| public static SetPermissionForNamespace ( AuthStatus status, NamespaceInfo nspace, string action, UserGroup group ) : bool | ||
| status | AuthStatus | The authorization status. |
| nspace | NamespaceInfo | The namespace ( |
| action | string | The action of which to modify the authorization status. |
| group | UserGroup | The group subject of the authorization change. |
| Результат | bool | |
/// <summary>
/// Sets file management permissions for the users or anonymous users group in the given wiki, importing version 2.0 values.
/// </summary>
/// <param name="wiki">The wiki.</param>
/// <param name="group">The group.</param>
/// <returns><c>true</c> if the operation succeeded, <c>false</c> otherwise.</returns>
private static bool SetupFileManagementPermissions(string wiki, UserGroup group)
{
bool done = true;
AuthWriter authWriter = new AuthWriter(Collectors.CollectorsBox.GetSettingsProvider(wiki));
if (Settings.GetUsersCanViewFiles(wiki))
{
done &= authWriter.SetPermissionForNamespace(AuthStatus.Grant, null, Actions.ForNamespaces.DownloadAttachments, group);
foreach (IFilesStorageProviderV60 prov in Collectors.CollectorsBox.FilesProviderCollector.GetAllProviders(wiki))
{
done &= authWriter.SetPermissionForDirectory(AuthStatus.Grant, prov, "/", Actions.ForDirectories.DownloadFiles, group);
}
}
if (Settings.GetUsersCanUploadFiles(wiki))
{
done &= authWriter.SetPermissionForNamespace(AuthStatus.Grant, null, Actions.ForNamespaces.UploadAttachments, group);
foreach (IFilesStorageProviderV60 prov in Collectors.CollectorsBox.FilesProviderCollector.GetAllProviders(wiki))
{
done &= authWriter.SetPermissionForDirectory(AuthStatus.Grant, prov, "/", Actions.ForDirectories.UploadFiles, group);
done &= authWriter.SetPermissionForDirectory(AuthStatus.Grant, prov, "/", Actions.ForDirectories.CreateDirectories, group);
}
}
if (Settings.GetUsersCanDeleteFiles(wiki))
{
done &= authWriter.SetPermissionForNamespace(AuthStatus.Grant, null, Actions.ForNamespaces.DeleteAttachments, group);
foreach (IFilesStorageProviderV60 prov in Collectors.CollectorsBox.FilesProviderCollector.GetAllProviders(wiki))
{
done &= authWriter.SetPermissionForDirectory(AuthStatus.Grant, prov, "/", Actions.ForDirectories.DeleteFiles, group);
done &= authWriter.SetPermissionForDirectory(AuthStatus.Grant, prov, "/", Actions.ForDirectories.DeleteDirectories, group);
}
}
return(done);
}
/// <summary>
/// Sets the default permissions for the users group in the given wiki, properly importing version 2.0 values.
/// </summary>
/// <param name="wiki">The wiki.</param>
/// <param name="users">The users group.</param>
/// <returns><c>true</c> if the operation succeeded, <c>false</c> otherwise.</returns>
public static bool SetUsersGroupDefaultPermissions(string wiki, UserGroup users)
{
bool done = true;
// Set namespace-related permissions
AuthWriter authWriter = new AuthWriter(Collectors.CollectorsBox.GetSettingsProvider(wiki));
if (Settings.GetUsersCanCreateNewPages(wiki))
{
done &= authWriter.SetPermissionForNamespace(AuthStatus.Grant, null, Actions.ForNamespaces.CreatePages, users);
}
else
{
done &= authWriter.SetPermissionForNamespace(AuthStatus.Grant, null, Actions.ForNamespaces.ModifyPages, users);
