public async Task <bool> RemoveItemAsync(string role) { if (role == Globals.Role_Superuser) { throw new Error(this.__ResStr("cantRemoveSuper", "Can't remove built-in superuser role")); } if (IsPredefinedRole(role)) { throw new Error(this.__ResStr("cantRemoveUser", "The {0} role can't be removed", role)); } if (YetaWF.Core.Support.Startup.MultiInstance) { throw new InternalError("Removing roles is not possible when distributed caching is enabled"); } RoleDefinition origRole = Auditing.Active ? await GetItemAsync(role) : null; if (!await DataProvider.RemoveAsync(role)) { return(false); } GetAllUserRoles(true); await Auditing.AddAuditAsync($"{nameof(RoleDefinitionDataProvider)}.{nameof(RemoveItemAsync)}", role, Guid.Empty, "Remove Role", DataBefore : origRole, DataAfter : null, ExpensiveMultiInstance : true ); return(true); }
public async Task <UpdateStatusEnum> UpdateItemAsync(string originalRole, RoleDefinition data) { if (data.RoleId == RoleDefinitionDataProvider.SuperUserId || data.Name == Globals.Role_Superuser) { throw new Error(this.__ResStr("cantUpdateSuper", "Can't update built-in superuser role")); } if (originalRole != data.Name && IsPredefinedRole(originalRole)) { throw new Error(this.__ResStr("cantUpdateUser", "The {0} role can't be updated", originalRole)); } if (YetaWF.Core.Support.Startup.MultiInstance) { throw new InternalError("Changing roles is not possible when distributed caching is enabled"); } RoleDefinition origRole = Auditing.Active ? await GetItemAsync(originalRole) : null; UpdateStatusEnum status = await DataProvider.UpdateAsync(originalRole, data.Name, data); if (status == UpdateStatusEnum.OK) { GetAllUserRoles(true); } await Auditing.AddAuditAsync($"{nameof(RoleDefinitionDataProvider)}.{nameof(UpdateItemAsync)}", originalRole, Guid.Empty, "Update Role", DataBefore : origRole, DataAfter : data, ExpensiveMultiInstance : true ); return(status); }
public static SPPermissionsLevel ToPermissionLevel(this RoleDefinition rd) { return(new SPPermissionsLevel(rd.Id, rd.Name) { Description = rd.Description }); }
public static void AsignarPermis(ClientContext c) { try { Principal buffet = c.Web.SiteGroups.GetByName("Buffet"); RoleDefinition buffetPermiso = c.Web.RoleDefinitions.GetByName("Colaborar"); RoleDefinitionBindingCollection coleccionBPermisos = new RoleDefinitionBindingCollection(c); coleccionBPermisos.Add(buffetPermiso); RoleAssignment buffetRoleAssigment = c.Web.RoleAssignments.Add(buffet, coleccionBPermisos); Principal integrantes = c.Web.SiteGroups.GetByName("Integrantes"); RoleDefinition integrantesPermiso = c.Web.RoleDefinitions.GetByName("Leer"); RoleDefinitionBindingCollection coleccionIPermisos = new RoleDefinitionBindingCollection(c); coleccionIPermisos.Add(integrantesPermiso); RoleAssignment integrantesRoleAssigment = c.Web.RoleAssignments.Add(integrantes, coleccionIPermisos); c.ExecuteQuery(); Console.ForegroundColor = ConsoleColor.Green; Console.WriteLine("--- PERMISOS ASIGNADOS ---"); Console.ResetColor(); } catch (Exception ex) { Console.ForegroundColor = ConsoleColor.Red; Console.WriteLine("--- ERROR AL ASIGNAR PERMISOS A LOS GRUPOS ---"); Console.ResetColor(); } }
public void SetUpCustomPermissionLevels(ClientContext context, List <ShPermissionLevel> permissionLevels) { foreach (var permissionLevel in permissionLevels) { context.Load(context.Site.RootWeb.RoleDefinitions); context.ExecuteQuery(); var existingPermissionLevel = context.Site.RootWeb.RoleDefinitions.FirstOrDefault(x => x.Name.Equals(permissionLevel.Name)); if (existingPermissionLevel == null) { Log.Info("Creating permission level " + permissionLevel.Name); BasePermissions permissions = new BasePermissions(); foreach (var basePermission in permissionLevel.BasePermissions) { permissions.Set(basePermission); } RoleDefinitionCreationInformation roleDefinitionCreationInfo = new RoleDefinitionCreationInformation(); roleDefinitionCreationInfo.BasePermissions = permissions; roleDefinitionCreationInfo.Name = permissionLevel.Name; roleDefinitionCreationInfo.Description = permissionLevel.Description; RoleDefinition roleDefinition = context.Site.RootWeb.RoleDefinitions.Add(roleDefinitionCreationInfo); context.ExecuteQuery(); } } }
private RoleDefinitionBindingCollection BuildRoleDefninitionBinding(DocLibContext context, DCTRoleAssignment dctRoleAssignment, out bool ignore) { RoleDefinitionBindingCollection binding = new RoleDefinitionBindingCollection(context); int count = 0; foreach (DCTRoleDefinition dctRoleDefinition in dctRoleAssignment.RoleDefinitions) { if (dctRoleDefinition.Name == IgnoreRole) { continue; } RoleDefinition spRoleDefinition = null; if (!string.IsNullOrEmpty(dctRoleDefinition.Name)) { spRoleDefinition = context.Web.RoleDefinitions.GetByName(dctRoleDefinition.Name); } else { spRoleDefinition = context.Web.RoleDefinitions.GetById(dctRoleDefinition.ID); } context.Load(spRoleDefinition); context.ExecuteQuery(); binding.Add(spRoleDefinition); count++; } ignore = (count == 0); return(binding); }
