public static void GetAllProjectAdmins(TeamFoundationIdentity identity, IIdentityManagementService ims, ref List <TeamFoundationIdentity> ids)
{
if (identity.IsContainer)
{
TeamFoundationIdentity[] groupMembers;
try
{
groupMembers = ims.ReadIdentities(identity.Members, MembershipQuery.Expanded,
ReadIdentityOptions.None);
foreach (TeamFoundationIdentity tfi in groupMembers)
{
GetAllProjectAdmins(tfi, ims, ref ids);
}
}
catch (Exception e)
{
groupMembers = ims.ReadIdentities(identity.Members, MembershipQuery.None, ReadIdentityOptions.None);
ids.AddRange(groupMembers);
}
}
else
{
ids.Add(identity);
}
}
private static void BatchUpMembershipThatExceedsSizeLimit(TeamFoundationIdentity membershipGroup,
int batchSizeLimit,
IIdentityManagementService ims, List <TeamFoundationIdentity> membershipGroups,
Dictionary <IdentityDescriptor, TeamFoundationIdentity> allIdentities)
{
var batchNum = 0;
var remainder = membershipGroup.Members.Length;
var descriptors = new IdentityDescriptor[batchSizeLimit];
while (remainder > 0)
{
var startAt = batchNum * batchSizeLimit;
var length = batchSizeLimit;
if (length > remainder)
{
length = remainder;
descriptors = new IdentityDescriptor[length];
}
Array.Copy(membershipGroup.Members, startAt, descriptors, 0, length);
var memberIdentities = ims.ReadIdentities(descriptors, MembershipQuery.Direct, ReadIdentityOptions.None);
AddCollectionUsersAndGroupsToLists(memberIdentities, membershipGroups, allIdentities);
remainder -= length;
}
}
public bool RemoveUser(string team, string user, out string message)
{
message = string.Empty;
bool ret = true;
TeamFoundationTeam t = this.teamService.ReadTeam(this.projectInfo.Uri, team, null);
TeamFoundationIdentity i = this.identityManagementService.ReadIdentity(IdentitySearchFactor.AccountName, user, MembershipQuery.Direct, ReadIdentityOptions.None);
if (t == null)
{
message = "Team [" + team + "] not found";
ret = false;
}
if (i == null)
{
message = "User [" + user + "] not found";
ret = false;
}
if (ret)
{
this.identityManagementService.RemoveMemberFromApplicationGroup(t.Identity.Descriptor, i.Descriptor);
message = "User removed ";
}
return(ret);
}
private TeamFoundationIdentity ResolveIdentityInternal(
string id,
MembershipQuery queryMembership,
ReadIdentityOptions readIdentityOptions,
IdentitySearchFactor searchFactor)
{
id = id.Trim();
try
{
TeamFoundationIdentity resolvedId = m_identityManagement.ReadIdentity(searchFactor, id, queryMembership, readIdentityOptions);
if (null == resolvedId)
{
resolvedId = ADSearchAssistResolveIdentityInternal(id, queryMembership, readIdentityOptions);
}
return(resolvedId);
}
catch (System.NotSupportedException notSupportedEx)
{
if (notSupportedEx.Message.Contains(searchFactor.ToString()) &&
searchFactor == IdentitySearchFactor.DisplayName)
{
return(ADSearchAssistResolveIdentityInternal(id, queryMembership, readIdentityOptions));
}
else
{
throw;
}
}
}
private TeamSettingsIteration GetCurrentIteration(Project project, TeamFoundationIdentity teamId,
WorkHttpClient client)
{
var iterations = client.GetTeamIterationsAsync(new TeamContext(project.Name)).Result;
return(iterations.FirstOrDefault(x => x.IsCurrent()));
}
private void PerformSearch()
{
this.TextBoxSearch.Foreground = Brushes.Black;
if (!string.IsNullOrWhiteSpace(this.TextBoxSearch.Text))
{
ITeamFoundationContext context = this.ParentSection.GetContext();
IIdentityManagementService ims = context.TeamProjectCollection.GetService <IIdentityManagementService>();
// First try search by AccountName
TeamFoundationIdentity userIdentity = ims.ReadIdentity(IdentitySearchFactor.AccountName, this.TextBoxSearch.Text, MembershipQuery.None, ReadIdentityOptions.ExtendedProperties);
if (userIdentity == null)
{
// Next we try search by DisplayName
userIdentity = ims.ReadIdentity(IdentitySearchFactor.DisplayName, this.TextBoxSearch.Text, MembershipQuery.None, ReadIdentityOptions.ExtendedProperties);
if (userIdentity == null)
{
this.TextBoxSearch.Foreground = Brushes.DarkRed;
return;
}
}
this.ParentSection.UserAccountName = this.TextBoxSearch.Text;
this.ParentSection.UserDisplayName = userIdentity.DisplayName;
}
else
{
this.ParentSection.UserAccountName = "@Me";
this.ParentSection.UserDisplayName = string.Empty;
}
this.ParentSection.Refresh();
}
private TeamFoundationIdentity ResolveIdentity(
string id,
MembershipQuery queryMembership,
ReadIdentityOptions readIdentityOptions,
IdentitySearchFactor searchFactor)
{
TraceManager.TraceInformation("Resolving Identity: {0}", id);
TeamFoundationIdentity i = ResolveIdentityInternal(id, queryMembership, readIdentityOptions, searchFactor);
if (i == null)
{
throw new IdentityUnresolvedException(
string.Format("Identity '{0}' cannot be resolved", id ?? string.Empty));
}
IdentityType type = Identity.GetType(i.Descriptor.IdentityType, i.IsContainer);
if (type == IdentityType.InvalidIdentity)
{
throw new IdentityUnresolvedException(
string.Format("Searching '{0}' returned invalid identity.", id ?? string.Empty));
}
return(i);
}
private static bool VerifyUsers(TeamFoundationIdentity sourceUser, TeamFoundationIdentity targetUser, string sourceUserName, string targetUserName, out bool haltExecution)
{
if (sourceUser == null)
{
WriteLog(LogLevel.Error, string.Format("The source user {0} cannot be found\nPlease add this user to the users list first before running this tool. Do you want to continue with the next user (y/n)?", sourceUserName));