}
done &= authWriter.SetPermissionForNamespace(AuthStatus.Grant, null, Actions.ForNamespaces.PostDiscussion, users);
if (Settings.GetUsersCanCreateNewCategories(wiki) || Settings.GetUsersCanManagePageCategories(wiki))
{
done &= authWriter.SetPermissionForNamespace(AuthStatus.Grant, null, Actions.ForNamespaces.ManageCategories, users);
}
done &= SetupFileManagementPermissions(wiki, users);
return(done);
}
protected void btnPrivate_Click(object sender, EventArgs e)
{
string currentWiki = DetectWiki();
NamespaceInfo nspace = Pages.FindNamespace(currentWiki, txtCurrentNamespace.Value);
RemoveAllPermissions(nspace);
AuthWriter authWriter = new AuthWriter(Collectors.CollectorsBox.GetSettingsProvider(currentWiki));
// Set permissions
authWriter.SetPermissionForNamespace(AuthStatus.Grant, nspace, Actions.FullControl,
Users.FindUserGroup(currentWiki, Settings.GetAdministratorsGroup(currentWiki)));
authWriter.SetPermissionForNamespace(AuthStatus.Grant, nspace, Actions.ForNamespaces.CreatePages,
Users.FindUserGroup(currentWiki, Settings.GetUsersGroup(currentWiki)));
authWriter.SetPermissionForNamespace(AuthStatus.Grant, nspace, Actions.ForNamespaces.ManageCategories,
Users.FindUserGroup(currentWiki, Settings.GetUsersGroup(currentWiki)));
authWriter.SetPermissionForNamespace(AuthStatus.Grant, nspace, Actions.ForNamespaces.PostDiscussion,
Users.FindUserGroup(currentWiki, Settings.GetUsersGroup(currentWiki)));
authWriter.SetPermissionForNamespace(AuthStatus.Grant, nspace, Actions.ForNamespaces.DownloadAttachments,
Users.FindUserGroup(currentWiki, Settings.GetUsersGroup(currentWiki)));
RefreshPermissionsManager();
}
/// <summary>
/// Adds some ACL entries for a subject.
/// </summary>
/// <param name="subject">The subject.</param>
/// <param name="nspace">The namespace (<c>null</c> for the root).</param>
/// <param name="grants">The granted actions.</param>
/// <param name="denials">The denied actions.</param>
/// <returns><c>true</c> if the operation succeeded, <c>false</c> otherwise.</returns>
private bool AddAclEntriesForNamespace(string subject, string nspace, string[] grants, string[] denials)
{
bool isGroup = subject.StartsWith("G.");
subject = subject.Substring(2);
NamespaceInfo namespaceInfo = Pages.FindNamespace(nspace);
UserGroup group = null;
UserInfo user = null;
if (isGroup)
{
group = Users.FindUserGroup(subject);
}
else
{
user = Users.FindUser(subject);
}
foreach (string action in grants)
{
bool done = false;
if (isGroup)
{
done = AuthWriter.SetPermissionForNamespace(AuthStatus.Grant,
namespaceInfo, action, group);
}
else
{
done = AuthWriter.SetPermissionForNamespace(AuthStatus.Grant,
namespaceInfo, action, user);
}
if (!done)
{
return(false);
}
}
foreach (string action in denials)
{
bool done = false;
if (isGroup)
{
done = AuthWriter.SetPermissionForNamespace(AuthStatus.Deny,
namespaceInfo, action, group);
}
else
{
done = AuthWriter.SetPermissionForNamespace(AuthStatus.Deny,
namespaceInfo, action, user);
}
if (!done)
{
return(false);
}
}
return(true);
}
/// <summary>
/// Sets file management permissions for the users or anonymous users group, importing version 2.0 values.