public async Task <RoleDefinition> AddRoleDefinitionAsync(RoleDefinition roleDefinition) { // immutable properties roleDefinition.Id = null; roleDefinition.IsBuiltIn = null; roleDefinition.IsBuiltInRoleDefinition = null; // Check if role already exists (duplicate names not allowed) var existingRoleDefinitions = await GetRoleDefinitionsAsync(); if (existingRoleDefinitions.Any(rd => rd.DisplayName.Equals(roleDefinition.DisplayName))) { string oldname = roleDefinition.DisplayName; roleDefinition.DisplayName += " copy"; signalRMessage.sendMessage($"Warning {roleDefinition.ODataType} '{oldname}' already exists changing display name to '{roleDefinition.DisplayName}'"); } var resource = graphServiceClient.DeviceManagement.RoleDefinitions.Request(); signalRMessage.sendMessage($"POST: {resource.RequestUrl}"); var response = await resource.AddAsync(roleDefinition); signalRMessage.sendMessage($"Success: added {response.ODataType} '{response.DisplayName}'"); return(response); }
public async Task GivePermissions(PermissionAndRole permission) { ClientContext context = GetSharepointContext(permission.Url); List list = context.Web.Lists.GetByTitle(permission.ListName); context.Load(list); await context.ExecuteQueryAsync(); var item = list.GetItemById(permission.ItemId); context.Load(item); await context.ExecuteQueryAsync(); Principal user; if (permission.IsGroup) { user = context.Web.SiteGroups.GetById(permission.Id); } else { user = context.Web.SiteUsers.GetById(permission.Id); context.Load(user); await context.ExecuteQueryAsync(); } RoleDefinition writeDefinition = context.Web.RoleDefinitions.GetByName(permission.roleDefinitionName); RoleDefinitionBindingCollection roleDefCollection = new RoleDefinitionBindingCollection(context); roleDefCollection.Add(writeDefinition); RoleAssignment newRoleAssignment = item.RoleAssignments.Add(user, roleDefCollection); await context.ExecuteQueryAsync(); }
public async Task DeleteAsync(RoleDefinition item) { using (var connection = await CreateConnection()) { await connection.ExecuteAsync("delete from role_definitions where id = @id", new { id = item.ID }); } }
public static void AsignarPermiso(ClientContext c) { Console.ForegroundColor = ConsoleColor.Blue; Console.WriteLine("Asignando Permisos a Pedido."); List pedidos = c.Web.Lists.GetByTitle("Pedidos"); RoleDefinitionBindingCollection integrantesPedidos = new RoleDefinitionBindingCollection(c); RoleDefinition colaborarSinEliminar = c.Web.RoleDefinitions.GetByName("Colaborar sin eliminar"); Group integrantes = c.Web.SiteGroups.GetByName("Integrantes"); /////////////////////////////////////////////// integrantesPedidos.Add(colaborarSinEliminar); pedidos.BreakRoleInheritance(false, false); c.Load(pedidos.RoleAssignments.Add(integrantes, integrantesPedidos)); pedidos.Update(); c.ExecuteQuery(); Console.ForegroundColor = ConsoleColor.White; Console.WriteLine(" Asiganado"); Console.ForegroundColor = ConsoleColor.Blue; Console.WriteLine("Asignando Permisos a Pedido Detalle."); List pedidosDetalles = c.Web.Lists.GetByTitle("Pedido Detalle"); RoleDefinitionBindingCollection integrantesPedidosD = new RoleDefinitionBindingCollection(c); integrantesPedidos.Add(colaborarSinEliminar); pedidosDetalles.BreakRoleInheritance(false, false); c.Load(pedidosDetalles.RoleAssignments.Add(integrantes, integrantesPedidos)); pedidosDetalles.Update(); c.ExecuteQuery(); Console.ForegroundColor = ConsoleColor.White; Console.WriteLine(" Asiganado"); }
public async Task RemoveRoleFromUserAsync(int userId, string roleName) { int roleId; // get the role id for roleName using (RoleDefinitionDataProvider roleDP = new RoleDefinitionDataProvider()) { RoleDefinition role = await roleDP.GetItemAsync(roleName); if (role == null) { throw new InternalError("Unexpected error in AddRoleToUser - expected role {0} not found", roleName); } roleId = role.RoleId; } // remove the role from the user using (UserDefinitionDataProvider userDP = new UserDefinitionDataProvider()) { UserDefinition user = await userDP.GetItemByUserIdAsync(userId); if (user != null) { Role role = (from Role r in user.RolesList where r.RoleId == roleId select r).FirstOrDefault(); if (role != null) { user.RolesList.Remove(role); UpdateStatusEnum status = await userDP.UpdateItemAsync(user); if (status != UpdateStatusEnum.OK) { throw new InternalError("Unexpected status {0} updating user account in RemoveRoleFromUser", status); } } } } }
