public void Entity_Not_Granted_Access_Does_Not_Have_Access()
{
var context = new XrmFakedContext();
var contact = new Contact {
Id = Guid.NewGuid()
};
var user = new SystemUser {
Id = Guid.NewGuid()
};
context.Initialize(new List <Entity>
{
contact, user
});
var service = context.GetFakedOrganizationService();
RetrievePrincipalAccessRequest rpar = new RetrievePrincipalAccessRequest
{
Target = contact.ToEntityReference(),
Principal = user.ToEntityReference()
};
RetrievePrincipalAccessResponse rpaResp = (RetrievePrincipalAccessResponse)service.Execute(rpar);
Assert.Equal(AccessRights.None, rpaResp.AccessRights);
}
public async Task RetrievePrincipalAccessRequest_Query_IsCorrect()
{
Uri requestUri = null;
var httpClient = new HttpClient(new MockedHttpMessageHandler((request) =>
{
requestUri = request.RequestUri;
return(Task.FromResult(new HttpResponseMessage(HttpStatusCode.NoContent)));
}));
var crmClient = FakeCrmWebApiClient.Create(httpClient);
var principal = new EntityReference("systemuser", Guid.NewGuid());
var accountRef = new EntityReference("account", Guid.NewGuid());
var crmRequest = new RetrievePrincipalAccessRequest(principal, accountRef);
await crmClient.ExecuteAsync(crmRequest);
var queryParams = QueryHelpers.ParseQuery(requestUri.Query);
queryParams.ContainsKey($"@{nameof(crmRequest.Target)}").Should()
.BeTrue();
queryParams[$"@{nameof(crmRequest.Target)}"].ToString().Should()
.Be($"{{\"@odata.id\":\"accounts({accountRef.Id})\"}}");
}
public AccessRights GetAccessRights(EntityReference Record, EntityReference Principal)
{
RetrievePrincipalAccessRequest req = new RetrievePrincipalAccessRequest
{
Principal = Principal,
Target = Record
};
RetrievePrincipalAccessResponse resp = (RetrievePrincipalAccessResponse)OrganizationService.Execute(req);
return(resp.AccessRights);
}
/// <summary>
/// Retrieve the <c>access rights</c> of the specified user to the specified record.
/// <para>
/// For more information look at https://msdn.microsoft.com/en-us/library/microsoft.crm.sdk.messages.retrieveprincipalaccessrequest(v=crm.8).aspx
/// </para>
/// </summary>
/// <param name="id"></param>
/// <param name="targetRecordLogicalName"></param>
/// <param name="targetRecordId"></param>
/// <returns>
/// <see cref="RetrievePrincipalAccessResponse"/>.
/// You can get <c>Access Rights</c> from <see cref="RetrievePrincipalAccessResponse.AccessRights"/> propert.
/// </returns>
public RetrievePrincipalAccessResponse GetAccessRights(Guid id, string targetRecordLogicalName, Guid targetRecordId)
{
ExceptionThrow.IfGuidEmpty(id, "id");
ExceptionThrow.IfGuidEmpty(targetRecordId, "entityId");
ExceptionThrow.IfNullOrEmpty(targetRecordLogicalName, "entityName");
RetrievePrincipalAccessRequest request = new RetrievePrincipalAccessRequest()
{
Principal = new EntityReference(this.EntityName, id),
Target = new EntityReference(targetRecordLogicalName, targetRecordId)
};
return((RetrievePrincipalAccessResponse)this.OrganizationService.Execute(request));
}
public bool HasEntityPrivilege(PAUser user, EntityReference entityId, PrivilegeTypes privilegeType)
{
var metaDateType = _paMetadataServiceCacheProxy.GetEntityMetadata(entityId.LogicalName);
if (metaDateType.OwnershipType.HasValue)
{
switch (metaDateType.OwnershipType.Value)
{
case Microsoft.Xrm.Sdk.Metadata.OwnershipTypes.UserOwned:
RetrievePrincipalAccessRequest request = new RetrievePrincipalAccessRequest();
request.Principal = new EntityReference("systemuser", user.EntityRecord.Id);
request.Target = entityId;
IOrganizationService orgService = ContextContainer.GetValue <IOrganizationService>(ContextTypes.OrgService);
var response = (RetrievePrincipalAccessResponse)orgService.Execute(request);
if (response.AccessRights.HasFlag((AccessRights)(int)privilegeType))
{
return(true);
}
else
{
return(false);
}
case Microsoft.Xrm.Sdk.Metadata.OwnershipTypes.OrganizationOwned:
var result = HasEntityPrivilege(user, entityId.LogicalName, privilegeType, PrivilegeDepths.Basic);
return(result);
default:
return(false);
}
}
else
{
var fragment = new TextFragment()
{
Code = TextCodes.EntityNotCheckPrivilege,
DefaultFormatting = "实体{0}无法判断权限,它的OwnershipType为空",
ReplaceParameters = new List <object>()
{
entityId.LogicalName
}
};
throw new UtilityException((int)Errors.EntityNotCheckPrivilege, fragment);
}
}
/// <summary>
/// Retrieve and display principal access information.
