ACL.cs 7.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252
  1. /*
  2. * Copyright (c) Contributors, http://opensimulator.org/
  3. * See CONTRIBUTORS.TXT for a full list of copyright holders.
  4. *
  5. * Redistribution and use in source and binary forms, with or without
  6. * modification, are permitted provided that the following conditions are met:
  7. * * Redistributions of source code must retain the above copyright
  8. * notice, this list of conditions and the following disclaimer.
  9. * * Redistributions in binary form must reproduce the above copyright
  10. * notice, this list of conditions and the following disclaimer in the
  11. * documentation and/or other materials provided with the distribution.
  12. * * Neither the name of the OpenSimulator Project nor the
  13. * names of its contributors may be used to endorse or promote products
  14. * derived from this software without specific prior written permission.
  15. *
  16. * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
  17. * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
  18. * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  19. * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
  20. * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
  21. * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  22. * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
  23. * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  24. * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  25. * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  26. */
  27. using System;
  28. using System.Collections.Generic;
  29. namespace OpenSim.Framework
  30. {
  31. // ACL Class
  32. // Modelled after the structure of the Zend ACL Framework Library
  33. // with one key difference - the tree will search for all matching
  34. // permissions rather than just the first. Deny permissions will
  35. // override all others.
  36. #region ACL Core Class
  37. /// <summary>
  38. /// Access Control List Engine
  39. /// </summary>
  40. public class ACL
  41. {
  42. private Dictionary<string, Resource> Resources = new Dictionary<string, Resource>();
  43. private Dictionary<string, Role> Roles = new Dictionary<string, Role>();
  44. /// <summary>
  45. /// Adds a new role
  46. /// </summary>
  47. /// <param name="role"></param>
  48. /// <returns></returns>
  49. public ACL AddRole(Role role)
  50. {
  51. if (Roles.ContainsKey(role.Name))
  52. throw new AlreadyContainsRoleException(role);
  53. Roles.Add(role.Name, role);
  54. return this;
  55. }
  56. /// <summary>
  57. /// Adds a new resource
  58. /// </summary>
  59. /// <param name="resource"></param>
  60. /// <returns></returns>
  61. public ACL AddResource(Resource resource)
  62. {
  63. Resources.Add(resource.Name, resource);
  64. return this;
  65. }
  66. /// <summary>
  67. /// Permision for user/roll on a resource
  68. /// </summary>
  69. /// <param name="role"></param>
  70. /// <param name="resource"></param>
  71. /// <returns></returns>
  72. public Permission HasPermission(string role, string resource)
  73. {
  74. if (!Roles.ContainsKey(role))
  75. throw new KeyNotFoundException();
  76. if (!Resources.ContainsKey(resource))
  77. throw new KeyNotFoundException();
  78. return Roles[role].RequestPermission(resource);
  79. }
  80. public ACL GrantPermission(string role, string resource)
  81. {
  82. if (!Roles.ContainsKey(role))
  83. throw new KeyNotFoundException();
  84. if (!Resources.ContainsKey(resource))
  85. throw new KeyNotFoundException();
  86. Roles[role].GivePermission(resource, Permission.Allow);
  87. return this;
  88. }
  89. public ACL DenyPermission(string role, string resource)
  90. {
  91. if (!Roles.ContainsKey(role))
  92. throw new KeyNotFoundException();
  93. if (!Resources.ContainsKey(resource))
  94. throw new KeyNotFoundException();
  95. Roles[role].GivePermission(resource, Permission.Deny);
  96. return this;
  97. }
  98. public ACL ResetPermission(string role, string resource)
  99. {
  100. if (!Roles.ContainsKey(role))
  101. throw new KeyNotFoundException();
  102. if (!Resources.ContainsKey(resource))
  103. throw new KeyNotFoundException();
  104. Roles[role].GivePermission(resource, Permission.None);
  105. return this;
  106. }
  107. }
  108. #endregion
  109. #region Exceptions
  110. /// <summary>
  111. /// Thrown when an ACL attempts to add a duplicate role.
  112. /// </summary>
  113. public class AlreadyContainsRoleException : Exception
  114. {
  115. protected Role m_role;
  116. public AlreadyContainsRoleException(Role role)
  117. {
  118. m_role = role;
  119. }
  120. public Role ErrorRole
  121. {
  122. get { return m_role; }
  123. }
  124. public override string ToString()
  125. {
  126. return "This ACL already contains a role called '" + m_role.Name + "'.";
  127. }
  128. }
  129. #endregion
  130. #region Roles and Resources
  131. /// <summary>
  132. /// Does this Role have permission to access a specified Resource?
  133. /// </summary>
  134. public enum Permission
  135. {
  136. Deny,
  137. None,
  138. Allow
  139. } ;
  140. /// <summary>
  141. /// A role class, for use with Users or Groups
  142. /// </summary>
  143. public class Role
  144. {
  145. private string m_name;
  146. private Role[] m_parents;
  147. private Dictionary<string, Permission> m_resources = new Dictionary<string, Permission>();
  148. public Role(string name)
  149. {
  150. m_name = name;
  151. m_parents = null;
  152. }
  153. public Role(string name, Role[] parents)
  154. {
  155. m_name = name;
  156. m_parents = parents;
  157. }
  158. public string Name
  159. {
  160. get { return m_name; }
  161. }
  162. public Permission RequestPermission(string resource)
  163. {
  164. return RequestPermission(resource, Permission.None);
  165. }
  166. public Permission RequestPermission(string resource, Permission current)
  167. {
  168. // Deny permissions always override any others
  169. if (current == Permission.Deny)
  170. return current;
  171. Permission temp = Permission.None;
  172. // Pickup non-None permissions
  173. if (m_resources.ContainsKey(resource) && m_resources[resource] != Permission.None)
  174. temp = m_resources[resource];
  175. if (m_parents != null)
  176. {
  177. foreach (Role parent in m_parents)
  178. {
  179. temp = parent.RequestPermission(resource, temp);
  180. }
  181. }
  182. return temp;
  183. }
  184. public void GivePermission(string resource, Permission perm)
  185. {
  186. m_resources[resource] = perm;
  187. }
  188. }
  189. public class Resource
  190. {
  191. private string m_name;
  192. public Resource(string name)
  193. {
  194. m_name = name;
  195. }
  196. public string Name
  197. {
  198. get { return m_name; }
  199. }
  200. }
  201. #endregion
  202. }