if (Console.ReadKey().Key == ConsoleKey.Y)
{
haltExecution = false;
}
else
{
haltExecution = true;
}
return(false);
}
if (targetUser == null)
{
WriteLog(LogLevel.Error, string.Format("The target user {0} cannot be found\nPlease add this user to the users list first before running this tool. Do you want to continue with the next user (y/n)?", targetUserName));
if (Console.ReadKey().Key == ConsoleKey.Y)
{
haltExecution = false;
}
else
{
haltExecution = true;
}
return(false);
}
haltExecution = false;
return(true);
}
private static void GetAllUsers(TfsTeamProjectCollection pTpc, string pProjectName)
{
List <string> listUsers = new List <string>();
WorkItemStore _wistore = pTpc.GetService <WorkItemStore>();
var _gss = pTpc.GetService <IIdentityManagementService>();
var _teamProject = _wistore.Projects[pProjectName];
string _validGroupName = "[" + pProjectName + "]\\Project Valid Users";
TeamFoundationIdentity _group = _gss.ReadIdentity(IdentitySearchFactor.DisplayName, _validGroupName, MembershipQuery.Expanded, ReadIdentityOptions.ExtendedProperties);
List <string> _memebersIds = new List <string>();
foreach (var _member in _group.Members)
{
_memebersIds.Add(_member.Identifier);
}
var _members = _gss.ReadIdentities(IdentitySearchFactor.Identifier, _memebersIds.ToArray(), MembershipQuery.Expanded, ReadIdentityOptions.ExtendedProperties);
foreach (var _member in _members)
{
if (!_member[0].IsContainer)
{
listUsers.Add(_member[0].DisplayName);
}
}
Console.WriteLine("Users:");
foreach (var _user in listUsers)
{
Console.WriteLine("{0}", _user);
}
}
/// <summary>
/// Gets the list of project users in a TFS project
/// </summary>
/// <param name="projectCollection">TFS PROJECT COLLECTION</param>
/// <param name="projectName">TFS PROJECT NAME</param>
/// <returns></returns>
public static List <TeamFoundationIdentity> ListContributors(TfsTeamProjectCollection tfsTeamProjectCollection, string projectName)
{
List <TeamFoundationIdentity> tfsUsers = new List <TeamFoundationIdentity>();
IIdentityManagementService ims = (IIdentityManagementService)tfsTeamProjectCollection.GetService(typeof(IIdentityManagementService));
// get the tfs project
ReadOnlyCollection <CatalogNode> projectNodes = tfsTeamProjectCollection.CatalogNode.QueryChildren(new[] { CatalogResourceTypes.TeamProject }, false, CatalogQueryOptions.None);
CatalogNode projectCatalogNode = projectNodes.FirstOrDefault(c => c.Resource.DisplayName == projectName);
if (projectCatalogNode != null && ims != null)
{
TeamFoundationIdentity[] groups = ims.ListApplicationGroups(projectName, ReadIdentityOptions.None);
foreach (TeamFoundationIdentity group in groups)
{
TeamFoundationIdentity sids = ims.ReadIdentity(IdentitySearchFactor.DisplayName, group.DisplayName, MembershipQuery.Expanded, ReadIdentityOptions.IncludeReadFromSource);
if (sids != null)
{
tfsUsers.AddRange(ims.ReadIdentities(sids.Members, MembershipQuery.Expanded, ReadIdentityOptions.None));
}
}
}
//Remove any duplicates (by user-id)
return(tfsUsers.GroupBy(u => u.UniqueName).Select(u => u.First()).ToList());
}
private static void BatchUpMembershipThatExceedsSizeLimit(TeamFoundationIdentity membershipGroup,
int batchSizeLimit,
IIdentityManagementService ims, List<TeamFoundationIdentity> membershipGroups,
Dictionary<IdentityDescriptor, TeamFoundationIdentity> allIdentities)
{
var batchNum = 0;
var remainder = membershipGroup.Members.Length;
var descriptors = new IdentityDescriptor[batchSizeLimit];
while (remainder > 0)
{
var startAt = batchNum*batchSizeLimit;
var length = batchSizeLimit;
if (length > remainder)
{
length = remainder;
descriptors = new IdentityDescriptor[length];
}
Array.Copy(membershipGroup.Members, startAt, descriptors, 0, length);
var memberIdentities = ims.ReadIdentities(descriptors, MembershipQuery.Direct, ReadIdentityOptions.None);
AddCollectionUsersAndGroupsToLists(memberIdentities, membershipGroups, allIdentities);
remainder -= length;
}
}
public bool SetProfileImage(string identity, string imagePath, out string message)
{
bool ret = true;
message = string.Empty;
byte[] image = new byte[0];
TeamFoundationIdentity i = ims2.ReadIdentity(IdentitySearchFactor.AccountName, identity, MembershipQuery.Direct, ReadIdentityOptions.None);
if (i == null)
{
message = "User/Group [" + identity + "] not found";
ret = false;
}
if (!File.Exists(imagePath))
{
message = "File [" + imagePath + "] not found";
ret = false;
}
if (ret)
{
try
{
byte[] rawImage = File.ReadAllBytes(imagePath);
image = ConvertAndResizeImage(rawImage);
}
catch (Exception ex)
{
message = "Could not read the profile image: " + ex.Message;
ret = false;
}
}
if (ret)
{
i.SetProperty("Microsoft.TeamFoundation.Identity.Image.Data", image);
i.SetProperty("Microsoft.TeamFoundation.Identity.Image.Type", "image/png");
i.SetProperty("Microsoft.TeamFoundation.Identity.Image.Id", Guid.NewGuid().ToByteArray());
i.SetProperty("Microsoft.TeamFoundation.Identity.CandidateImage.Data", null);
i.SetProperty("Microsoft.TeamFoundation.Identity.CandidateImage.UploadDate", null);
try
{
ims2.UpdateExtendedProperties(i);
}
catch (PropertyServiceException)
{
// swallow; this exception happens each and every time, but the changes are applied :S.
