private TeamFoundationIdentity ResolveIdentityInternal( string id, MembershipQuery queryMembership, ReadIdentityOptions readIdentityOptions, IdentitySearchFactor searchFactor) { id = id.Trim(); try { TeamFoundationIdentity resolvedId = m_identityManagement.ReadIdentity(searchFactor, id, queryMembership, readIdentityOptions); if (null == resolvedId) { resolvedId = ADSearchAssistResolveIdentityInternal(id, queryMembership, readIdentityOptions); } return(resolvedId); } catch (System.NotSupportedException notSupportedEx) { if (notSupportedEx.Message.Contains(searchFactor.ToString()) && searchFactor == IdentitySearchFactor.DisplayName) { return(ADSearchAssistResolveIdentityInternal(id, queryMembership, readIdentityOptions)); } else { throw; } } }
private void PerformSearch() { this.TextBoxSearch.Foreground = Brushes.Black; if (!string.IsNullOrWhiteSpace(this.TextBoxSearch.Text)) { ITeamFoundationContext context = this.ParentSection.GetContext(); IIdentityManagementService ims = context.TeamProjectCollection.GetService <IIdentityManagementService>(); // First try search by AccountName TeamFoundationIdentity userIdentity = ims.ReadIdentity(IdentitySearchFactor.AccountName, this.TextBoxSearch.Text, MembershipQuery.None, ReadIdentityOptions.ExtendedProperties); if (userIdentity == null) { // Next we try search by DisplayName userIdentity = ims.ReadIdentity(IdentitySearchFactor.DisplayName, this.TextBoxSearch.Text, MembershipQuery.None, ReadIdentityOptions.ExtendedProperties); if (userIdentity == null) { this.TextBoxSearch.Foreground = Brushes.DarkRed; return; } } this.ParentSection.UserAccountName = this.TextBoxSearch.Text; this.ParentSection.UserDisplayName = userIdentity.DisplayName; } else { this.ParentSection.UserAccountName = "@Me"; this.ParentSection.UserDisplayName = string.Empty; } this.ParentSection.Refresh(); }
/// <summary> /// Retrieve the target identity for a given source descriptor /// </summary> /// <param name="sourceIdentityDescriptor">Source identity Descriptor</param> /// <returns>Target Identity</returns> private TeamFoundationIdentity GetTargetIdentity(IdentityDescriptor sourceIdentityDescriptor) { var sourceIdentity = sourceIdentityManagementService.ReadIdentity( sourceIdentityDescriptor, MembershipQuery.Direct, ReadIdentityOptions.ExtendedProperties); string sourceIdentityMail = sourceIdentity.GetProperty("Mail") as string; // Try refresh the Identity if we are missing the Mail property if (string.IsNullOrEmpty(sourceIdentityMail)) { sourceIdentity = sourceIdentityManagementService.ReadIdentity( sourceIdentityDescriptor, MembershipQuery.Direct, ReadIdentityOptions.ExtendedProperties); sourceIdentityMail = sourceIdentity.GetProperty("Mail") as string; } if (!string.IsNullOrEmpty(sourceIdentityMail)) { // translate source assignedto name to target identity var targetIdentity = targetIdentityManagementService.ReadIdentity( IdentitySearchFactor.MailAddress, sourceIdentityMail, MembershipQuery.Direct, ReadIdentityOptions.None); if (targetIdentity == null) { targetIdentity = targetIdentityManagementService.ReadIdentity( IdentitySearchFactor.AccountName, sourceIdentityMail, MembershipQuery.Direct, ReadIdentityOptions.None); } if (targetIdentity == null) { Trace.Write($"Cannot find tester with e-mail [{sourceIdentityMail}] in target system. Cannot assign.", "TestPlansAndSuites"); return(null); } return(targetIdentity); } else { Trace.Write($"No e-mail address known in source system for [{sourceIdentity.DisplayName}]. Cannot translate to target.", "TestPlansAndSuites"); return(null); } }
string GetUserEmail(string userid, string backupName) { if (!_emaillookup.ContainsKey(userid)) { var member = _managementService.ReadIdentity(IdentitySearchFactor.AccountName, userid, MembershipQuery.Direct, ReadIdentityOptions.ExtendedProperties); string email; if (member == null) { email = backupName.ToLower().Replace(' ', '.') + "@unit4.com"; } else { email = member.GetProperty("Mail").ToString().ToLower(); } if (string.IsNullOrEmpty(email)) { email = "*****@*****.**"; } if (email.Contains(".old")) { email = email.Replace(".old", ""); } _emaillookup[userid] = email; } return(_emaillookup[userid]); }
/// <summary> /// Gets the list of project users in a TFS project /// </summary> /// <param name="projectCollection">TFS PROJECT COLLECTION</param> /// <param name="projectName">TFS PROJECT NAME</param> /// <returns></returns> public static List <TeamFoundationIdentity> ListContributors(TfsTeamProjectCollection tfsTeamProjectCollection, string projectName) { List <TeamFoundationIdentity> tfsUsers = new List <TeamFoundationIdentity>(); IIdentityManagementService ims = (IIdentityManagementService)tfsTeamProjectCollection.GetService(typeof(IIdentityManagementService)); // get the tfs project ReadOnlyCollection <CatalogNode> projectNodes = tfsTeamProjectCollection.CatalogNode.QueryChildren(new[] { CatalogResourceTypes.TeamProject }, false, CatalogQueryOptions.None); CatalogNode projectCatalogNode = projectNodes.FirstOrDefault(c => c.Resource.DisplayName == projectName); if (projectCatalogNode != null && ims != null) { TeamFoundationIdentity[] groups = ims.ListApplicationGroups(projectName, ReadIdentityOptions.None); foreach (TeamFoundationIdentity group in groups) { TeamFoundationIdentity sids = ims.ReadIdentity(IdentitySearchFactor.DisplayName, group.DisplayName, MembershipQuery.Expanded, ReadIdentityOptions.IncludeReadFromSource); if (sids != null) { tfsUsers.AddRange(ims.ReadIdentities(sids.Members, MembershipQuery.Expanded, ReadIdentityOptions.None)); } } } //Remove any duplicates (by user-id) return(tfsUsers.GroupBy(u => u.UniqueName).Select(u => u.First()).ToList()); }
public static string GetOwnerAlias(this WorkItem request) { var identity = _identityManagementService.ReadIdentity(IdentitySearchFactor.DisplayName, request.Fields["Created By"].Value.ToString(), MembershipQuery.None, ReadIdentityOptions.None); return(identity.UniqueName); }
