Esempio n. 1
0
        internal static void CheckBypassRulePermission(TfsTeamProjectCollection tfs)
        {
            // Verify whether the user is in the service account group. Throw an exception if it is not.
            IGroupSecurityService gss       = (IGroupSecurityService)tfs.GetService(typeof(IGroupSecurityService));
            Identity serviceAccountIdentity = gss.ReadIdentity(SearchFactor.ServiceApplicationGroup, null, QueryMembership.None);

            TeamFoundationIdentity authenticatedUser;

            tfs.GetAuthenticatedIdentity(out authenticatedUser);
            if (null == authenticatedUser)
            {
                return;
            }

            Identity authenticatedUserId = gss.Convert(authenticatedUser);

            if (!gss.IsMember(serviceAccountIdentity.Sid, authenticatedUserId.Sid))
            {
                throw new PermissionException(
                          string.Format(TfsWITAdapterResources.UserNotInServiceAccountGroup, authenticatedUser.DisplayName, tfs.Uri.ToString()),
                          authenticatedUserId.AccountName, authenticatedUserId.Domain, serviceAccountIdentity.DisplayName);
            }
            TraceManager.TraceInformation("BypassRulePermission verified for user '{0}'", authenticatedUser.DisplayName);
        }