diff options
Diffstat (limited to 'OpenSim')
-rw-r--r-- | OpenSim/Framework/ACL.cs | 252 | ||||
-rw-r--r-- | OpenSim/Framework/Tests/ACLTest.cs | 125 |
2 files changed, 0 insertions, 377 deletions
diff --git a/OpenSim/Framework/ACL.cs b/OpenSim/Framework/ACL.cs deleted file mode 100644 index f76e8b7..0000000 --- a/OpenSim/Framework/ACL.cs +++ /dev/null | |||
@@ -1,252 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (c) Contributors, http://opensimulator.org/ | ||
3 | * See CONTRIBUTORS.TXT for a full list of copyright holders. | ||
4 | * | ||
5 | * Redistribution and use in source and binary forms, with or without | ||
6 | * modification, are permitted provided that the following conditions are met: | ||
7 | * * Redistributions of source code must retain the above copyright | ||
8 | * notice, this list of conditions and the following disclaimer. | ||
9 | * * Redistributions in binary form must reproduce the above copyright | ||
10 | * notice, this list of conditions and the following disclaimer in the | ||
11 | * documentation and/or other materials provided with the distribution. | ||
12 | * * Neither the name of the OpenSimulator Project nor the | ||
13 | * names of its contributors may be used to endorse or promote products | ||
14 | * derived from this software without specific prior written permission. | ||
15 | * | ||
16 | * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY | ||
17 | * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | ||
18 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | ||
19 | * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY | ||
20 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES | ||
21 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
22 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND | ||
23 | * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||
24 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS | ||
25 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
26 | */ | ||
27 | |||
28 | using System; | ||
29 | using System.Collections.Generic; | ||
30 | |||
31 | namespace OpenSim.Framework | ||
32 | { | ||
33 | // ACL Class | ||
34 | // Modelled after the structure of the Zend ACL Framework Library | ||
35 | // with one key difference - the tree will search for all matching | ||
36 | // permissions rather than just the first. Deny permissions will | ||
37 | // override all others. | ||
38 | |||
39 | #region ACL Core Class | ||
40 | |||
41 | /// <summary> | ||
42 | /// Access Control List Engine | ||
43 | /// </summary> | ||
44 | public class ACL | ||
45 | { | ||
46 | private Dictionary<string, Resource> Resources = new Dictionary<string, Resource>(); | ||
47 | private Dictionary<string, Role> Roles = new Dictionary<string, Role>(); | ||
48 | |||
49 | /// <summary> | ||
50 | /// Adds a new role | ||
51 | /// </summary> | ||
52 | /// <param name="role"></param> | ||
53 | /// <returns></returns> | ||
54 | public ACL AddRole(Role role) | ||
55 | { | ||
56 | if (Roles.ContainsKey(role.Name)) | ||
57 | throw new AlreadyContainsRoleException(role); | ||
58 | |||
59 | Roles.Add(role.Name, role); | ||
60 | |||
61 | return this; | ||
62 | } | ||
63 | |||
64 | /// <summary> | ||
65 | /// Adds a new resource | ||
66 | /// </summary> | ||
67 | /// <param name="resource"></param> | ||
68 | /// <returns></returns> | ||
69 | public ACL AddResource(Resource resource) | ||
70 | { | ||
71 | Resources.Add(resource.Name, resource); | ||
72 | |||
73 | return this; | ||
74 | } | ||
75 | |||
76 | /// <summary> | ||
77 | /// Permision for user/roll on a resource | ||
78 | /// </summary> | ||
79 | /// <param name="role"></param> | ||
80 | /// <param name="resource"></param> | ||
81 | /// <returns></returns> | ||
82 | public Permission HasPermission(string role, string resource) | ||
83 | { | ||
84 | if (!Roles.ContainsKey(role)) | ||
85 | throw new KeyNotFoundException(); | ||
86 | |||
87 | if (!Resources.ContainsKey(resource)) | ||
88 | throw new KeyNotFoundException(); | ||
89 | |||
90 | return Roles[role].RequestPermission(resource); | ||
91 | } | ||
92 | |||
93 | public ACL GrantPermission(string role, string resource) | ||
94 | { | ||
95 | if (!Roles.ContainsKey(role)) | ||
96 | throw new KeyNotFoundException(); | ||
97 | |||
98 | if (!Resources.ContainsKey(resource)) | ||
99 | throw new KeyNotFoundException(); | ||
100 | |||
101 | Roles[role].GivePermission(resource, Permission.Allow); | ||
102 | |||
103 | return this; | ||
104 | } | ||
105 | |||
