public async Task <bool> RemoveItemAsync(string role)
{
if (role == Globals.Role_Superuser)
{
throw new Error(this.__ResStr("cantRemoveSuper", "Can't remove built-in superuser role"));
}
if (IsPredefinedRole(role))
{
throw new Error(this.__ResStr("cantRemoveUser", "The {0} role can't be removed", role));
}
if (YetaWF.Core.Support.Startup.MultiInstance)
{
throw new InternalError("Removing roles is not possible when distributed caching is enabled");
}
RoleDefinition origRole = Auditing.Active ? await GetItemAsync(role) : null;
if (!await DataProvider.RemoveAsync(role))
{
return(false);
}
GetAllUserRoles(true);
await Auditing.AddAuditAsync($"{nameof(RoleDefinitionDataProvider)}.{nameof(RemoveItemAsync)}", role, Guid.Empty,
"Remove Role",
DataBefore : origRole,
DataAfter : null,
ExpensiveMultiInstance : true
);
return(true);
}
public async Task <UpdateStatusEnum> UpdateItemAsync(string originalRole, RoleDefinition data)
{
if (data.RoleId == RoleDefinitionDataProvider.SuperUserId || data.Name == Globals.Role_Superuser)
{
throw new Error(this.__ResStr("cantUpdateSuper", "Can't update built-in superuser role"));
}
if (originalRole != data.Name && IsPredefinedRole(originalRole))
{
throw new Error(this.__ResStr("cantUpdateUser", "The {0} role can't be updated", originalRole));
}
if (YetaWF.Core.Support.Startup.MultiInstance)
{
throw new InternalError("Changing roles is not possible when distributed caching is enabled");
}
RoleDefinition origRole = Auditing.Active ? await GetItemAsync(originalRole) : null;
UpdateStatusEnum status = await DataProvider.UpdateAsync(originalRole, data.Name, data);
if (status == UpdateStatusEnum.OK)
{
GetAllUserRoles(true);
}
await Auditing.AddAuditAsync($"{nameof(RoleDefinitionDataProvider)}.{nameof(UpdateItemAsync)}", originalRole, Guid.Empty,
"Update Role",
DataBefore : origRole,
DataAfter : data,
ExpensiveMultiInstance : true
);
return(status);
}
public static SPPermissionsLevel ToPermissionLevel(this RoleDefinition rd)
{
return(new SPPermissionsLevel(rd.Id, rd.Name)
{
Description = rd.Description
});
}
public static void AsignarPermis(ClientContext c)
{
try
{
Principal buffet = c.Web.SiteGroups.GetByName("Buffet");
RoleDefinition buffetPermiso = c.Web.RoleDefinitions.GetByName("Colaborar");
RoleDefinitionBindingCollection coleccionBPermisos = new RoleDefinitionBindingCollection(c);
coleccionBPermisos.Add(buffetPermiso);
RoleAssignment buffetRoleAssigment = c.Web.RoleAssignments.Add(buffet, coleccionBPermisos);
Principal integrantes = c.Web.SiteGroups.GetByName("Integrantes");
RoleDefinition integrantesPermiso = c.Web.RoleDefinitions.GetByName("Leer");
RoleDefinitionBindingCollection coleccionIPermisos = new RoleDefinitionBindingCollection(c);
coleccionIPermisos.Add(integrantesPermiso);
RoleAssignment integrantesRoleAssigment = c.Web.RoleAssignments.Add(integrantes, coleccionIPermisos);
c.ExecuteQuery();
Console.ForegroundColor = ConsoleColor.Green;
Console.WriteLine("--- PERMISOS ASIGNADOS ---");
Console.ResetColor();
}
catch (Exception ex) {
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine("--- ERROR AL ASIGNAR PERMISOS A LOS GRUPOS ---");
Console.ResetColor();
}
}
public void SetUpCustomPermissionLevels(ClientContext context, List <ShPermissionLevel> permissionLevels)
{
foreach (var permissionLevel in permissionLevels)
{
context.Load(context.Site.RootWeb.RoleDefinitions);
context.ExecuteQuery();
var existingPermissionLevel = context.Site.RootWeb.RoleDefinitions.FirstOrDefault(x => x.Name.Equals(permissionLevel.Name));
if (existingPermissionLevel == null)
{
Log.Info("Creating permission level " + permissionLevel.Name);
BasePermissions permissions = new BasePermissions();
foreach (var basePermission in permissionLevel.BasePermissions)
{
permissions.Set(basePermission);
}
RoleDefinitionCreationInformation roleDefinitionCreationInfo = new RoleDefinitionCreationInformation();
roleDefinitionCreationInfo.BasePermissions = permissions;
roleDefinitionCreationInfo.Name = permissionLevel.Name;
roleDefinitionCreationInfo.Description = permissionLevel.Description;
RoleDefinition roleDefinition = context.Site.RootWeb.RoleDefinitions.Add(roleDefinitionCreationInfo);
context.ExecuteQuery();
}
}
}
private RoleDefinitionBindingCollection BuildRoleDefninitionBinding(DocLibContext context, DCTRoleAssignment dctRoleAssignment, out bool ignore)
{
RoleDefinitionBindingCollection binding = new RoleDefinitionBindingCollection(context);
int count = 0;
foreach (DCTRoleDefinition dctRoleDefinition in dctRoleAssignment.RoleDefinitions)
{
if (dctRoleDefinition.Name == IgnoreRole)
{
continue;
}
RoleDefinition spRoleDefinition = null;
if (!string.IsNullOrEmpty(dctRoleDefinition.Name))
{
