PrepareUsername() public static method

Prepends the proper string to a username.
public static PrepareUsername ( string username ) : string
username string The username.
return string
示例#1
0
        private static Authorization LocalCheckActionForGlobals(string action, string currentUser, string[] groups)
        {
            AclEntry[]    entries = SettingsProvider.AclManager.RetrieveEntriesForResource(Actions.ForGlobals.ResourceMasterPrefix);
            Authorization auth    = AclEvaluator.AuthorizeAction(Actions.ForGlobals.ResourceMasterPrefix, action,
                                                                 AuthTools.PrepareUsername(currentUser), AuthTools.PrepareGroups(groups), entries);

            return(auth);
        }
示例#2
0
        /// <summary>
        /// Sets a permission for a global resource.
        /// </summary>
        /// <param name="status">The authorization status.</param>
        /// <param name="action">The action of which to modify the authorization status.</param>
        /// <param name="user">The user subject of the authorization change.</param>
        /// <returns><c>true</c> if the authorization status is changed, <c>false</c> otherwise.</returns>
        public bool SetPermissionForGlobals(AuthStatus status, string action, UserInfo user)
        {
            if (user == null)
            {
                throw new ArgumentNullException("user");
            }

            return(SetPermissionForGlobals(status, action, AuthTools.PrepareUsername(user.Username)));
        }
示例#3
0
        /// <summary>
        /// Removes all the ACL Entries for a namespace that are bound to a user.
        /// </summary>
        /// <param name="user">The user.</param>
        /// <param name="nspace">The namespace (<c>null</c> for the root).</param>
        /// <returns><c>true</c> if the operation succeeded, <c>false</c> otherwise.</returns>
        public bool RemoveEntriesForNamespace(UserInfo user, NamespaceInfo nspace)
        {
            if (user == null)
            {
                throw new ArgumentNullException("user");
            }

            return(RemoveEntriesForNamespace(AuthTools.PrepareUsername(user.Username), nspace));
        }
示例#4
0
        /// <summary>
        /// Removes all the ACL Entries for global resources that are bound to a user.
        /// </summary>
        /// <param name="user">The user.</param>
        /// <returns><c>true</c> if the operation succeeded, <c>false</c> otherwise.</returns>
        public bool RemoveEntriesForGlobals(UserInfo user)
        {
            if (user == null)
            {
                throw new ArgumentNullException("user");
            }

            return(RemoveEntriesForGlobals(AuthTools.PrepareUsername(user.Username)));
        }
示例#5
0
        /// <summary>
        /// Sets a permission for a directory.
        /// </summary>
        /// <param name="status">The authorization status.</param>
        /// <param name="provider">The provider that handles the directory.</param>
        /// <param name="directory">The directory.</param>
        /// <param name="action">The action of which to modify the authorization status.</param>
        /// <param name="user">The user subject of the authorization change.</param>
        /// <returns><c>true</c> if the authorization status is changed, <c>false</c> otherwise.</returns>
        public bool SetPermissionForDirectory(AuthStatus status, IFilesStorageProviderV40 provider, string directory, string action, UserInfo user)
        {
            if (user == null)
            {
                throw new ArgumentNullException("user");
            }

            return(SetPermissionForDirectory(status, provider, directory, action, AuthTools.PrepareUsername(user.Username)));
        }
示例#6
0
        /// <summary>
        /// Removes all the ACL Entries for a directory that are bound to a user.
        /// </summary>
        /// <param name="user">The user.</param>
        /// <param name="provider">The provider.</param>
        /// <param name="directory">The directory.</param>
        /// <returns><c>true</c> if the operation succeeded, <c>false</c> otherwise.</returns>
        public bool RemoveEntriesForDirectory(UserInfo user, IFilesStorageProviderV40 provider, string directory)
        {
            if (user == null)
            {
                throw new ArgumentNullException("user");
            }

