internal List <ExchangeRoleAssignment> FindRoleAssignmentsWithWritableRecipient(ADRawEntry recepientObject, IEnumerable <ExchangeRoleAssignment> roleAssignments)
{
Dictionary <ADObjectId, ADScope> customConfigScopes;
Dictionary <ADObjectId, ADScope> dictionary;
this.RetrieveAllScopes(ScopeRestrictionType.RecipientScope, recepientObject, out customConfigScopes, out dictionary);
if (dictionary.Count > 0 && ManagementReporting.VerifyIsWithinScopes(recepientObject, new List <ADScope>(dictionary.Values), new List <ADScope>(dictionary.Values), new RbacScope(ScopeType.Organization)))
{
return(this.GetEffectiveRoleAssignmentsForRecipient(recepientObject, roleAssignments, customConfigScopes, dictionary, true));
}
return(this.GetEffectiveRoleAssignmentsForRecipient(recepientObject, roleAssignments, customConfigScopes, dictionary, false));
}
private List <ExchangeRoleAssignment> FindRoleAssignmentsWithWritableConfigObject(ScopeRestrictionType restrictionType, ADConfigurationObject writableObject, IEnumerable <ExchangeRoleAssignment> roleAssignments)
{
Dictionary <ADObjectId, ADScope> customConfigScopes;
Dictionary <ADObjectId, ADScope> dictionary;
this.RetrieveAllScopes(restrictionType, writableObject, out customConfigScopes, out dictionary);
if (dictionary.Count > 0 && ManagementReporting.VerifyIsWithinScopes(writableObject, new List <ADScope>(dictionary.Values), new List <ADScope>(dictionary.Values), new RbacScope(ScopeType.Organization)))
{
return(this.GetEffectiveRoleAssignmentsForConfigObject(writableObject, roleAssignments, customConfigScopes, dictionary, true));
}
return(this.GetEffectiveRoleAssignmentsForConfigObject(writableObject, roleAssignments, customConfigScopes, dictionary, false));
}
private static bool VerifyIsWithinScopes(ADRawEntry givenObject, ADScope exclusive, ADScope customScope, ADScope readScope)
{
List <ADScope> list = null;
if (exclusive != null)
{
list = new List <ADScope>();
list.Add(exclusive);
}
List <ADScope> list2 = new List <ADScope>();
if (customScope != null)
{
list2.Add(customScope);
}
return(ManagementReporting.VerifyIsWithinScopes(givenObject, list, list2, readScope));
}
private List <ExchangeRoleAssignment> GetEffectiveRoleAssignmentsForRecipient(ADRawEntry recipientObject, IEnumerable <ExchangeRoleAssignment> roleAssignments, Dictionary <ADObjectId, ADScope> customConfigScopes, Dictionary <ADObjectId, ADScope> exclusiveConfigScopes, bool onlyExclusive)
{
List <ExchangeRoleAssignment> list = new List <ExchangeRoleAssignment>();
if (onlyExclusive)
{
return(this.GetExclusiveEffectiveRoleAssignmentsForRecipient(recipientObject, roleAssignments, exclusiveConfigScopes));
}
ADObjectId[] array = null;
foreach (ExchangeRoleAssignment exchangeRoleAssignment in roleAssignments)
{
if (this.IsValid(exchangeRoleAssignment))
{
switch (exchangeRoleAssignment.RecipientWriteScope)
{
case RecipientWriteScopeType.Organization:
list.Add(exchangeRoleAssignment);
break;
case RecipientWriteScopeType.Self:
if (array == null)
{
List <string> tokenSids = this.recipientSession.GetTokenSids(recipientObject, AssignmentMethod.All);
if (tokenSids == null || tokenSids.Count < 1)
{
ExTraceGlobals.ADConfigTracer.TraceError(0L, "ManagementReporting: GetEffectedRoleAssignmentForRecipient(), Token Sid is emptry, there should be at least one entry");
break;
}
array = this.recipientSession.ResolveSidsToADObjectIds(tokenSids.ToArray());
if (this.sharedConfig != null)
{
array = this.sharedConfig.GetSharedRoleGroupIds(array);
}
}
foreach (ADObjectId adobjectId in array)
{
if (adobjectId.Equals(exchangeRoleAssignment.User))
{
list.Add(exchangeRoleAssignment);
break;
}
}
break;
case RecipientWriteScopeType.OU:
{
RbacScope rbacScope = new RbacScope(ScopeType.OU, exchangeRoleAssignment.CustomRecipientWriteScope, exchangeRoleAssignment.IsFromEndUserRole);
