public static void Demand <TDomain>(this ISecurityService <TDomain> service, SecurityTarget t, ISecuritySubject subject, params SecurityPrivilege[] ps) { if (!ps.All(service.Can(t, subject))) { throw new UnauthorizedAccessException(); } }
public static IEnumerable <bool> HasPrivileges <TDomain>( this ISecurityService <TDomain> service, SecurityTarget target, ISecuritySubject subject, params SecurityPrivilege[] privileges) { if (privileges.NullOrEmpty()) { return(Enumerable.Empty <bool>()); } return(privileges.Select(service.Can(target, subject))); }
public void SetAcl(SecurityTarget target, IEnumerable <AclEntry> entries) { throw new Lpp.Utilities.CodeToBeUpdatedException(); //var arity = target.Elements.Count(); //var id = new Data.SecurityTargetId( target.Id().AsEnumerable() ); //var tr = _targets[ Tuple.Create( arity, id ) ] as Data.SecurityTarget; //if ( tr == null ) //{ // var targetExpr = // Expr.Create( ( Data.SecurityTarget t ) => t.Arity == arity ) // .Compose( // BigTuple<Guid>.MemberAccess.Select( x => // Expr.Create( ( Data.SecurityTarget t, bool acc ) => acc && x.Invoke( t.ObjectIds ) == x.Invoke( id ) ) ) // ) // .Expand(); // tr = Targets.All.FirstOrDefault( targetExpr ); // if ( tr == null ) // { // if ( !entries.Any() ) return; // tr = Targets.Add( new Data.SecurityTarget { ObjectIds = new Data.SecurityTargetId( target.Elements.Select( e => e.SID ) ), Arity = arity } ); // } // _targets[Tuple.Create( arity, id )] = tr; //} //var incomingEntries = // entries.Where( e => e.Kind == AclEntryKind.Deny ).Concat( // Deny should take precedence over Allow, but we shouldn't change the order otherwise // entries.Where( e => e.Kind == AclEntryKind.Allow ) ) // .Select( ( e, idx ) => new { p = e.Privilege.SID, s = e.Subject.SID, o = idx, a = e.Kind == AclEntryKind.Allow } ) // .ToList(); //var existingEntries = tr.AclEntries.Select( e => new { p = e.PrivilegeId, s = e.SubjectId, o = e.Order, a = e.Allow } ).ToList(); //var keepEntries = incomingEntries.Intersect( existingEntries ).ToList(); //var newEntries = incomingEntries.Except( keepEntries ).ToList(); //var removeEntries = existingEntries.Except( keepEntries ).ToList(); //(from x in removeEntries // join e in tr.AclEntries on x equals new { p = e.PrivilegeId, s = e.SubjectId, o = e.Order, a = e.Allow } // select e) // .ForEach( Entries.Remove ); //newEntries.ForEach( x => Entries.Add( new Data.AclEntry { Target = tr, Order = x.o, PrivilegeId = x.p, SubjectId = x.s, Allow = x.a } ) ); }
public AclEditModel AclModelFor(Lpp.Security.SecurityTarget target, Func <HtmlHelper, IJsControlledView> subjectSelector = null) { return(AclModelFor(new[] { target }, subjectSelector)); }
public Func <HtmlHelper, IHtmlString> AclUIFor(Lpp.Security.SecurityTarget target, string fieldName, Func <HtmlHelper, IJsControlledView> subjectSelector = null) { return(AclUIFor(new[] { target }, fieldName, subjectSelector)); }
public static IHtmlString DnsAclUIFor(this HtmlHelper html, Lpp.Security.SecurityTarget target, string fieldName, IJsControlledView subjectSelector = null) { return(html.DnsAclUIFor(new[] { target }, fieldName, subjectSelector)); }
public void SetAclForTargetAndEvents(Lpp.Security.SecurityTarget target, ILookup <BigTuple <Guid>, AclEntry> acl) { //Contract.Requires( acl != null ); //Contract.Requires( target != null ); SetAclForTargetAndEvents(new[] { target }, acl); }
//class MockSecurityGroup : ISecurityGroup //{ // public string Name { get; set; } // public MockNamed Parent { get; set; } // INamed ISecurityGroup.Parent { get { return Parent; } } // public Guid SID { get; set; } // public string DisplayName { get { return Name; } } // public SecurityGroupKinds Kind { get { return SecurityGroupKinds.Custom; } } //} //class MockNamed : INamed { public string Name { get; set; } } public void SetAclForTargetAndEvents(Lpp.Security.SecurityTarget target, string strAcl, Guid replaceNullObjectWith) { //Contract.Requires( target != null ); SetAclForTargetAndEvents(target, SecurityUI.ParseAcls(strAcl).ReplaceObject(Sec.NullObject, replaceNullObjectWith)); }
public IEnumerable <SecurityTargetKind> KindsFor(SecurityTarget target) { var kinds = target.Elements.Select(o => o.Kind); return(AllTargetKinds.Where(k => k.ObjectKindsInOrder.SequenceEqual(kinds))); }
/// <summary> /// Determins if a subject has rights to a target. /// </summary> /// <typeparam name="TDomain"></typeparam> /// <param name="service"></param> /// <param name="target"></param> /// <param name="subject"></param> /// <param name="privilege">Rights of subject to specified target to determine</param> /// <returns></returns> public static bool HasPrivilege <TDomain>( this ISecurityService <TDomain> service, SecurityTarget target, ISecuritySubject subject, SecurityPrivilege privilege) { return(service.Can(target, subject)(privilege)); }
public static IQueryable <UnresolvedAclEntry> GetAcl <TDomain>(this ISecurityService <TDomain> service, SecurityTarget target) { var equalsTarget = Predicate.And( BigTuple <Guid> .MemberAccess.Zip(target.Elements, (ma, e) => Expr.Create((BigTuple <Guid> o) => ma.Invoke(o) == e.ID)) ); var filter = Expr.Create(( SecurityTargetAcl t ) => equalsTarget.Invoke(t.TargetId)).Expand(); var acls = service.GetAllAcls(target.Elements.Count()); return(acls.Where(filter).SelectMany(t => t.Entries)); }
public static Func <SecurityPrivilege, bool> Can <TDomain>(this ISecurityService <TDomain> service, SecurityTarget t, ISecuritySubject subject) { var acl = service.GetAcl(t).Where(e => e.SubjectId == subject.ID && e.Allow).ToLookup(e => e.PrivilegeId); return(p => acl[p.SID].Any()); }
public static BigTuple <Guid> Id(this SecurityTarget t) { return(t == null ? new BigTuple <Guid>() : new BigTuple <Guid>(t.Elements.Select(o => o.ID))); }
public static bool AppliesTo <TDomain>(this ISecurityService <TDomain> conf, SecurityPrivilege priv, SecurityTarget target) { //Contract.Requires( conf != null ); //Contract.Requires( priv != null ); //Contract.Requires( target != null ); return(conf .KindsFor(target) .SelectMany(k => k.ApplicablePrivilegeSets) .Any(priv.BelongsTo)); }