private void PrepareRoleAssignments(RoleAssigneeType assigneeType) { foreach (ExchangeRole role in this.roles) { bool flag = false; ExchangeRoleAssignment exchangeRoleAssignment = new ExchangeRoleAssignment(); RoleHelper.PrepareNewRoleAssignmentWithUniqueNameAndDefaultScopes(null, exchangeRoleAssignment, role, this.DataObject.Id, this.DataObject.OrganizationId, assigneeType, RoleAssignmentDelegationType.Regular, this.ConfigurationSession, new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), new Task.TaskErrorLoggingDelegate(base.WriteError)); RoleHelper.AnalyzeAndStampCustomizedWriteScopes(this, exchangeRoleAssignment, role, this.ConfigurationSession, new DataAccessHelper.GetDataObjectDelegate(base.GetDataObject <ExchangeOrganizationalUnit>), new DataAccessHelper.GetDataObjectDelegate(base.GetDataObject <ManagementScope>), ref flag, ref this.ou, ref this.customRecipientScope, ref this.customConfigScope); if (!flag && base.ExchangeRunspaceConfig != null) { RoleHelper.HierarchicalCheckForRoleAssignmentCreation(this, exchangeRoleAssignment, this.customRecipientScope, this.customConfigScope, new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), new Task.TaskErrorLoggingDelegate(base.WriteError)); } this.roleAssignments.Add(exchangeRoleAssignment); } }
protected override IConfigurable PrepareDataObject() { TaskLogger.LogEnter(); ADGroup result = (ADGroup)base.PrepareDataObject(); if (!this.PartnerManaged.IsPresent) { SharedConfigurationTaskHelper.VerifyIsNotTinyTenant(base.CurrentOrgState, new Task.ErrorLoggerDelegate(base.WriteError)); } RoleAssigneeType roleAssigneeType = RoleAssigneeType.RoleGroup; if ("crossforest" == base.ParameterSetName) { roleAssigneeType = RoleAssigneeType.LinkedRoleGroup; } if (base.Fields.IsChanged("Roles") && this.Roles != null) { this.roles = new MultiValuedProperty <ExchangeRole>(); this.roleAssignments = new List <ExchangeRoleAssignment>(); foreach (RoleIdParameter roleIdParameter in this.Roles) { ExchangeRole item = (ExchangeRole)base.GetDataObject <ExchangeRole>(roleIdParameter, this.ConfigurationSession, null, new LocalizedString?(Strings.ErrorRoleNotFound(roleIdParameter.ToString())), new LocalizedString?(Strings.ErrorRoleNotUnique(roleIdParameter.ToString()))); this.roles.Add(item); } this.ConfigurationSession.SessionSettings.IsSharedConfigChecked = true; foreach (ExchangeRole role in this.roles) { bool flag = false; ExchangeRoleAssignment exchangeRoleAssignment = new ExchangeRoleAssignment(); RoleHelper.PrepareNewRoleAssignmentWithUniqueNameAndDefaultScopes(null, exchangeRoleAssignment, role, this.DataObject.Id, this.DataObject.OrganizationId, roleAssigneeType, RoleAssignmentDelegationType.Regular, this.ConfigurationSession, new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), new Task.TaskErrorLoggingDelegate(base.WriteError)); RoleHelper.AnalyzeAndStampCustomizedWriteScopes(this, exchangeRoleAssignment, role, this.ConfigurationSession, new DataAccessHelper.GetDataObjectDelegate(base.GetDataObject <ExchangeOrganizationalUnit>), new DataAccessHelper.GetDataObjectDelegate(base.GetDataObject <ManagementScope>), ref flag, ref this.ou, ref this.customRecipientScope, ref this.customConfigScope); if (!flag && base.ExchangeRunspaceConfig != null) { RoleHelper.HierarchicalCheckForRoleAssignmentCreation(this, exchangeRoleAssignment, this.customRecipientScope, this.customConfigScope, new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), new Task.TaskErrorLoggingDelegate(base.WriteError)); } this.roleAssignments.Add(exchangeRoleAssignment); } } TaskLogger.LogExit(); return(result); }
protected override IConfigurable PrepareDataObject() { TaskLogger.LogEnter(); ExchangeOrganizationalUnit exchangeOrganizationalUnit = null; ((IConfigurationSession)base.DataSession).SessionSettings.IsSharedConfigChecked = true; this.ConfigurationSession.SessionSettings.IsSharedConfigChecked = true; this.DataObject = (ExchangeRoleAssignment)base.PrepareDataObject(); if (base.HasErrors) { return(null); } if (!this.IgnoreDehydratedFlag) { SharedConfigurationTaskHelper.VerifyIsNotTinyTenant(base.CurrentOrgState, new Task.ErrorLoggerDelegate(base.WriteError)); } this.role = (ExchangeRole)base.GetDataObject <ExchangeRole>(this.Role, base.DataSession, null, new LocalizedString?(Strings.ErrorRoleNotFound(this.Role.ToString())), new LocalizedString?