ADRecipient adrecipient = this.recipientSession.Read(exchangeRoleAssignment.User);
if (adrecipient == null)
{
ExTraceGlobals.ADConfigTracer.TraceError(0L, "ManagementReporting: GetEffectedRoleAssignmentForRecipient(), roleAssignment.User does not have a corresponding entry in AD");
}
else
{
rbacScope.PopulateRootAndFilter(this.orgId, adrecipient);
if (ManagementReporting.VerifyIsWithinScopes(recipientObject, null, rbacScope, new RbacScope(exchangeRoleAssignment.RecipientReadScope)))
{
list.Add(exchangeRoleAssignment);
}
}
break;
}
case RecipientWriteScopeType.CustomRecipientScope:
if (customConfigScopes.ContainsKey(exchangeRoleAssignment.CustomRecipientWriteScope))
{
if (ManagementReporting.VerifyIsWithinScopes(recipientObject, null, customConfigScopes[exchangeRoleAssignment.CustomRecipientWriteScope], new RbacScope(exchangeRoleAssignment.RecipientReadScope)))
{
list.Add(exchangeRoleAssignment);
}
}
else
{
ExTraceGlobals.ADConfigTracer.TraceError <ADObjectId>(0L, "Custom Recipient Scope '{0}' was not found.", exchangeRoleAssignment.CustomRecipientWriteScope);
}
break;
}
}
}
return(list);
}
private List <ExchangeRoleAssignment> GetExclusiveEffectiveRoleAssignmentsForRecipient(ADRawEntry recipientObject, IEnumerable <ExchangeRoleAssignment> roleAssignments, Dictionary <ADObjectId, ADScope> exclusiveConfigScopes)
{
List <ExchangeRoleAssignment> list = new List <ExchangeRoleAssignment>();
foreach (ExchangeRoleAssignment exchangeRoleAssignment in roleAssignments)
{
if (this.IsValid(exchangeRoleAssignment) && exchangeRoleAssignment.RecipientWriteScope == RecipientWriteScopeType.ExclusiveRecipientScope && exclusiveConfigScopes.ContainsKey(exchangeRoleAssignment.CustomRecipientWriteScope) && ManagementReporting.VerifyIsWithinScopes(recipientObject, exclusiveConfigScopes[exchangeRoleAssignment.CustomRecipientWriteScope], exclusiveConfigScopes[exchangeRoleAssignment.CustomRecipientWriteScope], new RbacScope(exchangeRoleAssignment.ConfigReadScope)))
{
list.Add(exchangeRoleAssignment);
}
}
return(list);
}
private List <ExchangeRoleAssignment> GetEffectiveRoleAssignmentsForConfigObject(ADConfigurationObject configObject, IEnumerable <ExchangeRoleAssignment> roleAssignments, Dictionary <ADObjectId, ADScope> customConfigScopes, Dictionary <ADObjectId, ADScope> exclusiveConfigScopes, bool onlyExclusive)
{
List <ExchangeRoleAssignment> list = new List <ExchangeRoleAssignment>();
if (onlyExclusive)
{
foreach (ExchangeRoleAssignment exchangeRoleAssignment in roleAssignments)
{
if (this.IsValid(exchangeRoleAssignment) && exchangeRoleAssignment.ConfigWriteScope == ConfigWriteScopeType.ExclusiveConfigScope && exclusiveConfigScopes.ContainsKey(exchangeRoleAssignment.CustomConfigWriteScope) && ManagementReporting.VerifyIsWithinScopes(configObject, exclusiveConfigScopes[exchangeRoleAssignment.CustomConfigWriteScope], exclusiveConfigScopes[exchangeRoleAssignment.CustomConfigWriteScope], new RbacScope(exchangeRoleAssignment.ConfigReadScope)))
{
list.Add(exchangeRoleAssignment);
}
}
return(list);
}
foreach (ExchangeRoleAssignment exchangeRoleAssignment2 in roleAssignments)
{
if (this.IsValid(exchangeRoleAssignment2))
{
switch (exchangeRoleAssignment2.ConfigWriteScope)
{
case ConfigWriteScopeType.OrganizationConfig:
list.Add(exchangeRoleAssignment2);
break;
case ConfigWriteScopeType.CustomConfigScope:
if (customConfigScopes.ContainsKey(exchangeRoleAssignment2.CustomConfigWriteScope) && ManagementReporting.VerifyIsWithinScopes(configObject, null, customConfigScopes[exchangeRoleAssignment2.CustomConfigWriteScope], new RbacScope(exchangeRoleAssignment2.ConfigReadScope)))
{
list.Add(exchangeRoleAssignment2);
}
break;
}
}
}
return(list);
}
