/// <summary> /// Run the extraction algorithm for a specific user /// </summary> /// <param name="ims">Identity management service</param> /// <param name="userName">user name</param> /// <param name="options">command line parameters</param> /// <param name="fileName">File name</param> /// <param name="tfs">team project collection</param> /// <returns>true if successful</returns> private static bool ExtractPermissionForUserName(IIdentityManagementService ims, string userName, Options options, string fileName, TfsTeamProjectCollection tfs) { TeamFoundationIdentity userIdentity = ims.ReadIdentity( IdentitySearchFactor.AccountName, userName, MembershipQuery.None, ReadIdentityOptions.IncludeReadFromSource); if (userIdentity == null) { Console.WriteLine("User {0} can't connect to the Collection {1}. Please verifiy!", userName, options.Collection); Console.ReadLine(); return(false); } // get workItem store var workItemStore = tfs.GetService <WorkItemStore>(); ////Initiate Report // Initiate a new object of Permission Report var permissionsReport = new PermissionsReport { Date = DateTime.Now, TfsCollectionUrl = options.Collection, UserName = userName, TeamProjects = new List <TfsTeamProject>() }; try { // retrieve list of Team Projects in the given collection ProjectCollection workItemsProjects = workItemStore.Projects; foreach (Project teamProject in workItemsProjects) { if (options.Projects != null) { if (!options.Projects.Contains(teamProject.Name)) { Console.WriteLine(" ...skipping Team Project: {0}", teamProject.Name); continue; } } // Create project security token string projectSecurityToken = "$PROJECT:" + teamProject.Uri.AbsoluteUri; // Project Permissions var server = tfs.GetService <ISecurityService>(); var vcs = tfs.GetService <VersionControlServer>(); TeamFoundation.Git.Client.GitRepositoryService gitRepostoryService = tfs.GetService <TeamFoundation.Git.Client.GitRepositoryService>(); Console.WriteLine("==== Extracting Permissions for {0} Team Project ====", teamProject.Name); List <string> groups = GetUserGroups(tfs, teamProject.Uri.AbsoluteUri, userIdentity); List <Permission> projectLevelPermissions = ExtractGenericSecurityNamespacePermissions(server, PermissionScope.TeamProject, userIdentity, projectSecurityToken, ims, groups); // Version Control Permissions List <Permission> versionControlPermissions = ExtractVersionControlPermissions(server, groups, userIdentity, teamProject.Name, ims, vcs); List <GitPermission> gitVersionControlPermissions = ExtractGitVersionControlPermissions(server, groups, userIdentity, teamProject.Name, ims, vcs, gitRepostoryService); // Build Permissions List <Permission> buildPermissions = ExtractBuildPermissions(server, projectSecurityToken, userIdentity); // WorkItems Area Permissions List <AreaPermission> areasPermissions = ExtractAreasPermissions(server, teamProject, userIdentity, ims, groups); // WorkItems Iteration Permissions List <IterationPermission> iterationPermissions = ExtractIterationPermissions(server, teamProject, userIdentity, ims, groups); // Workspace Permissions // var workspacePermission = ExtractGenericSecurityNamespacePermissions(server, PermissionScope.Workspaces, userIdentity, projectSecurityToken, ims, groups); // Set TFS report Data // Create Team Project node in XML file var tfsTeamProject = new TfsTeamProject { Name = teamProject.Name, AreaPermissions = areasPermissions, BuildPermissions = buildPermissions, IterationPermissions = iterationPermissions, ProjectLevelPermissions = new ProjectLevelPermissions { ProjectLevelPermissionsList = projectLevelPermissions }, GitVersionControlPermissions = new GitVersionControlPermissions { VersionControlPermissionsList = gitVersionControlPermissions }, VersionControlPermissions = new VersionControlPermissions { VersionControlPermissionsList = versionControlPermissions } }; tfsTeamProject.VersionControlPermissions.VersionControlPermissionsList.AddRange(versionControlPermissions); permissionsReport.TeamProjects.Add(tfsTeamProject); } // Generate output file FileInfo fi = new FileInfo(fileName); if (!Directory.Exists(fi.DirectoryName)) { Console.Write("Creating Output Directory {0}", fi.DirectoryName); Directory.CreateDirectory(fi.DirectoryName); } var fs = new FileStream(fileName, FileMode.Create); var streamWriter = new StreamWriter(fs, Encoding.UTF8); using (streamWriter) { var xmlSerializer = new XmlSerializer(typeof(PermissionsReport)); xmlSerializer.Serialize(streamWriter, permissionsReport); streamWriter.Flush(); } if (options.Html) { var tranformationFileName = Path.Combine(Path.GetDirectoryName(fileName), "ALMRanger.xsl"); File.WriteAllText(tranformationFileName, Resources.ALMRangers_SampleXslt); var htmlOuput = Path.ChangeExtension(fileName, ".html"); var logoFile = Path.Combine(Path.GetDirectoryName(fileName), "ALMRangers_Logo.png"); Resources.ALMRangers_Logo.Save(logoFile); XmlTransformationManager.TransformXmlUsingXsl(fileName, tranformationFileName, htmlOuput); } return(true); } catch (TeamFoundationServiceException ex) { Console.WriteLine(ex.Message); return(false); } }