spRoleDefinition = context.Web.RoleDefinitions.GetByName(dctRoleDefinition.Name);
}
else
{
spRoleDefinition = context.Web.RoleDefinitions.GetById(dctRoleDefinition.ID);
}
context.Load(spRoleDefinition);
context.ExecuteQuery();
binding.Add(spRoleDefinition);
count++;
}
ignore = (count == 0);
return(binding);
}
public async Task <RoleDefinition> AddRoleDefinitionAsync(RoleDefinition roleDefinition)
{
// immutable properties
roleDefinition.Id = null;
roleDefinition.IsBuiltIn = null;
roleDefinition.IsBuiltInRoleDefinition = null;
// Check if role already exists (duplicate names not allowed)
var existingRoleDefinitions = await GetRoleDefinitionsAsync();
if (existingRoleDefinitions.Any(rd => rd.DisplayName.Equals(roleDefinition.DisplayName)))
{
string oldname = roleDefinition.DisplayName;
roleDefinition.DisplayName += " copy";
signalRMessage.sendMessage($"Warning {roleDefinition.ODataType} '{oldname}' already exists changing display name to '{roleDefinition.DisplayName}'");
}
var resource = graphServiceClient.DeviceManagement.RoleDefinitions.Request();
signalRMessage.sendMessage($"POST: {resource.RequestUrl}");
var response = await resource.AddAsync(roleDefinition);
signalRMessage.sendMessage($"Success: added {response.ODataType} '{response.DisplayName}'");
return(response);
}
public async Task GivePermissions(PermissionAndRole permission)
{
ClientContext context = GetSharepointContext(permission.Url);
List list = context.Web.Lists.GetByTitle(permission.ListName);
context.Load(list);
await context.ExecuteQueryAsync();
var item = list.GetItemById(permission.ItemId);
context.Load(item);
await context.ExecuteQueryAsync();
Principal user;
if (permission.IsGroup)
{
user = context.Web.SiteGroups.GetById(permission.Id);
}
else
{
user = context.Web.SiteUsers.GetById(permission.Id);
context.Load(user);
await context.ExecuteQueryAsync();
}
RoleDefinition writeDefinition = context.Web.RoleDefinitions.GetByName(permission.roleDefinitionName);
RoleDefinitionBindingCollection roleDefCollection = new RoleDefinitionBindingCollection(context);
roleDefCollection.Add(writeDefinition);
RoleAssignment newRoleAssignment = item.RoleAssignments.Add(user, roleDefCollection);
await context.ExecuteQueryAsync();
}
public async Task DeleteAsync(RoleDefinition item)
{
using (var connection = await CreateConnection())
{
await connection.ExecuteAsync("delete from role_definitions where id = @id", new { id = item.ID });
}
}
public static void AsignarPermiso(ClientContext c)
{
Console.ForegroundColor = ConsoleColor.Blue;
Console.WriteLine("Asignando Permisos a Pedido.");
List pedidos = c.Web.Lists.GetByTitle("Pedidos");
RoleDefinitionBindingCollection integrantesPedidos = new RoleDefinitionBindingCollection(c);
RoleDefinition colaborarSinEliminar = c.Web.RoleDefinitions.GetByName("Colaborar sin eliminar");
Group integrantes = c.Web.SiteGroups.GetByName("Integrantes"); ///////////////////////////////////////////////
integrantesPedidos.Add(colaborarSinEliminar);
pedidos.BreakRoleInheritance(false, false);
c.Load(pedidos.RoleAssignments.Add(integrantes, integrantesPedidos));
pedidos.Update();
c.ExecuteQuery();
Console.ForegroundColor = ConsoleColor.White;
Console.WriteLine(" Asiganado");
Console.ForegroundColor = ConsoleColor.Blue;
Console.WriteLine("Asignando Permisos a Pedido Detalle.");
List pedidosDetalles = c.Web.Lists.GetByTitle("Pedido Detalle");
RoleDefinitionBindingCollection integrantesPedidosD = new RoleDefinitionBindingCollection(c);
integrantesPedidos.Add(colaborarSinEliminar);
pedidosDetalles.BreakRoleInheritance(false, false);
c.Load(pedidosDetalles.RoleAssignments.Add(integrantes, integrantesPedidos));
pedidosDetalles.Update();
c.ExecuteQuery();
Console.ForegroundColor = ConsoleColor.White;
Console.WriteLine(" Asiganado");
}
public async Task RemoveRoleFromUserAsync(int userId, string roleName)
{
int roleId;
// get the role id for roleName
using (RoleDefinitionDataProvider roleDP = new RoleDefinitionDataProvider()) {
RoleDefinition role = await roleDP.GetItemAsync(roleName);
if (role == null)
{
throw new InternalError("Unexpected error in AddRoleToUser - expected role {0} not found", roleName);
}
roleId = role.RoleId;
}
// remove the role from the user
using (UserDefinitionDataProvider userDP = new UserDefinitionDataProvider()) {
UserDefinition user = await userDP.GetItemByUserIdAsync(userId);
if (user != null)
{
Role role = (from Role r in user.RolesList where r.RoleId == roleId select r).FirstOrDefault();
if (role != null)
{
user.RolesList.Remove(role);
UpdateStatusEnum status = await userDP.UpdateItemAsync(user);
if (status != UpdateStatusEnum.OK)
{
throw new InternalError("Unexpected status {0} updating user account in RemoveRoleFromUser", status);
}
}
}
}
}
/// <summary>
/// Method to assign permissions
