* Committing new PolicyManager based on an ACL system.

* Unlinked right now, but intent to replace large amounts of the core logic in PermissionManager with it.
author: Adam Frisby 2007-10-20 10:44:34 +0000
committer: Adam Frisby 2007-10-20 10:44:34 +0000
commit: 6119eaed85b6b77ed2d0dcaa857fe62b973cdff9 (patch)
tree: 73262dbe39b2c5387f717a76cc284ed6d264b403 /OpenSim/Framework/General/PolicyManager/ACL.cs
parent: updating windows sqlite binary (diff)
download: opensim-SC_OLD-6119eaed85b6b77ed2d0dcaa857fe62b973cdff9.zip
opensim-SC_OLD-6119eaed85b6b77ed2d0dcaa857fe62b973cdff9.tar.gz
opensim-SC_OLD-6119eaed85b6b77ed2d0dcaa857fe62b973cdff9.tar.bz2
opensim-SC_OLD-6119eaed85b6b77ed2d0dcaa857fe62b973cdff9.tar.xz
1 files changed, 223 insertions, 0 deletions
diff --git a/OpenSim/Framework/General/PolicyManager/ACL.cs b/OpenSim/Framework/General/PolicyManager/ACL.cs
new file mode 100644
index 0000000..4f357c4
--- /dev/null
+++ b/OpenSim/Framework/General/PolicyManager/ACL.cs
@@ -0,0 +1,223 @@
+using System;
+using System.Collections.Generic;
+using System.Text;
+namespace OpenSim.Framework.PolicyManager
+{
+    #region ACL Core Class
+    /// <summary>
+    /// Access Control List Engine
+    /// </summary>
+    public class ACL
+    {
+        Dictionary<string, Role> Roles = new Dictionary<string, Role>();
+        Dictionary<string, Resource> Resources = new Dictionary<string, Resource>();
+        public ACL AddRole(Role role)
+        {
+            if (Roles.ContainsKey(role.Name))
+                throw new AlreadyContainsRoleException(role);
+            Roles.Add(role.Name, role);
+            return this;
+        }
+        public ACL AddResource(Resource resource)
+        {
+            Resources.Add(resource.Name, resource);
+            return this;
+        }
+        public Permission HasPermission(string role, string resource)
+        {
+            if (!Roles.ContainsKey(role))
+                throw new KeyNotFoundException();
+            if (!Resources.ContainsKey(resource))
+                throw new KeyNotFoundException();
+            return Roles[role].RequestPermission(resource);
+        }
+        public ACL GrantPermission(string role, string resource)
+        {
+            if (!Roles.ContainsKey(role))
+                throw new KeyNotFoundException();
+            if (!Resources.ContainsKey(resource))
+                throw new KeyNotFoundException();
+            Roles[role].GivePermission(resource, Permission.Allow);
+            return this;
+        }
+        public ACL DenyPermission(string role, string resource)
+        {
+            if (!Roles.ContainsKey(role))
+                throw new KeyNotFoundException();
+            if (!Resources.ContainsKey(resource))
+                throw new KeyNotFoundException();
+            Roles[role].GivePermission(resource, Permission.Deny);
+            return this;
+        }
+        public ACL ResetPermission(string role, string resource)
+        {
+            if (!Roles.ContainsKey(role))
+                throw new KeyNotFoundException();
+            if (!Resources.ContainsKey(resource))
+                throw new KeyNotFoundException();
+            Roles[role].GivePermission(resource, Permission.None);
+            return this;
+        }
+    }
+    #endregion
+    #region Exceptions
+    /// <summary>
+    /// Thrown when an ACL attempts to add a duplicate role.
+    /// </summary>
+    public class AlreadyContainsRoleException : Exception
+    {
+        protected Role m_role;
+        public Role ErrorRole
+        {
+            get { return m_role; }
+        }
+        public AlreadyContainsRoleException(Role role)
+        {
+            m_role = role;
+        }
+        public override string ToString()
+        {
+            return "This ACL already contains a role called '" + m_role.Name + "'.";
+        }
+    }
+    #endregion
+    #region Roles and Resources
+    /// <summary>
+    /// Does this Role have permission to access a specified Resource?
