private void PerformSearch()
{
this.TextBoxSearch.Foreground = Brushes.Black;
if (!string.IsNullOrWhiteSpace(this.TextBoxSearch.Text))
{
ITeamFoundationContext context = this.ParentSection.GetContext();
IIdentityManagementService ims = context.TeamProjectCollection.GetService <IIdentityManagementService>();
// First try search by AccountName
TeamFoundationIdentity userIdentity = ims.ReadIdentity(IdentitySearchFactor.AccountName, this.TextBoxSearch.Text, MembershipQuery.None, ReadIdentityOptions.ExtendedProperties);
if (userIdentity == null)
{
// Next we try search by DisplayName
userIdentity = ims.ReadIdentity(IdentitySearchFactor.DisplayName, this.TextBoxSearch.Text, MembershipQuery.None, ReadIdentityOptions.ExtendedProperties);
if (userIdentity == null)
{
this.TextBoxSearch.Foreground = Brushes.DarkRed;
return;
}
}
this.ParentSection.UserAccountName = this.TextBoxSearch.Text;
this.ParentSection.UserDisplayName = userIdentity.DisplayName;
}
else
{
this.ParentSection.UserAccountName = "@Me";
this.ParentSection.UserDisplayName = string.Empty;
}
this.ParentSection.Refresh();
}
public static void GetAllProjectAdmins(TeamFoundationIdentity identity, IIdentityManagementService ims, ref List <TeamFoundationIdentity> ids)
{
if (identity.IsContainer)
{
TeamFoundationIdentity[] groupMembers;
try
{
groupMembers = ims.ReadIdentities(identity.Members, MembershipQuery.Expanded,
ReadIdentityOptions.None);
foreach (TeamFoundationIdentity tfi in groupMembers)
{
GetAllProjectAdmins(tfi, ims, ref ids);
}
}
catch (Exception e)
{
groupMembers = ims.ReadIdentities(identity.Members, MembershipQuery.None, ReadIdentityOptions.None);
ids.AddRange(groupMembers);
}
}
else
{
ids.Add(identity);
}
}
private static bool GetSettings(string filePath)
{
if (!File.Exists(filePath))
{
WriteLog(LogLevel.Error, string.Format("The file provided cannot be found ({0})", filePath));
return(false);
}
_config = new PermissionCopyConfiguration();
try
{
// Read configuration file and transfor to PermissionCopyConfiguration object
XmlSerializer x = new XmlSerializer(_config.GetType());
using (StreamReader sr = new StreamReader(filePath))
{
_config = (PermissionCopyConfiguration)x.Deserialize(sr);
_tfs = new TfsTeamProjectCollection(new Uri(_config.vstsUri));
_ims = (IIdentityManagementService)_tfs.GetService <IIdentityManagementService>();
_wistore = new WorkItemStore(_tfs, WorkItemStoreFlags.BypassRules);
_es = (IEventService)_tfs.GetService <IEventService>();
_excludedGroups = _config.excludedGroups;
_securityServiceGroup = _config.vstsSecurityServiceGroup;
_userMappings = _config.userMappings;
}
}
catch (Exception ex)
{
WriteLog(LogLevel.Error, string.Format("An error occurred reading the configuration file. Please verify the format. The error is:\n{0}", ex.ToString()));
return(false);
}
_ics = (ICommonStructureService4)_tfs.GetService <ICommonStructureService4>();
_teamProjects = _ics.ListAllProjects().ToList();
return(true);
}
private static void BatchUpMembershipThatExceedsSizeLimit(TeamFoundationIdentity membershipGroup,
int batchSizeLimit,
IIdentityManagementService ims, List <TeamFoundationIdentity> membershipGroups,
Dictionary <IdentityDescriptor, TeamFoundationIdentity> allIdentities)
{
var batchNum = 0;
var remainder = membershipGroup.Members.Length;
var descriptors = new IdentityDescriptor[batchSizeLimit];
while (remainder > 0)
{
var startAt = batchNum * batchSizeLimit;
var length = batchSizeLimit;
if (length > remainder)
{
length = remainder;
descriptors = new IdentityDescriptor[length];
}
Array.Copy(membershipGroup.Members, startAt, descriptors, 0, length);
var memberIdentities = ims.ReadIdentities(descriptors, MembershipQuery.Direct, ReadIdentityOptions.None);
AddCollectionUsersAndGroupsToLists(memberIdentities, membershipGroups, allIdentities);
remainder -= length;
}
}
private static void BatchUpMembershipThatExceedsSizeLimit(TeamFoundationIdentity membershipGroup,
int batchSizeLimit,
IIdentityManagementService ims, List<TeamFoundationIdentity> membershipGroups,
Dictionary<IdentityDescriptor, TeamFoundationIdentity> allIdentities)
{
var batchNum = 0;
var remainder = membershipGroup.Members.Length;
var descriptors = new IdentityDescriptor[batchSizeLimit];
while (remainder > 0)
{
var startAt = batchNum*batchSizeLimit;
var length = batchSizeLimit;
if (length > remainder)
{
length = remainder;
descriptors = new IdentityDescriptor[length];
}
Array.Copy(membershipGroup.Members, startAt, descriptors, 0, length);
var memberIdentities = ims.ReadIdentities(descriptors, MembershipQuery.Direct, ReadIdentityOptions.None);
AddCollectionUsersAndGroupsToLists(memberIdentities, membershipGroups, allIdentities);
remainder -= length;
}
}
/// <summary>
/// Gets the list of project users in a TFS project
/// </summary>
/// <param name="projectCollection">TFS PROJECT COLLECTION</param>
/// <param name="projectName">TFS PROJECT NAME</param>
/// <returns></returns>
public static List <TeamFoundationIdentity> ListContributors(TfsTeamProjectCollection tfsTeamProjectCollection, string projectName)
{
