diff options
Diffstat (limited to 'OpenSim/Framework/General/PolicyManager/ACL.cs')
-rw-r--r-- | OpenSim/Framework/General/PolicyManager/ACL.cs | 514 |
1 files changed, 257 insertions, 257 deletions
diff --git a/OpenSim/Framework/General/PolicyManager/ACL.cs b/OpenSim/Framework/General/PolicyManager/ACL.cs index 8dffe7b..b6f2966 100644 --- a/OpenSim/Framework/General/PolicyManager/ACL.cs +++ b/OpenSim/Framework/General/PolicyManager/ACL.cs | |||
@@ -1,257 +1,257 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (c) Contributors, http://opensimulator.org/ | 2 | * Copyright (c) Contributors, http://opensimulator.org/ |
3 | * See CONTRIBUTORS.TXT for a full list of copyright holders. | 3 | * See CONTRIBUTORS.TXT for a full list of copyright holders. |
4 | * | 4 | * |
5 | * Redistribution and use in source and binary forms, with or without | 5 | * Redistribution and use in source and binary forms, with or without |
6 | * modification, are permitted provided that the following conditions are met: | 6 | * modification, are permitted provided that the following conditions are met: |
7 | * * Redistributions of source code must retain the above copyright | 7 | * * Redistributions of source code must retain the above copyright |
8 | * notice, this list of conditions and the following disclaimer. | 8 | * notice, this list of conditions and the following disclaimer. |
9 | * * Redistributions in binary form must reproduce the above copyright | 9 | * * Redistributions in binary form must reproduce the above copyright |
10 | * notice, this list of conditions and the following disclaimer in the | 10 | * notice, this list of conditions and the following disclaimer in the |
11 | * documentation and/or other materials provided with the distribution. | 11 | * documentation and/or other materials provided with the distribution. |
12 | * * Neither the name of the OpenSim Project nor the | 12 | * * Neither the name of the OpenSim Project nor the |
13 | * names of its contributors may be used to endorse or promote products | 13 | * names of its contributors may be used to endorse or promote products |
14 | * derived from this software without specific prior written permission. | 14 | * derived from this software without specific prior written permission. |
15 | * | 15 | * |
16 | * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS AS IS AND ANY | 16 | * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS AS IS AND ANY |
17 | * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | 17 | * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
18 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | 18 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE |
19 | * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY | 19 | * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY |
20 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES | 20 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES |
21 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | 21 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
22 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND | 22 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND |
23 | * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | 23 | * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
24 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS | 24 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS |
25 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 25 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
26 | * | 26 | * |
27 | */ | 27 | */ |
28 | using System; | 28 | using System; |
29 | using System.Collections.Generic; | 29 | using System.Collections.Generic; |
30 | using System.Text; | 30 | using System.Text; |
31 | 31 | ||
32 | namespace OpenSim.Framework.PolicyManager | 32 | namespace OpenSim.Framework.PolicyManager |
