public static void GetAllProjectAdmins(TeamFoundationIdentity identity, IIdentityManagementService ims, ref List <TeamFoundationIdentity> ids) { if (identity.IsContainer) { TeamFoundationIdentity[] groupMembers; try { groupMembers = ims.ReadIdentities(identity.Members, MembershipQuery.Expanded, ReadIdentityOptions.None); foreach (TeamFoundationIdentity tfi in groupMembers) { GetAllProjectAdmins(tfi, ims, ref ids); } } catch (Exception e) { groupMembers = ims.ReadIdentities(identity.Members, MembershipQuery.None, ReadIdentityOptions.None); ids.AddRange(groupMembers); } } else { ids.Add(identity); } }
private static void BatchUpMembershipThatExceedsSizeLimit(TeamFoundationIdentity membershipGroup, int batchSizeLimit, IIdentityManagementService ims, List <TeamFoundationIdentity> membershipGroups, Dictionary <IdentityDescriptor, TeamFoundationIdentity> allIdentities) { var batchNum = 0; var remainder = membershipGroup.Members.Length; var descriptors = new IdentityDescriptor[batchSizeLimit]; while (remainder > 0) { var startAt = batchNum * batchSizeLimit; var length = batchSizeLimit; if (length > remainder) { length = remainder; descriptors = new IdentityDescriptor[length]; } Array.Copy(membershipGroup.Members, startAt, descriptors, 0, length); var memberIdentities = ims.ReadIdentities(descriptors, MembershipQuery.Direct, ReadIdentityOptions.None); AddCollectionUsersAndGroupsToLists(memberIdentities, membershipGroups, allIdentities); remainder -= length; } }
public bool RemoveUser(string team, string user, out string message) { message = string.Empty; bool ret = true; TeamFoundationTeam t = this.teamService.ReadTeam(this.projectInfo.Uri, team, null); TeamFoundationIdentity i = this.identityManagementService.ReadIdentity(IdentitySearchFactor.AccountName, user, MembershipQuery.Direct, ReadIdentityOptions.None); if (t == null) { message = "Team [" + team + "] not found"; ret = false; } if (i == null) { message = "User [" + user + "] not found"; ret = false; } if (ret) { this.identityManagementService.RemoveMemberFromApplicationGroup(t.Identity.Descriptor, i.Descriptor); message = "User removed "; } return(ret); }
private TeamFoundationIdentity ResolveIdentityInternal( string id, MembershipQuery queryMembership, ReadIdentityOptions readIdentityOptions, IdentitySearchFactor searchFactor) { id = id.Trim(); try { TeamFoundationIdentity resolvedId = m_identityManagement.ReadIdentity(searchFactor, id, queryMembership, readIdentityOptions); if (null == resolvedId) { resolvedId = ADSearchAssistResolveIdentityInternal(id, queryMembership, readIdentityOptions); } return(resolvedId); } catch (System.NotSupportedException notSupportedEx) { if (notSupportedEx.Message.Contains(searchFactor.ToString()) && searchFactor == IdentitySearchFactor.DisplayName) { return(ADSearchAssistResolveIdentityInternal(id, queryMembership, readIdentityOptions)); } else { throw; } } }
private TeamSettingsIteration GetCurrentIteration(Project project, TeamFoundationIdentity teamId, WorkHttpClient client) { var iterations = client.GetTeamIterationsAsync(new TeamContext(project.Name)).Result; return(iterations.FirstOrDefault(x => x.IsCurrent())); }
private void PerformSearch() { this.TextBoxSearch.Foreground = Brushes.Black; if (!string.IsNullOrWhiteSpace(this.TextBoxSearch.Text)) { ITeamFoundationContext context = this.ParentSection.GetContext(); IIdentityManagementService ims = context.TeamProjectCollection.GetService <IIdentityManagementService>(); // First try search by AccountName TeamFoundationIdentity userIdentity = ims.ReadIdentity(IdentitySearchFactor.AccountName, this.TextBoxSearch.Text, MembershipQuery.None, ReadIdentityOptions.ExtendedProperties); if (userIdentity == null) { // Next we try search by DisplayName userIdentity = ims.ReadIdentity(IdentitySearchFactor.DisplayName, this.TextBoxSearch.Text, MembershipQuery.None, ReadIdentityOptions.ExtendedProperties); if (userIdentity == null) { this.TextBoxSearch.Foreground = Brushes.DarkRed; return; } } this.ParentSection.UserAccountName = this.TextBoxSearch.Text; this.ParentSection.UserDisplayName = userIdentity.DisplayName; } else { this.ParentSection.UserAccountName = "@Me"; this.ParentSection.UserDisplayName = string.Empty; } this.ParentSection.Refresh(); }
private TeamFoundationIdentity ResolveIdentity( string id, MembershipQuery queryMembership, ReadIdentityOptions readIdentityOptions, IdentitySearchFactor searchFactor) { TraceManager.TraceInformation("Resolving Identity: {0}", id); TeamFoundationIdentity i = ResolveIdentityInternal(id, queryMembership, readIdentityOptions, searchFactor); if (i == null) { throw new IdentityUnresolvedException( string.Format("Identity '{0}' cannot be resolved", id ?? string.Empty)); } IdentityType type = Identity.GetType(i.Descriptor.IdentityType, i.IsContainer); if (type == IdentityType.InvalidIdentity) { throw new IdentityUnresolvedException( string.Format("Searching '{0}' returned invalid identity.", id ?? string.Empty)); } return(i); }