List <TeamFoundationIdentity> tfsUsers = new List <TeamFoundationIdentity>();
IIdentityManagementService ims = (IIdentityManagementService)tfsTeamProjectCollection.GetService(typeof(IIdentityManagementService));
// get the tfs project
ReadOnlyCollection <CatalogNode> projectNodes = tfsTeamProjectCollection.CatalogNode.QueryChildren(new[] { CatalogResourceTypes.TeamProject }, false, CatalogQueryOptions.None);
CatalogNode projectCatalogNode = projectNodes.FirstOrDefault(c => c.Resource.DisplayName == projectName);
if (projectCatalogNode != null && ims != null)
{
TeamFoundationIdentity[] groups = ims.ListApplicationGroups(projectName, ReadIdentityOptions.None);
foreach (TeamFoundationIdentity group in groups)
{
TeamFoundationIdentity sids = ims.ReadIdentity(IdentitySearchFactor.DisplayName, group.DisplayName, MembershipQuery.Expanded, ReadIdentityOptions.IncludeReadFromSource);
if (sids != null)
{
tfsUsers.AddRange(ims.ReadIdentities(sids.Members, MembershipQuery.Expanded, ReadIdentityOptions.None));
}
}
}
//Remove any duplicates (by user-id)
return(tfsUsers.GroupBy(u => u.UniqueName).Select(u => u.First()).ToList());
}
static void Main(string[] args)
{
TfsConfigurationServer tcs = new TfsConfigurationServer(new Uri("http://server:8080/tfs"));
IIdentityManagementService ims = tcs.GetService <IIdentityManagementService>();
TeamFoundationIdentity tfi = ims.ReadIdentity(IdentitySearchFactor.AccountName, "Project Collection Valid Users", MembershipQuery.Expanded, ReadIdentityOptions.None);
TeamFoundationIdentity[] ids = ims.ReadIdentities(tfi.Members, MembershipQuery.None, ReadIdentityOptions.None);
using (StreamWriter file = new StreamWriter("userlist.txt"))
foreach (TeamFoundationIdentity id in ids)
{
if (id.Descriptor.IdentityType == "System.Security.Principal.WindowsIdentity")
{
Console.WriteLine(id.DisplayName);
}
//{ Console.WriteLine(id.UniqueName); }
file.WriteLine("[{0}]", id.DisplayName);
}
var count = ids.Count(x => ids.Contains(x));
Console.WriteLine(count);
Console.ReadLine();
}
public static void Connect()
{
var tfs = new TfsTeamProjectCollection(new Uri(Settings.Default.Serverurl));
_store = tfs.GetService <WorkItemStore>();
_identityManagementService = tfs.GetService <IIdentityManagementService>();
}
public SecurityManager(string teamProjectCollectionUrl)
{
_teamProjectCollectionUrl = teamProjectCollectionUrl;
_tfsTeamProjectCollection = TfsTeamProjectCollectionFactory.GetTeamProjectCollection(new Uri(_teamProjectCollectionUrl));
_tfsTeamProjectCollection.EnsureAuthenticated();
_identityManagementService = _tfsTeamProjectCollection.GetService <IIdentityManagementService>();
}
public static IEnumerable <TeamFoundationIdentity> ReadTFSUsers(TfsTeamProjectCollection tfsTeamProjectCollection, ILogger logger)
{
try
{
logger.Information("Querying Team Foundation Identities from TFS.");
IIdentityManagementService identityService = tfsTeamProjectCollection.GetService <IIdentityManagementService>();
TeamFoundationIdentity teamFoundationIdentity = identityService.ReadIdentity(IdentitySearchFactor.AccountName, "Project Collection Valid Users", MembershipQuery.Expanded, ReadIdentityOptions.ExtendedProperties);
TeamFoundationIdentity[][] teamFoundationIdentities = identityService
.ReadIdentities(
IdentitySearchFactor.Identifier,
teamFoundationIdentity
.Members
.Select(id => id.Identifier)
.ToArray(),
MembershipQuery.None,
ReadIdentityOptions.ExtendedProperties);
return(teamFoundationIdentities
.SelectMany(tfi => tfi)
.Where(tfi => !tfi.IsContainer));
}
catch (Exception e)
{
logger.Error(e.Message);
return(null);
}
}
public static void Main(string[] args)
{
LogArguments(args);
Uri projectCollectionUri = new Uri(args.ElementAt(0));
Guid projectCollectionId = Guid.Parse(args.ElementAt(1));
Guid requestedByUserId = Guid.Parse(args.ElementAt(2));
string artifactsFolder = Path.GetFullPath(args.ElementAt(3));
string emailSubject = args.ElementAt(4);
string emailBody = args.ElementAt(5);
Console.WriteLine("Project collection URI: " + projectCollectionUri);
Console.WriteLine("Project collection id: " + projectCollectionId);
Console.WriteLine("User identifier: " + requestedByUserId);
Console.WriteLine("Artifacts folder: " + artifactsFolder);
Console.WriteLine("Email subject: " + emailSubject);
Console.WriteLine("Email body: " + emailBody);
string tfsUriFromCollectionUri = projectCollectionUri.AbsoluteUri.Replace(projectCollectionUri.Segments.Last(), string.Empty);
TfsConfigurationServer configurationServer = TfsConfigurationServerFactory.GetConfigurationServer(new Uri(tfsUriFromCollectionUri));
TfsTeamProjectCollection teamProjectCollection = configurationServer.GetTeamProjectCollection(projectCollectionId);
IIdentityManagementService identityServiceManager = teamProjectCollection.GetService <IIdentityManagementService>();
TeamFoundationIdentity[] tfsIdentities = identityServiceManager.ReadIdentities(new Guid[1] {
requestedByUserId
}, MembershipQuery.Direct);
SendArtifacs(tfsIdentities, emailSubject, emailBody, artifactsFolder);
}
/// <summary>
/// Initializes a new instance of the <see cref="IdentityAliasValueConverter"/> class.
