public static PrepareUsername ( string username ) : string | ||
username | string | The username. |
return | string |
private static Authorization LocalCheckActionForGlobals(string action, string currentUser, string[] groups) { AclEntry[] entries = SettingsProvider.AclManager.RetrieveEntriesForResource(Actions.ForGlobals.ResourceMasterPrefix); Authorization auth = AclEvaluator.AuthorizeAction(Actions.ForGlobals.ResourceMasterPrefix, action, AuthTools.PrepareUsername(currentUser), AuthTools.PrepareGroups(groups), entries); return(auth); }
/// <summary> /// Sets a permission for a global resource. /// </summary> /// <param name="status">The authorization status.</param> /// <param name="action">The action of which to modify the authorization status.</param> /// <param name="user">The user subject of the authorization change.</param> /// <returns><c>true</c> if the authorization status is changed, <c>false</c> otherwise.</returns> public bool SetPermissionForGlobals(AuthStatus status, string action, UserInfo user) { if (user == null) { throw new ArgumentNullException("user"); } return(SetPermissionForGlobals(status, action, AuthTools.PrepareUsername(user.Username))); }
/// <summary> /// Removes all the ACL Entries for a namespace that are bound to a user. /// </summary> /// <param name="user">The user.</param> /// <param name="nspace">The namespace (<c>null</c> for the root).</param> /// <returns><c>true</c> if the operation succeeded, <c>false</c> otherwise.</returns> public bool RemoveEntriesForNamespace(UserInfo user, NamespaceInfo nspace) { if (user == null) { throw new ArgumentNullException("user"); } return(RemoveEntriesForNamespace(AuthTools.PrepareUsername(user.Username), nspace)); }
/// <summary> /// Removes all the ACL Entries for global resources that are bound to a user. /// </summary> /// <param name="user">The user.</param> /// <returns><c>true</c> if the operation succeeded, <c>false</c> otherwise.</returns> public bool RemoveEntriesForGlobals(UserInfo user) { if (user == null) { throw new ArgumentNullException("user"); } return(RemoveEntriesForGlobals(AuthTools.PrepareUsername(user.Username))); }
/// <summary> /// Sets a permission for a directory. /// </summary> /// <param name="status">The authorization status.</param> /// <param name="provider">The provider that handles the directory.</param> /// <param name="directory">The directory.</param> /// <param name="action">The action of which to modify the authorization status.</param> /// <param name="user">The user subject of the authorization change.</param> /// <returns><c>true</c> if the authorization status is changed, <c>false</c> otherwise.</returns> public bool SetPermissionForDirectory(AuthStatus status, IFilesStorageProviderV40 provider, string directory, string action, UserInfo user) { if (user == null) { throw new ArgumentNullException("user"); } return(SetPermissionForDirectory(status, provider, directory, action, AuthTools.PrepareUsername(user.Username))); }
/// <summary> /// Removes all the ACL Entries for a directory that are bound to a user. /// </summary> /// <param name="user">The user.</param> /// <param name="provider">The provider.</param> /// <param name="directory">The directory.</param> /// <returns><c>true</c> if the operation succeeded, <c>false</c> otherwise.</returns> public bool RemoveEntriesForDirectory(UserInfo user, IFilesStorageProviderV40 provider, string directory) { if (user == null) { throw new ArgumentNullException("user"); } return(RemoveEntriesForDirectory(AuthTools.PrepareUsername(user.Username), provider, directory)); }
/// <summary> /// Gets all the actions for global resources that are denied to a user. /// </summary> /// <param name="user">The user.</param> /// <returns>The denied actions.</returns> public static string[] RetrieveDenialsForGlobals(UserInfo user) { if (user == null) { throw new ArgumentNullException("user"); } return(RetrieveDenialsForGlobals(AuthTools.PrepareUsername(user.Username))); }
/// <summary> /// Sets a permission for a namespace. /// </summary> /// <param name="status">The authorization status.</param> /// <param name="nspace">The namespace (<c>null</c> for the root).</param> /// <param name="action">The action of which to modify the authorization status.</param> /// <param name="user">The user subject of the authorization change.</param> /// <returns><c>true</c> if the authorization status is changed, <c>false</c> otherwise.</returns> public static bool SetPermissionForNamespace(AuthStatus status, NamespaceInfo nspace, string action, UserInfo user) { if (user == null) { throw new ArgumentNullException("user"); } return(SetPermissionForNamespace(status, nspace, action, AuthTools.PrepareUsername(user.Username))); }
