/// <summary> /// Gets the authorizations. /// </summary> /// <returns></returns> public IAzManAuthorization[] GetAuthorizations() { var auths = (from tf in this.db.Authorizations() where (this.application.Store.Storage.Mode == NetSqlAzManMode.Administrator && tf.ObjectSidWhereDefined != (byte)WhereDefined.Local || this.application.Store.Storage.Mode != NetSqlAzManMode.Administrator) && tf.ItemId == this.itemId select tf).ToList(); int index = 0; IAzManAuthorization[] authorizations = new SqlAzManAuthorization[auths.Count]; foreach (var row in auths) { authorizations[index] = new SqlAzManAuthorization(this.db, this, row.AuthorizationId.Value, new SqlAzManSID(row.OwnerSid.ToArray(), row.OwnerSidWhereDefined == (byte)(WhereDefined.Database)), (WhereDefined)row.OwnerSidWhereDefined, new SqlAzManSID(row.ObjectSid.ToArray(), row.ObjectSidWhereDefined == (byte)(WhereDefined.Database)), (WhereDefined)row.ObjectSidWhereDefined, (AuthorizationType)row.AuthorizationType, row.ValidFrom, row.ValidTo, this.ens); if (this.ens != null) this.ens.AddPublisher(authorizations[index]); index++; } return authorizations; }
/// <summary> /// Creates the delegation [DB Users]. /// </summary> /// <param name="delegatingUser">The delegating user.</param> /// <param name="delegateUser">The delegate user.</param> /// <param name="authorizationType">Type of the authorization.</param> /// <param name="validFrom">The valid from.</param> /// <param name="validTo">The valid to.</param> /// <returns>IAzManAuthorization</returns> public IAzManAuthorization CreateDelegateAuthorization(IAzManDBUser delegatingUser, IAzManSid delegateUser, RestrictedAuthorizationType authorizationType, DateTime? validFrom, DateTime? validTo) { //DateTime range check if (validFrom.HasValue && validTo.HasValue) { if (validFrom.Value > validTo.Value) throw new InvalidOperationException("ValidFrom cannot be greater then ValidTo if supplied."); } string delegatedName; bool isLocal; DirectoryServicesUtils.GetMemberInfo(delegateUser.StringValue, out delegatedName, out isLocal); //Check if user has AllowWithDelegation permission on this Item. if (this.CheckAccess(delegatingUser, DateTime.Now) != AuthorizationType.AllowWithDelegation) { string msg = String.Format("Create Delegate permission deny for user '{0}' ({1}) to user '{2}' ({3}).", delegatingUser.UserName, delegatingUser.CustomSid.StringValue, delegatedName, delegateUser.StringValue); throw new SqlAzManException(msg); } WhereDefined sidWhereDefined = isLocal ? WhereDefined.Local : WhereDefined.LDAP; if (this.application.Store.Storage.Mode == NetSqlAzManMode.Administrator && sidWhereDefined == WhereDefined.Local) { throw new SqlAzManException("Cannot create a Delegate defined on local in Administrator Mode"); } IAzManSid owner = delegatingUser.CustomSid; string ownerName = delegatingUser.UserName; WhereDefined ownerSidWhereDefined = WhereDefined.Database; int? authorizationId = 0; this.db.CreateDelegate(this.itemId, owner.BinaryValue, (byte)ownerSidWhereDefined, delegateUser.BinaryValue, (byte)sidWhereDefined, (byte)authorizationType, (validFrom.HasValue ? validFrom.Value : new DateTime?()), (validTo.HasValue ? validTo.Value : new DateTime?()), ref authorizationId); IAzManAuthorization result = new SqlAzManAuthorization(this.db, this, authorizationId.Value, owner, ownerSidWhereDefined, delegateUser, sidWhereDefined, (AuthorizationType)authorizationType, validFrom, validTo, this.ens); this.raiseDelegateCreated(this, result); if (this.ens != null) this.ens.AddPublisher(result); return result; }