static void Main(string[] args) { TfsConfigurationServer tcs = new TfsConfigurationServer(new Uri("http://server:8080/tfs")); IIdentityManagementService ims = tcs.GetService <IIdentityManagementService>(); TeamFoundationIdentity tfi = ims.ReadIdentity(IdentitySearchFactor.AccountName, "Project Collection Valid Users", MembershipQuery.Expanded, ReadIdentityOptions.None); TeamFoundationIdentity[] ids = ims.ReadIdentities(tfi.Members, MembershipQuery.None, ReadIdentityOptions.None); using (StreamWriter file = new StreamWriter("userlist.txt")) foreach (TeamFoundationIdentity id in ids) { if (id.Descriptor.IdentityType == "System.Security.Principal.WindowsIdentity") { Console.WriteLine(id.DisplayName); } //{ Console.WriteLine(id.UniqueName); } file.WriteLine("[{0}]", id.DisplayName); } var count = ids.Count(x => ids.Contains(x)); Console.WriteLine(count); Console.ReadLine(); }
public static IEnumerable <TeamFoundationIdentity> ReadTFSUsers(TfsTeamProjectCollection tfsTeamProjectCollection, ILogger logger) { try { logger.Information("Querying Team Foundation Identities from TFS."); IIdentityManagementService identityService = tfsTeamProjectCollection.GetService <IIdentityManagementService>(); TeamFoundationIdentity teamFoundationIdentity = identityService.ReadIdentity(IdentitySearchFactor.AccountName, "Project Collection Valid Users", MembershipQuery.Expanded, ReadIdentityOptions.ExtendedProperties); TeamFoundationIdentity[][] teamFoundationIdentities = identityService .ReadIdentities( IdentitySearchFactor.Identifier, teamFoundationIdentity .Members .Select(id => id.Identifier) .ToArray(), MembershipQuery.None, ReadIdentityOptions.ExtendedProperties); return(teamFoundationIdentities .SelectMany(tfi => tfi) .Where(tfi => !tfi.IsContainer)); } catch (Exception e) { logger.Error(e.Message); return(null); } }
/// <summary> /// Extracts the generic security namespace permissions. /// </summary> /// <param name="server">The server.</param> /// <param name="permissionScope">The permission scope.</param> /// <param name="userIdentity">The user identity.</param> /// <param name="securityToken">The security token.</param> /// <param name="identityManagementService">The identityManagementService.</param> /// <param name="groups">The groups.</param> /// <returns>List of Permissions</returns> private static List <Permission> ExtractGenericSecurityNamespacePermissions(ISecurityService server, PermissionScope permissionScope, TeamFoundationIdentity userIdentity, string securityToken, IIdentityManagementService identityManagementService, IEnumerable <string> groups) { SecurityNamespace genericSecurityNamespace = server.GetSecurityNamespace(Helpers.GetSecurityNamespaceId(permissionScope, server)); AccessControlList userAccessList = genericSecurityNamespace.QueryAccessControlList( securityToken, new List <IdentityDescriptor> { userIdentity.Descriptor }, true); var result = new List <Permission>(); result.AddRange(Helpers.AccessControlEntryToPermission(genericSecurityNamespace, userAccessList.AccessControlEntries, false, string.Empty)); // handle group inheritance foreach (string group in groups) { TeamFoundationIdentity groupIdentity = identityManagementService.ReadIdentity(IdentitySearchFactor.Identifier, group, MembershipQuery.None, ReadIdentityOptions.IncludeReadFromSource); AccessControlList groupAccessList = genericSecurityNamespace.QueryAccessControlList( securityToken, new List <IdentityDescriptor> { groupIdentity.Descriptor }, true); result.AddRange(Helpers.AccessControlEntryToPermission(genericSecurityNamespace, groupAccessList.AccessControlEntries, true, groupIdentity.DisplayName)); } var modifiedPermissions = Helpers.RemoveDuplicatePermissionsAndCombineGroups(result); return(modifiedPermissions); }
private static TeamFoundationIdentity GetAllValidUsers(IIdentityManagementService ims) { var validUsersGroupMembers = ims.ReadIdentity(GroupWellKnownDescriptors.EveryoneGroup, MembershipQuery.Direct, ReadIdentityOptions.None); return(validUsersGroupMembers); }
public static TfsTeamProjectCollection CreateImpersonatedCollection(Uri collectionToUse, string userToImpersonate) { NetworkCredential defaultNetworkCredentials = CredentialCache.DefaultNetworkCredentials; TfsTeamProjectCollection tfsTeamProjectCollection = new TfsTeamProjectCollection(collectionToUse, defaultNetworkCredentials); IIdentityManagementService service = tfsTeamProjectCollection.GetService <IIdentityManagementService>(); TeamFoundationIdentity teamFoundationIdentity = service.ReadIdentity(IdentitySearchFactor.AccountName, userToImpersonate, MembershipQuery.None, ReadIdentityOptions.None); return(new TfsTeamProjectCollection(collectionToUse, new TfsClientCredentials(), teamFoundationIdentity.Descriptor)); }
public TeamFoundationIdentity GetIdentity(IdentityDescriptor identity) { var tfsIdentity = _identityService.ReadIdentity(identity, MembershipQuery.Direct, ReadIdentityOptions.None); if (tfsIdentity != null) { return(tfsIdentity); } var adIdentity = _identityService.ReadIdentity(identity, MembershipQuery.Direct, ReadIdentityOptions.IncludeReadFromSource); if (adIdentity != null) { return(adIdentity); } throw new Exception($"Identity not found: {identity}"); }
/// <summary> /// Returns whether the user identity of the given account name or display name exists or not /// </summary> /// <param name="userDisplayNameOrAccount">The given account name or display name</param> /// <returns>True if the given user account or display name exists. False otherwise</returns> private bool UserIdentityExists(string userDisplayNameOrAccount) { ITeamFoundationContext context = this.ParentSection.Context; IIdentityManagementService ims = context.TeamProjectCollection.GetService <IIdentityManagementService>(); // First try search by AccountName TeamFoundationIdentity userIdentity = ims.ReadIdentity(IdentitySearchFactor.AccountName, userDisplayNameOrAccount, MembershipQuery.None, ReadIdentityOptions.ExtendedProperties); if (userIdentity == null) { // Next we try search by DisplayName userIdentity = ims.ReadIdentity(IdentitySearchFactor.DisplayName, userDisplayNameOrAccount, MembershipQuery.None, ReadIdentityOptions.ExtendedProperties); if (userIdentity == null) { return(false); } } return(true); }