33 | { | 33 | { |
34 | // ACL Class | 34 | // ACL Class |
35 | // Modelled after the structure of the Zend ACL Framework Library | 35 | // Modelled after the structure of the Zend ACL Framework Library |
36 | // with one key difference - the tree will search for all matching | 36 | // with one key difference - the tree will search for all matching |
37 | // permissions rather than just the first. Deny permissions will | 37 | // permissions rather than just the first. Deny permissions will |
38 | // override all others. | 38 | // override all others. |
39 | 39 | ||
40 | 40 | ||
41 | #region ACL Core Class | 41 | #region ACL Core Class |
42 | /// <summary> | 42 | /// <summary> |
43 | /// Access Control List Engine | 43 | /// Access Control List Engine |
44 | /// </summary> | 44 | /// </summary> |
45 | public class ACL | 45 | public class ACL |
46 | { | 46 | { |
47 | Dictionary<string, Role> Roles = new Dictionary<string, Role>(); | 47 | Dictionary<string, Role> Roles = new Dictionary<string, Role>(); |
48 | Dictionary<string, Resource> Resources = new Dictionary<string, Resource>(); | 48 | Dictionary<string, Resource> Resources = new Dictionary<string, Resource>(); |
49 | 49 | ||
50 | public ACL AddRole(Role role) | 50 | public ACL AddRole(Role role) |
51 | { | 51 | { |
52 | if (Roles.ContainsKey(role.Name)) | 52 | if (Roles.ContainsKey(role.Name)) |
53 | throw new AlreadyContainsRoleException(role); | 53 | throw new AlreadyContainsRoleException(role); |
54 | 54 | ||
55 | Roles.Add(role.Name, role); | 55 | Roles.Add(role.Name, role); |
56 | 56 | ||
57 | return this; | 57 | return this; |
58 | } | 58 | } |
59 | 59 | ||
60 | public ACL AddResource(Resource resource) | 60 | public ACL AddResource(Resource resource) |
61 | { | 61 | { |
62 | Resources.Add(resource.Name, resource); | 62 | Resources.Add(resource.Name, resource); |
63 | 63 | ||
64 | return this; | 64 | return this; |
65 | } | 65 | } |
66 | 66 | ||
67 | public Permission HasPermission(string role, string resource) | 67 | public Permission HasPermission(string role, string resource) |
68 | { | 68 | { |
69 | if (!Roles.ContainsKey(role)) | 69 | if (!Roles.ContainsKey(role)) |
70 | throw new KeyNotFoundException(); | 70 | throw new KeyNotFoundException(); |
71 | 71 | ||
72 | if (!Resources.ContainsKey(resource)) | 72 | if (!Resources.ContainsKey(resource)) |
73 | throw new KeyNotFoundException(); | 73 | throw new KeyNotFoundException(); |
74 | 74 | ||
75 | return Roles[role].RequestPermission(resource); | 75 | return Roles[role].RequestPermission(resource); |
76 | } | 76 | } |
77 | 77 | ||
78 | public ACL GrantPermission(string role, string resource) | 78 | public ACL GrantPermission(string role, string resource) |
79 | { | 79 | { |
80 | if (!Roles.ContainsKey(role)) | 80 | if (!Roles.ContainsKey(role)) |
81 | throw new KeyNotFoundException(); | 81 | throw new KeyNotFoundException(); |
82 | 82 | ||
83 | if (!Resources.ContainsKey(resource)) | 83 | if (!Resources.ContainsKey(resource)) |
84 | throw new KeyNotFoundException(); | 84 | throw new KeyNotFoundException(); |
85 | 85 | ||
86 | Roles[role].GivePermission(resource, Permission.Allow); | 86 | Roles[role].GivePermission(resource, Permission.Allow); |
87 | 87 | ||
88 | return this; | 88 | return this; |
89 | } | 89 | } |
90 | 90 | ||
91 | public ACL DenyPermission(string role, string resource) | 91 | public ACL DenyPermission(string role, string resource) |
92 | { | 92 | { |
93 | if (!Roles.ContainsKey(role)) | 93 | if (!Roles.ContainsKey(role)) |
94 | throw new KeyNotFoundException(); | 94 | throw new KeyNotFoundException(); |
95 | 95 | ||
96 | if (!Resources.ContainsKey(resource)) | 96 | if (!Resources.ContainsKey(resource)) |
97 | throw new KeyNotFoundException(); | 97 | throw new KeyNotFoundException(); |
98 | 98 | ||
