private async Task EnsureRepositoryPermissionsAsync(
Waddle.AdoConnectionFactory factory, Waddle.Dtos.Project project,
RepositoryManifest repo, Microsoft.TeamFoundation.SourceControl.WebApi.GitRepository repository)
{
if (repository != null && repo.Permissions != null && repo.Permissions.Any())
{
var secService = factory.GetSecurityNamespaceService();
var gitNamespace = await secService.GetNamespaceAsync(SecurityNamespaceConstants.Git_Repositories);
var gitSecurityNamespaceId = gitNamespace.NamespaceId;
var aclDictioanry = new Dictionary <string, VstsAcesDictionaryEntry>();
await CreateAclsAsync(factory, typeof(GitRepositories), repo.Permissions, aclDictioanry);
if (aclDictioanry.Count > 0)
{
var repositorySecurityToken = $"repoV2/{project.Id}/{repository.Id}";
var aclService = factory.GetAclListService();
await aclService.SetAclsAsync(gitSecurityNamespaceId, repositorySecurityToken, aclDictioanry, false);
}
}
}
private async Task ProvisionBuildPathPermissionsAsync(
Waddle.AdoConnectionFactory factory,
Waddle.Dtos.Project project, PipelineFolder bp, VstsFolder existingItem)
{
if (existingItem != null)
{
var secService = factory.GetSecurityNamespaceService();
var buildNamespace = await secService.GetNamespaceAsync(SecurityNamespaceConstants.Build);
var namespaceId = buildNamespace.NamespaceId;
var aclDictioanry = new Dictionary <string, VstsAcesDictionaryEntry>();
await CreateAclsAsync(factory, typeof(Waddle.Constants.Build), bp.Permissions, aclDictioanry);
if (aclDictioanry.Count > 0)
{
var fpath = bp.Path.TrimStart("\\/".ToCharArray()).Replace("\\", "/");
var token = $"{project.Id}/{fpath}";
var aclService = factory.GetAclListService();
await aclService.SetAclsAsync(namespaceId, token, aclDictioanry, false);
}
}
}
private async Task EnsureTeamProvisionedAsync(ProjectManifest manifest, Waddle.AdoConnectionFactory factory, Waddle.ProjectService projectService, Tuple <Waddle.Dtos.Project, bool> outcome)
{
var gService = factory.GetGroupService();
var secService = factory.GetSecurityNamespaceService();
var aclService = factory.GetAclListService();
var allUsers = await gService.ListUsersAsync();
foreach (var teamManifest in manifest.Teams)
{
var tc = await projectService.GetTeamsAsync();
var eteam = tc.Value
.FirstOrDefault(tc => tc.Name.Equals(teamManifest.Name,
StringComparison.OrdinalIgnoreCase));
if (eteam == null)
{
Logger.StatusBegin($"Creating team [{teamManifest.Name}]...");
var team = await projectService.CreateTeamAsync(
new Microsoft.TeamFoundation.Core.WebApi.WebApiTeam
{
Name = teamManifest.Name,
Description = teamManifest.Description,
ProjectId = outcome.Item1.Id,
ProjectName = outcome.Item1.Name
},
outcome.Item1.Id);
while (eteam == null)
{
tc = await projectService.GetTeamsAsync();
eteam = tc.Value
.FirstOrDefault(tc => tc.Name.Equals(teamManifest.Name,
StringComparison.OrdinalIgnoreCase));
}
Logger.StatusEndSuccess("Succeed");
}
if (eteam != null && teamManifest.Membership != null &&
(teamManifest.Membership.Groups != null && teamManifest.Membership.Groups.Any()))
{
var teamGroup = await GetGroupByNameAsync(factory, IdentityOrigin.Vsts.ToString(), eteam.Name);
if (teamGroup != null)
{
foreach (var gp in teamManifest.Membership.Groups)
{
var groupObject = await GetGroupByNameAsync(factory, IdentityOrigin.Aad.ToString(), gp.Name, gp.Id);
if (groupObject != null)
{
await gService.AddMemberAsync(eteam.ProjectId, teamGroup.Descriptor, groupObject.Descriptor);
}
}
foreach (var user in teamManifest.Membership.Users)
{
var userInfo = allUsers.Value.FirstOrDefault(u => u.OriginId.Equals(user.Id));
if (userInfo != null)
{
await gService.AddMemberAsync(eteam.ProjectId, teamGroup.Descriptor, userInfo.Descriptor);
}
}
}
}
if (eteam != null &&
teamManifest.Admins != null &&
teamManifest.Admins.Any())
{
var token = $"{eteam.ProjectId}\\{eteam.Id}";
var releaseNamespace = await secService.GetNamespaceAsync(SecurityNamespaceConstants.Identity);
var secNamespaceId = releaseNamespace.NamespaceId;
var aclDictioanry = new Dictionary <string, VstsAcesDictionaryEntry>();
foreach (var adminUserName in teamManifest.Admins)
{
var matches = await gService.GetLegacyIdentitiesByNameAsync(adminUserName.Name);
if (matches != null && matches.Count > 0)
{
var adminUserInfo = matches.Value.First();
aclDictioanry.Add(adminUserInfo.Descriptor, new VstsAcesDictionaryEntry
{
Allow = 31,
Deny = 0,
Descriptor = adminUserInfo.Descriptor
});
}
}
await aclService.SetAclsAsync(secNamespaceId, token, aclDictioanry, false);
}
}
}