public void GrantUserObjectAccess(ISiteSetting siteSetting, Guid objectId, string objectLogicalName, Guid userId, int accessrightmask)
{
IOrganizationService organizationService = GetClientContext(siteSetting);
//no delete access
GrantAccessRequest grant = new GrantAccessRequest();
grant.Target = new EntityReference(objectLogicalName, objectId);
PrincipalAccess principal = new PrincipalAccess();
principal.Principal = new EntityReference("systemuser", userId);
principal.AccessMask = AccessRights.ReadAccess | AccessRights.AppendAccess | AccessRights.WriteAccess | AccessRights.AppendToAccess | AccessRights.ShareAccess | AccessRights.AssignAccess;
grant.PrincipalAccess = principal;
try
{
GrantAccessResponse grant_response = (GrantAccessResponse)organizationService.Execute(grant);
}
catch (Exception ex)
{
throw ex;
}
/*
* Entity account = new Entity("principalobjectaccess");
* account["objectid"] = objectId;
* account["principalid"] = userId;
* account["accessrightsmask"] = accessrightmask;
* Guid _accountId = organizationService.Create(account);
*/
}
/// <summary>
/// Grants the specified rights to the security principal (user or team) for the specified record
/// </summary>
/// <param name="er"></param>
/// <param name="pa"></param>
public void GrantAccessTo(EntityReference er, PrincipalAccess pa)
{
List <PrincipalAccess> accessList = GetAccessListForRecord(er);
if (!accessList.Contains(pa))
{
accessList.Add(pa);
}
}
public void ModifyAccess(EntityReference target, PrincipalAccess access)
{
var req = new ModifyAccessRequest()
{
Target = target,
PrincipalAccess = access
};
this.Execute(req);
}
/// <summary>
/// Grants the specified rights to the security principal (user or team) for the specified record
/// </summary>
/// <param name="er"></param>
/// <param name="pa"></param>
public void GrantAccessTo(EntityReference er, PrincipalAccess pa)
{
List <PrincipalAccess> accessList = GetAccessListForRecord(er);
PrincipalAccess paMatch = accessList.Where(p => p.Principal.Id == pa.Principal.Id).SingleOrDefault();
if (paMatch == null)
{
accessList.Add(pa);
}
}
internal void ModifyAccess(EntityReference target, PrincipalAccess principalAccess, EntityReference userRef)
{
var entity = Core.GetDbEntityWithRelatedEntities(target, EntityRole.Referenced, userRef);
CheckSharingAccess(entity, principalAccess, userRef);
if (Shares.ContainsKey(target) && Shares[target].ContainsKey(principalAccess.Principal))
{
Shares[target][principalAccess.Principal] = principalAccess.AccessMask;
}
}
/// <summary>
/// Revokes any access to any record for the specified security principal (kind of 'Clear All')
/// </summary>
/// <param name="er"></param>
/// <param name="pa"></param>
public void RevokeAccessToAllRecordsTo(PrincipalAccess pa)
{
foreach (EntityReference er in _accessRights.Keys)
{
List <PrincipalAccess> accessList = GetAccessListForRecord(er);
if (accessList.Contains(pa))
{
accessList.Remove(pa);
}
}
}
private void CheckSharingAccess(Entity entity, PrincipalAccess principalAccess, EntityReference userRef)
{
if (!HasPermission(entity, AccessRights.ShareAccess, userRef))
{
throw new FaultException($"Trying to share entity '{entity.LogicalName}'" +
$", but the calling user with id '{userRef.Id}' does not have share access for that entity");
}
if (principalAccess.AccessMask.GetAccessRights().Any(r => !HasPermission(entity, r, userRef)))
{
throw new FaultException($"Trying to share entity '{entity.LogicalName}'" +
$", but the calling user with id '{userRef.Id}' does not have the privileges it tries to share");
}
}
/// <summary>
/// Revokes the specified rights to the security principal (user or team) for the specified record
