public Post AddNewPost(string postContent, Topic topic, User user, out PermissionSet permissions)
        {
            permissions = _roleService.GetPermissions(topic.Category, UsersRole(user));

            if (permissions[AppConstants.PermissionDenyAccess].IsTicked || permissions[AppConstants.PermissionReadOnly].IsTicked)
            {
                throw new ApplicationException("");
            }

            var comment = new Post
            {
                PostContent = postContent,
                User = user,
                Topic = topic,
                IpAddress = StringUtils.GetUsersIpAddress(),
                PostType = PostType.comment.ToString(),
                DateCreated = DateTime.UtcNow,
                DateEdited = DateTime.UtcNow
            };

            comment = SanitizePost(comment);

            Add(comment);

            return comment;
        }

    public RadTreeNodeData[] GetNodes (RadTreeNodeData node, object context)
    {
        if (node.Attributes.ContainsKey("perm"))
        {
            int persID = int.Parse(node.Attributes["uid"].ToString());
            authority = Person.FromIdentity(persID).GetAuthority();
            PermissionSet ps = new PermissionSet(node.Attributes["perm"].ToString());
            requiredPermission = ps.permsList[0].perm;
        }


        List<RadTreeNodeData> nodes = new List<RadTreeNodeData>();
        int parentId = Organization.RootIdentity;
        int.TryParse(node.Value, out parentId);
        Organizations orgs = Organization.FromIdentity(parentId).Children;
        foreach (Organization org in orgs)
        {
            RadTreeNodeData nodeData = new RadTreeNodeData();
            nodeData.Text = org.Name;
            nodeData.Value = org.Identity.ToString();
            Organizations orgs2 = Organization.FromIdentity(org.Identity).Children;
            if (orgs2.Count > 0)
                nodeData.ExpandMode = TreeNodeExpandMode.WebService;

            SetAuthorityForNode(nodeData);

            nodes.Add(nodeData);
        }
        return nodes.ToArray();
    }

        public void AddPost()
        {
            var postRepository = Substitute.For<IPostRepository>();
            var topicRepository = Substitute.For<ITopicRepository>();
            var roleService = Substitute.For<IRoleService>();
            var membershipUserPointsService = Substitute.For<IMembershipUserPointsService>();
            var settingsService = Substitute.For<ISettingsService>();
            settingsService.GetSettings().Returns(new Settings { PointsAddedPerPost = 20 });
            var localisationService = Substitute.For<ILocalizationService>();
            var postService = new PostService(membershipUserPointsService, settingsService, roleService, postRepository, topicRepository, localisationService, _api);

            var category = new Category();
            var role = new MembershipRole{RoleName = "TestRole"};

            var categoryPermissionForRoleSet = new List<CategoryPermissionForRole>
                                                   {
                                                       new CategoryPermissionForRole { Permission = new Permission { Name = AppConstants.PermissionEditPosts }, IsTicked = true},
                                                       new CategoryPermissionForRole { Permission = new Permission { Name = AppConstants.PermissionDenyAccess }, IsTicked = false},
                                                       new CategoryPermissionForRole { Permission = new Permission { Name = AppConstants.PermissionReadOnly  }, IsTicked = false}
                                                   };

            var permissionSet = new PermissionSet(categoryPermissionForRoleSet);
            roleService.GetPermissions(category, role).Returns(permissionSet);

            var topic = new Topic { Name = "Captain America", Category = category};
            var user = new MembershipUser {
                UserName = "SpongeBob",
                Roles = new List<MembershipRole>{role}
            };

            var newPost = postService.AddNewPost("A test post", topic, user, out permissionSet);

            Assert.AreEqual(newPost.User, user);
            Assert.AreEqual(newPost.Topic, topic);
        }

        public PEXInspector(string path)
        {
            _mode = PEXMode.File;
            _filePath = path;

            _permissions = new PermissionSet();
        }

		public override PolicyStatement Resolve (Evidence evidence)
		{
			if (null == evidence)
				throw new ArgumentNullException("evidence");

			if (!MembershipCondition.Check (evidence))
				return null;

