Privilege Structure

IT Hit WebDAV Classes Reference

Specifies a privilege that can be given to a principal on an item.

Namespace: ITHit.WebDAV.Server.Acl
Assembly: ITHit.WebDAV.Server (in ITHit.WebDAV.Server.dll) Version: 13.3.13068

Syntax

C++

Copy

public struct Privilege : IEquatable<Privilege>

Public Structure Privilege
	Implements IEquatable(Of Privilege)

public value class Privilege : IEquatable<Privilege>

[<SealedAttribute>]
type Privilege =  
    struct
        interface IEquatable<Privilege>
    end

The Privilege type exposes the following members.

Constructors

	Name	Description
	Privilege	Initializes a new instance of the Privilege class.

Top

Methods

	Name	Description
	Equals(Object)	Indicates whether this instance and a specified object are equal. (Overrides ValueTypeEquals(Object).)
	Equals(Privilege)	Indicates whether the current object is equal to another object of the same type.
	GetHashCode	Returns the hash code for this instance. (Overrides ValueTypeGetHashCode.)
	GetType	Gets the Type of the current instance. (Inherited from Object.)
	ToString	Returns string representation of a privilege. (Overrides ValueTypeToString.)

Top

Operators

	Name	Description
	Equality	Equality operator.
	Inequality	Unequality operator.

Top

Fields

	Name	Description
	All	Is an aggregate privilege that contains the entire set of privileges that can be applied to the item.
	Bind	Allows creating child items in a collection.
	Name	Privilege name.
	Namespace	Namespace of privilege.
	Read	Controls methods that return information about the state of the resource, including the resource's properties. Affected methods include downloading content and retrieving information about item.
	ReadAcl	Controls the use of GetAclAsync(IListPropertyName).
	ReadCurrentUserPrivilegeSet	Controls the use of GetCurrentUserPrivilegeSetAsync.
	Unbind	Allows removing child items from collection (for example using DeleteAsync(MultistatusException) or MoveToAsync(IItemCollection, String, MultistatusException)).
	Unlock	Controls the use of the UnlockAsync(String) method by a principal other than the lock owner (the principal that created a lock can always perform an UnlockAsync(String)).
	Write	Controls methods that lock an item or modify the content, properties, or membership of a collection.
	WriteAcl	Controls user of SetAclAsync(IListWriteAce) method.
	WriteContent	Controls methods that modify the content of an existing resource, such as WriteAsync(Stream, String, Int64, Int64).
	WriteProperties	Controls methods that modify properties of the resource. Such as UpdatePropertiesAsync(IListPropertyValue, IListPropertyName, MultistatusException).

Top

Remarks

Ability to perform a method on an item is controlled by one or more privileges. A principal with no privileges to a resource will be denied any access to that resource, unless the principal matches an ACE constructed using the All, Authenticated, or Unauthenticated pseudo-principals. Privileges may be containers of other privileges, in which case they are termed "aggregate privileges". If a principal is granted or denied an aggregate privilege, it is semantically equivalent to granting or denying each of the aggregated privileges individually. For example, an implementation may define add-member and remove-member privileges that control the ability to add and remove a member of a group. Since these privileges control the ability to update the state of a group, these privileges would be aggregated by the Write privilege on a group, and granting the Write privilege on a group would also grant the add-member and remove-member privileges. Privileges may be declared to be "abstract" for a given resource, in which case they cannot be set in an ACE on that resource. Aggregate and non-aggregate privileges are both capable of being abstract. Abstract privileges are useful for modeling privileges that otherwise would not be exposed via the protocol. Abstract privileges also provide server implementations with flexibility in implementing the privileges. For example, if a server is incapable of separating the read item capability from the read ACL capability, it can still model the Read and ReadAcl privileges defined in this specification by declaring them abstract, and containing them within a non-abstract aggregate privilege (say, read-all) that holds Read, and ReadAcl. In this way, it is possible to set the aggregate privilege, read-all, thus coupling the setting of Read and ReadAcl, but it is not possible to set Read, or ReadAcl individually. Since aggregate privileges can be abstract, it is also possible to use abstract privileges to group or organize non-abstract privileges. Privilege containment loops are not allowed; therefore, a privilege MUST NOT contain itself. For example, Read cannot contain Read. The set of privileges that apply to a particular item may vary with the type of item (folder, resource), as well as between different server implementations. To promote interoperability, however, a set of well-known privileges (e.g., Read, Write, ReadAcl, WriteAcl, ReadCurrentUserPrivilegeSet, and All) is defined, which can at least be used to classify the other privileges defined on a particular resource. Server implementations MAY define new privileges beyond those defined in Privilege. Privileges defined by individual implementations MUST NOT use the DAV: namespace, and instead should use a namespace that they control, such as an http scheme URL.

Reference

ITHit.WebDAV.Server.Acl Namespace