+    /// </summary>
+    public enum Permission { Deny, None, Allow };
+    /// <summary>
+    /// A role class, for use with Users or Groups
+    /// </summary>
+    public class Role
+    {
+        private string m_name;
+        private Role[] m_parents;
+        private Dictionary<string, Permission> m_resources = new Dictionary<string, Permission>();
+        public string Name
+        {
+            get { return m_name; }
+        }
+        public Permission RequestPermission(string resource)
+        {
+            return RequestPermission(resource, Permission.None);
+        }
+        public Permission RequestPermission(string resource, Permission current)
+        {
+            // Deny permissions always override any others
+            if (current == Permission.Deny)
+                return current;
+            Permission temp = Permission.None;
+            // Pickup non-None permissions
+            if (m_resources.ContainsKey(resource) && m_resources[resource] != Permission.None)
+                temp = m_resources[resource];
+            if (m_parents != null)
+            {
+                foreach (Role parent in m_parents)
+                {
+                    temp = parent.RequestPermission(resource, temp);
+                }
+            }
+            return temp;
+        }
+        public void GivePermission(string resource, Permission perm)
+        {
+            m_resources[resource] = perm;
+        }
+        public Role(string name)
+        {
+            m_name = name;
+            m_parents = null;
+        }
+        public Role(string name, Role[] parents)
+        {
+            m_name = name;
+            m_parents = parents;
+        }
+    }
+    public class Resource
+    {
+        private string m_name;
+        public string Name
+        {
+            get { return m_name; }
+        }
+        public Resource(string name)
+        {
+            m_name = name;
+        }
+    }
+    #endregion
+    #region Tests
+    class ACLTester
+    {
+        public ACLTester()
+        {
+            ACL acl = new ACL();
+            Role Guests = new Role("Guests");
+            acl.AddRole(Guests);
+            Role[] parents = new Role[0];
+            parents[0] = Guests;
+            Role JoeGuest = new Role("JoeGuest", parents);
+            acl.AddRole(JoeGuest);
+            Resource CanBuild = new Resource("CanBuild");
+            acl.AddResource(CanBuild);
+            acl.GrantPermission("Guests", "CanBuild");
+            acl.HasPermission("JoeGuest", "CanBuild");
+        }
+    }
+    #endregion
+}
author	Adam Frisby	2007-10-20 10:44:34 +0000
committer	Adam Frisby	2007-10-20 10:44:34 +0000
commit	6119eaed85b6b77ed2d0dcaa857fe62b973cdff9 (patch)
tree	73262dbe39b2c5387f717a76cc284ed6d264b403 /OpenSim/Framework/General/PolicyManager/ACL.cs
parent	updating windows sqlite binary (diff)
download	opensim-SC_OLD-6119eaed85b6b77ed2d0dcaa857fe62b973cdff9.zip opensim-SC_OLD-6119eaed85b6b77ed2d0dcaa857fe62b973cdff9.tar.gz opensim-SC_OLD-6119eaed85b6b77ed2d0dcaa857fe62b973cdff9.tar.bz2 opensim-SC_OLD-6119eaed85b6b77ed2d0dcaa857fe62b973cdff9.tar.xz

diff --git a/OpenSim/Framework/General/PolicyManager/ACL.cs b/OpenSim/Framework/General/PolicyManager/ACL.cs new file mode 100644 index 0000000..4f357c4 --- /dev/null +++ b/OpenSim/Framework/General/PolicyManager/ACL.cs
@@ -0,0 +1,223 @@
	1	using System;
	2	using System.Collections.Generic;
	3	using System.Text;
	4
	5	namespace OpenSim.Framework.PolicyManager
	6	{
	7	#region ACL Core Class
	8	/// <summary>
	9	/// Access Control List Engine
	10	/// </summary>
	11	public class ACL
	12	{
	13	Dictionary<string, Role> Roles = new Dictionary<string, Role>();
	14	Dictionary<string, Resource> Resources = new Dictionary<string, Resource>();
	15
	16	public ACL AddRole(Role role)
	17	{
	18	if (Roles.ContainsKey(role.Name))
	19	throw new AlreadyContainsRoleException(role);
	20
	21	Roles.Add(role.Name, role);
	22
	23	return this;
	24	}
	25
	26	public ACL AddResource(Resource resource)
	27	{
	28	Resources.Add(resource.Name, resource);
	29
	30	return this;
	31	}
	32
	33	public Permission HasPermission(string role, string resource)
	34	{
	35	if (!Roles.ContainsKey(role))
	36	throw new KeyNotFoundException();
	37
	38	if (!Resources.ContainsKey(resource))
	39	throw new KeyNotFoundException();
	40
	41	return Roles[role].RequestPermission(resource);
	42	}
	43
	44	public ACL GrantPermission(string role, string resource)
	45	{
	46	if (!Roles.ContainsKey(role))
	47	throw new KeyNotFoundException();
	48
	49	if (!Resources.ContainsKey(resource))
	50	throw new KeyNotFoundException();
	51
	52	Roles[role].GivePermission(resource, Permission.Allow);
	53
	54	return this;
	55	}
	56
	57	public ACL DenyPermission(string role, string resource)
	58	{
	59	if (!Roles.ContainsKey(role))
	60	throw new KeyNotFoundException();
	61
	62	if (!Resources.ContainsKey(resource))
	63	throw new KeyNotFoundException();
	64
	65	Roles[role].GivePermission(resource, Permission.Deny);
	66
	67	return this;
	68	}
	69
	70	public ACL ResetPermission(string role, string resource)
	71	{
	72	if (!Roles.ContainsKey(role))
	73	throw new KeyNotFoundException();
	74
	75	if (!Resources.ContainsKey(resource))
	76	throw new KeyNotFoundException();
	77
	78	Roles[role].GivePermission(resource, Permission.None);
	79
	80	return this;
	81	}
	82	}
	83	#endregion
	84
	85	#region Exceptions
	86	/// <summary>
	87	/// Thrown when an ACL attempts to add a duplicate role.
