protected SPRoleDefinition ResolveSecurityRole(SPWeb web, SecurityRoleLinkDefinition rolDefinitionModel)
{
var roleDefinitions = web.RoleDefinitions;
if (!string.IsNullOrEmpty(rolDefinitionModel.SecurityRoleName))
{
foreach (SPRoleDefinition roleDefinition in roleDefinitions)
{
if (string.Compare(roleDefinition.Name, rolDefinitionModel.SecurityRoleName, true) == 0)
{
return(roleDefinition);
}
}
}
else if (rolDefinitionModel.SecurityRoleId > 0)
{
foreach (SPRoleDefinition roleDefinition in roleDefinitions)
{
if (roleDefinition.Id == rolDefinitionModel.SecurityRoleId)
{
return(roleDefinition);
}
}
}
else if (!string.IsNullOrEmpty(rolDefinitionModel.SecurityRoleType))
{
var roleType = (SPRoleType)Enum.Parse(typeof(SPRoleType), rolDefinitionModel.SecurityRoleType, true);
return(roleDefinitions.GetByType(roleType));
}
throw new ArgumentException(string.Format("Cannot resolve role definition for role definition link model:[{0}]", rolDefinitionModel));
}
private void AssertSPListHost(SPList targetList, SPGroup securityGroup, SecurityRoleLinkDefinition securityRoleLinkModel)
{
var web = targetList.ParentWeb;
var role = web.RoleDefinitions[securityRoleLinkModel.SecurityRoleName];
// check if roleAssignment has current role
TraceUtils.WithScope(traceScope =>
{
traceScope.WriteLine(string.Format("Validate model:[{0}] securableObject:[{1}]", securityRoleLinkModel, targetList));
traceScope.WithTraceIndent(trace =>
{
// asserting it exists
traceScope.WriteLine(string.Format("Validating existance..."));
var roleAssignment = targetList
.RoleAssignments
.OfType <SPRoleAssignment>()
.FirstOrDefault(r => r.Member.ID == securityGroup.ID);
Assert.IsNotNull(roleAssignment);
traceScope.WriteLine(string.Format("Validating role presence..."));
roleAssignment.RoleDefinitionBindings.Contains(role);
traceScope.WriteLine(string.Format("Role [{0}] exists!", securityRoleLinkModel.SecurityRoleName));
});
});
}
private void ProcessSPGroupHost(SPGroup modelHost, SPGroup securityGroup, SecurityRoleLinkDefinition securityRoleLinkModel)
{
// TODO
// need common validation infrastructure
var web = securityGroup.ParentWeb;
var securityRoleAssignment = new SPRoleAssignment(securityGroup);
SPRoleDefinition roleDefinition = ResolveSecurityRole(web, securityRoleLinkModel);
if (!securityRoleAssignment.RoleDefinitionBindings.Contains(roleDefinition))
{
if (securityRoleAssignment.RoleDefinitionBindings.Count == 1 &&
securityRoleAssignment.RoleDefinitionBindings[0].Type == SPRoleType.Reader)
{
securityRoleAssignment.RoleDefinitionBindings.RemoveAll();
}
InvokeOnModelEvent(this, new ModelEventArgs
{
CurrentModelNode = null,
Model = null,
EventType = ModelEventType.OnProvisioning,
Object = null,
ObjectType = typeof(SPRoleDefinition),
ObjectDefinition = securityRoleLinkModel,
ModelHost = modelHost
});
securityRoleAssignment.RoleDefinitionBindings.Add(roleDefinition);
}
else
{
InvokeOnModelEvent(this, new ModelEventArgs
{
CurrentModelNode = null,
Model = null,
EventType = ModelEventType.OnProvisioning,
Object = roleDefinition,
ObjectType = typeof(SPRoleDefinition),
ObjectDefinition = securityRoleLinkModel,
ModelHost = modelHost
});
}
InvokeOnModelEvent(this, new ModelEventArgs
{
CurrentModelNode = null,
Model = null,
EventType = ModelEventType.OnProvisioned,
Object = roleDefinition,
ObjectType = typeof(SPRoleDefinition),
ObjectDefinition = securityRoleLinkModel,
ModelHost = modelHost
});
web.RoleAssignments.Add(securityRoleAssignment);
web.Update();
}
public void CanDeploy_SecurityGroupLink_AsSingleItem_2()
{