}
message = "Profile image set";
}
return(ret);
}
// Get Email Address from TFS Account or Display Name
// source: https://paulselles.wordpress.com/2014/03/24/tfs-api-tfs-user-email-address-lookup-and-reverse-lookup/
public string GetEmailAddress(string userName, string defaultValue)
{
using (var teamProjectCollection = this.connectionInfo.Token.GetCollection(this.connectionInfo.ProjectCollectionUri))
{
var identityManagementService = teamProjectCollection.GetService <IIdentityManagementService>();
TeamFoundationIdentity identity = identityManagementService.ReadIdentity(
IdentitySearchFactor.AccountName,
userName,
MembershipQuery.None,
ReadIdentityOptions.ExtendedProperties);
// if not found try again using DisplayName
identity = identity ?? identityManagementService.ReadIdentity(
IdentitySearchFactor.DisplayName,
userName,
MembershipQuery.None,
ReadIdentityOptions.ExtendedProperties);
if (identity == null)
{
return(defaultValue);
}
// pick first non-null value
string mailAddress = identity.GetAttribute("Mail", null);
mailAddress = string.IsNullOrWhiteSpace(mailAddress) ?
identity.GetAttribute("ConfirmedNotificationAddress", defaultValue)
: mailAddress;
return(mailAddress);
}
}
/// <summary>
/// Extracts the generic security namespace permissions.
/// </summary>
/// <param name="server">The server.</param>
/// <param name="permissionScope">The permission scope.</param>
/// <param name="userIdentity">The user identity.</param>
/// <param name="securityToken">The security token.</param>
/// <param name="identityManagementService">The identityManagementService.</param>
/// <param name="groups">The groups.</param>
/// <returns>List of Permissions</returns>
private static List <Permission> ExtractGenericSecurityNamespacePermissions(ISecurityService server, PermissionScope permissionScope, TeamFoundationIdentity userIdentity, string securityToken, IIdentityManagementService identityManagementService, IEnumerable <string> groups)
{
SecurityNamespace genericSecurityNamespace = server.GetSecurityNamespace(Helpers.GetSecurityNamespaceId(permissionScope, server));
AccessControlList userAccessList =
genericSecurityNamespace.QueryAccessControlList(
securityToken,
new List <IdentityDescriptor> {
userIdentity.Descriptor
},
true);
var result = new List <Permission>();
result.AddRange(Helpers.AccessControlEntryToPermission(genericSecurityNamespace, userAccessList.AccessControlEntries, false, string.Empty));
// handle group inheritance
foreach (string group in groups)
{
TeamFoundationIdentity groupIdentity = identityManagementService.ReadIdentity(IdentitySearchFactor.Identifier, group, MembershipQuery.None, ReadIdentityOptions.IncludeReadFromSource);
AccessControlList groupAccessList =
genericSecurityNamespace.QueryAccessControlList(
securityToken,
new List <IdentityDescriptor> {
groupIdentity.Descriptor
},
true);
result.AddRange(Helpers.AccessControlEntryToPermission(genericSecurityNamespace, groupAccessList.AccessControlEntries, true, groupIdentity.DisplayName));
}
var modifiedPermissions = Helpers.RemoveDuplicatePermissionsAndCombineGroups(result);
return(modifiedPermissions);
}
public static TeamFoundationIdentity ParseUserIdentity(string argumentName, TfsTeamProjectCollection collection, object argumentUser)
{
TeamFoundationIdentity userIdentity = null;
if (argumentUser != null)
{
if (argumentUser is PSObject)
{
argumentUser = (argumentUser as PSObject).BaseObject;
}
if (argumentUser is string)
{
string userEmail = argumentUser as string;
userIdentity = collection.GetUserIdentityByEmail(userEmail);
if (userIdentity == null)
{
throw new PSArgumentException(string.Format("Field \"{0}\": No user is found through email: {1}.", argumentName, userEmail));
}
}
else if (argumentUser is TeamFoundationIdentity)
{
userIdentity = argumentUser as TeamFoundationIdentity;
}
else
{
throw new PSArgumentException("Field \"Assigned To\": the argument type is not supported. We only support user email and TeamFoundationIdentity.");
}
}
return(userIdentity);
}
static void Main(string[] args)
{
TfsConfigurationServer tcs = new TfsConfigurationServer(new Uri("http://server:8080/tfs"));
IIdentityManagementService ims = tcs.GetService <IIdentityManagementService>();
TeamFoundationIdentity tfi = ims.ReadIdentity(IdentitySearchFactor.AccountName, "Project Collection Valid Users", MembershipQuery.Expanded, ReadIdentityOptions.None);
TeamFoundationIdentity[] ids = ims.ReadIdentities(tfi.Members, MembershipQuery.None, ReadIdentityOptions.None);
using (StreamWriter file = new StreamWriter("userlist.txt"))
foreach (TeamFoundationIdentity id in ids)
{
if (id.Descriptor.IdentityType == "System.Security.Principal.WindowsIdentity")
{
Console.WriteLine(id.DisplayName);
}
//{ Console.WriteLine(id.UniqueName); }
file.WriteLine("[{0}]", id.DisplayName);
}
var count = ids.Count(x => ids.Contains(x));
Console.WriteLine(count);
Console.ReadLine();
}
private void ListShevesetsButton_Click(object sender, EventArgs e)
{
string user;
TeamFoundationIdentity identity = m_UserComboBox.SelectedItem as TeamFoundationIdentity;
if (identity != null)
{
user = identity.UniqueName;
}
else
{
user = m_UserComboBox.Text;
}
m_ShelveComboBox.DataSource = GetShelvesetsForUser(user);
m_ShelveComboBox.DisplayMember = "Name";
if (m_ShelveComboBox.Items.Count > 0)
{
m_ShelveComboBox.SelectedItem = m_ShelveComboBox.Items[0];
}
else
{
m_ShelveComboBox.Text = string.Empty;
m_SourceTextBox.Text = string.Empty;
}
}
public static IEnumerable <TeamFoundationIdentity> ReadTFSUsers(TfsTeamProjectCollection tfsTeamProjectCollection, ILogger logger)
{
try
{
logger.Information("Querying Team Foundation Identities from TFS.");