/// <summary> /// Method to assign permissions /// </summary> /// <param name="item">data storage object</param> /// <param name="clientContext">client context</param> /// <param name="site">site object</param> /// <param name="currentGrp">group object</param> private static void AssignPermission(DataStorage item, ClientContext clientContext, Web site, Group currentGrp) { Console.WriteLine("Assigning " + item.Permissions + " permission to group " + item.GroupName); RoleDefinitionBindingCollection grpRole = new RoleDefinitionBindingCollection(clientContext); RoleDefinition grpRoleDef = null; switch (item.Permissions.ToLower(new CultureInfo("en-US", false))) { case "contribute": grpRoleDef = site.RoleDefinitions.GetByType(RoleType.Contributor); break; case "fullcontrol": case "full control": grpRoleDef = site.RoleDefinitions.GetByType(RoleType.Administrator); break; case "read": default: grpRoleDef = site.RoleDefinitions.GetByType(RoleType.Reader); break; } grpRole.Add(grpRoleDef); site.RoleAssignments.Add(currentGrp, grpRole); clientContext.Load(currentGrp); clientContext.Load(grpRole); clientContext.ExecuteQuery(); Console.WriteLine("Successfully assigned " + item.Permissions + " to group " + item.GroupName); }
/// <summary> /// Assign Full control permission to items of specified list /// </summary> /// <param name="clientContext">Client context</param> /// <param name="list">SharePoint List object to assign full control over list-items</param> private static void AssignFullControltoListItem(ClientContext clientContext, List list) { try { CamlQuery query = new CamlQuery(); query.ViewXml = ConfigurationManager.AppSettings["ListQuery"]; ListItemCollection listItems = list.GetItems(query); clientContext.Load(listItems); clientContext.ExecuteQuery(); clientContext.Load(list, lst => lst.EntityTypeName); clientContext.ExecuteQuery(); RoleDefinition fullControl = clientContext.Web.RoleDefinitions.GetByType(RoleType.Administrator); clientContext.Load(fullControl); clientContext.ExecuteQuery(); ErrorMessage.ShowMessage(string.Format(CultureInfo.InvariantCulture, ConfigurationManager.AppSettings["ItemNotFound"], listItems.Count, list.EntityTypeName), ErrorMessage.MessageType.Notification); UpdateItems(clientContext, listItems, fullControl); } catch (Exception exception) { ErrorLogger.LogErrorToTextFile(errorFilePath, string.Concat(exception.Message, "\n", exception.StackTrace)); } }
public static void DeleteRoleDefinition(this RoleDefinitionCollection roleDefinitions, string name) { RoleDefinition roleDefinition = roleDefinitions.GetByName(name); roleDefinition.DeleteObject(); roleDefinitions.Context.ExecuteQuery(); }
public async Task <List <SelectionItem <string> > > GetUserRolesAsync(int userId) { using (UserDefinitionDataProvider userDP = new UserDefinitionDataProvider()) { List <SelectionItem <string> > list = new List <SelectionItem <string> >(); UserDefinition user = await userDP.GetItemByUserIdAsync(userId); if (user != null) { using (RoleDefinitionDataProvider roleDP = new RoleDefinitionDataProvider()) { List <RoleDefinition> allRoles = roleDP.GetAllRoles(); foreach (Role r in user.RolesList) { RoleDefinition roleDef = (from a in allRoles where a.RoleId == r.RoleId select a).FirstOrDefault(); if (roleDef != null) { list.Add(new SelectionItem <string> { Text = roleDef.Name, Tooltip = roleDef.Description, Value = roleDef.Id }); } } } } return(list); } }
public async Task <ActionResult> RolesEdit_Partial(EditModel model) { using (RoleDefinitionDataProvider dataProvider = new RoleDefinitionDataProvider()) { string originalRole = model.OriginalName; RoleDefinition role = await dataProvider.GetItemAsync(originalRole);// get the original item if (role == null) { throw new Error(this.__ResStr("alreadyDeleted", "The role named \"{0}\" has been removed and can no longer be updated.", originalRole)); } if (!ModelState.IsValid) { return(PartialView(model)); } role = model.GetData(role); // merge new data into original model.SetData(role); // and all the data back into model for final display switch (await dataProvider.UpdateItemAsync(originalRole, role)) { default: case UpdateStatusEnum.RecordDeleted: throw new Error(this.__ResStr("alreadyDeleted", "The role named \"{0}\" has been removed and can no longer be updated.", originalRole)); case UpdateStatusEnum.NewKeyExists: ModelState.AddModelError(nameof(model.Name), this.__ResStr("alreadyExists", "A role named \"{0}\" already exists.", model.Name)); return(PartialView(model)); case UpdateStatusEnum.OK: break; } return(FormProcessed(model, this.__ResStr("okSaved", "Role \"{0}\" saved", role.Name), OnPopupClose: OnPopupCloseEnum.ReloadModule)); } }