	88	/// </summary>
	89	public class AlreadyContainsRoleException : Exception
	90	{
	91	protected Role m_role;
	92
	93	public Role ErrorRole
	94	{
	95	get { return m_role; }
	96	}
	97
	98	public AlreadyContainsRoleException(Role role)
	99	{
	100	m_role = role;
	101	}
	102
	103	public override string ToString()
	104	{
	105	return "This ACL already contains a role called '" + m_role.Name + "'.";
	106	}
	107	}
	108	#endregion
	109
	110	#region Roles and Resources
	111
	112	/// <summary>
	113	/// Does this Role have permission to access a specified Resource?
	114	/// </summary>
	115	public enum Permission { Deny, None, Allow };
	116
	117	/// <summary>
	118	/// A role class, for use with Users or Groups
	119	/// </summary>
	120	public class Role
	121	{
	122	private string m_name;
	123	private Role[] m_parents;
	124	private Dictionary<string, Permission> m_resources = new Dictionary<string, Permission>();
	125
	126	public string Name
	127	{
	128	get { return m_name; }
	129	}
	130
	131	public Permission RequestPermission(string resource)
	132	{
	133	return RequestPermission(resource, Permission.None);
	134	}
	135
	136	public Permission RequestPermission(string resource, Permission current)
	137	{
	138	// Deny permissions always override any others
	139	if (current == Permission.Deny)
	140	return current;
	141
	142	Permission temp = Permission.None;
	143
	144	// Pickup non-None permissions
	145	if (m_resources.ContainsKey(resource) && m_resources[resource] != Permission.None)
	146	temp = m_resources[resource];
	147
	148	if (m_parents != null)
	149	{
	150	foreach (Role parent in m_parents)
	151	{
	152	temp = parent.RequestPermission(resource, temp);
	153	}
	154	}
	155
	156	return temp;
	157	}
	158
	159	public void GivePermission(string resource, Permission perm)
	160	{
	161	m_resources[resource] = perm;
	162	}
	163
	164	public Role(string name)
	165	{
	166	m_name = name;
	167	m_parents = null;
	168	}
	169
	170	public Role(string name, Role[] parents)
	171	{
	172	m_name = name;
	173	m_parents = parents;
	174	}
	175	}
	176
	177	public class Resource
	178	{
	179	private string m_name;
	180
	181	public string Name
	182	{
	183	get { return m_name; }
	184	}
	185
	186	public Resource(string name)
	187	{
	188	m_name = name;
	189	}
	190	}
	191
	192	#endregion
	193
	194	#region Tests
	195
	196	class ACLTester
	197	{
	198	public ACLTester()
	199	{
	200	ACL acl = new ACL();
	201
	202	Role Guests = new Role("Guests");
	203	acl.AddRole(Guests);
	204
	205	Role[] parents = new Role[0];
	206	parents[0] = Guests;
	207
	208	Role JoeGuest = new Role("JoeGuest", parents);
	209	acl.AddRole(JoeGuest);
	210
	211	Resource CanBuild = new Resource("CanBuild");
	212	acl.AddResource(CanBuild);
	213
	214
	215	acl.GrantPermission("Guests", "CanBuild");
	216
	217	acl.HasPermission("JoeGuest", "CanBuild");
	218
	219	}
	220	}
	221
	222	#endregion
	223	}