/// </summary>
/// <param name="item">data storage object</param>
/// <param name="clientContext">client context</param>
/// <param name="site">site object</param>
/// <param name="currentGrp">group object</param>
private static void AssignPermission(DataStorage item, ClientContext clientContext, Web site, Group currentGrp)
{
Console.WriteLine("Assigning " + item.Permissions + " permission to group " + item.GroupName);
RoleDefinitionBindingCollection grpRole = new RoleDefinitionBindingCollection(clientContext);
RoleDefinition grpRoleDef = null;
switch (item.Permissions.ToLower(new CultureInfo("en-US", false)))
{
case "contribute":
grpRoleDef = site.RoleDefinitions.GetByType(RoleType.Contributor);
break;
case "fullcontrol":
case "full control":
grpRoleDef = site.RoleDefinitions.GetByType(RoleType.Administrator);
break;
case "read":
default:
grpRoleDef = site.RoleDefinitions.GetByType(RoleType.Reader);
break;
}
grpRole.Add(grpRoleDef);
site.RoleAssignments.Add(currentGrp, grpRole);
clientContext.Load(currentGrp);
clientContext.Load(grpRole);
clientContext.ExecuteQuery();
Console.WriteLine("Successfully assigned " + item.Permissions + " to group " + item.GroupName);
}
/// <summary>
/// Assign Full control permission to items of specified list
/// </summary>
/// <param name="clientContext">Client context</param>
/// <param name="list">SharePoint List object to assign full control over list-items</param>
private static void AssignFullControltoListItem(ClientContext clientContext, List list)
{
try
{
CamlQuery query = new CamlQuery();
query.ViewXml = ConfigurationManager.AppSettings["ListQuery"];
ListItemCollection listItems = list.GetItems(query);
clientContext.Load(listItems);
clientContext.ExecuteQuery();
clientContext.Load(list, lst => lst.EntityTypeName);
clientContext.ExecuteQuery();
RoleDefinition fullControl = clientContext.Web.RoleDefinitions.GetByType(RoleType.Administrator);
clientContext.Load(fullControl);
clientContext.ExecuteQuery();
ErrorMessage.ShowMessage(string.Format(CultureInfo.InvariantCulture, ConfigurationManager.AppSettings["ItemNotFound"], listItems.Count, list.EntityTypeName), ErrorMessage.MessageType.Notification);
UpdateItems(clientContext, listItems, fullControl);
}
catch (Exception exception)
{
ErrorLogger.LogErrorToTextFile(errorFilePath, string.Concat(exception.Message, "\n", exception.StackTrace));
}
}
public static void DeleteRoleDefinition(this RoleDefinitionCollection roleDefinitions, string name)
{
RoleDefinition roleDefinition = roleDefinitions.GetByName(name);
roleDefinition.DeleteObject();
roleDefinitions.Context.ExecuteQuery();
}
public async Task <List <SelectionItem <string> > > GetUserRolesAsync(int userId)
{
using (UserDefinitionDataProvider userDP = new UserDefinitionDataProvider()) {
List <SelectionItem <string> > list = new List <SelectionItem <string> >();
UserDefinition user = await userDP.GetItemByUserIdAsync(userId);
if (user != null)
{
using (RoleDefinitionDataProvider roleDP = new RoleDefinitionDataProvider()) {
List <RoleDefinition> allRoles = roleDP.GetAllRoles();
foreach (Role r in user.RolesList)
{
RoleDefinition roleDef = (from a in allRoles where a.RoleId == r.RoleId select a).FirstOrDefault();
if (roleDef != null)
{
list.Add(new SelectionItem <string> {
Text = roleDef.Name, Tooltip = roleDef.Description, Value = roleDef.Id
});
}
}
}
}
return(list);
}
}
public async Task <ActionResult> RolesEdit_Partial(EditModel model)
{
using (RoleDefinitionDataProvider dataProvider = new RoleDefinitionDataProvider()) {
string originalRole = model.OriginalName;
RoleDefinition role = await dataProvider.GetItemAsync(originalRole);// get the original item
if (role == null)
{
throw new Error(this.__ResStr("alreadyDeleted", "The role named \"{0}\" has been removed and can no longer be updated.", originalRole));
}
if (!ModelState.IsValid)
{
return(PartialView(model));
}
role = model.GetData(role); // merge new data into original
model.SetData(role); // and all the data back into model for final display
switch (await dataProvider.UpdateItemAsync(originalRole, role))
{
default:
case UpdateStatusEnum.RecordDeleted:
throw new Error(this.__ResStr("alreadyDeleted", "The role named \"{0}\" has been removed and can no longer be updated.", originalRole));
case UpdateStatusEnum.NewKeyExists:
ModelState.AddModelError(nameof(model.Name), this.__ResStr("alreadyExists", "A role named \"{0}\" already exists.", model.Name));
return(PartialView(model));
case UpdateStatusEnum.OK:
break;
}
return(FormProcessed(model, this.__ResStr("okSaved", "Role \"{0}\" saved", role.Name), OnPopupClose: OnPopupCloseEnum.ReloadModule));
}
}
/// <summary>
/// Assigns permissions to users on the specified list item.