/// </summary>
/// <param name="identityManagementService">An instance of <see cref="IIdentityManagementService"/> to perform lookups.</param>
/// <param name="tenantId">In a hosted VSTS instance, the tenantId to scope identity searches.</param>
/// <param name="domains">A set of domains used to create <see cref="IIdentityDescriptor"/>s for search.</param>
/// <example>
/// var ims = ...;
/// var mapper = new IdentityAliasMapper(ims, "CD4C5751-F4E6-41D5-A4C9-EFFD66BC8E9C", "contoso.com");
/// </example>
public IdentityAliasValueConverter(
[NotNull] IIdentityManagementService identityManagementService,
[NotNull] string tenantId,
[NotNull][ItemNotNull] params string[] domains)
{
Contract.Requires(!string.IsNullOrEmpty(tenantId));
Contract.Requires(identityManagementService != null);
Contract.Requires(domains != null);
Contract.Requires(domains.Length > 0);
Contract.Requires(domains.All(item => item != null));
if (domains == null)
{
throw new ArgumentNullException(nameof(domains));
}
if (string.IsNullOrEmpty(tenantId))
{
throw new ArgumentException("Value cannot be null or empty.", nameof(tenantId));
}
if (domains.Length == 0)
{
throw new ArgumentException("Value cannot be an empty collection.", nameof(domains));
}
_identityManagementService = identityManagementService ?? throw new ArgumentNullException(nameof(identityManagementService));
_tenantId = tenantId;
_domains = domains;
}
private static TeamFoundationIdentity GetAllValidUsers(IIdentityManagementService ims)
{
var validUsersGroupMembers = ims.ReadIdentity(GroupWellKnownDescriptors.EveryoneGroup,
MembershipQuery.Direct,
ReadIdentityOptions.None);
return(validUsersGroupMembers);
}
public ActionResult IdentityOverview()
{
IIdentityManagementService serverIdentityManagementService = configurationServer.GetService <IIdentityManagementService>();
IdentityOverviewModel iom = new IdentityOverviewModel();
IdentityServiceManagementHelper.FeedIdentityData(iom.ApplicationGroupCollection, iom.UserCollection, serverIdentityManagementService, null);
return(PartialView(iom));
}
public TFSClientLogic(TfsVariable tfsVar) : base(tfsVar)
{
idService = TeamColl.GetService(typeof(IIdentityManagementService)) as IIdentityManagementService;
tfsId = IdentityService.ReadIdentity(IdentitySearchFactor.DisplayName,
initSetting.BuildRequestedUser,
MembershipQuery.None,
ReadIdentityOptions.None);
}
public static TfsTeamProjectCollection CreateImpersonatedCollection(Uri collectionToUse, string userToImpersonate)
{
NetworkCredential defaultNetworkCredentials = CredentialCache.DefaultNetworkCredentials;
TfsTeamProjectCollection tfsTeamProjectCollection = new TfsTeamProjectCollection(collectionToUse, defaultNetworkCredentials);
IIdentityManagementService service = tfsTeamProjectCollection.GetService <IIdentityManagementService>();
TeamFoundationIdentity teamFoundationIdentity = service.ReadIdentity(IdentitySearchFactor.AccountName, userToImpersonate, MembershipQuery.None, ReadIdentityOptions.None);
return(new TfsTeamProjectCollection(collectionToUse, new TfsClientCredentials(), teamFoundationIdentity.Descriptor));
}
public TfsUtil(string url)
{
var tfs = new TfsTeamProjectCollection(new Uri(url), new VssCredentials());
_managementService = tfs.GetService <IIdentityManagementService>();
_vcServer = tfs.GetService <VersionControlServer>();
_emaillookup = new Dictionary <string, string>();
}
public TeamWrapper(Uri collectionUri, string teamProjectName)
{
this.teamProjectCollection = new TfsTeamProjectCollection(collectionUri);
this.teamService = this.teamProjectCollection.GetService <TfsTeamService>();
this.identityManagementService = this.teamProjectCollection.GetService <IIdentityManagementService>();
ICommonStructureService4 cssService = this.teamProjectCollection.GetService <ICommonStructureService4>();
this.projectInfo = cssService.GetProjectFromName(teamProjectName);
}
public IdentityManagementController(IIdentityManagementService identityManagementService)
{
if (identityManagementService == null)
{
throw new ArgumentNullException("identityManagementService");
}
this.identityManagementService = identityManagementService;
mapperFactory = new MapperFactory();
}
public IdentityManagementController(IIdentityManagementService identityManagementService)
{
if (identityManagementService == null)
{
throw new ArgumentNullException("identityManagementService");
}
this.identityManagementService = identityManagementService;
mapperFactory = new MapperFactory();
}
public GroupManager(string teamProjectCollectionUrl, string teamProjectName)
{
_teamProjectCollectionUrl = teamProjectCollectionUrl;
_teamProjectName = teamProjectName;
_tfsTeamProjectCollection = TfsTeamProjectCollectionFactory.GetTeamProjectCollection(new Uri(_teamProjectCollectionUrl));
_tfsTeamProjectCollection.EnsureAuthenticated();
_commonStructureService4 = _tfsTeamProjectCollection.GetService <ICommonStructureService4>();
_projectInfo = _commonStructureService4.GetProjectFromName(_teamProjectName);
_identityManagementService = _tfsTeamProjectCollection.GetService <IIdentityManagementService>();
}
public IEnumerable <GroupModel> GetGroups(Guid collectionId, int projectId)
{
using (var server = GetServer())
{
TfsTeamProjectCollection collection = server.GetTeamProjectCollection(collectionId);
WorkItemStore wiStore = collection.GetService <WorkItemStore>();
Project project = wiStore.Projects.GetById(projectId);
IIdentityManagementService identityManagement = collection.GetService <IIdentityManagementService>();
TeamFoundationIdentity[] identities = identityManagement.ListApplicationGroups(project.Uri.ToString(), ReadIdentityOptions.None);
return(Map(identities));
}
}
public TestPlanMigration(TfsTeamProjectCollection sourceTfs, TfsTeamProjectCollection destinationTfs, string sourceProject, string destinationProject, Hashtable workItemMap, ProgressBar progressBar)
{
this.sourceproj = GetProject(sourceTfs, sourceProject);
this.destinationproj = GetProject(destinationTfs, destinationProject);