99 | Roles[role].GivePermission(resource, Permission.Deny); | 99 | Roles[role].GivePermission(resource, Permission.Deny); |
100 | 100 | ||
101 | return this; | 101 | return this; |
102 | } | 102 | } |
103 | 103 | ||
104 | public ACL ResetPermission(string role, string resource) | 104 | public ACL ResetPermission(string role, string resource) |
105 | { | 105 | { |
106 | if (!Roles.ContainsKey(role)) | 106 | if (!Roles.ContainsKey(role)) |
107 | throw new KeyNotFoundException(); | 107 | throw new KeyNotFoundException(); |
108 | 108 | ||
109 | if (!Resources.ContainsKey(resource)) | 109 | if (!Resources.ContainsKey(resource)) |
110 | throw new KeyNotFoundException(); | 110 | throw new KeyNotFoundException(); |
111 | 111 | ||
112 | Roles[role].GivePermission(resource, Permission.None); | 112 | Roles[role].GivePermission(resource, Permission.None); |
113 | 113 | ||
114 | return this; | 114 | return this; |
115 | } | 115 | } |
116 | } | 116 | } |
117 | #endregion | 117 | #endregion |
118 | 118 | ||
119 | #region Exceptions | 119 | #region Exceptions |
120 | /// <summary> | 120 | /// <summary> |
121 | /// Thrown when an ACL attempts to add a duplicate role. | 121 | /// Thrown when an ACL attempts to add a duplicate role. |
122 | /// </summary> | 122 | /// </summary> |
123 | public class AlreadyContainsRoleException : Exception | 123 | public class AlreadyContainsRoleException : Exception |
124 | { | 124 | { |
125 | protected Role m_role; | 125 | protected Role m_role; |
126 | 126 | ||
127 | public Role ErrorRole | 127 | public Role ErrorRole |
128 | { | 128 | { |
129 | get { return m_role; } | 129 | get { return m_role; } |
130 | } | 130 | } |
131 | 131 | ||
132 | public AlreadyContainsRoleException(Role role) | 132 | public AlreadyContainsRoleException(Role role) |
133 | { | 133 | { |
134 | m_role = role; | 134 | m_role = role; |
135 | } | 135 | } |
136 | 136 | ||
137 | public override string ToString() | 137 | public override string ToString() |
138 | { | 138 | { |
139 | return "This ACL already contains a role called '" + m_role.Name + "'."; | 139 | return "This ACL already contains a role called '" + m_role.Name + "'."; |
140 | } | 140 | } |
141 | } | 141 | } |
142 | #endregion | 142 | #endregion |
143 | 143 | ||
144 | #region Roles and Resources | 144 | #region Roles and Resources |
145 | 145 | ||
146 | /// <summary> | 146 | /// <summary> |
147 | /// Does this Role have permission to access a specified Resource? | 147 | /// Does this Role have permission to access a specified Resource? |
148 | /// </summary> | 148 | /// </summary> |
149 | public enum Permission { Deny, None, Allow }; | 149 | public enum Permission { Deny, None, Allow }; |
150 | 150 | ||
151 | /// <summary> | 151 | /// <summary> |
152 | /// A role class, for use with Users or Groups | 152 | /// A role class, for use with Users or Groups |
153 | /// </summary> | 153 | /// </summary> |
154 | public class Role | 154 | public class Role |
155 | { | 155 | { |
156 | private string m_name; | 156 | private string m_name; |
157 | private Role[] m_parents; | 157 | private Role[] m_parents; |
158 | private Dictionary<string, Permission> m_resources = new Dictionary<string, Permission>(); | 158 | private Dictionary<string, Permission> m_resources = new Dictionary<string, Permission>(); |
159 | 159 | ||
160 | public string Name | 160 | public string Name |
161 | { | 161 | { |
162 | get { return m_name; } | 162 | get { return m_name; } |
163 | } | 163 | } |
164 | 164 | ||
165 | public Permission RequestPermission(string resource) | 165 | public Permission RequestPermission(string resource) |
166 | { | 166 | { |
167 | return RequestPermission(resource, Permission.None); | 167 | return RequestPermission(resource, Permission.None); |
168 | } | 168 | } |
169 | 169 | ||
170 | public Permission RequestPermission(string resource, Permission current) | 170 | public Permission RequestPermission(string resource, Permission current) |