/// </summary>
/// <param name="entityReference"></param>
/// <param name="principal"></param>
/// <param name="additionalIdentifier"></param>
private void RetrieveAndDisplayPrincipalAccess(EntityReference entityReference,
EntityReference principal, String additionalIdentifier)
{
var principalAccessReq = new RetrievePrincipalAccessRequest
{
Principal = principal,
Target = entityReference
};
var principalAccessRes = (RetrievePrincipalAccessResponse)
_serviceProxy.Execute(principalAccessReq);
Console.WriteLine("Access rights of {0} ({1}) on the entity: {2}\r\n",
String.Format("{0} with GUID {1}", principal.LogicalName,
principal.Id), additionalIdentifier,
principalAccessRes.AccessRights);
}
private void RetrieveAndDisplayPrincipalAccess(EntityReference leadReference,
EntityReference principal, String additionalIdentifier)
{
var principalAccessReq = new RetrievePrincipalAccessRequest
{
Principal = principal,
Target = leadReference
};
var principalAccessRes = (RetrievePrincipalAccessResponse)
_serviceProxy.Execute(principalAccessReq);
Console.WriteLine("Access rights of {0} ({1}) on the lead: {2}\r\n",
GetEntityReferenceString(principal),
additionalIdentifier,
principalAccessRes.AccessRights);
}
/// <summary>
/// Retrieve the access rights for the specified user against the specified object
/// </summary>
/// <param name="userId">Unique identifier of the user</param>
/// <param name="objectId">Unique identifier of the object</param>
/// <param name="entityName">Logical name of the object entity</param>
/// <returns>List of access rigths</returns>
public RetrievePrincipalAccessResponse RetrieveRights(Guid userId, Guid objectId, string entityName)
{
try
{
// Requête d'accès
var request = new RetrievePrincipalAccessRequest();
request.Principal = new EntityReference("systemuser", userId);
request.Target = new EntityReference(entityName, objectId);
return((RetrievePrincipalAccessResponse)service.Execute(request));
}
catch (Exception error)
{
throw new Exception("Error while checking rigths: " + error.Message);
}
}
private static void RetrieveAndDisplayPrincipalAccess(CrmServiceClient service, EntityReference accountReference,
EntityReference principal, String additionalIdentifier)
{
var principalAccessReq = new RetrievePrincipalAccessRequest
{
Principal = principal,
Target = accountReference
};
var principalAccessRes = (RetrievePrincipalAccessResponse)
service.Execute(principalAccessReq);
Console.WriteLine("Access rights of {0} ({1}) on the account: {2}\r\n",
GetEntityReferenceString(service, principal),
additionalIdentifier,
principalAccessRes.AccessRights);
}
public void Entity_Granted_Multiple_Access_Has_Access()
{
var context = new XrmFakedContext();
var contact = new Contact {
Id = Guid.NewGuid()
};
var user = new SystemUser {
Id = Guid.NewGuid()
};
context.Initialize(new List <Entity>
{
contact, user
});
var service = context.GetFakedOrganizationService();
GrantAccessRequest gar = new GrantAccessRequest
{
PrincipalAccess = new PrincipalAccess
{
AccessMask = AccessRights.ReadAccess | AccessRights.WriteAccess | AccessRights.DeleteAccess | AccessRights.CreateAccess,
Principal = user.ToEntityReference()
},
Target = contact.ToEntityReference()
};
service.Execute(gar);
RetrievePrincipalAccessRequest rpar = new RetrievePrincipalAccessRequest
{
Target = contact.ToEntityReference(),
Principal = user.ToEntityReference()
};
RetrievePrincipalAccessResponse rpaResp = (RetrievePrincipalAccessResponse)service.Execute(rpar);
Assert.NotEqual(AccessRights.None, rpaResp.AccessRights);
Assert.True(rpaResp.AccessRights.HasFlag(AccessRights.ReadAccess));