this.workItemMap = workItemMap;
this.progressBar = progressBar;
projectName = sourceProject;
store = (WorkItemStore)destinationTfs.GetService(typeof(WorkItemStore));
workItemTypes = store.Projects[destinationProject].WorkItemTypes;
ims = (IIdentityManagementService)sourceTfs.GetService(typeof(IIdentityManagementService));
UserID = ims.ReadIdentity(IdentitySearchFactor.MailAddress, "*****@*****.**", MembershipQuery.Direct, ReadIdentityOptions.None);
}
public ActionResult IdentityOverview(string id)
{
IdentityOverviewModel iom = new IdentityOverviewModel();
if (!string.IsNullOrWhiteSpace(id))
{
TfsTeamProjectCollection tpc = configurationServer.GetTeamProjectCollection(new Guid(id));
IIdentityManagementService ims = tpc.GetService <IIdentityManagementService>();
IdentityServiceManagementHelper.FeedIdentityData(iom.ApplicationGroupCollection, iom.UserCollection, ims, null);
}
return(PartialView(iom));
}
public TestPlandsAndSuitesMigrationContext(MigrationEngine me, TestPlansAndSuitesMigrationConfig config) : base(me, config)
{
this.engine = me;
sourceWitStore = new WorkItemStoreContext(me.Source, WorkItemStoreFlags.None);
sourceTestStore = new TestManagementContext(me.Source, config.TestPlanQueryBit);
targetWitStore = new WorkItemStoreContext(me.Target, WorkItemStoreFlags.BypassRules);
targetTestStore = new TestManagementContext(me.Target);
sourceTestConfigs = sourceTestStore.Project.TestConfigurations.Query("Select * From TestConfiguration");
targetTestConfigs = targetTestStore.Project.TestConfigurations.Query("Select * From TestConfiguration");
sourceIdentityManagementService = me.Source.Collection.GetService <IIdentityManagementService>();
targetIdentityManagementService = me.Target.Collection.GetService <IIdentityManagementService>();
this.config = config;
}
private static void PerformUserAction(ApplicationTask task, IIdentityManagementService ims, string userName, Action <TeamFoundationIdentity> action)
{
// Look up the user by account name.
var userIdentity = ims.ReadIdentity(IdentitySearchFactor.AccountName, userName, MembershipQuery.None, ReadIdentityOptions.IncludeReadFromSource);
if (userIdentity == null)
{
task.SetWarning("The requested user was not found: \"{0}\". Please make sure to use the account name, not the display name (which can be ambiguous).".FormatCurrent(userName));
}
else
{
action(userIdentity);
}
}
public TfsUtility(
[NotNull] VersionControlServer versionControlServer,
[NotNull] ICmdUtility cmdUtility,
[NotNull] IIdentityManagementService identityManagementService,
[NotNull] IMessageHub messageHub,
[NotNull] ILog logger)
{
_versionControlServer = versionControlServer ?? throw new ArgumentNullException(nameof(versionControlServer));
_messageHub = messageHub ?? throw new ArgumentNullException(nameof(messageHub));
_logger = logger ?? throw new ArgumentNullException(nameof(logger));
_cmdUtility = cmdUtility;
_identityManagementService = identityManagementService;
_users = GetAllUsers();
}
/// <summary>
/// Gets the users.
/// </summary>
/// <returns></returns>
public List <TeamFoundationIdentity> GetUsers()
{
TfsTeamProjectCollection projectCollection = this.GetTeamProjectCollection();
ICommonStructureService css = (ICommonStructureService)projectCollection.GetService(typeof(ICommonStructureService));
IGroupSecurityService gss = projectCollection.GetService <IGroupSecurityService>();
IIdentityManagementService ims = projectCollection.GetService <IIdentityManagementService>();
// get the tfs project
var projectList = css.ListAllProjects();
var project = projectList.FirstOrDefault(o => o.Name.Equals(this.TfsServer.ActiveProjectContext.ProjectName, StringComparison.InvariantCultureIgnoreCase));
// project doesn't exist
if (project == null)
{
return(null);
}
// get the tfs group
var groupList = gss.ListApplicationGroups(project.Uri);
List <Identity> groups;
if (ConfigurationManager.CurrentConfiguration.UserGroups != null && ConfigurationManager.CurrentConfiguration.UserGroups.Count > 0)
{
groups = groupList.Where(o => ConfigurationManager.CurrentConfiguration.UserGroups.Contains(o.AccountName)).ToList(); // you can also use DisplayName
}
else
{
groups = groupList.ToList();
}
List <TeamFoundationIdentity> contributors = new List <TeamFoundationIdentity>();
foreach (Identity group in groups)
{
Identity sids = gss.ReadIdentity(SearchFactor.Sid, group.Sid, QueryMembership.Expanded);
// there are no users
if (sids.Members.Length == 0)
{
continue;
}
// convert to a list
contributors.AddRange(ims.ReadIdentities(IdentitySearchFactor.Identifier, sids.Members, MembershipQuery.Direct, ReadIdentityOptions.None).SelectMany(x => x).Where(x => x.IsContainer == false));
}
return(contributors.GroupBy(x => x.DisplayName).Select(g => g.First()).OrderBy(x => x.DisplayName).ToList());
}
private static void DisplayGroupTree(IIdentityManagementService ims, TeamFoundationIdentity node,
int level)
{
DisplayNode(node, level);
if (!node.IsContainer)
return;
TeamFoundationIdentity[] nodeMembers = ims.ReadIdentities(node.Members, MembershipQuery.Direct,
ReadIdentityOptions.None);
int newLevel = level + 1;
foreach (TeamFoundationIdentity member in nodeMembers)
DisplayGroupTree(ims, member, newLevel);
}
public IdentityDescriptor GetIdentityToImpersonate(Uri projectCollectionUrl)
{
var configurationServer = TfsTeamProjectCollectionFactory.GetTeamProjectCollection(projectCollectionUrl);
// TODO: Find a way to read the identity from the server object model instead.
IIdentityManagementService identityManagementService =
configurationServer.GetService <IIdentityManagementService>();
Microsoft.TeamFoundation.Framework.Client.TeamFoundationIdentity identity =
identityManagementService.ReadIdentities(
new[] { new Guid(this.Notification.ChangerTeamFoundationId) },
MembershipQuery.None).FirstOrDefault();
return(identity?.Descriptor);
}
// For call to create TR we need Ericsson user id (also domain?) - seems like we have what we want here.