(Strings.ErrorRoleNotUnique(this.Role.ToString()))); RoleHelper.VerifyNoScopeForUnScopedRole(base.Fields, this.role, new Task.TaskErrorLoggingDelegate(base.WriteError)); if (this.role != null && this.role.IsDeprecated) { base.WriteError(new InvalidOperationException(Strings.ErrorCannotCreateRoleAssignmentToADeprecatedRole(this.role.ToString())), ErrorCategory.InvalidOperation, null); } RoleAssigneeType roleAssigneeType; ADObject adobject; if (this.Policy != null) { RoleAssignmentPolicy roleAssignmentPolicy = (RoleAssignmentPolicy)base.GetDataObject <RoleAssignmentPolicy>(this.Policy, RecipientTaskHelper.GetTenantLocalConfigSession(base.CurrentOrganizationId, base.ExecutingUserOrganizationId, base.RootOrgContainerId), null, new LocalizedString?(Strings.ErrorRBACPolicyNotFound(this.Policy.ToString())), new LocalizedString?(Strings.ErrorRBACPolicyNotUnique(this.Policy.ToString()))); if (!this.role.IsEndUserRole) { base.WriteError(new InvalidOperationException(Strings.ErrorNonEndUserRoleCannoBeAssignedToPolicy(this.role.Name)), ErrorCategory.InvalidOperation, roleAssignmentPolicy.Id); } OrganizationId organizationId = OrganizationId.ForestWideOrgId; if (this.ConfigurationSession is ITenantConfigurationSession) { organizationId = TaskHelper.ResolveOrganizationId(this.role.Id, ExchangeRole.RdnContainer, (ITenantConfigurationSession)this.ConfigurationSession); } ADObjectId adobjectId; if (OrganizationId.ForestWideOrgId.Equals(organizationId)) { adobjectId = this.ConfigurationSession.GetOrgContainerId(); } else { adobjectId = organizationId.ConfigurationUnit; } if (!roleAssignmentPolicy.Id.IsDescendantOf(adobjectId)) { base.WriteError(new InvalidOperationException(Strings.ErrorPolicyOutOfRoleScope(roleAssignmentPolicy.Id.ToString(), adobjectId.Name)), ErrorCategory.InvalidOperation, null); } roleAssigneeType = RoleAssigneeType.RoleAssignmentPolicy; adobject = roleAssignmentPolicy; } else { ADRecipient adrecipient = null; if (this.User != null) { adrecipient = (ADUser)base.GetDataObject <ADUser>(this.User, base.TenantGlobalCatalogSession, null, new LocalizedString?(Strings.ErrorAssigneeUserNotFound(this.User.ToString())), new LocalizedString?(Strings.ErrorAssigneeUserNotUnique(this.User.ToString()))); } else if (this.SecurityGroup != null) { adrecipient = (ADGroup)base.GetDataObject <ADGroup>(this.SecurityGroup, base.TenantGlobalCatalogSession, null, new LocalizedString?(Strings.ErrorAssigneeSecurityGroupNotFound(this.SecurityGroup.ToString())), new LocalizedString?(Strings.ErrorAssigneeSecurityGroupNotUnique(this.SecurityGroup.ToString()))); } else if (this.Computer != null) { adrecipient = (ADComputerRecipient)base.GetDataObject <ADComputerRecipient>(this.Computer, base.TenantGlobalCatalogSession, null, new LocalizedString?(Strings.ErrorAssigneeComputerNotFound(this.Computer.ToString())), new LocalizedString?(Strings.ErrorAssigneeComputerNotUnique(this.Computer.ToString()))); } RoleHelper.ValidateRoleAssignmentUser(adrecipient, new Task.TaskErrorLoggingDelegate(base.WriteError), false); roleAssigneeType = ExchangeRoleAssignment.RoleAssigneeTypeFromADRecipient(adrecipient); adobject = adrecipient; } ((IDirectorySession)base.DataSession).LinkResolutionServer = adobject.OriginatingServer; RoleHelper.PrepareNewRoleAssignmentWithUniqueNameAndDefaultScopes(this.Name, this.DataObject, this.role, adobject.Id, adobject.OrganizationId, roleAssigneeType, this.Delegating.IsPresent ? RoleAssignmentDelegationType.Delegating : RoleAssignmentDelegationType.Regular, this.ConfigurationSession, new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), new Task.TaskErrorLoggingDelegate(base.WriteError)); if (this.role.IsUnscopedTopLevel && this.UnScopedTopLevel) { this.skipHRoleCheck = true; if (this.Delegating) { this.DataObject.RoleAssignmentDelegationType = RoleAssignmentDelegationType.DelegatingOrgWide; } } else { RoleHelper.AnalyzeAndStampCustomizedWriteScopes(this, this.DataObject, this.role, this.ConfigurationSession, new DataAccessHelper.GetDataObjectDelegate(base.GetDataObject <ExchangeOrganizationalUnit>), new DataAccessHelper.GetDataObjectDelegate(base.GetDataObject <ManagementScope>), ref this.skipHRoleCheck, ref exchangeOrganizationalUnit, ref this.customRecipientScope, ref this.customConfigScope); } TaskLogger.LogExit(); return(this.DataObject); }