public TestPlanMigration(TfsTeamProjectCollection sourceTfs, TfsTeamProjectCollection destinationTfs, string sourceProject, string destinationProject, Hashtable workItemMap, ProgressBar progressBar) { this.sourceproj = GetProject(sourceTfs, sourceProject); this.destinationproj = GetProject(destinationTfs, destinationProject); this.workItemMap = workItemMap; this.progressBar = progressBar; projectName = sourceProject; store = (WorkItemStore)destinationTfs.GetService(typeof(WorkItemStore)); workItemTypes = store.Projects[destinationProject].WorkItemTypes; ims = (IIdentityManagementService)sourceTfs.GetService(typeof(IIdentityManagementService)); UserID = ims.ReadIdentity(IdentitySearchFactor.MailAddress, "*****@*****.**", MembershipQuery.Direct, ReadIdentityOptions.None); }
public static bool AddAADGroupToTPCustomGroup(string teamProject, string tpCustomGroupName, string aadGroupName, string organizationUrl) { VssCredentials creds = new VssClientCredentials(); creds.Storage = new VssClientCredentialStorage(); var tpc = new TfsTeamProjectCollection(new Uri(organizationUrl), creds); tpc.Connect(Microsoft.TeamFoundation.Framework.Common.ConnectOptions.IncludeServices); IIdentityManagementService ims = tpc.GetService <IIdentityManagementService>(); string tpCustomGroupNameFull = "[" + teamProject + "]" + "\\" + tpCustomGroupName; string aadGroupNameFull = "[TEAM FOUNDATION]" + "\\" + aadGroupName; //for AAD Groups try { var tfsGroupIdentity = ims.ReadIdentity(IdentitySearchFactor.AccountName, tpCustomGroupNameFull, MembershipQuery.None, ReadIdentityOptions.IncludeReadFromSource); var aadGroupIdentity = ims.ReadIdentity(IdentitySearchFactor.AccountName, aadGroupNameFull, MembershipQuery.None, ReadIdentityOptions.IncludeReadFromSource); ims.AddMemberToApplicationGroup(tfsGroupIdentity.Descriptor, aadGroupIdentity.Descriptor); Console.WriteLine("Group added: " + aadGroupName + " to " + tpCustomGroupName); return(true); } catch (Exception ex) { Console.WriteLine("Group cannot be added: " + aadGroupName + ", " + tpCustomGroupName); return(false); } }
private static void PerformUserAction(ApplicationTask task, IIdentityManagementService ims, string userName, Action <TeamFoundationIdentity> action) { // Look up the user by account name. var userIdentity = ims.ReadIdentity(IdentitySearchFactor.AccountName, userName, MembershipQuery.None, ReadIdentityOptions.IncludeReadFromSource); if (userIdentity == null) { task.SetWarning("The requested user was not found: \"{0}\". Please make sure to use the account name, not the display name (which can be ambiguous).".FormatCurrent(userName)); } else { action(userIdentity); } }
/// <summary> /// Checks if a group exists and returns the descriptor. /// If the group does not exist, it is created (if the createIfNew flag is set to true). /// </summary> /// <param name="scope">Scope Id to limit the search area - default (empty string) is collection level.</param> /// <param name="groupName">Name of the group. Also used as group description for create.</param> /// <param name="createIfNew">Set to true for create. Default is false.</param> /// <returns>The IdentityDescriptor of the group. Returns null in case of any errors.</returns> private IdentityDescriptor CheckIfGroupExists(string scope, string groupName, bool createIfNew) { TeamFoundationIdentity tfi = null; try { // Find the group using Account Name tfi = idMgmtSvc.ReadIdentity(IdentitySearchFactor.AccountName, groupName, MembershipQuery.Direct, ReadIdentityOptions.None); if (tfi == null && createIfNew) { FileHelper.Log("Creating new group..." + groupName); // SCOPE: If a Team Project is found, add the group in that TP. // If not, add the group at collection level. // string scopeId = (teamProjectIdentity == null) ? string.Empty : teamProjectIdentity.Descriptor.Identifier; //string scopeId = tpCollection.Uri.ToString() + "/" + scope; IdentityDescriptor idDesc = idMgmtSvc.CreateApplicationGroup(scope, groupName, groupName); FileHelper.Log("Group creation successful..." + groupName); return(idDesc); } else { FileHelper.Log("Group identity found..." + groupName); return(tfi.Descriptor); } } catch (Exception ex) { FileHelper.Log(ex.Message); FileHelper.Log(ex.StackTrace); } return(null); }
private ICollection <UserInfo> GetAllUsers() { // Read "everyone" group var group = _identityManagementService.ReadIdentity(GroupWellKnownDescriptors.EveryoneGroup, MembershipQuery.Expanded, ReadIdentityOptions.None); // Read identities of that groups members var resultIdentities = _identityManagementService.ReadIdentities(group.Members, MembershipQuery.Direct, ReadIdentityOptions.DoNotQualifyAccountNames); // Filter machine accounts var validLocalUsers = resultIdentities.Where( identity => identity.Descriptor.IdentityType == "System.Security.Principal.WindowsIdentity" && identity.IsActive && identity.IsContainer == false) .ToArray(); return(validLocalUsers.Select(x => new UserInfo(x.DisplayName, x.UniqueName)).OrderBy(x => x.DisplayName).ToArray()); }
public static void ScanUsers(TfsTeamProjectCollection tfsTeamProjectCollection, ProjectInfo projectInfo) { IIdentityManagementService identityManagementService = tfsTeamProjectCollection.GetService <IIdentityManagementService>(); TeamFoundationIdentity[] projectSecurityGroups = identityManagementService.ListApplicationGroups( projectInfo.Uri, ReadIdentityOptions.None); // Get projectValidUsersIdentity Identifier TeamFoundationIdentity projectValidUsersIdentity = projectSecurityGroups .FirstOrDefault(psg => psg.GetProperty("SpecialType").ToString().Equals("EveryoneApplicationGroup")); if (projectValidUsersIdentity == null) { return; } // Expand projectValidUsersIdentity from Identifier to get the list of Members projectValidUsersIdentity = identityManagementService.ReadIdentity( IdentitySearchFactor.Identifier, projectValidUsersIdentity.Descriptor.Identifier, MembershipQuery.Expanded, // Number of Members: Direct gives 20, Expanded gives 111, ExpandedDown gives 111, ExpandedUp gives 0. ReadIdentityOptions.None); // Expand projectValidUsersIdentity with Members into collection of identities TeamFoundationIdentity[] projectUsersIdentities = identityManagementService.ReadIdentities(projectValidUsersIdentity.Members, MembershipQuery.Direct, ReadIdentityOptions.None); // First build map from Identifier (which is part of the Descriptor) to Identity object. foreach (TeamFoundationIdentity userIdentity in projectUsersIdentities) { TeamFoundationIdentity currentIdentity = userIdentity; if (!currentIdentity.BelongsToProject(projectInfo.Uri)) { continue; } TeamProjectScanner.IdToIdentity[currentIdentity.Descriptor.Identifier] = currentIdentity; TeamProjectScanner.DisplayNameToIdentity[currentIdentity.DisplayName] = currentIdentity; //Debug.WriteLine("{0}: Members = {1}, MemberOf = {2}", currentIdentity.DisplayName(), currentIdentity.Members.Length, currentIdentity.MemberOf.Length); } }