/// <summary> /// Assigns permissions to users on the specified list item. /// </summary> /// <param name="clientcontext">Client context object</param> /// <param name="listName">Site pages library</param> /// <param name="users">List of users</param> /// <param name="permission">Permission to grant</param> /// <param name="listItemId">Unique list item Id for permissions assignment</param> /// <returns>Status of permission assignment</returns> internal static string AssignUserPermissionsToItem(ClientContext clientcontext, string listName, List <string> users, string permission, int listItemId) { { string returnvalue = "false"; try { List <string> permissions = new List <string>(); permissions.Add(permission); Web web = clientcontext.Web; clientcontext.Load(web.RoleDefinitions); ListItem listItem = web.Lists.GetByTitle(listName).GetItemById(listItemId); clientcontext.Load(listItem, item => item.HasUniqueRoleAssignments); clientcontext.ExecuteQuery(); if (listItem.HasUniqueRoleAssignments) { if (null != permissions && null != users) //matter.permissions=read/limited access/contribute/ full control/ view only { foreach (string rolename in permissions) { try { RoleDefinitionCollection roleDefinitions = clientcontext.Web.RoleDefinitions; RoleDefinition role = (from roleDef in roleDefinitions where roleDef.Name == rolename select roleDef).First(); foreach (string user in users) { //get the user object Principal userprincipal = clientcontext.Web.EnsureUser(user); //create the role definition binding collection RoleDefinitionBindingCollection roledefinitionbindingcollection = new RoleDefinitionBindingCollection(clientcontext); //add the role definition to the collection roledefinitionbindingcollection.Add(role); //create a role assignment with the user and role definition listItem.RoleAssignments.Add(userprincipal, roledefinitionbindingcollection); } //execute the query to add everything clientcontext.ExecuteQuery(); } catch (Exception exception) { MatterProvisionHelperFunction.DisplayAndLogError(errorFilePath, "Message: " + exception.Message + "\nStacktrace: " + exception.StackTrace); throw; // Check } } } // success. return a success code returnvalue = "true"; } } catch (Exception exception) { MatterProvisionHelperFunction.DisplayAndLogError(errorFilePath, string.Format(CultureInfo.InvariantCulture, ConfigurationManager.AppSettings["ErrorMessage"], "assigning Permission")); MatterProvisionHelperFunction.DisplayAndLogError(errorFilePath, "Message: " + exception.Message + "\nStacktrace: " + exception.StackTrace); throw; } return(returnvalue); } }
/// <summary> /// Assigns item level permission /// </summary> /// <param name="clientContext">Client context object</param> /// <param name="listName">List name</param> /// <param name="listItemId">List item id</param> internal static void AssignItemPermission(ClientContext clientContext, string listName, int listItemId) { try { if (null != clientContext && !string.IsNullOrEmpty(listName)) { ListItem listItem = clientContext.Web.Lists.GetByTitle(listName).GetItemById(listItemId); clientContext.Load(listItem, item => item.HasUniqueRoleAssignments); clientContext.ExecuteQuery(); if (listItem.HasUniqueRoleAssignments) { SecurableObject listItemObject = listItem; ClientRuntimeContext clientRuntimeContext = clientContext; // get the user object Principal userPrincipal = clientContext.Web.AssociatedOwnerGroup; string roleName = ConfigurationManager.AppSettings["Role"]; RoleDefinition roleDefinition = clientContext.Web.RoleDefinitions.GetByName(roleName); // create the role definition binding collection RoleDefinitionBindingCollection roleDefinitionBindingCollection = new RoleDefinitionBindingCollection(clientRuntimeContext); // add the role definition to the collection roleDefinitionBindingCollection.Add(roleDefinition); // create a RoleAssigment with the user and role definition listItemObject.RoleAssignments.Add(userPrincipal, roleDefinitionBindingCollection); clientRuntimeContext.ExecuteQuery(); } } } catch (Exception exception) { ErrorLogger.DisplayErrorMessage(string.Format(CultureInfo.InvariantCulture, Constants.AssigningPermissionsExceptionMessage, Constants.SettingsPage, exception.Message)); } }
internal ProviderPermission(string applicationId, RoleDefinition roleDefinition, RoleDefinition managedByRoleDefinition, ProviderAuthorizationConsentState?providerAuthorizationConsentState) { ApplicationId = applicationId; RoleDefinition = roleDefinition; ManagedByRoleDefinition = managedByRoleDefinition; ProviderAuthorizationConsentState = providerAuthorizationConsentState; }
