* Committing new PolicyManager based on an ACL system.

* Unlinked right now, but intent to replace large amounts of the core logic in PermissionManager with it.
author: Adam Frisby 2007-10-20 10:44:34 +0000
committer: Adam Frisby 2007-10-20 10:44:34 +0000
commit: 6119eaed85b6b77ed2d0dcaa857fe62b973cdff9 (patch)
tree: 73262dbe39b2c5387f717a76cc284ed6d264b403 /OpenSim
parent: updating windows sqlite binary (diff)
download: opensim-SC_OLD-6119eaed85b6b77ed2d0dcaa857fe62b973cdff9.zip
opensim-SC_OLD-6119eaed85b6b77ed2d0dcaa857fe62b973cdff9.tar.gz
opensim-SC_OLD-6119eaed85b6b77ed2d0dcaa857fe62b973cdff9.tar.bz2
opensim-SC_OLD-6119eaed85b6b77ed2d0dcaa857fe62b973cdff9.tar.xz
2 files changed, 224 insertions, 1 deletions
diff --git a/OpenSim/Framework/General/PolicyManager/ACL.cs b/OpenSim/Framework/General/PolicyManager/ACL.cs
new file mode 100644
index 0000000..4f357c4
--- /dev/null
+++ b/OpenSim/Framework/General/PolicyManager/ACL.cs
@@ -0,0 +1,223 @@
+using System;
+using System.Collections.Generic;
+using System.Text;
+namespace OpenSim.Framework.PolicyManager
+{
+    #region ACL Core Class
+    /// <summary>
+    /// Access Control List Engine
+    /// </summary>
+    public class ACL
+    {
+        Dictionary<string, Role> Roles = new Dictionary<string, Role>();
+        Dictionary<string, Resource> Resources = new Dictionary<string, Resource>();
+        public ACL AddRole(Role role)
+        {
+            if (Roles.ContainsKey(role.Name))
+                throw new AlreadyContainsRoleException(role);
+            Roles.Add(role.Name, role);
+            return this;
+        }
+        public ACL AddResource(Resource resource)
+        {
+            Resources.Add(resource.Name, resource);
+            return this;
+        }
+        public Permission HasPermission(string role, string resource)
+        {
+            if (!Roles.ContainsKey(role))
+                throw new KeyNotFoundException();
+            if (!Resources.ContainsKey(resource))
+                throw new KeyNotFoundException();
+            return Roles[role].RequestPermission(resource);
+        }
+        public ACL GrantPermission(string role, string resource)
+        {
+            if (!Roles.ContainsKey(role))
+                throw new KeyNotFoundException();
+            if (!Resources.ContainsKey(resource))
+                throw new KeyNotFoundException();
+            Roles[role].GivePermission(resource, Permission.Allow);
+            return this;
+        }
+        public ACL DenyPermission(string role, string resource)
+        {
+            if (!Roles.ContainsKey(role))
+                throw new KeyNotFoundException();
+            if (!Resources.ContainsKey(resource))
+                throw new KeyNotFoundException();
+            Roles[role].GivePermission(resource, Permission.Deny);
+            return this;
+        }
+        public ACL ResetPermission(string role, string resource)
+        {
+            if (!Roles.ContainsKey(role))
+                throw new KeyNotFoundException();
+            if (!Resources.ContainsKey(resource))
+                throw new KeyNotFoundException();
+            Roles[role].GivePermission(resource, Permission.None);
+            return this;
+        }
+    }
+    #endregion
+    #region Exceptions
+    /// <summary>
+    /// Thrown when an ACL attempts to add a duplicate role.
+    /// </summary>
+    public class AlreadyContainsRoleException : Exception
+    {
+        protected Role m_role;
+        public Role ErrorRole
+        {
+            get { return m_role; }
+        }
+        public AlreadyContainsRoleException(Role role)
+        {
+            m_role = role;
+        }
+        public override string ToString()
+        {
+            return "This ACL already contains a role called '" + m_role.Name + "'.";
+        }
+    }
+    #endregion
+    #region Roles and Resources
+    /// <summary>
+    /// Does this Role have permission to access a specified Resource?
