diff options
Diffstat (limited to 'OpenSim/Framework/ACL.cs')
-rw-r--r-- | OpenSim/Framework/ACL.cs | 263 |
1 files changed, 263 insertions, 0 deletions
diff --git a/OpenSim/Framework/ACL.cs b/OpenSim/Framework/ACL.cs new file mode 100644 index 0000000..8f9c6e7 --- /dev/null +++ b/OpenSim/Framework/ACL.cs | |||
@@ -0,0 +1,263 @@ | |||
1 | /* | ||
2 | * Copyright (c) Contributors, http://opensimulator.org/ | ||
3 | * See CONTRIBUTORS.TXT for a full list of copyright holders. | ||
4 | * | ||
5 | * Redistribution and use in source and binary forms, with or without | ||
6 | * modification, are permitted provided that the following conditions are met: | ||
7 | * * Redistributions of source code must retain the above copyright | ||
8 | * notice, this list of conditions and the following disclaimer. | ||
9 | * * Redistributions in binary form must reproduce the above copyright | ||
10 | * notice, this list of conditions and the following disclaimer in the | ||
11 | * documentation and/or other materials provided with the distribution. | ||
12 | * * Neither the name of the OpenSim Project nor the | ||
13 | * names of its contributors may be used to endorse or promote products | ||
14 | * derived from this software without specific prior written permission. | ||
15 | * | ||
16 | * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS AS IS AND ANY | ||
17 | * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | ||
18 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | ||
19 | * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY | ||
20 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES | ||
21 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
22 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND | ||
23 | * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||
24 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS | ||
25 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
26 | * | ||
27 | */ | ||
28 | using System; | ||
29 | using System.Collections.Generic; | ||
30 | |||
31 | namespace OpenSim.Framework | ||
32 | { | ||
33 | // ACL Class | ||
34 | // Modelled after the structure of the Zend ACL Framework Library | ||
35 | // with one key difference - the tree will search for all matching | ||
36 | // permissions rather than just the first. Deny permissions will | ||
37 | // override all others. | ||
38 | |||
39 | #region ACL Core Class | ||
40 | |||
41 | /// <summary> | ||
42 | /// Access Control List Engine | ||
43 | /// </summary> | ||
44 | public class ACL | ||
45 | { | ||
46 | private Dictionary<string, Role> Roles = new Dictionary<string, Role>(); | ||
47 | private Dictionary<string, Resource> Resources = new Dictionary<string, Resource>(); | ||
48 | |||
49 | public ACL AddRole(Role role) | ||
50 | { | ||
51 | if (Roles.ContainsKey(role.Name)) | ||
52 | throw new AlreadyContainsRoleException(role); | ||
53 | |||
54 | Roles.Add(role.Name, role); | ||
55 | |||
56 | return this; | ||
57 | } | ||
58 | |||
59 | public ACL AddResource(Resource resource) | ||
60 | { | ||
61 | Resources.Add(resource.Name, resource); | ||
62 | |||
63 | return this; | ||
64 | } | ||
65 | |||
66 | public Permission HasPermission(string role, string resource) | ||
67 | { | ||
68 | if (!Roles.ContainsKey(role)) | ||
69 | throw new KeyNotFoundException(); | ||
70 | |||
71 | if (!Resources.ContainsKey(resource)) | ||
72 | throw new KeyNotFoundException(); | ||
73 | |||
74 | return Roles[role].RequestPermission(resource); | ||
75 | } | ||
76 | |||
77 | public ACL GrantPermission(string role, string resource) | ||
78 | { | ||
79 | if (!Roles.ContainsKey(role)) | ||
80 | throw new KeyNotFoundException(); | ||
81 | |||
82 | if (!Resources.ContainsKey(resource)) | ||
83 | throw new KeyNotFoundException(); | ||
84 | |||
85 | Roles[role].GivePermission(resource, Permission.Allow); | ||
86 | |||
87 | return this; | ||
88 | } | ||
89 | |||
90 | public ACL DenyPermission(string role, string resource) | ||
91 | { | ||
92 | if (!Roles.ContainsKey(role)) | ||
93 | throw new KeyNotFoundException(); | ||
94 | |||
95 | if (!Resources.ContainsKey(resource)) | ||
96 | throw new KeyNotFoundException(); | ||
97 | |||
98 | Roles[role].GivePermission(resource, Permission.Deny); | ||
99 | |||
100 | return this; | ||
101 | } | ||
102 | |||
