internal void Init(Configuration config)
{
groupMembershipFacts = new List <UserGroupMembershipFact>();
resourceAccessFacts = new List <ResourceAccessFact>();
policyAssertions = new List <Assertion>();
//add the user system to group everyone
UserGroupMembershipFact fact = new UserGroupMembershipFact(new StringPrincipal("usr:"******"grp:" + "everyone"));
groupMembershipFacts.Add(fact);
policyAssertions.Add(new Assertion(localAuthority, new Claim(fact)));
// Adding AccessRules to allow SystemHigh to access all modules at all times with all devices
AddSystemHighRules(config);
//add group membership for other users
foreach (UserInfo userInfo in config.GetAllUsers())
{
AddUser(userInfo);
}
//now add the access control rules
foreach (var rule in config.GetAllPolicies())
{
AddAccessRule(rule);
}
// ..... now print these policies
//PrintPolicies();
}
//add a new user to the policy database
internal void AddUser(UserInfo userInfo)
{
lock (this)
{
//recursively add this user as belonging to all parent groups
//we start with the user itself, as each user belongs to its own group
UserGroupInfo ancestor = userInfo;
while (ancestor != null)
{
UserGroupMembershipFact fact = new UserGroupMembershipFact(new StringPrincipal("usr:"******"grp:" + ancestor.Name));
groupMembershipFacts.Add(fact);
policyAssertions.Add(new Assertion(localAuthority, new Claim(fact)));
ancestor = ancestor.Parent;
}
}
}
/// <summary>
/// Returns true if the given object is equal to this one.
/// </summary>
/// <param name="obj">
/// The object to be compared against.
/// </param>
/// <returns>
/// True if the two objects are equal.
/// </returns>
public override bool Equals(object obj)
{
UserGroupMembershipFact otherObj = obj as UserGroupMembershipFact;
if (otherObj == null)
{
return(false);
}
if (!this.User.Equals(otherObj.User))
{
return(false);
}
if (!this.Group.Equals(otherObj.Group))
{
return(false);
}
return(base.Equals(obj));
}
//add a new user to the policy database
internal void RemoveUser(UserInfo userInfo)
{
lock (this)
{
List <Assertion> asserstionsToRemove = new List <Assertion>();
foreach (var assertion in policyAssertions)
{
if (assertion.Claim.Fact is UserGroupMembershipFact)
{
UserGroupMembershipFact fact = (UserGroupMembershipFact)assertion.Claim.Fact;
if (fact.User.Name.Equals("usr:"******"grp:" + userInfo.Name))
{
asserstionsToRemove.Add(assertion);
}
}
else
{
throw new Exception("Unknown fact type!");
}
}
foreach (var assertion in asserstionsToRemove)
{
policyAssertions.Remove(assertion);
}
}
//PrintPolicies();
}
//add a new user to the policy database
internal void AddUser(UserInfo userInfo)
{
lock (this)
{
//recursively add this user as belonging to all parent groups
//we start with the user itself, as each user belongs to its own group
UserGroupInfo ancestor = userInfo;
while (ancestor != null)
{
UserGroupMembershipFact fact = new UserGroupMembershipFact(new StringPrincipal("usr:"******"grp:" + ancestor.Name));
groupMembershipFacts.Add(fact);
policyAssertions.Add(new Assertion(localAuthority, new Claim(fact)));
ancestor = ancestor.Parent;
}
}
}
internal void Init(Configuration config)
{
groupMembershipFacts = new List<UserGroupMembershipFact>();
resourceAccessFacts = new List<ResourceAccessFact>();
policyAssertions = new List<Assertion>();
//add the user system to group everyone
UserGroupMembershipFact fact = new UserGroupMembershipFact(new StringPrincipal("usr:"******"grp:" + "everyone"));
groupMembershipFacts.Add(fact);
policyAssertions.Add(new Assertion(localAuthority, new Claim(fact)));
// Adding AccessRules to allow SystemHigh to access all modules at all times with all devices
AddSystemHighRules(config);
//add group membership for other users
foreach (UserInfo userInfo in config.GetAllUsers())
AddUser(userInfo);
//now add the access control rules
foreach (var rule in config.GetAllPolicies())
AddAccessRule(rule);
// ..... now print these policies
//PrintPolicies();
}
