diff options
Diffstat (limited to 'OpenSim/Framework/General')
-rw-r--r-- | OpenSim/Framework/General/PolicyManager/ACL.cs | 446 |
1 files changed, 223 insertions, 223 deletions
diff --git a/OpenSim/Framework/General/PolicyManager/ACL.cs b/OpenSim/Framework/General/PolicyManager/ACL.cs index 4f357c4..53c1b2d 100644 --- a/OpenSim/Framework/General/PolicyManager/ACL.cs +++ b/OpenSim/Framework/General/PolicyManager/ACL.cs | |||
@@ -1,223 +1,223 @@ | |||
1 | using System; | 1 | using System; |
2 | using System.Collections.Generic; | 2 | using System.Collections.Generic; |
3 | using System.Text; | 3 | using System.Text; |
4 | 4 | ||
5 | namespace OpenSim.Framework.PolicyManager | 5 | namespace OpenSim.Framework.PolicyManager |
6 | { | 6 | { |
7 | #region ACL Core Class | 7 | #region ACL Core Class |
8 | /// <summary> | 8 | /// <summary> |
9 | /// Access Control List Engine | 9 | /// Access Control List Engine |
10 | /// </summary> | 10 | /// </summary> |
11 | public class ACL | 11 | public class ACL |
12 | { | 12 | { |
13 | Dictionary<string, Role> Roles = new Dictionary<string, Role>(); | 13 | Dictionary<string, Role> Roles = new Dictionary<string, Role>(); |
14 | Dictionary<string, Resource> Resources = new Dictionary<string, Resource>(); | 14 | Dictionary<string, Resource> Resources = new Dictionary<string, Resource>(); |
15 | 15 | ||
16 | public ACL AddRole(Role role) | 16 | public ACL AddRole(Role role) |
17 | { | 17 | { |
18 | if (Roles.ContainsKey(role.Name)) | 18 | if (Roles.ContainsKey(role.Name)) |
19 | throw new AlreadyContainsRoleException(role); | 19 | throw new AlreadyContainsRoleException(role); |
20 | 20 | ||
21 | Roles.Add(role.Name, role); | 21 | Roles.Add(role.Name, role); |
22 | 22 | ||
23 | return this; | 23 | return this; |
24 | } | 24 | } |
25 | 25 | ||
26 | public ACL AddResource(Resource resource) | 26 | public ACL AddResource(Resource resource) |
27 | { | 27 | { |
28 | Resources.Add(resource.Name, resource); | 28 | Resources.Add(resource.Name, resource); |
29 | 29 | ||
30 | return this; | 30 | return this; |
31 | } | 31 | } |
32 | 32 | ||
33 | public Permission HasPermission(string role, string resource) | 33 | public Permission HasPermission(string role, string resource) |
34 | { | 34 | { |
35 | if (!Roles.ContainsKey(role)) | 35 | if (!Roles.ContainsKey(role)) |
36 | throw new KeyNotFoundException(); | 36 | throw new KeyNotFoundException(); |
37 | 37 | ||
38 | if (!Resources.ContainsKey(resource)) | 38 | if (!Resources.ContainsKey(resource)) |
39 | throw new KeyNotFoundException(); | 39 | throw new KeyNotFoundException(); |
40 | 40 | ||
41 | return Roles[role].RequestPermission(resource); | 41 | return Roles[role].RequestPermission(resource); |
42 | } | 42 | } |
43 | 43 | ||
44 | public ACL GrantPermission(string role, string resource) | 44 | public ACL GrantPermission(string role, string resource) |
45 | { | 45 | { |
46 | if (!Roles.ContainsKey(role)) | 46 | if (!Roles.ContainsKey(role)) |
47 | throw new KeyNotFoundException(); | 47 | throw new KeyNotFoundException(); |
48 | 48 | ||
49 | if (!Resources.ContainsKey(resource)) | 49 | if (!Resources.ContainsKey(resource)) |
50 | throw new KeyNotFoundException(); | 50 | throw new KeyNotFoundException(); |
51 | 51 | ||
52 | Roles[role].GivePermission(resource, Permission.Allow); | 52 | Roles[role].GivePermission(resource, Permission.Allow); |
53 | 53 | ||
54 | return this; | 54 | return this; |
55 | } | 55 | } |
56 | 56 | ||
57 | public ACL DenyPermission(string role, string resource) | 57 | public ACL DenyPermission(string role, string resource) |
58 | { | 58 | { |
59 | if (!Roles.ContainsKey(role)) | 59 | if (!Roles.ContainsKey(role)) |
60 | throw new KeyNotFoundException(); | 60 | throw new KeyNotFoundException(); |
61 | 61 | ||
62 | if (!Resources.ContainsKey(resource)) | 62 | if (!Resources.ContainsKey(resource)) |