// TDOD: Try and make sure we are getting the correct attribute.
// See http://stackoverflow.com/questions/19911368/using-the-tfs-2012-api-how-do-i-get-the-email-address-of-a-user
static public String GetSignumForChangeNotification(
Microsoft.TeamFoundation.WorkItemTracking.Client.WorkItem workItem,
WorkItemChangedEvent notification)
{
TfsTeamProjectCollection tpc = workItem.Store.TeamProjectCollection;
String userId = notification.ChangerTeamFoundationId;
IIdentityManagementService mgmntService = tpc.GetService <IIdentityManagementService>();
Guid[] ids = new Guid[1];
ids[0] = new Guid(notification.ChangerTeamFoundationId);
TeamFoundationIdentity[] members = mgmntService.ReadIdentities(ids, MembershipQuery.Direct);
return(GetUserFromSignum(members[0].UniqueName));
}
private void InitializeProxies(IServiceProvider server)
{
m_identityManagement = server.GetService(typeof(IIdentityManagementService)) as IIdentityManagementService;
m_securityService = server.GetService(typeof(ISecurityService)) as ISecurityService;
m_authorizationService = server.GetService(typeof(IAuthorizationService)) as IAuthorizationService;
/*
* obsoleting the usage of m_userIdCache to by-pass the TFS user idenitity scalability issue
*
* IGroupSecurityService gss = server.GetService(typeof(IGroupSecurityService)) as IGroupSecurityService;
* if (null != gss)
* {
* m_userIdCache = new TFSUserIdCache(gss);
* }
*
*/
}
private IdentityDescriptor GetIdentityToImpersonate(TeamFoundationRequestContext requestContext, WorkItemChangedEvent workItemChangedEvent)
{
Uri server = this.GetCollectionUriFromContext(requestContext);
var configurationServer = TfsTeamProjectCollectionFactory.GetTeamProjectCollection(server);
// TODO: Find a way to read the identity from the server object model instead.
IIdentityManagementService identityManagementService =
configurationServer.GetService <IIdentityManagementService>();
TeamFoundationIdentity identity =
identityManagementService.ReadIdentities(
new Guid[] { new Guid(workItemChangedEvent.ChangerTeamFoundationId) },
MembershipQuery.None).FirstOrDefault();
return(identity?.Descriptor);
}
public CloudFrontDeployer(ElasticBeanstalkDeploymentConfigurationProvider configProvider,
IElasticBeanstalkService elasticBeanstalkService,
IS3Service s3Service,
ISmokeTestService smokeTestService,
IIdentityManagementService iamService,
ICloudFrontService cloudFrontService,
ISslUploaderService sslUploaderService,
IConfigurationOptionSettingsProvider configurationOptionSettingsProvider,
IRoute53Service route53Service,
ILoggerProvider loggerProvider)
{
this.configurationOptionSettingsProvider = configurationOptionSettingsProvider;
this.smokeTestService = smokeTestService;
this.elasticBeanstalkService = elasticBeanstalkService;
this.s3Service = s3Service;
this.configProvider = configProvider;
this.iamService = iamService;
this.cloudFrontService = cloudFrontService;
this.sslUploaderService = sslUploaderService;
this.route53Service = route53Service;
this.loggerProvider = loggerProvider;
}
private static void AddExpandedMembershipOfValidUsersGroup(IIdentityManagementService ims,
List<TeamFoundationIdentity> membershipGroups,
Dictionary<IdentityDescriptor, TeamFoundationIdentity> allIdentities)
{
// Get expanded membership of the Valid Users group, which is all identities in this host
var validUsersGroupMembers = ims.ReadIdentity(GroupWellKnownDescriptors.EveryoneGroup,
MembershipQuery.Expanded,
ReadIdentityOptions.None);
// If total membership exceeds batch size limit for Read, break it up
const int batchSizeLimit = 100000;
if (validUsersGroupMembers.Members.Length > batchSizeLimit)
{
BatchUpMembershipThatExceedsSizeLimit(validUsersGroupMembers, batchSizeLimit, ims, membershipGroups,
allIdentities);
}
else
{
var memberIdentities = ims.ReadIdentities(validUsersGroupMembers.Members, MembershipQuery.Direct,
ReadIdentityOptions.None);
AddCollectionUsersAndGroupsToLists(memberIdentities, membershipGroups, allIdentities);
}
}
/// <summary>
/// Extract iteration permissions for a specific identity
/// </summary>
/// <param name="server">Server security service</param>
/// <param name="teamProject">Team project</param>
/// <param name="userIdentity">User identity</param>
/// <param name="identityManagementService">The identityManagementService</param>
/// <param name="groups">List of groups</param>
/// <returns>Security namespace</returns>
private static List<IterationPermission> ExtractIterationPermissions(ISecurityService server, Project teamProject, TeamFoundationIdentity userIdentity, IIdentityManagementService identityManagementService, List<string> groups)
{
var result = new List<IterationPermission>();
var lstIterations = Helpers.FlattenTree(teamProject.IterationRootNodes);
// root Area Node
var iterationPermissionRoot = new IterationPermission { IterationName = teamProject.Name, IterationPermissions = new List<Permission>() };
iterationPermissionRoot.IterationPermissions.AddRange(ExtractGenericSecurityNamespacePermissions(server, PermissionScope.WorkItemIterations, userIdentity, lstIterations.First().ParentNode.Uri.AbsoluteUri, identityManagementService, groups));
if (iterationPermissionRoot.IterationPermissions.Count > 0)
{
result.Add(iterationPermissionRoot);
}
Console.WriteLine("== Extract WorkItems Iteration Permissions ==");
foreach (Node iteration in lstIterations)
{
var iterationPermission = new IterationPermission
{
IterationName = iteration.Path,
IterationPermissions = new List<Permission>()
};
