diff options
author | Adam Frisby | 2007-10-20 10:44:34 +0000 |
---|---|---|
committer | Adam Frisby | 2007-10-20 10:44:34 +0000 |
commit | 6119eaed85b6b77ed2d0dcaa857fe62b973cdff9 (patch) | |
tree | 73262dbe39b2c5387f717a76cc284ed6d264b403 /OpenSim/Framework/General | |
parent | updating windows sqlite binary (diff) | |
download | opensim-SC_OLD-6119eaed85b6b77ed2d0dcaa857fe62b973cdff9.zip opensim-SC_OLD-6119eaed85b6b77ed2d0dcaa857fe62b973cdff9.tar.gz opensim-SC_OLD-6119eaed85b6b77ed2d0dcaa857fe62b973cdff9.tar.bz2 opensim-SC_OLD-6119eaed85b6b77ed2d0dcaa857fe62b973cdff9.tar.xz |
* Committing new PolicyManager based on an ACL system.
* Unlinked right now, but intent to replace large amounts of the core logic in PermissionManager with it.
Diffstat (limited to 'OpenSim/Framework/General')
-rw-r--r-- | OpenSim/Framework/General/PolicyManager/ACL.cs | 223 |
1 files changed, 223 insertions, 0 deletions
diff --git a/OpenSim/Framework/General/PolicyManager/ACL.cs b/OpenSim/Framework/General/PolicyManager/ACL.cs new file mode 100644 index 0000000..4f357c4 --- /dev/null +++ b/OpenSim/Framework/General/PolicyManager/ACL.cs | |||
@@ -0,0 +1,223 @@ | |||
1 | using System; | ||
2 | using System.Collections.Generic; | ||
3 | using System.Text; | ||
4 | |||
5 | namespace OpenSim.Framework.PolicyManager | ||
6 | { | ||
7 | #region ACL Core Class | ||
8 | /// <summary> | ||
9 | /// Access Control List Engine | ||
10 | /// </summary> | ||
11 | public class ACL | ||
12 | { | ||
13 | Dictionary<string, Role> Roles = new Dictionary<string, Role>(); | ||
14 | Dictionary<string, Resource> Resources = new Dictionary<string, Resource>(); | ||
15 | |||
16 | public ACL AddRole(Role role) | ||
17 | { | ||
18 | if (Roles.ContainsKey(role.Name)) | ||
19 | throw new AlreadyContainsRoleException(role); | ||
20 | |||
21 | Roles.Add(role.Name, role); | ||
22 | |||
23 | return this; | ||
24 | } | ||
25 | |||
26 | public ACL AddResource(Resource resource) | ||
27 | { | ||
28 | Resources.Add(resource.Name, resource); | ||
29 | |||
30 | return this; | ||
31 | } | ||
32 | |||
33 | public Permission HasPermission(string role, string resource) | ||
34 | { | ||
35 | if (!Roles.ContainsKey(role)) | ||
36 | throw new KeyNotFoundException(); | ||
37 | |||
38 | if (!Resources.ContainsKey(resource)) | ||
39 | throw new KeyNotFoundException(); | ||
40 | |||
41 | return Roles[role].RequestPermission(resource); | ||
42 | } | ||
43 | |||
44 | public ACL GrantPermission(string role, string resource) | ||
45 | { | ||
46 | if (!Roles.ContainsKey(role)) | ||
47 | throw new KeyNotFoundException(); | ||
48 | |||
49 | if (!Resources.ContainsKey(resource)) | ||
50 | throw new KeyNotFoundException(); | ||
51 | |||
52 | Roles[role].GivePermission(resource, Permission.Allow); | ||
53 | |||
54 | return this; | ||
55 | } | ||
56 | |||
57 | public ACL DenyPermission(string role, string resource) | ||
58 | { | ||
59 | if (!Roles.ContainsKey(role)) | ||
60 | throw new KeyNotFoundException(); | ||
61 | |||
62 | if (!Resources.ContainsKey(resource)) | ||
63 | throw new KeyNotFoundException(); | ||
64 | |||
65 | Roles[role].GivePermission(resource, Permission.Deny); | ||
66 | |||
67 | return this; | ||
68 | } | ||
69 | |||
70 | public ACL ResetPermission(string role, string resource) | ||
71 | { | ||
72 | if (!Roles.ContainsKey(role)) | ||
73 | throw new KeyNotFoundException(); | ||
74 | |||
75 | if (!Resources.ContainsKey(resource)) | ||
76 | throw new KeyNotFoundException(); | ||
77 | |||
78 | Roles[role].GivePermission(resource, Permission.None); | ||
79 | |||
80 | return this; | ||
81 | } | ||
82 | } | ||
83 | #endregion | ||
84 | |||
85 | #region Exceptions | ||
86 | /// <summary> | ||
