AccessControl Class Content Studio 5.7 SDK
Content Studio Web Content Management System

[This is preliminary documentation and is subject to change.]

This class handles the access control tasks in Content Studio. There are methods to get and set security for objects and methods for making access checks.
Inheritance Hierarchy

SystemObject
  SystemMarshalByRefObject
    ContentStudioCSBase
      ContentStudio.SecuritySecurityBase
        ContentStudio.SecurityAccessControl

Namespace: ContentStudio.Security
Assembly: CSServer5 (in CSServer5.dll) Version: 5.7.5016.0 (5.7.5016.0)
Syntax

public class AccessControl : SecurityBase

The AccessControl type exposes the following members.

Constructors

  NameDescription
Public methodAccessControl
Initializes a new instance of the AccessControl class
Top
Properties

  NameDescription
Protected propertyForceLDAPLevel
Retrieves the ForceLDAPLevel debug setting
(Inherited from SecurityBase.)
Protected propertyUseNetBiosDomainBinding
Gets a value that indicates whether the NetBiosDomain name should be included when binding the user SID to Active Directory.
(Inherited from SecurityBase.)
Top
Methods

  NameDescription
Protected methodStatic memberConvertCSSecurableObjects
Converts a Content Studio CSSecurableObjects enumeration to its short name.
Protected methodStatic memberConvertObjectShortString
Converts a Content Studio securable object short string to the CSSecurableObjects enumeration.
Public methodCreateObjRef (Inherited from MarshalByRefObject.)
Public methodCode exampleEffectivePermissions
Returns the effective permissions a user has on a certain Content Studio securable object.
Public methodEquals (Inherited from Object.)
Protected methodFinalize (Inherited from Object.)
Public methodGetHashCode (Inherited from Object.)
Public methodGetLifetimeService (Inherited from MarshalByRefObject.)
Public methodGetObjectSecurity(ConnectionId, SessionId, Int32, CSSecurableObjects)
Returns a Content Studio securable object security descriptor in the Content Studio XML format.
Public methodGetObjectSecurity(ConnectionId, SessionId, Int32, CSSecurableObjects, String)
Returns a Content Studio securable object security descriptor in the Content Studio XML format.
Public methodGetObjectSecurity(ConnectionId, SessionId, String, Int32, String)
Returns a Content Studio securable object security descriptor in the Content Studio XML format.
Public methodGetOwnerCandidates(ConnectionId, SessionId, Int32, CSSecurableObjects)
Gets the trustees that can take ownership over a securable Content Studio object. Call this method to get a list of trustees that can act as owner of an object before attempting to take ownership of that object. The method calculates the possible owners of an object with respect to the calling user.
Public methodGetOwnerCandidates(ConnectionId, SessionId, String, Int32, String)
Gets the trustees that can take ownership over a securable Content Studio object. Call this method to get a list of trustees that can act as owner of an object before attempting to take ownership of that object. The method calculates the possible owners of an object with respect to the calling user.
Public methodGetSecurityDescriptorSchema
Returns the schema that is used to validate a Content Studio security descriptor
Public methodGetSecurityDescriptorSchemaStream
Returns a stream that contains the xml schema used to validate a Content Studio security descriptor
Public methodGetType (Inherited from Object.)
Public methodInitializeLifetimeService (Inherited from MarshalByRefObject.)
Protected methodMemberwiseClone (Inherited from Object.)
Protected methodMemberwiseClone(Boolean) (Inherited from MarshalByRefObject.)
Public methodCode exampleObjectAccessCheck(ConnectionId, SessionId, CSObjectPermissions, CSSecurableObjects, Int32)
Checks if a user has a certain permission on a Content Studio object.
Public methodObjectAccessCheck(ConnectionId, SessionId, String, Int32, String)
Checks if a user has a certain permission on a Content Studio object.
Public methodCode exampleObjectAccessCheck(ConnectionId, SessionId, CSObjectPermissions, Int32, CSSecurableObjects, Int32)
Checks if a user has a certain permission on a Content Studio object.
Public methodObjectAccessCheck(ConnectionId, SessionId, CSObjectPermissions, CSSecurableObjects, Int32, Int32, String)
Checks if a user has a certain permission on a Content Studio object.
Public methodCode exampleSetObjectSecurity(ConnectionId, SessionId, AccessControlSecurityInfoClass, String)
Sets security information for an object
Public methodSetObjectSecurity(ConnectionId, SessionId, String, AccessControlSecurityInfoClass, String, Int32, String)
Sets security information for an object. For manipulating Content Studio security descriptors see the CSSecurityDescriptorCSSecurityDescriptor class.
Public methodToString (Inherited from Object.)
Top
Examples

The following sample shows how to check if the calling user has permission to create and write new documents in the current category.