/// </summary>
/// <param name="clientcontext">Client context object</param>
/// <param name="listName">Site pages library</param>
/// <param name="users">List of users</param>
/// <param name="permission">Permission to grant</param>
/// <param name="listItemId">Unique list item Id for permissions assignment</param>
/// <returns>Status of permission assignment</returns>
internal static string AssignUserPermissionsToItem(ClientContext clientcontext, string listName, List <string> users, string permission, int listItemId)
{
{
string returnvalue = "false";
try
{
List <string> permissions = new List <string>();
permissions.Add(permission);
Web web = clientcontext.Web;
clientcontext.Load(web.RoleDefinitions);
ListItem listItem = web.Lists.GetByTitle(listName).GetItemById(listItemId);
clientcontext.Load(listItem, item => item.HasUniqueRoleAssignments);
clientcontext.ExecuteQuery();
if (listItem.HasUniqueRoleAssignments)
{
if (null != permissions && null != users) //matter.permissions=read/limited access/contribute/ full control/ view only
{
foreach (string rolename in permissions)
{
try
{
RoleDefinitionCollection roleDefinitions = clientcontext.Web.RoleDefinitions;
RoleDefinition role = (from roleDef in roleDefinitions
where roleDef.Name == rolename
select roleDef).First();
foreach (string user in users)
{
//get the user object
Principal userprincipal = clientcontext.Web.EnsureUser(user);
//create the role definition binding collection
RoleDefinitionBindingCollection roledefinitionbindingcollection = new RoleDefinitionBindingCollection(clientcontext);
//add the role definition to the collection
roledefinitionbindingcollection.Add(role);
//create a role assignment with the user and role definition
listItem.RoleAssignments.Add(userprincipal, roledefinitionbindingcollection);
}
//execute the query to add everything
clientcontext.ExecuteQuery();
}
catch (Exception exception)
{
MatterProvisionHelperFunction.DisplayAndLogError(errorFilePath, "Message: " + exception.Message + "\nStacktrace: " + exception.StackTrace);
throw; // Check
}
}
}
// success. return a success code
returnvalue = "true";
}
}
catch (Exception exception)
{
MatterProvisionHelperFunction.DisplayAndLogError(errorFilePath, string.Format(CultureInfo.InvariantCulture, ConfigurationManager.AppSettings["ErrorMessage"], "assigning Permission"));
MatterProvisionHelperFunction.DisplayAndLogError(errorFilePath, "Message: " + exception.Message + "\nStacktrace: " + exception.StackTrace);
throw;
}
return(returnvalue);
}
}
/// <summary>
/// Assigns item level permission
/// </summary>
/// <param name="clientContext">Client context object</param>
/// <param name="listName">List name</param>
/// <param name="listItemId">List item id</param>
internal static void AssignItemPermission(ClientContext clientContext, string listName, int listItemId)
{
try
{
if (null != clientContext && !string.IsNullOrEmpty(listName))
{
ListItem listItem = clientContext.Web.Lists.GetByTitle(listName).GetItemById(listItemId);
clientContext.Load(listItem, item => item.HasUniqueRoleAssignments);
clientContext.ExecuteQuery();
if (listItem.HasUniqueRoleAssignments)
{
SecurableObject listItemObject = listItem;
ClientRuntimeContext clientRuntimeContext = clientContext;
// get the user object
Principal userPrincipal = clientContext.Web.AssociatedOwnerGroup;
string roleName = ConfigurationManager.AppSettings["Role"];
RoleDefinition roleDefinition = clientContext.Web.RoleDefinitions.GetByName(roleName);
// create the role definition binding collection
RoleDefinitionBindingCollection roleDefinitionBindingCollection = new RoleDefinitionBindingCollection(clientRuntimeContext);
// add the role definition to the collection
roleDefinitionBindingCollection.Add(roleDefinition);
// create a RoleAssigment with the user and role definition
listItemObject.RoleAssignments.Add(userPrincipal, roleDefinitionBindingCollection);
clientRuntimeContext.ExecuteQuery();
}
}
}
catch (Exception exception)
{
ErrorLogger.DisplayErrorMessage(string.Format(CultureInfo.InvariantCulture, Constants.AssigningPermissionsExceptionMessage, Constants.SettingsPage, exception.Message));
}
}
