Пример #1
0
 public PermissionDescriptor(string contentPath, IUser user, PermissionType permissionType, PermissionValue permissionValue)
 {
     AffectedPath = contentPath;
     AffectedUser = user;
     PType = permissionType;
     NewValue = permissionValue;
 }
Пример #2
0
        public void SetPermission(ISecurityMember securityMember, bool isInheritable, PermissionType permissionType, PermissionValue permissionValue)
        {
            if (securityMember == null)
                throw new ArgumentNullException("securityMember");
            if (permissionType == null)
                throw new ArgumentNullException("permissionType");

            Assert(PermissionType.SetPermissions);

            var entry = PermissionEvaluator.Instance.GetExplicitEntry(this._node.Path, securityMember.Id);
            var allowBits = 0;
            var denyBits = 0;
            if (entry != null)
            {
                allowBits = entry.AllowBits;
                denyBits = entry.DenyBits;
            }
            SetBits(ref allowBits, ref denyBits, permissionType, permissionValue);

            var memberId = securityMember.Id;
            var permSet = new PermissionSet(memberId, isInheritable, allowBits, denyBits);
            entry = permSet.ToEntry(this.NodeId);

            DataProvider.Current.SetPermission(entry);

            Reset();
        }
Пример #3
0
 internal AclEditor SetPermission(int principalId, bool propagates, PermissionType permissionType, PermissionValue permissionValue)
 {
     var entry = GetEntry(principalId, propagates);
     var perm = GetSnPerm(entry, permissionType);
     int allowBits;
     int denyBits;
     entry.GetPermissionBits(out allowBits, out denyBits);
     SecurityHandler.SetBits(ref allowBits, ref denyBits, permissionType, permissionValue);
     entry.SetPermissionsBits(allowBits, denyBits);
     return this;
 }
 private static string GetMessage(string msg, string path, int nodeId, PermissionType permissionType, IUser user)
 {
     var sb = new StringBuilder(msg ?? "Access denied.");
     if (path != null)
         sb.Append(" Path: ").Append(path);
     if (nodeId != 0)
         sb.Append(" NodeId: ").Append(nodeId);
     if (permissionType != null)
         sb.Append(" PermissionType: ").Append(permissionType.Name);
     if (user != null)
         sb.Append(" User: "******" UserId: ").Append(user.Id);
     return sb.ToString();
 }
Пример #5
0
/*!!!*/ private static Exception GetAccessDeniedException(string path, int creatorId, int lastModifierId, string message, PermissionType[] permissionTypes, IUser user)
        {
            //TODO: #### az exception-ben legyen informacio, hogy a see pattant-e el!

            PermissionType deniedPermission = null;
            foreach (var permType in permissionTypes)
            {
                if (!HasSubTreePermission(path, creatorId, lastModifierId, permType))
                {
                    deniedPermission = permType;
                    break;
                }
            }

            if (deniedPermission == null)
                throw new SenseNetSecurityException(path, null, user);
            if (message != null)
                throw new SenseNetSecurityException(path, deniedPermission, user, message);
            else
                throw new SenseNetSecurityException(path, deniedPermission, user);
        }
Пример #6
0
        //======================================================================================================== Administration methods

        public void SetPermission(IUser user, bool isInheritable, PermissionType permissionType, PermissionValue permissionValue)
		{
			if (user == null)
				throw new ArgumentNullException("user");
            SetPermission(user as ISecurityMember, isInheritable, permissionType, permissionValue);
		}
 public SenseNetSecurityException(int nodeId, PermissionType permissionType, IUser user, string message)
     : base(GetMessage(message, null, nodeId, permissionType, user)) { }
Пример #8
0
        internal PermissionValue GetSubtreePermission(string path, IUser user, bool isCreator, bool isLastModifier, PermissionType[] permissionTypes)
        {
            if (user.Id == -1)
                return PermissionValue.Allow;

