protected SPRoleDefinition ResolveSecurityRole(SPWeb web, SecurityRoleLinkDefinition rolDefinitionModel) { var roleDefinitions = web.RoleDefinitions; if (!string.IsNullOrEmpty(rolDefinitionModel.SecurityRoleName)) { foreach (SPRoleDefinition roleDefinition in roleDefinitions) { if (string.Compare(roleDefinition.Name, rolDefinitionModel.SecurityRoleName, true) == 0) { return(roleDefinition); } } } else if (rolDefinitionModel.SecurityRoleId > 0) { foreach (SPRoleDefinition roleDefinition in roleDefinitions) { if (roleDefinition.Id == rolDefinitionModel.SecurityRoleId) { return(roleDefinition); } } } else if (!string.IsNullOrEmpty(rolDefinitionModel.SecurityRoleType)) { var roleType = (SPRoleType)Enum.Parse(typeof(SPRoleType), rolDefinitionModel.SecurityRoleType, true); return(roleDefinitions.GetByType(roleType)); } throw new ArgumentException(string.Format("Cannot resolve role definition for role definition link model:[{0}]", rolDefinitionModel)); }
private void AssertSPListHost(SPList targetList, SPGroup securityGroup, SecurityRoleLinkDefinition securityRoleLinkModel) { var web = targetList.ParentWeb; var role = web.RoleDefinitions[securityRoleLinkModel.SecurityRoleName]; // check if roleAssignment has current role TraceUtils.WithScope(traceScope => { traceScope.WriteLine(string.Format("Validate model:[{0}] securableObject:[{1}]", securityRoleLinkModel, targetList)); traceScope.WithTraceIndent(trace => { // asserting it exists traceScope.WriteLine(string.Format("Validating existance...")); var roleAssignment = targetList .RoleAssignments .OfType <SPRoleAssignment>() .FirstOrDefault(r => r.Member.ID == securityGroup.ID); Assert.IsNotNull(roleAssignment); traceScope.WriteLine(string.Format("Validating role presence...")); roleAssignment.RoleDefinitionBindings.Contains(role); traceScope.WriteLine(string.Format("Role [{0}] exists!", securityRoleLinkModel.SecurityRoleName)); }); }); }
private void ProcessSPGroupHost(SPGroup modelHost, SPGroup securityGroup, SecurityRoleLinkDefinition securityRoleLinkModel) { // TODO // need common validation infrastructure var web = securityGroup.ParentWeb; var securityRoleAssignment = new SPRoleAssignment(securityGroup); SPRoleDefinition roleDefinition = ResolveSecurityRole(web, securityRoleLinkModel); if (!securityRoleAssignment.RoleDefinitionBindings.Contains(roleDefinition)) { if (securityRoleAssignment.RoleDefinitionBindings.Count == 1 && securityRoleAssignment.RoleDefinitionBindings[0].Type == SPRoleType.Reader) { securityRoleAssignment.RoleDefinitionBindings.RemoveAll(); } InvokeOnModelEvent(this, new ModelEventArgs { CurrentModelNode = null, Model = null, EventType = ModelEventType.OnProvisioning, Object = null, ObjectType = typeof(SPRoleDefinition), ObjectDefinition = securityRoleLinkModel, ModelHost = modelHost }); securityRoleAssignment.RoleDefinitionBindings.Add(roleDefinition); } else { InvokeOnModelEvent(this, new ModelEventArgs { CurrentModelNode = null, Model = null, EventType = ModelEventType.OnProvisioning, Object = roleDefinition, ObjectType = typeof(SPRoleDefinition), ObjectDefinition = securityRoleLinkModel, ModelHost = modelHost }); } InvokeOnModelEvent(this, new ModelEventArgs { CurrentModelNode = null, Model = null, EventType = ModelEventType.OnProvisioned, Object = roleDefinition, ObjectType = typeof(SPRoleDefinition), ObjectDefinition = securityRoleLinkModel, ModelHost = modelHost }); web.RoleAssignments.Add(securityRoleAssignment); web.Update(); }