private static string GetNameFromIdentity(string identity) { TfsConfigurationServer tcs = new TfsConfigurationServer(new Uri(serverUrl)); IIdentityManagementService ims = tcs.GetService <IIdentityManagementService>(); TeamFoundationIdentity tfi = ims.ReadIdentity(IdentitySearchFactor.AccountName, "[TEAM FOUNDATION]\\Team Foundation Valid Users", MembershipQuery.Expanded, ReadIdentityOptions.None); TeamFoundationIdentity[] ids = ims.ReadIdentities(tfi.Members, MembershipQuery.None, ReadIdentityOptions.None); foreach (TeamFoundationIdentity id in ids) { if (id.Descriptor.Identifier.ToString().Equals(identity)) { return(id.DisplayName); } } return("N/A"); }
public string GetEmail(string accountUniqueName) { var tfs = this.dte.GetObject("Microsoft.VisualStudio.TeamFoundation.TeamFoundationServerExt") as TeamFoundationServerExt; if (tfs == null || tfs.ActiveProjectContext == null) { return(null); } string activeUri = tfs.ActiveProjectContext.DomainUri; if (string.IsNullOrEmpty(activeUri)) { return(null); } TfsTeamProjectCollection collection = TfsTeamProjectCollectionFactory.GetTeamProjectCollection(new Uri(activeUri)); if (collection == null) { return(null); } IIdentityManagementService ims = collection.GetService(typeof(IIdentityManagementService)) as IIdentityManagementService; if (ims == null) { return(null); } TeamFoundationIdentity identity = ims.ReadIdentity(IdentitySearchFactor.AccountName, accountUniqueName, MembershipQuery.Direct, ReadIdentityOptions.None); if (identity == null) { return(null); } string email = identity.GetProperty("Mail") as string; return(email); }
/// <summary> /// Get Email Address from TFS Account or Display Name /// </summary> /// <remarks>https://paulselles.wordpress.com/2014/03/24/tfs-api-tfs-user-email-address-lookup-and-reverse-lookup/</remarks> private string GetEmailAddress(TfsTeamProjectCollection tpc, string displayName) { if (string.IsNullOrEmpty(displayName)) { return(string.Empty); } try { IIdentityManagementService IdentityManagementService = tpc.GetService <IIdentityManagementService>(); TeamFoundationIdentity teamFoundationIdentity = IdentityManagementService.ReadIdentity( IdentitySearchFactor.AccountName | IdentitySearchFactor.DisplayName, displayName, MembershipQuery.None, ReadIdentityOptions.None); return(teamFoundationIdentity.GetAttribute("Mail", null)); } catch { return(string.Empty); } }
internal static void CheckBypassRulePermission(TfsTeamProjectCollection tfs) { IIdentityManagementService identityService = (IIdentityManagementService)tfs.GetService(typeof(IIdentityManagementService)); TeamFoundationIdentity serviceAccountIdentity = identityService.ReadIdentity(GroupWellKnownDescriptors.ServiceUsersGroup, MembershipQuery.None, ReadIdentityOptions.None); TeamFoundationIdentity authenticatedUser; tfs.GetAuthenticatedIdentity(out authenticatedUser); if (null == authenticatedUser) { return; } if (!identityService.IsMember(serviceAccountIdentity.Descriptor, authenticatedUser.Descriptor)) { return; throw new PermissionException( string.Format(TfsWITAdapterResources.UserNotInServiceAccountGroup, authenticatedUser.DisplayName, tfs.Uri.ToString()), authenticatedUser.DisplayName, string.Empty, serviceAccountIdentity.DisplayName); } TraceManager.TraceInformation("BypassRulePermission verified for user '{0}'", authenticatedUser.DisplayName); }
// =============================================================== // Utility methods - could be moved elsewhere // For call to create TR we need Ericsson user id (also domain?) - seems like we have what we want here. // See http://stackoverflow.com/questions/19911368/using-the-tfs-2012-api-how-do-i-get-the-email-address-of-a-user static public TeamFoundationIdentity GetSignumForAssignedTo( Microsoft.TeamFoundation.WorkItemTracking.Client.WorkItem workItem) { TfsTeamProjectCollection tpc = workItem.Store.TeamProjectCollection; String userName = workItem.Fields[TFSMapper.TFS_OWNER].Value.ToString(); IIdentityManagementService mgmntService = tpc.GetService <IIdentityManagementService>(); TeamFoundationIdentity member = mgmntService.ReadIdentity( IdentitySearchFactor.DisplayName, userName, MembershipQuery.Direct, ReadIdentityOptions.ExtendedProperties); if (member == null) { HandlerSettings.LogMessage( String.Format("Failed to get user identity for user: {0}", userName), HandlerSettings.LoggingLevel.WARN); } return(member); }
/// <summary> /// Create TFS Group if not exists /// </summary> /// <param name="groupName"></param> /// <returns></returns> public TeamFoundationIdentity CreateGroup(string groupName) { // Check if group already exists TeamFoundationIdentity group = _identityManagementService .ListApplicationGroups(_projectInfo.Uri, ReadIdentityOptions.IncludeReadFromSource) .FirstOrDefault(g => string.Equals(g.DisplayName, groupName, StringComparison.OrdinalIgnoreCase)); if (group == null) { // Prepare group name var groupNameToCreate = groupName.Replace($"[{_teamProjectName}]\\", ""); // Group doesn't exist, create one var groupDescriptor = _identityManagementService.CreateApplicationGroup(_projectInfo.Uri, groupNameToCreate, null); group = _identityManagementService.ReadIdentity(groupDescriptor, MembershipQuery.None, ReadIdentityOptions.IncludeReadFromSource); Console.WriteLine($"Group created: '{groupName}'"); } else { Console.WriteLine($"Group already exists: '{groupName}'"); } return(group); }
