| public static ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid ( string scope, string Id ) : string | ||
| scope | string | |
| Id | string | |
| return | string | |
/// <summary>
/// Creates new role assignment.
/// </summary>
/// <param name="parameters">The create parameters</param>
/// <returns>The created role assignment object</returns>
public PSRoleAssignment CreateRoleAssignment(FilterRoleAssignmentsOptions parameters)
{
Guid principalId = ActiveDirectoryClient.GetObjectId(parameters.ADObjectFilter);
Guid roleAssignmentId = RoleAssignmentNames.Count == 0 ? Guid.NewGuid() : RoleAssignmentNames.Dequeue();
string scope = parameters.Scope;
ValidateScope(scope);
string roleDefinitionId = !string.IsNullOrEmpty(parameters.RoleDefinitionName)
? AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(scope, GetSingleRoleDefinitionByName(parameters.RoleDefinitionName, scope).Id)
: AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(scope, parameters.RoleDefinitionId);
#if !NETSTANDARD
RoleAssignmentCreateParameters createParameters = new RoleAssignmentCreateParameters
{
Properties = new RoleAssignmentProperties
{
PrincipalId = principalId,
RoleDefinitionId = roleDefinitionId
}
};
RoleAssignment assignment = AuthorizationManagementClient.RoleAssignments.Create(parameters.Scope, roleAssignmentId, createParameters).RoleAssignment;
#else
var createParameters = new RoleAssignmentProperties
{
PrincipalId = principalId.ToString(),
RoleDefinitionId = roleDefinitionId
};
RoleAssignment assignment = AuthorizationManagementClient.RoleAssignments.Create(
parameters.Scope,
roleAssignmentId.ToString(), createParameters);
#endif
return(assignment.ToPSRoleAssignment(this, ActiveDirectoryClient));
}
/// <summary>
/// Updates a role assignment.
/// </summary>
/// <param name="roleAssignment">The role assignment to update.</param>
/// <returns>The updated role assignment.</returns>
public PSRoleAssignment UpdateRoleAssignment(PSRoleAssignment roleAssignment)
{
string principalId = roleAssignment.ObjectId;
var roleAssignmentGuidIndex = roleAssignment.RoleAssignmentId.LastIndexOf("/");
var roleAssignmentId = roleAssignmentGuidIndex != -1 ? roleAssignment.RoleAssignmentId.Substring(roleAssignmentGuidIndex + 1) : roleAssignment.RoleAssignmentId;
string scope = roleAssignment.Scope;
string roleDefinitionId = AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(scope, roleAssignment.RoleDefinitionId);
var Description = string.IsNullOrWhiteSpace(roleAssignment.Description) ? null : roleAssignment.Description;
var Condition = string.IsNullOrWhiteSpace(roleAssignment.Condition) ? null : roleAssignment.Condition;
var ConditionVersion = string.IsNullOrWhiteSpace(roleAssignment.ConditionVersion) ? null : roleAssignment.ConditionVersion;
var createParameters = new RoleAssignmentCreateParameters
{
PrincipalId = principalId.ToString(),
RoleDefinitionId = roleDefinitionId,
PrincipalType = roleAssignment.ObjectType,
CanDelegate = roleAssignment.CanDelegate,
Description = Description,
Condition = Condition,
ConditionVersion = ConditionVersion
};
RoleAssignment assignment = AuthorizationManagementClient.RoleAssignments.Create(
scope, roleAssignmentId, createParameters);
var PSRoleAssignment = assignment.ToPSRoleAssignment(this, ActiveDirectoryClient);
return(PSRoleAssignment);
}
/// <summary>
/// Creates new role assignment.