/// </summary>
/// <param name="group">The group.</param>
/// <returns><c>true</c> if the operation succeeded, <c>false</c> otherwise.</returns>
private static bool SetupFileManagementPermissions(UserGroup group)
{
bool done = true;
if (Settings.UsersCanViewFiles)
{
done &= AuthWriter.SetPermissionForNamespace(AuthStatus.Grant, null, Actions.ForNamespaces.DownloadAttachments, group);
foreach (IFilesStorageProviderV30 prov in Collectors.FilesProviderCollector.AllProviders)
{
done &= AuthWriter.SetPermissionForDirectory(AuthStatus.Grant, prov, "/", Actions.ForDirectories.DownloadFiles, group);
}
}
if (Settings.UsersCanUploadFiles)
{
done &= AuthWriter.SetPermissionForNamespace(AuthStatus.Grant, null, Actions.ForNamespaces.UploadAttachments, group);
foreach (IFilesStorageProviderV30 prov in Collectors.FilesProviderCollector.AllProviders)
{
done &= AuthWriter.SetPermissionForDirectory(AuthStatus.Grant, prov, "/", Actions.ForDirectories.UploadFiles, group);
done &= AuthWriter.SetPermissionForDirectory(AuthStatus.Grant, prov, "/", Actions.ForDirectories.CreateDirectories, group);
}
}
if (Settings.UsersCanDeleteFiles)
{
done &= AuthWriter.SetPermissionForNamespace(AuthStatus.Grant, null, Actions.ForNamespaces.DeleteAttachments, group);
foreach (IFilesStorageProviderV30 prov in Collectors.FilesProviderCollector.AllProviders)
{
done &= AuthWriter.SetPermissionForDirectory(AuthStatus.Grant, prov, "/", Actions.ForDirectories.DeleteFiles, group);
done &= AuthWriter.SetPermissionForDirectory(AuthStatus.Grant, prov, "/", Actions.ForDirectories.DeleteDirectories, group);
}
}
return(done);
}
protected void btnNormal_Click(object sender, EventArgs e)
{
NamespaceInfo nspace = Pages.FindNamespace(txtCurrentNamespace.Value);
RemoveAllPermissions(nspace);
// Set permissions
AuthWriter.SetPermissionForNamespace(AuthStatus.Grant, nspace, Actions.FullControl,
Users.FindUserGroup(Settings.AdministratorsGroup));
AuthWriter.SetPermissionForNamespace(AuthStatus.Grant, nspace, Actions.ForNamespaces.CreatePages,
Users.FindUserGroup(Settings.UsersGroup));
AuthWriter.SetPermissionForNamespace(AuthStatus.Grant, nspace, Actions.ForNamespaces.ManageCategories,
Users.FindUserGroup(Settings.UsersGroup));
AuthWriter.SetPermissionForNamespace(AuthStatus.Grant, nspace, Actions.ForNamespaces.PostDiscussion,
Users.FindUserGroup(Settings.UsersGroup));
AuthWriter.SetPermissionForNamespace(AuthStatus.Grant, nspace, Actions.ForNamespaces.DownloadAttachments,
Users.FindUserGroup(Settings.UsersGroup));
AuthWriter.SetPermissionForNamespace(AuthStatus.Grant, nspace, Actions.ForNamespaces.ReadPages,
Users.FindUserGroup(Settings.AnonymousGroup));
AuthWriter.SetPermissionForNamespace(AuthStatus.Grant, nspace, Actions.ForNamespaces.ReadDiscussion,
Users.FindUserGroup(Settings.AnonymousGroup));
AuthWriter.SetPermissionForNamespace(AuthStatus.Grant, nspace, Actions.ForNamespaces.DownloadAttachments,
Users.FindUserGroup(Settings.AnonymousGroup));
RefreshPermissionsManager();
}
/// <summary>
/// Imports version 2.0 page discussion settings and properly propagates them to user groups and single pages, when needed, for the given wiki.
/// </summary>
/// <param name="wiki">The wiki.</param>
/// <returns><c>true</c> if the operation succeeded, <c>false</c> otherwise.</returns>
private static bool ImportPageDiscussionPermissions(string wiki)
{
// Notes
// Who can read pages, can read discussions
// Who can modify pages, can post messages and read discussions
// Who can manage pages, can manage discussions and post messages
// Possible values: page|normal|locked|public
string value = Settings.GetDiscussionPermissions(wiki).ToLowerInvariant();
UserGroup usersGroup = Users.FindUserGroup(wiki, Settings.GetUsersGroup(wiki));
UserGroup anonymousGroup = Users.FindUserGroup(wiki, Settings.GetAnonymousGroup(wiki));
bool done = true;
AuthWriter authWriter = new AuthWriter(Collectors.CollectorsBox.GetSettingsProvider(wiki));
switch (value)
{
case "page":
// Nothing to do
break;
case "normal":
// Allow Users to post messages
done &= authWriter.SetPermissionForNamespace(AuthStatus.Grant, null, Actions.ForNamespaces.PostDiscussion, usersGroup);
break;
case "locked":
// Deny Users to post messages
done &= authWriter.SetPermissionForNamespace(AuthStatus.Deny, null, Actions.ForNamespaces.PostDiscussion, usersGroup);
break;
case "public":
// Allow Users and Anonymous Users to post messages
done &= authWriter.SetPermissionForNamespace(AuthStatus.Grant, null, Actions.ForNamespaces.PostDiscussion, usersGroup);
done &= authWriter.SetPermissionForNamespace(AuthStatus.Grant, null, Actions.ForNamespaces.PostDiscussion, anonymousGroup);
break;
}
return(true);
}
/// <summary>
/// Sets the default permissions for the anonymous users group, properly importing version 2.0 values.