// CSOM - Document level permission does not work as expected #747
// https://github.com/SubPointSolutions/spmeta2/issues/747
// we need to ensure that we have only one security role link
// there must be only one as we clear role inheritance and add only one
// the thing is all about limited CSOM API
var securityGroup = RndDef <SecurityGroupDefinition>();
var siteModel = SPMeta2Model.NewSiteModel(site =>
{
site.AddSecurityGroup(securityGroup);
});
var listDef = RndDef <ListDefinition>();
var webModel = SPMeta2Model.NewWebModel(rootWeb =>
{
rootWeb.AddList(listDef, list =>
{
list.RegExcludeFromValidation();
// exclude from valudation, we added role linkslater
list.AddBreakRoleInheritance(new BreakRoleInheritanceDefinition
{
CopyRoleAssignments = false,
ClearSubscopes = true
}, breakRoleInheritance => breakRoleInheritance.RegExcludeFromValidation());
});
});
var webModel2 = SPMeta2Model.NewWebModel(rootWeb =>
{
rootWeb.AddList(listDef, list =>
{
list.RegExcludeFromValidation();
list.AddSecurityGroupLink(securityGroup, group =>
{
var roleLink = new SecurityRoleLinkDefinition
{
SecurityRoleType = BuiltInSecurityRoleTypes.Contributor
};
roleLink.RegMustBeSingleItem();
group.AddSecurityRoleLink(roleLink);
});
});
});
TestModels(new ModelNode[] { siteModel, webModel, webModel2 });
}
public static ModelNode AddSecurityRoleLink(this ModelNode model, string securityRoleName, Action <ModelNode> action)
{
var newSecurityRoleLink = new SecurityRoleLinkDefinition
{
SecurityRoleName = securityRoleName
};
return(model.AddDefinitionNode(newSecurityRoleLink, action));
}
public static ModelNode AddSecurityRoleLink(this ModelNode model, SecurityRoleDefinition definition, Action <ModelNode> action)
{
var roleLinkDefinition = new SecurityRoleLinkDefinition
{
SecurityRoleName = definition.Name
};
return(model.AddDefinitionNode(roleLinkDefinition, action));
}
private void ProcessSPSecurableObjectHost(SPSecurableObject targetSecurableObject, SPGroup securityGroup,
SecurityRoleLinkDefinition securityRoleLinkModel)
{
//// TODO
// need common validation infrastructure
var web = ExtractWeb(targetSecurableObject);
var roleAssignment = new SPRoleAssignment(securityGroup);
var role = ResolveSecurityRole(web, securityRoleLinkModel);
if (!roleAssignment.RoleDefinitionBindings.Contains(role))
{
InvokeOnModelEvent(this, new ModelEventArgs
{
CurrentModelNode = null,
Model = null,
EventType = ModelEventType.OnProvisioning,
Object = null,
ObjectType = typeof(SPRoleDefinition),
ObjectDefinition = securityRoleLinkModel,
ModelHost = targetSecurableObject
});
TraceService.Information((int)LogEventId.ModelProvisionProcessingNewObject, "Processing new security role link");
roleAssignment.RoleDefinitionBindings.Add(role);
}
else
{
TraceService.Information((int)LogEventId.ModelProvisionProcessingExistingObject, "Processing existing security role link");
InvokeOnModelEvent(this, new ModelEventArgs
{
CurrentModelNode = null,
Model = null,
EventType = ModelEventType.OnProvisioning,
Object = role,
ObjectType = typeof(SPRoleDefinition),
ObjectDefinition = securityRoleLinkModel,
ModelHost = targetSecurableObject
});
}
targetSecurableObject.RoleAssignments.Add(roleAssignment);
InvokeOnModelEvent(this, new ModelEventArgs
{
CurrentModelNode = null,
Model = null,
EventType = ModelEventType.OnProvisioned,
Object = role,
ObjectType = typeof(SPRoleDefinition),
ObjectDefinition = securityRoleLinkModel,
ModelHost = targetSecurableObject
});
}
private void ProcessSPListHost(SPList targetList, SPGroup securityGroup,