63 | throw new KeyNotFoundException(); | 63 | throw new KeyNotFoundException(); |
64 | 64 | ||
65 | Roles[role].GivePermission(resource, Permission.Deny); | 65 | Roles[role].GivePermission(resource, Permission.Deny); |
66 | 66 | ||
67 | return this; | 67 | return this; |
68 | } | 68 | } |
69 | 69 | ||
70 | public ACL ResetPermission(string role, string resource) | 70 | public ACL ResetPermission(string role, string resource) |
71 | { | 71 | { |
72 | if (!Roles.ContainsKey(role)) | 72 | if (!Roles.ContainsKey(role)) |
73 | throw new KeyNotFoundException(); | 73 | throw new KeyNotFoundException(); |
74 | 74 | ||
75 | if (!Resources.ContainsKey(resource)) | 75 | if (!Resources.ContainsKey(resource)) |
76 | throw new KeyNotFoundException(); | 76 | throw new KeyNotFoundException(); |
77 | 77 | ||
78 | Roles[role].GivePermission(resource, Permission.None); | 78 | Roles[role].GivePermission(resource, Permission.None); |
79 | 79 | ||
80 | return this; | 80 | return this; |
81 | } | 81 | } |
82 | } | 82 | } |
83 | #endregion | 83 | #endregion |
84 | 84 | ||
85 | #region Exceptions | 85 | #region Exceptions |
86 | /// <summary> | 86 | /// <summary> |
87 | /// Thrown when an ACL attempts to add a duplicate role. | 87 | /// Thrown when an ACL attempts to add a duplicate role. |
88 | /// </summary> | 88 | /// </summary> |
89 | public class AlreadyContainsRoleException : Exception | 89 | public class AlreadyContainsRoleException : Exception |
90 | { | 90 | { |
91 | protected Role m_role; | 91 | protected Role m_role; |
92 | 92 | ||
93 | public Role ErrorRole | 93 | public Role ErrorRole |
94 | { | 94 | { |
95 | get { return m_role; } | 95 | get { return m_role; } |
96 | } | 96 | } |
97 | 97 | ||
98 | public AlreadyContainsRoleException(Role role) | 98 | public AlreadyContainsRoleException(Role role) |
99 | { | 99 | { |
100 | m_role = role; | 100 | m_role = role; |
101 | } | 101 | } |
102 | 102 | ||
103 | public override string ToString() | 103 | public override string ToString() |
104 | { | 104 | { |
105 | return "This ACL already contains a role called '" + m_role.Name + "'."; | 105 | return "This ACL already contains a role called '" + m_role.Name + "'."; |
106 | } | 106 | } |
107 | } | 107 | } |
108 | #endregion | 108 | #endregion |
109 | 109 | ||
110 | #region Roles and Resources | 110 | #region Roles and Resources |
111 | 111 | ||
112 | /// <summary> | 112 | /// <summary> |
113 | /// Does this Role have permission to access a specified Resource? | 113 | /// Does this Role have permission to access a specified Resource? |
114 | /// </summary> | 114 | /// </summary> |
115 | public enum Permission { Deny, None, Allow }; | 115 | public enum Permission { Deny, None, Allow }; |
116 | 116 | ||
117 | /// <summary> | 117 | /// <summary> |
118 | /// A role class, for use with Users or Groups | 118 | /// A role class, for use with Users or Groups |
119 | /// </summary> | 119 | /// </summary> |
120 | public class Role | 120 | public class Role |
121 | { | 121 | { |
122 | private string m_name; | 122 | private string m_name; |
123 | private Role[] m_parents; | 123 | private Role[] m_parents; |
124 | private Dictionary<string, Permission> m_resources = new Dictionary<string, Permission>(); | 124 | private Dictionary<string, Permission> m_resources = new Dictionary<string, Permission>(); |
125 | 125 | ||
126 | public string Name | 126 | public string Name |
127 | { | 127 | { |
128 | get { return m_name; } | 128 | get { return m_name; } |
129 | } | 129 | } |
130 | 130 | ||
131 | public Permission RequestPermission(string resource) | 131 | public Permission RequestPermission(string resource) |
132 | { | 132 | { |
133 | return RequestPermission(resource, Permission.None); | 133 | return RequestPermission(resource, Permission.None); |
134 | } | 134 | } |
135 | 135 | ||
136 | public Permission RequestPermission(string resource, Permission current) | 136 | public Permission RequestPermission(string resource, Permission current) |