/// <summary> /// Gets all the actions for a directory that are denied to a user. /// </summary> /// <param name="user">The user.</param> /// <param name="provider">The provider.</param> /// <param name="directory">The directory.</param> /// <returns>The denied actions.</returns> public static string[] RetrieveDenialsForDirectory(UserInfo user, IFilesStorageProviderV30 provider, string directory) { if (user == null) { throw new ArgumentNullException("user"); } return(RetrieveDenialsForDirectory(AuthTools.PrepareUsername(user.Username), provider, directory)); }
/// <summary> /// Gets all the actions for a namespace that are denied to a user. /// </summary> /// <param name="user">The user.</param> /// <param name="nspace">The namespace (<c>null</c> for the root).</param> /// <returns>The denied actions.</returns> public static string[] RetrieveDenialsForNamespace(UserInfo user, NamespaceInfo nspace) { if (user == null) { throw new ArgumentNullException("user"); } return(RetrieveDenialsForNamespace(AuthTools.PrepareUsername(user.Username), nspace)); }
/// <summary> /// Gets all the actions for a page that are granted to a user. /// </summary> /// <param name="user">The user.</param> /// <param name="page">The page.</param> /// <returns>The granted actions.</returns> public static string[] RetrieveGrantsForPage(UserInfo user, PageInfo page) { if (user == null) { throw new ArgumentNullException("user"); } return(RetrieveGrantsForPage(AuthTools.PrepareUsername(user.Username), page)); }
/// <summary> /// Gets all the actions for a page that are denied to a user. /// </summary> /// <param name="user">The user.</param> /// <param name="pageFullName">The page full name.</param> /// <returns>The granted actions.</returns> public string[] RetrieveDenialsForPage(UserInfo user, string pageFullName) { if (user == null) { throw new ArgumentNullException("user"); } return(RetrieveDenialsForPage(AuthTools.PrepareUsername(user.Username), pageFullName)); }
private static Authorization LocalCheckActionForNamespace(NamespaceInfo nspace, string action, string currentUser, string[] groups, bool localEscalator = false) { string namespaceName = nspace != null ? nspace.Name : ""; AclEntry[] entries = SettingsProvider.AclManager.RetrieveEntriesForResource( Actions.ForNamespaces.ResourceMasterPrefix + namespaceName); Authorization auth = AclEvaluator.AuthorizeAction(Actions.ForNamespaces.ResourceMasterPrefix + namespaceName, action, AuthTools.PrepareUsername(currentUser), AuthTools.PrepareGroups(groups), entries); if (localEscalator || auth != Authorization.Unknown) { return(auth); } // Try local escalators string[] localEscalators = null; if (Actions.ForNamespaces.LocalEscalators.TryGetValue(action, out localEscalators)) { foreach (string localAction in localEscalators) { Authorization authorization = LocalCheckActionForNamespace(nspace, localAction, currentUser, groups, true); if (authorization != Authorization.Unknown) { return(authorization); } } } // Try root escalation if (nspace != null) { Authorization authorization = LocalCheckActionForNamespace(null, action, currentUser, groups); if (authorization != Authorization.Unknown) { return(authorization); } } // Try global escalators string[] globalEscalators = null; if (Actions.ForNamespaces.GlobalEscalators.TryGetValue(action, out globalEscalators)) { foreach (string globalAction in globalEscalators) { Authorization authorization = LocalCheckActionForGlobals(globalAction, currentUser, groups); if (authorization != Authorization.Unknown) { return(authorization); } } } return(Authorization.Unknown); }