private static void AddExpandedMembershipOfValidUsersGroup(IIdentityManagementService ims, List <TeamFoundationIdentity> membershipGroups, Dictionary <IdentityDescriptor, TeamFoundationIdentity> allIdentities) { // Get expanded membership of the Valid Users group, which is all identities in this host var validUsersGroupMembers = ims.ReadIdentity(GroupWellKnownDescriptors.EveryoneGroup, MembershipQuery.Expanded, ReadIdentityOptions.None); // If total membership exceeds batch size limit for Read, break it up const int batchSizeLimit = 100000; if (validUsersGroupMembers.Members.Length > batchSizeLimit) { BatchUpMembershipThatExceedsSizeLimit(validUsersGroupMembers, batchSizeLimit, ims, membershipGroups, allIdentities); } else { var memberIdentities = ims.ReadIdentities(validUsersGroupMembers.Members, MembershipQuery.Direct, ReadIdentityOptions.None); AddCollectionUsersAndGroupsToLists(memberIdentities, membershipGroups, allIdentities); } }
private static void AddExpandedMembershipOfValidUsersGroup(IIdentityManagementService ims, List<TeamFoundationIdentity> membershipGroups, Dictionary<IdentityDescriptor, TeamFoundationIdentity> allIdentities) { // Get expanded membership of the Valid Users group, which is all identities in this host var validUsersGroupMembers = ims.ReadIdentity(GroupWellKnownDescriptors.EveryoneGroup, MembershipQuery.Expanded, ReadIdentityOptions.None); // If total membership exceeds batch size limit for Read, break it up const int batchSizeLimit = 100000; if (validUsersGroupMembers.Members.Length > batchSizeLimit) { BatchUpMembershipThatExceedsSizeLimit(validUsersGroupMembers, batchSizeLimit, ims, membershipGroups, allIdentities); } else { var memberIdentities = ims.ReadIdentities(validUsersGroupMembers.Members, MembershipQuery.Direct, ReadIdentityOptions.None); AddCollectionUsersAndGroupsToLists(memberIdentities, membershipGroups, allIdentities); } }
static void Main(string[] args) { TfsConfigurationServer tcs = new TfsConfigurationServer(new Uri("http://tfsserver:8080/tfs")); IIdentityManagementService ims = tcs.GetService <IIdentityManagementService>(); TeamFoundationIdentity tfi = ims.ReadIdentity(IdentitySearchFactor.AccountName, "[TEAM FOUNDATION]\\Team Foundation Valid Users", MembershipQuery.Expanded, ReadIdentityOptions.None); TeamFoundationIdentity[] ids = ims.ReadIdentities(tfi.Members, MembershipQuery.None, ReadIdentityOptions.None); foreach (TeamFoundationIdentity id in ids) { if (id.Descriptor.IdentityType == "System.Security.Principal.WindowsIdentity") { Console.WriteLine(id.DisplayName); Console.WriteLine(id.UniqueName); } } Console.ReadLine(); }
/// <summary> /// Run the extraction algorithm for a specific user /// </summary> /// <param name="ims">Identity management service</param> /// <param name="userName">user name</param> /// <param name="options">command line parameters</param> /// <param name="fileName">File name</param> /// <param name="tfs">team project collection</param> /// <returns>true if successful</returns> private static bool ExtractPermissionForUserName(IIdentityManagementService ims, string userName, Options options, string fileName, TfsTeamProjectCollection tfs) { TeamFoundationIdentity userIdentity = ims.ReadIdentity( IdentitySearchFactor.AccountName, userName, MembershipQuery.None, ReadIdentityOptions.IncludeReadFromSource); if (userIdentity == null) { Console.WriteLine("User {0} can't connect to the Collection {1}. Please verifiy!", userName, options.Collection); Console.ReadLine(); return(false); } // get workItem store var workItemStore = tfs.GetService <WorkItemStore>(); ////Initiate Report // Initiate a new object of Permission Report var permissionsReport = new PermissionsReport { Date = DateTime.Now, TfsCollectionUrl = options.Collection, UserName = userName, TeamProjects = new List <TfsTeamProject>() }; try { // retrieve list of Team Projects in the given collection ProjectCollection workItemsProjects = workItemStore.Projects; foreach (Project teamProject in workItemsProjects) { if (options.Projects != null) { if (!options.Projects.Contains(teamProject.Name)) { Console.WriteLine(" ...skipping Team Project: {0}", teamProject.Name); continue; } } // Create project security token string projectSecurityToken = "$PROJECT:" + teamProject.Uri.AbsoluteUri; // Project Permissions var server = tfs.GetService <ISecurityService>(); var vcs = tfs.GetService <VersionControlServer>(); TeamFoundation.Git.Client.GitRepositoryService gitRepostoryService = tfs.GetService <TeamFoundation.Git.Client.GitRepositoryService>(); Console.WriteLine("==== Extracting Permissions for {0} Team Project ====", teamProject.Name); List <string> groups = GetUserGroups(tfs, teamProject.Uri.AbsoluteUri, userIdentity); List <Permission> projectLevelPermissions = ExtractGenericSecurityNamespacePermissions(server, PermissionScope.TeamProject, userIdentity, projectSecurityToken, ims, groups); // Version Control Permissions List <Permission> versionControlPermissions = ExtractVersionControlPermissions(server, groups, userIdentity, teamProject.Name, ims, vcs); List <GitPermission> gitVersionControlPermissions = ExtractGitVersionControlPermissions(server, groups, userIdentity, teamProject.Name, ims, vcs, gitRepostoryService); // Build Permissions List <Permission> buildPermissions = ExtractBuildPermissions(server, projectSecurityToken, userIdentity); // WorkItems Area Permissions List <AreaPermission> areasPermissions = ExtractAreasPermissions(server, teamProject, userIdentity, ims, groups); // WorkItems Iteration Permissions List <IterationPermission> iterationPermissions = ExtractIterationPermissions(server, teamProject, userIdentity, ims, groups); // Workspace Permissions // var workspacePermission = ExtractGenericSecurityNamespacePermissions(server, PermissionScope.Workspaces, userIdentity, projectSecurityToken, ims, groups); // Set TFS report Data // Create Team Project node in XML file var tfsTeamProject = new TfsTeamProject { Name = teamProject.Name, AreaPermissions = areasPermissions, BuildPermissions = buildPermissions, IterationPermissions = iterationPermissions, ProjectLevelPermissions = new ProjectLevelPermissions { ProjectLevelPermissionsList = projectLevelPermissions }, GitVersionControlPermissions = new GitVersionControlPermissions { VersionControlPermissionsList = gitVersionControlPermissions }, VersionControlPermissions = new VersionControlPermissions { VersionControlPermissionsList = versionControlPermissions } }; tfsTeamProject.VersionControlPermissions.VersionControlPermissionsList.AddRange(versionControlPermissions); permissionsReport.TeamProjects.Add(tfsTeamProject); } // Generate