private static bool VerifyUsers(TeamFoundationIdentity sourceUser, TeamFoundationIdentity targetUser, string sourceUserName, string targetUserName, out bool haltExecution) { if (sourceUser == null) { WriteLog(LogLevel.Error, string.Format("The source user {0} cannot be found\nPlease add this user to the users list first before running this tool. Do you want to continue with the next user (y/n)?", sourceUserName)); if (Console.ReadKey().Key == ConsoleKey.Y) { haltExecution = false; } else { haltExecution = true; } return(false); } if (targetUser == null) { WriteLog(LogLevel.Error, string.Format("The target user {0} cannot be found\nPlease add this user to the users list first before running this tool. Do you want to continue with the next user (y/n)?", targetUserName)); if (Console.ReadKey().Key == ConsoleKey.Y) { haltExecution = false; } else { haltExecution = true; } return(false); } haltExecution = false; return(true); }
private static void GetAllUsers(TfsTeamProjectCollection pTpc, string pProjectName) { List <string> listUsers = new List <string>(); WorkItemStore _wistore = pTpc.GetService <WorkItemStore>(); var _gss = pTpc.GetService <IIdentityManagementService>(); var _teamProject = _wistore.Projects[pProjectName]; string _validGroupName = "[" + pProjectName + "]\\Project Valid Users"; TeamFoundationIdentity _group = _gss.ReadIdentity(IdentitySearchFactor.DisplayName, _validGroupName, MembershipQuery.Expanded, ReadIdentityOptions.ExtendedProperties); List <string> _memebersIds = new List <string>(); foreach (var _member in _group.Members) { _memebersIds.Add(_member.Identifier); } var _members = _gss.ReadIdentities(IdentitySearchFactor.Identifier, _memebersIds.ToArray(), MembershipQuery.Expanded, ReadIdentityOptions.ExtendedProperties); foreach (var _member in _members) { if (!_member[0].IsContainer) { listUsers.Add(_member[0].DisplayName); } } Console.WriteLine("Users:"); foreach (var _user in listUsers) { Console.WriteLine("{0}", _user); } }
/// <summary> /// Gets the list of project users in a TFS project /// </summary> /// <param name="projectCollection">TFS PROJECT COLLECTION</param> /// <param name="projectName">TFS PROJECT NAME</param> /// <returns></returns> public static List <TeamFoundationIdentity> ListContributors(TfsTeamProjectCollection tfsTeamProjectCollection, string projectName) { List <TeamFoundationIdentity> tfsUsers = new List <TeamFoundationIdentity>(); IIdentityManagementService ims = (IIdentityManagementService)tfsTeamProjectCollection.GetService(typeof(IIdentityManagementService)); // get the tfs project ReadOnlyCollection <CatalogNode> projectNodes = tfsTeamProjectCollection.CatalogNode.QueryChildren(new[] { CatalogResourceTypes.TeamProject }, false, CatalogQueryOptions.None); CatalogNode projectCatalogNode = projectNodes.FirstOrDefault(c => c.Resource.DisplayName == projectName); if (projectCatalogNode != null && ims != null) { TeamFoundationIdentity[] groups = ims.ListApplicationGroups(projectName, ReadIdentityOptions.None); foreach (TeamFoundationIdentity group in groups) { TeamFoundationIdentity sids = ims.ReadIdentity(IdentitySearchFactor.DisplayName, group.DisplayName, MembershipQuery.Expanded, ReadIdentityOptions.IncludeReadFromSource); if (sids != null) { tfsUsers.AddRange(ims.ReadIdentities(sids.Members, MembershipQuery.Expanded, ReadIdentityOptions.None)); } } } //Remove any duplicates (by user-id) return(tfsUsers.GroupBy(u => u.UniqueName).Select(u => u.First()).ToList()); }
private static void BatchUpMembershipThatExceedsSizeLimit(TeamFoundationIdentity membershipGroup, int batchSizeLimit, IIdentityManagementService ims, List<TeamFoundationIdentity> membershipGroups, Dictionary<IdentityDescriptor, TeamFoundationIdentity> allIdentities) { var batchNum = 0; var remainder = membershipGroup.Members.Length; var descriptors = new IdentityDescriptor[batchSizeLimit]; while (remainder > 0) { var startAt = batchNum*batchSizeLimit; var length = batchSizeLimit; if (length > remainder) { length = remainder; descriptors = new IdentityDescriptor[length]; } Array.Copy(membershipGroup.Members, startAt, descriptors, 0, length); var memberIdentities = ims.ReadIdentities(descriptors, MembershipQuery.Direct, ReadIdentityOptions.None); AddCollectionUsersAndGroupsToLists(memberIdentities, membershipGroups, allIdentities); remainder -= length; } }
public bool SetProfileImage(string identity, string imagePath, out string message) { bool ret = true; message = string.Empty; byte[] image = new byte[0]; TeamFoundationIdentity i = ims2.ReadIdentity(IdentitySearchFactor.AccountName, identity, MembershipQuery.Direct, ReadIdentityOptions.None); if (i == null) { message = "User/Group [" + identity + "] not found"; ret = false; } if (!File.Exists(imagePath)) { message = "File [" + imagePath + "] not found"; ret = false; } if (ret) { try { byte[] rawImage = File.ReadAllBytes(imagePath); image = ConvertAndResizeImage(rawImage); } catch (Exception ex) { message = "Could not read the profile image: " + ex.Message; ret = false; } } if (ret) { i.SetProperty("Microsoft.TeamFoundation.Identity.Image.Data", image); i.SetProperty("Microsoft.TeamFoundation.Identity.Image.Type", "image/png"); i.SetProperty("Microsoft.TeamFoundation.Identity.Image.Id", Guid.NewGuid().ToByteArray()); i.SetProperty("Microsoft.TeamFoundation.Identity.CandidateImage.Data", null); i.SetProperty("Microsoft.TeamFoundation.Identity.CandidateImage.UploadDate", null); try { ims2.UpdateExtendedProperties(i); } catch (PropertyServiceException) { // swallow; this exception happens each and every time, but the changes are applied :S. } message = "Profile image set"; } return(ret); }