try
{
   AccessControl acc = new AccessControl();
   if(acc.ObjectAccessCheck(CS_ConnectionId, 
                            CS_UserSessionId,
                            CSObjectPermissions.Create | CSObjectPermissions.Write,
                            CSSecurableObjects.DocumentCategory,
                            CS_InsertedCategoryId))
       Response.Write("You have access!");    
   else
       Response.Write("Sorry, no access for you!");    
}
catch (Exception ex)
{
   Response.Write(Server.HtmlEncode(ex.GetType().ToString() + ": " + ex.Message));
}
The following code shows how to set permissions to a Content Studio object (error handling is omitted in this example).
Note
Observe how the well-known group Everyone is created in the sample. Never rely on the name of any well-known principal; those names are localized and differ between different language versions of the operating system.

using System;
using System.Xml;
using System.Text;
using System.Security.Principal;
using System.Security.AccessControl;
using ContentStudio;
using ContentStudio.Security;
using Content.Studio.AccessControlEdit;

public class TheClass
{
    public void Main()
    {
        const int CONNECTION_ID = 1;
        //Create a new session.
        SessionManager sman = new SessionManager();
        int SessionID = sman.OpenSession(CONNECTION_ID);
        ContentStudio.Security.AccessControl acc = new AccessControl();
        //Get the security descriptor on document id 2558.
        string sd = acc.GetObjectSecurity(CONNECTION_ID,
                                          SessionID,
                                          2558,
                                          CSSecurableObjects.DocumentItem);
        /*
        Use the new ContentStudio.Security.AccessControlEdit.CSSecurityDescriptor object.
        This object is not executed over remoting.
        */
        CSSecurityDescriptor secDesc = new CSSecurityDescriptor(sd);
        /*
        Add two new permission entries with the AddAccess method on the DiscretionaryAccessControlList
        of the CSSecurityDescriptor object.  Let's use Everyone - read, and CONTENTSTUDIO\Editors - modify.
        */
        SecurityIdentifier SID = new SecurityIdentifier(WellKnownSidType.WorldSid, null);
        secDesc.DiscretionaryAccessControlList.AddAccess(SID,
                                                         AccessControlType.Allow,
                                                         CSObjectPermissions.Read ,
                                                         AceFlags.None);
        const CSObjectPermissions MODIFY = CSObjectPermissions.Write | 
                                           CSObjectPermissions.Create | 
                                           CSObjectPermissions.Read | 
                                           CSObjectPermissions.SendForRevision;
        /*
        A SecurityIdentifier can also be created if you have the user name in the 
        format Domain\Username or the UPN-format (e.g. Editors@contentstudio.com).
        */
        NTAccount acc = new NTAccount("CONTENTSTUDIO\\Editors");
        //Translate to a SecurityIdentifier
        SID = (SecurityIdentifier)acc.Translate(typeof(SecurityIdentifier));
        secDesc.DiscretionaryAccessControlList.AddAccess(SID,
                                                         AccessControlType.Allow,
                                                         MODIFY,
                                                         AceFlags.None);
        //Get the the security descriptor in the Xml format.
        StringBuilder sbu = new StringBuilder();
        XmlWriter XWriter = XmlWriter.Create(sbu);
        secDesc.WriteXml(XWriter);
        XWriter.Flush();
        sd = sbu.ToString();
        //Save the security back to the object that provided it.
        acc.SetObjectSecurity(CONNECTION_ID, SessionID, AccessControl.SecurityInfoClass.DACL, sd);
    }
}
Taking the ownership of an object can be done by directly manipulating the security descriptor and the ownersid field as the following code snippet shows.
Note

You can only take ownership, never give it away to someone else. Also in order to take ownership you must have SetOwnerShip permission or be a member in a group that has the GlobalGroupAdmin rights defined.
try
{
    const int CS_STARTPAGE = 1003;
    AccessControl acc = new AccessControl();
    XmlDocument dom = new XmlDocument();
    dom.LoadXml(acc.GetObjectSecurity(CS_ConnectionId, CS_UserSessionId, CS_STARTPAGE, CSSecurableObjects.DocumentItem));
    //Get the sid of the calling user
    SecurityIdentifier sid = WindowsIdentity.GetCurrent().User;
    //Change the owner by manipulating the security descriptor xml directly!
    dom.DocumentElement.SelectSingleNode("ownersid").InnerText = sid.Value;
    //save the security descriptor back to the object indicating that we like to set the owner information
    acc.SetObjectSecurity(CS_ConnectionId, CS_UserSessionId, AccessControl.SecurityInfoClass.Owner, dom.OuterXml);
    Response.Write("The owner has been changed");
}
catch (Exception ex)
{
   Response.Write(Server.HtmlEncode(ex.Message));
}
See Also

Reference