public void GrantUserObjectAccess(ISiteSetting siteSetting, Guid objectId, string objectLogicalName, Guid userId, int accessrightmask) { IOrganizationService organizationService = GetClientContext(siteSetting); //no delete access GrantAccessRequest grant = new GrantAccessRequest(); grant.Target = new EntityReference(objectLogicalName, objectId); PrincipalAccess principal = new PrincipalAccess(); principal.Principal = new EntityReference("systemuser", userId); principal.AccessMask = AccessRights.ReadAccess | AccessRights.AppendAccess | AccessRights.WriteAccess | AccessRights.AppendToAccess | AccessRights.ShareAccess | AccessRights.AssignAccess; grant.PrincipalAccess = principal; try { GrantAccessResponse grant_response = (GrantAccessResponse)organizationService.Execute(grant); } catch (Exception ex) { throw ex; } /* * Entity account = new Entity("principalobjectaccess"); * account["objectid"] = objectId; * account["principalid"] = userId; * account["accessrightsmask"] = accessrightmask; * Guid _accountId = organizationService.Create(account); */ }
/// <summary> /// Grants the specified rights to the security principal (user or team) for the specified record /// </summary> /// <param name="er"></param> /// <param name="pa"></param> public void GrantAccessTo(EntityReference er, PrincipalAccess pa) { List <PrincipalAccess> accessList = GetAccessListForRecord(er); if (!accessList.Contains(pa)) { accessList.Add(pa); } }
public void ModifyAccess(EntityReference target, PrincipalAccess access) { var req = new ModifyAccessRequest() { Target = target, PrincipalAccess = access }; this.Execute(req); }
/// <summary> /// Grants the specified rights to the security principal (user or team) for the specified record /// </summary> /// <param name="er"></param> /// <param name="pa"></param> public void GrantAccessTo(EntityReference er, PrincipalAccess pa) { List <PrincipalAccess> accessList = GetAccessListForRecord(er); PrincipalAccess paMatch = accessList.Where(p => p.Principal.Id == pa.Principal.Id).SingleOrDefault(); if (paMatch == null) { accessList.Add(pa); } }
internal void ModifyAccess(EntityReference target, PrincipalAccess principalAccess, EntityReference userRef) { var entity = Core.GetDbEntityWithRelatedEntities(target, EntityRole.Referenced, userRef); CheckSharingAccess(entity, principalAccess, userRef); if (Shares.ContainsKey(target) && Shares[target].ContainsKey(principalAccess.Principal)) { Shares[target][principalAccess.Principal] = principalAccess.AccessMask; } }
/// <summary> /// Revokes any access to any record for the specified security principal (kind of 'Clear All') /// </summary> /// <param name="er"></param> /// <param name="pa"></param> public void RevokeAccessToAllRecordsTo(PrincipalAccess pa) { foreach (EntityReference er in _accessRights.Keys) { List <PrincipalAccess> accessList = GetAccessListForRecord(er); if (accessList.Contains(pa)) { accessList.Remove(pa); } } }
private void CheckSharingAccess(Entity entity, PrincipalAccess principalAccess, EntityReference userRef) { if (!HasPermission(entity, AccessRights.ShareAccess, userRef)) { throw new FaultException($"Trying to share entity '{entity.LogicalName}'" + $", but the calling user with id '{userRef.Id}' does not have share access for that entity"); } if (principalAccess.AccessMask.GetAccessRights().Any(r => !HasPermission(entity, r, userRef))) { throw new FaultException($"Trying to share entity '{entity.LogicalName}'" + $", but the calling user with id '{userRef.Id}' does not have the privileges it tries to share"); } }
/// <summary> /// Revokes the specified rights to the security principal (user or team) for the specified record /// </summary> /// <param name="er"></param> /// <param name="pa"></param> public void RevokeAccessTo(EntityReference er, EntityReference principal) { List <PrincipalAccess> accessList = GetAccessListForRecord(er); for (int x = accessList.Count - 1; x >= 0; x--) { PrincipalAccess pa = accessList[x]; if (pa.Principal.Id == principal.Id) { accessList.RemoveAt(x); } } }
/// <summary> /// Retrieves the RetrievePrincipalAccessResponse for the specified security principal (user or team) and record /// </summary> /// <param name="er"></param> /// <param name="principal"></param> public RetrievePrincipalAccessResponse RetrievePrincipalAccess(EntityReference er, EntityReference principal) { List <PrincipalAccess> accessList = GetAccessListForRecord(er); PrincipalAccess pAcc = accessList.Where(pa => pa.Principal.Id == principal.Id).SingleOrDefault(); RetrievePrincipalAccessResponse resp = new RetrievePrincipalAccessResponse(); if (pAcc != null) { resp.Results["AccessRights"] = pAcc.AccessMask; } return(resp); }
/// <summary> /// Modify access on a specific record /// </summary> /// <param name="er">The entity for which we are modifying permissions</param> /// <param name="pa">The permissions to overwrite</param> public void ModifyAccessOn(EntityReference er, PrincipalAccess pa) { List <PrincipalAccess> accessList = GetAccessListForRecord(er); PrincipalAccess paMatch = accessList.Where(p => p.Principal.Id == pa.Principal.Id).SingleOrDefault(); if (paMatch != null) { accessList[accessList.IndexOf(paMatch)] = pa; } else { accessList.Add(pa); } }
public void GrantAccess(EntityReference Record, EntityReference Principal, AccessRights AccessRights) { PrincipalAccess principalAccess = new PrincipalAccess(); principalAccess.Principal = Principal; principalAccess.AccessMask = AccessRights; GrantAccessRequest grantAccessRequest = new GrantAccessRequest(); grantAccessRequest.Target = Record; grantAccessRequest.PrincipalAccess = principalAccess; GrantAccessResponse grantAccessResponse = (GrantAccessResponse)OrganizationService.Execute(grantAccessRequest); }
/// <summary> /// Grants a specific user Read Access to a specific Entity record. /// </summary> /// <param name="OrganizationService"></param> /// <param name="Record">EntityReference of the record.</param> /// <param name="UserId">GUID of user that is getting access.</param> public void GrantUserReadAccess(EntityReference Record, Guid UserId) { PrincipalAccess principalAccess = new PrincipalAccess(); principalAccess.Principal = new EntityReference("systemuser", UserId); principalAccess.AccessMask = AccessRights.ReadAccess; GrantAccessRequest grantAccessRequest = new GrantAccessRequest(); grantAccessRequest.Target = Record; grantAccessRequest.PrincipalAccess = principalAccess; GrantAccessResponse grantAccessResponse = (GrantAccessResponse)OrganizationService.Execute(grantAccessRequest); }
internal void GrantAccess(EntityReference target, PrincipalAccess principalAccess, EntityReference userRef) { var entity = Core.GetDbEntityWithRelatedEntities(target, EntityRole.Referenced, userRef); CheckSharingAccess(entity, principalAccess, userRef); if (!Shares.ContainsKey(target)) { Shares.Add(target, new Dictionary <EntityReference, AccessRights>()); } if (Shares[target].ContainsKey(principalAccess.Principal)) { throw new FaultException($"Trying to share record with logicalname '{target.LogicalName}' and id '{target.Id}' with " + $"'{principalAccess.Principal.LogicalName}' with id '{principalAccess.Principal.Id}'" + $", but the record was already shared with the {principalAccess.Principal.LogicalName}"); } Shares[target].Add(principalAccess.Principal, principalAccess.AccessMask); }