protected async Task ExportProjectPermissionsAsync(AzDoServices.Dtos.Project project) { var graphService = GetGraphService(); var groups = await graphService.ListGroupsInProjectAsync(project.Id); var manifest = BaseSchema.GetEmpty(project.Name, ManifestKind.Permission); manifest.Permissions = new List <PermissionSchemaManifest>(); foreach (var group in groups) { var memberCollection = await graphService.GetGroupMembersAsync(group.Descriptor); if (memberCollection != null && memberCollection.Members != null && memberCollection.Members.Any()) { var permissionManifest = PermissionSchemaManifest.Create(group.DisplayName); manifest.Permissions.Add(permissionManifest); await PopulateMembershipAsync(graphService, memberCollection, permissionManifest); } } if (manifest.Permissions.Any()) { await this.fs.WriteManifestAsync(project, ManifestKind.Permission, Serialize(manifest)); } }
private static async Task PopulateMembershipAsync( AzDoServices.GraphService graphService, AzDoServices.Dtos.VstsMembershipCollection memberCollection, PermissionSchemaManifest permissionManifest) { foreach (var member in memberCollection.Members) { if (graphService.IsGroupDescriptor(member.MemberDescriptor)) { var gp = await graphService.GetGroupByDescriptorAsync(member.MemberDescriptor); if (gp != null) { permissionManifest.Membership.Groups.Add(new AadObjectSchema { Name = gp.DisplayName, Id = gp.OriginId }); } } else { var usr = await graphService.GetUserByDescriptorAsync(member.MemberDescriptor); if (usr != null) { permissionManifest.Membership.Users.Add(new AadObjectSchema { Name = usr.DisplayName, Id = usr.OriginId }); } } } }
private async Task ApplyGroupPermissionsAsync( GraphService gService, GroupCollection allUsers, Guid projectId, PermissionSchemaManifest permissionEntry, VstsGroup targetGroup) { using var op = Insights.BeginOperation($"Updating membership of [{targetGroup.PrincipalName}]...", "GroupPermissions"); // get existing members - so later we can remove the unwanted members (no longer in yaml) var outdatedMembership = await gService.GetGroupMembersAsync(targetGroup.Descriptor); var survivorDescriptors = new List <string>(); if (permissionEntry.Membership.Groups != null && permissionEntry.Membership.Groups.Any()) { foreach (var gp in permissionEntry.Membership.Groups) { var groupObject = await GetGroupByNameAsync(IdentityOrigin.Aad.ToString(), gp.Name, gp.Id); if (groupObject != null) { await gService.AddMemberAsync(projectId, targetGroup.Descriptor, groupObject.Descriptor); survivorDescriptors.Add(groupObject.Descriptor); } } } if (permissionEntry.Membership.Users != null && permissionEntry.Membership.Users.Any()) { foreach (var user in permissionEntry.Membership.Users) { var userInfo = allUsers.Value.FirstOrDefault(u => u.OriginId.Equals(user.Id)); if (userInfo != null) { await gService.AddMemberAsync(projectId, targetGroup.Descriptor, userInfo.Descriptor); survivorDescriptors.Add(userInfo.Descriptor); } } } if (outdatedMembership != null && outdatedMembership.Members != null && outdatedMembership.Members.Any()) { foreach (var potentialOutdatedMember in outdatedMembership.Members) { var remainValid = survivorDescriptors .Exists(s => s.Contains(potentialOutdatedMember.MemberDescriptor, StringComparison.OrdinalIgnoreCase)); if (!remainValid) { await gService.RemoveMembershipAsync(projectId, targetGroup.Descriptor, potentialOutdatedMember.MemberDescriptor); } } } }