// Token: 0x06000E4F RID: 3663 RVA: 0x00056108 File Offset: 0x00054308
private void ApplyPolicyToFolder(SharingPolicy policy, FolderData folderData)
{
StoreObjectType objectType = ObjectClass.GetObjectType(folderData.Folder.ClassName);
List <PermissionSecurityPrincipal> list = new List <PermissionSecurityPrincipal>();
PermissionSet permissionSet = folderData.Folder.GetPermissionSet();
foreach (Permission permission in permissionSet)
{
if (permission.Principal.Type == PermissionSecurityPrincipal.SecurityPrincipalType.ExternalUserPrincipal)
{
SharingPolicyAction sharingPolicyAction = (SharingPolicyAction)0;
if (policy != null)
{
sharingPolicyAction = (permission.Principal.ExternalUser.IsReachUser ? policy.GetAllowedForAnonymousCalendarSharing() : policy.GetAllowed(permission.Principal.ExternalUser.SmtpAddress.Domain));
}
MemberRights memberRights = MemberRights.None;
if (sharingPolicyAction != (SharingPolicyAction)0)
{
memberRights = PolicyAllowedMemberRights.GetAllowed(sharingPolicyAction, objectType);
}
if (memberRights == MemberRights.None)
{
list.Add(permission.Principal);
}
else
{
MemberRights memberRights2 = ~memberRights & permission.MemberRights;
if (memberRights2 != MemberRights.None)
{
if (objectType == StoreObjectType.CalendarFolder)
{
if ((permission.MemberRights & MemberRights.ReadAny) != MemberRights.None)
{
permission.MemberRights |= MemberRights.FreeBusyDetailed;
}
if ((permission.MemberRights & MemberRights.FreeBusyDetailed) != MemberRights.None)
{
permission.MemberRights |= MemberRights.FreeBusySimple;
}
}
permission.MemberRights = (memberRights & permission.MemberRights);
folderData.IsChanged = true;
}
}
}
}
if (list.Count > 0)
{
foreach (PermissionSecurityPrincipal securityPrincipal in list)
{
permissionSet.RemoveEntry(securityPrincipal);
}
folderData.IsChanged = true;
}
}
private void EnforceSharingPolicy(MailboxSession mailboxSession, ICollection <MapiAclTableRestriction.ExternalUserPermission> externalUserPermissions)
{
Util.ThrowOnNullArgument(mailboxSession, "mailboxSession");
if (externalUserPermissions == null || externalUserPermissions.Count == 0)
{
return;
}
List <RightsNotAllowedRecipient> list = new List <RightsNotAllowedRecipient>(externalUserPermissions.Count);
SharingPolicy sharingPolicy = null;
foreach (MapiAclTableRestriction.ExternalUserPermission externalUserPermission in externalUserPermissions)
{
if (sharingPolicy == null)
{
IMailboxInfo mailboxInfo = mailboxSession.MailboxOwner.MailboxInfo;
sharingPolicy = DirectoryHelper.ReadSharingPolicy(mailboxInfo.MailboxGuid, mailboxInfo.IsArchive, mailboxSession.GetADRecipientSession(true, ConsistencyMode.IgnoreInvalid));
if (sharingPolicy == null)
{
ExTraceGlobals.StorageTracer.TraceDebug <IExchangePrincipal>((long)this.GetHashCode(), "{0}: No policy assigned means no external sharing is allowed for this user.", mailboxSession.MailboxOwner);
throw new NotAllowedExternalSharingByPolicyException();
}
}
if (!sharingPolicy.Enabled)
{
ExTraceGlobals.StorageTracer.TraceDebug <IExchangePrincipal>((long)this.GetHashCode(), "{0}: A disabled policy means no external sharing is allowed for this user.", mailboxSession.MailboxOwner);
throw new NotAllowedExternalSharingByPolicyException();
}
SharingPolicyAction sharingPolicyAction = externalUserPermission.Principal.ExternalUser.IsReachUser ? sharingPolicy.GetAllowedForAnonymousCalendarSharing() : sharingPolicy.GetAllowed(externalUserPermission.Principal.ExternalUser.SmtpAddress.Domain);
if (sharingPolicyAction == (SharingPolicyAction)0)
{
ExTraceGlobals.StorageTracer.TraceDebug <IExchangePrincipal, PermissionSecurityPrincipal>((long)this.GetHashCode(), "{0}: Policy does not allow granting permissions to {1}.", mailboxSession.MailboxOwner, externalUserPermission.Principal);
throw new PrincipalNotAllowedByPolicyException(externalUserPermission.Principal);
}
MemberRights allowed = PolicyAllowedMemberRights.GetAllowed(sharingPolicyAction, this.FolderInfo.StoreObjectType);
MemberRights memberRights = ~allowed & externalUserPermission.MemberRights;
if (memberRights != MemberRights.None)
{
ExTraceGlobals.StorageTracer.TraceDebug((long)this.GetHashCode(), "{0}: Policy does not allow granting permission {1} to {2} on {3} folder '{4}'.", new object[]
{
mailboxSession.MailboxOwner,
memberRights,
externalUserPermission.Principal,
this.FolderInfo.StoreObjectType,
this.FolderInfo.DisplayName
});
list.Add(new RightsNotAllowedRecipient(externalUserPermission.Principal, memberRights));
}
}
if (list.Count > 0)
{
throw new RightsNotAllowedByPolicyException(list.ToArray(), this.FolderInfo.StoreObjectType, this.FolderInfo.DisplayName);
}
}