87 | /// Thrown when an ACL attempts to add a duplicate role. | ||
88 | /// </summary> | ||
89 | public class AlreadyContainsRoleException : Exception | ||
90 | { | ||
91 | protected Role m_role; | ||
92 | |||
93 | public Role ErrorRole | ||
94 | { | ||
95 | get { return m_role; } | ||
96 | } | ||
97 | |||
98 | public AlreadyContainsRoleException(Role role) | ||
99 | { | ||
100 | m_role = role; | ||
101 | } | ||
102 | |||
103 | public override string ToString() | ||
104 | { | ||
105 | return "This ACL already contains a role called '" + m_role.Name + "'."; | ||
106 | } | ||
107 | } | ||
108 | #endregion | ||
109 | |||
110 | #region Roles and Resources | ||
111 | |||
112 | /// <summary> | ||
113 | /// Does this Role have permission to access a specified Resource? | ||
114 | /// </summary> | ||
115 | public enum Permission { Deny, None, Allow }; | ||
116 | |||
117 | /// <summary> | ||
118 | /// A role class, for use with Users or Groups | ||
119 | /// </summary> | ||
120 | public class Role | ||
121 | { | ||
122 | private string m_name; | ||
123 | private Role[] m_parents; | ||
124 | private Dictionary<string, Permission> m_resources = new Dictionary<string, Permission>(); | ||
125 | |||
126 | public string Name | ||
127 | { | ||
128 | get { return m_name; } | ||
129 | } | ||
130 | |||
131 | public Permission RequestPermission(string resource) | ||
132 | { | ||
133 | return RequestPermission(resource, Permission.None); | ||
134 | } | ||
135 | |||
136 | public Permission RequestPermission(string resource, Permission current) | ||
137 | { | ||
138 | // Deny permissions always override any others | ||
139 | if (current == Permission.Deny) | ||
140 | return current; | ||
141 | |||
142 | Permission temp = Permission.None; | ||
143 | |||
144 | // Pickup non-None permissions | ||
145 | if (m_resources.ContainsKey(resource) && m_resources[resource] != Permission.None) | ||
146 | temp = m_resources[resource]; | ||
147 | |||
148 | if (m_parents != null) | ||
149 | { | ||
150 | foreach (Role parent in m_parents) | ||
151 | { | ||
152 | temp = parent.RequestPermission(resource, temp); | ||
153 | } | ||
154 | } | ||
155 | |||
156 | return temp; | ||
157 | } | ||
158 | |||
159 | public void GivePermission(string resource, Permission perm) | ||
160 | { | ||
161 | m_resources[resource] = perm; | ||
162 | } | ||
163 | |||
164 | public Role(string name) | ||
165 | { | ||
166 | m_name = name; | ||
167 | m_parents = null; | ||
168 | } | ||
169 | |||
170 | public Role(string name, Role[] parents) | ||
171 | { | ||
172 | m_name = name; | ||
173 | m_parents = parents; | ||
174 | } | ||
175 | } | ||
176 | |||
177 | public class Resource | ||
178 | { | ||
179 | private string m_name; | ||
180 | |||
181 | public string Name | ||
182 | { | ||
183 | get { return m_name; } | ||
184 | } | ||
185 | |||
186 | public Resource(string name) | ||
187 | { | ||
188 | m_name = name; | ||
189 | } | ||
190 | } | ||
191 | |||
192 | #endregion | ||
193 | |||
194 | #region Tests | ||
195 | |||
196 | class ACLTester | ||
197 | { | ||
198 | public ACLTester() | ||
199 | { | ||
200 | ACL acl = new ACL(); | ||
201 | |||
202 | Role Guests = new Role("Guests"); | ||
203 | acl.AddRole(Guests); | ||
204 | |||
205 | Role[] parents = new Role[0]; | ||
206 | parents[0] = Guests; | ||
207 | |||
208 | Role JoeGuest = new Role("JoeGuest", parents); | ||
209 | acl.AddRole(JoeGuest); | ||
210 | |||
211 | Resource CanBuild = new Resource("CanBuild"); | ||
212 | acl.AddResource(CanBuild); | ||
213 | |||
214 | |||
215 | acl.GrantPermission("Guests", "CanBuild"); | ||
216 | |||
217 | acl.HasPermission("JoeGuest", "CanBuild"); | ||
218 | |||
219 | } | ||
220 | } | ||
221 | |||
222 | #endregion | ||
223 | } | ||