Assert.False(rpaResp.AccessRights.HasFlag(AccessRights.AppendAccess));
Assert.False(rpaResp.AccessRights.HasFlag(AccessRights.AppendToAccess));
Assert.False(rpaResp.AccessRights.HasFlag(AccessRights.AssignAccess));
Assert.True(rpaResp.AccessRights.HasFlag(AccessRights.CreateAccess));
Assert.True(rpaResp.AccessRights.HasFlag(AccessRights.DeleteAccess));
Assert.False(rpaResp.AccessRights.HasFlag(AccessRights.ShareAccess));
Assert.True(rpaResp.AccessRights.HasFlag(AccessRights.WriteAccess));
}
public bool DoesUserHavePrivilage(EntityReference entity, EntityReference systemuser, AccessRights access)
{
RetrievePrincipalAccessRequest request = new RetrievePrincipalAccessRequest
{
Principal = systemuser,
Target = entity
};
RetrievePrincipalAccessResponse principalAccessResponse = (RetrievePrincipalAccessResponse)ServiceProxy.Execute(request);
if ((principalAccessResponse.AccessRights & access) != AccessRights.None)
{
return(true);
}
else
{
return(false);
}
}
/// <summary>
/// Retrieve the access rights for the specified user against the specified object
/// </summary>
/// <param name="userId">Unique identifier of the user</param>
/// <param name="objectId">Unique identifier of the object</param>
/// <param name="entityName">Logical name of the object entity</param>
/// <returns>List of access rigths</returns>
public RetrievePrincipalAccessResponse RetrieveRights(Guid userId, Guid objectId, string entityName)
{
try
{
// Requête d'accès
var request = new RetrievePrincipalAccessRequest();
//var request = new RetrieveSharedPrincipalsAndAccessRequest();
request.Principal = new EntityReference("systemuser", userId);
// request.Principal = new EntityReference("team", new Guid("1e9be892-4ae6-eb11-bacb-0022489ba30f"));
request.Target = new EntityReference(entityName, objectId);
//var response = (RetrieveSharedPrincipalsAndAccessResponse)service.Execute(request);
return((RetrievePrincipalAccessResponse)service.Execute(request));
}
catch (Exception error)
{
throw new Exception("Error while checking rigths: " + error.Message);
}
}
//Contains the data that is needed to retrieve the access rights of the specified security principal (team or user) to the specified record.
public RetrievePrincipalAccessResponse RetrieveRights(Guid userId, Guid objectId, string entityName)
{
try
{
// Requête d'accès
var request = new RetrievePrincipalAccessRequest();
request.Principal = new EntityReference("systemuser", userId);
request.Target = new EntityReference(entityName, objectId);
return((RetrievePrincipalAccessResponse)service.Execute(request));
//Contains the data that is needed to retrieve all security principals (users or teams) that have access to, and access rights for, the specified record.
var accessRequest = new RetrieveSharedPrincipalsAndAccessRequest
{
Target = leadReference
};
// The RetrieveSharedPrincipalsAndAccessResponse returns an entity reference
// that has a LogicalName of "user" when returning access information for a
// "team."
var accessResponse = (RetrieveSharedPrincipalsAndAccessResponse)
svc.Execute(accessRequest);
Console.WriteLine("The following have the specified granted access to the lead.");
foreach (var principalAccess in accessResponse.PrincipalAccesses)
{
Console.WriteLine("\t{0}:\r\n\t\t{1}",
GetEntityReferenceString(principalAccess.Principal),
principalAccess.AccessMask);
}
Console.WriteLine();
}
catch (Exception error)
{
throw new Exception("Error while checking rigths: " + error.Message);
}
}
/// <summary>
/// Check <c>System User</c> 's access rights on specified record.
