public static void Demand <TDomain>(this ISecurityService <TDomain> service, SecurityTarget t, ISecuritySubject subject, params SecurityPrivilege[] ps)
{
if (!ps.All(service.Can(t, subject)))
{
throw new UnauthorizedAccessException();
}
}
public static IEnumerable <bool> HasPrivileges <TDomain>(
this ISecurityService <TDomain> service, SecurityTarget target, ISecuritySubject subject,
params SecurityPrivilege[] privileges)
{
if (privileges.NullOrEmpty())
{
return(Enumerable.Empty <bool>());
}
return(privileges.Select(service.Can(target, subject)));
}
public void SetAcl(SecurityTarget target, IEnumerable <AclEntry> entries)
{
throw new Lpp.Utilities.CodeToBeUpdatedException();
//var arity = target.Elements.Count();
//var id = new Data.SecurityTargetId( target.Id().AsEnumerable() );
//var tr = _targets[ Tuple.Create( arity, id ) ] as Data.SecurityTarget;
//if ( tr == null )
//{
// var targetExpr =
// Expr.Create( ( Data.SecurityTarget t ) => t.Arity == arity )
// .Compose(
// BigTuple<Guid>.MemberAccess.Select( x =>
// Expr.Create( ( Data.SecurityTarget t, bool acc ) => acc && x.Invoke( t.ObjectIds ) == x.Invoke( id ) ) )
// )
// .Expand();
// tr = Targets.All.FirstOrDefault( targetExpr );
// if ( tr == null )
// {
// if ( !entries.Any() ) return;
// tr = Targets.Add( new Data.SecurityTarget { ObjectIds = new Data.SecurityTargetId( target.Elements.Select( e => e.SID ) ), Arity = arity } );
// }
// _targets[Tuple.Create( arity, id )] = tr;
//}
//var incomingEntries =
// entries.Where( e => e.Kind == AclEntryKind.Deny ).Concat( // Deny should take precedence over Allow, but we shouldn't change the order otherwise
// entries.Where( e => e.Kind == AclEntryKind.Allow ) )
// .Select( ( e, idx ) => new { p = e.Privilege.SID, s = e.Subject.SID, o = idx, a = e.Kind == AclEntryKind.Allow } )
// .ToList();
//var existingEntries = tr.AclEntries.Select( e => new { p = e.PrivilegeId, s = e.SubjectId, o = e.Order, a = e.Allow } ).ToList();
//var keepEntries = incomingEntries.Intersect( existingEntries ).ToList();
//var newEntries = incomingEntries.Except( keepEntries ).ToList();
//var removeEntries = existingEntries.Except( keepEntries ).ToList();
//(from x in removeEntries
// join e in tr.AclEntries on x equals new { p = e.PrivilegeId, s = e.SubjectId, o = e.Order, a = e.Allow }
// select e)
// .ForEach( Entries.Remove );
//newEntries.ForEach( x => Entries.Add( new Data.AclEntry { Target = tr, Order = x.o, PrivilegeId = x.p, SubjectId = x.s, Allow = x.a } ) );
}
public AclEditModel AclModelFor(Lpp.Security.SecurityTarget target, Func <HtmlHelper, IJsControlledView> subjectSelector = null)
{
return(AclModelFor(new[] { target }, subjectSelector));
}
public Func <HtmlHelper, IHtmlString> AclUIFor(Lpp.Security.SecurityTarget target, string fieldName, Func <HtmlHelper, IJsControlledView> subjectSelector = null)
{
return(AclUIFor(new[] { target }, fieldName, subjectSelector));
}
public static IHtmlString DnsAclUIFor(this HtmlHelper html, Lpp.Security.SecurityTarget target, string fieldName, IJsControlledView subjectSelector = null)
{
return(html.DnsAclUIFor(new[] { target }, fieldName, subjectSelector));
}
public void SetAclForTargetAndEvents(Lpp.Security.SecurityTarget target, ILookup <BigTuple <Guid>, AclEntry> acl)
{
//Contract.Requires( acl != null );
//Contract.Requires( target != null );
SetAclForTargetAndEvents(new[] { target }, acl);
}
//class MockSecurityGroup : ISecurityGroup
//{
// public string Name { get; set; }
// public MockNamed Parent { get; set; }
// INamed ISecurityGroup.Parent { get { return Parent; } }
// public Guid SID { get; set; }
// public string DisplayName { get { return Name; } }
// public SecurityGroupKinds Kind { get { return SecurityGroupKinds.Custom; } }
//}
//class MockNamed : INamed { public string Name { get; set; } }
public void SetAclForTargetAndEvents(Lpp.Security.SecurityTarget target, string strAcl, Guid replaceNullObjectWith)
{
//Contract.Requires( target != null );
SetAclForTargetAndEvents(target, SecurityUI.ParseAcls(strAcl).ReplaceObject(Sec.NullObject, replaceNullObjectWith));
}
public IEnumerable <SecurityTargetKind> KindsFor(SecurityTarget target)
{
var kinds = target.Elements.Select(o => o.Kind);
return(AllTargetKinds.Where(k => k.ObjectKindsInOrder.SequenceEqual(kinds)));
}
/// <summary>
/// Determins if a subject has rights to a target.
/// </summary>
/// <typeparam name="TDomain"></typeparam>
/// <param name="service"></param>
/// <param name="target"></param>
/// <param name="subject"></param>
/// <param name="privilege">Rights of subject to specified target to determine</param>
/// <returns></returns>
public static bool HasPrivilege <TDomain>(
this ISecurityService <TDomain> service, SecurityTarget target, ISecuritySubject subject, SecurityPrivilege privilege)
{
return(service.Can(target, subject)(privilege));
}
public static IQueryable <UnresolvedAclEntry> GetAcl <TDomain>(this ISecurityService <TDomain> service, SecurityTarget target)
{
var equalsTarget =
Predicate.And(
BigTuple <Guid> .MemberAccess.Zip(target.Elements,
(ma, e) => Expr.Create((BigTuple <Guid> o) => ma.Invoke(o) == e.ID))
);
var filter = Expr.Create(( SecurityTargetAcl t ) => equalsTarget.Invoke(t.TargetId)).Expand();
var acls = service.GetAllAcls(target.Elements.Count());
return(acls.Where(filter).SelectMany(t => t.Entries));
}
public static Func <SecurityPrivilege, bool> Can <TDomain>(this ISecurityService <TDomain> service, SecurityTarget t, ISecuritySubject subject)
{
var acl = service.GetAcl(t).Where(e => e.SubjectId == subject.ID && e.Allow).ToLookup(e => e.PrivilegeId);
return(p => acl[p.SID].Any());
}
public static BigTuple <Guid> Id(this SecurityTarget t)
{
return(t == null ? new BigTuple <Guid>() : new BigTuple <Guid>(t.Elements.Select(o => o.ID)));
}
public static bool AppliesTo <TDomain>(this ISecurityService <TDomain> conf, SecurityPrivilege priv, SecurityTarget target)
{
//Contract.Requires( conf != null );
//Contract.Requires( priv != null );
//Contract.Requires( target != null );
return(conf
.KindsFor(target)
.SelectMany(k => k.ApplicablePrivilegeSets)
.Any(priv.BelongsTo));
}