internal ProviderPermission(string applicationId, RoleDefinition roleDefinition, RoleDefinition managedByRoleDefinition, ProviderAuthorizationConsentState?providerAuthorizationConsentState)
{
ApplicationId = applicationId;
RoleDefinition = roleDefinition;
ManagedByRoleDefinition = managedByRoleDefinition;
ProviderAuthorizationConsentState = providerAuthorizationConsentState;
}
public static void DeleteRoleDefinition(this RoleDefinitionCollection roleDefinitions, int id)
{
RoleDefinition roleDefinition = roleDefinitions.GetById(id);
roleDefinition.DeleteObject();
roleDefinitions.Context.ExecuteQuery();
}
public RoleDefinition GetData()
{
RoleDefinition data = new RoleDefinition();
ObjectSupport.CopyData(this, data);
return(data);
}
public RoleDefinition CreateRoleWithSectionId(RoleDefinition role, int sectionId)
{
var dalRole = Mapper.Map <DAL.Models.Role>(role);
var newRole = DbEditorService.CreateRoleWithSectionId(dalRole, sectionId);
return(Mapper.Map <UI.RoleDefinition>(newRole));
}
public UserObject(string userName, string email, string name, string notes, RoleDefinition roleDefinition)
{
GroupName = string.Empty;
UserName = userName;
Email = email;
Name = name;
Notes = notes;
Role = roleDefinition;
}
public static RoleDefinition CreateRoleDefinition(this RoleDefinitionCollection roleDefinitions, RoleDefinitionCreationInformation roleDefCreateInfo)
{
RoleDefinition roleDefinition = roleDefinitions.Add(roleDefCreateInfo);
roleDefinitions.Context.Load(roleDefinition);
roleDefinitions.Context.ExecuteQuery();
return(roleDefinition);
}
public void DCMAddUserRole(int storageObjID, string userAccount, string rolename)
{
(storageObjID > 0).FalseThrow <ArgumentException>("ID值{0}无效,请传入大于0的值.", storageObjID);
using (DocLibContext context = new DocLibContext(ServiceHelper.GetDocumentLibraryName()))
{
context.Load(context.Web.RoleDefinitions);
context.ExecuteQuery();
RoleDefinition selectedRoleDef = null;
foreach (RoleDefinition role in context.Web.RoleDefinitions)
{
if (role.Name == rolename)
{
selectedRoleDef = role;
break;
}
}
if (null == selectedRoleDef)
{
return;
}
context.Load(selectedRoleDef);
ListItem listItem = GetListItemById(storageObjID, context);
if (null == listItem)
{
return;
}
context.Load(listItem);
context.Load(listItem.RoleAssignments);
context.ExecuteQuery();
RoleAssignmentCollection roleAssignments = listItem.RoleAssignments;
bool userFound = false;
foreach (RoleAssignment roleAssignment in roleAssignments)
{
context.Load(roleAssignment.Member);
context.ExecuteQuery();
if (roleAssignment.Member.LoginName != userAccount)
{
continue;
}
userFound = true;
roleAssignment.RoleDefinitionBindings.Add(selectedRoleDef);
roleAssignment.Update();
}
if (!userFound)
{
RoleDefinitionBindingCollection newBinding = new RoleDefinitionBindingCollection(context);
newBinding.Add(selectedRoleDef);
User user = context.Web.EnsureUser(userAccount);
listItem.RoleAssignments.Add(user, newBinding);
listItem.Update();
}
context.ExecuteQuery();
}
}
public void DCMRemoveRole(string rolename)
{
using (DocLibContext context = new DocLibContext(ServiceHelper.GetDocumentLibraryName()))
{
RoleDefinition roleDefinition = context.Web.RoleDefinitions.GetByName(rolename);
roleDefinition.DeleteObject();
context.ExecuteQuery();
}
}
/// <summary>
/// Get permissions of specified permission level
/// </summary>
/// <param name="clientContext">Client context</param>
/// <param name="permissionLevelName">Name of permission level</param>
/// <returns>RoleDefinition object that represents specified permission level</returns>
private static RoleDefinition GetPermissionLevel(ClientContext clientContext, string permissionLevelName)
{
RoleDefinitionCollection roleDefCollection = clientContext.Web.RoleDefinitions;
clientContext.Load(roleDefCollection, item => item);
clientContext.ExecuteQuery();
RoleDefinition matterCenterContribute = roleDefCollection.Where(item => item.Name == permissionLevelName).FirstOrDefault();
return(matterCenterContribute);
}
public string[] ParseBindings(RoleDefinitionBindingCollection bindingCol)
{
string[] strPerms = new string[bindingCol.Count];
for (int i = 0; i < bindingCol.Count; i++)
{
RoleDefinition bind = bindingCol[i];
strPerms[i] = bind.Name;
}
return(strPerms);
}
/// <summary>
/// Ensures the role assignment.