/// <summary> /// Sample method on how to extracts the git version control permissions. /// </summary> /// <param name="server">The server.</param> /// <param name="groups">The groups.</param> /// <param name="userIdentity">The user identity.</param> /// <param name="projectSecurityToken">The project security token.</param> /// <param name="identityManagementService">The identityManagementService.</param> /// <param name="vcs">The VCS.</param> /// <param name="gitService">The git service.</param> /// <returns>List of Permissions</returns> private static List <Permission> ExtractGitVersionControlPermissions(ISecurityService server, IEnumerable <string> groups, TeamFoundationIdentity userIdentity, string projectSecurityToken, IIdentityManagementService identityManagementService, VersionControlServer vcs, TeamFoundation.Git.Client.GitRepositoryService gitService) { Console.WriteLine("== Extract Git Version Control Permissions =="); SecurityNamespace gitVersionControlSecurityNamespace = server.GetSecurityNamespace(Helpers.GetSecurityNamespaceId(PermissionScope.GitSourceControl, server)); var gitProjectRepoService = gitService.QueryRepositories(projectSecurityToken); // This sample handle only the default repository, you can iterate through all repositories same way var defaultGitRepo = gitProjectRepoService.SingleOrDefault(gr => gr.Name.Equals(projectSecurityToken)); vcs.TryGetTeamProject(projectSecurityToken); if (defaultGitRepo == null) { return(new List <Permission>()); } // Repository Security Token is repoV2/TeamProjectId/RepositoryId var repoIdToken = string.Format("repoV2{0}{1}{2}{3}", gitVersionControlSecurityNamespace.Description.SeparatorValue, defaultGitRepo.ProjectReference.Id, gitVersionControlSecurityNamespace.Description.SeparatorValue, defaultGitRepo.Id); // vcs.GetTeamProject(projectSecurityToken); AccessControlList versionControlAccessList = gitVersionControlSecurityNamespace.QueryAccessControlList( repoIdToken, new List <IdentityDescriptor> { userIdentity.Descriptor }, true); var gitVersionControlPermissions = new List <Permission>(); foreach (AccessControlEntry ace in versionControlAccessList.AccessControlEntries) { if (0 != ace.Allow) { var allowedVersionControlPermissions = ((EnumrationsList.GitPermissions)ace.Allow).ToString(); gitVersionControlPermissions.AddRange( Helpers.GetActionDetailsByName(allowedVersionControlPermissions, "Allow", PermissionScope.GitSourceControl)); } if (0 != ace.Deny) { var denyVersionControlPermissions = ((EnumrationsList.GitPermissions)ace.Deny).ToString(); gitVersionControlPermissions.AddRange( Helpers.GetActionDetailsByName(denyVersionControlPermissions, "Deny", PermissionScope.GitSourceControl)); } } if (gitVersionControlPermissions.Count == 0) { foreach (AccessControlEntry ace in versionControlAccessList.AccessControlEntries) { if (0 != ace.ExtendedInfo.EffectiveAllow) { var allowedVersionControlPermissions = ((EnumrationsList.GitPermissions)ace.ExtendedInfo.EffectiveAllow).ToString(); gitVersionControlPermissions.AddRange( Helpers.GetActionDetailsByName(allowedVersionControlPermissions, "Allow", PermissionScope.GitSourceControl)); } if (0 != ace.ExtendedInfo.EffectiveDeny) { var denyVersionControlPermissions = ((EnumrationsList.GitPermissions)ace.ExtendedInfo.EffectiveDeny).ToString(); gitVersionControlPermissions.AddRange( Helpers.GetActionDetailsByName(denyVersionControlPermissions, "Deny", PermissionScope.GitSourceControl)); } } } foreach (string group in groups) { TeamFoundationIdentity groupIdentity = identityManagementService.ReadIdentity(IdentitySearchFactor.Identifier, group, MembershipQuery.None, ReadIdentityOptions.IncludeReadFromSource); AccessControlList groupAccessList = gitVersionControlSecurityNamespace.QueryAccessControlList( repoIdToken, new List <IdentityDescriptor> { groupIdentity.Descriptor }, true); foreach (AccessControlEntry ace in groupAccessList.AccessControlEntries) { if (0 != ace.Allow) { var allowedPermissions = ((EnumrationsList.GitPermissions)ace.Allow).ToString(); var permissionsList = Helpers.GetActionDetailsByName(allowedPermissions, "Inherited Allow", PermissionScope.GitSourceControl); Helpers.AppendGroupInheritanceInformation(permissionsList, groupIdentity.DisplayName); gitVersionControlPermissions.AddRange(permissionsList); } if (0 != ace.Deny) { var denyPermissions = ((EnumrationsList.GitPermissions)ace.Deny).ToString(); var permissionsList = Helpers.GetActionDetailsByName(denyPermissions, "Inherited Deny", PermissionScope.GitSourceControl); Helpers.AppendGroupInheritanceInformation(permissionsList, groupIdentity.DisplayName); gitVersionControlPermissions.AddRange(permissionsList); } } } var modifiedPermissions = Helpers.RemoveDuplicatePermissionsAndCombineGroups(gitVersionControlPermissions); return(modifiedPermissions); }