137 | { | 137 | { |
138 | // Deny permissions always override any others | 138 | // Deny permissions always override any others |
139 | if (current == Permission.Deny) | 139 | if (current == Permission.Deny) |
140 | return current; | 140 | return current; |
141 | 141 | ||
142 | Permission temp = Permission.None; | 142 | Permission temp = Permission.None; |
143 | 143 | ||
144 | // Pickup non-None permissions | 144 | // Pickup non-None permissions |
145 | if (m_resources.ContainsKey(resource) && m_resources[resource] != Permission.None) | 145 | if (m_resources.ContainsKey(resource) && m_resources[resource] != Permission.None) |
146 | temp = m_resources[resource]; | 146 | temp = m_resources[resource]; |
147 | 147 | ||
148 | if (m_parents != null) | 148 | if (m_parents != null) |
149 | { | 149 | { |
150 | foreach (Role parent in m_parents) | 150 | foreach (Role parent in m_parents) |
151 | { | 151 | { |
152 | temp = parent.RequestPermission(resource, temp); | 152 | temp = parent.RequestPermission(resource, temp); |
153 | } | 153 | } |
154 | } | 154 | } |
155 | 155 | ||
156 | return temp; | 156 | return temp; |
157 | } | 157 | } |
158 | 158 | ||
159 | public void GivePermission(string resource, Permission perm) | 159 | public void GivePermission(string resource, Permission perm) |
160 | { | 160 | { |
161 | m_resources[resource] = perm; | 161 | m_resources[resource] = perm; |
162 | } | 162 | } |
163 | 163 | ||
164 | public Role(string name) | 164 | public Role(string name) |
165 | { | 165 | { |
166 | m_name = name; | 166 | m_name = name; |
167 | m_parents = null; | 167 | m_parents = null; |
168 | } | 168 | } |
169 | 169 | ||
170 | public Role(string name, Role[] parents) | 170 | public Role(string name, Role[] parents) |
171 | { | 171 | { |
172 | m_name = name; | 172 | m_name = name; |
173 | m_parents = parents; | 173 | m_parents = parents; |
174 | } | 174 | } |
175 | } | 175 | } |
176 | 176 | ||
177 | public class Resource | 177 | public class Resource |
178 | { | 178 | { |
179 | private string m_name; | 179 | private string m_name; |
180 | 180 | ||
181 | public string Name | 181 | public string Name |
182 | { | 182 | { |
183 | get { return m_name; } | 183 | get { return m_name; } |
184 | } | 184 | } |
185 | 185 | ||
186 | public Resource(string name) | 186 | public Resource(string name) |
187 | { | 187 | { |
188 | m_name = name; | 188 | m_name = name; |
189 | } | 189 | } |
190 | } | 190 | } |
191 | 191 | ||
192 | #endregion | 192 | #endregion |
193 | 193 | ||
194 | #region Tests | 194 | #region Tests |
195 | 195 | ||
196 | class ACLTester | 196 | class ACLTester |
197 | { | 197 | { |
198 | public ACLTester() | 198 | public ACLTester() |
199 | { | 199 | { |
200 | ACL acl = new ACL(); | 200 | ACL acl = new ACL(); |
201 | 201 | ||
202 | Role Guests = new Role("Guests"); | 202 | Role Guests = new Role("Guests"); |
203 | acl.AddRole(Guests); | 203 | acl.AddRole(Guests); |
204 | 204 | ||
205 | Role[] parents = new Role[0]; | 205 | Role[] parents = new Role[0]; |
206 | parents[0] = Guests; | 206 | parents[0] = Guests; |
207 | 207 | ||
208 | Role JoeGuest = new Role("JoeGuest", parents); | 208 | Role JoeGuest = new Role("JoeGuest", parents); |
209 | acl.AddRole(JoeGuest); | 209 | acl.AddRole(JoeGuest); |
210 | 210 | ||
211 | Resource CanBuild = new Resource("CanBuild"); | 211 | Resource CanBuild = new Resource("CanBuild"); |
212 | acl.AddResource(CanBuild); | 212 | acl.AddResource(CanBuild); |
213 | 213 | ||
214 | 214 | ||
215 | acl.GrantPermission("Guests", "CanBuild"); | 215 | acl.GrantPermission("Guests", "CanBuild"); |
216 | 216 | ||
217 | acl.HasPermission("JoeGuest", "CanBuild"); | 217 | acl.HasPermission("JoeGuest", "CanBuild"); |
218 | 218 | ||
219 | } | 219 | } |
220 | } | 220 | } |
221 | 221 | ||
222 | #endregion | 222 | #endregion |
223 | } | 223 | } |