/// </summary>
/// <param name="serverPrincipal">The server principal.</param>
/// <param name="storageAccountSubscriptionId">The storage account subscription identifier.</param>
/// <param name="storageAccountResourceId">The storage account resource identifier.</param>
/// <returns>RoleAssignment.</returns>
public RoleAssignment EnsureRoleAssignment(MicrosoftGraphServicePrincipal serverPrincipal, string storageAccountSubscriptionId, string storageAccountResourceId)
{
string currentSubscriptionId = AuthorizationManagementClient.SubscriptionId;
bool hasMismatchSubscription = currentSubscriptionId != storageAccountSubscriptionId;
try
{
if (hasMismatchSubscription)
{
AuthorizationManagementClient.SubscriptionId = storageAccountSubscriptionId;
}
var resourceIdentifier = new ResourceIdentifier(storageAccountResourceId);
string roleDefinitionScope = "/";
RoleDefinition roleDefinition = AuthorizationManagementClient.RoleDefinitions.Get(roleDefinitionScope, BuiltInRoleDefinitionId);
var serverPrincipalId = serverPrincipal.Id.ToString();
var roleAssignments = AuthorizationManagementClient.RoleAssignments
.ListForResource(
resourceIdentifier.ResourceGroupName,
ResourceIdentifier.GetProviderFromResourceType(resourceIdentifier.ResourceType),
resourceIdentifier.ParentResource ?? "/",
ResourceIdentifier.GetTypeFromResourceType(resourceIdentifier.ResourceType),
resourceIdentifier.ResourceName,
odataQuery: new ODataQuery <RoleAssignmentFilter>(f => f.AssignedTo(serverPrincipalId)));
var roleAssignmentScope = storageAccountResourceId;
Guid roleAssignmentId = StorageSyncResourceManager.GetGuid();
RoleAssignment roleAssignment = roleAssignments.FirstOrDefault();
if (roleAssignment == null)
{
VerboseLogger.Invoke(StorageSyncResources.CreateRoleAssignmentMessage);
var createParameters = new RoleAssignmentCreateParameters
{
Properties = new RoleAssignmentProperties
{
PrincipalId = serverPrincipalId,
RoleDefinitionId = AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromSubscriptionAndIdAsGuid(resourceIdentifier.Subscription, BuiltInRoleDefinitionId)
}
};
roleAssignment = AuthorizationManagementClient.RoleAssignments.Create(roleAssignmentScope, roleAssignmentId.ToString(), createParameters);
StorageSyncResourceManager.Wait();
}
return(roleAssignment);
}
finally
{
if (hasMismatchSubscription)
{
AuthorizationManagementClient.SubscriptionId = currentSubscriptionId;
}
}
}
private static void AddPermissionLevelImplementation(this Web web, Principal principal, RoleType permissionLevel, bool removeExistingPermissionLevels = false)
{
if (principal != null)
{
bool processed = false;
RoleAssignmentCollection rac = web.RoleAssignments;
web.Context.Load(rac);
web.Context.ExecuteQuery();
//Find the roles assigned to the principal
foreach (RoleAssignment ra in rac)
{
// correct role assignment found
if (ra.PrincipalId == principal.Id)
{
// load the role definitions for this role assignment
RoleDefinitionBindingCollection rdc = ra.RoleDefinitionBindings;
web.Context.Load(rdc);
web.Context.Load(web.RoleDefinitions);
web.Context.ExecuteQuery();
// Load the role definition to add (e.g. contribute)
RoleDefinition roleDefinition = web.RoleDefinitions.GetByType(permissionLevel);
if (removeExistingPermissionLevels)
{
// Remove current role definitions by removing all current role definitions
rdc.RemoveAll();
}
// Add the selected role definition
rdc.Add(roleDefinition);
//update
ra.ImportRoleDefinitionBindings(rdc);
ra.Update();
web.Context.ExecuteQuery();
// Leave the for each loop
processed = true;
break;
}
}
// For a principal without role definitions set we follow a different code path
if (!processed)
{
RoleDefinitionBindingCollection rdc = new RoleDefinitionBindingCollection(web.Context);
RoleDefinition roleDefinition = web.RoleDefinitions.GetByType(permissionLevel);
rdc.Add(roleDefinition);
web.RoleAssignments.Add(principal, rdc);
web.Context.ExecuteQuery();
}
}
}
static List<RoleDefinition> GetRoleDefinitions(List<AppGroupAssignmentEntity> appGroupAssignments, string action)
{
List<RoleDefinition> roleDefinitions = new List<RoleDefinition>();
foreach (AppGroupAssignmentEntity assignment in appGroupAssignments)
{
RoleDefinition roleDefinition = new RoleDefinition();
roleDefinition.Id = assignment.RowKey; // groupObejectId -> role id
roleDefinition.Name = assignment.GroupName;
roleDefinition.Scopes = new List<string>();
roleDefinition.Scopes.Add("/");
Permission permission = new Permission();
permission.Actions = new List<string>();
permission.Actions.Add("/" + assignment.PartitionKey + "/" + action); // "/appId/action"
roleDefinition.Permissions.Add(permission);
roleDefinitions.Add(roleDefinition);
}
return roleDefinitions;
}
public SPDGClientRoleDefinition(RoleDefinition roleDefinition)
{
_roleDefinition = roleDefinition;
}