/// </summary>
/// <param name="anonymous">The anonymous users group.</param>
/// <returns><c>true</c> if the operation succeeded, <c>false</c> otherwise.</returns>
public static bool SetAnonymousGroupDefaultPermissions(UserGroup anonymous)
{
bool done = true;
// Properly import Private/Public Mode wiki
if (Settings.PrivateAccess)
{
// Nothing to do, because without any explicit grant, Anonymous users cannot do anything
}
else if (Settings.PublicAccess)
{
// Public access, allow modification and propagate file management permissions if they were allowed for anonymous users
done &= AuthWriter.SetPermissionForNamespace(AuthStatus.Grant, null, Actions.ForNamespaces.ModifyPages, anonymous);
done &= AuthWriter.SetPermissionForNamespace(AuthStatus.Grant, null, Actions.ForNamespaces.DownloadAttachments, anonymous);
if (Settings.UsersCanCreateNewPages)
{
done &= AuthWriter.SetPermissionForNamespace(AuthStatus.Grant, null, Actions.ForNamespaces.CreatePages, anonymous);
}
if (Settings.UsersCanCreateNewCategories || Settings.UsersCanManagePageCategories)
{
done &= AuthWriter.SetPermissionForNamespace(AuthStatus.Grant, null, Actions.ForNamespaces.ManageCategories, anonymous);
}
if (Settings.FileManagementInPublicAccessAllowed)
{
SetupFileManagementPermissions(anonymous);
}
}
else
{
// Standard configuration, only allow read permissions
done &= AuthWriter.SetPermissionForNamespace(AuthStatus.Grant, null, Actions.ForNamespaces.ReadPages, anonymous);
done &= AuthWriter.SetPermissionForNamespace(AuthStatus.Grant, null, Actions.ForNamespaces.ReadDiscussion, anonymous);
done &= AuthWriter.SetPermissionForNamespace(AuthStatus.Grant, null, Actions.ForNamespaces.DownloadAttachments, anonymous);
foreach (IFilesStorageProviderV30 prov in Collectors.FilesProviderCollector.AllProviders)
{
done &= AuthWriter.SetPermissionForDirectory(AuthStatus.Grant, prov, "/", Actions.ForDirectories.DownloadFiles, anonymous);
}
}
return(done);
}
/// <summary>
/// Imports version 2.0 page discussion settings and properly propagates them to user groups and single pages, when needed.
/// </summary>
/// <returns><c>true</c> if the operation succeeded, <c>false</c> otherwise.</returns>
private static bool ImportPageDiscussionPermissions()
{
// Notes
// Who can read pages, can read discussions
// Who can modify pages, can post messages and read discussions
// Who can manage pages, can manage discussions and post messages
// Possible values: page|normal|locked|public
var value = Settings.DiscussionPermissions.ToLowerInvariant();
UserGroup usersGroup = Users.FindUserGroup(Settings.UsersGroup);
UserGroup anonymousGroup = Users.FindUserGroup(Settings.AnonymousGroup);
var done = true;
switch (value)
{
case "page":
// Nothing to do
break;
case "normal":
// Allow Users to post messages
done &= AuthWriter.SetPermissionForNamespace(AuthStatus.Grant, null, Actions.ForNamespaces.PostDiscussion, usersGroup);
break;
case "locked":
// Deny Users to post messages
done &= AuthWriter.SetPermissionForNamespace(AuthStatus.Deny, null, Actions.ForNamespaces.PostDiscussion, usersGroup);
break;
case "public":
// Allow Users and Anonymous Users to post messages
done &= AuthWriter.SetPermissionForNamespace(AuthStatus.Grant, null, Actions.ForNamespaces.PostDiscussion, usersGroup);
done &= AuthWriter.SetPermissionForNamespace(AuthStatus.Grant, null, Actions.ForNamespaces.PostDiscussion, anonymousGroup);
break;
}
return(true);
}
/// <summary>
/// Sets the default permissions for the users group, properly importing version 2.0 values.