output file FileInfo fi = new FileInfo(fileName); if (!Directory.Exists(fi.DirectoryName)) { Console.Write("Creating Output Directory {0}", fi.DirectoryName); Directory.CreateDirectory(fi.DirectoryName); } var fs = new FileStream(fileName, FileMode.Create); var streamWriter = new StreamWriter(fs, Encoding.UTF8); using (streamWriter) { var xmlSerializer = new XmlSerializer(typeof(PermissionsReport)); xmlSerializer.Serialize(streamWriter, permissionsReport); streamWriter.Flush(); } if (options.Html) { var tranformationFileName = Path.Combine(Path.GetDirectoryName(fileName), "ALMRanger.xsl"); File.WriteAllText(tranformationFileName, Resources.ALMRangers_SampleXslt); var htmlOuput = Path.ChangeExtension(fileName, ".html"); var logoFile = Path.Combine(Path.GetDirectoryName(fileName), "ALMRangers_Logo.png"); Resources.ALMRangers_Logo.Save(logoFile); XmlTransformationManager.TransformXmlUsingXsl(fileName, tranformationFileName, htmlOuput); } return(true); } catch (TeamFoundationServiceException ex) { Console.WriteLine(ex.Message); return(false); } }
/// <summary> /// Sample method on how to extracts the git version control permissions. /// </summary> /// <param name="server">The server.</param> /// <param name="groups">The groups.</param> /// <param name="userIdentity">The user identity.</param> /// <param name="projectSecurityToken">The project security token.</param> /// <param name="identityManagementService">The identityManagementService.</param> /// <param name="vcs">The VCS.</param> /// <param name="gitService">The git service.</param> /// <returns>List of Permissions</returns> private static List <GitPermission> ExtractGitVersionControlPermissions( ISecurityService server, List <string> groups, TeamFoundationIdentity userIdentity, string projectSecurityToken, IIdentityManagementService identityManagementService, VersionControlServer vcs, GitRepositoryService gitService) { Console.WriteLine("== Extract Git Version Control Permissions =="); SecurityNamespace gitVersionControlSecurityNamespace = server.GetSecurityNamespace(Helpers.GetSecurityNamespaceId(PermissionScope.GitSourceControl, server)); IList <GitRepository> gitProjectRepoService = gitService.QueryRepositories(projectSecurityToken); var groupsIdentities = new List <TeamFoundationIdentity>(groups.Count); foreach (string group in groups) { TeamFoundationIdentity groupIdentity = identityManagementService.ReadIdentity( IdentitySearchFactor.Identifier, group, MembershipQuery.None, ReadIdentityOptions.IncludeReadFromSource); groupsIdentities.Add(groupIdentity); } var results = new List <GitPermission>(); foreach (GitRepository repo in gitProjectRepoService) { string primaryBranch = (repo.DefaultBranch ?? "(no default branch)").StartsWith("refs/heads/") ? repo.DefaultBranch.Substring(11) : repo.DefaultBranch; Console.WriteLine(" -- Repo: {0} branch {1}", repo.Name, primaryBranch); // Repository Security Token is repoV2/TeamProjectId/RepositoryId string repoIdToken = string.Format("repoV2{0}{1}{2}{3}", gitVersionControlSecurityNamespace.Description.SeparatorValue, repo.ProjectReference.Id, gitVersionControlSecurityNamespace.Description.SeparatorValue, repo.Id); AccessControlList versionControlAccessList = gitVersionControlSecurityNamespace.QueryAccessControlList( repoIdToken, new List <IdentityDescriptor> { userIdentity.Descriptor }, true); var gitVersionControlPermissions = new List <Permission>(); foreach (AccessControlEntry ace in versionControlAccessList.AccessControlEntries) { foreach (AclAndName aclAndName in Helpers.EnumerateAcls(ace, false)) { if (aclAndName.Acl != 0) { string versionControlPermissions = ((EnumerationsList.GitPermissions)aclAndName.Acl).ToString(); gitVersionControlPermissions.AddRange( Helpers.GetActionDetailsByName(versionControlPermissions, aclAndName.Name, PermissionScope.GitSourceControl)); } } } foreach (TeamFoundationIdentity groupIdentity in groupsIdentities) { AccessControlList groupAccessList = gitVersionControlSecurityNamespace.QueryAccessControlList( repoIdToken, new List <IdentityDescriptor> { groupIdentity.Descriptor }, true); foreach (AccessControlEntry ace in groupAccessList.AccessControlEntries) { foreach (AclAndName aclAndName in Helpers.EnumerateAcls(ace, true)) { if (aclAndName.Acl != 0) { string versionControlPermissions = ((EnumerationsList.GitPermissions)aclAndName.Acl).ToString(); gitVersionControlPermissions.AddRange( Helpers.GetActionDetailsByName(versionControlPermissions, aclAndName.Name, PermissionScope.GitSourceControl)); } } } } List <Permission> modifiedPermissions = Helpers.RemoveDuplicatePermissionsAndCombineGroups(gitVersionControlPermissions); results.AddRange(modifiedPermissions.Select(perm => new GitPermission(perm, repo.Name, primaryBranch))); } return(results); }
/// <summary> /// Extracts the generic security namespace permissions. /// </summary> /// <param name="server">The server.</param> /// <param name="permissionScope">The permission scope.</param> /// <param name="userIdentity">The user identity.</param> /// <param name="securityToken">The security token.</param> /// <param name="identityManagementService">The identityManagementService.</param> /// <param name="groups">The groups.</param> /// <returns>List of Permissions</returns> private static List<Permission> ExtractGenericSecurityNamespacePermissions(ISecurityService server, PermissionScope permissionScope, TeamFoundationIdentity userIdentity, string securityToken, IIdentityManagementService identityManagementService, IEnumerable<string> groups) { SecurityNamespace genericSecurityNamespace = server.GetSecurityNamespace(Helpers.GetSecurityNamespaceId(permissionScope, server)); AccessControlList userAccessList = genericSecurityNamespace.QueryAccessControlList( securityToken, new List<IdentityDescriptor> { userIdentity.Descriptor }, true); var result = new List<Permission>(); result.AddRange(Helpers.AccessControlEntryToPermission(genericSecurityNamespace, userAccessList.AccessControlEntries, false, string.Empty)); // handle group inheritance foreach (string group in groups) { TeamFoundationIdentity groupIdentity = identityManagementService.ReadIdentity(IdentitySearchFactor.Identifier, group, MembershipQuery.None, ReadIdentityOptions.IncludeReadFromSource); AccessControlList groupAccessList = genericSecurityNamespace.QueryAccessControlList( securityToken, new List<IdentityDescriptor> { groupIdentity.Descriptor }, true); result.AddRange(Helpers.AccessControlEntryToPermission(genericSecurityNamespace, groupAccessList.AccessControlEntries, true, groupIdentity.DisplayName)); } var modifiedPermissions = Helpers.RemoveDuplicatePermissionsAndCombineGroups(result); return modifiedPermissions; }
