aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/OpenSim/Framework
diff options
context:
space:
mode:
Diffstat (limited to 'OpenSim/Framework')
-rw-r--r--OpenSim/Framework/General/PolicyManager/ACL.cs480
1 files changed, 257 insertions, 223 deletions
diff --git a/OpenSim/Framework/General/PolicyManager/ACL.cs b/OpenSim/Framework/General/PolicyManager/ACL.cs
index 53c1b2d..8dffe7b 100644
--- a/OpenSim/Framework/General/PolicyManager/ACL.cs
+++ b/OpenSim/Framework/General/PolicyManager/ACL.cs
@@ -1,223 +1,257 @@
1using System; 1/*
2using System.Collections.Generic; 2* Copyright (c) Contributors, http://opensimulator.org/
3using System.Text; 3* See CONTRIBUTORS.TXT for a full list of copyright holders.
4 4*
5namespace OpenSim.Framework.PolicyManager 5* Redistribution and use in source and binary forms, with or without
6{ 6* modification, are permitted provided that the following conditions are met:
7 #region ACL Core Class 7* * Redistributions of source code must retain the above copyright
8 /// <summary> 8* notice, this list of conditions and the following disclaimer.
9 /// Access Control List Engine 9* * Redistributions in binary form must reproduce the above copyright
10 /// </summary> 10* notice, this list of conditions and the following disclaimer in the
11 public class ACL 11* documentation and/or other materials provided with the distribution.
12 { 12* * Neither the name of the OpenSim Project nor the
13 Dictionary<string, Role> Roles = new Dictionary<string, Role>(); 13* names of its contributors may be used to endorse or promote products
14 Dictionary<string, Resource> Resources = new Dictionary<string, Resource>(); 14* derived from this software without specific prior written permission.
15 15*
16 public ACL AddRole(Role role) 16* THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS AS IS AND ANY
17 { 17* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18 if (Roles.ContainsKey(role.Name)) 18* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
19 throw new AlreadyContainsRoleException(role); 19* DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
20 20* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
21 Roles.Add(role.Name, role); 21* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
22 22* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
23 return this; 23* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24 } 24* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
25 25* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 public ACL AddResource(Resource resource) 26*
27 { 27*/
28 Resources.Add(resource.Name, resource); 28using System;
29 29using System.Collections.Generic;
30 return this; 30using System.Text;
31 } 31
32 32namespace OpenSim.Framework.PolicyManager
33 public Permission HasPermission(string role, string resource) 33{
34 { 34 // ACL Class
35 if (!Roles.ContainsKey(role)) 35 // Modelled after the structure of the Zend ACL Framework Library
36 throw new KeyNotFoundException(); 36 // with one key difference - the tree will search for all matching
37 37 // permissions rather than just the first. Deny permissions will
38 if (!Resources.ContainsKey(resource)) 38 // override all others.
39 throw new KeyNotFoundException(); 39
40 40
41 return Roles[role].RequestPermission(resource); 41 #region ACL Core Class
42 } 42 /// <summary>
43 43 /// Access Control List Engine
44 public ACL GrantPermission(string role, string resource) 44 /// </summary>
45 { 45 public class ACL
46 if (!Roles.ContainsKey(role)) 46 {
47 throw new KeyNotFoundException(); 47 Dictionary<string, Role> Roles = new Dictionary<string, Role>();
48 48 Dictionary<string, Resource> Resources = new Dictionary<string, Resource>();
49 if (!Resources.ContainsKey(resource)) 49
50 throw new KeyNotFoundException(); 50 public ACL AddRole(Role role)
51 51 {
52 Roles[role].GivePermission(resource, Permission.Allow); 52 if (Roles.ContainsKey(role.Name))
53 53 throw new AlreadyContainsRoleException(role);
54 return this; 54
55 } 55 Roles.Add(role.Name, role);
56 56
57 public ACL DenyPermission(string role, string resource) 57 return this;
58 { 58 }
