internal static void VerifyIsInScopes(ADObject adObject, ScopeSet scopeSet, Task.TaskErrorLoggingDelegate writeErrorDelegate) { ADScopeException ex; if (!ADSession.TryVerifyIsWithinScopes(adObject, scopeSet.RecipientReadScope, scopeSet.RecipientWriteScopes, scopeSet.ExclusiveRecipientScopes, false, out ex)) { writeErrorDelegate(new TaskException(Strings.ErrorCannotChangeObjectOutOfWriteScope(adObject.Identity.ToString(), (ex == null) ? string.Empty : ex.Message), ex), ErrorCategory.PermissionDenied, null); } }
private static bool VerifyIsWithinScopes(ADRawEntry givenObject, List <ADScope> exclusiveScopes, List <ADScope> customScopes, ADScope readScope) { List <ADScopeCollection> list = null; ADScopeCollection exclusiveScopes2 = null; if (exclusiveScopes != null && exclusiveScopes.Count > 0) { exclusiveScopes2 = new ADScopeCollection(exclusiveScopes); } if (customScopes != null && customScopes.Count > 0) { list = new List <ADScopeCollection>(); list.Add(new ADScopeCollection(customScopes)); } ADScopeException ex; return(ADSession.TryVerifyIsWithinScopes(givenObject, readScope, list, exclusiveScopes2, true, out ex)); }
// Token: 0x0600141C RID: 5148 RVA: 0x00048C88 File Offset: 0x00046E88 public virtual bool IsTargetObjectInRoleScope(RoleType roleType, ADRecipient targetRecipient) { if (targetRecipient == null) { throw new ArgumentNullException("targetRecipient"); } List <ADObjectId> rolesFromRoleType = this.GetRolesFromRoleType(roleType); if (rolesFromRoleType == null) { ExTraceGlobals.AccessDeniedTracer.TraceWarning <string, RoleType>((long)this.GetHashCode(), "IsTargetObjectInRoleScope() returns false because identity {0} doesn't have role {1}", this.identityName, roleType); return(false); } using (List <ADObjectId> .Enumerator enumerator = rolesFromRoleType.GetEnumerator()) { while (enumerator.MoveNext()) { ADObjectId roleId = enumerator.Current; IEnumerable <ExchangeRoleAssignment> enumerable = from x in this.allRoleAssignments where x.Role.Equals(roleId) select x; foreach (ExchangeRoleAssignment exchangeRoleAssignment in enumerable) { RoleAssignmentScopeSet effectiveScopeSet = exchangeRoleAssignment.GetEffectiveScopeSet(this.allScopes, base.UserAccessToken); OrganizationId organizationId = targetRecipient.OrganizationId; effectiveScopeSet.RecipientReadScope.PopulateRootAndFilter(organizationId, targetRecipient); effectiveScopeSet.RecipientWriteScope.PopulateRootAndFilter(organizationId, targetRecipient); ADScopeException ex; if (ADSession.TryVerifyIsWithinScopes(targetRecipient, effectiveScopeSet.RecipientReadScope, new ADScopeCollection[] { new ADScopeCollection(new ADScope[] { effectiveScopeSet.RecipientWriteScope }) }, this.exclusiveRecipientScopesCollection, false, out ex)) { return(true); } } } } ExTraceGlobals.AccessDeniedTracer.TraceWarning <string, RoleType, ObjectId>((long)this.GetHashCode(), "IsTargetObjectInRoleScope() returns false because identity {0}'s roles of type {1} don't have the scope that covers target object {2}.", this.identityName, roleType, targetRecipient.Identity); return(false); }