public static void DeleteRoleDefinition(this RoleDefinitionCollection roleDefinitions, int id) { RoleDefinition roleDefinition = roleDefinitions.GetById(id); roleDefinition.DeleteObject(); roleDefinitions.Context.ExecuteQuery(); }
public RoleDefinition GetData() { RoleDefinition data = new RoleDefinition(); ObjectSupport.CopyData(this, data); return(data); }
public RoleDefinition CreateRoleWithSectionId(RoleDefinition role, int sectionId) { var dalRole = Mapper.Map <DAL.Models.Role>(role); var newRole = DbEditorService.CreateRoleWithSectionId(dalRole, sectionId); return(Mapper.Map <UI.RoleDefinition>(newRole)); }
public UserObject(string userName, string email, string name, string notes, RoleDefinition roleDefinition) { GroupName = string.Empty; UserName = userName; Email = email; Name = name; Notes = notes; Role = roleDefinition; }
public static RoleDefinition CreateRoleDefinition(this RoleDefinitionCollection roleDefinitions, RoleDefinitionCreationInformation roleDefCreateInfo) { RoleDefinition roleDefinition = roleDefinitions.Add(roleDefCreateInfo); roleDefinitions.Context.Load(roleDefinition); roleDefinitions.Context.ExecuteQuery(); return(roleDefinition); }
public void DCMAddUserRole(int storageObjID, string userAccount, string rolename) { (storageObjID > 0).FalseThrow <ArgumentException>("ID值{0}无效,请传入大于0的值.", storageObjID); using (DocLibContext context = new DocLibContext(ServiceHelper.GetDocumentLibraryName())) { context.Load(context.Web.RoleDefinitions); context.ExecuteQuery(); RoleDefinition selectedRoleDef = null; foreach (RoleDefinition role in context.Web.RoleDefinitions) { if (role.Name == rolename) { selectedRoleDef = role; break; } } if (null == selectedRoleDef) { return; } context.Load(selectedRoleDef); ListItem listItem = GetListItemById(storageObjID, context); if (null == listItem) { return; } context.Load(listItem); context.Load(listItem.RoleAssignments); context.ExecuteQuery(); RoleAssignmentCollection roleAssignments = listItem.RoleAssignments; bool userFound = false; foreach (RoleAssignment roleAssignment in roleAssignments) { context.Load(roleAssignment.Member); context.ExecuteQuery(); if (roleAssignment.Member.LoginName != userAccount) { continue; } userFound = true; roleAssignment.RoleDefinitionBindings.Add(selectedRoleDef); roleAssignment.Update(); } if (!userFound) { RoleDefinitionBindingCollection newBinding = new RoleDefinitionBindingCollection(context); newBinding.Add(selectedRoleDef); User user = context.Web.EnsureUser(userAccount); listItem.RoleAssignments.Add(user, newBinding); listItem.Update(); } context.ExecuteQuery(); } }
public void DCMRemoveRole(string rolename) { using (DocLibContext context = new DocLibContext(ServiceHelper.GetDocumentLibraryName())) { RoleDefinition roleDefinition = context.Web.RoleDefinitions.GetByName(rolename); roleDefinition.DeleteObject(); context.ExecuteQuery(); } }
/// <summary> /// Get permissions of specified permission level /// </summary> /// <param name="clientContext">Client context</param> /// <param name="permissionLevelName">Name of permission level</param> /// <returns>RoleDefinition object that represents specified permission level</returns> private static RoleDefinition GetPermissionLevel(ClientContext clientContext, string permissionLevelName) { RoleDefinitionCollection roleDefCollection = clientContext.Web.RoleDefinitions; clientContext.Load(roleDefCollection, item => item); clientContext.ExecuteQuery(); RoleDefinition matterCenterContribute = roleDefCollection.Where(item => item.Name == permissionLevelName).FirstOrDefault(); return(matterCenterContribute); }
public string[] ParseBindings(RoleDefinitionBindingCollection bindingCol) { string[] strPerms = new string[bindingCol.Count]; for (int i = 0; i < bindingCol.Count; i++) { RoleDefinition bind = bindingCol[i]; strPerms[i] = bind.Name; } return(strPerms); }