/// </summary>
/// <param name="parameters">The create parameters</param>
/// <returns>The created role assignment object</returns>
public PSRoleAssignment CreateRoleAssignment(FilterRoleAssignmentsOptions parameters, Guid roleAssignmentId = default(Guid))
{
string principalId = ActiveDirectoryClient.GetObjectId(parameters.ADObjectFilter);
roleAssignmentId = roleAssignmentId == default(Guid) ? Guid.NewGuid() : roleAssignmentId;
string scope = parameters.Scope;
string roleDefinitionId = string.IsNullOrEmpty(parameters.RoleDefinitionName)
? AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(scope, parameters.RoleDefinitionId)
: AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(scope, GetSingleRoleDefinitionByName(parameters.RoleDefinitionName, scope).Id);
parameters.Description = string.IsNullOrWhiteSpace(parameters.Description) ? null : parameters.Description;
parameters.Condition = string.IsNullOrWhiteSpace(parameters.Condition) ? null : parameters.Condition;
parameters.ConditionVersion = string.IsNullOrWhiteSpace(parameters.ConditionVersion) ? null : parameters.ConditionVersion;
var createParameters = new RoleAssignmentCreateParameters
{
PrincipalId = principalId.ToString(),
RoleDefinitionId = roleDefinitionId,
CanDelegate = parameters.CanDelegate,
Description = parameters.Description,
Condition = parameters.Condition,
ConditionVersion = parameters.ConditionVersion
};
RoleAssignment assignment = AuthorizationManagementClient.RoleAssignments.Create(
parameters.Scope, roleAssignmentId.ToString(), createParameters);
var PSRoleAssignment = assignment.ToPSRoleAssignment(this, ActiveDirectoryClient);
return(PSRoleAssignment);
}
/// <summary>
/// Creates new role assignment.
/// </summary>
/// <param name="parameters">The create parameters</param>
/// <returns>The created role assignment object</returns>
public PSRoleAssignment CreateRoleAssignment(FilterRoleAssignmentsOptions parameters)
{
Guid principalId = ActiveDirectoryClient.GetObjectId(parameters.ADObjectFilter);
string principalIdStr = null;
if (principalId == Guid.Empty)
{
principalIdStr = ActiveDirectoryClient.GetAdfsObjectId(parameters.ADObjectFilter);
}
else
{
principalIdStr = principalId.ToString();
}
Guid roleAssignmentId = RoleAssignmentNames.Count == 0 ? Guid.NewGuid() : RoleAssignmentNames.Dequeue();
string scope = parameters.Scope;
string roleDefinitionId = !string.IsNullOrEmpty(parameters.RoleDefinitionName)
? AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(scope, GetSingleRoleDefinitionByName(parameters.RoleDefinitionName, scope).Id)
: AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(scope, parameters.RoleDefinitionId);
var createProperties = new RoleAssignmentProperties
{
PrincipalId = principalIdStr,
RoleDefinitionId = roleDefinitionId
};
var createParameters = new RoleAssignmentCreateParameters(createProperties);
RoleAssignment assignment = AuthorizationManagementClient.RoleAssignments.Create(
parameters.Scope, roleAssignmentId.ToString(), createParameters);
return(assignment.ToPSRoleAssignment(this, ActiveDirectoryClient));
}
/// <summary>
/// Updates a role assignment.
/// </summary>
/// <param name="roleAssignment">The role assignment to update.</param>
/// <returns>The updated role assignment.</returns>
public PSRoleAssignment UpdateRoleAssignment(PSRoleAssignment roleAssignment)
{
string principalType;
// check added in case Set-AzRoleAssignment is called as a create operation but the user didn't add the object type
if (roleAssignment.ObjectType == null)
{
PSADObject asignee = ActiveDirectoryClient.GetADObject(new ADObjectFilterOptions()
{
Id = roleAssignment.ObjectId
});
if (asignee == null)
{
throw new ArgumentException("No AD object could be found with current parameters, please confirm the information provided is correct and try again");
}
principalType = asignee is PSADUser ? "User" : asignee is PSADServicePrincipal ? "ServicePrincipal" : asignee is PSADGroup ? "Group" : null;
}
else
{
principalType = roleAssignment.ObjectType;
}
string principalId = roleAssignment.ObjectId;
var roleAssignmentGuidIndex = roleAssignment.RoleAssignmentId.LastIndexOf("/");
var roleAssignmentId = roleAssignmentGuidIndex != -1 ? roleAssignment.RoleAssignmentId.Substring(roleAssignmentGuidIndex + 1) : roleAssignment.RoleAssignmentId;
string scope = roleAssignment.Scope;
string roleDefinitionId = AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(scope, roleAssignment.RoleDefinitionId);
var Description = string.IsNullOrWhiteSpace(roleAssignment.Description) ? null : roleAssignment.Description;
var Condition = string.IsNullOrWhiteSpace(roleAssignment.Condition) ? null : roleAssignment.Condition;
var ConditionVersion = string.IsNullOrWhiteSpace(roleAssignment.ConditionVersion) ? null : roleAssignment.ConditionVersion;
var createParameters = new RoleAssignmentCreateParameters
{
PrincipalId = principalId.ToString(),
RoleDefinitionId = roleDefinitionId,
PrincipalType = principalType,
CanDelegate = roleAssignment.CanDelegate,
Description = Description,
Condition = Condition,
ConditionVersion = ConditionVersion
};
RoleAssignment assignment = AuthorizationManagementClient.RoleAssignments.Create(
scope, roleAssignmentId, createParameters);
var PSRoleAssignment = assignment.ToPSRoleAssignment(this, ActiveDirectoryClient);
return(PSRoleAssignment);
}
/// <summary>
/// Updates a role assignment.
