwnerSid = new SqlAzManSID(this.Request.LogonUserIdentity.User);
try
{
string memberName;
bool isLocal;
DirectoryServicesWebUtils.GetMemberInfo(this.currentOwnerSid.StringValue, out memberName, out isLocal);
if (!isLocal)
{
this.currentOwnerSidWhereDefined = WhereDefined.LDAP;
}
else
{
this.currentOwnerSidWhereDefined = WhereDefined.Local;
}
}
catch
{
this.currentOwnerSidWhereDefined = WhereDefined.LDAP;
}
}
private void raiseAuthorizationUpdated(IAzManAuthorization authorization, IAzManSid oldOwner, WhereDefined oldOwnerSidWhereDefined, IAzManSid oldSid, WhereDefined oldSidWhereDefined, AuthorizationType oldAuthorizationType, DateTime? oldValidFrom, DateTime? oldValidTo)
{
if (this.AuthorizationUpdated != null)
this.AuthorizationUpdated(authorization, oldOwner, oldOwnerSidWhereDefined, oldSid, oldSidWhereDefined, oldAuthorizationType, oldValidFrom, oldValidTo);
}
private void loadSessionVariables()
{
if (this.Session["modified"] != null)
this.modified = (bool)this.Session["modified"];
else
this.modified = false;
this.item = this.Session["selectedObject"] as IAzManItem;
this.dtAuthorizations = this.Session["dtAuthorizations"] as DataTable;
this.currentOwnerName = (string)this.Session["currentOwnerName"];
this.currentOwnerSid = this.Session["currentOwnerSid"] as IAzManSid;
this.currentOwnerSidWhereDefined = (WhereDefined)this.Session["currentOwnerSidWhereDefined"];
}
protected void Page_Load(object sender, EventArgs e)
{
this.item = this.Session["selectedObject"] as IAzManItem;
this.menuItem = Request["MenuItem"];
this.Text = "Item Authorizations";
this.Description = this.Text;
this.Title = this.Text;
this.currentOwnerName = this.Request.LogonUserIdentity.Name;
this.currentOwnerSid = new SqlAzManSID(this.Request.LogonUserIdentity.User.Value);
//this.showWaitPanelOnSubmit(this.pnlWait, this.pnlXXX);
if (!this.Page.IsPostBack)
{
string memberName;
bool isLocal;
DirectoryServicesWebUtils.GetMemberInfo(this.currentOwnerSid.StringValue, out memberName, out isLocal);
this.currentOwnerSidWhereDefined = isLocal ? WhereDefined.Local : WhereDefined.LDAP;
this.saveSessionVariables();
this.loadSessionVariables();
this.dtAuthorizations = new DataTable();
DataColumn dcAuthorizationId = new DataColumn("AuthorizationID", typeof(int));
dcAuthorizationId.AutoIncrement = true;
dcAuthorizationId.AutoIncrementSeed = -1;
dcAuthorizationId.AutoIncrementStep = -1;
dcAuthorizationId.AllowDBNull = false;
dcAuthorizationId.Unique = true;
DataColumn dcAttributesLink = new DataColumn("AttributesLink", typeof(string));
DataColumn dcMemberTypeEnum = new DataColumn("MemberTypeEnum", typeof(MemberType));
DataColumn dcMemberType = new DataColumn("MemberType", typeof(string));
DataColumn dcOwner = new DataColumn("Owner", typeof(string));
DataColumn dcOwnerSid = new DataColumn("OwnerSID", typeof(string));
DataColumn dcName = new DataColumn("Name", typeof(string));
DataColumn dcObjectSid = new DataColumn("ObjectSID", typeof(string));
DataColumn dcWhereDefined = new DataColumn("WhereDefined", typeof(string));
DataColumn dcWhereDefinedEnum = new DataColumn("WhereDefinedEnum", typeof(WhereDefined));
DataColumn dcAuthorizationType = new DataColumn("AuthorizationType", typeof(string));
DataColumn dcAuthorizationTypeEnum = new DataColumn("AuthorizationTypeEnum", typeof(AuthorizationType));
DataColumn dcValidFrom = new DataColumn("ValidFrom", typeof(DateTime));
dcValidFrom.AllowDBNull = true;
DataColumn dcValidTo = new DataColumn("ValidTo", typeof(DateTime));