            return(RemoveEntriesForDirectory(AuthTools.PrepareUsername(user.Username), provider, directory));
        }
示例#7
0
        /// <summary>
        /// Gets all the actions for global resources that are denied to a user.
        /// </summary>
        /// <param name="user">The user.</param>
        /// <returns>The denied actions.</returns>
        public static string[] RetrieveDenialsForGlobals(UserInfo user)
        {
            if (user == null)
            {
                throw new ArgumentNullException("user");
            }

            return(RetrieveDenialsForGlobals(AuthTools.PrepareUsername(user.Username)));
        }
示例#8
0
        /// <summary>
        /// Sets a permission for a namespace.
        /// </summary>
        /// <param name="status">The authorization status.</param>
        /// <param name="nspace">The namespace (<c>null</c> for the root).</param>
        /// <param name="action">The action of which to modify the authorization status.</param>
        /// <param name="user">The user subject of the authorization change.</param>
        /// <returns><c>true</c> if the authorization status is changed, <c>false</c> otherwise.</returns>
        public static bool SetPermissionForNamespace(AuthStatus status, NamespaceInfo nspace, string action, UserInfo user)
        {
            if (user == null)
            {
                throw new ArgumentNullException("user");
            }

            return(SetPermissionForNamespace(status, nspace, action, AuthTools.PrepareUsername(user.Username)));
        }
示例#9
0
        /// <summary>
        /// Gets all the actions for a directory that are denied to a user.
        /// </summary>
        /// <param name="user">The user.</param>
        /// <param name="provider">The provider.</param>
        /// <param name="directory">The directory.</param>
        /// <returns>The denied actions.</returns>
        public static string[] RetrieveDenialsForDirectory(UserInfo user, IFilesStorageProviderV30 provider, string directory)
        {
            if (user == null)
            {
                throw new ArgumentNullException("user");
            }

            return(RetrieveDenialsForDirectory(AuthTools.PrepareUsername(user.Username), provider, directory));
        }
示例#10
0
        /// <summary>
        /// Gets all the actions for a namespace that are denied to a user.
        /// </summary>
        /// <param name="user">The user.</param>
        /// <param name="nspace">The namespace (<c>null</c> for the root).</param>
        /// <returns>The denied actions.</returns>
        public static string[] RetrieveDenialsForNamespace(UserInfo user, NamespaceInfo nspace)
        {
            if (user == null)
            {
                throw new ArgumentNullException("user");
            }

            return(RetrieveDenialsForNamespace(AuthTools.PrepareUsername(user.Username), nspace));
        }
示例#11
0
        /// <summary>
        /// Gets all the actions for a page that are granted to a user.
        /// </summary>
        /// <param name="user">The user.</param>
        /// <param name="page">The page.</param>
        /// <returns>The granted actions.</returns>
        public static string[] RetrieveGrantsForPage(UserInfo user, PageInfo page)
        {
            if (user == null)
            {
                throw new ArgumentNullException("user");
            }

            return(RetrieveGrantsForPage(AuthTools.PrepareUsername(user.Username), page));
        }
示例#12
0
        /// <summary>
        /// Gets all the actions for a page that are denied to a user.
        /// </summary>
        /// <param name="user">The user.</param>
        /// <param name="pageFullName">The page full name.</param>
        /// <returns>The granted actions.</returns>
        public string[] RetrieveDenialsForPage(UserInfo user, string pageFullName)
        {
            if (user == null)
            {
                throw new ArgumentNullException("user");
            }

            return(RetrieveDenialsForPage(AuthTools.PrepareUsername(user.Username), pageFullName));
        }
示例#13
0
        private static Authorization LocalCheckActionForNamespace(NamespaceInfo nspace, string action, string currentUser, string[] groups, bool localEscalator = false)
        {
            string namespaceName = nspace != null ? nspace.Name : "";

            AclEntry[] entries = SettingsProvider.AclManager.RetrieveEntriesForResource(
                Actions.ForNamespaces.ResourceMasterPrefix + namespaceName);