private static TeamFoundationIdentity GetAllValidUsers(IIdentityManagementService ims) { var validUsersGroupMembers = ims.ReadIdentity(GroupWellKnownDescriptors.EveryoneGroup, MembershipQuery.Direct, ReadIdentityOptions.None); return validUsersGroupMembers; }
/// <summary> /// Run the extraction algorithm for a specific user /// </summary> /// <param name="ims">Identity management service</param> /// <param name="userName">user name</param> /// <param name="options">command line parameters</param> /// <param name="fileName">File name</param> /// <param name="tfs">team project collection</param> /// <returns>true if successful</returns> private static bool ExtractPermissionForUserName(IIdentityManagementService ims, string userName, Options options, string fileName, TfsTeamProjectCollection tfs) { TeamFoundationIdentity userIdentity = ims.ReadIdentity( IdentitySearchFactor.AccountName, userName, MembershipQuery.None, ReadIdentityOptions.IncludeReadFromSource); if (userIdentity == null) { Console.WriteLine("User {0} can't connect to the Collection {1}. Please verifiy!", userName, options.Collection); Console.ReadLine(); return false; } // get workItem store var workItemStore = tfs.GetService<WorkItemStore>(); ////Initiate Report // Initiate a new object of Permission Report var permissionsReport = new PermissionsReport { Date = DateTime.Now, TfsCollectionUrl = options.Collection, UserName = userName, TeamProjects = new List<TfsTeamProject>() }; try { // retrieve list of Team Projects in the given collection ProjectCollection workItemsProjects = workItemStore.Projects; foreach (Project teamProject in workItemsProjects) { if (options.Projects != null) { if (!options.Projects.Contains(teamProject.Name)) { Console.WriteLine(" ...skipping Team Project: {0}", teamProject.Name); continue; } } // Create project security token string projectSecurityToken = "$PROJECT:" + teamProject.Uri.AbsoluteUri; // Project Permissions var server = tfs.GetService<ISecurityService>(); var vcs = tfs.GetService<VersionControlServer>(); TeamFoundation.Git.Client.GitRepositoryService gitRepostoryService = tfs.GetService<TeamFoundation.Git.Client.GitRepositoryService>(); Console.WriteLine("==== Extracting Permissions for {0} Team Project ====", teamProject.Name); var groups = GetUserGroups(tfs, teamProject.Uri.AbsoluteUri, userIdentity); var projectLevelPermissions = ExtractGenericSecurityNamespacePermissions(server, PermissionScope.TeamProject, userIdentity, projectSecurityToken, ims, groups); // Version Control Permissions var versionControlPermissions = ExtractVersionControlPermissions(server, groups, userIdentity, teamProject.Name, ims, vcs); var gitVersionControlPermissions = ExtractGitVersionControlPermissions(server, groups, userIdentity, teamProject.Name, ims, vcs, gitRepostoryService); // Build Permissions var buildPermissions = ExtractBuildPermissions(server, projectSecurityToken, userIdentity); // WorkItems Area Permissions var areasPermissions = ExtractAreasPermissions(server, teamProject, userIdentity, ims, groups); // WorkItems Iteration Permissions var iterationPermissions = ExtractIterationPermissions(server, teamProject, userIdentity, ims, groups); // Workspace Permissions // var workspacePermission = ExtractGenericSecurityNamespacePermissions(server, PermissionScope.Workspaces, userIdentity, projectSecurityToken, ims, groups); // Set TFS report Data // Create Team Project node in XML file var tfsTeamProject = new TfsTeamProject { Name = teamProject.Name, AreaPermissions = areasPermissions, BuildPermissions = buildPermissions, IterationPermissions = iterationPermissions, ProjectLevelPermissions = new ProjectLevelPermissions { ProjectLevelPermissionsList = projectLevelPermissions }, GitVersionControlPermissions = new VersionControlPermissions { VersionControlPermissionsList = gitVersionControlPermissions }, VersionControlPermissions = new VersionControlPermissions { VersionControlPermissionsList = versionControlPermissions } }; tfsTeamProject.VersionControlPermissions.VersionControlPermissionsList.AddRange(versionControlPermissions); permissionsReport.TeamProjects.Add(tfsTeamProject); } // Generate output file FileInfo fi = new FileInfo(fileName); if (!Directory.Exists(fi.DirectoryName)) { Console.Write("Creating Output Directory {0}", fi.DirectoryName); Directory.CreateDirectory(fi.DirectoryName); } var fs = new FileStream(fileName, FileMode.Create); var streamWriter = new StreamWriter(fs, Encoding.UTF8); using (streamWriter) { var xmlSerializer = new XmlSerializer(typeof(PermissionsReport)); xmlSerializer.Serialize(streamWriter, permissionsReport); streamWriter.Flush(); } if (options.Html) { var tranformationFileName = Path.Combine(Path.GetDirectoryName(fileName), "ALMRanger.xsl"); File.WriteAllText(tranformationFileName, Resources.ALMRangers_SampleXslt); var htmlOuput = Path.ChangeExtension(fileName, ".html"); var logoFile = Path.Combine(Path.GetDirectoryName(fileName), "ALMRangers_Logo.png"); Resources.ALMRangers_Logo.Save(logoFile); XmlTransformationManager.TransformXmlUsingXsl(fileName, tranformationFileName, htmlOuput); } return true; } catch (TeamFoundationServiceException ex) { Console.WriteLine(ex.Message); return false; } }
