private void SearchRelatedIdentitiesInTree(PermissionLevel level, IdentityKind identityKind, PermissionInfo node, List <int> ids)
{
// if breaked, adding existing parent-s effective identities
if (!node.Inherits)
{
if (node.Parent != null)
{
foreach (var entry in GetEffectiveEntries(node.Parent.Path))
{
if (!ids.Contains(entry.PrincipalId))
{
ids.Add(entry.PrincipalId);
}
}
}
}
// adding explicite identities recursive
foreach (var ps in node.PermissionSets)
{
if (!ids.Contains(ps.PrincipalId))
{
ids.Add(ps.PrincipalId);
}
}
foreach (var childNode in node.Children)
{
SearchRelatedIdentitiesInTree(level, identityKind, childNode, ids);
}
}
/// <summary>
/// Constructor for USN-based identity.
/// </summary>
public VersionedFileIdentity(ulong volumeSerialNumber, FileId fileId, Usn usn, IdentityKind kind)
{
Contract.Requires(kind.IsWeakOrStrong());
m_fileId = fileId;
m_volumeSerialNumber = volumeSerialNumber;
m_usn = usn;
Kind = kind;
}
private IEnumerable <Node> Filter(NodeList <Node> nodeList, IdentityKind identityKind)
{
switch (identityKind)
{
case IdentityKind.All: return(nodeList);
case IdentityKind.Users: return(nodeList.Where(n => n is IUser));
case IdentityKind.Groups: return(nodeList.Where(n => n is IGroup));
case IdentityKind.OrganizationalUnits: return(nodeList.Where(n => n is IOrganizationalUnit));
case IdentityKind.UsersAndGroups: return(nodeList.Where(n => n is IUser || n is IGroup));
case IdentityKind.UsersAndOrganizationalUnits: return(nodeList.Where(n => n is IUser || n is IOrganizationalUnit));
case IdentityKind.GroupsAndOrganizationalUnits: return(nodeList.Where(n => n is ISecurityContainer));
default: throw new NotImplementedException("Unknown IdentityKind: " + identityKind);
}
}
private IEnumerable <Node> Filter(IEnumerable <int> identityIds, IdentityKind identityKind)
{
var identities = new NodeList <Node>(identityIds);
switch (identityKind)
{
case IdentityKind.All: return(identities);
case IdentityKind.Users: return(identities.Where(n => n is IUser));
case IdentityKind.Groups: return(identities.Where(n => n is IGroup));
case IdentityKind.OrganizationalUnits: return(identities.Where(n => n is IOrganizationalUnit));
case IdentityKind.UsersAndGroups: return(identities.Where(n => n is IUser || n is IGroup));
case IdentityKind.UsersAndOrganizationalUnits: return(identities.Where(n => n is IUser || n is IOrganizationalUnit));
case IdentityKind.GroupsAndOrganizationalUnits: return(identities.Where(n => n is ISecurityContainer));
default: throw new SnNotSupportedException("Unknown IdentityKind: " + identityKind);
}
}
public static IEnumerable <Content> GetRelatedIdentities(Content content, PermissionLevel level, IdentityKind identityKind, IEnumerable <PermissionType> permissions)
{
content.ContentHandler.Security.AssertSubtree(PermissionType.SeePermissions);
return(SecurityHandler.GetRelatedIdentities(content.Path.ToLower(), level, identityKind, permissions).Select(n => Content.Create(n)));
}
private IEnumerable <Node> GetRelatedIdentitiesPrivate(string contentPath, PermissionLevel level, IdentityKind identityKind, IEnumerable <PermissionType> permissions)
{
if (level != PermissionLevel.AllowedOrDenied)
{
throw new NotImplementedException("Not implemented. Use 'AllowedOrDenied'");
}
var permissionMask = 0;
foreach (var pt in permissions)
{
permissionMask |= 1 << (pt.Index - 1);
}
var firstPermInfo = GetFirstInfo(contentPath);
var identityIds = new List <int>();
if (contentPath == firstPermInfo.Path)
{
SearchRelatedIdentitiesInTree(level, firstPermInfo, identityKind, identityIds, permissionMask);
}
else
{
var contentPathSlash = contentPath + "/";
foreach (var childPi in firstPermInfo.Children)
{
if (childPi.Path == contentPath || childPi.Path.StartsWith(contentPathSlash))
{
SearchRelatedIdentitiesInTree(level, childPi, identityKind, identityIds, permissionMask);
}
}
}
var identities = new NodeList <Node>(identityIds);
return(Filter(identities, identityKind));
}
internal static IEnumerable <Node> GetRelatedIdentities(string contentPath, PermissionLevel level, IdentityKind identityKind, IEnumerable <PermissionType> permissions)
{
return(Instance.GetRelatedIdentitiesPrivate(contentPath, level, identityKind, permissions));
}
public static IEnumerable <Node> GetRelatedIdentities(string contentPath, PermissionLevel level, IdentityKind identityKind)
{
return(Instance.GetRelatedIdentitiesPrivate(contentPath, level, identityKind));
}
public static IEnumerable <Content> GetRelatedIdentities(Content content, PermissionLevel level, IdentityKind identityKind)
{
content.ContentHandler.Security.AssertSubtree(PermissionType.SeePermissions);
return(SecurityHandler.PermissionQuery.GetRelatedIdentities(content.Id, level, identityKind).Select(n => Content.Create(n)));
}
/// <summary>
/// Returns users and groups that have any explicit permissions on the given content or its subtree.
/// </summary>
/// <param name="contentId">Id of the content.</param>
/// <param name="level">Filtering by permission level. It can be Allowed, Denied, AllowedOrDenied.</param>
/// <param name="identityKind">Filtering by identity kind.</param>
public IEnumerable <Node> GetRelatedIdentities(int contentId, PermissionLevel level, IdentityKind identityKind)
{
var identityIds = _securityHandler.SecurityContext.GetRelatedIdentities(contentId, level);
return(Filter(identityIds, identityKind));
}
/// <summary>
/// Returns users and groups that have any explicit permissions on the given content or its subtree.
/// </summary>
/// <param name="contentPath">Path of the content.</param>
/// <param name="level">Filtering by permission level. It can be Allowed, Denied, AllowedOrDenied.</param>
/// <param name="identityKind">Filtering by identity kind.</param>
public IEnumerable <Node> GetRelatedIdentities(string contentPath, PermissionLevel level, IdentityKind identityKind)
{
var head = NodeHead.Get(contentPath);
if (head == null)
{
throw new ContentNotFoundException(contentPath);
}
return(GetRelatedIdentities(head.Id, level, identityKind));
}
