internal void Init(Configuration config) { groupMembershipFacts = new List <UserGroupMembershipFact>(); resourceAccessFacts = new List <ResourceAccessFact>(); policyAssertions = new List <Assertion>(); //add the user system to group everyone UserGroupMembershipFact fact = new UserGroupMembershipFact(new StringPrincipal("usr:"******"grp:" + "everyone")); groupMembershipFacts.Add(fact); policyAssertions.Add(new Assertion(localAuthority, new Claim(fact))); // Adding AccessRules to allow SystemHigh to access all modules at all times with all devices AddSystemHighRules(config); //add group membership for other users foreach (UserInfo userInfo in config.GetAllUsers()) { AddUser(userInfo); } //now add the access control rules foreach (var rule in config.GetAllPolicies()) { AddAccessRule(rule); } // ..... now print these policies //PrintPolicies(); }
//add a new user to the policy database internal void AddUser(UserInfo userInfo) { lock (this) { //recursively add this user as belonging to all parent groups //we start with the user itself, as each user belongs to its own group UserGroupInfo ancestor = userInfo; while (ancestor != null) { UserGroupMembershipFact fact = new UserGroupMembershipFact(new StringPrincipal("usr:"******"grp:" + ancestor.Name)); groupMembershipFacts.Add(fact); policyAssertions.Add(new Assertion(localAuthority, new Claim(fact))); ancestor = ancestor.Parent; } } }
/// <summary> /// Returns true if the given object is equal to this one. /// </summary> /// <param name="obj"> /// The object to be compared against. /// </param> /// <returns> /// True if the two objects are equal. /// </returns> public override bool Equals(object obj) { UserGroupMembershipFact otherObj = obj as UserGroupMembershipFact; if (otherObj == null) { return(false); } if (!this.User.Equals(otherObj.User)) { return(false); } if (!this.Group.Equals(otherObj.Group)) { return(false); } return(base.Equals(obj)); }
//add a new user to the policy database internal void RemoveUser(UserInfo userInfo) { lock (this) { List <Assertion> asserstionsToRemove = new List <Assertion>(); foreach (var assertion in policyAssertions) { if (assertion.Claim.Fact is UserGroupMembershipFact) { UserGroupMembershipFact fact = (UserGroupMembershipFact)assertion.Claim.Fact; if (fact.User.Name.Equals("usr:"******"grp:" + userInfo.Name)) { asserstionsToRemove.Add(assertion); } } else { throw new Exception("Unknown fact type!"); } } foreach (var assertion in asserstionsToRemove) { policyAssertions.Remove(assertion); } } //PrintPolicies(); }
internal void Init(Configuration config) { groupMembershipFacts = new List<UserGroupMembershipFact>(); resourceAccessFacts = new List<ResourceAccessFact>(); policyAssertions = new List<Assertion>(); //add the user system to group everyone UserGroupMembershipFact fact = new UserGroupMembershipFact(new StringPrincipal("usr:"******"grp:" + "everyone")); groupMembershipFacts.Add(fact); policyAssertions.Add(new Assertion(localAuthority, new Claim(fact))); // Adding AccessRules to allow SystemHigh to access all modules at all times with all devices AddSystemHighRules(config); //add group membership for other users foreach (UserInfo userInfo in config.GetAllUsers()) AddUser(userInfo); //now add the access control rules foreach (var rule in config.GetAllPolicies()) AddAccessRule(rule); // ..... now print these policies //PrintPolicies(); }