/// <summary> /// Gets the authorization. /// </summary> /// <param name="authorizationId">The authorization id.</param> /// <returns></returns> public IAzManAuthorization GetAuthorization(int authorizationId) { AuthorizationsResult ar; if ((ar = (from t in this.db.Authorizations() where t.ItemId == this.itemId && t.AuthorizationId == authorizationId select t).FirstOrDefault()) != null) { if (this.application.Store.Storage.Mode == NetSqlAzManMode.Administrator && ar.ObjectSidWhereDefined == (byte)WhereDefined.Local) { throw SqlAzManException.AuthorizationNotFoundException(authorizationId, this, null); } else { IAzManAuthorization result = new SqlAzManAuthorization(this.db, this, ar.AuthorizationId.Value, new SqlAzManSID(ar.OwnerSid.ToArray(), ar.OwnerSidWhereDefined == (byte)(WhereDefined.Database)), (WhereDefined)ar.OwnerSidWhereDefined, new SqlAzManSID(ar.ObjectSid.ToArray(), ar.ObjectSidWhereDefined == (byte)(WhereDefined.Database)), (WhereDefined)(ar.ObjectSidWhereDefined), (AuthorizationType)ar.AuthorizationType, ar.ValidFrom, ar.ValidTo, this.ens); if (this.ens != null) this.ens.AddPublisher(result); return result; } } else { throw SqlAzManException.AuthorizationNotFoundException(authorizationId, this, null); } }
/// <summary> /// Creates the authorization. /// </summary> /// <param name="owner">The owner owner.</param> /// <param name="ownerSidWhereDefined">The owner sid where defined.</param> /// <param name="sid">The object owner.</param> /// <param name="sidWhereDefined">The object owner where defined.</param> /// <param name="authorizationType">Type of the authorization.</param> /// <param name="validFrom">The valid from.</param> /// <param name="validTo">The valid to.</param> /// <returns></returns> public IAzManAuthorization CreateAuthorization(IAzManSid owner, WhereDefined ownerSidWhereDefined, IAzManSid sid, WhereDefined sidWhereDefined, AuthorizationType authorizationType, DateTime? validFrom, DateTime? validTo) { //DateTime range check if (validFrom.HasValue && validTo.HasValue) { if (validFrom.Value > validTo.Value) throw new InvalidOperationException("ValidFrom cannot be greater then ValidTo if supplied."); } if (this.application.Store.Storage.Mode == NetSqlAzManMode.Administrator && sidWhereDefined == WhereDefined.Local) { throw new SqlAzManException("Cannot create an Authorization on members defined on local in Administrator Mode"); } var existing = (from aut in this.db.Authorizations() where aut.ItemId == this.itemId && aut.OwnerSid == owner.BinaryValue && aut.OwnerSidWhereDefined == (byte)ownerSidWhereDefined && aut.ObjectSid == sid.BinaryValue && aut.AuthorizationType == (byte)authorizationType && aut.ValidFrom == validFrom && aut.ValidTo == validTo select aut).FirstOrDefault(); if (existing == null) { int id = this.db.AuthorizationInsert(this.itemId, owner.BinaryValue, (byte)ownerSidWhereDefined, sid.BinaryValue, (byte)sidWhereDefined, (byte)authorizationType, (validFrom.HasValue ? validFrom.Value : new DateTime?()), (validTo.HasValue ? validTo.Value : new DateTime?()), this.application.ApplicationId); IAzManAuthorization result = new SqlAzManAuthorization(this.db, this, id, owner, ownerSidWhereDefined, sid, sidWhereDefined, authorizationType, validFrom, validTo, this.ens); this.raiseAuthorizationCreated(this, result); if (this.ens != null) this.ens.AddPublisher(result); this.authorizations = null; //Force cache refresh return result; } else { IAzManAuthorization result = new SqlAzManAuthorization(this.db, this, existing.ItemId.Value, new SqlAzManSID(existing.OwnerSid.ToArray()), (WhereDefined)existing.OwnerSidWhereDefined, new SqlAzManSID(existing.ObjectSid.ToArray()), (WhereDefined)existing.ObjectSidWhereDefined, (AuthorizationType)existing.AuthorizationType.Value, existing.ValidFrom, existing.ValidTo, this.ens); return result; } }