106 | public ACL DenyPermission(string role, string resource) | ||
107 | { | ||
108 | if (!Roles.ContainsKey(role)) | ||
109 | throw new KeyNotFoundException(); | ||
110 | |||
111 | if (!Resources.ContainsKey(resource)) | ||
112 | throw new KeyNotFoundException(); | ||
113 | |||
114 | Roles[role].GivePermission(resource, Permission.Deny); | ||
115 | |||
116 | return this; | ||
117 | } | ||
118 | |||
119 | public ACL ResetPermission(string role, string resource) | ||
120 | { | ||
121 | if (!Roles.ContainsKey(role)) | ||
122 | throw new KeyNotFoundException(); | ||
123 | |||
124 | if (!Resources.ContainsKey(resource)) | ||
125 | throw new KeyNotFoundException(); | ||
126 | |||
127 | Roles[role].GivePermission(resource, Permission.None); | ||
128 | |||
129 | return this; | ||
130 | } | ||
131 | } | ||
132 | |||
133 | #endregion | ||
134 | |||
135 | #region Exceptions | ||
136 | |||
137 | /// <summary> | ||
138 | /// Thrown when an ACL attempts to add a duplicate role. | ||
139 | /// </summary> | ||
140 | public class AlreadyContainsRoleException : Exception | ||
141 | { | ||
142 | protected Role m_role; | ||
143 | |||
144 | public AlreadyContainsRoleException(Role role) | ||
145 | { | ||
146 | m_role = role; | ||
147 | } | ||
148 | |||
149 | public Role ErrorRole | ||
150 | { | ||
151 | get { return m_role; } | ||
152 | } | ||
153 | |||
154 | public override string ToString() | ||
155 | { | ||
156 | return "This ACL already contains a role called '" + m_role.Name + "'."; | ||
157 | } | ||
158 | } | ||
159 | |||
160 | #endregion | ||
161 | |||
162 | #region Roles and Resources | ||
163 | |||
164 | /// <summary> | ||
165 | /// Does this Role have permission to access a specified Resource? | ||
166 | /// </summary> | ||
167 | public enum Permission | ||
168 | { | ||
169 | Deny, | ||
170 | None, | ||
171 | Allow | ||
172 | } ; | ||
173 | |||
174 | /// <summary> | ||
175 | /// A role class, for use with Users or Groups | ||
176 | /// </summary> | ||
177 | public class Role | ||
178 | { | ||
179 | private string m_name; | ||
180 | private Role[] m_parents; | ||
181 | private Dictionary<string, Permission> m_resources = new Dictionary<string, Permission>(); | ||
182 | |||
183 | public Role(string name) | ||
184 | { | ||
185 | m_name = name; | ||
186 | m_parents = null; | ||
187 | } | ||
188 | |||
189 | public Role(string name, Role[] parents) | ||
190 | { | ||
191 | m_name = name; | ||
192 | m_parents = parents; | ||
193 | } | ||
194 | |||
195 | public string Name | ||
196 | { | ||
197 | get { return m_name; } | ||
198 | } | ||
199 | |||
200 | public Permission RequestPermission(string resource) | ||
201 | { | ||
202 | return RequestPermission(resource, Permission.None); | ||
203 | } | ||
204 | |||
205 | public Permission RequestPermission(string resource, Permission current) | ||
206 | { | ||
207 | // Deny permissions always override any others | ||
208 | if (current == Permission.Deny) | ||
209 | return current; | ||
210 | |||
211 | Permission temp = Permission.None; | ||
212 | |||
213 | // Pickup non-None permissions | ||
214 | if (m_resources.ContainsKey(resource) && m_resources[resource] != Permission.None) | ||
215 | temp = m_resources[resource]; | ||
216 | |||
217 | if (m_parents != null) | ||
218 | { | ||
219 | foreach (Role parent in m_parents) | ||
220 | { | ||
221 | temp = parent.RequestPermission(resource, temp); | ||
222 | } | ||
223 | } | ||
224 | |||
225 | return temp; | ||
226 | } | ||
227 | |||
228 | public void GivePermission(string resource, Permission perm) | ||
229 | { | ||
230 | m_resources[resource] = perm; | ||
231 | } | ||
232 | } | ||
233 | |||
234 | public class Resource | ||
235 | { | ||
236 | private string m_name; | ||
237 | |||
238 | public Resource(string name) | ||
239 | { | ||
240 | m_name = name; | ||
241 | } | ||
242 | |||
243 | public string Name | ||
244 | { | ||
245 | get { return m_name; } | ||
246 | } | ||
247 | } | ||
248 | |||
249 | #endregion | ||
250 | |||
251 | |||
252 | } \ No newline at end of file | ||
diff --git a/OpenSim/Framework/Tests/ACLTest.cs b/OpenSim/Framework/Tests/ACLTest.cs deleted file mode 100644 index 06e860e..0000000 --- a/OpenSim/Framework/Tests/ACLTest.cs +++ /dev/null | |||
@@ -1,125 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (c) Contributors, http://opensimulator.org/ | ||
3 | * See CONTRIBUTORS.TXT for a full list of copyright holders. | ||
4 | * | ||
5 | * Redistribution and use in source and binary forms, with or without | ||
