ACL.cs 7.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263
  1. /*
  2. * Copyright (c) Contributors, http://opensimulator.org/
  3. * See CONTRIBUTORS.TXT for a full list of copyright holders.
  4. *
  5. * Redistribution and use in source and binary forms, with or without
  6. * modification, are permitted provided that the following conditions are met:
  7. * * Redistributions of source code must retain the above copyright
  8. * notice, this list of conditions and the following disclaimer.
  9. * * Redistributions in binary form must reproduce the above copyright
  10. * notice, this list of conditions and the following disclaimer in the
  11. * documentation and/or other materials provided with the distribution.
  12. * * Neither the name of the OpenSim Project nor the
  13. * names of its contributors may be used to endorse or promote products
  14. * derived from this software without specific prior written permission.
  15. *
  16. * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
  17. * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
  18. * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  19. * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
  20. * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
  21. * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  22. * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
  23. * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  24. * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  25. * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  26. */
  27. using System;
  28. using System.Collections.Generic;
  29. namespace OpenSim.Framework
  30. {
  31. // ACL Class
  32. // Modelled after the structure of the Zend ACL Framework Library
  33. // with one key difference - the tree will search for all matching
  34. // permissions rather than just the first. Deny permissions will
  35. // override all others.
  36. #region ACL Core Class
  37. /// <summary>
  38. /// Access Control List Engine
  39. /// </summary>
  40. public class ACL
  41. {
  42. private Dictionary<string, Resource> Resources = new Dictionary<string, Resource>();
  43. private Dictionary<string, Role> Roles = new Dictionary<string, Role>();
  44. public ACL AddRole(Role role)
  45. {
  46. if (Roles.ContainsKey(role.Name))
  47. throw new AlreadyContainsRoleException(role);
  48. Roles.Add(role.Name, role);
  49. return this;
  50. }
  51. public ACL AddResource(Resource resource)
  52. {
  53. Resources.Add(resource.Name, resource);
  54. return this;
  55. }
  56. public Permission HasPermission(string role, string resource)
  57. {
  58. if (!Roles.ContainsKey(role))
  59. throw new KeyNotFoundException();
  60. if (!Resources.ContainsKey(resource))
  61. throw new KeyNotFoundException();
  62. return Roles[role].RequestPermission(resource);
  63. }
  64. public ACL GrantPermission(string role, string resource)
  65. {
  66. if (!Roles.ContainsKey(role))
  67. throw new KeyNotFoundException();
  68. if (!Resources.ContainsKey(resource))
  69. throw new KeyNotFoundException();
  70. Roles[role].GivePermission(resource, Permission.Allow);
  71. return this;
  72. }
  73. public ACL DenyPermission(string role, string resource)
  74. {
  75. if (!Roles.ContainsKey(role))
  76. throw new KeyNotFoundException();
  77. if (!Resources.ContainsKey(resource))
  78. throw new KeyNotFoundException();
  79. Roles[role].GivePermission(resource, Permission.Deny);
  80. return this;
  81. }
  82. public ACL ResetPermission(string role, string resource)
  83. {
  84. if (!Roles.ContainsKey(role))
  85. throw new KeyNotFoundException();
  86. if (!Resources.ContainsKey(resource))
  87. throw new KeyNotFoundException();
  88. Roles[role].GivePermission(resource, Permission.None);
  89. return this;
  90. }
  91. }
  92. #endregion
  93. #region Exceptions
  94. /// <summary>
  95. /// Thrown when an ACL attempts to add a duplicate role.
  96. /// </summary>
  97. public class AlreadyContainsRoleException : Exception
  98. {
  99. protected Role m_role;
  100. public AlreadyContainsRoleException(Role role)
  101. {
  102. m_role = role;
  103. }
  104. public Role ErrorRole
  105. {
  106. get { return m_role; }
  107. }
  108. public override string ToString()
  109. {
  110. return "This ACL already contains a role called '" + m_role.Name + "'.";
  111. }
  112. }
  113. #endregion
  114. #region Roles and Resources
  115. /// <summary>
  116. /// Does this Role have permission to access a specified Resource?
  117. /// </summary>
  118. public enum Permission
  119. {
  120. Deny,
  121. None,
  122. Allow
  123. } ;
  124. /// <summary>
  125. /// A role class, for use with Users or Groups
  126. /// </summary>
  127. public class Role
  128. {
  129. private string m_name;
  130. private Role[] m_parents;
  131. private Dictionary<string, Permission> m_resources = new Dictionary<string, Permission>();
  132. public Role(string name)
  133. {
  134. m_name = name;
  135. m_parents = null;
  136. }
  137. public Role(string name, Role[] parents)
  138. {
  139. m_name = name;
  140. m_parents = parents;
  141. }
  142. public string Name
  143. {
  144. get { return m_name; }
  145. }
  146. public Permission RequestPermission(string resource)
  147. {
  148. return RequestPermission(resource, Permission.None);
  149. }
  150. public Permission RequestPermission(string resource, Permission current)
  151. {
  152. // Deny permissions always override any others
  153. if (current == Permission.Deny)
  154. return current;
  155. Permission temp = Permission.None;
  156. // Pickup non-None permissions
  157. if (m_resources.ContainsKey(resource) && m_resources[resource] != Permission.None)
  158. temp = m_resources[resource];
  159. if (m_parents != null)
  160. {
  161. foreach (Role parent in m_parents)
  162. {
  163. temp = parent.RequestPermission(resource, temp);
  164. }
  165. }
  166. return temp;
  167. }
  168. public void GivePermission(string resource, Permission perm)
  169. {
  170. m_resources[resource] = perm;
  171. }
  172. }
  173. public class Resource
  174. {
  175. private string m_name;
  176. public Resource(string name)
  177. {
  178. m_name = name;
  179. }
  180. public string Name
  181. {
  182. get { return m_name; }
  183. }
  184. }
  185. #endregion
  186. #region Tests
  187. internal class ACLTester
  188. {
  189. public ACLTester()
  190. {
  191. ACL acl = new ACL();
  192. Role Guests = new Role("Guests");
  193. acl.AddRole(Guests);
  194. Role[] parents = new Role[0];
  195. parents[0] = Guests;
  196. Role JoeGuest = new Role("JoeGuest", parents);
  197. acl.AddRole(JoeGuest);
  198. Resource CanBuild = new Resource("CanBuild");
  199. acl.AddResource(CanBuild);
  200. acl.GrantPermission("Guests", "CanBuild");
  201. acl.HasPermission("JoeGuest", "CanBuild");
  202. }
  203. }
  204. #endregion
  205. }