            //======== #1: startbits: getpermbits
            //==>
            var principals = GetPrincipals(user, isCreator, isLastModifier);

            var allow = 0;
            var deny = 0;

            var firstPermInfo = GetFirstInfo(path);
            if (firstPermInfo.Path == path)
                firstPermInfo.AggregateLevelOnlyValues(principals, ref allow, ref deny);
            for (var permInfo = firstPermInfo; permInfo != null; permInfo = permInfo.Inherits ? permInfo.Parent : null)
                permInfo.AggregateEffectiveValues(principals, ref allow, ref deny);
            //==<
            var mask = GetPermissionMask(permissionTypes);
            if ((deny & mask) != 0)
                return PermissionValue.Deny;
            if ((allow & mask) != mask)
                return PermissionValue.NonDefined;

            //  +r     +1+++ | +1_++ | +1+++
            //  +r/a   +1_++ | +1+++ | +1-++
            // ==============|=======|=======
            //           +++ |   _++ |   -++

            //  +r     +1+++ | +1_++ | +1+++
            //  +r/a   -1_++ | -1+++ | -1-++
            // ==============|=======|=======
            //           +++ |   _++ |   -++

            //  +r     +1+++ | +1_++ | +1+++
            //  -r/a   +1_++ | +1+++ | +1-++
            // ==============|=======|=======
            //           _++ |   _++ |   -++
            // nem fugg a permissionset.inheritable ertektol
            // denybits: or, break: nem kell ujraszamolni
            // allowbits or, break: ujraszamolni

            //PermissionInfo subTreePermInfo;
            //if (entries.TryGetValue(path, out subTreePermInfo))
            //{
            //    subTreePermInfo.GetSubtreePermission(path, principals, isCreator, isLastModifier, mask, ref allow, ref deny);
            //}
            //else
            //{
            var p = path + "/";
            var permInfos = from key in permissionTable.Keys where key.StartsWith(p) orderby key select permissionTable[key];
            foreach (var permInfo in permInfos)
            {
                if (!permInfo.Inherits)
                {
                    allow = 0;
                    foreach (var entry in permInfo.PermissionSets)
                    {
                        if (!principals.Contains(entry.PrincipalId))
                            continue;
                        allow |= entry.AllowBits;
                        deny |= entry.DenyBits;
                    }
                }
                foreach (var entry in permInfo.PermissionSets)
                {
                    if (!principals.Contains(entry.PrincipalId))
                        continue;
                    deny |= entry.DenyBits;
                }
            }
            //}

            if ((deny & mask) != 0)
                return PermissionValue.Deny;
            if ((allow & mask) != mask)
                return PermissionValue.NonDefined;
            return PermissionValue.Allow;

        }
Пример #9
0
			public void DeletePermissionType(PermissionType permissionType)
			{
				_target.GetType().GetMethod("DeletePermissionType").Invoke(_target, new object[] { permissionType });
			}
Пример #10
0
 public SenseNetSecurityException(string path, PermissionType permissionType, IUser user, string message)
     : base(GetMessage(message, path, 0, permissionType, user)) { }
Пример #11
0
 private string SetPermForcedSettingsTest(int operationNumber, Node node, ISecurityMember member, string startState, string expectedState, PermissionType permType, PermissionValue value)
 {
     return SetForcedSettingsTest(operationNumber, node, member, startState, expectedState, permType, value, false);
 }
Пример #12
0
        internal bool HasPermission(string path, IUser user, bool isCreator, bool isLastModifier, PermissionType[] permissionTypes)
        {
            if (user.Id == -1)
                return true;
            var value = GetPermission(path, user, isCreator, isLastModifier, permissionTypes);

            if (RepositoryConfiguration.TracePermissionCheck)
                if (value != PermissionValue.Allow)
                    Debug.WriteLine(String.Format("HasPermission> {0}, {1}, {2}, {3}", value, String.Join("|", permissionTypes.Select(x => x.Name).ToArray()), user.Username, path));

            return value == PermissionValue.Allow;