dcValidTo.AllowDBNull = true;
dcMemberType.Caption = "Member Type";
dcOwner.Caption = "Owner";
dcOwnerSid.Caption = "Owner SID";
dcName.Caption = "Name";
dcObjectSid.Caption = "Object SID";
dcWhereDefined.Caption = "Where Defined";
dcAuthorizationType.Caption = "Authorization Type";
dcValidFrom.Caption = "Valid From";
dcValidTo.Caption = "Valid To";
this.dtAuthorizations.Columns.AddRange(
new DataColumn[]
{
dcAuthorizationId,
dcMemberType,
dcName,
dcAuthorizationType,
dcWhereDefined,
dcOwner,
dcOwnerSid,
dcValidFrom,
dcValidTo,
dcObjectSid,
dcAuthorizationTypeEnum,
dcWhereDefinedEnum,
dcMemberTypeEnum,
dcAttributesLink
});
foreach (DataColumn dc in this.dtAuthorizations.Columns)
{
dc.AllowDBNull = true;
}
dcMemberType.AllowDBNull = false;
dcAuthorizationType.AllowDBNull = false;
this.modified = false;
this.btnAddStoreGroups.Enabled = this.item.Application.Store.HasStoreGroups();
this.btnAddApplicationGroups.Enabled = this.item.Application.HasApplicationGroups();
//Prepare DataGridView
this.dgAuthorizations.DataSource = this.dtAuthorizations;
this.dgAuthorizations.DataBind();
this.RenderItemAuthorizations();
this.Text += " - " + this.item.Name;
this.saveSessionVariables();
this.bindGridView();
}
else
{
this.loadSessionVariables();
if (this.Session["selectedStoreGroups"] != null)
{
this.btnAddStoreGroups_Click(this, EventArgs.Empty);
}
if (this.Session["selectedApplicationGroups"] != null)
{
this.btnAddApplicationGroups_Click(this, EventArgs.Empty);
}
if (this.Session["selectedDBUsers"] != null)
{
this.btnAddDBUsers_Click(this, EventArgs.Empty);
}
if (this.Session["selectedADObjects"] != null)
{
this.btnAddWindowsUsersAndGroups_Click(this, EventArgs.Empty);
}
}
}
public frmItemAuthorizations()
{
InitializeComponent();
string memberName;
bool isLocal;
DirectoryServicesUtils.GetMemberInfo(this.currentOwnerSid.StringValue, out memberName, out isLocal);
this.currentOwnerSidWhereDefined = isLocal ? WhereDefined.Local : WhereDefined.LDAP;
this.dtAuthorizations = new DataTable();
DataColumn dcAuthorizationId = new DataColumn("AuthorizationID", typeof(int));
dcAuthorizationId.AutoIncrement = true;
dcAuthorizationId.AutoIncrementSeed = -1;
dcAuthorizationId.AutoIncrementStep = -1;
dcAuthorizationId.AllowDBNull = false;
dcAuthorizationId.Unique = true;
DataColumn dcMemberTypeEnum = new DataColumn("MemberTypeEnum", typeof(MemberType));
DataColumn dcMemberType = new DataColumn("MemberType", typeof(Bitmap));
DataColumn dcOwner = new DataColumn("Owner", typeof(string));
DataColumn dcOwnerSid = new DataColumn("OwnerSID", typeof(string));
DataColumn dcName = new DataColumn("Name", typeof(string));
DataColumn dcObjectSid = new DataColumn("ObjectSID", typeof(string));
DataColumn dcWhereDefined = new DataColumn("WhereDefined", typeof(string));
DataColumn dcWhereDefinedEnum = new DataColumn("WhereDefinedEnum", typeof(WhereDefined));
DataColumn dcAuthorizationType = new DataColumn("AuthorizationType", typeof(Bitmap));
DataColumn dcAuthorizationTypeEnum = new DataColumn("AuthorizationTypeEnum", typeof(AuthorizationType));
DataColumn dcValidFrom = new DataColumn("ValidFrom", typeof(DateTime));
dcValidFrom.AllowDBNull = true;
DataColumn dcValidTo = new DataColumn("ValidTo", typeof(DateTime));
dcValidTo.AllowDBNull = true;
dcMemberType.Caption = Globalization.MultilanguageResource.GetString("DGColumn_10");
dcOwner.Caption = Globalization.MultilanguageResource.GetString("DGColumn_20");
dcOwnerSid.Caption = Globalization.MultilanguageResource.GetString("DGColumn_30");