IIdentityManagementService identityService = tfsTeamProjectCollection.GetService <IIdentityManagementService>();
TeamFoundationIdentity teamFoundationIdentity = identityService.ReadIdentity(IdentitySearchFactor.AccountName, "Project Collection Valid Users", MembershipQuery.Expanded, ReadIdentityOptions.ExtendedProperties);
TeamFoundationIdentity[][] teamFoundationIdentities = identityService
.ReadIdentities(
IdentitySearchFactor.Identifier,
teamFoundationIdentity
.Members
.Select(id => id.Identifier)
.ToArray(),
MembershipQuery.None,
ReadIdentityOptions.ExtendedProperties);
return(teamFoundationIdentities
.SelectMany(tfi => tfi)
.Where(tfi => !tfi.IsContainer));
}
catch (Exception e)
{
logger.Error(e.Message);
return(null);
}
}
public TFSClientLogic(TfsVariable tfsVar) : base(tfsVar)
{
idService = TeamColl.GetService(typeof(IIdentityManagementService)) as IIdentityManagementService;
tfsId = IdentityService.ReadIdentity(IdentitySearchFactor.DisplayName,
initSetting.BuildRequestedUser,
MembershipQuery.None,
ReadIdentityOptions.None);
}
/// <summary>
/// Add members to identity
/// </summary>
/// <param name="businessProject"></param>
/// <param name="identity"></param>
/// <param name="members"></param>
private static void AddTfsTeamMembers(BusinessProject businessProject,
TeamFoundationIdentity identity,
List <TeamFoundationIdentity> members)
{
var securityManager = new SecurityManager(businessProject.TeamProjectCollectionUrl);
securityManager.AddMembers(identity, members);
}
static partial void RealInstanceFactory(ref TeamFoundationIdentity real, string callerName)
{
var tfs = TfsTeamProjectCollectionWrapper_UnitTests.GetRealInstance();
var ims = tfs.GetService <IIdentityManagementService>();
TeamFoundationIdentity userId = ims.ReadIdentity(IdentitySearchFactor.DisplayName, "David Corbin", MembershipQuery.Direct, ReadIdentityOptions.None);
real = userId;
}
/// <summary>
/// Initializes a new instance of the <see cref="T:System.Object"/> class.
/// </summary>
public UserInfoContext(TeamFoundationIdentity identity)
{
Identity = identity;
if (identity != null)
{
UserName = Identity.DisplayName;
}
}
public TestRun(
TestEditInfo testEditInfo,
ITestPoint testPoint,
TeamFoundationIdentity currentIdentity)
{
_testEditInfo = testEditInfo;
_testPoint = testPoint;
_currentIdentity = currentIdentity;
}
public static TfsTeamProjectCollection CreateImpersonatedCollection(Uri collectionToUse, string userToImpersonate)
{
NetworkCredential defaultNetworkCredentials = CredentialCache.DefaultNetworkCredentials;
TfsTeamProjectCollection tfsTeamProjectCollection = new TfsTeamProjectCollection(collectionToUse, defaultNetworkCredentials);
IIdentityManagementService service = tfsTeamProjectCollection.GetService <IIdentityManagementService>();
TeamFoundationIdentity teamFoundationIdentity = service.ReadIdentity(IdentitySearchFactor.AccountName, userToImpersonate, MembershipQuery.None, ReadIdentityOptions.None);
return(new TfsTeamProjectCollection(collectionToUse, new TfsClientCredentials(), teamFoundationIdentity.Descriptor));
}
static void Main(string[] args)
{
WriteLog("*** Copy Permissions tool ***");
// Validate arguments
if (args.Length == 0)
{
WriteLog(LogLevel.Warning, "Please provide the path to the configuration file\nAn example: VSTSMigrUsers.exe .\\sample.xml");
Console.ReadKey();
return;
}
// Retrieve configuration from the provided configuration file
if (!GetSettings(args[0]))
{
Console.ReadKey();
return;
}
// Execute the work
foreach (UserMapping mapping in _userMappings)
{
TeamFoundationIdentity sourceUser = GetIdentityByName(mapping.sourceUser);
TeamFoundationIdentity targetUser = GetIdentityByName(mapping.targetUser);
bool haltExecution;
if (VerifyUsers(sourceUser, targetUser, mapping.sourceUser, mapping.targetUser, out haltExecution))
{
if (!CopyPermissions(sourceUser, targetUser))
{
WriteLog(LogLevel.Error, "Stopped execution");
break;
}
if (!ReassignWorkitems(mapping.sourceUser, mapping.targetUser))
{
WriteLog(LogLevel.Error, "Stopped execution");
break;
}
if (!MigrateAlerts(sourceUser, targetUser))
{
WriteLog(LogLevel.Error, "Stopped execution");
break;
}
}
else
{
if (haltExecution)
{
WriteLog(LogLevel.Error, "Stopped execution");
}
}
}
// Finalize
WriteLog("Press a key to continue...");
Console.ReadKey();
}
internal Identity(TeamFoundationIdentity obj) : base(obj)
{
Id = obj.TeamFoundationId;
DisplayName = obj.DisplayName;
IsContainer = obj.IsContainer;
UniqueName = (string)obj.UniqueName;
Descriptor = new Microsoft.VisualStudio.Services.Identity.IdentityDescriptor(
obj.Descriptor.IdentityType, obj.Descriptor.Identifier);
}
private static string TeamProjectUri(this TeamFoundationIdentity identity, string projectUri)
{
string teamProject = null;
if (identity.Descriptor.IdentityType == ExtensionMethods.IDENTITY_TYPE_TFS)
{
teamProject = identity.GetProperty("Domain").ToString();
}
return(teamProject);
}
private static Identity MapIdentity(TeamFoundationIdentity identity)
{
return(new Identity
{
DisplayName = identity.DisplayName,
Id = identity.UniqueUserId,
IsActive = identity.IsActive,
UniqueName = identity.UniqueName
});
}
internal void SetTfsServer(string val)
{
this.tpcPath = val;
this.changesetCache = new Dictionary <int, ChangesetData>();
this.projectCollection = null;
this.workspace = null;
this.identity = null;
this.isOnline = null;
}
public UserDetailViewModel(TeamFoundationIdentity identity, IServiceProvider serviceProvider)
: base(serviceProvider)
{
this.identity = identity;
FillModelData();
if (this.identity != null && !AllUsers.Contains(this.identity))
{