SecurityRoleLinkDefinition securityRoleLinkModel)
{
//// TODO
// need common validation infrastructure
var web = targetList.ParentWeb;
var roleAssignment = new SPRoleAssignment(securityGroup);
var role = web.RoleDefinitions[securityRoleLinkModel.SecurityRoleName];
if (!roleAssignment.RoleDefinitionBindings.Contains(role))
{
InvokeOnModelEvent(this, new ModelEventArgs
{
CurrentModelNode = null,
Model = null,
EventType = ModelEventType.OnProvisioning,
Object = null,
ObjectType = typeof(SPRoleDefinition),
ObjectDefinition = securityRoleLinkModel,
ModelHost = targetList
});
roleAssignment.RoleDefinitionBindings.Add(role);
}
else
{
InvokeOnModelEvent(this, new ModelEventArgs
{
CurrentModelNode = null,
Model = null,
EventType = ModelEventType.OnProvisioning,
Object = role,
ObjectType = typeof(SPRoleDefinition),
ObjectDefinition = securityRoleLinkModel,
ModelHost = targetList
});
}
targetList.RoleAssignments.Add(roleAssignment);
InvokeOnModelEvent(this, new ModelEventArgs
{
CurrentModelNode = null,
Model = null,
EventType = ModelEventType.OnProvisioned,
Object = role,
ObjectType = typeof(SPRoleDefinition),
ObjectDefinition = securityRoleLinkModel,
ModelHost = targetList
});
targetList.Update();
}
public static TModelNode AddSecurityRoleLink <TModelNode>(this TModelNode model, string securityRoleName,
Action <SecurityRoleLinkModelNode> action)
where TModelNode : ModelNode, ISecurityRoleLinkHostModelNode, new()
{
var roleLinkDefinition = new SecurityRoleLinkDefinition
{
SecurityRoleName = securityRoleName
};
return(model.AddSecurityRoleLink(roleLinkDefinition, action));
}
protected RoleDefinition ResolveSecurityRole(Web web, SecurityRoleLinkDefinition rolDefinitionModel)
{
var context = web.Context;
var roleDefinitions = web.RoleDefinitions;
context.Load(roleDefinitions, r => r.Include(l => l.Name, l => l.Id));
context.ExecuteQueryWithTrace();
if (!string.IsNullOrEmpty(rolDefinitionModel.SecurityRoleName))
{
foreach (var roleDefinition in roleDefinitions)
{
if (string.Compare(roleDefinition.Name, rolDefinitionModel.SecurityRoleName, true) == 0)
{
return(roleDefinition);
}
}
}
else if (rolDefinitionModel.SecurityRoleId > 0)
{
foreach (var roleDefinition in roleDefinitions)
{
if (roleDefinition.Id == rolDefinitionModel.SecurityRoleId)
{
return(roleDefinition);
}
}
}
else if (!string.IsNullOrEmpty(rolDefinitionModel.SecurityRoleType))
{
var roleType = (RoleType)Enum.Parse(typeof(RoleType), rolDefinitionModel.SecurityRoleType, true);
return(roleDefinitions.GetByType(roleType));
}
throw new ArgumentException(string.Format("Cannot resolve role definition for role definition link model:[{0}]", rolDefinitionModel));
}
public static TModelNode AddSecurityRoleLink <TModelNode>(this TModelNode model, SecurityRoleLinkDefinition definition,
Action <SecurityRoleLinkModelNode> action)
where TModelNode : ModelNode, ISecurityRoleLinkHostModelNode, new()
{
return(model.AddTypedDefinitionNode(definition, action));
}
public static TModelNode AddSecurityRoleLink <TModelNode>(this TModelNode model, SecurityRoleLinkDefinition definition)
where TModelNode : ModelNode, ISecurityRoleLinkHostModelNode, new()
{
return(AddSecurityRoleLink(model, definition, null));
}
public static ModelNode AddSecurityRoleLink(this ModelNode model, SecurityRoleLinkDefinition definition, Action <ModelNode> action)
{
return(model.AddDefinitionNode(definition, action));
}
public static ModelNode AddSecurityRoleLink(this ModelNode model, SecurityRoleLinkDefinition definition)
{
return(AddSecurityRoleLink(model, definition, null));
}
