Published: 2007-01-23
Applies to:
- Content Studio ver. 5
Type: How to
Published: 2007-01-23
Type: How to
You change the permission by using the help classes found in the
The following code shows how to set permissions to a Content Studio object (error
handling is omitted in this example).
Note
Observe how the well-known group Everyone is created in the sample. Never rely on
the name of any well-known principal; those names are localized and differ between
different language versions of the operating system.
Additionally the code is within Content Studio
using System;
using System.Xml;
using System.Text;
using System.Security.Principal;
using System.Security.AccessControl;
using ContentStudio;
using ContentStudio.Security;
using ContentStudio.Security.AccessControlEdit;
public class TheClass
{
public void Main()
{
//In a real sample you will use your own connection Id or
//if you are in a Content Studio document you use the CS_ConnectionId property
//instead.
const int CONNECTION_ID = 1;
//Create a new session.
//Within a Content Studio page you an omit the OpenSession block
//and use the CS_UserSessionId property instead
SessionManager sman = new SessionManager();
int SessionID = sman.OpenSession(CONNECTION_ID);
ContentStudio.Security.AccessControl acc = new AccessControl();
//Get the security descriptor on document id 2558.
string sd = acc.GetObjectSecurity(CONNECTION_ID,
SessionID,
2558,
CSSecurableObjects.DocumentItem);
/*
Use the new ContentStudio.Security.AccessControlEdit.CSSecurityDescriptor object.
This document does not get executed over remoting.
*/
CSSecurityDescriptor secDesc = new CSSecurityDescriptor(sd);
/*
Add two new permission entries with the AddAccess method on the DiscretionaryAccessControlList
of the CSSecurityDescriptor object. Let's use Everyone - read, and CONTENTSTUDIO\Editors - modify.
*/
SecurityIdentifier SID = new SecurityIdentifier(WellKnownSidType.WorldSid, null);
secDesc.DiscretionaryAccessControlList.AddAccess(SID,
AccessControlType.Allow,
CSObjectPermissions.Read ,
AceFlags.None);
const CSObjectPermissions MODIFY = CSObjectPermissions.Write |
CSObjectPermissions.Create |
CSObjectPermissions.Read |
CSObjectPermissions.SendForRevision;
/*
A SecurityIdentifier can also be created if you have the user name in the
format Domain\Username or the UPN-format (ex. Editors@contentstudio.com).
*/
NTAccount ntac = new NTAccount("CONTENTSTUDIO\\Editors");
//Translate to a SecurityIdentifier
SID = (SecurityIdentifier)ntac.Translate(typeof(SecurityIdentifier));
secDesc.DiscretionaryAccessControlList.AddAccess(SID,
AccessControlType.Allow,
MODIFY,
AceFlags.None);
//Get the the security descriptor in the Xml format.
StringBuilder sbu = new StringBuilder();
XmlWriter XWriter = XmlWriter.Create(sbu);
secDesc.WriteXml(XWriter);
XWriter.Flush();
sd = sbu.ToString();
//Save the security back to the object that provided it.
acc.SetObjectSecurity(CONNECTION_ID, SessionID, AccessControl.SecurityInfoClass.DACL, sd);
}
}
Imports System
Imports System.Xml
Imports System.Text
Imports System.Security.Principal
Imports System.Security.AccessControl
Imports ContentStudio
Imports ContentStudio.Security
Imports ContentStudio.Security.AccessControlEdit
Public Class TheClass
{
Public Sub Main()
'In a real sample you will use your own connection Id or
'if you are in a Content Studio document you use the CS_ConnectionId property
'instead.
Const CONNECTION_ID As Integer = 1
'Create a new session.
'Within a Content Studio page you an omit the OpenSession block
'and use the CS_UserSessionId property instead
Dim sman SessionManager As New SessionManager()
Dim SessionID As Integer = sman.OpenSession(CONNECTION_ID)
Dim acc As ContentStudio.Security.AccessControl = New AccessControl()
'Get the security descriptor on document id 2558.
Dim sd As String = acc.GetObjectSecurity(CONNECTION_ID, _
SessionID, _
2558, _
CSSecurableObjects.DocumentItem)
'Use the new ContentStudio.Security.AccessControlEdit.CSSecurityDescriptor object.
Dim secDesc As New CSSecurityDescriptor(sd)
'Add a new permission with the AddAccess method on the DiscretionaryAccessControlList
'of the CSSecurityDescriptor object. Let's use Everyone - read, and CONTENTSTUDIO\Editors - modify.
Dim SID As New SecurityIdentifier(WellKnownSidType.WorldSid, Nothing)
secDesc.DiscretionaryAccessControlList.AddAccess(SID, _
AccessControlType.Allow, _
MODIFY, _
AceFlags.None)
Const MODIFY As CSObjectPermissions = CSObjectPermissions.Write Or _
CSObjectPermissions.Create Or _
CSObjectPermissions.Read Or _
CSObjectPermissions.SendForRevision
'A SecurityIdentifier can also be created if you have the user name in the
'format Domain\Username or the UPN-format (ex. Editors@contentstudio.com).
Dim ntac = New NTAccount("CONTENTSTUDIO\Editors")
'Translate into a SecurityIdentifier
SID = DirectCast(ntac.Translate(GetType(SecurityIdentifier)), SecurityIdentifier)
secDesc.DiscretionaryAccessControlList.AddAccess(SID, _
AccessControlType.Allow, _
MODIFY, _
AceFlags.None)
'Get the the security descriptor in the Xml format.
Dim sbu As New StringBuilder()
Dim XWriter AsXmlWriter = XmlWriter.Create(sbu)
secDesc.WriteXml(XWriter)
XWriter.Flush()
sd = sbu.ToString()
'Save the security back to the object that provided it.
acc.SetObjectSecurity(CONNECTION_ID, SessionID, AccessControl.SecurityInfoClass.DACL, sd)
End Sub
End Class