/// </summary>
/// <param name="roleAssignment">The role assignment to update.</param>
/// <returns>The updated role assignment.</returns>
public PSRoleAssignment UpdateRoleAssignment(PSRoleAssignment roleAssignment)
{
string principalType = null;
// check added in case Set-AzRoleAssignment is called as a create operation but the user didn't add the object type
if (roleAssignment.ObjectType == null)
{
var asignee = ActiveDirectoryClient.GetObjectsByObjectId(new List <string> {
roleAssignment.ObjectId
}).SingleOrDefault();
if (!(asignee is PSErrorHelperObject) && asignee.Type != null)
{
principalType = asignee.Type;
}
}
else
{
principalType = roleAssignment.ObjectType;
}
string principalId = roleAssignment.ObjectId;
var roleAssignmentGuidIndex = roleAssignment.RoleAssignmentId.LastIndexOf("/");
var roleAssignmentId = roleAssignmentGuidIndex != -1 ? roleAssignment.RoleAssignmentId.Substring(roleAssignmentGuidIndex + 1) : roleAssignment.RoleAssignmentId;
string scope = roleAssignment.Scope;
string roleDefinitionId = AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(scope, roleAssignment.RoleDefinitionId);
var Description = string.IsNullOrWhiteSpace(roleAssignment.Description) ? null : roleAssignment.Description;
var Condition = string.IsNullOrWhiteSpace(roleAssignment.Condition) ? null : roleAssignment.Condition;
var ConditionVersion = string.IsNullOrWhiteSpace(roleAssignment.ConditionVersion) ? null : roleAssignment.ConditionVersion;
var createParameters = new RoleAssignmentCreateParameters
{
PrincipalId = principalId.ToString(),
RoleDefinitionId = roleDefinitionId,
PrincipalType = principalType,
CanDelegate = roleAssignment.CanDelegate,
Description = Description,
Condition = Condition,
ConditionVersion = ConditionVersion
};
RoleAssignment assignment = AuthorizationManagementClient.RoleAssignments.Create(
scope, roleAssignmentId, createParameters);
var PSRoleAssignment = assignment.ToPSRoleAssignment(this, ActiveDirectoryClient);
return(PSRoleAssignment);
}
/// <summary>
/// Creates new role assignment.
/// </summary>
/// <param name="parameters">The create parameters</param>
/// <returns>The created role assignment object</returns>
public PSRoleAssignment CreateRoleAssignment(FilterRoleAssignmentsOptions parameters, Guid roleAssignmentId = default(Guid))
{
var asigneeID = ActiveDirectoryClient.GetObjectId(parameters.ADObjectFilter);
string asigneeObjectType = parameters.ADObjectFilter?.ObjectType;
if (string.IsNullOrWhiteSpace(asigneeObjectType))
{
var asigneeObject = ActiveDirectoryClient.GetObjectsByObjectId(new List <string>()
{
asigneeID
}).SingleOrDefault();
asigneeObjectType = (!(asigneeObject is PSErrorHelperObject) && asigneeObject != null) ? asigneeObject.Type : null;
}
string principalId = asigneeID;
roleAssignmentId = roleAssignmentId == default(Guid) ? Guid.NewGuid() : roleAssignmentId;
string scope = parameters.Scope;
string roleDefinitionId = string.IsNullOrEmpty(parameters.RoleDefinitionName)
? AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(scope, parameters.RoleDefinitionId)
: AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(scope, GetSingleRoleDefinitionByName(parameters.RoleDefinitionName, scope).Id);
parameters.Description = string.IsNullOrWhiteSpace(parameters.Description) ? null : parameters.Description;
parameters.Condition = string.IsNullOrWhiteSpace(parameters.Condition) ? null : parameters.Condition;
parameters.ConditionVersion = string.IsNullOrWhiteSpace(parameters.ConditionVersion) ? null : parameters.ConditionVersion;
var createParameters = new RoleAssignmentCreateParameters
{
PrincipalId = principalId.ToString(),
PrincipalType = asigneeObjectType,
RoleDefinitionId = roleDefinitionId,
CanDelegate = parameters.CanDelegate,
Description = parameters.Description,
Condition = parameters.Condition,
ConditionVersion = parameters.ConditionVersion
};
RoleAssignment assignment = AuthorizationManagementClient.RoleAssignments.Create(
parameters.Scope, roleAssignmentId.ToString(), createParameters);
var PSRoleAssignment = assignment.ToPSRoleAssignment(this, ActiveDirectoryClient);
return(PSRoleAssignment);
}
/// <summary>
/// Creates new role assignment.