static void Main(string[] args) { //Get Office VSTS Projects IEnumerable <TeamProjectReference> projects = GetVstsProjects(); //Access VSTS Groups TfsConfigurationServer tcs = new TfsConfigurationServer(new Uri(ConfigurationManager.AppSettings["Uri"])); IIdentityManagementService ims = tcs.GetService <IIdentityManagementService>(); //Create Table for Storing Excel Data DataTable admins = new DataTable(); admins.Clear(); admins.Columns.Add("ProjectName"); admins.Columns.Add("Email"); //List for storing json strings List <Project> projectList = new List <Project>(); //Iterate through projects to get admins foreach (TeamProjectReference project in projects) { string projectInfo = $"[{project.Name}]\\{ConfigurationManager.AppSettings["Group"]}"; TeamFoundationIdentity tfi = ims.ReadIdentity(IdentitySearchFactor.AccountName, projectInfo, MembershipQuery.Direct, ReadIdentityOptions.None); List <TeamFoundationIdentity> ids = new List <TeamFoundationIdentity>(); foreach (IdentityDescriptor identity in tfi.Members) { try { TeamFoundationIdentity group = ims.ReadIdentity(identity, MembershipQuery.ExpandedDown, ReadIdentityOptions.None); GetAllProjectAdmins(group, ims, ref ids); } catch { TeamFoundationIdentity single = ims.ReadIdentity(identity, MembershipQuery.None, ReadIdentityOptions.None); ids.Add(single); } } Console.WriteLine($"Members of {projectInfo}"); Project proj = new Project { Name = project.Name }; proj.Administrators = new List <string>(); foreach (TeamFoundationIdentity identity in ids) { if (!proj.Administrators.Contains(identity.UniqueName)) { //Add admin to DataTable DataRow admin = admins.NewRow(); admin["ProjectName"] = project.Name; admin["Email"] = identity.UniqueName; admins.Rows.Add(admin); //Add admin to Project Admin List proj.Administrators.Add(identity.UniqueName); Console.WriteLine(identity.UniqueName); } } projectList.Add(proj); } //SaveAsExcel(admins); SaveAsJson(projectList); }
/// <summary> /// Sample method on how to extracts the git version control permissions. /// </summary> /// <param name="server">The server.</param> /// <param name="groups">The groups.</param> /// <param name="userIdentity">The user identity.</param> /// <param name="projectSecurityToken">The project security token.</param> /// <param name="identityManagementService">The identityManagementService.</param> /// <param name="vcs">The VCS.</param> /// <param name="gitService">The git service.</param> /// <returns>List of Permissions</returns> private static List<Permission> ExtractGitVersionControlPermissions(ISecurityService server, IEnumerable<string> groups, TeamFoundationIdentity userIdentity, string projectSecurityToken, IIdentityManagementService identityManagementService, VersionControlServer vcs, TeamFoundation.Git.Client.GitRepositoryService gitService) { Console.WriteLine("== Extract Git Version Control Permissions =="); SecurityNamespace gitVersionControlSecurityNamespace = server.GetSecurityNamespace(Helpers.GetSecurityNamespaceId(PermissionScope.GitSourceControl, server)); var gitProjectRepoService = gitService.QueryRepositories(projectSecurityToken); // This sample handle only the default repository, you can iterate through all repositories same way var defaultGitRepo = gitProjectRepoService.SingleOrDefault(gr => gr.Name.Equals(projectSecurityToken)); vcs.TryGetTeamProject(projectSecurityToken); if (defaultGitRepo == null) { return new List<Permission>(); } // Repository Security Token is repoV2/TeamProjectId/RepositoryId var repoIdToken = string.Format("repoV2{0}{1}{2}{3}", gitVersionControlSecurityNamespace.Description.SeparatorValue, defaultGitRepo.ProjectReference.Id, gitVersionControlSecurityNamespace.Description.SeparatorValue, defaultGitRepo.Id); // vcs.GetTeamProject(projectSecurityToken); AccessControlList versionControlAccessList = gitVersionControlSecurityNamespace.QueryAccessControlList( repoIdToken, new List<IdentityDescriptor> { userIdentity.Descriptor }, true); var gitVersionControlPermissions = new List<Permission>(); foreach (AccessControlEntry ace in versionControlAccessList.AccessControlEntries) { if (0 != ace.Allow) { var allowedVersionControlPermissions = ((EnumrationsList.GitPermissions)ace.Allow).ToString(); gitVersionControlPermissions.AddRange( Helpers.GetActionDetailsByName(allowedVersionControlPermissions, "Allow", PermissionScope.GitSourceControl)); } if (0 != ace.Deny) { var denyVersionControlPermissions = ((EnumrationsList.GitPermissions)ace.Deny).ToString(); gitVersionControlPermissions.AddRange( Helpers.GetActionDetailsByName(denyVersionControlPermissions, "Deny", PermissionScope.GitSourceControl)); } } if (gitVersionControlPermissions.Count == 0) { foreach (AccessControlEntry ace in versionControlAccessList.AccessControlEntries) { if (0 != ace.ExtendedInfo.EffectiveAllow) { var allowedVersionControlPermissions = ((EnumrationsList.GitPermissions)ace.ExtendedInfo.EffectiveAllow).ToString(); gitVersionControlPermissions.AddRange( Helpers.GetActionDetailsByName(allowedVersionControlPermissions, "Allow", PermissionScope.GitSourceControl)); } if (0 != ace.ExtendedInfo.EffectiveDeny) { var denyVersionControlPermissions = ((EnumrationsList.GitPermissions)ace.ExtendedInfo.EffectiveDeny).ToString(); gitVersionControlPermissions.AddRange( Helpers.GetActionDetailsByName(denyVersionControlPermissions, "Deny", PermissionScope.GitSourceControl)); } } } foreach (string group in groups) { TeamFoundationIdentity groupIdentity = identityManagementService.ReadIdentity(IdentitySearchFactor.Identifier, group, MembershipQuery.None, ReadIdentityOptions.IncludeReadFromSource); AccessControlList groupAccessList = gitVersionControlSecurityNamespace.QueryAccessControlList( repoIdToken, new List<IdentityDescriptor> { groupIdentity.Descriptor }, true); foreach (AccessControlEntry ace in groupAccessList.AccessControlEntries) { if (0 != ace.Allow) { var allowedPermissions = ((EnumrationsList.GitPermissions)ace.Allow).ToString(); var permissionsList = Helpers.GetActionDetailsByName(allowedPermissions, "Inherited Allow", PermissionScope.GitSourceControl); Helpers.AppendGroupInheritanceInformation(permissionsList, groupIdentity.DisplayName); gitVersionControlPermissions.AddRange(permissionsList); } if (0 != ace.Deny) { var denyPermissions = ((EnumrationsList.GitPermissions)ace.Deny).ToString(); var permissionsList = Helpers.GetActionDetailsByName(denyPermissions, "Inherited Deny", PermissionScope.GitSourceControl); Helpers.AppendGroupInheritanceInformation(permissionsList, groupIdentity.DisplayName); gitVersionControlPermissions.AddRange(permissionsList); } } } var modifiedPermissions = Helpers.RemoveDuplicatePermissionsAndCombineGroups(gitVersionControlPermissions); return modifiedPermissions; }