private bool IsSafeToRemoveDisableAssignmentFromGroup(ExchangeRoleAssignment roleAssignment)
{
if (!RoleAssignmentsGlobalConstraints.IsValidCannedRoleToGroupAssignment(roleAssignment))
{
return(true);
}
ExchangeRole role = this.GetRole(roleAssignment.Role);
if (!role.IsValid)
{
return(true);
}
bool flag = true;
bool verifyGroupEmptiness = false;
if (roleAssignment.RoleAssignmentDelegationType.Equals(RoleAssignmentDelegationType.DelegatingOrgWide) && role.IsRootRole && !role.IsUnscoped)
{
flag = false;
}
if (roleAssignment.RoleAssignmentDelegationType.Equals(RoleAssignmentDelegationType.Regular) && role.IsRootRole && RoleAssignmentsGlobalConstraints.RoleTypesWithRegularAssignment.Contains(role.RoleType))
{
flag = false;
verifyGroupEmptiness = true;
}
flag = (flag || !role.GetImplicitScopeSet().Equals(roleAssignment.GetSimpleScopeSet()));
if (!flag)
{
flag = this.ExistDistinctRoleAssignmentForGroup(roleAssignment, role, verifyGroupEmptiness);
}
return(flag);
}
protected override void InternalValidate()
{
TaskLogger.LogEnter();
base.InternalValidate();
if (base.HasErrors)
{
return;
}
RoleHelper.ValidateAssignmentMethod(this.Identity, this.Identity.User, this.DataObject.Role, this.DataObject.User, new RoleHelper.ErrorRoleAssignmentDelegate(Strings.ErrorSetGroupRoleAssignment), new RoleHelper.ErrorRoleAssignmentDelegate(Strings.ErrorSetMailboxPlanRoleAssignment), new RoleHelper.ErrorRoleAssignmentDelegate(Strings.ErrorSetPolicyRoleAssignment), new Task.TaskErrorLoggingDelegate(base.WriteError));
bool flag = false;
if (base.Fields.IsModified(RbacCommonParameters.ParameterEnabled))
{
if (this.Enabled && this.DataObject.Enabled)
{
this.WriteWarning(Strings.WarningEnableEnabledRoleAssignment(this.DataObject.Id.ToString()));
}
else if (!this.Enabled && !this.DataObject.Enabled)
{
this.WriteWarning(Strings.WarningDisableDisabledRoleAssignment(this.DataObject.Id.ToString()));
}
else if (!this.Enabled && this.DataObject.Enabled)
{
flag = true;
}
}
if (RoleAssignmentsGlobalConstraints.IsValidCannedRoleToGroupAssignment(this.DataObject) && (flag || RoleHelper.IsScopeSpecified(base.Fields)))
{
RoleAssignmentsGlobalConstraints roleAssignmentsGlobalConstraints = new RoleAssignmentsGlobalConstraints(this.ConfigurationSession, base.TenantGlobalCatalogSession, new Task.ErrorLoggerDelegate(base.WriteError));
roleAssignmentsGlobalConstraints.ValidateIsSafeToModifyAssignment(this.DataObject, flag);
}
TaskLogger.LogExit();
}
private bool IsUserRequiredForAssignment(ExchangeRoleAssignment roleAssignment)
{
if (!RoleAssignmentsGlobalConstraints.IsValidCannedRoleToGroupAssignment(roleAssignment))
{
return(false);
}
ExchangeRole role = this.GetRole(roleAssignment.Role);
return(role.IsValid && (roleAssignment.RoleAssignmentDelegationType.Equals(RoleAssignmentDelegationType.Regular) && role.IsRootRole && RoleAssignmentsGlobalConstraints.RoleTypesWithRegularAssignment.Contains(role.RoleType)) && role.GetImplicitScopeSet().Equals(roleAssignment.GetSimpleScopeSet()));
}
private bool HierarchicalCheckForGroupEmptiness(ADGroup group, out ExchangeRoleAssignment roleAssignment)
{
roleAssignment = null;
Result <ExchangeRoleAssignment>[] inheritedRoleAssignments = this.GetInheritedRoleAssignments(group);
if (inheritedRoleAssignments == null)
{
return(true);
}
this.excludedFromEmptinessValidation.Add(group.Id);
List <ADGroup> list = new List <ADGroup>();
Result <ExchangeRoleAssignment>[] array = inheritedRoleAssignments;
for (int i = 0; i < array.Length; i++)
{
Result <ExchangeRoleAssignment> assignment = array[i];
Result <ExchangeRoleAssignment> assignment8 = assignment;
if (RoleAssignmentsGlobalConstraints.IsValidCannedRoleToGroupAssignment(assignment8.Data))
{
if (!list.Exists(delegate(ADGroup x)
{
ADObjectId id = x.Id;
Result <ExchangeRoleAssignment> assignment7 = assignment;
return(id.Equals(assignment7.Data.User));
}))
{
Result <ExchangeRoleAssignment> assignment2 = assignment;
if (this.IsUserRequiredForAssignment(assignment2.Data))
{
Result <ExchangeRoleAssignment> assignment3 = assignment;
if (!this.IsGroupEmpty(assignment3.Data.User))
{
list.Add(group);
}
else
{
Result <ExchangeRoleAssignment> assignment4 = assignment;
ExchangeRoleAssignment data = assignment4.Data;
Result <ExchangeRoleAssignment> assignment5 = assignment;
if (!this.ExistDistinctRoleAssignmentForGroup(data, this.GetRole(assignment5.Data.Role), true))
{
Result <ExchangeRoleAssignment> assignment6 = assignment;
roleAssignment = assignment6.Data;
return(false);
}
}
}
}
}
}
return(true);
}
