public static void SetSecurity(string id, bool enabled, params Guid[] subjects)
{
var securityObj = WebItemSecurityObject.Create(id);
// remove old aces
CoreContext.AuthorizationManager.RemoveAllAces(securityObj);
// set new aces
if (subjects == null || subjects.Length == 0 || subjects.Contains(ASC.Core.Users.Constants.GroupEveryone.ID))
{
subjects = new[] { ASC.Core.Users.Constants.GroupEveryone.ID };
}
foreach (var s in subjects)
{
var a = new AzRecord(s, Read.ID, enabled ? AceType.Allow : AceType.Deny, securityObj);
CoreContext.AuthorizationManager.AddAce(a);
}
}
public void RemoveAce(AzRecord r)
{
service.RemoveAce(TenantManager.GetCurrentTenant().TenantId, r);
}
public static void SetSecurity(string id, bool enabled, params Guid[] subjects)
{
var securityObj = WebItemSecurityObject.Create(id);
// remove old aces
CoreContext.AuthorizationManager.RemoveAllAces(securityObj);
var allowToAll = new AzRecord(ASC.Core.Users.Constants.GroupEveryone.ID, Read.ID, AceType.Allow, securityObj);
CoreContext.AuthorizationManager.RemoveAce(allowToAll);
// set new aces
if (subjects == null || subjects.Length == 0 || subjects.Contains(ASC.Core.Users.Constants.GroupEveryone.ID))
{
if (!enabled && subjects != null && subjects.Length == 0)
{
// users from list with no users equals allow to all users
enabled = true;
}
subjects = new[] { ASC.Core.Users.Constants.GroupEveryone.ID };
}
foreach (var s in subjects)
{
var a = new AzRecord(s, Read.ID, enabled ? AceType.Allow : AceType.Deny, securityObj);
CoreContext.AuthorizationManager.AddAce(a);
}
ClearCache();
}
public void AddAce(AzRecord r)
{
service.SaveAce(CoreContext.TenantManager.GetCurrentTenant().TenantId, r);
}
public void RemoveAce(AzRecord r)
{
service.RemoveAce(CoreContext.TenantManager.GetCurrentTenant().TenantId, r);
}
public static void SetSecurity(string id, bool enabled, params Guid[] subjects)
{
if(SettingsManager.Instance.LoadSettings<TenantAccessSettings>(TenantProvider.CurrentTenantID).Anyone)
throw new SecurityException("Security settings are disabled for an open portal");
var securityObj = WebItemSecurityObject.Create(id);
// remove old aces
CoreContext.AuthorizationManager.RemoveAllAces(securityObj);
var allowToAll = new AzRecord(ASC.Core.Users.Constants.GroupEveryone.ID, Read.ID, AceType.Allow, securityObj);
CoreContext.AuthorizationManager.RemoveAce(allowToAll);
// set new aces
if (subjects == null || subjects.Length == 0 || subjects.Contains(ASC.Core.Users.Constants.GroupEveryone.ID))
{
if (!enabled && subjects != null && subjects.Length == 0)
{
// users from list with no users equals allow to all users
enabled = true;
}
subjects = new[] { ASC.Core.Users.Constants.GroupEveryone.ID };
}
foreach (var s in subjects)
{
var a = new AzRecord(s, Read.ID, enabled ? AceType.Allow : AceType.Deny, securityObj);
CoreContext.AuthorizationManager.AddAce(a);
}
ClearCache();
}
/// <summary>
/// Creates a certain rule by specified parameters
/// </summary>
/// <param name="userID"></param>
/// <param name="ip"></param>
/// <param name="rule"></param>
private void CrealeRule(Guid userID, string ip, AceType rule)
{
IPAddress ipAddress;
if (IPAddress.TryParse(ip, out ipAddress))
{
var az = new AzRecord(userID, TcpIpFilterActions.TcpIpFilterAction.ID, rule,
new TcpIpFilterSecurityObject(ipAddress));
CoreContext.AuthorizationManager.AddAce(az);
}
}