this.identity = AllUsers.FirstOrDefault(i => i.TeamFoundationId == this.identity.TeamFoundationId) ?? identity;
}
}
public string GetDisplayName()
{
using (TfsTeamProjectCollection service = Service)
{
TeamFoundationIdentity identity = null;
service.GetAuthenticatedIdentity(out identity);
return(identity.DisplayName);
}
}
public static TeamFoundationIdentity GetIdentity(string name)
{
TeamFoundationIdentity identity = null;
if (Ims != null && Group != null)
{
identity = Ims.ReadIdentity(IdentitySearchFactor.DisplayName, name, MembershipQuery.None, ReadIdentityOptions.None);
}
return(identity);
}
private static void DisplayGroupTree(IIdentityManagementService ims, TeamFoundationIdentity node,
int level)
{
DisplayNode(node, level);
if (!node.IsContainer)
return;
TeamFoundationIdentity[] nodeMembers = ims.ReadIdentities(node.Members, MembershipQuery.Direct,
ReadIdentityOptions.None);
int newLevel = level + 1;
foreach (TeamFoundationIdentity member in nodeMembers)
DisplayGroupTree(ims, member, newLevel);
}
private static void AddCollectionUsersAndGroupsToLists(TeamFoundationIdentity[] identities,
List<TeamFoundationIdentity> membershipGroups,
Dictionary<IdentityDescriptor, TeamFoundationIdentity> allIdentities)
{
foreach (var identity in identities)
{
if (identity != null)
{
allIdentities.Add(identity.Descriptor, identity);
if (identity.IsContainer)
{
membershipGroups.Add(identity);
}
}
}
}
private static void DisplayGroupMembers(TeamFoundationIdentity group,
Dictionary<IdentityDescriptor, TeamFoundationIdentity> allIdentities)
{
// Output this group's membership
Console.WriteLine("Members of group: {0}", group.DisplayName);
Console.WriteLine("=================");
foreach (var memDesc in group.Members)
{
if (allIdentities.ContainsKey(memDesc))
{
// replace .UniqueName with .DisplayName if you just want the display name. UniqueName shows their email address.
Console.WriteLine(allIdentities[memDesc].UniqueName);
}
}
Console.WriteLine();
}
public void ConnectToTFS(Uri serverUri, string userName)
{
baseUserConnection = new TfsConfigurationServer(serverUri);
// Get the identity management service
IIdentityManagementService ims = baseUserConnection.GetService<IIdentityManagementService>();
identity = ims.ReadIdentity(IdentitySearchFactor.AccountName, userName, MembershipQuery.None, ReadIdentityOptions.None);
impersonatedConnection = new TfsConfigurationServer(serverUri, identity.Descriptor);
collectionNodes = impersonatedConnection.CatalogNode.QueryChildren(
new[] { CatalogResourceTypes.ProjectCollection },
false, CatalogQueryOptions.None);
if (identity != null)
fullName = identity.DisplayName;
}
private void AddUsersInGroup(TeamFoundationIdentity groupMember)
{
var groupMembers = this.identityService.ReadIdentities(groupMember.Members, MembershipQuery.Direct, ReadIdentityOptions.None);
var groupIdentity = this.GetGroupIdentity(groupMember);
foreach (TeamFoundationIdentity member in groupMembers)
{
if (member.IsContainer)
{
// multi-level groups not supported
continue;
}
var user = this.GetOrCreateUserIdentity(member);
user.Groups.Add(groupIdentity);
this.users[user.IdentityKey] = user;
}
}
/// <summary>
/// Extracts area permission for a specific identity
/// </summary>
/// <param name="server">Server security service</param>
/// <param name="teamProject">Team project</param>
/// <param name="userIdentity">User identity</param>
/// <param name="identityManagementService">The identityManagementService</param>
/// <param name="groups">List of groups</param>
/// <returns>The list of the permissions</returns>
private static List<AreaPermission> ExtractAreasPermissions(ISecurityService server, Project teamProject, TeamFoundationIdentity userIdentity, IIdentityManagementService identityManagementService, List<string> groups)
{
var result = new List<AreaPermission>();
Console.WriteLine("== Extract WorkItems Area Permissions ==");
// root Area Node
var areaPermissionRoot = new AreaPermission { AreaName = teamProject.Name, AreaPermissions = new List<Permission>() };
areaPermissionRoot.AreaPermissions.AddRange(ExtractGenericSecurityNamespacePermissions(server, PermissionScope.WorkItemAreas, userIdentity, teamProject.AreaRootNodeUri.AbsoluteUri, identityManagementService, groups));
if (areaPermissionRoot.AreaPermissions.Count > 0)
{
result.Add(areaPermissionRoot);
}
IEnumerable<Node> areaList = Helpers.FlattenTree(teamProject.AreaRootNodes);
foreach (Node area in areaList)
{
var areaPermission = new AreaPermission { AreaName = area.Path, AreaPermissions = new List<Permission>() };
areaPermission.AreaPermissions.AddRange(ExtractGenericSecurityNamespacePermissions(server, PermissionScope.WorkItemAreas, userIdentity, area.Uri.AbsoluteUri, identityManagementService, groups));
if (areaPermission.AreaPermissions.Count > 0)
{
Console.WriteLine(" -- Adding Permissions for {0}", area.Path);
result.Add(areaPermission);
}
}
return result;
}
private GroupIdentity GetGroupIdentity(TeamFoundationIdentity groupMember)
{
var newGroupIdentity = new GroupIdentity();
newGroupIdentity.DisplayName = groupMember.DisplayName;
newGroupIdentity.IdentityKey = groupMember.UniqueName;
return newGroupIdentity;
}
private void AddUserWithNoGroup(TeamFoundationIdentity member)
{
var user = this.GetOrCreateUserIdentity(member);
this.users[user.IdentityKey] = user;
}
private UserIdentity GetOrCreateUserIdentity(TeamFoundationIdentity tfsIdentity)
{
if (this.users.ContainsKey(tfsIdentity.UniqueName))
{
return this.users[tfsIdentity.UniqueName];
}
else
{
var userIdentity = new UserIdentity()
{
DisplayName = tfsIdentity.DisplayName,
IdentityKey = tfsIdentity.UniqueName,
};
return userIdentity;