/// </summary>
/// <param name="parameters">The create parameters</param>
/// <returns>The created role assignment object</returns>
public PSRoleAssignment CreateRoleAssignment(FilterRoleAssignmentsOptions parameters, Guid roleAssignmentId = default(Guid))
{
var assigneeID = parameters.ADObjectFilter?.Id;
var assigneeObjectType = parameters.ADObjectFilter?.ObjectType;
if (string.IsNullOrWhiteSpace(assigneeObjectType) || string.IsNullOrWhiteSpace(assigneeID))
{
try
{
var assigneeObject = ActiveDirectoryClient.GetADObject(parameters.ADObjectFilter);
assigneeID = assigneeID ?? assigneeObject?.Type;
assigneeObjectType = assigneeObjectType ?? assigneeObject?.Type;
}
catch (Common.MSGraph.Version1_0.DirectoryObjects.Models.OdataErrorException) when(!string.IsNullOrEmpty(assigneeID))
{
// If assigneeID is not null, swallow OdataErrorException
}
}
string principalId = assigneeID;
roleAssignmentId = roleAssignmentId == default(Guid) ? Guid.NewGuid() : roleAssignmentId;
string scope = parameters.Scope;
string roleDefinitionId = string.IsNullOrEmpty(parameters.RoleDefinitionName)
? AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(scope, parameters.RoleDefinitionId)
: AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(scope, GetSingleRoleDefinitionByName(parameters.RoleDefinitionName, scope).Id);
parameters.Description = string.IsNullOrWhiteSpace(parameters.Description) ? null : parameters.Description;
parameters.Condition = string.IsNullOrWhiteSpace(parameters.Condition) ? null : parameters.Condition;
parameters.ConditionVersion = string.IsNullOrWhiteSpace(parameters.ConditionVersion) ? null : parameters.ConditionVersion;
var createParameters = new RoleAssignmentCreateParameters
{
PrincipalId = principalId,
PrincipalType = assigneeObjectType,
RoleDefinitionId = roleDefinitionId,
Description = parameters.Description,
Condition = parameters.Condition,
ConditionVersion = parameters.ConditionVersion
};
return(AuthorizationManagementClient.RoleAssignments.Create(parameters.Scope, roleAssignmentId.ToString(), createParameters).ToPSRoleAssignment(this, ActiveDirectoryClient));
}
/// <summary>
/// Updates a role assignment.
/// </summary>
/// <param name="roleAssignment">The role assignment to update.</param>
/// <returns>The updated role assignment.</returns>
public PSRoleAssignment UpdateRoleAssignment(PSRoleAssignment roleAssignment)
{
string principalType = null;
// check added in case Set-AzRoleAssignment is called as a create operation but the user didn't add the object type
if (string.IsNullOrEmpty(roleAssignment.ObjectType))
{
try
{
var assignee = ActiveDirectoryClient.GetObjectByObjectId(roleAssignment.ObjectId);
principalType = assignee?.Type;
}
catch
{
// Ignore
}
}
else
{
principalType = roleAssignment.ObjectType;
}
string principalId = roleAssignment.ObjectId;
var roleAssignmentId = roleAssignment.RoleAssignmentId.GuidFromFullyQualifiedId();
string scope = roleAssignment.Scope;
string roleDefinitionId = AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(scope, roleAssignment.RoleDefinitionId);
var Description = string.IsNullOrWhiteSpace(roleAssignment.Description) ? null : roleAssignment.Description;
var Condition = string.IsNullOrWhiteSpace(roleAssignment.Condition) ? null : roleAssignment.Condition;
var ConditionVersion = string.IsNullOrWhiteSpace(roleAssignment.ConditionVersion) ? null : roleAssignment.ConditionVersion;
var createParameters = new RoleAssignmentCreateParameters
{
PrincipalId = principalId.ToString(),
RoleDefinitionId = roleDefinitionId,
PrincipalType = principalType,
Description = Description,
Condition = Condition,
ConditionVersion = ConditionVersion
};
return(AuthorizationManagementClient.RoleAssignments.Create(scope, roleAssignmentId, createParameters).ToPSRoleAssignment(this, ActiveDirectoryClient));
}
/// <summary>
/// Creates new role assignment.