// Get Email Address from TFS Account or Display Name // source: https://paulselles.wordpress.com/2014/03/24/tfs-api-tfs-user-email-address-lookup-and-reverse-lookup/ public string GetEmailAddress(string userName, string defaultValue) { using (var teamProjectCollection = this.connectionInfo.Token.GetCollection(this.connectionInfo.ProjectCollectionUri)) { var identityManagementService = teamProjectCollection.GetService <IIdentityManagementService>(); TeamFoundationIdentity identity = identityManagementService.ReadIdentity( IdentitySearchFactor.AccountName, userName, MembershipQuery.None, ReadIdentityOptions.ExtendedProperties); // if not found try again using DisplayName identity = identity ?? identityManagementService.ReadIdentity( IdentitySearchFactor.DisplayName, userName, MembershipQuery.None, ReadIdentityOptions.ExtendedProperties); if (identity == null) { return(defaultValue); } // pick first non-null value string mailAddress = identity.GetAttribute("Mail", null); mailAddress = string.IsNullOrWhiteSpace(mailAddress) ? identity.GetAttribute("ConfirmedNotificationAddress", defaultValue) : mailAddress; return(mailAddress); } }
/// <summary> /// Extracts the generic security namespace permissions. /// </summary> /// <param name="server">The server.</param> /// <param name="permissionScope">The permission scope.</param> /// <param name="userIdentity">The user identity.</param> /// <param name="securityToken">The security token.</param> /// <param name="identityManagementService">The identityManagementService.</param> /// <param name="groups">The groups.</param> /// <returns>List of Permissions</returns> private static List <Permission> ExtractGenericSecurityNamespacePermissions(ISecurityService server, PermissionScope permissionScope, TeamFoundationIdentity userIdentity, string securityToken, IIdentityManagementService identityManagementService, IEnumerable <string> groups) { SecurityNamespace genericSecurityNamespace = server.GetSecurityNamespace(Helpers.GetSecurityNamespaceId(permissionScope, server)); AccessControlList userAccessList = genericSecurityNamespace.QueryAccessControlList( securityToken, new List <IdentityDescriptor> { userIdentity.Descriptor }, true); var result = new List <Permission>(); result.AddRange(Helpers.AccessControlEntryToPermission(genericSecurityNamespace, userAccessList.AccessControlEntries, false, string.Empty)); // handle group inheritance foreach (string group in groups) { TeamFoundationIdentity groupIdentity = identityManagementService.ReadIdentity(IdentitySearchFactor.Identifier, group, MembershipQuery.None, ReadIdentityOptions.IncludeReadFromSource); AccessControlList groupAccessList = genericSecurityNamespace.QueryAccessControlList( securityToken, new List <IdentityDescriptor> { groupIdentity.Descriptor }, true); result.AddRange(Helpers.AccessControlEntryToPermission(genericSecurityNamespace, groupAccessList.AccessControlEntries, true, groupIdentity.DisplayName)); } var modifiedPermissions = Helpers.RemoveDuplicatePermissionsAndCombineGroups(result); return(modifiedPermissions); }
public static TeamFoundationIdentity ParseUserIdentity(string argumentName, TfsTeamProjectCollection collection, object argumentUser) { TeamFoundationIdentity userIdentity = null; if (argumentUser != null) { if (argumentUser is PSObject) { argumentUser = (argumentUser as PSObject).BaseObject; } if (argumentUser is string) { string userEmail = argumentUser as string; userIdentity = collection.GetUserIdentityByEmail(userEmail); if (userIdentity == null) { throw new PSArgumentException(string.Format("Field \"{0}\": No user is found through email: {1}.", argumentName, userEmail)); } } else if (argumentUser is TeamFoundationIdentity) { userIdentity = argumentUser as TeamFoundationIdentity; } else { throw new PSArgumentException("Field \"Assigned To\": the argument type is not supported. We only support user email and TeamFoundationIdentity."); } } return(userIdentity); }
static void Main(string[] args) { TfsConfigurationServer tcs = new TfsConfigurationServer(new Uri("http://server:8080/tfs")); IIdentityManagementService ims = tcs.GetService <IIdentityManagementService>(); TeamFoundationIdentity tfi = ims.ReadIdentity(IdentitySearchFactor.AccountName, "Project Collection Valid Users", MembershipQuery.Expanded, ReadIdentityOptions.None); TeamFoundationIdentity[] ids = ims.ReadIdentities(tfi.Members, MembershipQuery.None, ReadIdentityOptions.None); using (StreamWriter file = new StreamWriter("userlist.txt")) foreach (TeamFoundationIdentity id in ids) { if (id.Descriptor.IdentityType == "System.Security.Principal.WindowsIdentity") { Console.WriteLine(id.DisplayName); } //{ Console.WriteLine(id.UniqueName); } file.WriteLine("[{0}]", id.DisplayName); } var count = ids.Count(x => ids.Contains(x)); Console.WriteLine(count); Console.ReadLine(); }
private void ListShevesetsButton_Click(object sender, EventArgs e) { string user; TeamFoundationIdentity identity = m_UserComboBox.SelectedItem as TeamFoundationIdentity; if (identity != null) { user = identity.UniqueName; } else { user = m_UserComboBox.Text; } m_ShelveComboBox.DataSource = GetShelvesetsForUser(user); m_ShelveComboBox.DisplayMember = "Name"; if (m_ShelveComboBox.Items.Count > 0) { m_ShelveComboBox.SelectedItem = m_ShelveComboBox.Items[0]; } else { m_ShelveComboBox.Text = string.Empty; m_SourceTextBox.Text = string.Empty; } }