dcName.Caption = Globalization.MultilanguageResource.GetString("DGColumn_40");
dcObjectSid.Caption = Globalization.MultilanguageResource.GetString("DGColumn_50");
dcWhereDefined.Caption = Globalization.MultilanguageResource.GetString("DGColumn_60");
dcAuthorizationType.Caption = Globalization.MultilanguageResource.GetString("DGColumn_70");
dcValidFrom.Caption = Globalization.MultilanguageResource.GetString("DGColumn_80");
dcValidTo.Caption = Globalization.MultilanguageResource.GetString("DGColumn_90");
this.dtAuthorizations.Columns.AddRange(
new DataColumn[]
{
dcAuthorizationId,
dcMemberType,
dcName,
dcAuthorizationType,
dcWhereDefined,
dcOwner,
dcOwnerSid,
dcValidFrom,
dcValidTo,
dcObjectSid,
dcAuthorizationTypeEnum,
dcWhereDefinedEnum,
dcMemberTypeEnum,
});
this.modified = false;
}
/// <summary>
/// Creates the authorization.
/// </summary>
/// <param name="owner">The owner owner.</param>
/// <param name="ownerSidWhereDefined">The owner sid where defined.</param>
/// <param name="sid">The object owner.</param>
/// <param name="sidWhereDefined">The object owner where defined.</param>
/// <param name="authorizationType">Type of the authorization.</param>
/// <param name="validFrom">The valid from.</param>
/// <param name="validTo">The valid to.</param>
/// <returns></returns>
public IAzManAuthorization CreateAuthorization(IAzManSid owner, WhereDefined ownerSidWhereDefined, IAzManSid sid, WhereDefined sidWhereDefined, AuthorizationType authorizationType, DateTime? validFrom, DateTime? validTo)
{
//DateTime range check
if (validFrom.HasValue && validTo.HasValue)
{
if (validFrom.Value > validTo.Value)
throw new InvalidOperationException("ValidFrom cannot be greater then ValidTo if supplied.");
}
if (this.application.Store.Storage.Mode == NetSqlAzManMode.Administrator && sidWhereDefined == WhereDefined.Local)
{
throw new SqlAzManException("Cannot create an Authorization on members defined on local in Administrator Mode");
}
var existing = (from aut in this.db.Authorizations()
where aut.ItemId == this.itemId && aut.OwnerSid == owner.BinaryValue && aut.OwnerSidWhereDefined == (byte)ownerSidWhereDefined && aut.ObjectSid == sid.BinaryValue && aut.AuthorizationType == (byte)authorizationType && aut.ValidFrom == validFrom && aut.ValidTo == validTo
select aut).FirstOrDefault();
if (existing == null)
{
int id = this.db.AuthorizationInsert(this.itemId, owner.BinaryValue, (byte)ownerSidWhereDefined, sid.BinaryValue, (byte)sidWhereDefined, (byte)authorizationType, (validFrom.HasValue ? validFrom.Value : new DateTime?()), (validTo.HasValue ? validTo.Value : new DateTime?()), this.application.ApplicationId);
IAzManAuthorization result = new SqlAzManAuthorization(this.db, this, id, owner, ownerSidWhereDefined, sid, sidWhereDefined, authorizationType, validFrom, validTo, this.ens);
this.raiseAuthorizationCreated(this, result);
if (this.ens != null)
this.ens.AddPublisher(result);
this.authorizations = null; //Force cache refresh
return result;
}
else
{
IAzManAuthorization result = new SqlAzManAuthorization(this.db, this, existing.ItemId.Value, new SqlAzManSID(existing.OwnerSid.ToArray()), (WhereDefined)existing.OwnerSidWhereDefined, new SqlAzManSID(existing.ObjectSid.ToArray()), (WhereDefined)existing.ObjectSidWhereDefined, (AuthorizationType)existing.AuthorizationType.Value, existing.ValidFrom, existing.ValidTo, this.ens);
return result;
}
}
/// <summary>
/// Updates the specified authorization type.
