/// <summary>
/// Gets the list of project users in a TFS project
/// </summary>
/// <param name="projectCollection">TFS PROJECT COLLECTION</param>
/// <param name="projectName">TFS PROJECT NAME</param>
/// <returns></returns>
public static List <TeamFoundationIdentity> ListContributors(TfsTeamProjectCollection tfsTeamProjectCollection, string projectName)
{
List <TeamFoundationIdentity> tfsUsers = new List <TeamFoundationIdentity>();
IIdentityManagementService ims = (IIdentityManagementService)tfsTeamProjectCollection.GetService(typeof(IIdentityManagementService));
// get the tfs project
ReadOnlyCollection <CatalogNode> projectNodes = tfsTeamProjectCollection.CatalogNode.QueryChildren(new[] { CatalogResourceTypes.TeamProject }, false, CatalogQueryOptions.None);
CatalogNode projectCatalogNode = projectNodes.FirstOrDefault(c => c.Resource.DisplayName == projectName);
if (projectCatalogNode != null && ims != null)
{
TeamFoundationIdentity[] groups = ims.ListApplicationGroups(projectName, ReadIdentityOptions.None);
foreach (TeamFoundationIdentity group in groups)
{
TeamFoundationIdentity sids = ims.ReadIdentity(IdentitySearchFactor.DisplayName, group.DisplayName, MembershipQuery.Expanded, ReadIdentityOptions.IncludeReadFromSource);
if (sids != null)
{
tfsUsers.AddRange(ims.ReadIdentities(sids.Members, MembershipQuery.Expanded, ReadIdentityOptions.None));
}
}
}
//Remove any duplicates (by user-id)
return(tfsUsers.GroupBy(u => u.UniqueName).Select(u => u.First()).ToList());
}
public IEnumerable <GroupModel> GetGroups(Guid collectionId, int projectId)
{
using (var server = GetServer())
{
TfsTeamProjectCollection collection = server.GetTeamProjectCollection(collectionId);
WorkItemStore wiStore = collection.GetService <WorkItemStore>();
Project project = wiStore.Projects.GetById(projectId);
IIdentityManagementService identityManagement = collection.GetService <IIdentityManagementService>();
TeamFoundationIdentity[] identities = identityManagement.ListApplicationGroups(project.Uri.ToString(), ReadIdentityOptions.None);
return(Map(identities));
}
}
public static void ScanUsers(TfsTeamProjectCollection tfsTeamProjectCollection, ProjectInfo projectInfo)
{
IIdentityManagementService identityManagementService = tfsTeamProjectCollection.GetService <IIdentityManagementService>();
TeamFoundationIdentity[] projectSecurityGroups = identityManagementService.ListApplicationGroups(
projectInfo.Uri, ReadIdentityOptions.None);
// Get projectValidUsersIdentity Identifier
TeamFoundationIdentity projectValidUsersIdentity = projectSecurityGroups
.FirstOrDefault(psg => psg.GetProperty("SpecialType").ToString().Equals("EveryoneApplicationGroup"));
if (projectValidUsersIdentity == null)
{
return;
}
// Expand projectValidUsersIdentity from Identifier to get the list of Members
projectValidUsersIdentity = identityManagementService.ReadIdentity(
IdentitySearchFactor.Identifier,
projectValidUsersIdentity.Descriptor.Identifier,
MembershipQuery.Expanded, // Number of Members: Direct gives 20, Expanded gives 111, ExpandedDown gives 111, ExpandedUp gives 0.
ReadIdentityOptions.None);
// Expand projectValidUsersIdentity with Members into collection of identities
TeamFoundationIdentity[] projectUsersIdentities = identityManagementService.ReadIdentities(projectValidUsersIdentity.Members,
MembershipQuery.Direct,
ReadIdentityOptions.None);
// First build map from Identifier (which is part of the Descriptor) to Identity object.