59 if (!Roles.ContainsKey(role)) 59
60 throw new KeyNotFoundException(); 60 public ACL AddResource(Resource resource)
61 61 {
62 if (!Resources.ContainsKey(resource)) 62 Resources.Add(resource.Name, resource);
63 throw new KeyNotFoundException(); 63
64 64 return this;
65 Roles[role].GivePermission(resource, Permission.Deny); 65 }
66 66
67 return this; 67 public Permission HasPermission(string role, string resource)
68 } 68 {
69 69 if (!Roles.ContainsKey(role))
70 public ACL ResetPermission(string role, string resource) 70 throw new KeyNotFoundException();
71 { 71
72 if (!Roles.ContainsKey(role)) 72 if (!Resources.ContainsKey(resource))
73 throw new KeyNotFoundException(); 73 throw new KeyNotFoundException();
74 74
75 if (!Resources.ContainsKey(resource)) 75 return Roles[role].RequestPermission(resource);
76 throw new KeyNotFoundException(); 76 }
77 77
78 Roles[role].GivePermission(resource, Permission.None); 78 public ACL GrantPermission(string role, string resource)
79 79 {
80 return this; 80 if (!Roles.ContainsKey(role))
81 } 81 throw new KeyNotFoundException();
82 } 82
83 #endregion 83 if (!Resources.ContainsKey(resource))
84 84 throw new KeyNotFoundException();
85 #region Exceptions 85
86 /// <summary> 86 Roles[role].GivePermission(resource, Permission.Allow);
87 /// Thrown when an ACL attempts to add a duplicate role. 87
88 /// </summary> 88 return this;
89 public class AlreadyContainsRoleException : Exception 89 }
90 { 90
91 protected Role m_role; 91 public ACL DenyPermission(string role, string resource)
92 92 {
93 public Role ErrorRole 93 if (!Roles.ContainsKey(role))
94 { 94 throw new KeyNotFoundException();
95 get { return m_role; } 95
96 } 96 if (!Resources.ContainsKey(resource))
97 97 throw new KeyNotFoundException();
98 public AlreadyContainsRoleException(Role role) 98
99 { 99 Roles[role].GivePermission(resource, Permission.Deny);
100 m_role = role; 100
101 } 101 return this;
102 102 }
103 public override string ToString() 103
104 { 104 public ACL ResetPermission(string role, string resource)
105 return "This ACL already contains a role called '" + m_role.Name + "'."; 105 {
106 } 106 if (!Roles.ContainsKey(role))
107 } 107 throw new KeyNotFoundException();
108 #endregion 108
109 109 if (!Resources.ContainsKey(resource))
110 #region Roles and Resources 110 throw new KeyNotFoundException();
111 111
112 /// <summary> 112 Roles[role].GivePermission(resource, Permission.None);
113 /// Does this Role have permission to access a specified Resource? 113
114 /// </summary> 114 return this;
115 public enum Permission { Deny, None, Allow }; 115 }
116 116 }
117 /// <summary> 117 #endregion
118 /// A role class, for use with Users or Groups 118
119 /// </summary> 119 #region Exceptions
120 public class Role 120 /// <summary>
121 { 121 /// Thrown when an ACL attempts to add a duplicate role.
122 private string m_name; 122 /// </summary>
123 private Role[] m_parents; 123 public class AlreadyContainsRoleException : Exception
124 private Dictionary<string, Permission> m_resources = new Dictionary<string, Permission>(); 124 {
125 125 protected Role m_role;
126 public string Name 126
127 { 127 public Role ErrorRole
128 get { return m_name; } 128 {
129 } 129 get { return m_role; }
130 130 }
131 public Permission RequestPermission(string resource) 131
132 { 132 public AlreadyContainsRoleException(Role role)
133 return RequestPermission(resource, Permission.None); 133 {
134 } 134 m_role = role;
135 135 }
136 public Permission RequestPermission(string resource, Permission current) 136
137 { 137 public override string ToString()
138 // Deny permissions always override any others 138 {
139 if (current == Permission.Deny) 139 return "This ACL already contains a role called '" + m_role.Name + "'.";
140 return current; 140 }
141 141 }
142 Permission temp = Permission.None; 142 #endregion
143 143
144 // Pickup non-None permissions 144 #region Roles and Resources
145 if (m_resources.ContainsKey(resource) && m_resources[resource] != Permission.None) 145
146 temp = m_resources[resource]; 146 /// <summary>
147 147 /// Does this Role have permission to access a specified Resource?
