internal Permission GetTargetPermission(PermissionSet permissionSet) { Permission result = null; switch (this.MailboxFolderUserId.UserType) { case MailboxFolderUserId.MailboxFolderUserType.Default: return(permissionSet.DefaultPermission); case MailboxFolderUserId.MailboxFolderUserType.Anonymous: return(permissionSet.AnonymousPermission); case MailboxFolderUserId.MailboxFolderUserType.Internal: case MailboxFolderUserId.MailboxFolderUserType.External: { PermissionSecurityPrincipal securityPrincipal = this.MailboxFolderUserId.ToSecurityPrincipal(); return(permissionSet.GetEntry(securityPrincipal)); } } foreach (Permission permission in permissionSet) { if (this.MailboxFolderUserId.Equals(permission.Principal)) { result = permission; break; } } return(result); }
private void AddPermissions(CalendarFolderPermissionSet permissions, PermissionSet fbPermissions) { List <ADRecipient> list = new List <ADRecipient>(this.policyMembersToAddPermission.Count + this.delegatesToAddPermission.Count); foreach (string legacyExchangeDN in this.policyMembersToAddPermission) { list.Add(base.TenantGlobalCatalogSession.FindByLegacyExchangeDN(legacyExchangeDN)); } foreach (ADObjectId entryId in this.delegatesToAddPermission) { list.Add(base.TenantGlobalCatalogSession.Read(entryId)); } foreach (ADRecipient adrecipient in list) { if (adrecipient != null && adrecipient.IsValidSecurityPrincipal && (adrecipient.RecipientType == RecipientType.UserMailbox || adrecipient.RecipientType == RecipientType.MailUser || adrecipient.RecipientType == RecipientType.MailUniversalSecurityGroup)) { PermissionSecurityPrincipal securityPrincipal = new PermissionSecurityPrincipal(adrecipient); CalendarFolderPermission calendarFolderPermission = permissions.GetEntry(securityPrincipal); bool flag = this.delegatesToAddPermission.Contains(adrecipient.Id); if (calendarFolderPermission == null) { calendarFolderPermission = permissions.AddEntry(securityPrincipal, PermissionLevel.None); } calendarFolderPermission.FreeBusyAccess = FreeBusyAccess.Details; if (flag) { calendarFolderPermission.PermissionLevel = PermissionLevel.Editor; calendarFolderPermission.DeleteItems = ItemPermissionScope.AllItems; calendarFolderPermission.IsFolderVisible = true; } } } }
private void RemovePermissions(CalendarFolderPermissionSet permissions, PermissionSet fbPermissions) { List <ADRecipient> list = new List <ADRecipient>(this.policyMembersToRemovePermission.Count + this.delegatesToRemovePermission.Count); foreach (string legacyExchangeDN in this.policyMembersToRemovePermission) { list.Add(base.TenantGlobalCatalogSession.FindByLegacyExchangeDN(legacyExchangeDN)); } foreach (ADObjectId entryId in this.delegatesToRemovePermission) { list.Add(base.TenantGlobalCatalogSession.Read(entryId)); } foreach (ADRecipient adrecipient in list) { if (adrecipient != null && adrecipient.IsValidSecurityPrincipal) { PermissionSecurityPrincipal securityPrincipal = new PermissionSecurityPrincipal(adrecipient); CalendarFolderPermission entry = permissions.GetEntry(securityPrincipal); bool flag = this.delegatesToRemovePermission.Contains(adrecipient.Id); bool flag2 = this.policyMembersToRemovePermission.Contains(adrecipient.LegacyExchangeDN); if (entry != null) { if (flag) { if (!this.newPolicyMembers.Contains(adrecipient.LegacyExchangeDN)) { permissions.RemoveEntry(securityPrincipal); } else { entry.PermissionLevel = PermissionLevel.None; } } if (flag2 && entry.PermissionLevel != PermissionLevel.Editor) { entry.FreeBusyAccess = FreeBusyAccess.None; if (entry.PermissionLevel == PermissionLevel.None) { permissions.RemoveEntry(securityPrincipal); } } } if (flag) { Permission entry2 = fbPermissions.GetEntry(securityPrincipal); if (entry2 != null) { fbPermissions.RemoveEntry(securityPrincipal); } } } } }