        }
Пример #13
0
		public override void DeletePermissionType(PermissionType permissionType)
		{
			StringBuilder sb = new StringBuilder();
			if (permissionType == null)
				throw new ArgumentNullException("permissionType");
			sb.Append(CreateCommentLine("Delete PermissionType: ", permissionType.Name));
			sb.Append("DELETE FROM [dbo].[SchemaPermissionTypes] WHERE PermissionId = ");
			sb.Append(permissionType.Id).AppendLine();
			AddScript(sb);
		}
Пример #14
0
 protected internal override void SetPermission(int principalId, int nodeId, PermissionType permissionType, bool isInheritable, PermissionValue permissionValue)
 {
     WriteLog(MethodInfo.GetCurrentMethod(), principalId, nodeId, permissionType, isInheritable, permissionValue);
     base.SetPermission(principalId, nodeId, permissionType, isInheritable, permissionValue);
 }
Пример #15
0
 internal bool HasSubTreePermission(string path, IUser user, bool isCreator, bool isLastModifier, PermissionType[] permissionTypes)
 {
     if (user.Id == -1)
         return true;
     var value = GetSubtreePermission(path, user, isCreator, isLastModifier, permissionTypes);
     return value == PermissionValue.Allow;
 }
Пример #16
0
 private static void WriteDeletePermissionType(SchemaWriter writer, PermissionType permType)
 {
     writer.DeletePermissionType(permType);
 }
Пример #17
0
 private int GetPermissionMask(PermissionType[] permissionTypes)
 {
     int mask = 0;
     foreach (var permissionType in permissionTypes)
         mask = mask | (1 << (permissionType.Id - 1));
     return mask;
 }
Пример #18
0
        public void SetPermission(IGroup group, bool isInheritable, PermissionType permissionType, PermissionValue permissionValue)
		{
			if (group == null)
				throw new ArgumentNullException("group");
            SetPermission(group as ISecurityMember, isInheritable, permissionType, permissionValue);
		}
Пример #19
0
        private string SetForcedSettingsTest(int operationNumber, Node node, ISecurityMember member, string startState, string expectedState, PermissionType permType, PermissionValue value, bool acl)
        {
            ResetSeeOpenOpenMinorPermissions(node, member);

            var perms = new PermissionValue[ActiveSchema.PermissionTypes.Count];
            var permCount = perms.Length;
            for (int i = 0; i < startState.Length; i++)
            {
                if (startState[i] == '+') perms[permCount - i - 1] = PermissionValue.Allow;
                else if (startState[i] == '-') perms[permCount - i - 1] = PermissionValue.Deny;
            }

            //---- prerequisit
            node.Security.SetPermissions(member.Id, true, perms);
            //---- test operation
            if(acl)
                new AclEditor(node).SetPermission(member, true, permType, value).Apply();
            else
                node.Security.SetPermission(member, true, permType, value);

            string result = null;
            SecurityEntry entry = null;
            foreach (var e in node.Security.GetExplicitEntries())
            {
                if (e.PrincipalId == member.Id)
                {
                    entry = e;
                    break;
                }
            }

            if (entry == null)
            {
                result = "______________";
            }
            else
            {
                var chars = new char[permCount];
                var values = entry.PermissionValues;
                for (int i = 0; i < values.Length; i++)
                {
                    if (values[i] == PermissionValue.Allow) chars[permCount - i - 1] = '+';
                    else if (values[i] == PermissionValue.Deny) chars[permCount - i - 1] = '-';
                    else chars[permCount - i - 1] = '_';
                }
                result = new String(chars);
            }
            if (result == expectedState)
                return null;
            return String.Concat("State is '", result, "', expected '", expectedState, "' at operation ", operationNumber);


