コード例 #1
0
ファイル: ADSession.cs プロジェクト: YHZX2013/exchange_diff
 public static bool TryVerifyIsWithinScopes(ADRawEntry obj, ADScope readScope, IList <ADScopeCollection> writeScopes, ADScopeCollection exclusiveScopes, bool emptyObjectSessionOnException, out ADScopeException exception)
 {
     return(ADSession.TryVerifyIsWithinScopes(obj, readScope, writeScopes, exclusiveScopes, null, emptyObjectSessionOnException, out exception));
 }
コード例 #2
0
        bool IDirectorySession.TryVerifyIsWithinScopes(ADObject entry, bool isModification, out ADScopeException exception)
        {
            TSession session = this.GetSession();

            return(session.TryVerifyIsWithinScopes(entry, isModification, out exception));
        }
コード例 #3
0
ファイル: ADSession.cs プロジェクト: YHZX2013/exchange_diff
        internal static bool TryVerifyIsWithinScopes(ADRawEntry obj, ADScope readScope, IList <ADScopeCollection> writeScopes, ADScopeCollection exclusiveScopes, IList <ValidationRule> validationRules, bool emptyObjectSessionOnException, ConfigScopes sessionScopeHint, out ADScopeException exception)
        {
            if (readScope == null)
            {
                throw new ArgumentNullException("readScope");
            }
            if (writeScopes == null)
            {
                throw new ArgumentNullException("writeScopes");
            }
            exception = null;
            bool flag;

            if (!ADSession.IsWithinScope(obj, readScope, out flag))
            {
                if (!flag || sessionScopeHint != ConfigScopes.RootOrg || ADSession.IsTenantIdentity(obj.Id, obj.Id.GetPartitionId().ForestFQDN))
                {
                    if (obj is ADObject && emptyObjectSessionOnException)
                    {
                        ((ADObject)obj).m_Session = null;
                    }
                    exception = new ADScopeException(DirectoryStrings.ErrorNotInReadScope(obj.Id.ToString()));
                    return(false);
                }
                ExTraceGlobals.ScopeVerificationTracer.TraceDebug <ADObjectId>(0L, "ADSession::TryVerifyIsWithinScopes Allowing unfilterable object '{0}' in RootOrg-scoped session to bypass filter verification", obj.Id);
            }
            bool flag2 = false;

            if (exclusiveScopes != null)
            {
                foreach (ADScope scope in exclusiveScopes)
                {
                    if (ADSession.IsWithinScope(obj, scope))
                    {
                        flag2 = true;
                        break;
                    }
                }
            }
            foreach (ADScopeCollection adscopeCollection in writeScopes)
            {
                bool flag3 = false;
                foreach (ADScope adscope in adscopeCollection)
                {
                    bool flag4 = false;
                    bool flag5 = false;
                    bool flag6 = false;
                    if (adscope is RbacScope)
                    {
                        RbacScope rbacScope = (RbacScope)adscope;
                        flag4 = rbacScope.Exclusive;
                        flag5 = rbacScope.IsFromEndUserRole;
                        flag6 = (rbacScope.ScopeType == ScopeType.Self);
                    }
                    if (!flag2 && flag4)
                    {
                        ExTraceGlobals.ScopeVerificationTracer.TraceDebug(0L, "ADSession::TryVerifyIsWithinScopes Ignoring scope ScopeRoot '{0}', ScopeFilter '{1}', IsWithinExclusiveScope '{2}', IsExclusive '{3}'", new object[]
                        {
                            (adscope.Root == null) ? "<null>" : adscope.Root.ToDNString(),
                            (adscope.Filter == null) ? "<null>" : adscope.Filter.ToString(),
                            flag2,
                            flag4
                        });
                    }
                    else
                    {
                        ADScope adscope2 = adscope;
                        if (flag2 && !flag4)
                        {
                            if (!flag5)
                            {
                                ExTraceGlobals.ScopeVerificationTracer.TraceDebug(0L, "ADSession::TryVerifyIsWithinScopes Ignoring scope ScopeRoot '{0}', ScopeFilter '{1}', IsWithinExclusiveScope '{2}', IsExclusive '{3}'", new object[]
                                {
                                    (adscope2.Root == null) ? "<null>" : adscope2.Root.ToDNString(),
                                    (adscope2.Filter == null) ? "<null>" : adscope2.Filter.ToString(),
                                    flag2,
                                    flag4
                                });
                                continue;
                            }
                            if (!flag6)
                            {
                                if (((RbacScope)adscope2).SelfFilter == null)
                                {
                                    exception = new ADScopeException(DirectoryStrings.ExArgumentNullException("RbacScope.SelfFilter"));
                                    return(false);
                                }
                                adscope2 = new RbacScope(ScopeType.Self)
                                {
                                    Root   = ((RbacScope)adscope2).SelfRoot,
                                    Filter = ((RbacScope)adscope2).SelfFilter
                                };
                            }
                        }
                        if (ADSession.IsWithinScope(obj, adscope2))
                        {
                            flag3 = true;
                            break;
                        }
                    }
                }
                if (!flag3)
                {
                    if (obj is ADObject && emptyObjectSessionOnException)
                    {
                        ((ADObject)obj).m_Session = null;
                    }
                    exception = new ADScopeException(DirectoryStrings.ErrorNoWriteScope(obj.Id.ToString()));
                    return(false);
                }
            }
            if (validationRules != null)
            {
                RuleValidationException ex = null;
                foreach (ValidationRule validationRule in validationRules)
                {
                    if (!validationRule.TryValidate(obj, out ex))
                    {
                        exception = ex;
                        return(false);
                    }
                }
            }
            return(true);
        }