/// <summary> /// Ensures the role assignment. /// </summary> /// <param name="serverPrincipal">The server principal.</param> /// <param name="storageAccountSubscriptionId">The storage account subscription identifier.</param> /// <param name="storageAccountResourceId">The storage account resource identifier.</param> /// <returns>RoleAssignment.</returns> public RoleAssignment EnsureRoleAssignment(MicrosoftGraphServicePrincipal serverPrincipal, string storageAccountSubscriptionId, string storageAccountResourceId) { string currentSubscriptionId = AuthorizationManagementClient.SubscriptionId; bool hasMismatchSubscription = currentSubscriptionId != storageAccountSubscriptionId; try { if (hasMismatchSubscription) { AuthorizationManagementClient.SubscriptionId = storageAccountSubscriptionId; } var resourceIdentifier = new ResourceIdentifier(storageAccountResourceId); string roleDefinitionScope = "/"; RoleDefinition roleDefinition = AuthorizationManagementClient.RoleDefinitions.Get(roleDefinitionScope, BuiltInRoleDefinitionId); var serverPrincipalId = serverPrincipal.Id.ToString(); var roleAssignments = AuthorizationManagementClient.RoleAssignments .ListForResource( resourceIdentifier.ResourceGroupName, ResourceIdentifier.GetProviderFromResourceType(resourceIdentifier.ResourceType), resourceIdentifier.ParentResource ?? "/", ResourceIdentifier.GetTypeFromResourceType(resourceIdentifier.ResourceType), resourceIdentifier.ResourceName, odataQuery: new ODataQuery <RoleAssignmentFilter>(f => f.AssignedTo(serverPrincipalId))); var roleAssignmentScope = storageAccountResourceId; Guid roleAssignmentId = StorageSyncResourceManager.GetGuid(); RoleAssignment roleAssignment = roleAssignments.FirstOrDefault(); if (roleAssignment == null) { VerboseLogger.Invoke(StorageSyncResources.CreateRoleAssignmentMessage); var createParameters = new RoleAssignmentCreateParameters { Properties = new RoleAssignmentProperties { PrincipalId = serverPrincipalId, RoleDefinitionId = AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromSubscriptionAndIdAsGuid(resourceIdentifier.Subscription, BuiltInRoleDefinitionId) } }; roleAssignment = AuthorizationManagementClient.RoleAssignments.Create(roleAssignmentScope, roleAssignmentId.ToString(), createParameters); StorageSyncResourceManager.Wait(); } return(roleAssignment); } finally { if (hasMismatchSubscription) { AuthorizationManagementClient.SubscriptionId = currentSubscriptionId; } } }
private static void AddPermissionLevelImplementation(this Web web, Principal principal, RoleType permissionLevel, bool removeExistingPermissionLevels = false) { if (principal != null) { bool processed = false; RoleAssignmentCollection rac = web.RoleAssignments; web.Context.Load(rac); web.Context.ExecuteQuery(); //Find the roles assigned to the principal foreach (RoleAssignment ra in rac) { // correct role assignment found if (ra.PrincipalId == principal.Id) { // load the role definitions for this role assignment RoleDefinitionBindingCollection rdc = ra.RoleDefinitionBindings; web.Context.Load(rdc); web.Context.Load(web.RoleDefinitions); web.Context.ExecuteQuery(); // Load the role definition to add (e.g. contribute) RoleDefinition roleDefinition = web.RoleDefinitions.GetByType(permissionLevel); if (removeExistingPermissionLevels) { // Remove current role definitions by removing all current role definitions rdc.RemoveAll(); } // Add the selected role definition rdc.Add(roleDefinition); //update ra.ImportRoleDefinitionBindings(rdc); ra.Update(); web.Context.ExecuteQuery(); // Leave the for each loop processed = true; break; } } // For a principal without role definitions set we follow a different code path if (!processed) { RoleDefinitionBindingCollection rdc = new RoleDefinitionBindingCollection(web.Context); RoleDefinition roleDefinition = web.RoleDefinitions.GetByType(permissionLevel); rdc.Add(roleDefinition); web.RoleAssignments.Add(principal, rdc); web.Context.ExecuteQuery(); } } }
static List<RoleDefinition> GetRoleDefinitions(List<AppGroupAssignmentEntity> appGroupAssignments, string action) { List<RoleDefinition> roleDefinitions = new List<RoleDefinition>(); foreach (AppGroupAssignmentEntity assignment in appGroupAssignments) { RoleDefinition roleDefinition = new RoleDefinition(); roleDefinition.Id = assignment.RowKey; // groupObejectId -> role id roleDefinition.Name = assignment.GroupName; roleDefinition.Scopes = new List<string>(); roleDefinition.Scopes.Add("/"); Permission permission = new Permission(); permission.Actions = new List<string>(); permission.Actions.Add("/" + assignment.PartitionKey + "/" + action); // "/appId/action" roleDefinition.Permissions.Add(permission); roleDefinitions.Add(roleDefinition); } return roleDefinitions; }
public SPDGClientRoleDefinition(RoleDefinition roleDefinition) { _roleDefinition = roleDefinition; }