			PermissionSet ps = null;
			if (this.PolicyStatement == null)
				ps = new PermissionSet (PermissionState.None);
			else
				ps = this.PolicyStatement.PermissionSet.Copy ();

			if (this.Children.Count > 0) {
				foreach (CodeGroup child_cg in this.Children) {
					PolicyStatement child_pst = child_cg.Resolve (evidence);
					if (child_pst != null) {
						ps = ps.Union (child_pst.PermissionSet);
					}
				}
			}

			PolicyStatement pst = null;
			if (this.PolicyStatement != null)
				pst = this.PolicyStatement.Copy ();
			else
				pst = PolicyStatement.Empty ();
			pst.PermissionSet = ps;
			return pst;
		}

    public static void Main()
    {
        var CreateSomeFile = CSScript.LoadMethod(
                        @"using System.IO;
                          public static void Test()
                          {
                              try
                              {
                                  using (var f = File.Open(""somefile.txt"", FileMode.OpenOrCreate))
                                    Console.WriteLine(""File.Open: success"");
                               }
                               catch (Exception e)
                               {
                                   Console.WriteLine(e.GetType().ToString() + "": "" + e.Message);
                               }
                          }")
                         .GetStaticMethod();

        var permissionSet = new PermissionSet(PermissionState.None);
        permissionSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));

        CreateSomeFile(); //call will secceed as as the set of permisions is a default permissions set for this assembly

        Sandbox.With(SecurityPermissionFlag.Execution) //call will fail as the set of permissions is insufficient
               .Execute(()=>CreateSomeFile());

        CreateSomeFile(); //call will secceed as as the set of permisions set back to default

        //this is a logical equivalent of Sandbox.With.Execute syntactic sugar
        ExecuteInSandbox(permissionSet,               //call will fail as the set of permissions is insufficient
                        ()=>CreateSomeFile());

        CreateSomeFile(); //call will secceed as as the set of permisions set back to default
    }

    static void Main(String[] args) {
        if (args.Length < 2) {
            Console.WriteLine("Usage: sandbox <directory> <assembly> [allowed_files ...]");
            return;
        }

        AppDomainSetup adSetup = new AppDomainSetup();
        adSetup.ApplicationBase = Path.GetFullPath(args[0]);

        PermissionSet permSet = new PermissionSet(PermissionState.None);
        permSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
        permSet.AddPermission(new ReflectionPermission(ReflectionPermissionFlag.RestrictedMemberAccess));
        permSet.AddPermission(new FileIOPermission(FileIOPermissionAccess.Read | FileIOPermissionAccess.PathDiscovery, Path.GetFullPath(args[1])));

        for (int i = 2; i < args.Length; ++i)
            permSet.AddPermission(new FileIOPermission(FileIOPermissionAccess.Read | FileIOPermissionAccess.PathDiscovery, args[i]));

        StrongName fullTrustAssembly = typeof(Sandboxer).Assembly.Evidence.GetHostEvidence<StrongName>();

        AppDomain newDomain = AppDomain.CreateDomain("Sandbox", null, adSetup, permSet, fullTrustAssembly);
        ObjectHandle handle = Activator.CreateInstanceFrom(
            newDomain, typeof(Sandboxer).Assembly.ManifestModule.FullyQualifiedName,
            typeof(Sandboxer).FullName
        );
        Sandboxer newDomainInstance = (Sandboxer) handle.Unwrap();

        Environment.Exit(newDomainInstance.ExecuteUntrustedCode(Path.GetFullPath(args[1])));
    }

        public JintEngine(Options options)
        {
            visitor = new ExecutionVisitor(options);
            AllowClr = true;
            permissionSet = new PermissionSet(PermissionState.None);
            MaxRecursions = 400;