            Authorization auth = AclEvaluator.AuthorizeAction(Actions.ForNamespaces.ResourceMasterPrefix + namespaceName,
                                                              action, AuthTools.PrepareUsername(currentUser), AuthTools.PrepareGroups(groups), entries);

            if (localEscalator || auth != Authorization.Unknown)
            {
                return(auth);
            }

            // Try local escalators
            string[] localEscalators = null;
            if (Actions.ForNamespaces.LocalEscalators.TryGetValue(action, out localEscalators))
            {
                foreach (string localAction in localEscalators)
                {
                    Authorization authorization = LocalCheckActionForNamespace(nspace, localAction, currentUser, groups, true);
                    if (authorization != Authorization.Unknown)
                    {
                        return(authorization);
                    }
                }
            }

            // Try root escalation
            if (nspace != null)
            {
                Authorization authorization = LocalCheckActionForNamespace(null, action, currentUser, groups);
                if (authorization != Authorization.Unknown)
                {
                    return(authorization);
                }
            }

            // Try global escalators
            string[] globalEscalators = null;
            if (Actions.ForNamespaces.GlobalEscalators.TryGetValue(action, out globalEscalators))
            {
                foreach (string globalAction in globalEscalators)
                {
                    Authorization authorization = LocalCheckActionForGlobals(globalAction, currentUser, groups);
                    if (authorization != Authorization.Unknown)
                    {
                        return(authorization);
                    }
                }
            }

            return(Authorization.Unknown);
        }
示例#14
0
        /// <summary>
        /// Checks whether an action is allowed for the global resources.
        /// </summary>
        /// <param name="action">The action the user is attempting to perform.</param>
        /// <param name="currentUser">The current user.</param>
        /// <param name="groups">The groups the user is member of.</param>
        /// <returns><c>true</c> if the action is allowed.</returns>
        public static bool CheckActionForGlobals(string action, string currentUser, string[] groups)
        {
            if (action == null)
            {
                throw new ArgumentNullException("action");
            }

            if (action.Length == 0)
            {
                throw new ArgumentException("Action cannot be empty", "action");
            }

            if (!AuthTools.IsValidAction(action, Actions.ForGlobals.All))
            {
                throw new ArgumentException("Invalid action", "action");
            }

            if (currentUser == null)
            {
                throw new ArgumentNullException("currentUser");
            }

            if (currentUser.Length == 0)
            {
                throw new ArgumentException("Current User cannot be empty", "currentUser");
            }

            if (groups == null)
            {
                throw new ArgumentNullException("groups");
            }

            if (currentUser == "admin")
            {
                return(true);
            }

            AclEntry[]    entries = SettingsProvider.AclManager.RetrieveEntriesForResource(Actions.ForGlobals.ResourceMasterPrefix);
            Authorization auth    = AclEvaluator.AuthorizeAction(Actions.ForGlobals.ResourceMasterPrefix, action,
                                                                 AuthTools.PrepareUsername(currentUser), AuthTools.PrepareGroups(groups), entries);

            return(auth == Authorization.Granted);
        }
示例#15
0
        /// <summary>
        /// Checks whether an action is allowed for a namespace.
        /// </summary>
        /// <param name="nspace">The current namespace (<c>null</c> for the root).</param>
        /// <param name="action">The action the user is attempting to perform.</param>
        /// <param name="currentUser">The current user.</param>
        /// <param name="groups">The groups the user is member of.</param>
        /// <returns><c>true</c> if the action is allowed, <c>false</c> otherwise.</returns>
        public static bool CheckActionForNamespace(NamespaceInfo nspace, string action, string currentUser, string[] groups)
        {
            if (action == null)
            {
                throw new ArgumentNullException("action");
            }

            if (action.Length == 0)
            {
                throw new ArgumentException("Action cannot be empty", "action");
            }

            if (!AuthTools.IsValidAction(action, Actions.ForNamespaces.All))
            {
                throw new ArgumentException("Invalid action", "action");
            }

            if (currentUser == null)
            {
                throw new ArgumentNullException("currentUser");
            }

            if (currentUser.Length == 0)
            {
                throw new ArgumentException("Current User cannot be empty", "currentUser");
            }

            if (groups == null)
            {
                throw new ArgumentNullException("groups");
            }

            if (currentUser == "admin")
            {
                return(true);
            }

            string namespaceName = nspace != null ? nspace.Name : "";