internal override bool InternalProcessPermissions(Folder folder) { MemberRights memberRights = (MemberRights)MailboxFolderAccessRight.CalculateMemberRights(this.AccessRights, folder.ClassName == "IPF.Appointment"); PermissionSet permissionSet = folder.GetPermissionSet(); Permission permission = null; try { if (base.MailboxFolderUserId.UserType == MailboxFolderUserId.MailboxFolderUserType.Default) { if (permissionSet.DefaultPermission != null && permissionSet.DefaultPermission.MemberRights != MemberRights.None) { throw new UserAlreadyExistsInPermissionEntryException(base.MailboxFolderUserId.ToString()); } permissionSet.SetDefaultPermission(memberRights); permission = permissionSet.DefaultPermission; } else if (base.MailboxFolderUserId.UserType == MailboxFolderUserId.MailboxFolderUserType.Anonymous) { if (permissionSet.AnonymousPermission != null && permissionSet.AnonymousPermission.MemberRights != MemberRights.None) { throw new UserAlreadyExistsInPermissionEntryException(base.MailboxFolderUserId.ToString()); } permissionSet.SetAnonymousPermission(memberRights); permission = permissionSet.AnonymousPermission; } else { PermissionSecurityPrincipal securityPrincipal = base.MailboxFolderUserId.ToSecurityPrincipal(); Permission entry = permissionSet.GetEntry(securityPrincipal); if (entry != null) { throw new UserAlreadyExistsInPermissionEntryException(base.MailboxFolderUserId.ToString()); } permission = permissionSet.AddEntry(securityPrincipal, memberRights); } } catch (ArgumentOutOfRangeException exception) { base.WriteError(exception, (ErrorCategory)1003, this.Identity); return(false); } base.WriteObject(MailboxFolderPermission.FromXsoPermission(folder.DisplayName, permission, this.ResolvedObjectId)); return(true); }
internal static MailboxFolderUserId CreateFromSecurityPrincipal(PermissionSecurityPrincipal securityPrincipal) { if (securityPrincipal == null) { throw new ArgumentNullException("securityPrincipal"); } switch (securityPrincipal.Type) { case PermissionSecurityPrincipal.SecurityPrincipalType.ADRecipientPrincipal: return(new MailboxFolderUserId(securityPrincipal.ADRecipient)); case PermissionSecurityPrincipal.SecurityPrincipalType.ExternalUserPrincipal: return(new MailboxFolderUserId(securityPrincipal.ExternalUser)); case PermissionSecurityPrincipal.SecurityPrincipalType.SpecialPrincipal: return(new MailboxFolderUserId(securityPrincipal.SpecialType)); } return(new MailboxFolderUserId(securityPrincipal.UnknownPrincipalMemberName)); }
internal bool Equals(PermissionSecurityPrincipal securityPrincipal) { if (securityPrincipal == null) { return(false); } switch (securityPrincipal.Type) { case PermissionSecurityPrincipal.SecurityPrincipalType.ADRecipientPrincipal: return(this.UserType == MailboxFolderUserId.MailboxFolderUserType.Internal && securityPrincipal.ADRecipient.Id.Equals(this.adRecipient.Id)); case PermissionSecurityPrincipal.SecurityPrincipalType.ExternalUserPrincipal: return(this.UserType == MailboxFolderUserId.MailboxFolderUserType.External && securityPrincipal.ExternalUser.SmtpAddress.Equals(this.smtpAddress)); case PermissionSecurityPrincipal.SecurityPrincipalType.SpecialPrincipal: return((securityPrincipal.SpecialType == PermissionSecurityPrincipal.SpecialPrincipalType.Default && this.UserType == MailboxFolderUserId.MailboxFolderUserType.Default) || (securityPrincipal.SpecialType == PermissionSecurityPrincipal.SpecialPrincipalType.Anonymous && this.UserType == MailboxFolderUserId.MailboxFolderUserType.Anonymous)); } return(this.UserType == MailboxFolderUserId.MailboxFolderUserType.Unknown && StringComparer.InvariantCultureIgnoreCase.Equals(this.unknownMemberName, securityPrincipal.UnknownPrincipalMemberName)); }
public static bool ModifyPermission(PermissionSet permissionSet, PermissionSecurityPrincipal permissionSecurityPrincipal, MemberRights memberRights) { bool result = false; if (permissionSecurityPrincipal.Type == PermissionSecurityPrincipal.SecurityPrincipalType.SpecialPrincipal && permissionSecurityPrincipal.SpecialType == PermissionSecurityPrincipal.SpecialPrincipalType.Default) { GroupMailboxPermissionHandler.Tracer.TraceDebug <PermissionSecurityPrincipal.SpecialPrincipalType, MemberRights>(0L, "Modifying permissions for permissionSecurityPrincipal {0} with rights {1}", PermissionSecurityPrincipal.SpecialPrincipalType.Default, memberRights); Permission