private static void AddPermissionLevelImplementation(this SecurableObject securableObject, Principal principal, RoleDefinition roleDefinition, bool removeExistingPermissionLevels = false)
{
if (principal != null)
{
bool processed = false;
RoleAssignmentCollection rac = securableObject.RoleAssignments;
securableObject.Context.Load(rac);
securableObject.Context.ExecuteQueryRetry();
//Find the roles assigned to the principal
foreach (RoleAssignment ra in rac)
{
// correct role assignment found
if (ra.PrincipalId == principal.Id)
{
// load the role definitions for this role assignment
RoleDefinitionBindingCollection rdc = ra.RoleDefinitionBindings;
securableObject.Context.Load(rdc);
securableObject.Context.ExecuteQueryRetry();
// Load the role definition to add (e.g. contribute)
if (removeExistingPermissionLevels)
{
// Remove current role definitions by removing all current role definitions
rdc.RemoveAll();
}
// Add the selected role definition
rdc.Add(roleDefinition);
//update
ra.ImportRoleDefinitionBindings(rdc);
ra.Update();
securableObject.Context.ExecuteQueryRetry();
// Leave the for each loop
processed = true;
break;
}
}
// For a principal without role definitions set we follow a different code path
if (!processed)
{
RoleDefinitionBindingCollection rdc = new RoleDefinitionBindingCollection(securableObject.Context);
rdc.Add(roleDefinition);
securableObject.RoleAssignments.Add(principal, rdc);
securableObject.Context.ExecuteQueryRetry();
}
}
}
private static void RemovePermissionLevelImplementation(this SecurableObject securableObject, Principal principal, RoleDefinition roleDefinition, bool removeAllPermissionLevels = false)
{
if (principal != null)
{
RoleAssignmentCollection rac = securableObject.RoleAssignments;
securableObject.Context.Load(rac);
securableObject.Context.ExecuteQueryRetry();
//Find the roles assigned to the principal
foreach (RoleAssignment ra in rac)
{
// correct role assignment found
if (ra.PrincipalId == principal.Id)
{
// load the role definitions for this role assignment
RoleDefinitionBindingCollection rdc = ra.RoleDefinitionBindings;
securableObject.Context.Load(rdc);
securableObject.Context.ExecuteQueryRetry();
if (removeAllPermissionLevels)
{
// Remove current role definitions by removing all current role definitions
rdc.RemoveAll();
}
else
{
// Load the role definition to remove (e.g. contribute)
rdc.Remove(roleDefinition);
}
//update
ra.ImportRoleDefinitionBindings(rdc);
ra.Update();
securableObject.Context.ExecuteQueryRetry();
// Leave the for each loop
break;
}
}
}
}
private void GiveRightsToGroup(Group group, RoleDefinition role, string listtitle, int listitemid, bool removeVisitors) {
List listOwners = _ctx.Web.Lists.GetByTitle(listtitle);
ListItem li = listOwners.GetItemById(listitemid);
li.BreakRoleInheritance(true, true);
IEnumerable<RoleAssignment> assignments = _ctx.LoadQuery(li.RoleAssignments.Include(ra => ra.Member, ra => ra.RoleDefinitionBindings.Include(rd => rd.Name)));
_ctx.ExecuteQuery();
if (removeVisitors) {
RoleAssignment raBesokare = null;
foreach (var assign in assignments) {
string loginname = assign.Member.LoginName.ToLower();
if (loginname == "besökare på borlänge") {
raBesokare = assign;
}
}
if (raBesokare != null) {
raBesokare.DeleteObject();
}
}
try {
_ctx.Load(role);
RoleDefinitionBindingCollection rdb = new RoleDefinitionBindingCollection(_ctx);
rdb.Add(role);
li.RoleAssignments.Add(group, rdb);
li.Update();
}
catch (Exception ex) {
MessageBox.Show(ex.Message);
}
}
/// <summary>
/// Add a SharePoint group into list
/// </summary>
/// <param name="groupName">Group name</param>
/// <param name="clientContext">Client context</param>
/// <param name="list">List to which group added</param>
/// <param name="matterCenterContribute">RoleDefinition/PermissionLevel that assigned to group</param>
private static void AddGroupToList(string groupName, ClientContext clientContext, List list, RoleDefinition matterCenterContribute)
{
Group matterCenterGroup = clientContext.Web.SiteGroups.GetByName(groupName);
clientContext.Load(matterCenterGroup);
clientContext.ExecuteQuery();
Principal MCGroup = matterCenterGroup;
RoleDefinitionBindingCollection grpRole = new RoleDefinitionBindingCollection(clientContext);
grpRole.Add(matterCenterContribute);
list.RoleAssignments.Add(MCGroup, grpRole);
list.Update();
clientContext.ExecuteQuery();
}
public SecurityRoleReverseHost(ClientContext clientContext, RoleDefinition group)
: base(clientContext)
{
HostRole = group;
}
/// <summary>
/// Assign existing permission level to group
/// </summary>
/// <param name="clientContext">Client context</param>
/// <param name="matterCenterContribute">Role to assign a group</param>
/// <param name="group">RoleAssignment to which permission added</param>
private static void AssignPermissionLevelToGroup(ClientContext clientContext, RoleDefinition matterCenterContribute, RoleAssignment group)