6 | * modification, are permitted provided that the following conditions are met: | ||
7 | * * Redistributions of source code must retain the above copyright | ||
8 | * notice, this list of conditions and the following disclaimer. | ||
9 | * * Redistributions in binary form must reproduce the above copyright | ||
10 | * notice, this list of conditions and the following disclaimer in the | ||
11 | * documentation and/or other materials provided with the distribution. | ||
12 | * * Neither the name of the OpenSimulator Project nor the | ||
13 | * names of its contributors may be used to endorse or promote products | ||
14 | * derived from this software without specific prior written permission. | ||
15 | * | ||
16 | * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY | ||
17 | * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | ||
18 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | ||
19 | * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY | ||
20 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES | ||
21 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
22 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND | ||
23 | * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||
24 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS | ||
25 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
26 | */ | ||
27 | |||
28 | using System; | ||
29 | using NUnit.Framework; | ||
30 | using System.Collections.Generic; | ||
31 | |||
32 | |||
33 | namespace OpenSim.Framework.Tests | ||
34 | { | ||
35 | [TestFixture] | ||
36 | public class ACLTest | ||
37 | { | ||
38 | #region Tests | ||
39 | |||
40 | /// <summary> | ||
41 | /// ACL Test class | ||
42 | /// </summary> | ||
43 | [Test] | ||
44 | public void ACLTest01() | ||
45 | { | ||
46 | ACL acl = new ACL(); | ||
47 | |||
48 | Role Guests = new Role("Guests"); | ||
49 | acl.AddRole(Guests); | ||
50 | |||
51 | Role[] parents = new Role[1]; | ||
52 | parents[0] = Guests; | ||
53 | |||
54 | Role JoeGuest = new Role("JoeGuest", parents); | ||
55 | acl.AddRole(JoeGuest); | ||
56 | |||
57 | Resource CanBuild = new Resource("CanBuild"); | ||
58 | acl.AddResource(CanBuild); | ||
59 | |||
60 | |||
61 | acl.GrantPermission("Guests", "CanBuild"); | ||
62 | |||
63 | Permission perm = acl.HasPermission("JoeGuest", "CanBuild"); | ||
64 | Assert.That(perm == Permission.Allow, "JoeGuest should have permission to build"); | ||
65 | perm = Permission.None; | ||
66 | try | ||
67 | { | ||
68 | perm = acl.HasPermission("unknownGuest", "CanBuild"); | ||
69 | |||
70 | } | ||
71 | catch (KeyNotFoundException) | ||
72 | { | ||
73 | |||
74 | |||
75 | } | ||
76 | catch (Exception) | ||
77 | { | ||
78 | Assert.That(false,"Exception thrown should have been KeyNotFoundException"); | ||
79 | } | ||
80 | Assert.That(perm == Permission.None,"Permission None should be set because exception should have been thrown"); | ||
81 | |||
82 | } | ||
83 | |||
84 | [Test] | ||
85 | public void KnownButPermissionDenyAndPermissionNoneUserTest() | ||
86 | { | ||
87 | ACL acl = new ACL(); | ||
88 | |||
89 | Role Guests = new Role("Guests"); | ||
90 | acl.AddRole(Guests); | ||
91 | Role Administrators = new Role("Administrators"); | ||
92 | acl.AddRole(Administrators); | ||
93 | Role[] Guestparents = new Role[1]; | ||
94 | Role[] Adminparents = new Role[1]; | ||
95 | |||
96 | Guestparents[0] = Guests; | ||
97 | Adminparents[0] = Administrators; | ||
98 | |||
99 | Role JoeGuest = new Role("JoeGuest", Guestparents); | ||
100 | acl.AddRole(JoeGuest); | ||
101 | |||
102 | Resource CanBuild = new Resource("CanBuild"); | ||
103 | acl.AddResource(CanBuild); | ||
104 | |||
105 | Resource CanScript = new Resource("CanScript"); | ||
106 | acl.AddResource(CanScript); | ||
107 | |||
108 | Resource CanRestart = new Resource("CanRestart"); | ||
109 | acl.AddResource(CanRestart); | ||
110 | |||
111 | acl.GrantPermission("Guests", "CanBuild"); | ||
112 | acl.DenyPermission("Guests", "CanRestart"); | ||
113 | |||
114 | acl.GrantPermission("Administrators", "CanScript"); | ||
115 | |||
116 | acl.GrantPermission("Administrators", "CanRestart"); | ||
117 | Permission setPermission = acl.HasPermission("JoeGuest", "CanRestart"); | ||
118 | Assert.That(setPermission == Permission.Deny, "Guests Should not be able to restart"); | ||
119 | Assert.That(acl.HasPermission("JoeGuest", "CanScript") == Permission.None, | ||
120 | "No Explicit Permissions set so should be Permission.None"); | ||
121 | } | ||
122 | |||
123 | #endregion | ||
124 | } | ||
125 | } | ||