permission = permissionSet.DefaultPermission; if (permission != null && permission.MemberRights != memberRights) { permissionSet.SetDefaultPermission(memberRights); result = true; } } else { GroupMailboxPermissionHandler.Tracer.TraceDebug <string, MemberRights>(0L, "Modifying permissions for permissionSecurityPrincipal {0} with rights {1}", (permissionSecurityPrincipal.Type == PermissionSecurityPrincipal.SecurityPrincipalType.ExternalUserPrincipal) ? permissionSecurityPrincipal.ExternalUser.ExternalId : string.Empty, memberRights); Permission permission = permissionSet.GetEntry(permissionSecurityPrincipal); if (permission == null && memberRights != MemberRights.None) { permission = permissionSet.AddEntry(permissionSecurityPrincipal, PermissionLevel.None); permission.MemberRights = memberRights; result = true; } else if (permission != null && memberRights == MemberRights.None) { permissionSet.RemoveEntry(permissionSecurityPrincipal); result = true; } else if (permission != null && permission.MemberRights != memberRights) { permission.MemberRights = memberRights; result = true; } } return(result); }
private void SetFolderPermissions() { ExternalUser externalUser = ExternalUser.CreateExternalUserForGroupMailbox(this.MailboxPrincipal.MailboxInfo.DisplayName, "Member@local", this.MailboxPrincipal.MailboxInfo.MailboxGuid, SecurityIdentity.GroupMailboxMemberType.Member); ExternalUser externalUser2 = ExternalUser.CreateExternalUserForGroupMailbox(this.MailboxPrincipal.MailboxInfo.DisplayName, "Owner@local", this.MailboxPrincipal.MailboxInfo.MailboxGuid, SecurityIdentity.GroupMailboxMemberType.Owner); using (ExternalUserCollection externalUsers = this.mailboxSession.GetExternalUsers()) { if (!externalUsers.Contains(externalUser)) { externalUsers.Add(externalUser); } if (!externalUsers.Contains(externalUser2)) { externalUsers.Add(externalUser2); } externalUsers.Save(); if (!externalUsers.Contains(externalUser)) { throw new GroupMailboxFailedToAddExternalUserException(Strings.ErrorUnableToAddExternalUser(externalUser.Name)); } if (!externalUsers.Contains(externalUser2)) { throw new GroupMailboxFailedToAddExternalUserException(Strings.ErrorUnableToAddExternalUser(externalUser2.Name)); } this.TraceDebug("Added external member user {0} to external user collection", new object[] { externalUser.Name }); this.TraceDebug("Added external owner user {0} to external user collection", new object[] { externalUser2.Name }); } PermissionSecurityPrincipal userSecurityPrincipal = new PermissionSecurityPrincipal(externalUser); PermissionSecurityPrincipal userSecurityPrincipal2 = new PermissionSecurityPrincipal(externalUser2); int num = 0; List <PermissionEntry> list = new List <PermissionEntry>(3); var array = new < > f__AnonymousType0 <DefaultFolderType, MemberRights, MemberRights>[] { new { Folder = DefaultFolderType.MailboxAssociation, OwnerPermission = GroupMailboxPermissionHandler.MailboxAssociationPermission, MemberPermission = GroupMailboxPermissionHandler.MailboxAssociationPermission }, new { Folder = DefaultFolderType.SearchFolders, OwnerPermission = (GroupMailboxPermissionHandler.SearchFolderPermission | GroupMailboxPermissionHandler.OwnerSpecificPermission), MemberPermission = GroupMailboxPermissionHandler.SearchFolderPermission }, new { Folder = DefaultFolderType.Calendar, OwnerPermission = GroupMailboxPermissionHandler.CalendarFolderPermission, MemberPermission = GroupMailboxPermissionHandler.CalendarFolderPermission } }; list.Add(new PermissionEntry(userSecurityPrincipal2, GroupMailboxPermissionHandler.ConfigurationFolderPermission)); int num2; GroupMailboxPermissionHandler.AssignMemberRight(this.mailboxSession, list, DefaultFolderType.Configuration, out num2); num += num2; var array2 = array; for (int i = 0; i < array2.Length; i++) { var <> f__AnonymousType = array2[i]; list.Clear(); list.Add(new PermissionEntry(userSecurityPrincipal2, <> f__AnonymousType.OwnerPermission)); list.Add(new PermissionEntry(userSecurityPrincipal, <> f__AnonymousType.MemberPermission)); if (!GroupMailboxPermissionHandler.AssignMemberRight(this.mailboxSession, list, <> f__AnonymousType.Folder, out num2)) { throw new GroupMailboxFailedToConfigureMailboxException(Strings.ErrorUnableToConfigureMailbox(< > f__AnonymousType.Folder.ToString(), this.MailboxPrincipal.MailboxInfo.DisplayName)); } num += num2; } this.report.FoldersPrivilegedCount = num; this.mailboxSession.Mailbox[MailboxSchema.GroupMailboxPermissionsVersion] = GroupMailboxPermissionHandler.GroupMailboxPermissionVersion; this.mailboxSession.Mailbox.Save(); this.mailboxSession.Mailbox.Load(); }