        }
Пример #20
0
 public void SetPermission(IOrganizationalUnit orgUnit, bool isInheritable, PermissionType permissionType, PermissionValue permissionValue)
 {
     if (orgUnit == null)
         throw new ArgumentNullException("orgUnit");
     SetPermission(orgUnit as ISecurityMember, isInheritable, permissionType, permissionValue);
 }
Пример #21
0
 internal static PermissionType[] GetPermissionTypeFromIdArray(int[] idArray)
 {
     var result = new PermissionType[idArray.Length];
     for (int i = 0; i < idArray.Length; i++)
         result[i] = PermissionType.GetById(idArray[i]);
     return result;
 }
Пример #22
0
 internal static void SetBits(ref int allowBits, ref int denyBits, PermissionType permissionType, PermissionValue permissionValue)
 {
     var actionBit = 0x1 << (permissionType.Id - 1);
     switch (permissionValue)
     {
         case PermissionValue.Deny:
             if (actionBit == SEEBIT)
                 denyBits |= SAVEGROUPBITS + OPENMINORBIT + OPENBIT + SEEBIT + MANAGELISTSANDWORKSPACESBIT;
             else if (actionBit == OPENBIT)
                 denyBits |= SAVEGROUPBITS + OPENMINORBIT + OPENBIT + MANAGELISTSANDWORKSPACESBIT;
             else if (actionBit == OPENMINORBIT)
                 denyBits |= SAVEGROUPBITS + OPENMINORBIT + MANAGELISTSANDWORKSPACESBIT;
             else if (actionBit == SEEPERMISSIONSBIT)
                 denyBits |= SETPERMISSIONSBIT;
             else if (actionBit == SAVEBIT)
                 denyBits |= MANAGELISTSANDWORKSPACESBIT;
             else if (actionBit == ADDNEWBIT)
                 denyBits |= MANAGELISTSANDWORKSPACESBIT;
             else if (actionBit == DELETEBIT)
                 denyBits |= MANAGELISTSANDWORKSPACESBIT;
             denyBits |= actionBit;
             allowBits &= ~denyBits;
             break;
         case PermissionValue.NonDefined:
             var abits = 0;
             var dbits = 0;
             if (actionBit == SEEBIT)
             {
                 abits |= SAVEGROUPBITS + OPENMINORBIT + OPENBIT + SEEBIT;
                 dbits |= ~(SEEBIT);
             }
             else if (actionBit == OPENBIT)
             {
                 abits |= SAVEGROUPBITS + OPENMINORBIT + OPENBIT;
                 dbits |= ~(SEEBIT | OPENBIT);
             }
             else if (actionBit == OPENMINORBIT)
             {
                 abits |= SAVEGROUPBITS + OPENMINORBIT;
                 dbits |= ~(SEEBIT | OPENBIT | OPENMINORBIT);
             }
             else if ((actionBit & SAVEGROUPBITS) != 0)
             {
                 abits |= actionBit;
                 dbits |= ~(actionBit | OPENMINORBIT | OPENBIT | SEEBIT);
             }
             else if (actionBit == SEEPERMISSIONSBIT)
             {
                 abits |= SETPERMISSIONSBIT + SEEPERMISSIONSBIT;
                 dbits |= ~SEEPERMISSIONSBIT;
             }
             else if (actionBit == SETPERMISSIONSBIT)
             {
                 abits |= SETPERMISSIONSBIT;
                 dbits |= ~(SETPERMISSIONSBIT | SEEPERMISSIONSBIT);
             }
             else if (actionBit == RUNAPPLICATIONBIT)
             {
                 abits |= RUNAPPLICATIONBIT;
                 dbits |= ~(RUNAPPLICATIONBIT);
             }
             else if (actionBit == MANAGELISTSANDWORKSPACESBIT)
             {
                 abits |= MANAGELISTSANDWORKSPACESBIT;
                 dbits |= ~(MANAGELISTSANDWORKSPACESBIT);   
             }
             else
             {
                 dbits = ~0;
             }
             allowBits &= ~abits;
             denyBits &= dbits;
             break;
         case PermissionValue.Allow:
             if ((actionBit & SAVEGROUPBITS) > 0)
                 allowBits |= actionBit + SEEBIT + OPENBIT + OPENMINORBIT;
             else if (actionBit == OPENMINORBIT)
                 allowBits |= actionBit + SEEBIT + OPENBIT;
             else if (actionBit == OPENBIT)
                 allowBits |= actionBit + SEEBIT;
             else if (actionBit == SETPERMISSIONSBIT)
                 allowBits |= SEEPERMISSIONSBIT;
             else if (actionBit == MANAGELISTSANDWORKSPACESBIT)
                 allowBits |= actionBit + SEEBIT + OPENBIT + OPENMINORBIT + SAVEBIT + ADDNEWBIT + DELETEBIT;
             allowBits |= actionBit;
             denyBits &= ~allowBits;
             break;
         default:
             throw new NotSupportedException("Unknown PermissionValue: " + permissionValue);
     }
 }
Пример #23
0
		public abstract void DeletePermissionType(PermissionType permissionType);
Пример #24
0
 public SenseNetSecurityException(string path, PermissionType permissionType)
     : base(GetMessage(null, path, 0, permissionType, null)) { }
Пример #25
0
 private static string GetPermissionCacheKey(int principalID, int nodeID, PermissionType type)
 {
     return string.Format(CultureInfo.InvariantCulture, "SN:NodePermissionCache:{0}:{1}:{2}", principalID, nodeID, type.Id);
 }
Пример #26
0
 public SenseNetSecurityException(int nodeId, PermissionType permissionType)
     : base(GetMessage(null, null, nodeId, permissionType, null)) { }
Пример #27
0
		public void DeletePermissionType(PermissionType permissionType)
		{
			if (permissionType.SchemaRoot != this)
				throw new SchemaEditorCommandException(SR.Exceptions.Schema.Msg_InconsistentHierarchy);
			this.PermissionTypes.Remove(permissionType);
		}
Пример #28
0
 public AclEditor SetPermission(ISecurityMember securityMember, bool propagates, PermissionType permissionType, PermissionValue permissionValue)
 {
     return SetPermission(securityMember.Id, propagates, permissionType, permissionValue);
 }
Пример #29
0
        internal PermissionValue GetPermission(string path, IUser user, bool isCreator, bool isLastModifier, PermissionType[] permissionTypes)
        {
            if (user.Id == -1)
                return PermissionValue.Allow;