            JsObject global = visitor.Global as JsObject;

            global["ToBoolean"] = visitor.Global.FunctionClass.New(new Delegates.Func<object, Boolean>(Convert.ToBoolean));
            global["ToByte"] = visitor.Global.FunctionClass.New(new Delegates.Func<object, Byte>(Convert.ToByte));
            global["ToChar"] = visitor.Global.FunctionClass.New(new Delegates.Func<object, Char>(Convert.ToChar));
            global["ToDateTime"] = visitor.Global.FunctionClass.New(new Delegates.Func<object, DateTime>(Convert.ToDateTime));
            global["ToDecimal"] = visitor.Global.FunctionClass.New(new Delegates.Func<object, Decimal>(Convert.ToDecimal));
            global["ToDouble"] = visitor.Global.FunctionClass.New(new Delegates.Func<object, Double>(Convert.ToDouble));
            global["ToInt16"] = visitor.Global.FunctionClass.New(new Delegates.Func<object, Int16>(Convert.ToInt16));
            global["ToInt32"] = visitor.Global.FunctionClass.New(new Delegates.Func<object, Int32>(Convert.ToInt32));
            global["ToInt64"] = visitor.Global.FunctionClass.New(new Delegates.Func<object, Int64>(Convert.ToInt64));
            global["ToSByte"] = visitor.Global.FunctionClass.New(new Delegates.Func<object, SByte>(Convert.ToSByte));
            global["ToSingle"] = visitor.Global.FunctionClass.New(new Delegates.Func<object, Single>(Convert.ToSingle));
            global["ToString"] = visitor.Global.FunctionClass.New(new Delegates.Func<object, String>(Convert.ToString));
            global["ToUInt16"] = visitor.Global.FunctionClass.New(new Delegates.Func<object, UInt16>(Convert.ToUInt16));
            global["ToUInt32"] = visitor.Global.FunctionClass.New(new Delegates.Func<object, UInt32>(Convert.ToUInt32));
            global["ToUInt64"] = visitor.Global.FunctionClass.New(new Delegates.Func<object, UInt64>(Convert.ToUInt64));

            BreakPoints = new List<BreakPoint>();
        }

	static void Save (string filename, PermissionSet ps)
	{
		using (StreamWriter sw = new StreamWriter (filename)) {
			sw.WriteLine (ps.ToXml ().ToString ());
			sw.Close ();
		}
	}

    protected void Page_Load (object sender, EventArgs e)
    {
        ((MasterV4Base)this.Master).CurrentPageAllowed = true;

        AdminPermsMainGridTable t = new AdminPermsMainGridTable();

        t.LoadTable(MainTab);

        string innerContent = t[0, t.firstcol].Cell.InnerHtml;



        foreach (RoleType role in Enum.GetValues(typeof(RoleType)))
        {
                t.AddRole(role);
        }

        t[0, t.firstcol].Cell.InnerHtml = innerContent;

        foreach (Permission perm in Enum.GetValues(typeof(Permission)))
        {
            if (perm != Permission.Undefined)
                t.AddPermission(perm);
        }
        Person viewingPerson = Person.FromIdentity(Int32.Parse(HttpContext.Current.User.Identity.Name));
        Authority authority = viewingPerson.GetAuthority();
        PermissionSet EditPerms = new PermissionSet(Permission.CanEditPermissions);

        bool hasPermission = authority.HasPermission(EditPerms,Authorization.Flag.Default );
        hasPermission |= authority.HasRoleType(RoleType.SystemAdmin);

        HttpContext.Current.Session["AllowedToEditPermissions"] = hasPermission;

        BasicPermission[] loadedPermissions = Activizr.Database.PirateDb.GetDatabase().GetPermissionsTable();
        foreach (RoleType role in Enum.GetValues(typeof(RoleType)))
        {
                foreach (Permission perm in Enum.GetValues(typeof(Permission)))
                {
                    if (perm != Permission.Undefined)
                        t.AddResult(role, perm, false, hasPermission);
                }
        }

        foreach (BasicPermission bp in loadedPermissions)
        {

            t.AddResult(bp.RoleType, bp.PermissionType, true, hasPermission);
        }

        for (int c = t.firstcol + 1; c < t.Columns.Count; ++c)
        {
            if (t.Columns[c - 1][1].Cell.InnerText.Trim() == t.Columns[c][1].Cell.InnerText.Trim())
                t.Columns[c - 1][1].JoinCell(CellJoinDirection.RIGHT);

