/// <summary>
/// Run the extraction algorithm for a specific user
/// </summary>
/// <param name="ims">Identity management service</param>
/// <param name="userName">user name</param>
/// <param name="options">command line parameters</param>
/// <param name="fileName">File name</param>
/// <param name="tfs">team project collection</param>
/// <returns>true if successful</returns>
private static bool ExtractPermissionForUserName(IIdentityManagementService ims, string userName, Options options, string fileName, TfsTeamProjectCollection tfs)
{
TeamFoundationIdentity userIdentity = ims.ReadIdentity(
IdentitySearchFactor.AccountName,
userName,
MembershipQuery.None,
ReadIdentityOptions.IncludeReadFromSource);
if (userIdentity == null)
{
Console.WriteLine("User {0} can't connect to the Collection {1}. Please verifiy!", userName, options.Collection);
Console.ReadLine();
return(false);
}
// get workItem store
var workItemStore = tfs.GetService <WorkItemStore>();
////Initiate Report
// Initiate a new object of Permission Report
var permissionsReport = new PermissionsReport
{
Date = DateTime.Now,
TfsCollectionUrl = options.Collection,
UserName = userName,
TeamProjects = new List <TfsTeamProject>()
};
try
{
// retrieve list of Team Projects in the given collection
ProjectCollection workItemsProjects = workItemStore.Projects;
foreach (Project teamProject in workItemsProjects)
{
if (options.Projects != null)
{
if (!options.Projects.Contains(teamProject.Name))
{
Console.WriteLine(" ...skipping Team Project: {0}", teamProject.Name);
continue;
}
}
// Create project security token
string projectSecurityToken = "$PROJECT:" + teamProject.Uri.AbsoluteUri;
// Project Permissions
var server = tfs.GetService <ISecurityService>();
var vcs = tfs.GetService <VersionControlServer>();
TeamFoundation.Git.Client.GitRepositoryService gitRepostoryService = tfs.GetService <TeamFoundation.Git.Client.GitRepositoryService>();
Console.WriteLine("==== Extracting Permissions for {0} Team Project ====", teamProject.Name);
List <string> groups = GetUserGroups(tfs, teamProject.Uri.AbsoluteUri, userIdentity);
List <Permission> projectLevelPermissions = ExtractGenericSecurityNamespacePermissions(server, PermissionScope.TeamProject, userIdentity, projectSecurityToken, ims, groups);
// Version Control Permissions
List <Permission> versionControlPermissions = ExtractVersionControlPermissions(server, groups, userIdentity, teamProject.Name, ims, vcs);
List <GitPermission> gitVersionControlPermissions = ExtractGitVersionControlPermissions(server, groups, userIdentity, teamProject.Name, ims, vcs, gitRepostoryService);
// Build Permissions
List <Permission> buildPermissions = ExtractBuildPermissions(server, projectSecurityToken, userIdentity);
// WorkItems Area Permissions
List <AreaPermission> areasPermissions = ExtractAreasPermissions(server, teamProject, userIdentity, ims, groups);
// WorkItems Iteration Permissions
List <IterationPermission> iterationPermissions = ExtractIterationPermissions(server, teamProject, userIdentity, ims, groups);
// Workspace Permissions
// var workspacePermission = ExtractGenericSecurityNamespacePermissions(server, PermissionScope.Workspaces, userIdentity, projectSecurityToken, ims, groups);
// Set TFS report Data
// Create Team Project node in XML file
var tfsTeamProject = new TfsTeamProject
{
Name = teamProject.Name,
AreaPermissions = areasPermissions,
BuildPermissions = buildPermissions,
IterationPermissions = iterationPermissions,
ProjectLevelPermissions =
new ProjectLevelPermissions
{
ProjectLevelPermissionsList
=
projectLevelPermissions
},
GitVersionControlPermissions = new GitVersionControlPermissions
{
VersionControlPermissionsList = gitVersionControlPermissions
},
VersionControlPermissions = new VersionControlPermissions
{
VersionControlPermissionsList = versionControlPermissions
}
};
tfsTeamProject.VersionControlPermissions.VersionControlPermissionsList.AddRange(versionControlPermissions);
permissionsReport.TeamProjects.Add(tfsTeamProject);
}
// Generate output file
FileInfo fi = new FileInfo(fileName);
if (!Directory.Exists(fi.DirectoryName))
{
Console.Write("Creating Output Directory {0}", fi.DirectoryName);
Directory.CreateDirectory(fi.DirectoryName);
}
var fs = new FileStream(fileName, FileMode.Create);
var streamWriter = new StreamWriter(fs, Encoding.UTF8);
using (streamWriter)
{
var xmlSerializer = new XmlSerializer(typeof(PermissionsReport));
xmlSerializer.Serialize(streamWriter, permissionsReport);
streamWriter.Flush();
}
if (options.Html)
{
var tranformationFileName = Path.Combine(Path.GetDirectoryName(fileName), "ALMRanger.xsl");
File.WriteAllText(tranformationFileName, Resources.ALMRangers_SampleXslt);
var htmlOuput = Path.ChangeExtension(fileName, ".html");
var logoFile = Path.Combine(Path.GetDirectoryName(fileName), "ALMRangers_Logo.png");
Resources.ALMRangers_Logo.Save(logoFile);
XmlTransformationManager.TransformXmlUsingXsl(fileName, tranformationFileName, htmlOuput);
}
return(true);
}
catch (TeamFoundationServiceException ex)
{
Console.WriteLine(ex.Message);
return(false);
}
}
/// <summary>
/// Sample method on how to extracts the git version control permissions.