iterationPermission.IterationPermissions.AddRange(ExtractGenericSecurityNamespacePermissions(server, PermissionScope.WorkItemIterations, userIdentity, iteration.Uri.AbsoluteUri, identityManagementService, groups));
if (iterationPermission.IterationPermissions.Count > 0)
{
result.Add(iterationPermission);
}
}
return result;
}
/// <summary>
/// Run the extraction algorithm for a specific user
/// </summary>
/// <param name="ims">Identity management service</param>
/// <param name="userName">user name</param>
/// <param name="options">command line parameters</param>
/// <param name="fileName">File name</param>
/// <param name="tfs">team project collection</param>
/// <returns>true if successful</returns>
private static bool ExtractPermissionForUserName(IIdentityManagementService ims, string userName, Options options, string fileName, TfsTeamProjectCollection tfs)
{
TeamFoundationIdentity userIdentity = ims.ReadIdentity(
IdentitySearchFactor.AccountName,
userName,
MembershipQuery.None,
ReadIdentityOptions.IncludeReadFromSource);
if (userIdentity == null)
{
Console.WriteLine("User {0} can't connect to the Collection {1}. Please verifiy!", userName, options.Collection);
Console.ReadLine();
return false;
}
// get workItem store
var workItemStore = tfs.GetService<WorkItemStore>();
////Initiate Report
// Initiate a new object of Permission Report
var permissionsReport = new PermissionsReport
{
Date = DateTime.Now,
TfsCollectionUrl = options.Collection,
UserName = userName,
TeamProjects = new List<TfsTeamProject>()
};
try
{
// retrieve list of Team Projects in the given collection
ProjectCollection workItemsProjects = workItemStore.Projects;
foreach (Project teamProject in workItemsProjects)
{
if (options.Projects != null)
{
if (!options.Projects.Contains(teamProject.Name))
{
Console.WriteLine(" ...skipping Team Project: {0}", teamProject.Name);
continue;
}
}
// Create project security token
string projectSecurityToken = "$PROJECT:" + teamProject.Uri.AbsoluteUri;
// Project Permissions
var server = tfs.GetService<ISecurityService>();
var vcs = tfs.GetService<VersionControlServer>();
TeamFoundation.Git.Client.GitRepositoryService gitRepostoryService = tfs.GetService<TeamFoundation.Git.Client.GitRepositoryService>();
Console.WriteLine("==== Extracting Permissions for {0} Team Project ====", teamProject.Name);
var groups = GetUserGroups(tfs, teamProject.Uri.AbsoluteUri, userIdentity);
var projectLevelPermissions = ExtractGenericSecurityNamespacePermissions(server, PermissionScope.TeamProject, userIdentity, projectSecurityToken, ims, groups);
// Version Control Permissions
var versionControlPermissions = ExtractVersionControlPermissions(server, groups, userIdentity, teamProject.Name, ims, vcs);
var gitVersionControlPermissions = ExtractGitVersionControlPermissions(server, groups, userIdentity, teamProject.Name, ims, vcs, gitRepostoryService);
// Build Permissions
var buildPermissions = ExtractBuildPermissions(server, projectSecurityToken, userIdentity);
// WorkItems Area Permissions
var areasPermissions = ExtractAreasPermissions(server, teamProject, userIdentity, ims, groups);
// WorkItems Iteration Permissions
var iterationPermissions = ExtractIterationPermissions(server, teamProject, userIdentity, ims, groups);
// Workspace Permissions
// var workspacePermission = ExtractGenericSecurityNamespacePermissions(server, PermissionScope.Workspaces, userIdentity, projectSecurityToken, ims, groups);
// Set TFS report Data
// Create Team Project node in XML file
var tfsTeamProject = new TfsTeamProject
{
Name = teamProject.Name,
AreaPermissions = areasPermissions,
BuildPermissions = buildPermissions,
IterationPermissions = iterationPermissions,
ProjectLevelPermissions =
new ProjectLevelPermissions
{
ProjectLevelPermissionsList
=
projectLevelPermissions
},
GitVersionControlPermissions = new VersionControlPermissions
{
VersionControlPermissionsList = gitVersionControlPermissions
},
VersionControlPermissions = new VersionControlPermissions
{
VersionControlPermissionsList = versionControlPermissions
}
};
tfsTeamProject.VersionControlPermissions.VersionControlPermissionsList.AddRange(versionControlPermissions);
permissionsReport.TeamProjects.Add(tfsTeamProject);
}
// Generate output file
FileInfo fi = new FileInfo(fileName);
if (!Directory.Exists(fi.DirectoryName))
{
Console.Write("Creating Output Directory {0}", fi.DirectoryName);
Directory.CreateDirectory(fi.DirectoryName);
}
var fs = new FileStream(fileName, FileMode.Create);
var streamWriter = new StreamWriter(fs, Encoding.UTF8);
using (streamWriter)
{
var xmlSerializer = new XmlSerializer(typeof(PermissionsReport));
xmlSerializer.Serialize(streamWriter, permissionsReport);
streamWriter.Flush();
}
if (options.Html)
{
var tranformationFileName = Path.Combine(Path.GetDirectoryName(fileName), "ALMRanger.xsl");
File.WriteAllText(tranformationFileName, Resources.ALMRangers_SampleXslt);
var htmlOuput = Path.ChangeExtension(fileName, ".html");
var logoFile = Path.Combine(Path.GetDirectoryName(fileName), "ALMRangers_Logo.png");
Resources.ALMRangers_Logo.Save(logoFile);
XmlTransformationManager.TransformXmlUsingXsl(fileName, tranformationFileName, htmlOuput);
}
return true;
}
catch (TeamFoundationServiceException ex)
{
Console.WriteLine(ex.Message);
return false;
}
}
/// <summary>
/// Extracts area permission for a specific identity
/// </summary>
/// <param name="server">Server security service</param>
/// <param name="teamProject">Team project</param>