private static void AddPermissionLevelImplementation(this SecurableObject securableObject, Principal principal, RoleDefinition roleDefinition, bool removeExistingPermissionLevels = false) { if (principal != null) { bool processed = false; RoleAssignmentCollection rac = securableObject.RoleAssignments; securableObject.Context.Load(rac); securableObject.Context.ExecuteQueryRetry(); //Find the roles assigned to the principal foreach (RoleAssignment ra in rac) { // correct role assignment found if (ra.PrincipalId == principal.Id) { // load the role definitions for this role assignment RoleDefinitionBindingCollection rdc = ra.RoleDefinitionBindings; securableObject.Context.Load(rdc); securableObject.Context.ExecuteQueryRetry(); // Load the role definition to add (e.g. contribute) if (removeExistingPermissionLevels) { // Remove current role definitions by removing all current role definitions rdc.RemoveAll(); } // Add the selected role definition rdc.Add(roleDefinition); //update ra.ImportRoleDefinitionBindings(rdc); ra.Update(); securableObject.Context.ExecuteQueryRetry(); // Leave the for each loop processed = true; break; } } // For a principal without role definitions set we follow a different code path if (!processed) { RoleDefinitionBindingCollection rdc = new RoleDefinitionBindingCollection(securableObject.Context); rdc.Add(roleDefinition); securableObject.RoleAssignments.Add(principal, rdc); securableObject.Context.ExecuteQueryRetry(); } } }
private static void RemovePermissionLevelImplementation(this SecurableObject securableObject, Principal principal, RoleDefinition roleDefinition, bool removeAllPermissionLevels = false) { if (principal != null) { RoleAssignmentCollection rac = securableObject.RoleAssignments; securableObject.Context.Load(rac); securableObject.Context.ExecuteQueryRetry(); //Find the roles assigned to the principal foreach (RoleAssignment ra in rac) { // correct role assignment found if (ra.PrincipalId == principal.Id) { // load the role definitions for this role assignment RoleDefinitionBindingCollection rdc = ra.RoleDefinitionBindings; securableObject.Context.Load(rdc); securableObject.Context.ExecuteQueryRetry(); if (removeAllPermissionLevels) { // Remove current role definitions by removing all current role definitions rdc.RemoveAll(); } else { // Load the role definition to remove (e.g. contribute) rdc.Remove(roleDefinition); } //update ra.ImportRoleDefinitionBindings(rdc); ra.Update(); securableObject.Context.ExecuteQueryRetry(); // Leave the for each loop break; } } } }
private void GiveRightsToGroup(Group group, RoleDefinition role, string listtitle, int listitemid, bool removeVisitors) { List listOwners = _ctx.Web.Lists.GetByTitle(listtitle); ListItem li = listOwners.GetItemById(listitemid); li.BreakRoleInheritance(true, true); IEnumerable<RoleAssignment> assignments = _ctx.LoadQuery(li.RoleAssignments.Include(ra => ra.Member, ra => ra.RoleDefinitionBindings.Include(rd => rd.Name))); _ctx.ExecuteQuery(); if (removeVisitors) { RoleAssignment raBesokare = null; foreach (var assign in assignments) { string loginname = assign.Member.LoginName.ToLower(); if (loginname == "besökare på borlänge") { raBesokare = assign; } } if (raBesokare != null) { raBesokare.DeleteObject(); } } try { _ctx.Load(role); RoleDefinitionBindingCollection rdb = new RoleDefinitionBindingCollection(_ctx); rdb.Add(role); li.RoleAssignments.Add(group, rdb); li.Update(); } catch (Exception ex) { MessageBox.Show(ex.Message); } }
/// <summary> /// Add a SharePoint group into list /// </summary> /// <param name="groupName">Group name</param> /// <param name="clientContext">Client context</param> /// <param name="list">List to which group added</param> /// <param name="matterCenterContribute">RoleDefinition/PermissionLevel that assigned to group</param> private static void AddGroupToList(string groupName, ClientContext clientContext, List list, RoleDefinition matterCenterContribute) { Group matterCenterGroup = clientContext.Web.SiteGroups.GetByName(groupName); clientContext.Load(matterCenterGroup); clientContext.ExecuteQuery(); Principal MCGroup = matterCenterGroup; RoleDefinitionBindingCollection grpRole = new RoleDefinitionBindingCollection(clientContext); grpRole.Add(matterCenterContribute); list.RoleAssignments.Add(MCGroup, grpRole); list.Update(); clientContext.ExecuteQuery(); }
public SecurityRoleReverseHost(ClientContext clientContext, RoleDefinition group) : base(clientContext) { HostRole = group; }
