/// <summary> /// Gets a value indicating whether the specified identity is a member of the specified permission scope. /// </summary> /// <param name="type">Identity scope.</param> /// <param name="identity">Identity.</param> /// <param name="scope">Permissions scope.</param> /// <returns>True is the specified identity is within the specified scope, otherwise false.</returns> public bool IsIdentityInPermissionScope(IdentityScope type, string identity, PermissionScope scope) { var si = SecurityIdentity.Create(type, identity); // TODO: Consider making a virtual hash set and calling contains (it'll be faster). return(this.GetScopeIdentities(scope, type).Any(i => i.Equals(si))); }
/// <summary> /// Grant the specified identity for the specified permission scope. /// </summary> /// <param name="identity">Identity to grant permissions to.</param> /// <param name="scope">Scope of permissions to grant (Owner, Writer, Reader)</param> public void Grant(SecurityIdentity identity, PermissionScope scope) { if (Owners.Count == 0 && scope != PermissionScope.Owner) { throw new ArribaException(String.Format("Unable to grant permission scope {0} as there are no identities with owner scope", scope)); } var target = GetSpecificPermissionsScopeHashSet(scope); target.Add(identity); }
public override bool Equals(object obj) { SecurityIdentity other = obj as SecurityIdentity; if (other == null) { return(false); } return(other.Scope == this.Scope && String.Equals(other.Name, this.Name, StringComparison.OrdinalIgnoreCase)); }
private static HashSet <SecurityIdentity> ReadHashSet(ISerializationContext context) { int count = context.Reader.ReadInt32(); HashSet <SecurityIdentity> value = new HashSet <SecurityIdentity>(); for (int i = 0; i < count; i++) { SecurityIdentity identity = new SecurityIdentity(); identity.ReadBinary(context); value.Add(identity); } return(value); }
public void ReadBinary(ISerializationContext context) { Readers = ReadHashSet(context); Writers = ReadHashSet(context); Owners = ReadHashSet(context); // Read column security rules RestrictedColumns = new SecuredSet <List <string> >(); int columnRuleCount = context.Reader.ReadInt32(); for (int i = 0; i < columnRuleCount; ++i) { SecurityIdentity identity = new SecurityIdentity(); identity.ReadBinary(context); List <string> columnsSecured = new List <string>(); int columnsForGroupCount = context.Reader.ReadInt32(); for (int j = 0; j < columnsForGroupCount; ++j) { columnsSecured.Add(context.Reader.ReadString()); } RestrictedColumns[identity] = columnsSecured; } // Read row security rules RowRestrictedUsers = new SecuredSet <string>(); int rowRuleCount = context.Reader.ReadInt32(); for (int i = 0; i < rowRuleCount; ++i) { SecurityIdentity identity = new SecurityIdentity(); identity.ReadBinary(context); string filterForIdentity = context.Reader.ReadString(); RowRestrictedUsers[identity] = filterForIdentity; } }
/// <summary> /// Remove row restriction for identity. /// </summary> /// <param name="identity"></param> public void UnsecureRows(SecurityIdentity identity) { RowRestrictedUsers.Remove(identity); }
/// <summary> /// Restrict access for an identity to a set of rows. /// </summary> /// <param name="identity">Identity to restrict row access for</param> /// <param name="filterQuery">Query to AND with all queries to restrict rows</param> public void SecureRows(SecurityIdentity identity, string filterQuery) { RowRestrictedUsers[identity] = filterQuery; }
/// <summary> /// Remove column restrictions for the given identity. /// </summary> /// <param name="identity">Identity with restricted access to un-restrict</param> public void UnsecureColumns(SecurityIdentity identity) { RestrictedColumns.Remove(identity); }
/// <summary> /// Restrict access to a column set to a specific identity. /// </summary> /// <param name="identity">Identity which is allowed column access</param> /// <param name="columnList">Set of column names only readable by this identity</param> public void SecureColumns(SecurityIdentity identity, IEnumerable <string> columnList) { RestrictedColumns[identity] = new List <string>(columnList); }
/// <summary> /// Revoke the specified identity for the specified permission scope. /// </summary> /// <param name="identity">Identity to revoke permissions from.</param> /// <param name="scope">Scope of permissions to revoke (Owner, Writer, Reader)</param> public void Revoke(SecurityIdentity identity, PermissionScope scope) { var target = GetSpecificPermissionsScopeHashSet(scope); target.Remove(identity); }
/// <summary> /// Revoke the specified identity for the specified permission scope. /// </summary> /// <param name="type">Type of Identity (Group, User)</param> /// <param name="identity">Identity to revoke permissions from (DOMAIN\user).</param> /// <param name="scope">Scope of permissions to revoke (Owner, Writer, Reader)</param> public void Revoke(IdentityScope type, string identity, PermissionScope scope) { Revoke(SecurityIdentity.Create(type, identity), scope); }
/// <summary> /// Grant the specified identity for the specified permission scope. /// </summary> /// <param name="type">Type of Identity (Group, User)</param> /// <param name="identity">Identity to grant permissions to (DOMAIN\user).</param> /// <param name="scope">Scope of permissions to grant (Owner, Writer, Reader)</param> public void Grant(IdentityScope type, string identity, PermissionScope scope) { Grant(SecurityIdentity.Create(type, identity), scope); }