123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263 |
- /*
- * Copyright (c) Contributors, http://opensimulator.org/
- * See CONTRIBUTORS.TXT for a full list of copyright holders.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- * * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * * Neither the name of the OpenSim Project nor the
- * names of its contributors may be used to endorse or promote products
- * derived from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
- * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
- using System;
- using System.Collections.Generic;
- namespace OpenSim.Framework
- {
- // ACL Class
- // Modelled after the structure of the Zend ACL Framework Library
- // with one key difference - the tree will search for all matching
- // permissions rather than just the first. Deny permissions will
- // override all others.
- #region ACL Core Class
- /// <summary>
- /// Access Control List Engine
- /// </summary>
- public class ACL
- {
- private Dictionary<string, Role> Roles = new Dictionary<string, Role>();
- private Dictionary<string, Resource> Resources = new Dictionary<string, Resource>();
- public ACL AddRole(Role role)
- {
- if (Roles.ContainsKey(role.Name))
- throw new AlreadyContainsRoleException(role);
- Roles.Add(role.Name, role);
- return this;
- }
- public ACL AddResource(Resource resource)
- {
- Resources.Add(resource.Name, resource);
- return this;
- }
- public Permission HasPermission(string role, string resource)
- {
- if (!Roles.ContainsKey(role))
- throw new KeyNotFoundException();
- if (!Resources.ContainsKey(resource))
- throw new KeyNotFoundException();
- return Roles[role].RequestPermission(resource);
- }
- public ACL GrantPermission(string role, string resource)
- {
- if (!Roles.ContainsKey(role))
- throw new KeyNotFoundException();
- if (!Resources.ContainsKey(resource))
- throw new KeyNotFoundException();
- Roles[role].GivePermission(resource, Permission.Allow);
- return this;
- }
- public ACL DenyPermission(string role, string resource)
- {
- if (!Roles.ContainsKey(role))
- throw new KeyNotFoundException();
- if (!Resources.ContainsKey(resource))
- throw new KeyNotFoundException();
- Roles[role].GivePermission(resource, Permission.Deny);
- return this;
- }
- public ACL ResetPermission(string role, string resource)
- {
- if (!Roles.ContainsKey(role))
- throw new KeyNotFoundException();
- if (!Resources.ContainsKey(resource))
- throw new KeyNotFoundException();
- Roles[role].GivePermission(resource, Permission.None);
- return this;
- }
- }
- #endregion
- #region Exceptions
- /// <summary>
- /// Thrown when an ACL attempts to add a duplicate role.
- /// </summary>
- public class AlreadyContainsRoleException : Exception
- {
- protected Role m_role;
- public Role ErrorRole
- {
- get { return m_role; }
- }
- public AlreadyContainsRoleException(Role role)
- {
- m_role = role;
- }
- public override string ToString()
- {
- return "This ACL already contains a role called '" + m_role.Name + "'.";
- }
- }
- #endregion
- #region Roles and Resources
- /// <summary>
- /// Does this Role have permission to access a specified Resource?
- /// </summary>
- public enum Permission
- {
- Deny,
- None,
- Allow
- } ;
- /// <summary>
- /// A role class, for use with Users or Groups
- /// </summary>
- public class Role
- {
- private string m_name;
- private Role[] m_parents;
- private Dictionary<string, Permission> m_resources = new Dictionary<string, Permission>();
- public string Name
- {
- get { return m_name; }
- }
- public Permission RequestPermission(string resource)
- {
- return RequestPermission(resource, Permission.None);
- }
- public Permission RequestPermission(string resource, Permission current)
- {
- // Deny permissions always override any others
- if (current == Permission.Deny)
- return current;
- Permission temp = Permission.None;
- // Pickup non-None permissions
- if (m_resources.ContainsKey(resource) && m_resources[resource] != Permission.None)
- temp = m_resources[resource];
- if (m_parents != null)
- {
- foreach (Role parent in m_parents)
- {
- temp = parent.RequestPermission(resource, temp);
- }
- }
- return temp;
- }
- public void GivePermission(string resource, Permission perm)
- {
- m_resources[resource] = perm;
- }
- public Role(string name)
- {
- m_name = name;
- m_parents = null;
- }
- public Role(string name, Role[] parents)
- {
- m_name = name;
- m_parents = parents;
- }
- }
- public class Resource
- {
- private string m_name;
- public string Name
- {
- get { return m_name; }
- }
- public Resource(string name)
- {
- m_name = name;
- }
- }
- #endregion
- #region Tests
- internal class ACLTester
- {
- public ACLTester()
- {
- ACL acl = new ACL();
- Role Guests = new Role("Guests");
- acl.AddRole(Guests);
- Role[] parents = new Role[0];
- parents[0] = Guests;
- Role JoeGuest = new Role("JoeGuest", parents);
- acl.AddRole(JoeGuest);
- Resource CanBuild = new Resource("CanBuild");
- acl.AddResource(CanBuild);
- acl.GrantPermission("Guests", "CanBuild");
- acl.HasPermission("JoeGuest", "CanBuild");
- }
- }
- #endregion
- }
|