            //==>
            var principals = GetPrincipals(user, isCreator, isLastModifier);

            var allow = 0;
            var deny = 0;

            var firstPermInfo = GetFirstInfo(path);
            if (firstPermInfo.Path == path)
                firstPermInfo.AggregateLevelOnlyValues(principals, ref allow, ref deny);
            for (var permInfo = firstPermInfo; permInfo != null; permInfo = permInfo.Inherits ? permInfo.Parent : null)
                permInfo.AggregateEffectiveValues(principals, ref allow, ref deny);
            //==<

            var mask = GetPermissionMask(permissionTypes);
            if ((deny & mask) != 0)
                return PermissionValue.Deny;
            if ((allow & mask) != mask)
                return PermissionValue.NonDefined;
            return PermissionValue.Allow;
        }
Пример #30
0
 private static void PermissionTypeToXml(PermissionType permType, StringBuilder sb, string indent)
 {
     sb.Append(indent).AppendLine(String.Format(CultureInfo.CurrentCulture, "<PermissionType itemID=\"{0}\" name=\"{1}\" />", permType.Id, permType.Name));
 }
Пример #31
0
 private SnPermission GetSnPerm(SnAccessControlEntry entry, PermissionType permType)
 {
     return entry.Permissions.Where(p => p.Name == permType.Name).First();
 }
Пример #32
0
 protected internal override void SetPermission(int principalId, int nodeId, PermissionType permissionType, bool isInheritable, PermissionValue permissionValue)
 {
     SqlProcedure cmd = null;
     try
     {
         cmd = new SqlProcedure { CommandText = "proc_Security_SetPermission" };
         cmd.Parameters.Add("@PrincipalId", SqlDbType.Int).Value = principalId;
         cmd.Parameters.Add("@NodeId", SqlDbType.Int).Value = nodeId;
         cmd.Parameters.Add("@PermissionTypeId", SqlDbType.Int).Value = permissionType.Id;
         cmd.Parameters.Add("@IsInheritable", SqlDbType.TinyInt).Value = isInheritable ? (byte)1 : (byte)0;
         cmd.Parameters.Add("@PermissionValue", SqlDbType.TinyInt).Value = (byte)permissionValue;
         cmd.ExecuteNonQuery();
     }
     finally
     {
         cmd.Dispose();
     }
 }
Пример #33
0
 public abstract void DeletePermissionType(PermissionType permissionType);