-
Notifications
You must be signed in to change notification settings - Fork 195
/
PermissionMap.cs
109 lines (91 loc) · 2.74 KB
/
PermissionMap.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
using System;
using System.Collections.Generic;
using System.Security.Principal;
namespace N2.Security
{
/// <summary>
/// Maps a permission to a set of users and roles.
/// </summary>
public class PermissionMap : ICloneable
{
public Permission Permissions { get; set; }
public string[] Roles { get; set; }
public string[] Users { get; set; }
public bool IsAltered { get; set; }
public PermissionMap()
{
Permissions = Permission.None;
Roles = new string[0];
Users = new string[0];
}
public PermissionMap(Permission permissionType, string[] roles, string[] users)
{
Permissions = permissionType;
Roles = roles;
Users = users;
}
public virtual bool Contains(IPrincipal user)
{
if (user == null)
return false;
return IsInUsers(user.Identity.Name) || IsInRoles(user, Roles);
}
public virtual bool MapsTo(Permission permission)
{
return (permission & Permissions) == permission;
}
public virtual bool Authorizes(IPrincipal user, ContentItem item, Permission permission)
{
if(item != null && permission == Permission.Read && !item.IsAuthorized(user))
return false;
return MapsTo(permission) && Contains(user);
}
protected bool IsInUsers(string userName)
{
if (userName == null)
return false;
foreach (string name in Users)
if (userName.Equals(name, StringComparison.InvariantCultureIgnoreCase))
return true;
return false;
}
/// <summary>Asks the user if it is in any of the roles.</summary>
/// <param name="user">The user to check.</param>
/// <param name="roles">The roles to look for.</param>
/// <returns>True if the user is in any of the given roles or the roles are null.</returns>
public static bool IsInRoles(IPrincipal user, IEnumerable<string> roles)
{
if (roles == null) return true;
foreach (string role in roles)
if (user.IsInRole(role))
return true;
return false;
}
private static Permission[] Levels = { Permission.Administer, Permission.Publish, Permission.Write, Permission.Read, Permission.None };
public static Permission GetMaximumPermission(Permission permissionFlags)
{
foreach (var level in Levels)
{
if ((level & permissionFlags) == level)
return level;
}
return Permission.None;
}
#region ICloneable Members
object ICloneable.Clone()
{
throw new NotImplementedException();
}
public virtual PermissionMap Clone()
{
return (PermissionMap) MemberwiseClone();
}
#endregion
#region ToString
public override string ToString()
{
return Permissions + ": roles={" + string.Join(",", Roles) + "} users={" + string.Join(",", Users) + "}";
}
#endregion
}
}