/// <summary> /// Checks whether an action is allowed for the global resources. /// </summary> /// <param name="action">The action the user is attempting to perform.</param> /// <param name="currentUser">The current user.</param> /// <param name="groups">The groups the user is member of.</param> /// <returns><c>true</c> if the action is allowed.</returns> public static bool CheckActionForGlobals(string action, string currentUser, string[] groups) { if (action == null) { throw new ArgumentNullException("action"); } if (action.Length == 0) { throw new ArgumentException("Action cannot be empty", "action"); } if (!AuthTools.IsValidAction(action, Actions.ForGlobals.All)) { throw new ArgumentException("Invalid action", "action"); } if (currentUser == null) { throw new ArgumentNullException("currentUser"); } if (currentUser.Length == 0) { throw new ArgumentException("Current User cannot be empty", "currentUser"); } if (groups == null) { throw new ArgumentNullException("groups"); } if (currentUser == "admin") { return(true); } AclEntry[] entries = SettingsProvider.AclManager.RetrieveEntriesForResource(Actions.ForGlobals.ResourceMasterPrefix); Authorization auth = AclEvaluator.AuthorizeAction(Actions.ForGlobals.ResourceMasterPrefix, action, AuthTools.PrepareUsername(currentUser), AuthTools.PrepareGroups(groups), entries); return(auth == Authorization.Granted); }
/// <summary> /// Checks whether an action is allowed for a namespace. /// </summary> /// <param name="nspace">The current namespace (<c>null</c> for the root).</param> /// <param name="action">The action the user is attempting to perform.</param> /// <param name="currentUser">The current user.</param> /// <param name="groups">The groups the user is member of.</param> /// <returns><c>true</c> if the action is allowed, <c>false</c> otherwise.</returns> public static bool CheckActionForNamespace(NamespaceInfo nspace, string action, string currentUser, string[] groups) { if (action == null) { throw new ArgumentNullException("action"); } if (action.Length == 0) { throw new ArgumentException("Action cannot be empty", "action"); } if (!AuthTools.IsValidAction(action, Actions.ForNamespaces.All)) { throw new ArgumentException("Invalid action", "action"); } if (currentUser == null) { throw new ArgumentNullException("currentUser"); } if (currentUser.Length == 0) { throw new ArgumentException("Current User cannot be empty", "currentUser"); } if (groups == null) { throw new ArgumentNullException("groups"); } if (currentUser == "admin") { return(true); } string namespaceName = nspace != null ? nspace.Name : ""; AclEntry[] entries = SettingsProvider.AclManager.RetrieveEntriesForResource( Actions.ForNamespaces.ResourceMasterPrefix + namespaceName); Authorization auth = AclEvaluator.AuthorizeAction(Actions.ForNamespaces.ResourceMasterPrefix + namespaceName, action, AuthTools.PrepareUsername(currentUser), AuthTools.PrepareGroups(groups), entries); if (auth != Authorization.Unknown) { return(auth == Authorization.Granted); } // Try local escalators string[] localEscalators = null; if (Actions.ForNamespaces.LocalEscalators.TryGetValue(action, out localEscalators)) { foreach (string localAction in localEscalators) { bool authorized = CheckActionForNamespace(nspace, localAction, currentUser, groups); if (authorized) { return(true); } } } // Try root escalation if (nspace != null) { bool authorized = CheckActionForNamespace(null, action, currentUser, groups); if (authorized) { return(true); } } // Try global escalators string[] globalEscalators = null; if (Actions.ForNamespaces.GlobalEscalators.TryGetValue(action, out globalEscalators)) { foreach (string globalAction in globalEscalators) { bool authorized = CheckActionForGlobals(globalAction, currentUser, groups); if (authorized) { return(true); } } } return(false); }
/// <summary> /// Checks whether an action is allowed for a directory. /// </summary> /// <param name="provider">The provider that manages the directory.</param> /// <param name="directory">The full path of the directory.</param> /// <param name="action">The action the user is attempting to perform.</param> /// <param name="currentUser">The current user.</param> /// <param name="groups">The groups the user is member of.</param> /// <returns><c>true</c> if the action is allowed, <c>false</c> otherwise.