protected void CreateDCSafeRoleIfNeeded(ExchangeRole cannedRole, RoleDefinition roleDefinition)
{
if (this.settings.Organization != null || !Datacenter.IsMicrosoftHostedOnly(false))
{
return;
}
if (!roleDefinition.ContainsProhibitedActions(InstallCannedRbacRoles.DCProhibitedActions))
{
return;
}
ExchangeRole exchangeRole = roleDefinition.GenerateRole(null, cannedRole.Id, null, null);
exchangeRole.Name = RoleDefinition.GetDCSafeNameForRole(cannedRole.Name);
exchangeRole.RoleEntries = new MultiValuedProperty <RoleEntry>(roleDefinition.GetRoleEntriesFilteringProhibitedActions(null, InstallCannedRbacRoles.DCProhibitedActions));
exchangeRole.OrganizationId = this.settings.OrganizationId;
if (exchangeRole.RoleEntries.Count != 0)
{
this.SaveRoleAndWarnOnFailure(exchangeRole);
}
}
protected void FindAndUpdateDerivedRoles(ExchangeRole updatedParentRole, RoleEntry[] oldParentRoleEntries, RoleDefinition roleDefinition, ref int recursionCount)
{
ExTraceGlobals.AccessCheckTracer.TraceFunction(20005L, "-->FindAndUpdateDerivedRoles: updatedParentRole.Name = {0}, updatedParentRole.RoleEntries.Count = {1}, oldParentRoleEntries.Length = {2}, recursionCount = {3}", new object[]
{
updatedParentRole.Name,
updatedParentRole.RoleEntries.Count,
oldParentRoleEntries.Length,
recursionCount
});
if (++recursionCount >= 1000)
{
return;
}
bool flag = false;
bool flag2 = this.settings.Organization == null && (Datacenter.IsMicrosoftHostedOnly(false) || Datacenter.IsDatacenterDedicated(false)) && roleDefinition.ContainsProhibitedActions(InstallCannedRbacRoles.DCProhibitedActions);
ADPagedReader <ExchangeRole> adpagedReader = this.settings.ConfigurationSession.FindPaged <ExchangeRole>(updatedParentRole.Id, QueryScope.OneLevel, null, null, 0);
foreach (ExchangeRole exchangeRole in adpagedReader)
{
this.settings.LogReadObject(exchangeRole);
RoleEntry[] array = this.PrepareRoleForUpgradeAndGetOldSortedEntries(exchangeRole, false);
List <RoleEntry> value;
if (1 == recursionCount && flag2 && exchangeRole.Name.Equals(RoleDefinition.GetDCSafeNameForRole(updatedParentRole.Name), StringComparison.OrdinalIgnoreCase))
{
value = roleDefinition.GetRoleEntriesFilteringProhibitedActions(null, InstallCannedRbacRoles.DCProhibitedActions);
flag = true;
}
else
{
value = this.GetListOfRoleEntriesForChildRole(oldParentRoleEntries, array, updatedParentRole.RoleEntries.ToArray(), exchangeRole.IsChanged(ADObjectSchema.ExchangeVersion));
}
exchangeRole.RoleEntries = new MultiValuedProperty <RoleEntry>(value);
this.FindAndUpdateDerivedRoles(exchangeRole, array, roleDefinition, ref recursionCount);
this.SaveDerivedRoleAndWarnOnValidationErrors(exchangeRole);
ExTraceGlobals.AccessCheckTracer.TraceFunction <string, int>(20005L, "----FindAndUpdateDerivedRoles: role.Name = {0}, role.RoleEntries.Count = {1}", exchangeRole.Name, exchangeRole.RoleEntries.Count);
}
if (1 == recursionCount && !flag)
{
this.CreateDCSafeRoleIfNeeded(updatedParentRole, roleDefinition);
}
recursionCount--;
ExTraceGlobals.AccessCheckTracer.TraceFunction <int>(20005L, "<--FindAndUpdateDerivedRoles: recursionCount = {0}", recursionCount);
}