/// </summary>
/// <param name="er"></param>
/// <param name="pa"></param>
public void RevokeAccessTo(EntityReference er, EntityReference principal)
{
List <PrincipalAccess> accessList = GetAccessListForRecord(er);
for (int x = accessList.Count - 1; x >= 0; x--)
{
PrincipalAccess pa = accessList[x];
if (pa.Principal.Id == principal.Id)
{
accessList.RemoveAt(x);
}
}
}
/// <summary>
/// Retrieves the RetrievePrincipalAccessResponse for the specified security principal (user or team) and record
/// </summary>
/// <param name="er"></param>
/// <param name="principal"></param>
public RetrievePrincipalAccessResponse RetrievePrincipalAccess(EntityReference er, EntityReference principal)
{
List <PrincipalAccess> accessList = GetAccessListForRecord(er);
PrincipalAccess pAcc = accessList.Where(pa => pa.Principal.Id == principal.Id).SingleOrDefault();
RetrievePrincipalAccessResponse resp = new RetrievePrincipalAccessResponse();
if (pAcc != null)
{
resp.Results["AccessRights"] = pAcc.AccessMask;
}
return(resp);
}
/// <summary>
/// Modify access on a specific record
/// </summary>
/// <param name="er">The entity for which we are modifying permissions</param>
/// <param name="pa">The permissions to overwrite</param>
public void ModifyAccessOn(EntityReference er, PrincipalAccess pa)
{
List <PrincipalAccess> accessList = GetAccessListForRecord(er);
PrincipalAccess paMatch = accessList.Where(p => p.Principal.Id == pa.Principal.Id).SingleOrDefault();
if (paMatch != null)
{
accessList[accessList.IndexOf(paMatch)] = pa;
}
else
{
accessList.Add(pa);
}
}
public void GrantAccess(EntityReference Record, EntityReference Principal, AccessRights AccessRights)
{
PrincipalAccess principalAccess = new PrincipalAccess();
principalAccess.Principal = Principal;
principalAccess.AccessMask = AccessRights;
GrantAccessRequest grantAccessRequest = new GrantAccessRequest();
grantAccessRequest.Target = Record;
grantAccessRequest.PrincipalAccess = principalAccess;
GrantAccessResponse grantAccessResponse = (GrantAccessResponse)OrganizationService.Execute(grantAccessRequest);
}
/// <summary>
/// Grants a specific user Read Access to a specific Entity record.
/// </summary>
/// <param name="OrganizationService"></param>
/// <param name="Record">EntityReference of the record.</param>
/// <param name="UserId">GUID of user that is getting access.</param>
public void GrantUserReadAccess(EntityReference Record, Guid UserId)
{
PrincipalAccess principalAccess = new PrincipalAccess();
principalAccess.Principal = new EntityReference("systemuser", UserId);
principalAccess.AccessMask = AccessRights.ReadAccess;
GrantAccessRequest grantAccessRequest = new GrantAccessRequest();
grantAccessRequest.Target = Record;
grantAccessRequest.PrincipalAccess = principalAccess;
GrantAccessResponse grantAccessResponse = (GrantAccessResponse)OrganizationService.Execute(grantAccessRequest);
}
internal void GrantAccess(EntityReference target, PrincipalAccess principalAccess, EntityReference userRef)
{
var entity = Core.GetDbEntityWithRelatedEntities(target, EntityRole.Referenced, userRef);
CheckSharingAccess(entity, principalAccess, userRef);
if (!Shares.ContainsKey(target))
{
Shares.Add(target, new Dictionary <EntityReference, AccessRights>());
}
if (Shares[target].ContainsKey(principalAccess.Principal))
{
throw new FaultException($"Trying to share record with logicalname '{target.LogicalName}' and id '{target.Id}' with " +
$"'{principalAccess.Principal.LogicalName}' with id '{principalAccess.Principal.Id}'" +
$", but the record was already shared with the {principalAccess.Principal.LogicalName}");
}
Shares[target].Add(principalAccess.Principal, principalAccess.AccessMask);
}