public static IEnumerable <TeamFoundationIdentity> ReadTFSUsers(TfsTeamProjectCollection tfsTeamProjectCollection, ILogger logger) { try { logger.Information("Querying Team Foundation Identities from TFS."); IIdentityManagementService identityService = tfsTeamProjectCollection.GetService <IIdentityManagementService>(); TeamFoundationIdentity teamFoundationIdentity = identityService.ReadIdentity(IdentitySearchFactor.AccountName, "Project Collection Valid Users", MembershipQuery.Expanded, ReadIdentityOptions.ExtendedProperties); TeamFoundationIdentity[][] teamFoundationIdentities = identityService .ReadIdentities( IdentitySearchFactor.Identifier, teamFoundationIdentity .Members .Select(id => id.Identifier) .ToArray(), MembershipQuery.None, ReadIdentityOptions.ExtendedProperties); return(teamFoundationIdentities .SelectMany(tfi => tfi) .Where(tfi => !tfi.IsContainer)); } catch (Exception e) { logger.Error(e.Message); return(null); } }
public TFSClientLogic(TfsVariable tfsVar) : base(tfsVar) { idService = TeamColl.GetService(typeof(IIdentityManagementService)) as IIdentityManagementService; tfsId = IdentityService.ReadIdentity(IdentitySearchFactor.DisplayName, initSetting.BuildRequestedUser, MembershipQuery.None, ReadIdentityOptions.None); }
/// <summary> /// Add members to identity /// </summary> /// <param name="businessProject"></param> /// <param name="identity"></param> /// <param name="members"></param> private static void AddTfsTeamMembers(BusinessProject businessProject, TeamFoundationIdentity identity, List <TeamFoundationIdentity> members) { var securityManager = new SecurityManager(businessProject.TeamProjectCollectionUrl); securityManager.AddMembers(identity, members); }
static partial void RealInstanceFactory(ref TeamFoundationIdentity real, string callerName) { var tfs = TfsTeamProjectCollectionWrapper_UnitTests.GetRealInstance(); var ims = tfs.GetService <IIdentityManagementService>(); TeamFoundationIdentity userId = ims.ReadIdentity(IdentitySearchFactor.DisplayName, "David Corbin", MembershipQuery.Direct, ReadIdentityOptions.None); real = userId; }
/// <summary> /// Initializes a new instance of the <see cref="T:System.Object"/> class. /// </summary> public UserInfoContext(TeamFoundationIdentity identity) { Identity = identity; if (identity != null) { UserName = Identity.DisplayName; } }
public TestRun( TestEditInfo testEditInfo, ITestPoint testPoint, TeamFoundationIdentity currentIdentity) { _testEditInfo = testEditInfo; _testPoint = testPoint; _currentIdentity = currentIdentity; }
public static TfsTeamProjectCollection CreateImpersonatedCollection(Uri collectionToUse, string userToImpersonate) { NetworkCredential defaultNetworkCredentials = CredentialCache.DefaultNetworkCredentials; TfsTeamProjectCollection tfsTeamProjectCollection = new TfsTeamProjectCollection(collectionToUse, defaultNetworkCredentials); IIdentityManagementService service = tfsTeamProjectCollection.GetService <IIdentityManagementService>(); TeamFoundationIdentity teamFoundationIdentity = service.ReadIdentity(IdentitySearchFactor.AccountName, userToImpersonate, MembershipQuery.None, ReadIdentityOptions.None); return(new TfsTeamProjectCollection(collectionToUse, new TfsClientCredentials(), teamFoundationIdentity.Descriptor)); }
static void Main(string[] args) { WriteLog("*** Copy Permissions tool ***"); // Validate arguments if (args.Length == 0) { WriteLog(LogLevel.Warning, "Please provide the path to the configuration file\nAn example: VSTSMigrUsers.exe .\\sample.xml"); Console.ReadKey(); return; } // Retrieve configuration from the provided configuration file if (!GetSettings(args[0])) { Console.ReadKey(); return; } // Execute the work foreach (UserMapping mapping in _userMappings) { TeamFoundationIdentity sourceUser = GetIdentityByName(mapping.sourceUser); TeamFoundationIdentity targetUser = GetIdentityByName(mapping.targetUser); bool haltExecution; if (VerifyUsers(sourceUser, targetUser, mapping.sourceUser, mapping.targetUser, out haltExecution)) { if (!CopyPermissions(sourceUser, targetUser)) { WriteLog(LogLevel.Error, "Stopped execution"); break; } if (!ReassignWorkitems(mapping.sourceUser, mapping.targetUser)) { WriteLog(LogLevel.Error, "Stopped execution"); break; } if (!MigrateAlerts(sourceUser, targetUser)) { WriteLog(LogLevel.Error, "Stopped execution"); break; } } else { if (haltExecution) { WriteLog(LogLevel.Error, "Stopped execution"); } } } // Finalize WriteLog("Press a key to continue..."); Console.ReadKey(); }
internal Identity(TeamFoundationIdentity obj) : base(obj) { Id = obj.TeamFoundationId; DisplayName = obj.DisplayName; IsContainer = obj.IsContainer; UniqueName = (string)obj.UniqueName; Descriptor = new Microsoft.VisualStudio.Services.Identity.IdentityDescriptor( obj.Descriptor.IdentityType, obj.Descriptor.Identifier); }
private static string TeamProjectUri(this TeamFoundationIdentity identity, string projectUri) { string teamProject = null; if (identity.Descriptor.IdentityType == ExtensionMethods.IDENTITY_TYPE_TFS) { teamProject = identity.GetProperty("Domain").ToString(); } return(teamProject); }
private static Identity MapIdentity(TeamFoundationIdentity identity) { return(new Identity { DisplayName = identity.DisplayName, Id = identity.UniqueUserId, IsActive = identity.IsActive, UniqueName = identity.UniqueName }); }
internal void SetTfsServer(string val) { this.tpcPath = val; this.changesetCache = new Dictionary <int, ChangesetData>(); this.projectCollection = null; this.workspace = null; this.identity = null; this.isOnline = null; }
public UserDetailViewModel(TeamFoundationIdentity identity, IServiceProvider serviceProvider) : base(serviceProvider) { this.identity = identity; FillModelData(); if (this.identity != null && !AllUsers.Contains(this.identity)) { this.identity = AllUsers.FirstOrDefault(i => i.TeamFoundationId == this.identity.TeamFoundationId) ?? identity; } }
