internal static RbacScope GetRecipientWriteRbacScope(RecipientWriteScopeType recipientWriteScope, ADObjectId customRecipientWriteScope, Dictionary <ADObjectId, ManagementScope> scopeCache, ISecurityAccessToken securityAccessToken, bool isEndUserRole) { RbacScope result = null; switch (recipientWriteScope) { case RecipientWriteScopeType.None: case RecipientWriteScopeType.Organization: case RecipientWriteScopeType.Self: case RecipientWriteScopeType.MyDirectReports: case RecipientWriteScopeType.MyDistributionGroups: case RecipientWriteScopeType.MyExecutive: return(new RbacScope((ScopeType)recipientWriteScope, isEndUserRole)); case RecipientWriteScopeType.NotApplicable: return(new RbacScope(ScopeType.NotApplicable, isEndUserRole)); case RecipientWriteScopeType.MyGAL: case RecipientWriteScopeType.MailboxICanDelegate: return(new RbacScope((ScopeType)recipientWriteScope, securityAccessToken, isEndUserRole)); case RecipientWriteScopeType.OU: return(new RbacScope(ScopeType.OU, customRecipientWriteScope, isEndUserRole)); case RecipientWriteScopeType.CustomRecipientScope: case RecipientWriteScopeType.ExclusiveRecipientScope: { ManagementScope managementScope = scopeCache[customRecipientWriteScope]; if (managementScope != null) { return(new RbacScope((ScopeType)recipientWriteScope, managementScope, isEndUserRole)); } return(result); } } result = null; return(result); }
protected override void ValidateRead(List <ValidationError> errors) { base.ValidateRead(errors); ADObjectId adobjectId = (null != base.OrganizationId) ? base.OrganizationId.ConfigurationUnit : null; if (this.User == null) { errors.Add(new PropertyValidationError(DirectoryStrings.UserIsMandatoryInRoleAssignment(this.Identity.ToString()), ExchangeRoleAssignmentSchema.User, null)); } else if (adobjectId != null && this.User.IsDescendantOf(adobjectId) && this.RoleAssigneeType != RoleAssigneeType.RoleAssignmentPolicy) { errors.Add(new PropertyValidationError(DirectoryStrings.WrongAssigneeTypeForPolicyOrPartnerApplication(this.Identity.ToString()), ExchangeRoleAssignmentSchema.User, null)); } if (this.RoleAssigneeType == RoleAssigneeType.RoleAssignmentPolicy && this.RoleAssignmentDelegationType != RoleAssignmentDelegationType.Regular) { errors.Add(new PropertyValidationError(DirectoryStrings.WrongDelegationTypeForPolicy(this.Identity.ToString()), ExchangeRoleAssignmentSchema.User, null)); } if (this.Role == null) { errors.Add(new PropertyValidationError(DirectoryStrings.RoleIsMandatoryInRoleAssignment(this.Identity.ToString()), ExchangeRoleAssignmentSchema.Role, null)); } ScopeType recipientWriteScope = (ScopeType)this.RecipientWriteScope; if (this.RecipientReadScope != recipientWriteScope && !RbacScope.IsScopeTypeSmaller(recipientWriteScope, this.RecipientReadScope)) { errors.Add(new ObjectValidationError(DirectoryStrings.RecipientWriteScopeNotLessThan(recipientWriteScope.ToString(), this.RecipientReadScope.ToString()), this.Identity, base.OriginatingServer)); } ScopeType configWriteScope = (ScopeType)this.ConfigWriteScope; if (this.ConfigReadScope != configWriteScope && !RbacScope.IsScopeTypeSmaller(configWriteScope, this.ConfigReadScope)) { errors.Add(new ObjectValidationError(DirectoryStrings.ConfigScopeNotLessThan(configWriteScope.ToString(), this.ConfigReadScope.ToString()), this.Identity, base.OriginatingServer)); } bool flag = this.CustomRecipientWriteScope == null || (string.IsNullOrEmpty(this.CustomRecipientWriteScope.DistinguishedName) && this.CustomRecipientWriteScope.ObjectGuid == Guid.Empty); RecipientWriteScopeType recipientWriteScope2 = this.RecipientWriteScope; switch (recipientWriteScope2) { case RecipientWriteScopeType.OU: case RecipientWriteScopeType.CustomRecipientScope: break; default: if (recipientWriteScope2 != RecipientWriteScopeType.ExclusiveRecipientScope) { if (!flag) { errors.Add(new ObjectValidationError(DirectoryStrings.CustomRecipientWriteScopeMustBeEmpty(this.RecipientWriteScope), this.Identity, base.OriginatingServer)); goto IL_25C; } goto IL_25C; } break; } if (flag) { errors.Add(new ObjectValidationError(DirectoryStrings.CustomRecipientWriteScopeCannotBeEmpty(this.RecipientWriteScope), this.Identity, base.OriginatingServer)); } if (this.RoleAssignmentDelegationType == RoleAssignmentDelegationType.DelegatingOrgWide) { errors.Add(new ObjectValidationError(DirectoryStrings.OrgWideDelegatingWriteScopeMustBeTheSameAsRoleImplicitWriteScope(this.RecipientWriteScope), this.Identity, base.OriginatingServer)); } IL_25C: bool flag2 = this.CustomConfigWriteScope == null || (string.IsNullOrEmpty(this.CustomConfigWriteScope.DistinguishedName) && this.CustomConfigWriteScope.ObjectGuid == Guid.Empty); switch (this.ConfigWriteScope) { case ConfigWriteScopeType.CustomConfigScope: case ConfigWriteScopeType.PartnerDelegatedTenantScope: case ConfigWriteScopeType.ExclusiveConfigScope: if (flag2) { errors.Add(new ObjectValidationError(DirectoryStrings.ConfigScopeCannotBeEmpty(this.ConfigWriteScope), this.Identity, base.OriginatingServer)); } if (this.RoleAssignmentDelegationType == RoleAssignmentDelegationType.DelegatingOrgWide) { errors.Add(new ObjectValidationError(DirectoryStrings.OrgWideDelegatingConfigScopeMustBeTheSameAsRoleImplicitWriteScope(this.ConfigWriteScope), this.Identity, base.OriginatingServer)); return; } return; } if (!flag2) { errors.Add(new ObjectValidationError(DirectoryStrings.ConfigScopeMustBeEmpty(this.ConfigWriteScope), this.Identity, base.OriginatingServer)); } }