/// </summary>
/// <param name="server">The server.</param>
/// <param name="groups">The groups.</param>
/// <param name="userIdentity">The user identity.</param>
/// <param name="projectSecurityToken">The project security token.</param>
/// <param name="identityManagementService">The identityManagementService.</param>
/// <param name="vcs">The VCS.</param>
/// <param name="gitService">The git service.</param>
/// <returns>List of Permissions</returns>
private static List <Permission> ExtractGitVersionControlPermissions(ISecurityService server, IEnumerable <string> groups, TeamFoundationIdentity userIdentity, string projectSecurityToken, IIdentityManagementService identityManagementService, VersionControlServer vcs, TeamFoundation.Git.Client.GitRepositoryService gitService)
{
Console.WriteLine("== Extract Git Version Control Permissions ==");
SecurityNamespace gitVersionControlSecurityNamespace = server.GetSecurityNamespace(Helpers.GetSecurityNamespaceId(PermissionScope.GitSourceControl, server));
var gitProjectRepoService = gitService.QueryRepositories(projectSecurityToken);
// This sample handle only the default repository, you can iterate through all repositories same way
var defaultGitRepo = gitProjectRepoService.SingleOrDefault(gr => gr.Name.Equals(projectSecurityToken));
vcs.TryGetTeamProject(projectSecurityToken);
if (defaultGitRepo == null)
{
return(new List <Permission>());
}
// Repository Security Token is repoV2/TeamProjectId/RepositoryId
var repoIdToken = string.Format("repoV2{0}{1}{2}{3}", gitVersionControlSecurityNamespace.Description.SeparatorValue, defaultGitRepo.ProjectReference.Id, gitVersionControlSecurityNamespace.Description.SeparatorValue, defaultGitRepo.Id);
// vcs.GetTeamProject(projectSecurityToken);
AccessControlList versionControlAccessList =
gitVersionControlSecurityNamespace.QueryAccessControlList(
repoIdToken,
new List <IdentityDescriptor> {
userIdentity.Descriptor
},
true);
var gitVersionControlPermissions = new List <Permission>();
foreach (AccessControlEntry ace in versionControlAccessList.AccessControlEntries)
{
if (0 != ace.Allow)
{
var allowedVersionControlPermissions = ((EnumrationsList.GitPermissions)ace.Allow).ToString();
gitVersionControlPermissions.AddRange(
Helpers.GetActionDetailsByName(allowedVersionControlPermissions, "Allow", PermissionScope.GitSourceControl));
}
if (0 != ace.Deny)
{
var denyVersionControlPermissions = ((EnumrationsList.GitPermissions)ace.Deny).ToString();
gitVersionControlPermissions.AddRange(
Helpers.GetActionDetailsByName(denyVersionControlPermissions, "Deny", PermissionScope.GitSourceControl));
}
}
if (gitVersionControlPermissions.Count == 0)
{
foreach (AccessControlEntry ace in versionControlAccessList.AccessControlEntries)
{
if (0 != ace.ExtendedInfo.EffectiveAllow)
{
var allowedVersionControlPermissions = ((EnumrationsList.GitPermissions)ace.ExtendedInfo.EffectiveAllow).ToString();
gitVersionControlPermissions.AddRange(
Helpers.GetActionDetailsByName(allowedVersionControlPermissions, "Allow", PermissionScope.GitSourceControl));
}
if (0 != ace.ExtendedInfo.EffectiveDeny)
{
var denyVersionControlPermissions = ((EnumrationsList.GitPermissions)ace.ExtendedInfo.EffectiveDeny).ToString();
gitVersionControlPermissions.AddRange(
Helpers.GetActionDetailsByName(denyVersionControlPermissions, "Deny", PermissionScope.GitSourceControl));
}
}
}
foreach (string group in groups)
{
TeamFoundationIdentity groupIdentity = identityManagementService.ReadIdentity(IdentitySearchFactor.Identifier, group, MembershipQuery.None, ReadIdentityOptions.IncludeReadFromSource);
AccessControlList groupAccessList =
gitVersionControlSecurityNamespace.QueryAccessControlList(
repoIdToken,
new List <IdentityDescriptor> {
groupIdentity.Descriptor
},
true);
foreach (AccessControlEntry ace in groupAccessList.AccessControlEntries)
{
if (0 != ace.Allow)
{
var allowedPermissions = ((EnumrationsList.GitPermissions)ace.Allow).ToString();
var permissionsList = Helpers.GetActionDetailsByName(allowedPermissions, "Inherited Allow", PermissionScope.GitSourceControl);
Helpers.AppendGroupInheritanceInformation(permissionsList, groupIdentity.DisplayName);
gitVersionControlPermissions.AddRange(permissionsList);
}
if (0 != ace.Deny)
{
var denyPermissions = ((EnumrationsList.GitPermissions)ace.Deny).ToString();
var permissionsList = Helpers.GetActionDetailsByName(denyPermissions, "Inherited Deny", PermissionScope.GitSourceControl);
Helpers.AppendGroupInheritanceInformation(permissionsList, groupIdentity.DisplayName);
gitVersionControlPermissions.AddRange(permissionsList);
}
}
}
var modifiedPermissions = Helpers.RemoveDuplicatePermissionsAndCombineGroups(gitVersionControlPermissions);
return(modifiedPermissions);
}