/// <param name="userIdentity">User identity</param>
/// <param name="identityManagementService">The identityManagementService</param>
/// <param name="groups">List of groups</param>
/// <returns>The list of the permissions</returns>
private static List<AreaPermission> ExtractAreasPermissions(ISecurityService server, Project teamProject, TeamFoundationIdentity userIdentity, IIdentityManagementService identityManagementService, List<string> groups)
{
var result = new List<AreaPermission>();
Console.WriteLine("== Extract WorkItems Area Permissions ==");
// root Area Node
var areaPermissionRoot = new AreaPermission { AreaName = teamProject.Name, AreaPermissions = new List<Permission>() };
areaPermissionRoot.AreaPermissions.AddRange(ExtractGenericSecurityNamespacePermissions(server, PermissionScope.WorkItemAreas, userIdentity, teamProject.AreaRootNodeUri.AbsoluteUri, identityManagementService, groups));
if (areaPermissionRoot.AreaPermissions.Count > 0)
{
result.Add(areaPermissionRoot);
}
IEnumerable<Node> areaList = Helpers.FlattenTree(teamProject.AreaRootNodes);
foreach (Node area in areaList)
{
var areaPermission = new AreaPermission { AreaName = area.Path, AreaPermissions = new List<Permission>() };
areaPermission.AreaPermissions.AddRange(ExtractGenericSecurityNamespacePermissions(server, PermissionScope.WorkItemAreas, userIdentity, area.Uri.AbsoluteUri, identityManagementService, groups));
if (areaPermission.AreaPermissions.Count > 0)
{
Console.WriteLine(" -- Adding Permissions for {0}", area.Path);
result.Add(areaPermission);
}
}
return result;
}
private static TeamFoundationIdentity GetAllValidUsers(IIdentityManagementService ims)
{
var validUsersGroupMembers = ims.ReadIdentity(GroupWellKnownDescriptors.EveryoneGroup,
MembershipQuery.Direct,
ReadIdentityOptions.None);
return validUsersGroupMembers;
}
public TfsIdentityServiceProxy(IIdentityManagementService identityService)
{
this.identityService = identityService;
this.users = new Dictionary<string, UserIdentity>();
this.RootGroupName = @"[WPF_Scrum]\Contributors";
}
/// <summary>
/// Extracts the generic security namespace permissions.
/// </summary>
/// <param name="server">The server.</param>
/// <param name="permissionScope">The permission scope.</param>
/// <param name="userIdentity">The user identity.</param>
/// <param name="securityToken">The security token.</param>
/// <param name="identityManagementService">The identityManagementService.</param>
/// <param name="groups">The groups.</param>
/// <returns>List of Permissions</returns>
private static List<Permission> ExtractGenericSecurityNamespacePermissions(ISecurityService server, PermissionScope permissionScope, TeamFoundationIdentity userIdentity, string securityToken, IIdentityManagementService identityManagementService, IEnumerable<string> groups)
{
SecurityNamespace genericSecurityNamespace = server.GetSecurityNamespace(Helpers.GetSecurityNamespaceId(permissionScope, server));
AccessControlList userAccessList =
genericSecurityNamespace.QueryAccessControlList(
securityToken,
new List<IdentityDescriptor> { userIdentity.Descriptor },
true);
var result = new List<Permission>();
result.AddRange(Helpers.AccessControlEntryToPermission(genericSecurityNamespace, userAccessList.AccessControlEntries, false, string.Empty));
// handle group inheritance
foreach (string group in groups)
{
TeamFoundationIdentity groupIdentity = identityManagementService.ReadIdentity(IdentitySearchFactor.Identifier, group, MembershipQuery.None, ReadIdentityOptions.IncludeReadFromSource);
AccessControlList groupAccessList =
genericSecurityNamespace.QueryAccessControlList(
securityToken,
new List<IdentityDescriptor> { groupIdentity.Descriptor },
true);
result.AddRange(Helpers.AccessControlEntryToPermission(genericSecurityNamespace, groupAccessList.AccessControlEntries, true, groupIdentity.DisplayName));
}
var modifiedPermissions = Helpers.RemoveDuplicatePermissionsAndCombineGroups(result);
return modifiedPermissions;
}
void MainWindow_Loaded(object sender, RoutedEventArgs e)
{
this.teamProjectCollection = new TfsTeamProjectCollection(new Uri(TeamProjectCollectionPath));
this.teamProjectCollection.Authenticate();
this.teamProjectCollection.EnsureAuthenticated();
this.versionControl = this.teamProjectCollection.GetService<VersionControlServer>();
this.sourceControlProxy = new TfsProxy(this.versionControl);
this.infoProvider = new TestChangeCalculator(this.sourceControlProxy);
this.identityService = this.teamProjectCollection.GetService<IIdentityManagementService>();
//this.pickerFrom.SelectedValue = new DateTime(2012, 10, 19, 7, 0, 0);
this.pickerFrom.SelectedValue = new DateTime(2012, 10, 18, 23, 0, 0);
//this.pickerTo.SelectedValue = new DateTime(2012, 11, 28, 23, 0, 0);
this.pickerTo.SelectedValue = DateTime.Now;// new DateTime(2012, 11, 10, 23, 0, 0);
this.pathTextBox.Text = "$/WPF_Scrum/Development/Core/Data";
this.testsPerGroupView.IdentityService = new TfsIdentityServiceProxy(this.identityService);
var iden = this.testsPerGroupView.IdentityService.GetUserIdentities();
iden = this.testsPerGroupView.IdentityService.GetUserIdentities();
//2.Read the group represnting the root node
var rootIdentity = this.identityService.ReadIdentity(IdentitySearchFactor.AccountName, @"[WPF_Scrum]\Contributors", MembershipQuery.Direct, ReadIdentityOptions.None);
//3.Recursively parse the members of the group
DisplayGroupTree(this.identityService, rootIdentity, 0);
}
/// <summary>
/// Extracts version control permissions for a specific identity.