103 | public ACL ResetPermission(string role, string resource) | ||
104 | { | ||
105 | if (!Roles.ContainsKey(role)) | ||
106 | throw new KeyNotFoundException(); | ||
107 | |||
108 | if (!Resources.ContainsKey(resource)) | ||
109 | throw new KeyNotFoundException(); | ||
110 | |||
111 | Roles[role].GivePermission(resource, Permission.None); | ||
112 | |||
113 | return this; | ||
114 | } | ||
115 | } | ||
116 | |||
117 | #endregion | ||
118 | |||
119 | #region Exceptions | ||
120 | |||
121 | /// <summary> | ||
122 | /// Thrown when an ACL attempts to add a duplicate role. | ||
123 | /// </summary> | ||
124 | public class AlreadyContainsRoleException : Exception | ||
125 | { | ||
126 | protected Role m_role; | ||
127 | |||
128 | public Role ErrorRole | ||
129 | { | ||
130 | get { return m_role; } | ||
131 | } | ||
132 | |||
133 | public AlreadyContainsRoleException(Role role) | ||
134 | { | ||
135 | m_role = role; | ||
136 | } | ||
137 | |||
138 | public override string ToString() | ||
139 | { | ||
140 | return "This ACL already contains a role called '" + m_role.Name + "'."; | ||
141 | } | ||
142 | } | ||
143 | |||
144 | #endregion | ||
145 | |||
146 | #region Roles and Resources | ||
147 | |||
148 | /// <summary> | ||
149 | /// Does this Role have permission to access a specified Resource? | ||
150 | /// </summary> | ||
151 | public enum Permission | ||
152 | { | ||
153 | Deny, | ||
154 | None, | ||
155 | Allow | ||
156 | } ; | ||
157 | |||
158 | /// <summary> | ||
159 | /// A role class, for use with Users or Groups | ||
160 | /// </summary> | ||
161 | public class Role | ||
162 | { | ||
163 | private string m_name; | ||
164 | private Role[] m_parents; | ||
165 | private Dictionary<string, Permission> m_resources = new Dictionary<string, Permission>(); | ||
166 | |||
167 | public string Name | ||
168 | { | ||
169 | get { return m_name; } | ||
170 | } | ||
171 | |||
172 | public Permission RequestPermission(string resource) | ||
173 | { | ||
174 | return RequestPermission(resource, Permission.None); | ||
175 | } | ||
176 | |||
177 | public Permission RequestPermission(string resource, Permission current) | ||
178 | { | ||
179 | // Deny permissions always override any others | ||
180 | if (current == Permission.Deny) | ||
181 | return current; | ||
182 | |||
183 | Permission temp = Permission.None; | ||
184 | |||
185 | // Pickup non-None permissions | ||
186 | if (m_resources.ContainsKey(resource) && m_resources[resource] != Permission.None) | ||
187 | temp = m_resources[resource]; | ||
188 | |||
189 | if (m_parents != null) | ||
190 | { | ||
191 | foreach (Role parent in m_parents) | ||
192 | { | ||
193 | temp = parent.RequestPermission(resource, temp); | ||
194 | } | ||
195 | } | ||
196 | |||
197 | return temp; | ||
198 | } | ||
199 | |||
200 | public void GivePermission(string resource, Permission perm) | ||
201 | { | ||
202 | m_resources[resource] = perm; | ||
203 | } | ||
204 | |||
205 | public Role(string name) | ||
206 | { | ||
207 | m_name = name; | ||
208 | m_parents = null; | ||
209 | } | ||
210 | |||
211 | public Role(string name, Role[] parents) | ||
212 | { | ||
213 | m_name = name; | ||
214 | m_parents = parents; | ||
215 | } | ||
216 | } | ||
217 | |||
218 | public class Resource | ||
219 | { | ||
220 | private string m_name; | ||
221 | |||
222 | public string Name | ||
223 | { | ||
224 | get { return m_name; } | ||
225 | } | ||
226 | |||
227 | public Resource(string name) | ||
228 | { | ||
229 | m_name = name; | ||
230 | } | ||
231 | } | ||
232 | |||
233 | #endregion | ||
234 | |||
235 | #region Tests | ||
236 | |||
237 | internal class ACLTester | ||
238 | { | ||
239 | public ACLTester() | ||
240 | { | ||
241 | ACL acl = new ACL(); | ||
242 | |||
243 | Role Guests = new Role("Guests"); | ||
244 | acl.AddRole(Guests); | ||
245 | |||
246 | Role[] parents = new Role[0]; | ||
247 | parents[0] = Guests; | ||
248 | |||
249 | Role JoeGuest = new Role("JoeGuest", parents); | ||
250 | acl.AddRole(JoeGuest); | ||
251 | |||
252 | Resource CanBuild = new Resource("CanBuild"); | ||
253 | acl.AddResource(CanBuild); | ||
254 | |||
255 | |||
256 | acl.GrantPermission("Guests", "CanBuild"); | ||
257 | |||
258 | acl.HasPermission("JoeGuest", "CanBuild"); | ||
259 | } | ||
260 | } | ||
261 | |||
262 | #endregion | ||
263 | } \ No newline at end of file | ||