/// <para>
/// For more information look at https://msdn.microsoft.com/en-us/library/microsoft.crm.sdk.messages.retrieveprincipalaccessrequest(v=crm.8).aspx
/// </para>
/// </summary>
/// <param name="id"><c>System User</c> Id</param>
/// <param name="targetRecordLogicalName">Target record <c>logical name</c> for which to retrieve access rights.</param>
/// <param name="targetRecordId">Target record <c>Id</c> for which to retrieve access rights.</param>
/// <returns>
/// <c>True</c> if <c>System User</c> has any access right on the record, otherwise return <c>false</c>
/// </returns>
public bool HasAccessRight(Guid id, string targetRecordLogicalName, Guid targetRecordId)
{
ExceptionThrow.IfGuidEmpty(id, "id");
ExceptionThrow.IfGuidEmpty(targetRecordId, "entityId");
ExceptionThrow.IfNullOrEmpty(targetRecordLogicalName, "entityName");
bool result = false;
RetrievePrincipalAccessRequest request = new RetrievePrincipalAccessRequest()
{
Principal = new EntityReference(this.EntityName, id),
Target = new EntityReference(targetRecordLogicalName, targetRecordId)
};
RetrievePrincipalAccessResponse serviceResponse = (RetrievePrincipalAccessResponse)this.OrganizationService.Execute(request);
if (serviceResponse.AccessRights != AccessRights.None)
{
result = true;
}
return(result);
}
private void RetrieveAndDisplayPrincipalAccess(EntityReference leadReference,
EntityReference principal, String additionalIdentifier)
{
//<snippetUserAccess4>
var principalAccessReq = new RetrievePrincipalAccessRequest
{
Principal = principal,
Target = leadReference
};
var principalAccessRes = (RetrievePrincipalAccessResponse)
_serviceProxy.Execute(principalAccessReq);
Console.WriteLine("Access rights of {0} ({1}) on the lead: {2}\r\n",
GetEntityReferenceString(principal),
additionalIdentifier,
principalAccessRes.AccessRights);
//</snippetUserAccess4>
}
/// <summary>
/// Demonstrates sharing records by exercising various access messages including:
/// Grant, Modify, Revoke, RetrievePrincipalAccess, and
/// RetrievePrincipalsAndAccess.
/// </summary>
/// <param name="serverConfig">Contains server connection information.</param>
/// <param name="promptforDelete">When True, the user will be prompted to delete all
/// created entities.</param>
public void Run(ServerConnection.Configuration serverConfig, bool promptforDelete)
{
try
{
//<snippetSharingRecords1>
// Connect to the Organization service.
// The using statement assures that the service proxy will be properly disposed.
using (_serviceProxy = new OrganizationServiceProxy(serverConfig.OrganizationUri, serverConfig.HomeRealmUri,serverConfig.Credentials, serverConfig.DeviceCredentials))
{
// This statement is required to enable early-bound type support.
_serviceProxy.EnableProxyTypes();
_service = (IOrganizationService)_serviceProxy;
CreateRequiredRecords();
#region GrantAccess Message
// Create the request object and set the target and principal access
// object.
GrantAccessRequest grantRequest = new GrantAccessRequest()
{
Target = new EntityReference(Account.EntityLogicalName, _accountId),
PrincipalAccess = new PrincipalAccess()
{
Principal = new EntityReference(SystemUser.EntityLogicalName, _userId),
AccessMask = AccessRights.WriteAccess | AccessRights.ReadAccess | AccessRights.ShareAccess
}
};
// Execute the request.
GrantAccessResponse grantResponse =
(GrantAccessResponse)_service.Execute(grantRequest);
Console.Write("Access Granted ");
#endregion
#region ModifyAccess Message
// Create the request object and set the target and principal access
// object.
ModifyAccessRequest modifyRequest = new ModifyAccessRequest()
{
Target = new EntityReference(Account.EntityLogicalName, _accountId),
PrincipalAccess = new PrincipalAccess()
{
Principal = new EntityReference(SystemUser.EntityLogicalName, _userId),
AccessMask = AccessRights.ReadAccess | AccessRights.ShareAccess
}
};
// Execute the request.