/// </summary>
/// <param name="parameters">The create parameters</param>
/// <returns>The created role assignment object</returns>
public PSRoleAssignment CreateRoleAssignment(FilterRoleAssignmentsOptions parameters, Guid roleAssignmentId = default(Guid))
{
PSADObject asignee = ActiveDirectoryClient.GetADObject(parameters.ADObjectFilter);
if (asignee == null)
{
throw new ArgumentException(ProjectResources.NoADObjectFound);
}
string principalId = asignee.Id;
string principalType = asignee is PSADUser ? "User" : asignee is PSADServicePrincipal ? "ServicePrincipal" : asignee is PSADGroup ? "Group" : null;
roleAssignmentId = roleAssignmentId == default(Guid) ? Guid.NewGuid() : roleAssignmentId;
string scope = parameters.Scope;
string roleDefinitionId = string.IsNullOrEmpty(parameters.RoleDefinitionName)
? AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(scope, parameters.RoleDefinitionId)
: AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(scope, GetSingleRoleDefinitionByName(parameters.RoleDefinitionName, scope).Id);
parameters.Description = string.IsNullOrWhiteSpace(parameters.Description) ? null : parameters.Description;
parameters.Condition = string.IsNullOrWhiteSpace(parameters.Condition) ? null : parameters.Condition;
parameters.ConditionVersion = string.IsNullOrWhiteSpace(parameters.ConditionVersion) ? null : parameters.ConditionVersion;
var createParameters = new RoleAssignmentCreateParameters
{
PrincipalId = principalId.ToString(),
PrincipalType = principalType,
RoleDefinitionId = roleDefinitionId,
CanDelegate = parameters.CanDelegate,
Description = parameters.Description,
Condition = parameters.Condition,
ConditionVersion = parameters.ConditionVersion
};
RoleAssignment assignment = AuthorizationManagementClient.RoleAssignments.Create(
parameters.Scope, roleAssignmentId.ToString(), createParameters);
var PSRoleAssignment = assignment.ToPSRoleAssignment(this, ActiveDirectoryClient);
return(PSRoleAssignment);
}
public List <PSRoleAssignment> FilterRoleAssignments(FilterRoleAssignmentsOptions options, string currentSubscription)
{
List <PSRoleAssignment> result = new List <PSRoleAssignment>();
string assignedToPrincipalId = null;
string principalId = null;
PSADObject adObject = null;
if (options.ADObjectFilter.HasFilter)
{
adObject = ActiveDirectoryClient.GetADObject(options.ADObjectFilter);
if (adObject == null)
{
throw new KeyNotFoundException(ProjectResources.PrincipalNotFound);
}
// Filter first by principal
if (options.ExpandPrincipalGroups)
{
if (!(adObject is PSADUser))
{
throw new InvalidOperationException(ProjectResources.ExpandGroupsNotSupported);
}
assignedToPrincipalId = adObject.Id.ToString();
}
else
{
principalId = string.IsNullOrEmpty(options.ADObjectFilter.Id.ToString()) ? adObject.Id.ToString() : options.ADObjectFilter.Id;
}
var tempResult = AuthorizationManagementClient.RoleAssignments.List(
new Rest.Azure.OData.ODataQuery <RoleAssignmentFilter>(f => f.PrincipalId == principalId && f.AssignedTo(assignedToPrincipalId)));
result.AddRange(tempResult.FilterRoleAssignmentsOnRoleId(AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(currentSubscription, options.RoleDefinitionId))
.ToPSRoleAssignments(this, ActiveDirectoryClient, options.Scope, options.ExcludeAssignmentsForDeletedPrincipals));
while (!string.IsNullOrWhiteSpace(tempResult.NextPageLink))
{
tempResult = AuthorizationManagementClient.RoleAssignments.ListNext(tempResult.NextPageLink);