148 if (m_parents != null) 148 /// </summary>
149 { 149 public enum Permission { Deny, None, Allow };
150 foreach (Role parent in m_parents) 150
151 { 151 /// <summary>
152 temp = parent.RequestPermission(resource, temp); 152 /// A role class, for use with Users or Groups
153 } 153 /// </summary>
154 } 154 public class Role
155 155 {
156 return temp; 156 private string m_name;
157 } 157 private Role[] m_parents;
158 158 private Dictionary<string, Permission> m_resources = new Dictionary<string, Permission>();
159 public void GivePermission(string resource, Permission perm) 159
160 { 160 public string Name
161 m_resources[resource] = perm; 161 {
162 } 162 get { return m_name; }
163 163 }
164 public Role(string name) 164
165 { 165 public Permission RequestPermission(string resource)
166 m_name = name; 166 {
167 m_parents = null; 167 return RequestPermission(resource, Permission.None);
168 } 168 }
169 169
170 public Role(string name, Role[] parents) 170 public Permission RequestPermission(string resource, Permission current)
171 { 171 {
172 m_name = name; 172 // Deny permissions always override any others
173 m_parents = parents; 173 if (current == Permission.Deny)
174 } 174 return current;
175 } 175
176 176 Permission temp = Permission.None;
177 public class Resource 177
178 { 178 // Pickup non-None permissions
179 private string m_name; 179 if (m_resources.ContainsKey(resource) && m_resources[resource] != Permission.None)
180 180 temp = m_resources[resource];
181 public string Name 181
182 { 182 if (m_parents != null)
183 get { return m_name; } 183 {
184 } 184 foreach (Role parent in m_parents)
185 185 {
186 public Resource(string name) 186 temp = parent.RequestPermission(resource, temp);
187 { 187 }
188 m_name = name; 188 }
189 } 189
190 } 190 return temp;
191 191 }
192 #endregion 192
193 193 public void GivePermission(string resource, Permission perm)
194 #region Tests 194 {
195 195 m_resources[resource] = perm;
196 class ACLTester 196 }
197 { 197
198 public ACLTester() 198 public Role(string name)
199 { 199 {
200 ACL acl = new ACL(); 200 m_name = name;
201 201 m_parents = null;
202 Role Guests = new Role("Guests"); 202 }
203 acl.AddRole(Guests); 203
204 204 public Role(string name, Role[] parents)
205 Role[] parents = new Role[0]; 205 {
206 parents[0] = Guests; 206 m_name = name;
207 207 m_parents = parents;
208 Role JoeGuest = new Role("JoeGuest", parents); 208 }
209 acl.AddRole(JoeGuest); 209 }
210 210
211 Resource CanBuild = new Resource("CanBuild"); 211 public class Resource
212 acl.AddResource(CanBuild); 212 {
213 213 private string m_name;
214 214
215 acl.GrantPermission("Guests", "CanBuild"); 215 public string Name
216 216 {
217 acl.HasPermission("JoeGuest", "CanBuild"); 217 get { return m_name; }
218 218 }
219 } 219
220 } 220 public Resource(string name)
221 221 {
222 #endregion 222 m_name = name;
223} 223 }
224 }
225
226 #endregion
227
228 #region Tests
229
230 class ACLTester
231 {
232 public ACLTester()
233 {
234 ACL acl = new ACL();
235
236 Role Guests = new Role("Guests");
237 acl.AddRole(Guests);
238
239 Role[] parents = new Role[0];
240 parents[0] = Guests;
241
242 Role JoeGuest = new Role("JoeGuest", parents);
243 acl.AddRole(JoeGuest);
244
245 Resource CanBuild = new Resource("CanBuild");
246 acl.AddResource(CanBuild);
247
248
249 acl.GrantPermission("Guests", "CanBuild");
250
251 acl.HasPermission("JoeGuest", "CanBuild");
252
253 }
254 }
255
256 #endregion
257}