Add WriteAltSecurityIdentities and WritePublicInformation

[JonasBK]

Description

Collection of two new ACL permissions:

• WriteAltSecurityIdentities
• WritePublicInformation

Motivation and Context

Tickets: BED-6155

How Has This Been Tested?

Locally in lab environment.

Types of changes

• Chore (a change that does not modify the application functionality)
• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

• Documentation updates are needed, and have been made accordingly.
• I have added and/or updated tests to cover my changes.
• All new and existing tests passed.
• My changes include a database migration.

Summary by CodeRabbit

• New Features
  • Expanded support for processing additional access rights on user and computer objects, including new permissions for alternative security identities and public information.
• Tests
  • Added unit tests verifying handling of these new access rights for both user and computer scenarios.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 144449ae-a86f-41c5-aca5-41cd91e3a0ec

📥 Commits

Reviewing files that changed from the base of the PR and between 4bfb80a and 2f3ce7d.

📒 Files selected for processing (3)

• src/CommonLib/Processors/ACEGuids.cs
• src/CommonLib/Processors/ACLProcessor.cs
• test/unit/ACLProcessorTest.cs

---

Walkthrough

Two new ACE types, WriteAltSecurityIdentities and WritePublicInformation, are introduced as constants in both the EdgeNames and ACEGuids classes. ACL processing logic is updated to recognize and yield these ACEs for User and Computer object types. Corresponding unit tests are added to verify the new behavior.

Changes

Cohort / File(s)	Change Summary
ACE Type Constants src/CommonLib/Enums/EdgeNames.cs, src/CommonLib/Processors/ACEGuids.cs	Added new constant string fields for WriteAltSecurityIdentities and WritePublicInformation to both the EdgeNames and ACEGuids classes. These constants represent new ACE types and their associated GUIDs.
ACL Processing Logic src/CommonLib/Processors/ACLProcessor.cs	Updated ACL processing to handle and yield ACEs with WriteAltSecurityIdentities and WritePublicInformation rights for User and Computer object types. Refactored CertTemplate handling for clarity. No changes to exported or public entity declarations.
Unit Tests test/unit/ACLProcessorTest.cs	Added four new unit tests to verify ACL processing for the new ACE types and principal types (User and Computer). Reformatted class and method declarations for code style consistency. No changes to logic of existing tests.

Sequence Diagram(s)

sequenceDiagram
    participant Test as Unit Test
    participant ACLProcessor as ACLProcessor
    participant ACEGuids as ACEGuids
    participant EdgeNames as EdgeNames

    Test->>ACLProcessor: Call ProcessACL with ACE (WriteAltSecurityIdentities/PublicInformation)
    ACLProcessor->>ACEGuids: Lookup ACE GUID
    ACLProcessor->>EdgeNames: Lookup ACE name
    ACLProcessor-->>Test: Yield processed ACE (User/Computer, WriteAltSecurityIdentities/WritePublicInformation)

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

Two new ACEs hop into code,
For users and computers, their rights bestowed.
Tests now check with eager delight,
That all is well with each new write.
A bunny cheers, with paws in the air—
Security’s handled with extra care! 🐇✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely summarizes the main change: adding two new ACL permissions (WriteAltSecurityIdentities and WritePublicInformation) to the codebase.
Description check	✅ Passed	The PR description is mostly complete with required sections filled out: Description, Motivation and Context, testing details, and type classification marked correctly.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch esc14

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}