/// <summary> /// Assign existing permission level to group /// </summary> /// <param name="clientContext">Client context</param> /// <param name="matterCenterContribute">Role to assign a group</param> /// <param name="group">RoleAssignment to which permission added</param> private static void AssignPermissionLevelToGroup(ClientContext clientContext, RoleDefinition matterCenterContribute, RoleAssignment group) { clientContext.Load(group.RoleDefinitionBindings, item => item.Include(items => items.Name, items => items.BasePermissions)); clientContext.ExecuteQuery(); RoleDefinitionBindingCollection rolesAssignedToGroup = group.RoleDefinitionBindings; clientContext.Load(rolesAssignedToGroup, role => role.Include(item => item.Name, item => item.BasePermissions)); clientContext.ExecuteQuery(); RoleDefinition roleDefinition = rolesAssignedToGroup.Select(item => item).Where(item => item.Name == matterCenterContribute.Name).FirstOrDefault(); if (null == roleDefinition) { group.RoleDefinitionBindings.Add(matterCenterContribute); group.Update(); clientContext.ExecuteQuery(); ErrorMessage.ShowMessage(string.Format(CultureInfo.InvariantCulture, ConfigurationManager.AppSettings["PermissionAssign"], matterCenterContribute.Name, group.Member.Title), ErrorMessage.MessageType.Notification); } }
/// <summary> /// Method to update items /// </summary> /// <param name="clientContext">client context</param> /// <param name="listItems">list item collection</param> /// <param name="fullControl">role definition</param> private static void UpdateItems(ClientContext clientContext, ListItemCollection listItems, RoleDefinition fullControl) { foreach (ListItem item in listItems) // For each list item { User itemOwner = GetAuthor(clientContext, item); // 2. break permissions for list item item.BreakRoleInheritance(false, true); // 3. Assign full control to user on list item Principal user = itemOwner; RoleDefinitionBindingCollection roleDefinitionBinding = new RoleDefinitionBindingCollection(clientContext); roleDefinitionBinding.Add(fullControl); item.RoleAssignments.Add(user, roleDefinitionBinding); item.Update(); clientContext.ExecuteQuery(); ErrorMessage.ShowMessage(string.Format(CultureInfo.InvariantCulture, ConfigurationManager.AppSettings["PermissionUpdate"]), ErrorMessage.MessageType.Notification); } }
public RoleDefinitionToken(Web web, RoleDefinition definition) : base(web, string.Format("{{roledefinition:{0}}}", definition.RoleTypeKind.ToString())) { name = definition.EnsureProperty(r => r.Name); }
private static void AddPermissionLevelImplementation(this SecurableObject securableObject, Principal principal, RoleDefinition roleDefinition, bool removeExistingPermissionLevels = false) { if (principal == null) { return; } var roleAssignments = securableObject.RoleAssignments; securableObject.Context.Load(roleAssignments); securableObject.Context.ExecuteQueryRetry(); var roleAssignment = roleAssignments.FirstOrDefault(ra => ra.PrincipalId.Equals(principal.Id)); //current principal doesn't have any roles assigned for this securableObject if (roleAssignment == null) { var rdc = new RoleDefinitionBindingCollection(securableObject.Context); rdc.Add(roleDefinition); securableObject.RoleAssignments.Add(principal, rdc); securableObject.Context.ExecuteQueryRetry(); } else //current principal has roles assigned for this securableObject, then add new role definition for the role assignment { var roleDefinitionBindings = roleAssignment.RoleDefinitionBindings; securableObject.Context.Load(roleDefinitionBindings); securableObject.Context.ExecuteQueryRetry(); // Load the role definition to add (e.g. contribute) if (removeExistingPermissionLevels) { // Remove current role definitions by removing all current role definitions roleDefinitionBindings.RemoveAll(); } // Add the selected role definition if (!roleDefinitionBindings.Any(r => r.Name.Equals(roleDefinition.EnsureProperty(rd => rd.Name)))) { roleDefinitionBindings.Add(roleDefinition); //update roleAssignment.ImportRoleDefinitionBindings(roleDefinitionBindings); roleAssignment.Update(); securableObject.Context.ExecuteQueryRetry(); } } }
private static void RemovePermissionLevelImplementation(this SecurableObject securableObject, Principal principal, RoleDefinition roleDefinition, bool removeAllPermissionLevels = false) { if (principal == null) { return; } var roleAssignments = securableObject.RoleAssignments; securableObject.Context.Load(roleAssignments); securableObject.Context.ExecuteQueryRetry(); var roleAssignment = roleAssignments.FirstOrDefault(ra => ra.PrincipalId.Equals(principal.Id)); if (roleAssignment != null) { // load the role definitions for this role assignment var rdc = roleAssignment.RoleDefinitionBindings; securableObject.Context.Load(rdc); securableObject.Context.ExecuteQueryRetry(); if (removeAllPermissionLevels) { // Remove current role definitions by removing all current role definitions rdc.RemoveAll(); } else { // Load the role definition to remove (e.g. contribute) rdc.Remove(roleDefinition); } //update roleAssignment.ImportRoleDefinitionBindings(rdc); roleAssignment.Update(); securableObject.Context.ExecuteQueryRetry(); } }