/// </summary>
/// <param name="server">TFS Security service</param>
/// <param name="groups">Security groups</param>
/// <param name="userIdentity">User Identity</param>
/// <param name="projectSecurityToken">Project Security Token</param>
/// <param name="ims">TFS Identity service</param>
/// <param name="vcs">TFS VC Service</param>
/// <returns>The list of the permissions</returns>
private static List<Permission> ExtractVersionControlPermissions(
ISecurityService server,
IEnumerable<string> groups,
TeamFoundationIdentity userIdentity,
string projectSecurityToken,
IIdentityManagementService ims,
VersionControlServer vcs)
{
Console.WriteLine("== Extract Version Control Permissions ==");
var teamProject = vcs.TryGetTeamProject(projectSecurityToken);
if (teamProject == null)
{
return new List<Permission>();
}
return ExtractGenericSecurityNamespacePermissions(server, PermissionScope.SourceControl, userIdentity, teamProject.ServerItem, ims, groups);
}
public void Setup()
{
identityManagementService = Substitute.For<IIdentityManagementService>();
sut = new IdentityManagementController(identityManagementService);
}
/// <summary>
/// Sample method on how to extracts the git version control permissions.
/// </summary>
/// <param name="server">The server.</param>
/// <param name="groups">The groups.</param>
/// <param name="userIdentity">The user identity.</param>
/// <param name="projectSecurityToken">The project security token.</param>
/// <param name="identityManagementService">The identityManagementService.</param>
/// <param name="vcs">The VCS.</param>
/// <param name="gitService">The git service.</param>
/// <returns>List of Permissions</returns>
private static List<Permission> ExtractGitVersionControlPermissions(ISecurityService server, IEnumerable<string> groups, TeamFoundationIdentity userIdentity, string projectSecurityToken, IIdentityManagementService identityManagementService, VersionControlServer vcs, TeamFoundation.Git.Client.GitRepositoryService gitService)
{
Console.WriteLine("== Extract Git Version Control Permissions ==");
SecurityNamespace gitVersionControlSecurityNamespace = server.GetSecurityNamespace(Helpers.GetSecurityNamespaceId(PermissionScope.GitSourceControl, server));
var gitProjectRepoService = gitService.QueryRepositories(projectSecurityToken);
// This sample handle only the default repository, you can iterate through all repositories same way
var defaultGitRepo = gitProjectRepoService.SingleOrDefault(gr => gr.Name.Equals(projectSecurityToken));
vcs.TryGetTeamProject(projectSecurityToken);
if (defaultGitRepo == null)
{
return new List<Permission>();
}
// Repository Security Token is repoV2/TeamProjectId/RepositoryId
var repoIdToken = string.Format("repoV2{0}{1}{2}{3}", gitVersionControlSecurityNamespace.Description.SeparatorValue, defaultGitRepo.ProjectReference.Id, gitVersionControlSecurityNamespace.Description.SeparatorValue, defaultGitRepo.Id);
// vcs.GetTeamProject(projectSecurityToken);
AccessControlList versionControlAccessList =
gitVersionControlSecurityNamespace.QueryAccessControlList(
repoIdToken,
new List<IdentityDescriptor> { userIdentity.Descriptor },
true);
var gitVersionControlPermissions = new List<Permission>();
foreach (AccessControlEntry ace in versionControlAccessList.AccessControlEntries)
{
if (0 != ace.Allow)
{
var allowedVersionControlPermissions = ((EnumrationsList.GitPermissions)ace.Allow).ToString();
gitVersionControlPermissions.AddRange(
Helpers.GetActionDetailsByName(allowedVersionControlPermissions, "Allow", PermissionScope.GitSourceControl));
}
if (0 != ace.Deny)
{
var denyVersionControlPermissions = ((EnumrationsList.GitPermissions)ace.Deny).ToString();
gitVersionControlPermissions.AddRange(
Helpers.GetActionDetailsByName(denyVersionControlPermissions, "Deny", PermissionScope.GitSourceControl));
}
}
if (gitVersionControlPermissions.Count == 0)
{
foreach (AccessControlEntry ace in versionControlAccessList.AccessControlEntries)
{
if (0 != ace.ExtendedInfo.EffectiveAllow)
{
var allowedVersionControlPermissions = ((EnumrationsList.GitPermissions)ace.ExtendedInfo.EffectiveAllow).ToString();
gitVersionControlPermissions.AddRange(
Helpers.GetActionDetailsByName(allowedVersionControlPermissions, "Allow", PermissionScope.GitSourceControl));
}
if (0 != ace.ExtendedInfo.EffectiveDeny)
{
var denyVersionControlPermissions = ((EnumrationsList.GitPermissions)ace.ExtendedInfo.EffectiveDeny).ToString();
gitVersionControlPermissions.AddRange(
Helpers.GetActionDetailsByName(denyVersionControlPermissions, "Deny", PermissionScope.GitSourceControl));
}
}
}
foreach (string group in groups)
{
TeamFoundationIdentity groupIdentity = identityManagementService.ReadIdentity(IdentitySearchFactor.Identifier, group, MembershipQuery.None, ReadIdentityOptions.IncludeReadFromSource);
AccessControlList groupAccessList =
gitVersionControlSecurityNamespace.QueryAccessControlList(
repoIdToken,
new List<IdentityDescriptor> { groupIdentity.Descriptor },
true);
foreach (AccessControlEntry ace in groupAccessList.AccessControlEntries)
{
if (0 != ace.Allow)
{
var allowedPermissions = ((EnumrationsList.GitPermissions)ace.Allow).ToString();
var permissionsList = Helpers.GetActionDetailsByName(allowedPermissions, "Inherited Allow", PermissionScope.GitSourceControl);
Helpers.AppendGroupInheritanceInformation(permissionsList, groupIdentity.DisplayName);
gitVersionControlPermissions.AddRange(permissionsList);
}
if (0 != ace.Deny)
{
var denyPermissions = ((EnumrationsList.GitPermissions)ace.Deny).ToString();
var permissionsList = Helpers.GetActionDetailsByName(denyPermissions, "Inherited Deny", PermissionScope.GitSourceControl);
Helpers.AppendGroupInheritanceInformation(permissionsList, groupIdentity.DisplayName);
gitVersionControlPermissions.AddRange(permissionsList);
}
}
}
var modifiedPermissions = Helpers.RemoveDuplicatePermissionsAndCombineGroups(gitVersionControlPermissions);
return modifiedPermissions;
}