            t.Columns[c - 1][0].JoinCell(CellJoinDirection.RIGHT);
        }


        t.GetHTMLTable(ref MainTab, true);
    }

 public static ViewPostViewModel MapPostViewModel(PermissionSet permissions, 
                                                     Post post, Member currentMember, 
                                                         DialogueSettings settings, Topic topic,
                                                             List<Vote> allPostVotes, List<Favourite> favourites, bool showTopicLinks = false)
 {
     var postViewModel = new ViewPostViewModel
     {
         Permissions = permissions,
         Post = post,
         User = currentMember,
         ParentTopic = topic,
         Votes = allPostVotes.Where(x => x.Post.Id == post.Id).ToList(),
         LoggedOnMemberId = currentMember != null ? currentMember.Id : 0,
         AllowedToVote = (currentMember != null && currentMember.Id != post.MemberId &&
                          currentMember.TotalPoints > settings.AmountOfPointsBeforeAUserCanVote),
         PostCount = post.Member.PostCount,
         IsAdminOrMod = HttpContext.Current.User.IsInRole(AppConstants.AdminRoleName) || permissions[AppConstants.PermissionModerate].IsTicked,
         HasFavourited = favourites.Any(x => x.PostId == post.Id),
         IsTopicStarter = post.IsTopicStarter,
         ShowTopicLinks = showTopicLinks
     };
     postViewModel.UpVotes = postViewModel.Votes.Count(x => x.Amount > 0);
     postViewModel.DownVotes = postViewModel.Votes.Count(x => x.Amount < 0);
     return postViewModel;
 }

		public PolicyStatement (PermissionSet permSet, PolicyStatementAttribute attributes) 
		{
			if (permSet != null) {
				this.perms = permSet.Copy ();
				this.perms.SetReadOnly (true);
			}
			this.attrs = attributes;
		}

 public PermissionSet AddLevel(PermissionSet lowerLevel)
 {
     return new PermissionSet(
         accountNegative: lowerLevel.AccountNegative == Access.Unset ? AccountNegative : lowerLevel.AccountNegative,
         accountSpend: lowerLevel.AccountSpend == Access.Unset ? AccountSpend : lowerLevel.AccountSpend,
         accountModify: lowerLevel.AccountModify == Access.Unset ? AccountModify : lowerLevel.AccountModify,
         dataModify: lowerLevel.DataModify == Access.Unset ? DataModify : lowerLevel.DataModify);
 }

 public PermissionSet Add(PermissionSet added)
 {
     return new PermissionSet(
         accountNegative: Or(AccountNegative, added.AccountNegative),
         accountSpend: Or(AccountSpend, added.AccountSpend),
         accountModify: Or(AccountModify, added.AccountModify),
         dataModify: Or(DataModify, added.DataModify));
 }

	// Constructor
	public PermissionRequestEvidence(PermissionSet request,
									 PermissionSet optional,
									 PermissionSet denied)
			{
				this.request = request;
				this.optional = optional;
				this.denied = denied;
			}

 private void AssertPermissionSet(Access expected, PermissionSet permissions)
 {
     Assert.Equal(expected, permissions.AccountModify);
     Assert.Equal(expected, permissions.AccountNegative);
     Assert.Equal(expected, permissions.AccountSpend);
     Assert.Equal(expected, permissions.AccountCreate);
     Assert.Equal(expected, permissions.DataModify);
 }

        /// <summary>
        /// Add a new post
        /// </summary>
        /// <param name="postContent"> </param>
        /// <param name="topic"> </param>
        /// <param name="user"></param>
        /// <param name="permissions"> </param>
        /// <returns>True if post added</returns>
        public Post AddNewPost(string postContent, Topic topic, MembershipUser user, out PermissionSet permissions)
        {
            // Get the permissions for the category that this topic is in
            permissions = _roleService.GetPermissions(topic.Category, UsersRole(user));

            // Check this users role has permission to create a post
            if (permissions[AppConstants.PermissionDenyAccess].IsTicked || permissions[AppConstants.PermissionReadOnly].IsTicked)
            {
                // Throw exception so Ajax caller picks it up
                throw new ApplicationException(_localizationService.GetResourceString("Errors.NoPermission"));
            }

            // Has permission so create the post
            var newPost = new Post
                               {
                                   PostContent = postContent,
                                   User = user,
                                   Topic = topic,
                                   IpAddress = StringUtils.GetUsersIpAddress(),
                                   DateCreated = DateTime.UtcNow,
                                   DateEdited = DateTime.UtcNow
                               };

