internal static void CheckBypassRulePermission(TfsTeamProjectCollection tfs)
{
// Verify whether the user is in the service account group. Throw an exception if it is not.
IGroupSecurityService gss = (IGroupSecurityService)tfs.GetService(typeof(IGroupSecurityService));
Identity serviceAccountIdentity = gss.ReadIdentity(SearchFactor.ServiceApplicationGroup, null, QueryMembership.None);
TeamFoundationIdentity authenticatedUser;
tfs.GetAuthenticatedIdentity(out authenticatedUser);
if (null == authenticatedUser)
{
return;
}
Identity authenticatedUserId = gss.Convert(authenticatedUser);
if (!gss.IsMember(serviceAccountIdentity.Sid, authenticatedUserId.Sid))
{
throw new PermissionException(
string.Format(TfsWITAdapterResources.UserNotInServiceAccountGroup, authenticatedUser.DisplayName, tfs.Uri.ToString()),
authenticatedUserId.AccountName, authenticatedUserId.Domain, serviceAccountIdentity.DisplayName);
}
TraceManager.TraceInformation("BypassRulePermission verified for user '{0}'", authenticatedUser.DisplayName);
}