            AclEntry[] entries = SettingsProvider.AclManager.RetrieveEntriesForResource(
                Actions.ForNamespaces.ResourceMasterPrefix + namespaceName);

            Authorization auth = AclEvaluator.AuthorizeAction(Actions.ForNamespaces.ResourceMasterPrefix + namespaceName,
                                                              action, AuthTools.PrepareUsername(currentUser), AuthTools.PrepareGroups(groups), entries);

            if (auth != Authorization.Unknown)
            {
                return(auth == Authorization.Granted);
            }

            // Try local escalators
            string[] localEscalators = null;
            if (Actions.ForNamespaces.LocalEscalators.TryGetValue(action, out localEscalators))
            {
                foreach (string localAction in localEscalators)
                {
                    bool authorized = CheckActionForNamespace(nspace, localAction, currentUser, groups);
                    if (authorized)
                    {
                        return(true);
                    }
                }
            }

            // Try root escalation
            if (nspace != null)
            {
                bool authorized = CheckActionForNamespace(null, action, currentUser, groups);
                if (authorized)
                {
                    return(true);
                }
            }

            // Try global escalators
            string[] globalEscalators = null;
            if (Actions.ForNamespaces.GlobalEscalators.TryGetValue(action, out globalEscalators))
            {
                foreach (string globalAction in globalEscalators)
                {
                    bool authorized = CheckActionForGlobals(globalAction, currentUser, groups);
                    if (authorized)
                    {
                        return(true);
                    }
                }
            }

            return(false);
        }
示例#16
0
        /// <summary>
        /// Checks whether an action is allowed for a directory.
        /// </summary>
        /// <param name="provider">The provider that manages the directory.</param>
        /// <param name="directory">The full path of the directory.</param>
        /// <param name="action">The action the user is attempting to perform.</param>
        /// <param name="currentUser">The current user.</param>
        /// <param name="groups">The groups the user is member of.</param>
        /// <returns><c>true</c> if the action is allowed, <c>false</c> otherwise.</returns>
        public static bool CheckActionForDirectory(IFilesStorageProviderV30 provider, string directory, string action, string currentUser, string[] groups)
        {
            if (provider == null)
            {
                throw new ArgumentNullException("provider");
            }

            if (directory == null)
            {
                throw new ArgumentNullException("directory");
            }
            if (directory.Length == 0)
            {
                throw new ArgumentException("Directory cannot be empty", "directory");
            }

            if (action == null)
            {
                throw new ArgumentNullException("action");
            }
            if (action.Length == 0)
            {
                throw new ArgumentException("Action cannot be empty", "action");
            }
            if (!AuthTools.IsValidAction(action, Actions.ForDirectories.All))
            {
                throw new ArgumentException("Invalid action", "action");
            }

            if (currentUser == null)
            {
                throw new ArgumentNullException("currentUser");
            }
            if (currentUser.Length == 0)
            {
                throw new ArgumentException("Current User cannot be empty", "currentUser");
            }

            if (groups == null)
            {
                throw new ArgumentNullException("groups");
            }

            if (currentUser == "admin")
            {
                return(true);
            }

            string resourceName = Actions.ForDirectories.ResourceMasterPrefix + AuthTools.GetDirectoryName(provider, directory);

            AclEntry[] entries = SettingsProvider.AclManager.RetrieveEntriesForResource(resourceName);

            Authorization auth = AclEvaluator.AuthorizeAction(resourceName, action,
                                                              AuthTools.PrepareUsername(currentUser), AuthTools.PrepareGroups(groups), entries);

            if (auth != Authorization.Unknown)
            {
                return(auth == Authorization.Granted);
            }