/// </summary>
/// <param name="users">The users group.</param>
/// <returns><c>true</c> if the operation succeeded, <c>false</c> otherwise.</returns>
public static bool SetUsersGroupDefaultPermissions(UserGroup users)
{
bool done = true;
// Set namespace-related permissions
if (Settings.UsersCanCreateNewPages)
{
done &= AuthWriter.SetPermissionForNamespace(AuthStatus.Grant, null, Actions.ForNamespaces.CreatePages, users);
}
else
{
done &= AuthWriter.SetPermissionForNamespace(AuthStatus.Grant, null, Actions.ForNamespaces.ModifyPages, users);
}
done &= AuthWriter.SetPermissionForNamespace(AuthStatus.Grant, null, Actions.ForNamespaces.PostDiscussion, users);
if (Settings.UsersCanCreateNewCategories || Settings.UsersCanManagePageCategories)
{
done &= AuthWriter.SetPermissionForNamespace(AuthStatus.Grant, null, Actions.ForNamespaces.ManageCategories, users);
}
done &= SetupFileManagementPermissions(users);
return(done);
}
protected void btnAdd_Click(object sender, EventArgs e)
{
// Add the selected subject with full control deny, then select it in the main list
string subject = lstFoundSubjects.SelectedValue.Substring(2);
bool isGroup = lstFoundSubjects.SelectedValue.StartsWith("G.");
bool done = false;
switch (CurrentResourceType)
{
case AclResources.Namespaces:
if (isGroup)
{
done = AuthWriter.SetPermissionForNamespace(AuthStatus.Deny,
Pages.FindNamespace(CurrentResourceName), Actions.FullControl,
Users.FindUserGroup(subject));
}
else
{
done = AuthWriter.SetPermissionForNamespace(AuthStatus.Deny,
Pages.FindNamespace(CurrentResourceName), Actions.FullControl,
Users.FindUser(subject));
}
break;
case AclResources.Pages:
if (isGroup)
{
done = AuthWriter.SetPermissionForPage(AuthStatus.Deny,
Pages.FindPage(CurrentResourceName), Actions.FullControl,
Users.FindUserGroup(subject));
}
else
{
done = AuthWriter.SetPermissionForPage(AuthStatus.Deny,
Pages.FindPage(CurrentResourceName), Actions.FullControl,
Users.FindUser(subject));
}
break;
case AclResources.Directories:
IFilesStorageProviderV30 prov = Collectors.FilesProviderCollector.GetProvider(CurrentFilesProvider);
if (isGroup)
{
done = AuthWriter.SetPermissionForDirectory(AuthStatus.Deny,
prov, CurrentResourceName, Actions.FullControl,
Users.FindUserGroup(subject));
}
else
{
done = AuthWriter.SetPermissionForDirectory(AuthStatus.Deny,
prov, CurrentResourceName, Actions.FullControl,
Users.FindUser(subject));
}
break;
default:
throw new NotSupportedException();
}
if (done)
{
PopulateSubjectsList();
// Select in main list and display permissions in actions matrix
foreach (ListItem item in lstSubjects.Items)
{
if (item.Value == lstFoundSubjects.SelectedValue)
{
item.Selected = true;
break;
}
}
DisplaySubjectPermissions(subject, isGroup ? SubjectType.Group : SubjectType.User);
txtNewSubject.Text = "";
lstFoundSubjects.Items.Clear();
btnAdd.Enabled = false;
}
else
{
lblAddResult.CssClass = "resulterror";
lblAddResult.Text = Properties.Messages.CouldNotStorePermissions;
}
}