Пример #1
0
        /// <summary>
        /// Gets a value indicating whether the specified identity is a member of the specified permission scope.
        /// </summary>
        /// <param name="type">Identity scope.</param>
        /// <param name="identity">Identity.</param>
        /// <param name="scope">Permissions scope.</param>
        /// <returns>True is the specified identity is within the specified scope, otherwise false.</returns>
        public bool IsIdentityInPermissionScope(IdentityScope type, string identity, PermissionScope scope)
        {
            var si = SecurityIdentity.Create(type, identity);

            // TODO: Consider making a virtual hash set and calling contains (it'll be faster).
            return(this.GetScopeIdentities(scope, type).Any(i => i.Equals(si)));
        }
Пример #2
0
        /// <summary>
        /// Grant the specified identity for the specified permission scope.
        /// </summary>
        /// <param name="identity">Identity to grant permissions to.</param>
        /// <param name="scope">Scope of permissions to grant (Owner, Writer, Reader)</param>
        public void Grant(SecurityIdentity identity, PermissionScope scope)
        {
            if (Owners.Count == 0 && scope != PermissionScope.Owner)
            {
                throw new ArribaException(String.Format("Unable to grant permission scope {0} as there are no identities with owner scope", scope));
            }

            var target = GetSpecificPermissionsScopeHashSet(scope);

            target.Add(identity);
        }
Пример #3
0
        public override bool Equals(object obj)
        {
            SecurityIdentity other = obj as SecurityIdentity;

            if (other == null)
            {
                return(false);
            }

            return(other.Scope == this.Scope && String.Equals(other.Name, this.Name, StringComparison.OrdinalIgnoreCase));
        }
Пример #4
0
        private static HashSet <SecurityIdentity> ReadHashSet(ISerializationContext context)
        {
            int count = context.Reader.ReadInt32();
            HashSet <SecurityIdentity> value = new HashSet <SecurityIdentity>();

            for (int i = 0; i < count; i++)
            {
                SecurityIdentity identity = new SecurityIdentity();
                identity.ReadBinary(context);
                value.Add(identity);
            }

            return(value);
        }
Пример #5
0
        public void ReadBinary(ISerializationContext context)
        {
            Readers = ReadHashSet(context);
            Writers = ReadHashSet(context);
            Owners  = ReadHashSet(context);

            // Read column security rules
            RestrictedColumns = new SecuredSet <List <string> >();
            int columnRuleCount = context.Reader.ReadInt32();

            for (int i = 0; i < columnRuleCount; ++i)
            {
                SecurityIdentity identity = new SecurityIdentity();
                identity.ReadBinary(context);

                List <string> columnsSecured = new List <string>();

                int columnsForGroupCount = context.Reader.ReadInt32();
                for (int j = 0; j < columnsForGroupCount; ++j)
                {
                    columnsSecured.Add(context.Reader.ReadString());
                }

                RestrictedColumns[identity] = columnsSecured;
            }

            // Read row security rules
            RowRestrictedUsers = new SecuredSet <string>();
            int rowRuleCount = context.Reader.ReadInt32();

            for (int i = 0; i < rowRuleCount; ++i)
            {
                SecurityIdentity identity = new SecurityIdentity();
                identity.ReadBinary(context);

                string filterForIdentity = context.Reader.ReadString();
                RowRestrictedUsers[identity] = filterForIdentity;
            }
        }
Пример #6
0
 /// <summary>
 ///  Remove row restriction for identity.
 /// </summary>
 /// <param name="identity"></param>
 public void UnsecureRows(SecurityIdentity identity)
 {
     RowRestrictedUsers.Remove(identity);
 }
Пример #7
0
 /// <summary>
 ///  Restrict access for an identity to a set of rows.
 /// </summary>
 /// <param name="identity">Identity to restrict row access for</param>
 /// <param name="filterQuery">Query to AND with all queries to restrict rows</param>
 public void SecureRows(SecurityIdentity identity, string filterQuery)
 {
     RowRestrictedUsers[identity] = filterQuery;
 }
Пример #8
0
 /// <summary>
 ///  Remove column restrictions for the given identity.
 /// </summary>
 /// <param name="identity">Identity with restricted access to un-restrict</param>
 public void UnsecureColumns(SecurityIdentity identity)
 {
     RestrictedColumns.Remove(identity);
 }
Пример #9
0
 /// <summary>
 ///  Restrict access to a column set to a specific identity.
 /// </summary>
 /// <param name="identity">Identity which is allowed column access</param>
 /// <param name="columnList">Set of column names only readable by this identity</param>
 public void SecureColumns(SecurityIdentity identity, IEnumerable <string> columnList)
 {
     RestrictedColumns[identity] = new List <string>(columnList);
 }
Пример #10
0
        /// <summary>
        /// Revoke the specified identity for the specified permission scope.
        /// </summary>
        /// <param name="identity">Identity to revoke permissions from.</param>
        /// <param name="scope">Scope of permissions to revoke (Owner, Writer, Reader)</param>
        public void Revoke(SecurityIdentity identity, PermissionScope scope)
        {
            var target = GetSpecificPermissionsScopeHashSet(scope);

            target.Remove(identity);
        }
Пример #11
0
 /// <summary>
 /// Revoke the specified identity for the specified permission scope.
 /// </summary>
 /// <param name="type">Type of Identity (Group, User)</param>
 /// <param name="identity">Identity to revoke permissions from (DOMAIN\user).</param>
 /// <param name="scope">Scope of permissions to revoke (Owner, Writer, Reader)</param>
 public void Revoke(IdentityScope type, string identity, PermissionScope scope)
 {
     Revoke(SecurityIdentity.Create(type, identity), scope);
 }
Пример #12
0
 /// <summary>
 /// Grant the specified identity for the specified permission scope.
 /// </summary>
 /// <param name="type">Type of Identity (Group, User)</param>
 /// <param name="identity">Identity to grant permissions to (DOMAIN\user).</param>
 /// <param name="scope">Scope of permissions to grant (Owner, Writer, Reader)</param>
 public void Grant(IdentityScope type, string identity, PermissionScope scope)
 {
     Grant(SecurityIdentity.Create(type, identity), scope);
 }