public string GetDisplayName() { using (TfsTeamProjectCollection service = Service) { TeamFoundationIdentity identity = null; service.GetAuthenticatedIdentity(out identity); return(identity.DisplayName); } }
public static TeamFoundationIdentity GetIdentity(string name) { TeamFoundationIdentity identity = null; if (Ims != null && Group != null) { identity = Ims.ReadIdentity(IdentitySearchFactor.DisplayName, name, MembershipQuery.None, ReadIdentityOptions.None); } return(identity); }
private static void DisplayGroupTree(IIdentityManagementService ims, TeamFoundationIdentity node, int level) { DisplayNode(node, level); if (!node.IsContainer) return; TeamFoundationIdentity[] nodeMembers = ims.ReadIdentities(node.Members, MembershipQuery.Direct, ReadIdentityOptions.None); int newLevel = level + 1; foreach (TeamFoundationIdentity member in nodeMembers) DisplayGroupTree(ims, member, newLevel); }
private static void AddCollectionUsersAndGroupsToLists(TeamFoundationIdentity[] identities, List<TeamFoundationIdentity> membershipGroups, Dictionary<IdentityDescriptor, TeamFoundationIdentity> allIdentities) { foreach (var identity in identities) { if (identity != null) { allIdentities.Add(identity.Descriptor, identity); if (identity.IsContainer) { membershipGroups.Add(identity); } } } }
private static void DisplayGroupMembers(TeamFoundationIdentity group, Dictionary<IdentityDescriptor, TeamFoundationIdentity> allIdentities) { // Output this group's membership Console.WriteLine("Members of group: {0}", group.DisplayName); Console.WriteLine("================="); foreach (var memDesc in group.Members) { if (allIdentities.ContainsKey(memDesc)) { // replace .UniqueName with .DisplayName if you just want the display name. UniqueName shows their email address. Console.WriteLine(allIdentities[memDesc].UniqueName); } } Console.WriteLine(); }
public void ConnectToTFS(Uri serverUri, string userName) { baseUserConnection = new TfsConfigurationServer(serverUri); // Get the identity management service IIdentityManagementService ims = baseUserConnection.GetService<IIdentityManagementService>(); identity = ims.ReadIdentity(IdentitySearchFactor.AccountName, userName, MembershipQuery.None, ReadIdentityOptions.None); impersonatedConnection = new TfsConfigurationServer(serverUri, identity.Descriptor); collectionNodes = impersonatedConnection.CatalogNode.QueryChildren( new[] { CatalogResourceTypes.ProjectCollection }, false, CatalogQueryOptions.None); if (identity != null) fullName = identity.DisplayName; }
private void AddUsersInGroup(TeamFoundationIdentity groupMember) { var groupMembers = this.identityService.ReadIdentities(groupMember.Members, MembershipQuery.Direct, ReadIdentityOptions.None); var groupIdentity = this.GetGroupIdentity(groupMember); foreach (TeamFoundationIdentity member in groupMembers) { if (member.IsContainer) { // multi-level groups not supported continue; } var user = this.GetOrCreateUserIdentity(member); user.Groups.Add(groupIdentity); this.users[user.IdentityKey] = user; } }
/// <summary> /// Extracts area permission for a specific identity /// </summary> /// <param name="server">Server security service</param> /// <param name="teamProject">Team project</param> /// <param name="userIdentity">User identity</param> /// <param name="identityManagementService">The identityManagementService</param> /// <param name="groups">List of groups</param> /// <returns>The list of the permissions</returns> private static List<AreaPermission> ExtractAreasPermissions(ISecurityService server, Project teamProject, TeamFoundationIdentity userIdentity, IIdentityManagementService identityManagementService, List<string> groups) { var result = new List<AreaPermission>(); Console.WriteLine("== Extract WorkItems Area Permissions =="); // root Area Node var areaPermissionRoot = new AreaPermission { AreaName = teamProject.Name, AreaPermissions = new List<Permission>() }; areaPermissionRoot.AreaPermissions.AddRange(ExtractGenericSecurityNamespacePermissions(server, PermissionScope.WorkItemAreas, userIdentity, teamProject.AreaRootNodeUri.AbsoluteUri, identityManagementService, groups)); if (areaPermissionRoot.AreaPermissions.Count > 0) { result.Add(areaPermissionRoot); } IEnumerable<Node> areaList = Helpers.FlattenTree(teamProject.AreaRootNodes); foreach (Node area in areaList) { var areaPermission = new AreaPermission { AreaName = area.Path, AreaPermissions = new List<Permission>() }; areaPermission.AreaPermissions.AddRange(ExtractGenericSecurityNamespacePermissions(server, PermissionScope.WorkItemAreas, userIdentity, area.Uri.AbsoluteUri, identityManagementService, groups)); if (areaPermission.AreaPermissions.Count > 0) { Console.WriteLine(" -- Adding Permissions for {0}", area.Path); result.Add(areaPermission); } } return result; }
private GroupIdentity GetGroupIdentity(TeamFoundationIdentity groupMember) { var newGroupIdentity = new GroupIdentity(); newGroupIdentity.DisplayName = groupMember.DisplayName; newGroupIdentity.IdentityKey = groupMember.UniqueName; return newGroupIdentity; }
private void AddUserWithNoGroup(TeamFoundationIdentity member) { var user = this.GetOrCreateUserIdentity(member); this.users[user.IdentityKey] = user; }
