Click or drag to resize

Privilege Structure

IT Hit WebDAV Classes Reference
Specifies a privilege that can be given to a principal on an item.

Namespace:  ITHit.WebDAV.Server.Acl
Assembly:  ITHit.WebDAV.Server (in ITHit.WebDAV.Server.dll) Version: 9.1.5460-Beta
Syntax
public struct Privilege : IEquatable<Privilege>

The Privilege type exposes the following members.

Constructors
  NameDescription
Public methodPrivilege
Initializes a new instance of the Privilege class.
Top
Methods
  NameDescription
Public methodEquals(Object)
Indicates whether this instance and a specified object are equal.
(Overrides ValueTypeEquals(Object).)
Public methodEquals(Privilege)
Indicates whether the current object is equal to another object of the same type.
Public methodGetHashCode
Returns the hash code for this instance.
(Overrides ValueTypeGetHashCode.)
Public methodGetType
Gets the Type of the current instance.
(Inherited from Object.)
Public methodToString
Returns string representation of a privilege.
(Overrides ValueTypeToString.)
Top
Operators
  NameDescription
Public operatorStatic memberEquality
Equality operator.
Public operatorStatic memberInequality
Unequality operator.
Top
Fields
  NameDescription
Public fieldStatic memberAll
Is an aggregate privilege that contains the entire set of privileges that can be applied to the item.
Public fieldStatic memberBind
Allows creating child items in a collection.
Public fieldName
Privilege name.
Public fieldNamespace
Namespace of privilege.
Public fieldStatic memberRead
Controls methods that return information about the state of the resource, including the resource's properties. Affected methods include downloading content and retrieving information about item.
Public fieldStatic memberReadAcl
Public fieldStatic memberReadCurrentUserPrivilegeSet
Public fieldStatic memberUnbind
Allows removing child items from collection (for example using DeleteAsync(MultistatusException) or MoveToAsync(IItemCollectionAsync, String, MultistatusException)).
Public fieldStatic memberUnlock
Controls the use of the UnlockAsync(String) method by a principal other than the lock owner (the principal that created a lock can always perform an UnlockAsync(String)).
Public fieldStatic memberWrite
Controls methods that lock an item or modify the content, properties, or membership of a collection.
Public fieldStatic memberWriteAcl
Public fieldStatic memberWriteContent
Controls methods that modify the content of an existing resource, such as [!:IContentAsync.WriteAsync].
Public fieldStatic memberWriteProperties
Top
Remarks
Ability to perform a method on an item is controlled by one or more privileges. A principal with no privileges to a resource will be denied any access to that resource, unless the principal matches an ACE constructed using the All, Authenticated, or Unauthenticated pseudo-principals. Privileges may be containers of other privileges, in which case they are termed "aggregate privileges". If a principal is granted or denied an aggregate privilege, it is semantically equivalent to granting or denying each of the aggregated privileges individually. For example, an implementation may define add-member and remove-member privileges that control the ability to add and remove a member of a group. Since these privileges control the ability to update the state of a group, these privileges would be aggregated by the Write privilege on a group, and granting the Write privilege on a group would also grant the add-member and remove-member privileges. Privileges may be declared to be "abstract" for a given resource, in which case they cannot be set in an ACE on that resource. Aggregate and non-aggregate privileges are both capable of being abstract. Abstract privileges are useful for modeling privileges that otherwise would not be exposed via the protocol. Abstract privileges also provide server implementations with flexibility in implementing the privileges. For example, if a server is incapable of separating the read item capability from the read ACL capability, it can still model the Read and ReadAcl privileges defined in this specification by declaring them abstract, and containing them within a non-abstract aggregate privilege (say, read-all) that holds Read, and ReadAcl. In this way, it is possible to set the aggregate privilege, read-all, thus coupling the setting of Read and ReadAcl, but it is not possible to set Read, or ReadAcl individually. Since aggregate privileges can be abstract, it is also possible to use abstract privileges to group or organize non-abstract privileges. Privilege containment loops are not allowed; therefore, a privilege MUST NOT contain itself. For example, Read cannot contain Read. The set of privileges that apply to a particular item may vary with the type of item (folder, resource), as well as between different server implementations. To promote interoperability, however, a set of well-known privileges (e.g., Read, Write, ReadAcl, WriteAcl, ReadCurrentUserPrivilegeSet, and All) is defined, which can at least be used to classify the other privileges defined on a particular resource. Server implementations MAY define new privileges beyond those defined in Privilege. Privileges defined by individual implementations MUST NOT use the DAV: namespace, and instead should use a namespace that they control, such as an http scheme URL.
See Also