internal static void VerifyIsInScopes(ADObject adObject, ScopeSet scopeSet, Task.TaskErrorLoggingDelegate writeErrorDelegate)
{
ADScopeException ex;
if (!ADSession.TryVerifyIsWithinScopes(adObject, scopeSet.RecipientReadScope, scopeSet.RecipientWriteScopes, scopeSet.ExclusiveRecipientScopes, false, out ex))
{
writeErrorDelegate(new TaskException(Strings.ErrorCannotChangeObjectOutOfWriteScope(adObject.Identity.ToString(), (ex == null) ? string.Empty : ex.Message), ex), ErrorCategory.PermissionDenied, null);
}
}
private static bool VerifyIsWithinScopes(ADRawEntry givenObject, List <ADScope> exclusiveScopes, List <ADScope> customScopes, ADScope readScope)
{
List <ADScopeCollection> list = null;
ADScopeCollection exclusiveScopes2 = null;
if (exclusiveScopes != null && exclusiveScopes.Count > 0)
{
exclusiveScopes2 = new ADScopeCollection(exclusiveScopes);
}
if (customScopes != null && customScopes.Count > 0)
{
list = new List <ADScopeCollection>();
list.Add(new ADScopeCollection(customScopes));
}
ADScopeException ex;
return(ADSession.TryVerifyIsWithinScopes(givenObject, readScope, list, exclusiveScopes2, true, out ex));
}
// Token: 0x0600141C RID: 5148 RVA: 0x00048C88 File Offset: 0x00046E88
public virtual bool IsTargetObjectInRoleScope(RoleType roleType, ADRecipient targetRecipient)
{
if (targetRecipient == null)
{
throw new ArgumentNullException("targetRecipient");
}
List <ADObjectId> rolesFromRoleType = this.GetRolesFromRoleType(roleType);
if (rolesFromRoleType == null)
{
ExTraceGlobals.AccessDeniedTracer.TraceWarning <string, RoleType>((long)this.GetHashCode(), "IsTargetObjectInRoleScope() returns false because identity {0} doesn't have role {1}", this.identityName, roleType);
return(false);
}
using (List <ADObjectId> .Enumerator enumerator = rolesFromRoleType.GetEnumerator())
{
while (enumerator.MoveNext())
{
ADObjectId roleId = enumerator.Current;
IEnumerable <ExchangeRoleAssignment> enumerable = from x in this.allRoleAssignments
where x.Role.Equals(roleId)
select x;
foreach (ExchangeRoleAssignment exchangeRoleAssignment in enumerable)
{
RoleAssignmentScopeSet effectiveScopeSet = exchangeRoleAssignment.GetEffectiveScopeSet(this.allScopes, base.UserAccessToken);
OrganizationId organizationId = targetRecipient.OrganizationId;
effectiveScopeSet.RecipientReadScope.PopulateRootAndFilter(organizationId, targetRecipient);
effectiveScopeSet.RecipientWriteScope.PopulateRootAndFilter(organizationId, targetRecipient);
ADScopeException ex;
if (ADSession.TryVerifyIsWithinScopes(targetRecipient, effectiveScopeSet.RecipientReadScope, new ADScopeCollection[]
{
new ADScopeCollection(new ADScope[]
{
effectiveScopeSet.RecipientWriteScope
})
}, this.exclusiveRecipientScopesCollection, false, out ex))
{
return(true);
}
}
}
}
ExTraceGlobals.AccessDeniedTracer.TraceWarning <string, RoleType, ObjectId>((long)this.GetHashCode(), "IsTargetObjectInRoleScope() returns false because identity {0}'s roles of type {1} don't have the scope that covers target object {2}.", this.identityName, roleType, targetRecipient.Identity);
return(false);
}