</returns> public static bool CheckActionForDirectory(IFilesStorageProviderV30 provider, string directory, string action, string currentUser, string[] groups) { if (provider == null) { throw new ArgumentNullException("provider"); } if (directory == null) { throw new ArgumentNullException("directory"); } if (directory.Length == 0) { throw new ArgumentException("Directory cannot be empty", "directory"); } if (action == null) { throw new ArgumentNullException("action"); } if (action.Length == 0) { throw new ArgumentException("Action cannot be empty", "action"); } if (!AuthTools.IsValidAction(action, Actions.ForDirectories.All)) { throw new ArgumentException("Invalid action", "action"); } if (currentUser == null) { throw new ArgumentNullException("currentUser"); } if (currentUser.Length == 0) { throw new ArgumentException("Current User cannot be empty", "currentUser"); } if (groups == null) { throw new ArgumentNullException("groups"); } if (currentUser == "admin") { return(true); } string resourceName = Actions.ForDirectories.ResourceMasterPrefix + AuthTools.GetDirectoryName(provider, directory); AclEntry[] entries = SettingsProvider.AclManager.RetrieveEntriesForResource(resourceName); Authorization auth = AclEvaluator.AuthorizeAction(resourceName, action, AuthTools.PrepareUsername(currentUser), AuthTools.PrepareGroups(groups), entries); if (auth != Authorization.Unknown) { return(auth == Authorization.Granted); } // Try local escalators string[] localEscalators = null; if (Actions.ForDirectories.LocalEscalators.TryGetValue(action, out localEscalators)) { foreach (string localAction in localEscalators) { bool authorized = CheckActionForDirectory(provider, directory, localAction, currentUser, groups); if (authorized) { return(true); } } } // Try directory escalation (extract parent directory and check its permissions) // Path manipulation keeps the format used by the caller (leading and trailing slashes are preserved if appropriate) string trimmedDirectory = directory.Trim('/'); if (trimmedDirectory.Length > 0) { int slashIndex = trimmedDirectory.LastIndexOf('/'); string parentDir = ""; if (slashIndex > 0) { // Navigate one level up, using the same slash format as the current one parentDir = (directory.StartsWith("/") ? "/" : "") + trimmedDirectory.Substring(0, slashIndex) + (directory.EndsWith("/") ? "/" : ""); } else { // This is the root parentDir = directory.StartsWith("/") ? "/" : ""; } bool authorized = CheckActionForDirectory(provider, parentDir, action, currentUser, groups); if (authorized) { return(true); } } // Try global escalators string[] globalEscalators = null; if (Actions.ForDirectories.GlobalEscalators.TryGetValue(action, out globalEscalators)) { foreach (string globalAction in globalEscalators) { bool authorized = CheckActionForGlobals(globalAction, currentUser, groups); if (authorized) { return(true); } } } return(false); }
private static Authorization LocalCheckActionForPage(PageInfo page, string action, string currentUser, string[] groups, bool localEscalator = false) { AclEntry[] entries = SettingsProvider.AclManager.RetrieveEntriesForResource(Actions.ForPages.ResourceMasterPrefix + page.FullName); Authorization auth = AclEvaluator.AuthorizeAction(Actions.ForPages.ResourceMasterPrefix + page.FullName, action, AuthTools.PrepareUsername(currentUser), AuthTools.PrepareGroups(groups), entries); if (localEscalator || auth != Authorization.Unknown) { return(auth); } // Try local escalators string[] localEscalators = null; if (Actions.ForPages.LocalEscalators.TryGetValue(action, out localEscalators)) { foreach (string localAction in localEscalators) { Authorization authorization = LocalCheckActionForPage(page, localAction, currentUser, groups, true); if (authorization != Authorization.Unknown) { return(authorization); } } } // Try namespace escalators string[] namespaceEscalators = null; string nsName = NameTools.GetNamespace(page.FullName); NamespaceInfo ns = string.IsNullOrEmpty(nsName) ? null : new NamespaceInfo(nsName, null, null); if (Actions.ForPages.NamespaceEscalators.TryGetValue(action, out namespaceEscalators)) { foreach (string namespaceAction in namespaceEscalators) { Authorization authorization = LocalCheckActionForNamespace(ns, namespaceAction, currentUser, groups, true); if (authorization != Authorization.Unknown) { return(authorization); } // Try root escalation if (ns != null) { authorization = LocalCheckActionForNamespace(null, namespaceAction, currentUser, groups, true); if (authorization != Authorization.Unknown) { return(authorization); } } } } // Try global escalators string[] globalEscalators = null; if (Actions.ForPages.GlobalEscalators.TryGetValue(action, out globalEscalators)) { foreach (string globalAction in globalEscalators) { Authorization authorization = LocalCheckActionForGlobals(globalAction, currentUser, groups); if (authorization != Authorization.Unknown) { return(authorization); } } } return(Authorization.Unknown); }