}
}
private TeamFoundationIdentity[] allTfsUsers(TfsConnection tfs)
{
try
{
IIdentityManagementService ims = tfs.GetService<IIdentityManagementService>();
TeamFoundationIdentity[] projectGroups = ims.ListApplicationGroups(tfsProject.Project, ReadIdentityOptions.None);
Dictionary<IdentityDescriptor, object> descSet = new Dictionary<IdentityDescriptor, object>(IdentityDescriptorComparer.Instance);
foreach (TeamFoundationIdentity projectGroup in projectGroups)
{
descSet[projectGroup.Descriptor] = projectGroup.Descriptor;
}
projectGroups = ims.ReadIdentities(descSet.Keys.ToArray(), MembershipQuery.Expanded, ReadIdentityOptions.None);
foreach (TeamFoundationIdentity projectGroup in projectGroups)
{
foreach (IdentityDescriptor mem in projectGroup.Members)
{
descSet[mem] = mem;
}
}
TeamFoundationIdentity[] identities = new TeamFoundationIdentity[0];
int batchSizeLimit = 100000;
var descriptors = descSet.Keys.ToArray();
if (descriptors.Length > batchSizeLimit)
{
int batchNum = 0;
int remainder = descriptors.Length;
IdentityDescriptor[] batchDescriptors = new IdentityDescriptor[batchSizeLimit];
while (remainder > 0)
{
int startAt = batchNum * batchSizeLimit;
int length = batchSizeLimit;
if (length > remainder)
{
length = remainder;
batchDescriptors = new IdentityDescriptor[length];
}
Array.Copy(descriptors, startAt, batchDescriptors, 0, length);
identities = ims.ReadIdentities(batchDescriptors, MembershipQuery.Direct, ReadIdentityOptions.None);
remainder -= length;
}
}
else
{
identities = ims.ReadIdentities(descriptors, MembershipQuery.Direct, ReadIdentityOptions.None);
}
return identities.Where(_ => !_.IsContainer && _.Descriptor.IdentityType != "Microsoft.TeamFoundation.UnauthenticatedIdentity").ToArray();
}
catch
{
/* Do nothing */
}
return (tfs != null? new TeamFoundationIdentity[] { tfs.AuthorizedIdentity } : new TeamFoundationIdentity[0]);
}
/// <summary>
/// Extracts the generic security namespace permissions.
/// </summary>
/// <param name="server">The server.</param>
/// <param name="permissionScope">The permission scope.</param>
/// <param name="userIdentity">The user identity.</param>
/// <param name="securityToken">The security token.</param>
/// <param name="identityManagementService">The identityManagementService.</param>
/// <param name="groups">The groups.</param>
/// <returns>List of Permissions</returns>
private static List<Permission> ExtractGenericSecurityNamespacePermissions(ISecurityService server, PermissionScope permissionScope, TeamFoundationIdentity userIdentity, string securityToken, IIdentityManagementService identityManagementService, IEnumerable<string> groups)
{
SecurityNamespace genericSecurityNamespace = server.GetSecurityNamespace(Helpers.GetSecurityNamespaceId(permissionScope, server));
AccessControlList userAccessList =
genericSecurityNamespace.QueryAccessControlList(
securityToken,
new List<IdentityDescriptor> { userIdentity.Descriptor },
true);
var result = new List<Permission>();
result.AddRange(Helpers.AccessControlEntryToPermission(genericSecurityNamespace, userAccessList.AccessControlEntries, false, string.Empty));
// handle group inheritance
foreach (string group in groups)
{
TeamFoundationIdentity groupIdentity = identityManagementService.ReadIdentity(IdentitySearchFactor.Identifier, group, MembershipQuery.None, ReadIdentityOptions.IncludeReadFromSource);
AccessControlList groupAccessList =
genericSecurityNamespace.QueryAccessControlList(
securityToken,
new List<IdentityDescriptor> { groupIdentity.Descriptor },
true);
result.AddRange(Helpers.AccessControlEntryToPermission(genericSecurityNamespace, groupAccessList.AccessControlEntries, true, groupIdentity.DisplayName));
}
var modifiedPermissions = Helpers.RemoveDuplicatePermissionsAndCombineGroups(result);
return modifiedPermissions;
}
/////// <summary>
/////// Extracts work item permissions for a specific identity
/////// </summary>
/////// <param name="server">Server security service</param>
/////// <param name="projectSecurityToken">Project Security Token</param>
/////// <param name="userIdentity">User identity</param>
/////// <returns>The list of the permissions</returns>
////private static List<Permission> ExtractWorkItemsPermissions(
//// ISecurityService server,
//// string projectSecurityToken,
//// TeamFoundationIdentity userIdentity)
////{
//// var result = new List<Permission>();
//// SecurityNamespace workItemsSecurityNamespace = server.GetSecurityNamespace(Helpers.GetSecurityNamespaceId(PermissionScope.WorkItemAreas, server));
//// if (workItemsSecurityNamespace != null)
//// {
//// Console.WriteLine("== Extract WorkItems Permissions ==");
//// AccessControlList workItemsAccessList = workItemsSecurityNamespace.QueryAccessControlList(
//// projectSecurityToken,
//// new List<IdentityDescriptor> { userIdentity.Descriptor },
//// true);
//// string allowedWorkItemPermissions = string.Empty;
//// string denyWorkItemPermissions = string.Empty;
//// foreach (AccessControlEntry ace in workItemsAccessList.AccessControlEntries)
//// {
//// if (0 != ace.Allow)
//// {
//// allowedWorkItemPermissions = ((QueryItemPermissions)ace.Allow).ToString();
//// result.AddRange(
//// Helpers.GetActionDetailsByName(allowedWorkItemPermissions, "Allow", PermissionScope.WorkItemAreas));
//// }
//// if (0 != ace.Deny)
//// {
//// denyWorkItemPermissions = ((QueryItemPermissions)ace.Deny).ToString();
//// result.AddRange(
//// Helpers.GetActionDetailsByName(denyWorkItemPermissions, "Deny", PermissionScope.WorkItemAreas));
//// }
//// }
//// }
//// return result;
////}
/// <summary>
/// Extracts build permissions for a specific identity.
