aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/OpenSim/Framework/General/PolicyManager
diff options
context:
space:
mode:
authorAdam Frisby2007-10-20 10:44:34 +0000
committerAdam Frisby2007-10-20 10:44:34 +0000
commit6119eaed85b6b77ed2d0dcaa857fe62b973cdff9 (patch)
tree73262dbe39b2c5387f717a76cc284ed6d264b403 /OpenSim/Framework/General/PolicyManager
parentupdating windows sqlite binary (diff)
downloadopensim-SC_OLD-6119eaed85b6b77ed2d0dcaa857fe62b973cdff9.zip
opensim-SC_OLD-6119eaed85b6b77ed2d0dcaa857fe62b973cdff9.tar.gz
opensim-SC_OLD-6119eaed85b6b77ed2d0dcaa857fe62b973cdff9.tar.bz2
opensim-SC_OLD-6119eaed85b6b77ed2d0dcaa857fe62b973cdff9.tar.xz
* Committing new PolicyManager based on an ACL system.
* Unlinked right now, but intent to replace large amounts of the core logic in PermissionManager with it.
Diffstat (limited to 'OpenSim/Framework/General/PolicyManager')
-rw-r--r--OpenSim/Framework/General/PolicyManager/ACL.cs223
1 files changed, 223 insertions, 0 deletions
diff --git a/OpenSim/Framework/General/PolicyManager/ACL.cs b/OpenSim/Framework/General/PolicyManager/ACL.cs
new file mode 100644
index 0000000..4f357c4
--- /dev/null
+++ b/OpenSim/Framework/General/PolicyManager/ACL.cs
@@ -0,0 +1,223 @@
1using System;
2using System.Collections.Generic;
3using System.Text;
4
5namespace OpenSim.Framework.PolicyManager
6{
7 #region ACL Core Class
8 /// <summary>
9 /// Access Control List Engine
10 /// </summary>
11 public class ACL
12 {
13 Dictionary<string, Role> Roles = new Dictionary<string, Role>();
14 Dictionary<string, Resource> Resources = new Dictionary<string, Resource>();
15
16 public ACL AddRole(Role role)
17 {
18 if (Roles.ContainsKey(role.Name))
19 throw new AlreadyContainsRoleException(role);
20
21 Roles.Add(role.Name, role);
22
23 return this;
24 }
25
26 public ACL AddResource(Resource resource)
27 {
28 Resources.Add(resource.Name, resource);
29
30 return this;
31 }
32
33 public Permission HasPermission(string role, string resource)
34 {
35 if (!Roles.ContainsKey(role))
36 throw new KeyNotFoundException();
37
38 if (!Resources.ContainsKey(resource))
39 throw new KeyNotFoundException();
40
41 return Roles[role].RequestPermission(resource);
42 }
43
44 public ACL GrantPermission(string role, string resource)
45 {
46 if (!Roles.ContainsKey(role))
47 throw new KeyNotFoundException();
48
49 if (!Resources.ContainsKey(resource))
50 throw new KeyNotFoundException();
51
52 Roles[role].GivePermission(resource, Permission.Allow);
53
54 return this;
55 }
56
57 public ACL DenyPermission(string role, string resource)
58 {
59 if (!Roles.ContainsKey(role))
60 throw new KeyNotFoundException();
61
62 if (!Resources.ContainsKey(resource))
63 throw new KeyNotFoundException();
64
65 Roles[role].GivePermission(resource, Permission.Deny);
66
67 return this;
68 }
69
70 public ACL ResetPermission(string role, string resource)
71 {
72 if (!Roles.ContainsKey(role))
73 throw new KeyNotFoundException();
74
75 if (!Resources.ContainsKey(resource))
76 throw new KeyNotFoundException();
77
78 Roles[role].GivePermission(resource, Permission.None);
79
80 return this;
81 }
82 }
83 #endregion
84
85 #region Exceptions
86 /// <summary>
87 /// Thrown when an ACL attempts to add a duplicate role.
88 /// </summary>
89 public class AlreadyContainsRoleException : Exception
90 {
91 protected Role m_role;
92
93 public Role ErrorRole
94 {
95 get { return m_role; }
96 }
97
98 public AlreadyContainsRoleException(Role role)
99 {
100 m_role = role;
101 }
102
103 public override string ToString()
104 {
105 return "This ACL already contains a role called '" + m_role.Name + "'.";
106 }
107 }
108 #endregion
109
110 #region Roles and Resources
111
112 /// <summary>
113 /// Does this Role have permission to access a specified Resource?
114 /// </summary>
115 public enum Permission { Deny, None, Allow };
116
117 /// <summary>
118 /// A role class, for use with Users or Groups
119 /// </summary>
120 public class Role
121 {
122 private string m_name;
123 private Role[] m_parents;
124 private Dictionary<string, Permission> m_resources = new Dictionary<string, Permission>();
125
126 public string Name
127 {
128 get { return m_name; }
129 }
130
131 public Permission RequestPermission(string resource)
132 {
133 return RequestPermission(resource, Permission.None);
134 }
135
136 public Permission RequestPermission(string resource, Permission current)
137 {
138 // Deny permissions always override any others
139 if (current == Permission.Deny)
140 return current;
141
142 Permission temp = Permission.None;
143
144 // Pickup non-None permissions
145 if (m_resources.ContainsKey(resource) && m_resources[resource] != Permission.None)
146 temp = m_resources[resource];
147
148 if (m_parents != null)
149 {
150 foreach (Role parent in m_parents)
151 {
152 temp = parent.RequestPermission(resource, temp);
153 }
154 }
155
156 return temp;
157 }
158
159 public void GivePermission(string resource, Permission perm)
160 {
161 m_resources[resource] = perm;
162 }
163
164 public Role(string name)
165 {
166 m_name = name;
167 m_parents = null;
168 }
169
170 public Role(string name, Role[] parents)
171 {
172 m_name = name;
173 m_parents = parents;
174 }
175 }
176
177 public class Resource
178 {
179 private string m_name;
180
181 public string Name
182 {
183 get { return m_name; }
184 }
185
186 public Resource(string name)
187 {
188 m_name = name;
189 }
190 }
191
192 #endregion
193
194 #region Tests
195
196 class ACLTester
197 {
198 public ACLTester()
199 {
200 ACL acl = new ACL();
201
202 Role Guests = new Role("Guests");
203 acl.AddRole(Guests);
204
205 Role[] parents = new Role[0];
206 parents[0] = Guests;
207
208 Role JoeGuest = new Role("JoeGuest", parents);
209 acl.AddRole(JoeGuest);
210
211 Resource CanBuild = new Resource("CanBuild");
212 acl.AddResource(CanBuild);
213
214
215 acl.GrantPermission("Guests", "CanBuild");
216
217 acl.HasPermission("JoeGuest", "CanBuild");
218
219 }
220 }
221
222 #endregion
223}