171 | { | 171 | { |
172 | // Deny permissions always override any others | 172 | // Deny permissions always override any others |
173 | if (current == Permission.Deny) | 173 | if (current == Permission.Deny) |
174 | return current; | 174 | return current; |
175 | 175 | ||
176 | Permission temp = Permission.None; | 176 | Permission temp = Permission.None; |
177 | 177 | ||
178 | // Pickup non-None permissions | 178 | // Pickup non-None permissions |
179 | if (m_resources.ContainsKey(resource) && m_resources[resource] != Permission.None) | 179 | if (m_resources.ContainsKey(resource) && m_resources[resource] != Permission.None) |
180 | temp = m_resources[resource]; | 180 | temp = m_resources[resource]; |
181 | 181 | ||
182 | if (m_parents != null) | 182 | if (m_parents != null) |
183 | { | 183 | { |
184 | foreach (Role parent in m_parents) | 184 | foreach (Role parent in m_parents) |
185 | { | 185 | { |
186 | temp = parent.RequestPermission(resource, temp); | 186 | temp = parent.RequestPermission(resource, temp); |
187 | } | 187 | } |
188 | } | 188 | } |
189 | 189 | ||
190 | return temp; | 190 | return temp; |
191 | } | 191 | } |
192 | 192 | ||
193 | public void GivePermission(string resource, Permission perm) | 193 | public void GivePermission(string resource, Permission perm) |
194 | { | 194 | { |
195 | m_resources[resource] = perm; | 195 | m_resources[resource] = perm; |
196 | } | 196 | } |
197 | 197 | ||
198 | public Role(string name) | 198 | public Role(string name) |
199 | { | 199 | { |
200 | m_name = name; | 200 | m_name = name; |
201 | m_parents = null; | 201 | m_parents = null; |
202 | } | 202 | } |
203 | 203 | ||
204 | public Role(string name, Role[] parents) | 204 | public Role(string name, Role[] parents) |
205 | { | 205 | { |
206 | m_name = name; | 206 | m_name = name; |
207 | m_parents = parents; | 207 | m_parents = parents; |
208 | } | 208 | } |
209 | } | 209 | } |
210 | 210 | ||
211 | public class Resource | 211 | public class Resource |
212 | { | 212 | { |
213 | private string m_name; | 213 | private string m_name; |
214 | 214 | ||
215 | public string Name | 215 | public string Name |
216 | { | 216 | { |
217 | get { return m_name; } | 217 | get { return m_name; } |
218 | } | 218 | } |
219 | 219 | ||
220 | public Resource(string name) | 220 | public Resource(string name) |
221 | { | 221 | { |
222 | m_name = name; | 222 | m_name = name; |
223 | } | 223 | } |
224 | } | 224 | } |
225 | 225 | ||
226 | #endregion | 226 | #endregion |
227 | 227 | ||
228 | #region Tests | 228 | #region Tests |
229 | 229 | ||
230 | class ACLTester | 230 | class ACLTester |
231 | { | 231 | { |
232 | public ACLTester() | 232 | public ACLTester() |
233 | { | 233 | { |
234 | ACL acl = new ACL(); | 234 | ACL acl = new ACL(); |
235 | 235 | ||
236 | Role Guests = new Role("Guests"); | 236 | Role Guests = new Role("Guests"); |
237 | acl.AddRole(Guests); | 237 | acl.AddRole(Guests); |
238 | 238 | ||
239 | Role[] parents = new Role[0]; | 239 | Role[] parents = new Role[0]; |
240 | parents[0] = Guests; | 240 | parents[0] = Guests; |
241 | 241 | ||
242 | Role JoeGuest = new Role("JoeGuest", parents); | 242 | Role JoeGuest = new Role("JoeGuest", parents); |
243 | acl.AddRole(JoeGuest); | 243 | acl.AddRole(JoeGuest); |
244 | 244 | ||
245 | Resource CanBuild = new Resource("CanBuild"); | 245 | Resource CanBuild = new Resource("CanBuild"); |
246 | acl.AddResource(CanBuild); | 246 | acl.AddResource(CanBuild); |
247 | 247 | ||
248 | 248 | ||
249 | acl.GrantPermission("Guests", "CanBuild"); | 249 | acl.GrantPermission("Guests", "CanBuild"); |
250 | 250 | ||
251 | acl.HasPermission("JoeGuest", "CanBuild"); | 251 | acl.HasPermission("JoeGuest", "CanBuild"); |
252 | 252 | ||
253 | } | 253 | } |
254 | } | 254 | } |
255 | 255 | ||
256 | #endregion | 256 | #endregion |
257 | } | 257 | } |