/// </summary>
/// <param name="server">Server security service</param>
/// <param name="projectSecurityToken">Project Security Token</param>
/// <param name="userIdentity">User identity</param>
/// <returns>The list of the permissions</returns>
private static List<Permission> ExtractBuildPermissions(ISecurityService server, string projectSecurityToken, TeamFoundationIdentity userIdentity)
{
var result = new List<Permission>();
SecurityNamespace buildSecurityNamespace = server.GetSecurityNamespace(Helpers.GetSecurityNamespaceId(PermissionScope.TeamBuild, server));
Console.WriteLine("== Extract Build Permissions ==");
AccessControlList buildAccessList = buildSecurityNamespace.QueryAccessControlList(
projectSecurityToken,
new List<IdentityDescriptor> { userIdentity.Descriptor },
true);
foreach (AccessControlEntry ace in buildAccessList.AccessControlEntries)
{
if (0 != ace.Allow)
{
var allowedBuildPermissions = ((EnumrationsList.BuildPermissions)ace.Allow).ToString();
result.AddRange(
Helpers.GetActionDetailsByName(allowedBuildPermissions, "Allow", PermissionScope.TeamBuild));
}
if (0 != ace.Deny)
{
var denyBuildPermissions = ((EnumrationsList.BuildPermissions)ace.Deny).ToString();
result.AddRange(
Helpers.GetActionDetailsByName(denyBuildPermissions, "Deny", PermissionScope.TeamBuild));
}
}
return result;
}
/// <summary>
/// Extract iteration permissions for a specific identity
/// </summary>
/// <param name="server">Server security service</param>
/// <param name="teamProject">Team project</param>
/// <param name="userIdentity">User identity</param>
/// <param name="identityManagementService">The identityManagementService</param>
/// <param name="groups">List of groups</param>
/// <returns>Security namespace</returns>
private static List<IterationPermission> ExtractIterationPermissions(ISecurityService server, Project teamProject, TeamFoundationIdentity userIdentity, IIdentityManagementService identityManagementService, List<string> groups)
{
var result = new List<IterationPermission>();
var lstIterations = Helpers.FlattenTree(teamProject.IterationRootNodes);
// root Area Node
var iterationPermissionRoot = new IterationPermission { IterationName = teamProject.Name, IterationPermissions = new List<Permission>() };
iterationPermissionRoot.IterationPermissions.AddRange(ExtractGenericSecurityNamespacePermissions(server, PermissionScope.WorkItemIterations, userIdentity, lstIterations.First().ParentNode.Uri.AbsoluteUri, identityManagementService, groups));
if (iterationPermissionRoot.IterationPermissions.Count > 0)
{
result.Add(iterationPermissionRoot);
}
Console.WriteLine("== Extract WorkItems Iteration Permissions ==");
foreach (Node iteration in lstIterations)
{
var iterationPermission = new IterationPermission
{
IterationName = iteration.Path,
IterationPermissions = new List<Permission>()
};
iterationPermission.IterationPermissions.AddRange(ExtractGenericSecurityNamespacePermissions(server, PermissionScope.WorkItemIterations, userIdentity, iteration.Uri.AbsoluteUri, identityManagementService, groups));
if (iterationPermission.IterationPermissions.Count > 0)
{
result.Add(iterationPermission);
}
}
return result;
}
/// <summary>
/// Sample method on how to extracts the git version control permissions.
/// </summary>
/// <param name="server">The server.</param>
/// <param name="groups">The groups.</param>
/// <param name="userIdentity">The user identity.</param>
/// <param name="projectSecurityToken">The project security token.</param>
/// <param name="identityManagementService">The identityManagementService.</param>
/// <param name="vcs">The VCS.</param>
/// <param name="gitService">The git service.</param>
/// <returns>List of Permissions</returns>
private static List<Permission> ExtractGitVersionControlPermissions(ISecurityService server, IEnumerable<string> groups, TeamFoundationIdentity userIdentity, string projectSecurityToken, IIdentityManagementService identityManagementService, VersionControlServer vcs, TeamFoundation.Git.Client.GitRepositoryService gitService)
{
Console.WriteLine("== Extract Git Version Control Permissions ==");
SecurityNamespace gitVersionControlSecurityNamespace = server.GetSecurityNamespace(Helpers.GetSecurityNamespaceId(PermissionScope.GitSourceControl, server));
var gitProjectRepoService = gitService.QueryRepositories(projectSecurityToken);
// This sample handle only the default repository, you can iterate through all repositories same way
var defaultGitRepo = gitProjectRepoService.SingleOrDefault(gr => gr.Name.Equals(projectSecurityToken));
vcs.TryGetTeamProject(projectSecurityToken);
if (defaultGitRepo == null)
{
return new List<Permission>();
}
// Repository Security Token is repoV2/TeamProjectId/RepositoryId
var repoIdToken = string.Format("repoV2{0}{1}{2}{3}", gitVersionControlSecurityNamespace.Description.SeparatorValue, defaultGitRepo.ProjectReference.Id, gitVersionControlSecurityNamespace.Description.SeparatorValue, defaultGitRepo.Id);
// vcs.GetTeamProject(projectSecurityToken);
AccessControlList versionControlAccessList =
gitVersionControlSecurityNamespace.QueryAccessControlList(
repoIdToken,
new List<IdentityDescriptor> { userIdentity.Descriptor },
true);
var gitVersionControlPermissions = new List<Permission>();