/// </summary>
/// <param name="owner">The owner Sid.</param>
/// <param name="sid">The member Sid.</param>
/// <param name="sidWhereDefined">The object owner where defined.</param>
/// <param name="authorizationType">Type of the authorization.</param>
/// <param name="validFrom">The valid from.</param>
/// <param name="validTo">The valid to.</param>
public void Update(IAzManSid owner, IAzManSid sid, WhereDefined sidWhereDefined, AuthorizationType authorizationType, DateTime? validFrom, DateTime? validTo)
{
if (this.owner.StringValue != owner.StringValue || this.sid.StringValue != sid.StringValue || this.sidWhereDefined != sidWhereDefined || this.authorizationType != authorizationType || this.validFrom != validFrom || this.validTo != validTo)
{
//DateTime range check
if (validFrom.HasValue && validTo.HasValue)
{
if (validFrom.Value > validTo.Value)
throw new InvalidOperationException("ValidFrom cannot be greater then ValidTo if supplied.");
}
SqlAzManSID oldOwner = new SqlAzManSID(this.owner.StringValue, this.ownerSidWhereDefined == WhereDefined.Database);
SqlAzManSID oldSid = new SqlAzManSID(this.sid.StringValue, this.sidWhereDefined == WhereDefined.Database);
WhereDefined oldOwnerSidWhereDefined = this.ownerSidWhereDefined;
WhereDefined oldSidWhereDefined = this.SidWhereDefined;
AuthorizationType oldAuthorizationType = this.AuthorizationType;
DateTime? oldValidFrom = this.validFrom;
DateTime? oldValidTo = this.validTo;
string memberName;
bool isLocal;
DirectoryServicesUtils.GetMemberInfo(owner.StringValue, out memberName, out isLocal);
WhereDefined ownerSidWhereDefined = isLocal ? WhereDefined.Local : WhereDefined.LDAP;
this.db.AuthorizationUpdate(this.item.ItemId, owner.BinaryValue, (byte)ownerSidWhereDefined, sid.BinaryValue, (byte)sidWhereDefined, (byte)authorizationType, (validFrom.HasValue ? validFrom.Value : new DateTime?()), (validTo.HasValue ? validTo.Value : new DateTime?()), this.authorizationId, this.item.Application.ApplicationId);
this.owner = new SqlAzManSID(owner.BinaryValue);
this.ownerSidWhereDefined = ownerSidWhereDefined;
this.sid = sid;
this.sidWhereDefined = sidWhereDefined;
this.authorizationType = authorizationType;
this.validFrom = validFrom;
this.validTo = validTo;
this.raiseAuthorizationUpdated(this, oldOwner, oldOwnerSidWhereDefined, oldSid, oldSidWhereDefined, oldAuthorizationType, oldValidFrom, oldValidTo);
}
}
protected void Page_Load(object sender, EventArgs e)
{
this.item = this.Session["selectedObject"] as IAzManItem;
this.menuItem = Request["MenuItem"];
this.Text = "Item Authorizations";
this.Description = this.Text;
this.Title = this.Text;
this.currentOwnerName = this.Request.LogonUserIdentity.Name;
this.currentOwnerSid = new SqlAzManSID(this.Request.LogonUserIdentity.User.Value);
//this.showWaitPanelOnSubmit(this.pnlWait, this.pnlXXX);
if (!this.Page.IsPostBack)
{
string memberName;
bool isLocal;
DirectoryServicesWebUtils.GetMemberInfo(this.currentOwnerSid.StringValue, out memberName, out isLocal);
this.currentOwnerSidWhereDefined = isLocal ? WhereDefined.Local : WhereDefined.LDAP;
this.saveSessionVariables();
