public static bool TryVerifyIsWithinScopes(ADRawEntry obj, ADScope readScope, IList <ADScopeCollection> writeScopes, ADScopeCollection exclusiveScopes, bool emptyObjectSessionOnException, out ADScopeException exception)
{
return(ADSession.TryVerifyIsWithinScopes(obj, readScope, writeScopes, exclusiveScopes, null, emptyObjectSessionOnException, out exception));
}
bool IDirectorySession.TryVerifyIsWithinScopes(ADObject entry, bool isModification, out ADScopeException exception)
{
TSession session = this.GetSession();
return(session.TryVerifyIsWithinScopes(entry, isModification, out exception));
}
internal static bool TryVerifyIsWithinScopes(ADRawEntry obj, ADScope readScope, IList <ADScopeCollection> writeScopes, ADScopeCollection exclusiveScopes, IList <ValidationRule> validationRules, bool emptyObjectSessionOnException, ConfigScopes sessionScopeHint, out ADScopeException exception)
{
if (readScope == null)
{
throw new ArgumentNullException("readScope");
}
if (writeScopes == null)
{
throw new ArgumentNullException("writeScopes");
}
exception = null;
bool flag;
if (!ADSession.IsWithinScope(obj, readScope, out flag))
{
if (!flag || sessionScopeHint != ConfigScopes.RootOrg || ADSession.IsTenantIdentity(obj.Id, obj.Id.GetPartitionId().ForestFQDN))
{
if (obj is ADObject && emptyObjectSessionOnException)
{
((ADObject)obj).m_Session = null;
}
exception = new ADScopeException(DirectoryStrings.ErrorNotInReadScope(obj.Id.ToString()));
return(false);
}
ExTraceGlobals.ScopeVerificationTracer.TraceDebug <ADObjectId>(0L, "ADSession::TryVerifyIsWithinScopes Allowing unfilterable object '{0}' in RootOrg-scoped session to bypass filter verification", obj.Id);
}
bool flag2 = false;
if (exclusiveScopes != null)
{
foreach (ADScope scope in exclusiveScopes)
{
if (ADSession.IsWithinScope(obj, scope))
{
flag2 = true;
break;
}
}
}
foreach (ADScopeCollection adscopeCollection in writeScopes)
{
bool flag3 = false;
foreach (ADScope adscope in adscopeCollection)
{
bool flag4 = false;
bool flag5 = false;
bool flag6 = false;
if (adscope is RbacScope)
{
RbacScope rbacScope = (RbacScope)adscope;
flag4 = rbacScope.Exclusive;
flag5 = rbacScope.IsFromEndUserRole;
flag6 = (rbacScope.ScopeType == ScopeType.Self);
}
if (!flag2 && flag4)
{
ExTraceGlobals.ScopeVerificationTracer.TraceDebug(0L, "ADSession::TryVerifyIsWithinScopes Ignoring scope ScopeRoot '{0}', ScopeFilter '{1}', IsWithinExclusiveScope '{2}', IsExclusive '{3}'", new object[]
{
(adscope.Root == null) ? "<null>" : adscope.Root.ToDNString(),
(adscope.Filter == null) ? "<null>" : adscope.Filter.ToString(),
flag2,
flag4
});
}
else
{
ADScope adscope2 = adscope;
if (flag2 && !flag4)
{
if (!flag5)
{
ExTraceGlobals.ScopeVerificationTracer.TraceDebug(0L, "ADSession::TryVerifyIsWithinScopes Ignoring scope ScopeRoot '{0}', ScopeFilter '{1}', IsWithinExclusiveScope '{2}', IsExclusive '{3}'", new object[]
{
(adscope2.Root == null) ? "<null>" : adscope2.Root.ToDNString(),
(adscope2.Filter == null) ? "<null>" : adscope2.Filter.ToString(),
flag2,
flag4
});
continue;
}
if (!flag6)
{
if (((RbacScope)adscope2).SelfFilter == null)
{
exception = new ADScopeException(DirectoryStrings.ExArgumentNullException("RbacScope.SelfFilter"));
return(false);
}
adscope2 = new RbacScope(ScopeType.Self)
{
Root = ((RbacScope)adscope2).SelfRoot,
Filter = ((RbacScope)adscope2).SelfFilter
};
}
}
if (ADSession.IsWithinScope(obj, adscope2))
{
flag3 = true;
break;
}
}
}
if (!flag3)
{
if (obj is ADObject && emptyObjectSessionOnException)
{
((ADObject)obj).m_Session = null;
}
exception = new ADScopeException(DirectoryStrings.ErrorNoWriteScope(obj.Id.ToString()));
return(false);
}
}
if (validationRules != null)
{
RuleValidationException ex = null;
foreach (ValidationRule validationRule in validationRules)
{
if (!validationRule.TryValidate(obj, out ex))
{
exception = ex;
return(false);
}
}
}
return(true);
}