foreach (AccessControlEntry ace in versionControlAccessList.AccessControlEntries)
{
if (0 != ace.Allow)
{
var allowedVersionControlPermissions = ((EnumrationsList.GitPermissions)ace.Allow).ToString();
gitVersionControlPermissions.AddRange(
Helpers.GetActionDetailsByName(allowedVersionControlPermissions, "Allow", PermissionScope.GitSourceControl));
}
if (0 != ace.Deny)
{
var denyVersionControlPermissions = ((EnumrationsList.GitPermissions)ace.Deny).ToString();
gitVersionControlPermissions.AddRange(
Helpers.GetActionDetailsByName(denyVersionControlPermissions, "Deny", PermissionScope.GitSourceControl));
}
}
if (gitVersionControlPermissions.Count == 0)
{
foreach (AccessControlEntry ace in versionControlAccessList.AccessControlEntries)
{
if (0 != ace.ExtendedInfo.EffectiveAllow)
{
var allowedVersionControlPermissions = ((EnumrationsList.GitPermissions)ace.ExtendedInfo.EffectiveAllow).ToString();
gitVersionControlPermissions.AddRange(
Helpers.GetActionDetailsByName(allowedVersionControlPermissions, "Allow", PermissionScope.GitSourceControl));
}
if (0 != ace.ExtendedInfo.EffectiveDeny)
{
var denyVersionControlPermissions = ((EnumrationsList.GitPermissions)ace.ExtendedInfo.EffectiveDeny).ToString();
gitVersionControlPermissions.AddRange(
Helpers.GetActionDetailsByName(denyVersionControlPermissions, "Deny", PermissionScope.GitSourceControl));
}
}
}
foreach (string group in groups)
{
TeamFoundationIdentity groupIdentity = identityManagementService.ReadIdentity(IdentitySearchFactor.Identifier, group, MembershipQuery.None, ReadIdentityOptions.IncludeReadFromSource);
AccessControlList groupAccessList =
gitVersionControlSecurityNamespace.QueryAccessControlList(
repoIdToken,
new List<IdentityDescriptor> { groupIdentity.Descriptor },
true);
foreach (AccessControlEntry ace in groupAccessList.AccessControlEntries)
{
if (0 != ace.Allow)
{
var allowedPermissions = ((EnumrationsList.GitPermissions)ace.Allow).ToString();
var permissionsList = Helpers.GetActionDetailsByName(allowedPermissions, "Inherited Allow", PermissionScope.GitSourceControl);
Helpers.AppendGroupInheritanceInformation(permissionsList, groupIdentity.DisplayName);
gitVersionControlPermissions.AddRange(permissionsList);
}
if (0 != ace.Deny)
{
var denyPermissions = ((EnumrationsList.GitPermissions)ace.Deny).ToString();
var permissionsList = Helpers.GetActionDetailsByName(denyPermissions, "Inherited Deny", PermissionScope.GitSourceControl);
Helpers.AppendGroupInheritanceInformation(permissionsList, groupIdentity.DisplayName);
gitVersionControlPermissions.AddRange(permissionsList);
}
}
}
var modifiedPermissions = Helpers.RemoveDuplicatePermissionsAndCombineGroups(gitVersionControlPermissions);
return modifiedPermissions;
}
/// <summary>
/// Extracts version control permissions for a specific identity.
/// </summary>
/// <param name="server">TFS Security service</param>
/// <param name="groups">Security groups</param>
/// <param name="userIdentity">User Identity</param>
/// <param name="projectSecurityToken">Project Security Token</param>
/// <param name="ims">TFS Identity service</param>
/// <param name="vcs">TFS VC Service</param>
/// <returns>The list of the permissions</returns>
private static List<Permission> ExtractVersionControlPermissions(
ISecurityService server,
IEnumerable<string> groups,
TeamFoundationIdentity userIdentity,
string projectSecurityToken,
IIdentityManagementService ims,
VersionControlServer vcs)
{
Console.WriteLine("== Extract Version Control Permissions ==");
var teamProject = vcs.TryGetTeamProject(projectSecurityToken);
if (teamProject == null)
{
return new List<Permission>();
}
return ExtractGenericSecurityNamespacePermissions(server, PermissionScope.SourceControl, userIdentity, teamProject.ServerItem, ims, groups);
}
private static void DisplayNode(TeamFoundationIdentity node, int level)
{
for (int tabCount = 0; tabCount < level; tabCount++) Console.Write("\t");
Console.WriteLine(node.DisplayName);
}
/// <summary>
/// Returns the security group of the user
/// </summary>
/// <param name="tpc">Team project collection</param>
/// <param name="teamProjectUri">Team Project Uri</param>
/// <param name="userIdentity">User identity</param>
/// <returns>The groups where the user is present.</returns>
private static List<string> GetUserGroups(TfsTeamProjectCollection tpc, string teamProjectUri, TeamFoundationIdentity userIdentity)
{
Console.WriteLine(" -- Getting UserGroups...");
List<string> groups = new List<string>();
// Get the group security service.
var gss = tpc.GetService<Microsoft.TeamFoundation.Server.IGroupSecurityService2>();
Microsoft.TeamFoundation.Server.Identity[] appGroups = gss.ListApplicationGroups(teamProjectUri);
foreach (Microsoft.TeamFoundation.Server.Identity group in appGroups)
{
Microsoft.TeamFoundation.Server.Identity[] groupMembers = gss.ReadIdentities(Microsoft.TeamFoundation.Server.SearchFactor.Sid, new[] { group.Sid }, Microsoft.TeamFoundation.Server.QueryMembership.Expanded);
foreach (Microsoft.TeamFoundation.Server.Identity member in groupMembers)
{
if (member.Members != null)
{
groups.AddRange(from memberSid in member.Members where memberSid == userIdentity.Descriptor.Identifier select @group.Sid);
}
}
}
return groups;
}