this.loadSessionVariables();
this.dtAuthorizations = new DataTable();
DataColumn dcAuthorizationId = new DataColumn("AuthorizationID", typeof(int));
dcAuthorizationId.AutoIncrement = true;
dcAuthorizationId.AutoIncrementSeed = -1;
dcAuthorizationId.AutoIncrementStep = -1;
dcAuthorizationId.AllowDBNull = false;
dcAuthorizationId.Unique = true;
DataColumn dcAttributesLink = new DataColumn("AttributesLink", typeof(string));
DataColumn dcMemberTypeEnum = new DataColumn("MemberTypeEnum", typeof(MemberType));
DataColumn dcMemberType = new DataColumn("MemberType", typeof(string));
DataColumn dcOwner = new DataColumn("Owner", typeof(string));
DataColumn dcOwnerSid = new DataColumn("OwnerSID", typeof(string));
DataColumn dcName = new DataColumn("Name", typeof(string));
DataColumn dcObjectSid = new DataColumn("ObjectSID", typeof(string));
DataColumn dcWhereDefined = new DataColumn("WhereDefined", typeof(string));
DataColumn dcWhereDefinedEnum = new DataColumn("WhereDefinedEnum", typeof(WhereDefined));
DataColumn dcAuthorizationType = new DataColumn("AuthorizationType", typeof(string));
DataColumn dcAuthorizationTypeEnum = new DataColumn("AuthorizationTypeEnum", typeof(AuthorizationType));
DataColumn dcValidFrom = new DataColumn("ValidFrom", typeof(DateTime));
dcValidFrom.AllowDBNull = true;
DataColumn dcValidTo = new DataColumn("ValidTo", typeof(DateTime));
dcValidTo.AllowDBNull = true;
dcMemberType.Caption = "Member Type";
dcOwner.Caption = "Owner";
dcOwnerSid.Caption = "Owner SID";
dcName.Caption = "Name";
dcObjectSid.Caption = "Object SID";
dcWhereDefined.Caption = "Where Defined";
dcAuthorizationType.Caption = "Authorization Type";
dcValidFrom.Caption = "Valid From";
dcValidTo.Caption = "Valid To";
this.dtAuthorizations.Columns.AddRange(
new DataColumn[]
{
dcAuthorizationId,
dcMemberType,
dcName,
dcAuthorizationType,
dcWhereDefined,
dcOwner,
dcOwnerSid,
dcValidFrom,
dcValidTo,
dcObjectSid,
dcAuthorizationTypeEnum,
dcWhereDefinedEnum,
dcMemberTypeEnum,
dcAttributesLink
});
foreach (DataColumn dc in this.dtAuthorizations.Columns)
{
dc.AllowDBNull = true;
}
dcMemberType.AllowDBNull = false;
dcAuthorizationType.AllowDBNull = false;
this.modified = false;
this.btnAddStoreGroups.Enabled = this.item.Application.Store.HasStoreGroups();
this.btnAddApplicationGroups.Enabled = this.item.Application.HasApplicationGroups();
//Prepare DataGridView
this.dgAuthorizations.DataSource = this.dtAuthorizations;
this.dgAuthorizations.DataBind();
this.RenderItemAuthorizations();
this.Text += " - " + this.item.Name;
this.saveSessionVariables();
this.bindGridView();
}
else
{
this.loadSessionVariables();
if (this.Session["selectedStoreGroups"] != null)
{
this.btnAddStoreGroups_Click(this, EventArgs.Empty);
}
if (this.Session["selectedApplicationGroups"] != null)
{
this.btnAddApplicationGroups_Click(this, EventArgs.Empty);
}
if (this.Session["selectedDBUsers"] != null)
{
this.btnAddDBUsers_Click(this, EventArgs.Empty);
}
if (this.Session["selectedADObjects"] != null)
{
this.btnAddWindowsUsersAndGroups_Click(this, EventArgs.Empty);
}
}
}
/// <summary>
/// Creates the application group member.
