//------------------------------------------------------------------------------
// <copyright file="AuthorizationSection.cs" company="Microsoft">
//     Copyright (c) Microsoft Corporation.  All rights reserved.
// </copyright>
//------------------------------------------------------------------------------

namespace System.Web.Configuration {
    using System;
    using System.Xml;
    using System.Configuration;
    using System.Collections.Specialized;
    using System.Collections;
    using System.Globalization;
    using System.IO;
    using System.Text;
    using System.Security.Principal;
    using System.Web.Util;
    using System.ComponentModel;
    using System.Security.Permissions;

    /*
        <authorization>

            <!--
            allow/deny Attributes:
              users="[*|?|name]"
                * - All users
                ? - Anonymous users
                [name] - Named user
              roles="[name]"
            -->
            <allow users="*" />
                <!--  <allow     users="[comma separated list of users]"
                                 roles="[comma separated list of roles]"
                                 verbs="[comma separated list of verbs]" />
                      <deny      users="[comma separated list of users]"
                                 roles="[comma separated list of roles]"
                                 verbs="[comma separated list of verbs]" />
                -->

        </authorization>

        <authorization>
            <allow users="*" />
        </authorization>

        */

    /// <devdoc>
    ///     <para> Adds Authorization specific information to this section.        
    ///     </para>
    /// </devdoc>
    public sealed class AuthorizationSection : ConfigurationSection {
        private static ConfigurationPropertyCollection _properties;
        private static readonly ConfigurationProperty _propRules =
            new ConfigurationProperty(null, typeof(AuthorizationRuleCollection), null, ConfigurationPropertyOptions.IsDefaultCollection);

        private bool _EveryoneAllowed = false;
        internal bool EveryoneAllowed { get { return _EveryoneAllowed; } }

        static AuthorizationSection() {
            // Property initialization
            _properties = new ConfigurationPropertyCollection();
            _properties.Add(_propRules);
        }

        public AuthorizationSection() {
        }

        protected override ConfigurationPropertyCollection Properties {
            get {
                return _properties;
            }
        }

        [ConfigurationProperty("", IsDefaultCollection = true)]
        public AuthorizationRuleCollection Rules {
            get {
                return (AuthorizationRuleCollection)base[_propRules];
            }
        }

        protected override void PostDeserialize() {
            if (Rules.Count > 0) {
                _EveryoneAllowed = (Rules[0].Action == AuthorizationRuleAction.Allow && Rules[0].Everyone);
            }
        }

        internal bool IsUserAllowed(IPrincipal user, String verb) {
            return Rules.IsUserAllowed(user, verb);
        }
    } // class AuthorizationSection
}