internal PermissionValue GetSubtreePermission(string path, IUser user, bool isCreator, bool isLastModifier, PermissionType[] permissionTypes)
{
if (user.Id == -1)
return PermissionValue.Allow;
//======== #1: startbits: getpermbits
//==>
var principals = GetPrincipals(user, isCreator, isLastModifier);
var allow = 0;
var deny = 0;
var firstPermInfo = GetFirstInfo(path);
if (firstPermInfo.Path == path)
firstPermInfo.AggregateLevelOnlyValues(principals, ref allow, ref deny);
for (var permInfo = firstPermInfo; permInfo != null; permInfo = permInfo.Inherits ? permInfo.Parent : null)
permInfo.AggregateEffectiveValues(principals, ref allow, ref deny);
//==<
var mask = GetPermissionMask(permissionTypes);
if ((deny & mask) != 0)
return PermissionValue.Deny;
if ((allow & mask) != mask)
return PermissionValue.NonDefined;
// +r +1+++ | +1_++ | +1+++
// +r/a +1_++ | +1+++ | +1-++
// ==============|=======|=======
// +++ | _++ | -++
// +r +1+++ | +1_++ | +1+++
// +r/a -1_++ | -1+++ | -1-++
// ==============|=======|=======
// +++ | _++ | -++
// +r +1+++ | +1_++ | +1+++
// -r/a +1_++ | +1+++ | +1-++
// ==============|=======|=======
// _++ | _++ | -++
// nem fugg a permissionset.inheritable ertektol
// denybits: or, break: nem kell ujraszamolni
// allowbits or, break: ujraszamolni
//PermissionInfo subTreePermInfo;
//if (entries.TryGetValue(path, out subTreePermInfo))
//{
// subTreePermInfo.GetSubtreePermission(path, principals, isCreator, isLastModifier, mask, ref allow, ref deny);
//}
//else
//{
var p = path + "/";
var permInfos = from key in permissionTable.Keys where key.StartsWith(p) orderby key select permissionTable[key];
foreach (var permInfo in permInfos)
{
if (!permInfo.Inherits)
{
allow = 0;
foreach (var entry in permInfo.PermissionSets)
{
if (!principals.Contains(entry.PrincipalId))
continue;
allow |= entry.AllowBits;
deny |= entry.DenyBits;
}
}
foreach (var entry in permInfo.PermissionSets)
{
if (!principals.Contains(entry.PrincipalId))
continue;
deny |= entry.DenyBits;
}
}
//}
if ((deny & mask) != 0)
return PermissionValue.Deny;
if ((allow & mask) != mask)
return PermissionValue.NonDefined;
return PermissionValue.Allow;
}
internal PermissionValue[] GetAllPermissions(string path, IUser user, bool isCreator, bool isLastModifier)