private UserIdentity GetOrCreateUserIdentity(TeamFoundationIdentity tfsIdentity) { if (this.users.ContainsKey(tfsIdentity.UniqueName)) { return this.users[tfsIdentity.UniqueName]; } else { var userIdentity = new UserIdentity() { DisplayName = tfsIdentity.DisplayName, IdentityKey = tfsIdentity.UniqueName, }; return userIdentity; } }
private TeamFoundationIdentity[] allTfsUsers(TfsConnection tfs) { try { IIdentityManagementService ims = tfs.GetService<IIdentityManagementService>(); TeamFoundationIdentity[] projectGroups = ims.ListApplicationGroups(tfsProject.Project, ReadIdentityOptions.None); Dictionary<IdentityDescriptor, object> descSet = new Dictionary<IdentityDescriptor, object>(IdentityDescriptorComparer.Instance); foreach (TeamFoundationIdentity projectGroup in projectGroups) { descSet[projectGroup.Descriptor] = projectGroup.Descriptor; } projectGroups = ims.ReadIdentities(descSet.Keys.ToArray(), MembershipQuery.Expanded, ReadIdentityOptions.None); foreach (TeamFoundationIdentity projectGroup in projectGroups) { foreach (IdentityDescriptor mem in projectGroup.Members) { descSet[mem] = mem; } } TeamFoundationIdentity[] identities = new TeamFoundationIdentity[0]; int batchSizeLimit = 100000; var descriptors = descSet.Keys.ToArray(); if (descriptors.Length > batchSizeLimit) { int batchNum = 0; int remainder = descriptors.Length; IdentityDescriptor[] batchDescriptors = new IdentityDescriptor[batchSizeLimit]; while (remainder > 0) { int startAt = batchNum * batchSizeLimit; int length = batchSizeLimit; if (length > remainder) { length = remainder; batchDescriptors = new IdentityDescriptor[length]; } Array.Copy(descriptors, startAt, batchDescriptors, 0, length); identities = ims.ReadIdentities(batchDescriptors, MembershipQuery.Direct, ReadIdentityOptions.None); remainder -= length; } } else { identities = ims.ReadIdentities(descriptors, MembershipQuery.Direct, ReadIdentityOptions.None); } return identities.Where(_ => !_.IsContainer && _.Descriptor.IdentityType != "Microsoft.TeamFoundation.UnauthenticatedIdentity").ToArray(); } catch { /* Do nothing */ } return (tfs != null? new TeamFoundationIdentity[] { tfs.AuthorizedIdentity } : new TeamFoundationIdentity[0]); }
/// <summary> /// Extracts the generic security namespace permissions. /// </summary> /// <param name="server">The server.</param> /// <param name="permissionScope">The permission scope.</param> /// <param name="userIdentity">The user identity.</param> /// <param name="securityToken">The security token.</param> /// <param name="identityManagementService">The identityManagementService.</param> /// <param name="groups">The groups.</param> /// <returns>List of Permissions</returns> private static List<Permission> ExtractGenericSecurityNamespacePermissions(ISecurityService server, PermissionScope permissionScope, TeamFoundationIdentity userIdentity, string securityToken, IIdentityManagementService identityManagementService, IEnumerable<string> groups) { SecurityNamespace genericSecurityNamespace = server.GetSecurityNamespace(Helpers.GetSecurityNamespaceId(permissionScope, server)); AccessControlList userAccessList = genericSecurityNamespace.QueryAccessControlList( securityToken, new List<IdentityDescriptor> { userIdentity.Descriptor }, true); var result = new List<Permission>(); result.AddRange(Helpers.AccessControlEntryToPermission(genericSecurityNamespace, userAccessList.AccessControlEntries, false, string.Empty)); // handle group inheritance foreach (string group in groups) { TeamFoundationIdentity groupIdentity = identityManagementService.ReadIdentity(IdentitySearchFactor.Identifier, group, MembershipQuery.None, ReadIdentityOptions.IncludeReadFromSource); AccessControlList groupAccessList = genericSecurityNamespace.QueryAccessControlList( securityToken, new List<IdentityDescriptor> { groupIdentity.Descriptor }, true); result.AddRange(Helpers.AccessControlEntryToPermission(genericSecurityNamespace, groupAccessList.AccessControlEntries, true, groupIdentity.DisplayName)); } var modifiedPermissions = Helpers.RemoveDuplicatePermissionsAndCombineGroups(result); return modifiedPermissions; }
/////// <summary> /////// Extracts work item permissions for a specific identity /////// </summary> /////// <param name="server">Server security service</param> /////// <param name="projectSecurityToken">Project Security Token</param> /////// <param name="userIdentity">User identity</param> /////// <returns>The list of the permissions</returns> ////private static List<Permission> ExtractWorkItemsPermissions( //// ISecurityService server, //// string projectSecurityToken, //// TeamFoundationIdentity userIdentity) ////{ //// var result = new List<Permission>(); //// SecurityNamespace workItemsSecurityNamespace = server.GetSecurityNamespace(Helpers.GetSecurityNamespaceId(PermissionScope.WorkItemAreas, server)); //// if (workItemsSecurityNamespace != null) //// { //// Console.WriteLine("== Extract WorkItems Permissions =="); //// AccessControlList workItemsAccessList = workItemsSecurityNamespace.QueryAccessControlList( //// projectSecurityToken, //// new List<IdentityDescriptor> { userIdentity.Descriptor }, //// true); //// string allowedWorkItemPermissions = string.Empty; //// string denyWorkItemPermissions = string.Empty; //// foreach (AccessControlEntry ace in workItemsAccessList.AccessControlEntries) //// { //// if (0 != ace.Allow) //// { //// allowedWorkItemPermissions = ((QueryItemPermissions)ace.Allow).ToString(); //// result.AddRange( //// Helpers.GetActionDetailsByName(allowedWorkItemPermissions, "Allow", PermissionScope.WorkItemAreas)); //// } //// if (0 != ace.Deny) //// { //// denyWorkItemPermissions = ((QueryItemPermissions)ace.Deny).ToString(); //// result.AddRange( //// Helpers.GetActionDetailsByName(denyWorkItemPermissions, "Deny", PermissionScope.WorkItemAreas)); //// } //// } //// } //// return result; ////} /// <summary> /// Extracts build permissions for a specific identity. /// </summary> /// <param name="server">Server security service</param> /// <param name="projectSecurityToken">Project Security Token</param> /// <param name="userIdentity">User identity</param> /// <returns>The list of the permissions</returns> private static List<Permission> ExtractBuildPermissions(ISecurityService server, string projectSecurityToken, TeamFoundationIdentity userIdentity) { var result = new List<Permission>(); SecurityNamespace buildSecurityNamespace = server.GetSecurityNamespace(Helpers.GetSecurityNamespaceId(PermissionScope.TeamBuild, server)); Console.WriteLine("== Extract Build Permissions =="); AccessControlList buildAccessList = buildSecurityNamespace.QueryAccessControlList( projectSecurityToken, new List<IdentityDescriptor> { userIdentity.Descriptor }, true); foreach (AccessControlEntry ace in buildAccessList.AccessControlEntries) { if (0 != ace.Allow) { var allowedBuildPermissions = ((EnumrationsList.BuildPermissions)ace.Allow).ToString(); result.AddRange( Helpers.GetActionDetailsByName(allowedBuildPermissions, "Allow", PermissionScope.TeamBuild)); } if (0 != ace.Deny) { var denyBuildPermissions = ((EnumrationsList.BuildPermissions)ace.Deny).ToString(); result.AddRange( Helpers.GetActionDetailsByName(denyBuildPermissions, "Deny", PermissionScope.TeamBuild)); } } return result; }
/// <summary> /// Extract iteration permissions for a specific identity /// </summary> /// <param name="server">Server security service</param> /// <param name="teamProject">Team project</param> /// <param name="userIdentity">User identity</param> /// <param name="identityManagementService">The identityManagementService</param> /// <param name="groups">List of groups</param> /// <returns>Security namespace</returns> private static List<IterationPermission> ExtractIterationPermissions(ISecurityService server, Project teamProject, TeamFoundationIdentity userIdentity, IIdentityManagementService identityManagementService, List<string> groups) { var result = new List<IterationPermission>(); var lstIterations = Helpers.FlattenTree(teamProject.IterationRootNodes); // root Area Node var iterationPermissionRoot = new IterationPermission { IterationName = teamProject.Name, IterationPermissions = new List<Permission>() }; iterationPermissionRoot.IterationPermissions.AddRange(ExtractGenericSecurityNamespacePermissions(server, PermissionScope.WorkItemIterations, userIdentity, lstIterations.First().ParentNode.Uri.AbsoluteUri, identityManagementService, groups)); if (iterationPermissionRoot.IterationPermissions.Count > 0) { result.Add(iterationPermissionRoot); } Console.WriteLine("== Extract WorkItems Iteration Permissions =="); foreach (Node iteration in lstIterations) { var iterationPermission = new IterationPermission { IterationName = iteration.Path, IterationPermissions = new List<Permission>() }; iterationPermission.IterationPermissions.AddRange(ExtractGenericSecurityNamespacePermissions(server, PermissionScope.WorkItemIterations, userIdentity, iteration.Uri.AbsoluteUri, identityManagementService, groups)); if (iterationPermission.IterationPermissions.Count > 0) { result.Add(iterationPermission); } } return result; }
/// <summary> /// Sample method on how to extracts the git version control permissions. /// </summary> /// <param name="server">The server.</param> /// <param name="groups">The groups.</param> /// <param name="userIdentity">The user identity.</param> /// <param name="projectSecurityToken">The project security token.</param> /// <param name="identityManagementService">The identityManagementService.</param> /// <param name="vcs">The VCS.</param> /// <param name="gitService">The git service.</param> /// <returns>List of Permissions</returns> private static List<Permission> ExtractGitVersionControlPermissions(ISecurityService server, IEnumerable<string> groups, TeamFoundationIdentity userIdentity, string projectSecurityToken, IIdentityManagementService identityManagementService, VersionControlServer vcs, TeamFoundation.Git.Client.GitRepositoryService gitService) { Console.WriteLine("== Extract Git Version Control Permissions =="); SecurityNamespace gitVersionControlSecurityNamespace = server.GetSecurityNamespace(Helpers.GetSecurityNamespaceId(PermissionScope.GitSourceControl, server)); var gitProjectRepoService = gitService.QueryRepositories(projectSecurityToken); // This sample handle only the default repository, you can iterate through all repositories same way var defaultGitRepo = gitProjectRepoService.SingleOrDefault(gr => gr.Name.Equals(projectSecurityToken)); vcs.TryGetTeamProject(projectSecurityToken); if (defaultGitRepo == null) { return new List<Permission>(); } // Repository Security Token is repoV2/TeamProjectId/RepositoryId var repoIdToken = string.Format("repoV2{0}{1}{2}{3}", gitVersionControlSecurityNamespace.Description.SeparatorValue, defaultGitRepo.ProjectReference.Id, gitVersionControlSecurityNamespace.Description.SeparatorValue, defaultGitRepo.Id); // vcs.GetTeamProject(projectSecurityToken); AccessControlList