protected async Task ExportProjectPermissionsAsync(AzDoServices.Dtos.Project project)
{
var graphService = GetGraphService();
var groups = await graphService.ListGroupsInProjectAsync(project.Id);
var manifest = BaseSchema.GetEmpty(project.Name, ManifestKind.Permission);
manifest.Permissions = new List <PermissionSchemaManifest>();
foreach (var group in groups)
{
var memberCollection = await graphService.GetGroupMembersAsync(group.Descriptor);
if (memberCollection != null && memberCollection.Members != null && memberCollection.Members.Any())
{
var permissionManifest = PermissionSchemaManifest.Create(group.DisplayName);
manifest.Permissions.Add(permissionManifest);
await PopulateMembershipAsync(graphService, memberCollection, permissionManifest);
}
}
if (manifest.Permissions.Any())
{
await this.fs.WriteManifestAsync(project, ManifestKind.Permission, Serialize(manifest));
}
}
private static async Task PopulateMembershipAsync(
AzDoServices.GraphService graphService,
AzDoServices.Dtos.VstsMembershipCollection memberCollection,
PermissionSchemaManifest permissionManifest)
{
foreach (var member in memberCollection.Members)
{
if (graphService.IsGroupDescriptor(member.MemberDescriptor))
{
var gp = await graphService.GetGroupByDescriptorAsync(member.MemberDescriptor);
if (gp != null)
{
permissionManifest.Membership.Groups.Add(new AadObjectSchema
{
Name = gp.DisplayName,
Id = gp.OriginId
});
}
}
else
{
var usr = await graphService.GetUserByDescriptorAsync(member.MemberDescriptor);
if (usr != null)
{
permissionManifest.Membership.Users.Add(new AadObjectSchema
{
Name = usr.DisplayName,
Id = usr.OriginId
});
}
}
}
}
private async Task ApplyGroupPermissionsAsync(
GraphService gService,
GroupCollection allUsers,
Guid projectId,
PermissionSchemaManifest permissionEntry,
VstsGroup targetGroup)
{
using var op = Insights.BeginOperation($"Updating membership of [{targetGroup.PrincipalName}]...", "GroupPermissions");
// get existing members - so later we can remove the unwanted members (no longer in yaml)
var outdatedMembership = await gService.GetGroupMembersAsync(targetGroup.Descriptor);
var survivorDescriptors = new List <string>();
if (permissionEntry.Membership.Groups != null && permissionEntry.Membership.Groups.Any())
{
foreach (var gp in permissionEntry.Membership.Groups)
{
var groupObject = await GetGroupByNameAsync(IdentityOrigin.Aad.ToString(), gp.Name, gp.Id);
if (groupObject != null)
{
await gService.AddMemberAsync(projectId, targetGroup.Descriptor, groupObject.Descriptor);
survivorDescriptors.Add(groupObject.Descriptor);
}
}
}
if (permissionEntry.Membership.Users != null && permissionEntry.Membership.Users.Any())
{
foreach (var user in permissionEntry.Membership.Users)
{
var userInfo = allUsers.Value.FirstOrDefault(u => u.OriginId.Equals(user.Id));
if (userInfo != null)
{
await gService.AddMemberAsync(projectId, targetGroup.Descriptor, userInfo.Descriptor);
survivorDescriptors.Add(userInfo.Descriptor);
}
}
}
if (outdatedMembership != null && outdatedMembership.Members != null && outdatedMembership.Members.Any())
{
foreach (var potentialOutdatedMember in outdatedMembership.Members)
{
var remainValid = survivorDescriptors
.Exists(s => s.Contains(potentialOutdatedMember.MemberDescriptor, StringComparison.OrdinalIgnoreCase));
if (!remainValid)
{
await gService.RemoveMembershipAsync(projectId, targetGroup.Descriptor, potentialOutdatedMember.MemberDescriptor);
}
}
}
}