{
clientContext.Load(group.RoleDefinitionBindings, item => item.Include(items => items.Name, items => items.BasePermissions));
clientContext.ExecuteQuery();
RoleDefinitionBindingCollection rolesAssignedToGroup = group.RoleDefinitionBindings;
clientContext.Load(rolesAssignedToGroup, role => role.Include(item => item.Name, item => item.BasePermissions));
clientContext.ExecuteQuery();
RoleDefinition roleDefinition = rolesAssignedToGroup.Select(item => item).Where(item => item.Name == matterCenterContribute.Name).FirstOrDefault();
if (null == roleDefinition)
{
group.RoleDefinitionBindings.Add(matterCenterContribute);
group.Update();
clientContext.ExecuteQuery();
ErrorMessage.ShowMessage(string.Format(CultureInfo.InvariantCulture, ConfigurationManager.AppSettings["PermissionAssign"], matterCenterContribute.Name, group.Member.Title), ErrorMessage.MessageType.Notification);
}
}
/// <summary>
/// Method to update items
/// </summary>
/// <param name="clientContext">client context</param>
/// <param name="listItems">list item collection</param>
/// <param name="fullControl">role definition</param>
private static void UpdateItems(ClientContext clientContext, ListItemCollection listItems, RoleDefinition fullControl)
{
foreach (ListItem item in listItems) // For each list item
{
User itemOwner = GetAuthor(clientContext, item);
// 2. break permissions for list item
item.BreakRoleInheritance(false, true);
// 3. Assign full control to user on list item
Principal user = itemOwner;
RoleDefinitionBindingCollection roleDefinitionBinding = new RoleDefinitionBindingCollection(clientContext);
roleDefinitionBinding.Add(fullControl);
item.RoleAssignments.Add(user, roleDefinitionBinding);
item.Update();
clientContext.ExecuteQuery();
ErrorMessage.ShowMessage(string.Format(CultureInfo.InvariantCulture, ConfigurationManager.AppSettings["PermissionUpdate"]), ErrorMessage.MessageType.Notification);
}
}
public RoleDefinitionToken(Web web, RoleDefinition definition)
: base(web, string.Format("{{roledefinition:{0}}}", definition.RoleTypeKind.ToString()))
{
name = definition.EnsureProperty(r => r.Name);
}
private static void AddPermissionLevelImplementation(this SecurableObject securableObject, Principal principal, RoleDefinition roleDefinition, bool removeExistingPermissionLevels = false)
{
if (principal == null)
{
return;
}
var roleAssignments = securableObject.RoleAssignments;
securableObject.Context.Load(roleAssignments);
securableObject.Context.ExecuteQueryRetry();
var roleAssignment = roleAssignments.FirstOrDefault(ra => ra.PrincipalId.Equals(principal.Id));
//current principal doesn't have any roles assigned for this securableObject
if (roleAssignment == null)
{
var rdc = new RoleDefinitionBindingCollection(securableObject.Context);
rdc.Add(roleDefinition);
securableObject.RoleAssignments.Add(principal, rdc);
securableObject.Context.ExecuteQueryRetry();
}
else //current principal has roles assigned for this securableObject, then add new role definition for the role assignment
{
var roleDefinitionBindings = roleAssignment.RoleDefinitionBindings;
securableObject.Context.Load(roleDefinitionBindings);
securableObject.Context.ExecuteQueryRetry();
// Load the role definition to add (e.g. contribute)
if (removeExistingPermissionLevels)
{
// Remove current role definitions by removing all current role definitions
roleDefinitionBindings.RemoveAll();
}
// Add the selected role definition
if (!roleDefinitionBindings.Any(r => r.Name.Equals(roleDefinition.EnsureProperty(rd => rd.Name))))
{
roleDefinitionBindings.Add(roleDefinition);
//update
roleAssignment.ImportRoleDefinitionBindings(roleDefinitionBindings);
roleAssignment.Update();
securableObject.Context.ExecuteQueryRetry();
}
}
}
private static void RemovePermissionLevelImplementation(this SecurableObject securableObject, Principal principal, RoleDefinition roleDefinition, bool removeAllPermissionLevels = false)
{
if (principal == null)
{
return;
}
var roleAssignments = securableObject.RoleAssignments;
securableObject.Context.Load(roleAssignments);
securableObject.Context.ExecuteQueryRetry();
var roleAssignment = roleAssignments.FirstOrDefault(ra => ra.PrincipalId.Equals(principal.Id));
if (roleAssignment != null)
{
// load the role definitions for this role assignment
var rdc = roleAssignment.RoleDefinitionBindings;
securableObject.Context.Load(rdc);
securableObject.Context.ExecuteQueryRetry();
if (removeAllPermissionLevels)
{
// Remove current role definitions by removing all current role definitions
rdc.RemoveAll();
}
else
{
// Load the role definition to remove (e.g. contribute)
rdc.Remove(roleDefinition);
}
//update
roleAssignment.ImportRoleDefinitionBindings(rdc);
roleAssignment.Update();
securableObject.Context.ExecuteQueryRetry();
}
}