versionControlAccessList = gitVersionControlSecurityNamespace.QueryAccessControlList( repoIdToken, new List<IdentityDescriptor> { userIdentity.Descriptor }, true); var gitVersionControlPermissions = new List<Permission>(); foreach (AccessControlEntry ace in versionControlAccessList.AccessControlEntries) { if (0 != ace.Allow) { var allowedVersionControlPermissions = ((EnumrationsList.GitPermissions)ace.Allow).ToString(); gitVersionControlPermissions.AddRange( Helpers.GetActionDetailsByName(allowedVersionControlPermissions, "Allow", PermissionScope.GitSourceControl)); } if (0 != ace.Deny) { var denyVersionControlPermissions = ((EnumrationsList.GitPermissions)ace.Deny).ToString(); gitVersionControlPermissions.AddRange( Helpers.GetActionDetailsByName(denyVersionControlPermissions, "Deny", PermissionScope.GitSourceControl)); } } if (gitVersionControlPermissions.Count == 0) { foreach (AccessControlEntry ace in versionControlAccessList.AccessControlEntries) { if (0 != ace.ExtendedInfo.EffectiveAllow) { var allowedVersionControlPermissions = ((EnumrationsList.GitPermissions)ace.ExtendedInfo.EffectiveAllow).ToString(); gitVersionControlPermissions.AddRange( Helpers.GetActionDetailsByName(allowedVersionControlPermissions, "Allow", PermissionScope.GitSourceControl)); } if (0 != ace.ExtendedInfo.EffectiveDeny) { var denyVersionControlPermissions = ((EnumrationsList.GitPermissions)ace.ExtendedInfo.EffectiveDeny).ToString(); gitVersionControlPermissions.AddRange( Helpers.GetActionDetailsByName(denyVersionControlPermissions, "Deny", PermissionScope.GitSourceControl)); } } } foreach (string group in groups) { TeamFoundationIdentity groupIdentity = identityManagementService.ReadIdentity(IdentitySearchFactor.Identifier, group, MembershipQuery.None, ReadIdentityOptions.IncludeReadFromSource); AccessControlList groupAccessList = gitVersionControlSecurityNamespace.QueryAccessControlList( repoIdToken, new List<IdentityDescriptor> { groupIdentity.Descriptor }, true); foreach (AccessControlEntry ace in groupAccessList.AccessControlEntries) { if (0 != ace.Allow) { var allowedPermissions = ((EnumrationsList.GitPermissions)ace.Allow).ToString(); var permissionsList = Helpers.GetActionDetailsByName(allowedPermissions, "Inherited Allow", PermissionScope.GitSourceControl); Helpers.AppendGroupInheritanceInformation(permissionsList, groupIdentity.DisplayName); gitVersionControlPermissions.AddRange(permissionsList); } if (0 != ace.Deny) { var denyPermissions = ((EnumrationsList.GitPermissions)ace.Deny).ToString(); var permissionsList = Helpers.GetActionDetailsByName(denyPermissions, "Inherited Deny", PermissionScope.GitSourceControl); Helpers.AppendGroupInheritanceInformation(permissionsList, groupIdentity.DisplayName); gitVersionControlPermissions.AddRange(permissionsList); } } } var modifiedPermissions = Helpers.RemoveDuplicatePermissionsAndCombineGroups(gitVersionControlPermissions); return modifiedPermissions; }
/// <summary> /// Extracts version control permissions for a specific identity. /// </summary> /// <param name="server">TFS Security service</param> /// <param name="groups">Security groups</param> /// <param name="userIdentity">User Identity</param> /// <param name="projectSecurityToken">Project Security Token</param> /// <param name="ims">TFS Identity service</param> /// <param name="vcs">TFS VC Service</param> /// <returns>The list of the permissions</returns> private static List<Permission> ExtractVersionControlPermissions( ISecurityService server, IEnumerable<string> groups, TeamFoundationIdentity userIdentity, string projectSecurityToken, IIdentityManagementService ims, VersionControlServer vcs) { Console.WriteLine("== Extract Version Control Permissions =="); var teamProject = vcs.TryGetTeamProject(projectSecurityToken); if (teamProject == null) { return new List<Permission>(); } return ExtractGenericSecurityNamespacePermissions(server, PermissionScope.SourceControl, userIdentity, teamProject.ServerItem, ims, groups); }
private static void DisplayNode(TeamFoundationIdentity node, int level) { for (int tabCount = 0; tabCount < level; tabCount++) Console.Write("\t"); Console.WriteLine(node.DisplayName); }
/// <summary> /// Returns the security group of the user /// </summary> /// <param name="tpc">Team project collection</param> /// <param name="teamProjectUri">Team Project Uri</param> /// <param name="userIdentity">User identity</param> /// <returns>The groups where the user is present.</returns> private static List<string> GetUserGroups(TfsTeamProjectCollection tpc, string teamProjectUri, TeamFoundationIdentity userIdentity) { Console.WriteLine(" -- Getting UserGroups..."); List<string> groups = new List<string>(); // Get the group security service. var gss = tpc.GetService<Microsoft.TeamFoundation.Server.IGroupSecurityService2>(); Microsoft.TeamFoundation.Server.Identity[] appGroups = gss.ListApplicationGroups(teamProjectUri); foreach (Microsoft.TeamFoundation.Server.Identity group in appGroups) { Microsoft.TeamFoundation.Server.Identity[] groupMembers = gss.ReadIdentities(Microsoft.TeamFoundation.Server.SearchFactor.Sid, new[] { group.Sid }, Microsoft.TeamFoundation.Server.QueryMembership.Expanded); foreach (Microsoft.TeamFoundation.Server.Identity member in groupMembers) { if (member.Members != null) { groups.AddRange(from memberSid in member.Members where memberSid == userIdentity.Descriptor.Identifier select @group.Sid); } } } return groups; }