public void CanDeploy_SecurityGroupLink_AsSingleItem_2() { // CSOM - Document level permission does not work as expected #747 // https://github.com/SubPointSolutions/spmeta2/issues/747 // we need to ensure that we have only one security role link // there must be only one as we clear role inheritance and add only one // the thing is all about limited CSOM API var securityGroup = RndDef <SecurityGroupDefinition>(); var siteModel = SPMeta2Model.NewSiteModel(site => { site.AddSecurityGroup(securityGroup); }); var listDef = RndDef <ListDefinition>(); var webModel = SPMeta2Model.NewWebModel(rootWeb => { rootWeb.AddList(listDef, list => { list.RegExcludeFromValidation(); // exclude from valudation, we added role linkslater list.AddBreakRoleInheritance(new BreakRoleInheritanceDefinition { CopyRoleAssignments = false, ClearSubscopes = true }, breakRoleInheritance => breakRoleInheritance.RegExcludeFromValidation()); }); }); var webModel2 = SPMeta2Model.NewWebModel(rootWeb => { rootWeb.AddList(listDef, list => { list.RegExcludeFromValidation(); list.AddSecurityGroupLink(securityGroup, group => { var roleLink = new SecurityRoleLinkDefinition { SecurityRoleType = BuiltInSecurityRoleTypes.Contributor }; roleLink.RegMustBeSingleItem(); group.AddSecurityRoleLink(roleLink); }); }); }); TestModels(new ModelNode[] { siteModel, webModel, webModel2 }); }
public static ModelNode AddSecurityRoleLink(this ModelNode model, string securityRoleName, Action <ModelNode> action) { var newSecurityRoleLink = new SecurityRoleLinkDefinition { SecurityRoleName = securityRoleName }; return(model.AddDefinitionNode(newSecurityRoleLink, action)); }
public static ModelNode AddSecurityRoleLink(this ModelNode model, SecurityRoleDefinition definition, Action <ModelNode> action) { var roleLinkDefinition = new SecurityRoleLinkDefinition { SecurityRoleName = definition.Name }; return(model.AddDefinitionNode(roleLinkDefinition, action)); }
private void ProcessSPSecurableObjectHost(SPSecurableObject targetSecurableObject, SPGroup securityGroup, SecurityRoleLinkDefinition securityRoleLinkModel) { //// TODO // need common validation infrastructure var web = ExtractWeb(targetSecurableObject); var roleAssignment = new SPRoleAssignment(securityGroup); var role = ResolveSecurityRole(web, securityRoleLinkModel); if (!roleAssignment.RoleDefinitionBindings.Contains(role)) { InvokeOnModelEvent(this, new ModelEventArgs { CurrentModelNode = null, Model = null, EventType = ModelEventType.OnProvisioning, Object = null, ObjectType = typeof(SPRoleDefinition), ObjectDefinition = securityRoleLinkModel, ModelHost = targetSecurableObject }); TraceService.Information((int)LogEventId.ModelProvisionProcessingNewObject, "Processing new security role link"); roleAssignment.RoleDefinitionBindings.Add(role); } else { TraceService.Information((int)LogEventId.ModelProvisionProcessingExistingObject, "Processing existing security role link"); InvokeOnModelEvent(this, new ModelEventArgs { CurrentModelNode = null, Model = null, EventType = ModelEventType.OnProvisioning, Object = role, ObjectType = typeof(SPRoleDefinition), ObjectDefinition = securityRoleLinkModel, ModelHost = targetSecurableObject }); } targetSecurableObject.RoleAssignments.Add(roleAssignment); InvokeOnModelEvent(this, new ModelEventArgs { CurrentModelNode = null, Model = null, EventType = ModelEventType.OnProvisioned, Object = role, ObjectType = typeof(SPRoleDefinition), ObjectDefinition = securityRoleLinkModel, ModelHost = targetSecurableObject }); }