result.AddRange(tempResult.FilterRoleAssignmentsOnRoleId(AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(currentSubscription, options.RoleDefinitionId))
.ToPSRoleAssignments(this, ActiveDirectoryClient, options.Scope, options.ExcludeAssignmentsForDeletedPrincipals));
}
// Filter out by scope
if (!string.IsNullOrEmpty(options.Scope))
{
result.RemoveAll(r => !options.Scope.StartsWith(r.Scope, StringComparison.OrdinalIgnoreCase));
}
}
else if (!string.IsNullOrEmpty(options.Scope))
{
// Filter by scope and above directly
var tempResult = AuthorizationManagementClient.RoleAssignments.ListForScope(
options.Scope,
new Rest.Azure.OData.ODataQuery <RoleAssignmentFilter>(
f => f.AtScope() && f.PrincipalId == principalId && f.AssignedTo(assignedToPrincipalId)));
result.AddRange(tempResult.FilterRoleAssignmentsOnRoleId(AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(currentSubscription, options.RoleDefinitionId))
.ToPSRoleAssignments(this, ActiveDirectoryClient, options.Scope, options.ExcludeAssignmentsForDeletedPrincipals));
while (!string.IsNullOrWhiteSpace(tempResult.NextPageLink))
{
tempResult = AuthorizationManagementClient.RoleAssignments.ListForScopeNext(tempResult.NextPageLink);
result.AddRange(tempResult.FilterRoleAssignmentsOnRoleId(AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(currentSubscription, options.RoleDefinitionId))
.ToPSRoleAssignments(this, ActiveDirectoryClient, options.Scope, options.ExcludeAssignmentsForDeletedPrincipals));
}
}
else
{
var tempResult = AuthorizationManagementClient.RoleAssignments.List(
new Rest.Azure.OData.ODataQuery <RoleAssignmentFilter>(f => f.PrincipalId == principalId && f.AssignedTo(assignedToPrincipalId)));
result.AddRange(tempResult
.FilterRoleAssignmentsOnRoleId(AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(currentSubscription, options.RoleDefinitionId))
.ToPSRoleAssignments(this, ActiveDirectoryClient, options.Scope, options.ExcludeAssignmentsForDeletedPrincipals));
while (!string.IsNullOrWhiteSpace(tempResult.NextPageLink))
{
tempResult = AuthorizationManagementClient.RoleAssignments.ListNext(tempResult.NextPageLink);
result.AddRange(tempResult
.FilterRoleAssignmentsOnRoleId(AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(currentSubscription, options.RoleDefinitionId))
.ToPSRoleAssignments(this, ActiveDirectoryClient, options.Scope, options.ExcludeAssignmentsForDeletedPrincipals));
}
}
if (!string.IsNullOrEmpty(options.RoleDefinitionName))
{
result = result.Where(r => r.RoleDefinitionName.Equals(options.RoleDefinitionName, StringComparison.OrdinalIgnoreCase)).ToList();
}
if (options.IncludeClassicAdministrators)
{
// Get classic administrator access assignments
List <ClassicAdministrator> classicAdministrators = AuthorizationManagementClient.ClassicAdministrators
.List(AuthorizationManagementClient.ApiVersion).ToList();
List <PSRoleAssignment> classicAdministratorsAssignments = classicAdministrators.Select(a => a.ToPSRoleAssignment(currentSubscription)).ToList();
// Filter by principal if provided
if (options.ADObjectFilter.HasFilter)
{
if (!(adObject is PSADUser))
{
throw new InvalidOperationException(ProjectResources.IncludeClassicAdminsNotSupported);
}
var userObject = adObject as PSADUser;
classicAdministratorsAssignments = classicAdministratorsAssignments.Where(c =>
c.DisplayName.Equals(userObject.UserPrincipalName, StringComparison.OrdinalIgnoreCase)).ToList();
}
result.AddRange(classicAdministratorsAssignments);
}
return(result);
}