+    /// </summary>
+    public enum Permission { Deny, None, Allow };
+    /// <summary>
+    /// A role class, for use with Users or Groups
+    /// </summary>
+    public class Role
+    {
+        private string m_name;
+        private Role[] m_parents;
+        private Dictionary<string, Permission> m_resources = new Dictionary<string, Permission>();
+        public string Name
+        {
+            get { return m_name; }
+        }
+        public Permission RequestPermission(string resource)
+        {
+            return RequestPermission(resource, Permission.None);
+        }
+        public Permission RequestPermission(string resource, Permission current)
+        {
+            // Deny permissions always override any others
+            if (current == Permission.Deny)
+                return current;
+            Permission temp = Permission.None;
+            // Pickup non-None permissions
+            if (m_resources.ContainsKey(resource) && m_resources[resource] != Permission.None)
+                temp = m_resources[resource];
+            if (m_parents != null)
+            {
+                foreach (Role parent in m_parents)
+                {
+                    temp = parent.RequestPermission(resource, temp);
+                }
+            }
+            return temp;
+        }
+        public void GivePermission(string resource, Permission perm)
+        {
+            m_resources[resource] = perm;
+        }
+        public Role(string name)
+        {
+            m_name = name;
+            m_parents = null;
+        }
+        public Role(string name, Role[] parents)
+        {
+            m_name = name;
+            m_parents = parents;
+        }
+    }
+    public class Resource
+    {
+        private string m_name;
+        public string Name
+        {
+            get { return m_name; }
+        }
+        public Resource(string name)
+        {
+            m_name = name;
+        }
+    }
+    #endregion
+    #region Tests
+    class ACLTester
+    {
+        public ACLTester()
+        {
+            ACL acl = new ACL();
+            Role Guests = new Role("Guests");
+            acl.AddRole(Guests);
+            Role[] parents = new Role[0];
+            parents[0] = Guests;
+            Role JoeGuest = new Role("JoeGuest", parents);
+            acl.AddRole(JoeGuest);
+            Resource CanBuild = new Resource("CanBuild");
+            acl.AddResource(CanBuild);
+            acl.GrantPermission("Guests", "CanBuild");
+            acl.HasPermission("JoeGuest", "CanBuild");
+        }
+    }
+    #endregion
+}
diff --git a/OpenSim/Region/Environment/PermissionManager.cs b/OpenSim/Region/Environment/PermissionManager.cs
index d32ac0b..c856d57 100644
--- a/OpenSim/Region/Environment/PermissionManager.cs
+++ b/OpenSim/Region/Environment/PermissionManager.cs
@@ -28,7 +28,7 @@
 using libsecondlife;
 using OpenSim.Region.Environment.LandManagement;
-using OpenSim.Region.Environment.Scenes;
+using OpenSim.Region.Environment.Scenes;
 namespace OpenSim.Region.Environment
 {
author	Adam Frisby	2007-10-20 10:44:34 +0000
committer	Adam Frisby	2007-10-20 10:44:34 +0000
commit	6119eaed85b6b77ed2d0dcaa857fe62b973cdff9 (patch)
tree	73262dbe39b2c5387f717a76cc284ed6d264b403 /OpenSim
parent	updating windows sqlite binary (diff)
download	opensim-SC_OLD-6119eaed85b6b77ed2d0dcaa857fe62b973cdff9.zip opensim-SC_OLD-6119eaed85b6b77ed2d0dcaa857fe62b973cdff9.tar.gz opensim-SC_OLD-6119eaed85b6b77ed2d0dcaa857fe62b973cdff9.tar.bz2 opensim-SC_OLD-6119eaed85b6b77ed2d0dcaa857fe62b973cdff9.tar.xz

diff --git a/OpenSim/Framework/General/PolicyManager/ACL.cs b/OpenSim/Framework/General/PolicyManager/ACL.cs new file mode 100644 index 0000000..4f357c4 --- /dev/null +++ b/OpenSim/Framework/General/PolicyManager/ACL.cs
@@ -0,0 +1,223 @@
		1	using System;
		2	using System.Collections.Generic;
		3	using System.Text;
		4
		5	namespace OpenSim.Framework.PolicyManager
		6	{
		7	#region ACL Core Class
		8	/// <summary>
		9	/// Access Control List Engine
		10	/// </summary>
		11	public class ACL
		12	{
		13	Dictionary<string, Role> Roles = new Dictionary<string, Role>();
		14	Dictionary<string, Resource> Resources = new Dictionary<string, Resource>();
		15
		16	public ACL AddRole(Role role)
		17	{
		18	if (Roles.ContainsKey(role.Name))
		19	throw new AlreadyContainsRoleException(role);
		20
		21	Roles.Add(role.Name, role);
		22
		23	return this;
		24	}
		25
		26	public ACL AddResource(Resource resource)
		27	{
		28	Resources.Add(resource.Name, resource);
		29
		30	return this;
		31	}
		32
		33	public Permission HasPermission(string role, string resource)
		34	{
		35	if (!Roles.ContainsKey(role))
		36	throw new KeyNotFoundException();
		37
		38	if (!Resources.ContainsKey(resource))
		39	throw new KeyNotFoundException();
		40
		41	return Roles[role].RequestPermission(resource);
		42	}
		43
		44	public ACL GrantPermission(string role, string resource)
		45	{
		46	if (!Roles.ContainsKey(role))
		47	throw new KeyNotFoundException();
		48
		49	if (!Resources.ContainsKey(resource))
		50	throw new KeyNotFoundException();
		51
		52	Roles[role].GivePermission(resource, Permission.Allow);
		53
		54	return this;
		55	}
		56
		57	public ACL DenyPermission(string role, string resource)
		58	{
		59	if (!Roles.ContainsKey(role))
		60	throw new KeyNotFoundException();
		61
		62	if (!Resources.ContainsKey(resource))
		63	throw new KeyNotFoundException();
		64
		65	Roles[role].GivePermission(resource, Permission.Deny);
		66
		67	return this;
		68	}
		69
		70	public ACL ResetPermission(string role, string resource)
		71	{
		72	if (!Roles.ContainsKey(role))
		73	throw new KeyNotFoundException();
		74
		75	if (!Resources.ContainsKey(resource))
		76	throw new KeyNotFoundException();
		77
		78	Roles[role].GivePermission(resource, Permission.None);
		79
		80	return this;
		81	}
		82	}
		83	#endregion
		84
		85	#region Exceptions
		86	/// <summary>
		87	/// Thrown when an ACL attempts to add a duplicate role.