/// </summary>
/// <param name="sid">The object owner.</param>
/// <param name="whereDefined">The where defined.</param>
/// <param name="isMember">if set to <c>true</c> [is member].</param>
public IAzManApplicationGroupMember CreateApplicationGroupMember(IAzManSid sid, WhereDefined whereDefined, bool isMember)
{
if (this.groupType != GroupType.Basic)
throw new InvalidOperationException("Method not supported for LDAP Groups");
if (this.application.Store.Storage.Mode == NetSqlAzManMode.Administrator && whereDefined == WhereDefined.Local)
{
throw new SqlAzManException("Cannot create Application Group members defined on local in Administrator Mode");
}
//Loop detection
if (whereDefined == WhereDefined.Application)
{
IAzManApplicationGroup applicationGroupToAdd = this.application.GetApplicationGroup(sid);
if (this.detectLoop(applicationGroupToAdd))
throw new SqlAzManException(String.Format("Cannot add '{0}'. A loop has been detected.", applicationGroupToAdd.Name));
}
int retV = this.db.ApplicationGroupMemberInsert(this.applicationGroupId, sid.BinaryValue, (byte)whereDefined, isMember, this.application.ApplicationId);
IAzManApplicationGroupMember result = new SqlAzManApplicationGroupMember(this.db, this, retV, sid, whereDefined, isMember, this.ens);
this.raiseApplicationGroupMemberCreated(this, result);
if (this.ens != null) this.ens.AddPublisher(result);
return result;
}
void SqlAzManENS_AuthorizationUpdated(IAzManAuthorization authorization, IAzManSid oldOwner, WhereDefined oldOwnerSidWhereDefined, IAzManSid oldSid, WhereDefined oldSidWhereDefined, AuthorizationType oldAuthorizationType, DateTime? oldValidFrom, DateTime? oldValidTo)
{
logging.WriteInfo(this, String.Format("ENS Event: {0}\r\n\r\nAuthorization: {1}\r\nOld Owner SID: {2}\r\nOld Owner SID Where Defined: {3}\r\nOld SID: {4}\r\nOld SID Where Defined: {5}\r\nOld Authorization Type: {6}\r\nOld Valid From: {7}\r\nOld Valid To: {8}\r\n",
"AuthorizationUpdated", authorization.ToString(), oldOwner.ToString(), oldOwnerSidWhereDefined, oldSid.ToString(), oldSidWhereDefined, oldAuthorizationType, (oldValidFrom.HasValue ? oldValidFrom.Value.ToString() : ""), (oldValidTo.HasValue ? oldValidTo.Value.ToString() : "")));
}
private void raiseAuthorizationUpdated(IAzManAuthorization authorization, IAzManSid oldOwner, WhereDefined oldOwnerSidWhereDefined, IAzManSid oldSid, WhereDefined oldSidWhereDefined, AuthorizationType oldAuthorizationType, DateTime?oldValidFrom, DateTime?oldValidTo)
{
if (this.AuthorizationUpdated != null)
{
this.AuthorizationUpdated(authorization, oldOwner, oldOwnerSidWhereDefined, oldSid, oldSidWhereDefined, oldAuthorizationType, oldValidFrom, oldValidTo);
}
}
