internal static RbacScope GetRecipientWriteRbacScope(RecipientWriteScopeType recipientWriteScope, ADObjectId customRecipientWriteScope, Dictionary <ADObjectId, ManagementScope> scopeCache, ISecurityAccessToken securityAccessToken, bool isEndUserRole)
{
RbacScope result = null;
switch (recipientWriteScope)
{
case RecipientWriteScopeType.None:
case RecipientWriteScopeType.Organization:
case RecipientWriteScopeType.Self:
case RecipientWriteScopeType.MyDirectReports:
case RecipientWriteScopeType.MyDistributionGroups:
case RecipientWriteScopeType.MyExecutive:
return(new RbacScope((ScopeType)recipientWriteScope, isEndUserRole));
case RecipientWriteScopeType.NotApplicable:
return(new RbacScope(ScopeType.NotApplicable, isEndUserRole));
case RecipientWriteScopeType.MyGAL:
case RecipientWriteScopeType.MailboxICanDelegate:
return(new RbacScope((ScopeType)recipientWriteScope, securityAccessToken, isEndUserRole));
case RecipientWriteScopeType.OU:
return(new RbacScope(ScopeType.OU, customRecipientWriteScope, isEndUserRole));
case RecipientWriteScopeType.CustomRecipientScope:
case RecipientWriteScopeType.ExclusiveRecipientScope:
{
ManagementScope managementScope = scopeCache[customRecipientWriteScope];
if (managementScope != null)
{
return(new RbacScope((ScopeType)recipientWriteScope, managementScope, isEndUserRole));
}
return(result);
}
}
result = null;
return(result);
}
protected override void ValidateRead(List <ValidationError> errors)
{
base.ValidateRead(errors);
ADObjectId adobjectId = (null != base.OrganizationId) ? base.OrganizationId.ConfigurationUnit : null;
if (this.User == null)
{
errors.Add(new PropertyValidationError(DirectoryStrings.UserIsMandatoryInRoleAssignment(this.Identity.ToString()), ExchangeRoleAssignmentSchema.User, null));
}
else if (adobjectId != null && this.User.IsDescendantOf(adobjectId) && this.RoleAssigneeType != RoleAssigneeType.RoleAssignmentPolicy)
{
errors.Add(new PropertyValidationError(DirectoryStrings.WrongAssigneeTypeForPolicyOrPartnerApplication(this.Identity.ToString()), ExchangeRoleAssignmentSchema.User, null));
}
if (this.RoleAssigneeType == RoleAssigneeType.RoleAssignmentPolicy && this.RoleAssignmentDelegationType != RoleAssignmentDelegationType.Regular)
{
errors.Add(new PropertyValidationError(DirectoryStrings.WrongDelegationTypeForPolicy(this.Identity.ToString()), ExchangeRoleAssignmentSchema.User, null));
}
if (this.Role == null)
{
errors.Add(new PropertyValidationError(DirectoryStrings.RoleIsMandatoryInRoleAssignment(this.Identity.ToString()), ExchangeRoleAssignmentSchema.Role, null));
}
ScopeType recipientWriteScope = (ScopeType)this.RecipientWriteScope;
if (this.RecipientReadScope != recipientWriteScope && !RbacScope.IsScopeTypeSmaller(recipientWriteScope, this.RecipientReadScope))
{
errors.Add(new ObjectValidationError(DirectoryStrings.RecipientWriteScopeNotLessThan(recipientWriteScope.ToString(), this.RecipientReadScope.ToString()), this.Identity, base.OriginatingServer));
}
ScopeType configWriteScope = (ScopeType)this.ConfigWriteScope;
if (this.ConfigReadScope != configWriteScope && !RbacScope.IsScopeTypeSmaller(configWriteScope, this.ConfigReadScope))
{
errors.Add(new ObjectValidationError(DirectoryStrings.ConfigScopeNotLessThan(configWriteScope.ToString(), this.ConfigReadScope.ToString()), this.Identity, base.OriginatingServer));
}
bool flag = this.CustomRecipientWriteScope == null || (string.IsNullOrEmpty(this.CustomRecipientWriteScope.DistinguishedName) && this.CustomRecipientWriteScope.ObjectGuid == Guid.Empty);
RecipientWriteScopeType recipientWriteScope2 = this.RecipientWriteScope;
switch (recipientWriteScope2)
{
case RecipientWriteScopeType.OU:
case RecipientWriteScopeType.CustomRecipientScope:
break;
default:
if (recipientWriteScope2 != RecipientWriteScopeType.ExclusiveRecipientScope)
{
if (!flag)
{
errors.Add(new ObjectValidationError(DirectoryStrings.CustomRecipientWriteScopeMustBeEmpty(this.RecipientWriteScope), this.Identity, base.OriginatingServer));
goto IL_25C;
}
goto IL_25C;
}
break;
}
if (flag)
{
errors.Add(new ObjectValidationError(DirectoryStrings.CustomRecipientWriteScopeCannotBeEmpty(this.RecipientWriteScope), this.Identity, base.OriginatingServer));
}
if (this.RoleAssignmentDelegationType == RoleAssignmentDelegationType.DelegatingOrgWide)
{
errors.Add(new ObjectValidationError(DirectoryStrings.OrgWideDelegatingWriteScopeMustBeTheSameAsRoleImplicitWriteScope(this.RecipientWriteScope), this.Identity, base.OriginatingServer));
}
IL_25C:
bool flag2 = this.CustomConfigWriteScope == null || (string.IsNullOrEmpty(this.CustomConfigWriteScope.DistinguishedName) && this.CustomConfigWriteScope.ObjectGuid == Guid.Empty);
switch (this.ConfigWriteScope)
{
case ConfigWriteScopeType.CustomConfigScope:
case ConfigWriteScopeType.PartnerDelegatedTenantScope:
case ConfigWriteScopeType.ExclusiveConfigScope:
if (flag2)
{
errors.Add(new ObjectValidationError(DirectoryStrings.ConfigScopeCannotBeEmpty(this.ConfigWriteScope), this.Identity, base.OriginatingServer));
}
if (this.RoleAssignmentDelegationType == RoleAssignmentDelegationType.DelegatingOrgWide)
{
errors.Add(new ObjectValidationError(DirectoryStrings.OrgWideDelegatingConfigScopeMustBeTheSameAsRoleImplicitWriteScope(this.ConfigWriteScope), this.Identity, base.OriginatingServer));
return;
}
return;
}
if (!flag2)
{
errors.Add(new ObjectValidationError(DirectoryStrings.ConfigScopeMustBeEmpty(this.ConfigWriteScope), this.Identity, base.OriginatingServer));
}
}