private bool FolderMembershipUpdate() { ArgumentValidator.ThrowIfNull("previousExternalMemberUser", this.previousExternalMemberUser); ArgumentValidator.ThrowIfNull("currentExternalMemberUser", this.currentExternalMemberUser); ArgumentValidator.ThrowIfNull("currentExternalOwnerUser", this.currentExternalOwnerUser); PermissionSecurityPrincipal userSecurityPrincipal = new PermissionSecurityPrincipal(this.previousExternalMemberUser); PermissionSecurityPrincipal userSecurityPrincipal2 = new PermissionSecurityPrincipal(this.currentExternalMemberUser); PermissionSecurityPrincipal userSecurityPrincipal3 = new PermissionSecurityPrincipal(this.currentExternalOwnerUser); List <PermissionEntry> list = new List <PermissionEntry>(3); int num = 0; int num2 = 0; bool result = true; foreach (DefaultFolderType defaultFolderType in this.mailboxSession.DefaultFolders) { list.Clear(); if (!GroupMailboxPermissionHandler.IsFolderToBeIgnored(defaultFolderType) && defaultFolderType != DefaultFolderType.MailboxAssociation) { if (this.mailboxSession.GetDefaultFolderId(defaultFolderType) != null) { DefaultFolderType defaultFolderType2 = defaultFolderType; MemberRights memberRights; MemberRights userRights; if (defaultFolderType2 != DefaultFolderType.Calendar) { switch (defaultFolderType2) { case DefaultFolderType.Configuration: memberRights = GroupMailboxPermissionHandler.DefaultFolderPermission; userRights = GroupMailboxPermissionHandler.ConfigurationFolderPermission; break; case DefaultFolderType.SearchFolders: memberRights = GroupMailboxPermissionHandler.SearchFolderPermission; userRights = (memberRights | GroupMailboxPermissionHandler.OwnerSpecificPermission); break; default: memberRights = GroupMailboxPermissionHandler.DefaultFolderPermission; userRights = (memberRights | GroupMailboxPermissionHandler.OwnerSpecificPermission); break; } } else { memberRights = GroupMailboxPermissionHandler.CalendarFolderPermission; userRights = GroupMailboxPermissionHandler.CalendarFolderPermission; } list.Add(new PermissionEntry(userSecurityPrincipal, MemberRights.None)); list.Add(new PermissionEntry(userSecurityPrincipal3, userRights)); list.Add(new PermissionEntry(userSecurityPrincipal2, memberRights)); if (defaultFolderType == DefaultFolderType.Calendar) { list.Add(new PermissionEntry(new PermissionSecurityPrincipal(PermissionSecurityPrincipal.SpecialPrincipalType.Default), MemberRights.FreeBusySimple)); } else { list.Add(new PermissionEntry(new PermissionSecurityPrincipal(PermissionSecurityPrincipal.SpecialPrincipalType.Default), MemberRights.None)); } if (!GroupMailboxPermissionHandler.AssignMemberRight(this.mailboxSession, list, defaultFolderType, out num2)) { result = false; break; } num += num2; } else { GroupMailboxMembershipUpdater.Tracer.TraceError <DefaultFolderType, string>((long)this.GetHashCode(), "MembershipUpdate: Found a folder {0} that is not in group mailbox {1}", defaultFolderType, this.mailboxSession.MailboxOwner.MailboxInfo.PrimarySmtpAddress.ToString()); } } } GroupMailboxMembershipUpdater.Tracer.TraceDebug <int, string>((long)this.GetHashCode(), "MembershipUpdate: {0} folders had been modified for the group mailbox {1}", num, this.mailboxSession.MailboxOwner.MailboxInfo.PrimarySmtpAddress.ToString()); return(result); }
public PermissionEntry(PermissionSecurityPrincipal userSecurityPrincipal, MemberRights userRights) { this.userSecurityPrincipal = userSecurityPrincipal; this.userRights = userRights; }