foreach (TeamFoundationIdentity userIdentity in projectUsersIdentities)
{
TeamFoundationIdentity currentIdentity = userIdentity;
if (!currentIdentity.BelongsToProject(projectInfo.Uri))
{
continue;
}
TeamProjectScanner.IdToIdentity[currentIdentity.Descriptor.Identifier] = currentIdentity;
TeamProjectScanner.DisplayNameToIdentity[currentIdentity.DisplayName] = currentIdentity;
//Debug.WriteLine("{0}: Members = {1}, MemberOf = {2}", currentIdentity.DisplayName(), currentIdentity.Members.Length, currentIdentity.MemberOf.Length);
}
}
public static void FeedIdentityData(ICollection <ApplicationGroupDefinition> applicationGroupCollection, ICollection <User> userCollection, IIdentityManagementService ims, string projectUri)
{
//Get the project application groups
TeamFoundationIdentity[] lightApplicationGroups = ims.ListApplicationGroups(projectUri, ReadIdentityOptions.IncludeReadFromSource);
//Read the project application groups identities with an expended membership query to populate the Members properties
TeamFoundationIdentity[] fullApplicationGroups = ims.ReadIdentities(lightApplicationGroups.Select(x => x.Descriptor).ToArray(), MembershipQuery.Expanded, ReadIdentityOptions.None);
foreach (TeamFoundationIdentity applicationGroup in fullApplicationGroups)
{
ApplicationGroupDefinition applicationGroupDefinition = new ApplicationGroupDefinition()
{
Name = applicationGroup.DisplayName
};
TeamFoundationIdentity[] applicationGroupMembers = ims.ReadIdentities(applicationGroup.Members, MembershipQuery.None, ReadIdentityOptions.None);
foreach (TeamFoundationIdentity applicationGroupMember in applicationGroupMembers)
{
if (!applicationGroupMember.IsContainer)
{
User user = userCollection.SingleOrDefault(x => x.Name == applicationGroupMember.DisplayName);
if (user == null)
{
user = new User()
{
Name = applicationGroupMember.DisplayName,
IsActive = applicationGroupMember.IsActive,
Mail = applicationGroupMember.GetAttribute("Mail", string.Empty),
Domain = applicationGroupMember.GetAttribute("Domain", string.Empty),
Account = applicationGroupMember.GetAttribute("Account", string.Empty),
DN = applicationGroupMember.GetAttribute("DN", string.Empty),
SID = applicationGroupMember.Descriptor.Identifier
};
userCollection.Add(user);
}
user.ApplicationGroups.Add(applicationGroupDefinition.Name);
applicationGroupDefinition.UserCollection.Add(user);
}
}
applicationGroupCollection.Add(applicationGroupDefinition);
}
}
/// <summary>
/// Create TFS Group if not exists
/// </summary>
/// <param name="groupName"></param>
/// <returns></returns>
public TeamFoundationIdentity CreateGroup(string groupName)
{
// Check if group already exists
TeamFoundationIdentity group = _identityManagementService
.ListApplicationGroups(_projectInfo.Uri, ReadIdentityOptions.IncludeReadFromSource)
.FirstOrDefault(g => string.Equals(g.DisplayName, groupName, StringComparison.OrdinalIgnoreCase));
if (group == null)
{
// Prepare group name
var groupNameToCreate = groupName.Replace($"[{_teamProjectName}]\\", "");
// Group doesn't exist, create one
var groupDescriptor = _identityManagementService.CreateApplicationGroup(_projectInfo.Uri, groupNameToCreate, null);
group = _identityManagementService.ReadIdentity(groupDescriptor, MembershipQuery.None, ReadIdentityOptions.IncludeReadFromSource);
Console.WriteLine($"Group created: '{groupName}'");
}
else
{
Console.WriteLine($"Group already exists: '{groupName}'");
}
return(group);
}
private TeamFoundationIdentity[] allTfsUsers(TfsConnection tfs)
{
try
{
IIdentityManagementService ims = tfs.GetService <IIdentityManagementService>();
TeamFoundationIdentity[] projectGroups = ims.ListApplicationGroups(tfsProject.Project, ReadIdentityOptions.None);
Dictionary <IdentityDescriptor, object> descSet = new Dictionary <IdentityDescriptor, object>(IdentityDescriptorComparer.Instance);