private void ProcessSPListHost(SPList targetList, SPGroup securityGroup, SecurityRoleLinkDefinition securityRoleLinkModel) { //// TODO // need common validation infrastructure var web = targetList.ParentWeb; var roleAssignment = new SPRoleAssignment(securityGroup); var role = web.RoleDefinitions[securityRoleLinkModel.SecurityRoleName]; if (!roleAssignment.RoleDefinitionBindings.Contains(role)) { InvokeOnModelEvent(this, new ModelEventArgs { CurrentModelNode = null, Model = null, EventType = ModelEventType.OnProvisioning, Object = null, ObjectType = typeof(SPRoleDefinition), ObjectDefinition = securityRoleLinkModel, ModelHost = targetList }); roleAssignment.RoleDefinitionBindings.Add(role); } else { InvokeOnModelEvent(this, new ModelEventArgs { CurrentModelNode = null, Model = null, EventType = ModelEventType.OnProvisioning, Object = role, ObjectType = typeof(SPRoleDefinition), ObjectDefinition = securityRoleLinkModel, ModelHost = targetList }); } targetList.RoleAssignments.Add(roleAssignment); InvokeOnModelEvent(this, new ModelEventArgs { CurrentModelNode = null, Model = null, EventType = ModelEventType.OnProvisioned, Object = role, ObjectType = typeof(SPRoleDefinition), ObjectDefinition = securityRoleLinkModel, ModelHost = targetList }); targetList.Update(); }
public static TModelNode AddSecurityRoleLink <TModelNode>(this TModelNode model, string securityRoleName, Action <SecurityRoleLinkModelNode> action) where TModelNode : ModelNode, ISecurityRoleLinkHostModelNode, new() { var roleLinkDefinition = new SecurityRoleLinkDefinition { SecurityRoleName = securityRoleName }; return(model.AddSecurityRoleLink(roleLinkDefinition, action)); }
protected RoleDefinition ResolveSecurityRole(Web web, SecurityRoleLinkDefinition rolDefinitionModel) { var context = web.Context; var roleDefinitions = web.RoleDefinitions; context.Load(roleDefinitions, r => r.Include(l => l.Name, l => l.Id)); context.ExecuteQueryWithTrace(); if (!string.IsNullOrEmpty(rolDefinitionModel.SecurityRoleName)) { foreach (var roleDefinition in roleDefinitions) { if (string.Compare(roleDefinition.Name, rolDefinitionModel.SecurityRoleName, true) == 0) { return(roleDefinition); } } } else if (rolDefinitionModel.SecurityRoleId > 0) { foreach (var roleDefinition in roleDefinitions) { if (roleDefinition.Id == rolDefinitionModel.SecurityRoleId) { return(roleDefinition); } } } else if (!string.IsNullOrEmpty(rolDefinitionModel.SecurityRoleType)) { var roleType = (RoleType)Enum.Parse(typeof(RoleType), rolDefinitionModel.SecurityRoleType, true); return(roleDefinitions.GetByType(roleType)); } throw new ArgumentException(string.Format("Cannot resolve role definition for role definition link model:[{0}]", rolDefinitionModel)); }
public static TModelNode AddSecurityRoleLink <TModelNode>(this TModelNode model, SecurityRoleLinkDefinition definition, Action <SecurityRoleLinkModelNode> action) where TModelNode : ModelNode, ISecurityRoleLinkHostModelNode, new() { return(model.AddTypedDefinitionNode(definition, action)); }
public static TModelNode AddSecurityRoleLink <TModelNode>(this TModelNode model, SecurityRoleLinkDefinition definition) where TModelNode : ModelNode, ISecurityRoleLinkHostModelNode, new() { return(AddSecurityRoleLink(model, definition, null)); }
public static ModelNode AddSecurityRoleLink(this ModelNode model, SecurityRoleLinkDefinition definition, Action <ModelNode> action) { return(model.AddDefinitionNode(definition, action)); }
public static ModelNode AddSecurityRoleLink(this ModelNode model, SecurityRoleLinkDefinition definition) { return(AddSecurityRoleLink(model, definition, null)); }