ModifyAccessResponse modifyResponse =
(ModifyAccessResponse)_service.Execute(modifyRequest);
Console.Write("and Modified. ");
#endregion
#region RetrievePrincipalAccess Message
// Create the request object and set the target and principal.
RetrievePrincipalAccessRequest retrieveRequest = new RetrievePrincipalAccessRequest()
{
Target = new EntityReference(Account.EntityLogicalName, _accountId),
Principal = new EntityReference(SystemUser.EntityLogicalName, _userId)
};
// Execute the request.
RetrievePrincipalAccessResponse retrieveResponse =
(RetrievePrincipalAccessResponse)_service.Execute(retrieveRequest);
Console.Write("Retrieved principal access. ");
#endregion
#region RetrieveSharedPrincipalsAndAccess Message
// Create the request object and set the target.
RetrieveSharedPrincipalsAndAccessRequest retrieveSharedRequest =
new RetrieveSharedPrincipalsAndAccessRequest()
{
Target = new EntityReference(Account.EntityLogicalName, _accountId)
};
// Execute the request.
RetrieveSharedPrincipalsAndAccessResponse retrieveSharedResponse =
(RetrieveSharedPrincipalsAndAccessResponse)_service.Execute(retrieveSharedRequest);
Console.Write("Retrieved principals and access. ");
#endregion
#region RevokeAccess Message
// Create the request object and set the target and revokee.
RevokeAccessRequest revokeRequest = new RevokeAccessRequest()
{
Target = new EntityReference(Account.EntityLogicalName, _accountId),
Revokee = new EntityReference(SystemUser.EntityLogicalName, _userId)
};
// Execute the request.
RevokeAccessResponse revokeResponse =
(RevokeAccessResponse)_service.Execute(revokeRequest);
Console.Write("Revoked Access.");
#endregion
DeleteRequiredRecords(promptforDelete);
}
//</snippetSharingRecords1>
}
// Catch any service fault exceptions that Microsoft Dynamics CRM throws.
catch (FaultException<Microsoft.Xrm.Sdk.OrganizationServiceFault>)
{
// You can handle an exception here or pass it back to the calling method.
throw;
}
}
/// <summary>
/// Demonstrates sharing records by exercising various access messages including:
/// Grant, Modify, Revoke, RetrievePrincipalAccess, and
/// RetrievePrincipalsAndAccess.
/// </summary>
/// <param name="serverConfig">Contains server connection information.</param>
/// <param name="promptforDelete">When True, the user will be prompted to delete all
/// created entities.</param>
public void Run(ServerConnection.Configuration serverConfig, bool promptforDelete)
{
try
{
// Connect to the Organization service.
// The using statement assures that the service proxy will be properly disposed.
using (_serviceProxy = new OrganizationServiceProxy(serverConfig.OrganizationUri, serverConfig.HomeRealmUri, serverConfig.Credentials, serverConfig.DeviceCredentials))
{
// This statement is required to enable early-bound type support.
_serviceProxy.EnableProxyTypes();
_service = (IOrganizationService)_serviceProxy;
CreateRequiredRecords();
#region GrantAccess Message
// Create the request object and set the target and principal access
// object.
GrantAccessRequest grantRequest = new GrantAccessRequest()
{
Target = new EntityReference(Account.EntityLogicalName, _accountId),
PrincipalAccess = new PrincipalAccess()
{
Principal = new EntityReference(SystemUser.EntityLogicalName, _userId),
AccessMask = AccessRights.WriteAccess | AccessRights.ReadAccess | AccessRights.ShareAccess
}
};
// Execute the request.
GrantAccessResponse grantResponse =
(GrantAccessResponse)_service.Execute(grantRequest);
Console.Write("Access Granted ");
#endregion
#region ModifyAccess Message
// Create the request object and set the target and principal access
// object.
ModifyAccessRequest modifyRequest = new ModifyAccessRequest()
{
Target = new EntityReference(Account.EntityLogicalName, _accountId),
PrincipalAccess = new PrincipalAccess()
{
Principal = new EntityReference(SystemUser.EntityLogicalName, _userId),
AccessMask = AccessRights.ReadAccess | AccessRights.ShareAccess
}
};
// Execute the request.