foreach (TeamFoundationIdentity projectGroup in projectGroups)
{
descSet[projectGroup.Descriptor] = projectGroup.Descriptor;
}
projectGroups = ims.ReadIdentities(descSet.Keys.ToArray(), MembershipQuery.Expanded, ReadIdentityOptions.None);
foreach (TeamFoundationIdentity projectGroup in projectGroups)
{
foreach (IdentityDescriptor mem in projectGroup.Members)
{
descSet[mem] = mem;
}
}
TeamFoundationIdentity[] identities = new TeamFoundationIdentity[0];
int batchSizeLimit = 100000;
var descriptors = descSet.Keys.ToArray();
if (descriptors.Length > batchSizeLimit)
{
int batchNum = 0;
int remainder = descriptors.Length;
IdentityDescriptor[] batchDescriptors = new IdentityDescriptor[batchSizeLimit];
while (remainder > 0)
{
int startAt = batchNum * batchSizeLimit;
int length = batchSizeLimit;
if (length > remainder)
{
length = remainder;
batchDescriptors = new IdentityDescriptor[length];
}
Array.Copy(descriptors, startAt, batchDescriptors, 0, length);
identities = ims.ReadIdentities(batchDescriptors, MembershipQuery.Direct, ReadIdentityOptions.None);
remainder -= length;
}
}
else
{
identities = ims.ReadIdentities(descriptors, MembershipQuery.Direct, ReadIdentityOptions.None);
}
return(identities.Where(_ => !_.IsContainer && _.Descriptor.IdentityType != "Microsoft.TeamFoundation.UnauthenticatedIdentity").ToArray());
}
catch
{
/* Do nothing */
}
return(tfs != null? new TeamFoundationIdentity[] { tfs.AuthorizedIdentity } : new TeamFoundationIdentity[0]);
}
/// <summary>
/// Removes a user account from TFS Security groups.
/// </summary>
/// <param name="usersList">List of users and corresponding projects.</param>
/// <returns>ReturnCode</returns>
public ReturnCode RemoveUsers(List <User2GroupsMap> usersList)
{
if (tpCollection == null)
{
FileHelper.Log("Collection not initialized.");
return(ReturnCode.Failure);
}
int errorCount = 0;
int iteration = 0;
try
{
if (usersList == null || usersList.Capacity <= 0)
{
FileHelper.Log("Users 2 Groups mapping is not available.");
return(ReturnCode.Failure);
}
// For each User to Groups mapping
foreach (User2GroupsMap u2gmap in usersList)
{
iteration++;
// Find the user identity
UserPrincipal user = GetUserIdentity(u2gmap.UserName);
if (user != null && user.Sid != null)
{
FileHelper.Log("User found..." + user.Name);
// Remove user at Project level
if (u2gmap.TeamProjectNames.Count > 0)
{
foreach (string teamProjectName in u2gmap.TeamProjectNames)
{
ProjectInfo prjInfo = GetProject(teamProjectName);
if (prjInfo != null)
{
iteration++;
FileHelper.Log("Removing user from team project " + prjInfo.Name);
TeamFoundationIdentity[] applicationGroups =
idMgmtSvc.ListApplicationGroups(prjInfo.Uri, ReadIdentityOptions.None);
foreach (TeamFoundationIdentity grpIdentity in applicationGroups)
{
iteration++;
bool result = RemoveMemberFromGroup(grpIdentity.Descriptor,
new IdentityDescriptor(RES_WindowsIdentity, user.Sid.Value));
if (!result)
{
errorCount++;
}
}
}
else
{
errorCount++;
}
}
FileHelper.Log("Operation completed.");
}
else
{
FileHelper.Log("Removing user from all team projects...");
// Remove user from all groups, at collection level -
// use "Project Collection Valid Users" as the one source.
TeamFoundationIdentity tfiGrp = GetProjCollectionValidUsersGroup();
bool result = RemoveUserFromAllGroupsInCollection(tfiGrp,
new IdentityDescriptor(RES_WindowsIdentity, user.Sid.Value));
if (!result)
{
errorCount++;
}
FileHelper.Log("Operation completed.");
}
}
else
{
errorCount++;
FileHelper.Log("User not found..." + u2gmap.UserName);
}
}
}
catch (Exception ex)
{
FileHelper.Log(ex.Message);
FileHelper.Log(ex.StackTrace);
return(ReturnCode.Failure);
}
return(GetReturnCode(iteration, errorCount));
}
public IEnumerable <TeamFoundationIdentity> GetRootGroups()
{
return(_identityService.ListApplicationGroups(null, ReadIdentityOptions.None));
}