            // Sort the search field out

            var category = topic.Category;
            if (category.ModeratePosts == true)
            {
                newPost.Pending = true;
            }

            var e = new PostMadeEventArgs { Post = newPost };
            EventManager.Instance.FireBeforePostMade(this, e);

            if (!e.Cancel)
            {
                // create the post
                Add(newPost);

                // Update the users points score and post count for posting
                _membershipUserPointsService.Add(new MembershipUserPoints
                                                     {
                                                         Points = _settingsService.GetSettings().PointsAddedPerPost,
                                                         User = user,
                                                         PointsFor = PointsFor.Post,
                                                         PointsForId = newPost.Id
                                                     });

                // add the last post to the topic
                topic.LastPost = newPost;

                EventManager.Instance.FireAfterPostMade(this, new PostMadeEventArgs { Post = newPost });

                return newPost;
            }

            return newPost;
        }

    public static void Main()
    {
        //创建文件 IO 读取权限
        FileIOPermission FileIOReadPermission = new FileIOPermission(PermissionState.None);
        FileIOReadPermission.AllLocalFiles = FileIOPermissionAccess.Read;

        //创建基本权限集
        PermissionSet BasePermissionSet = new PermissionSet(PermissionState.None); // PermissionState.Unrestricted 用于完全信任
        BasePermissionSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));

        PermissionSet grantset = BasePermissionSet.Copy();
        grantset.AddPermission(FileIOReadPermission);

        //编写示例源文件以读取
        System.IO.File.WriteAllText("TEST.TXT", "File Content");

        //-------- 完全信任地调用方法 --------
        try
        {
            Console.WriteLine("App Domain Name: " + AppDomain.CurrentDomain.FriendlyName);
            ReadFileMethod();
        }
        catch (Exception ex)
        {
            Console.WriteLine(ex.Message);
        }

        //-------- 创建具有文件 IO 读取权限的 AppDomain --------
        AppDomain sandbox = AppDomain.CreateDomain("Sandboxed AppDomain With FileIO.Read permission", AppDomain.CurrentDomain.Evidence, AppDomain.CurrentDomain.SetupInformation, grantset, null);
        try
        {
            Console.WriteLine("App Domain Name: " + AppDomain.CurrentDomain.FriendlyName);
            sandbox.DoCallBack(new CrossAppDomainDelegate(ReadFileMethod));
        }
        catch (Exception ex)
        {
            Console.WriteLine(ex.Message);
        }

        //-------- 创建没有文件 IO 读取权限的 AppDomain --------
        //应当引发安全异常
        PermissionSet grantset2 = BasePermissionSet.Copy();
        AppDomain sandbox2 = AppDomain.CreateDomain("Sandboxed AppDomain Without FileIO.Read permission", AppDomain.CurrentDomain.Evidence, AppDomain.CurrentDomain.SetupInformation, grantset2, null);
        try
        {
            Console.WriteLine("App Domain Name: " + AppDomain.CurrentDomain.FriendlyName);
            sandbox2.DoCallBack(new CrossAppDomainDelegate(ReadFileMethod));
        }
        catch (Exception ex)
        {
            Console.WriteLine(ex.Message);
        }

        Console.WriteLine("");
        Console.WriteLine("Press any key to end.");
        Console.ReadKey();
    }

		public PermissionRequestEvidence (PermissionSet request, PermissionSet optional, PermissionSet denied) 
		{
			if (request != null)
				this.requested = new PermissionSet (request);
			if (optional != null)
				this.optional = new PermissionSet (optional);
			if (denied != null)
				this.denied = new PermissionSet (denied);
		}

 public static void PermissionRequestEvidenceCallMethods()
 {
     PermissionSet ps = new PermissionSet(new PermissionState());
     PermissionRequestEvidence pre = new PermissionRequestEvidence(ps, ps, ps);
     PermissionRequestEvidence obj = pre.Copy();
     string str = ps.ToString();
     SecurityElement se = new SecurityElement("");
     ps.FromXml(se);
     se = ps.ToXml();
 }