            // Try local escalators
            string[] localEscalators = null;
            if (Actions.ForDirectories.LocalEscalators.TryGetValue(action, out localEscalators))
            {
                foreach (string localAction in localEscalators)
                {
                    bool authorized = CheckActionForDirectory(provider, directory, localAction, currentUser, groups);
                    if (authorized)
                    {
                        return(true);
                    }
                }
            }

            // Try directory escalation (extract parent directory and check its permissions)
            // Path manipulation keeps the format used by the caller (leading and trailing slashes are preserved if appropriate)
            string trimmedDirectory = directory.Trim('/');

            if (trimmedDirectory.Length > 0)
            {
                int    slashIndex = trimmedDirectory.LastIndexOf('/');
                string parentDir  = "";
                if (slashIndex > 0)
                {
                    // Navigate one level up, using the same slash format as the current one
                    parentDir = (directory.StartsWith("/") ? "/" : "") +
                                trimmedDirectory.Substring(0, slashIndex) + (directory.EndsWith("/") ? "/" : "");
                }
                else
                {
                    // This is the root
                    parentDir = directory.StartsWith("/") ? "/" : "";
                }
                bool authorized = CheckActionForDirectory(provider, parentDir, action, currentUser, groups);
                if (authorized)
                {
                    return(true);
                }
            }

            // Try global escalators
            string[] globalEscalators = null;
            if (Actions.ForDirectories.GlobalEscalators.TryGetValue(action, out globalEscalators))
            {
                foreach (string globalAction in globalEscalators)
                {
                    bool authorized = CheckActionForGlobals(globalAction, currentUser, groups);
                    if (authorized)
                    {
                        return(true);
                    }
                }
            }

            return(false);
        }
示例#17
0
        private static Authorization LocalCheckActionForPage(PageInfo page, string action, string currentUser, string[] groups, bool localEscalator = false)
        {
            AclEntry[]    entries = SettingsProvider.AclManager.RetrieveEntriesForResource(Actions.ForPages.ResourceMasterPrefix + page.FullName);
            Authorization auth    = AclEvaluator.AuthorizeAction(Actions.ForPages.ResourceMasterPrefix + page.FullName, action,
                                                                 AuthTools.PrepareUsername(currentUser), AuthTools.PrepareGroups(groups), entries);

            if (localEscalator || auth != Authorization.Unknown)
            {
                return(auth);
            }

            // Try local escalators
            string[] localEscalators = null;
            if (Actions.ForPages.LocalEscalators.TryGetValue(action, out localEscalators))
            {
                foreach (string localAction in localEscalators)
                {
                    Authorization authorization = LocalCheckActionForPage(page, localAction, currentUser, groups, true);
                    if (authorization != Authorization.Unknown)
                    {
                        return(authorization);
                    }
                }
            }

            // Try namespace escalators
            string[]      namespaceEscalators = null;
            string        nsName = NameTools.GetNamespace(page.FullName);
            NamespaceInfo ns     = string.IsNullOrEmpty(nsName) ? null : new NamespaceInfo(nsName, null, null);

            if (Actions.ForPages.NamespaceEscalators.TryGetValue(action, out namespaceEscalators))
            {
                foreach (string namespaceAction in namespaceEscalators)
                {
                    Authorization authorization = LocalCheckActionForNamespace(ns, namespaceAction, currentUser, groups, true);
                    if (authorization != Authorization.Unknown)
                    {
                        return(authorization);
                    }

                    // Try root escalation
                    if (ns != null)
                    {
                        authorization = LocalCheckActionForNamespace(null, namespaceAction, currentUser, groups, true);
                        if (authorization != Authorization.Unknown)
                        {
                            return(authorization);
                        }
                    }
                }
            }

            // Try global escalators
            string[] globalEscalators = null;
            if (Actions.ForPages.GlobalEscalators.TryGetValue(action, out globalEscalators))
            {
                foreach (string globalAction in globalEscalators)
                {
                    Authorization authorization = LocalCheckActionForGlobals(globalAction, currentUser, groups);
                    if (authorization != Authorization.Unknown)
                    {
                        return(authorization);
                    }
                }
            }

            return(Authorization.Unknown);
        }