		88	/// </summary>
		89	public class AlreadyContainsRoleException : Exception
		90	{
		91	protected Role m_role;
		92
		93	public Role ErrorRole
		94	{
		95	get { return m_role; }
		96	}
		97
		98	public AlreadyContainsRoleException(Role role)
		99	{
		100	m_role = role;
		101	}
		102
		103	public override string ToString()
		104	{
		105	return "This ACL already contains a role called '" + m_role.Name + "'.";
		106	}
		107	}
		108	#endregion
		109
		110	#region Roles and Resources
		111
		112	/// <summary>
		113	/// Does this Role have permission to access a specified Resource?
		114	/// </summary>
		115	public enum Permission { Deny, None, Allow };
		116
		117	/// <summary>
		118	/// A role class, for use with Users or Groups
		119	/// </summary>
		120	public class Role
		121	{
		122	private string m_name;
		123	private Role[] m_parents;
		124	private Dictionary<string, Permission> m_resources = new Dictionary<string, Permission>();
		125
		126	public string Name
		127	{
		128	get { return m_name; }
		129	}
		130
		131	public Permission RequestPermission(string resource)
		132	{
		133	return RequestPermission(resource, Permission.None);
		134	}
		135
		136	public Permission RequestPermission(string resource, Permission current)
		137	{
		138	// Deny permissions always override any others
		139	if (current == Permission.Deny)
		140	return current;
		141
		142	Permission temp = Permission.None;
		143
		144	// Pickup non-None permissions
		145	if (m_resources.ContainsKey(resource) && m_resources[resource] != Permission.None)
		146	temp = m_resources[resource];
		147
		148	if (m_parents != null)
		149	{
		150	foreach (Role parent in m_parents)
		151	{
		152	temp = parent.RequestPermission(resource, temp);
		153	}
		154	}
		155
		156	return temp;
		157	}
		158
		159	public void GivePermission(string resource, Permission perm)
		160	{
		161	m_resources[resource] = perm;
		162	}
		163
		164	public Role(string name)
		165	{
		166	m_name = name;
		167	m_parents = null;
		168	}
		169
		170	public Role(string name, Role[] parents)
		171	{
		172	m_name = name;
		173	m_parents = parents;
		174	}
		175	}
		176
		177	public class Resource
		178	{
		179	private string m_name;
		180
		181	public string Name
		182	{
		183	get { return m_name; }
		184	}
		185
		186	public Resource(string name)
		187	{
		188	m_name = name;
		189	}
		190	}
		191
		192	#endregion
		193
		194	#region Tests
		195
		196	class ACLTester
		197	{
		198	public ACLTester()
		199	{
		200	ACL acl = new ACL();
		201
		202	Role Guests = new Role("Guests");
		203	acl.AddRole(Guests);
		204
		205	Role[] parents = new Role[0];
		206	parents[0] = Guests;
		207
		208	Role JoeGuest = new Role("JoeGuest", parents);
		209	acl.AddRole(JoeGuest);
		210
		211	Resource CanBuild = new Resource("CanBuild");
		212	acl.AddResource(CanBuild);
		213
		214
		215	acl.GrantPermission("Guests", "CanBuild");
		216
		217	acl.HasPermission("JoeGuest", "CanBuild");
		218
		219	}
		220	}
		221
		222	#endregion
		223	}


diff --git a/OpenSim/Region/Environment/PermissionManager.cs b/OpenSim/Region/Environment/PermissionManager.cs index d32ac0b..c856d57 100644 --- a/OpenSim/Region/Environment/PermissionManager.cs +++ b/OpenSim/Region/Environment/PermissionManager.cs
@@ -28,7 +28,7 @@
28		28
29	using libsecondlife;	29	using libsecondlife;
30	using OpenSim.Region.Environment.LandManagement;	30	using OpenSim.Region.Environment.LandManagement;
31	using OpenSim.Region.Environment.Scenes;	31	using OpenSim.Region.Environment.Scenes;
32		32
33	namespace OpenSim.Region.Environment	33	namespace OpenSim.Region.Environment
34	{	34	{