ModifyAccessResponse modifyResponse =
(ModifyAccessResponse)_service.Execute(modifyRequest);
Console.Write("and Modified. ");
#endregion
#region RetrievePrincipalAccess Message
// Create the request object and set the target and principal.
RetrievePrincipalAccessRequest retrieveRequest = new RetrievePrincipalAccessRequest()
{
Target = new EntityReference(Account.EntityLogicalName, _accountId),
Principal = new EntityReference(SystemUser.EntityLogicalName, _userId)
};
// Execute the request.
RetrievePrincipalAccessResponse retrieveResponse =
(RetrievePrincipalAccessResponse)_service.Execute(retrieveRequest);
Console.Write("Retrieved principal access. ");
#endregion
#region RetrieveSharedPrincipalsAndAccess Message
// Create the request object and set the target.
RetrieveSharedPrincipalsAndAccessRequest retrieveSharedRequest =
new RetrieveSharedPrincipalsAndAccessRequest()
{
Target = new EntityReference(Account.EntityLogicalName, _accountId)
};
// Execute the request.
RetrieveSharedPrincipalsAndAccessResponse retrieveSharedResponse =
(RetrieveSharedPrincipalsAndAccessResponse)_service.Execute(retrieveSharedRequest);
Console.Write("Retrieved principals and access. ");
#endregion
#region RevokeAccess Message
// Create the request object and set the target and revokee.
RevokeAccessRequest revokeRequest = new RevokeAccessRequest()
{
Target = new EntityReference(Account.EntityLogicalName, _accountId),
Revokee = new EntityReference(SystemUser.EntityLogicalName, _userId)
};
// Execute the request.
RevokeAccessResponse revokeResponse =
(RevokeAccessResponse)_service.Execute(revokeRequest);
Console.Write("Revoked Access.");
#endregion
DeleteRequiredRecords(promptforDelete);
}
}
// Catch any service fault exceptions that Microsoft Dynamics CRM throws.
catch (FaultException <Microsoft.Xrm.Sdk.OrganizationServiceFault> )
{
// You can handle an exception here or pass it back to the calling method.
throw;
}
}
/// <summary>
/// Retrieve the access rights for the specified user against the specified object
/// </summary>
/// <param name="userId">Unique identifier of the user</param>
/// <param name="objectId">Unique identifier of the object</param>
/// <param name="entityName">Logical name of the object entity</param>
/// <returns>List of access rigths</returns>
public RetrievePrincipalAccessResponse RetrieveRights(Guid userId, Guid objectId, string entityName)
{
try
{
// Requête d'accès
var request = new RetrievePrincipalAccessRequest();
request.Principal = new EntityReference("systemuser", userId);
request.Target = new EntityReference(entityName, objectId);
return (RetrievePrincipalAccessResponse)service.Execute(request);
}
catch (Exception error)
{
throw new Exception("Error while checking rigths: " + error.Message);
}
}
/// <summary>
/// Retrives and display principal access information.
/// </summary>
/// <param name="entityReference"></param>
/// <param name="principal"></param>
/// <param name="additionalIdentifier"></param>
private void RetrieveAndDisplayPrincipalAccess(EntityReference entityReference,
EntityReference principal, String additionalIdentifier)
{
var principalAccessReq = new RetrievePrincipalAccessRequest
{
Principal = principal,
Target = entityReference
};
var principalAccessRes = (RetrievePrincipalAccessResponse)
_serviceProxy.Execute(principalAccessReq);
Console.WriteLine("Access rights of {0} ({1}) on the entity: {2}\r\n",
String.Format("{0} with GUID {1}", principal.LogicalName,
principal.Id), additionalIdentifier,
principalAccessRes.AccessRights);
}
public OrganizationResponse Execute(OrganizationRequest request, XrmFakedContext ctx)
{
RetrievePrincipalAccessRequest req = (RetrievePrincipalAccessRequest)request;
return(ctx.AccessRightsRepository.RetrievePrincipalAccess(req.Target, req.Principal));
}
