예제 #1
0
        protected void CreateDCSafeRoleIfNeeded(ExchangeRole cannedRole, RoleDefinition roleDefinition)
        {
            if (this.settings.Organization != null || !Datacenter.IsMicrosoftHostedOnly(false))
            {
                return;
            }
            if (!roleDefinition.ContainsProhibitedActions(InstallCannedRbacRoles.DCProhibitedActions))
            {
                return;
            }
            ExchangeRole exchangeRole = roleDefinition.GenerateRole(null, cannedRole.Id, null, null);

            exchangeRole.Name           = RoleDefinition.GetDCSafeNameForRole(cannedRole.Name);
            exchangeRole.RoleEntries    = new MultiValuedProperty <RoleEntry>(roleDefinition.GetRoleEntriesFilteringProhibitedActions(null, InstallCannedRbacRoles.DCProhibitedActions));
            exchangeRole.OrganizationId = this.settings.OrganizationId;
            if (exchangeRole.RoleEntries.Count != 0)
            {
                this.SaveRoleAndWarnOnFailure(exchangeRole);
            }
        }
예제 #2
0
        protected void FindAndUpdateDerivedRoles(ExchangeRole updatedParentRole, RoleEntry[] oldParentRoleEntries, RoleDefinition roleDefinition, ref int recursionCount)
        {
            ExTraceGlobals.AccessCheckTracer.TraceFunction(20005L, "-->FindAndUpdateDerivedRoles: updatedParentRole.Name = {0}, updatedParentRole.RoleEntries.Count = {1}, oldParentRoleEntries.Length = {2}, recursionCount = {3}", new object[]
            {
                updatedParentRole.Name,
                updatedParentRole.RoleEntries.Count,
                oldParentRoleEntries.Length,
                recursionCount
            });
            if (++recursionCount >= 1000)
            {
                return;
            }
            bool flag  = false;
            bool flag2 = this.settings.Organization == null && (Datacenter.IsMicrosoftHostedOnly(false) || Datacenter.IsDatacenterDedicated(false)) && roleDefinition.ContainsProhibitedActions(InstallCannedRbacRoles.DCProhibitedActions);
            ADPagedReader <ExchangeRole> adpagedReader = this.settings.ConfigurationSession.FindPaged <ExchangeRole>(updatedParentRole.Id, QueryScope.OneLevel, null, null, 0);

            foreach (ExchangeRole exchangeRole in adpagedReader)
            {
                this.settings.LogReadObject(exchangeRole);
                RoleEntry[]      array = this.PrepareRoleForUpgradeAndGetOldSortedEntries(exchangeRole, false);
                List <RoleEntry> value;
                if (1 == recursionCount && flag2 && exchangeRole.Name.Equals(RoleDefinition.GetDCSafeNameForRole(updatedParentRole.Name), StringComparison.OrdinalIgnoreCase))
                {
                    value = roleDefinition.GetRoleEntriesFilteringProhibitedActions(null, InstallCannedRbacRoles.DCProhibitedActions);
                    flag  = true;
                }
                else
                {
                    value = this.GetListOfRoleEntriesForChildRole(oldParentRoleEntries, array, updatedParentRole.RoleEntries.ToArray(), exchangeRole.IsChanged(ADObjectSchema.ExchangeVersion));
                }
                exchangeRole.RoleEntries = new MultiValuedProperty <RoleEntry>(value);
                this.FindAndUpdateDerivedRoles(exchangeRole, array, roleDefinition, ref recursionCount);
                this.SaveDerivedRoleAndWarnOnValidationErrors(exchangeRole);
                ExTraceGlobals.AccessCheckTracer.TraceFunction <string, int>(20005L, "----FindAndUpdateDerivedRoles: role.Name = {0}, role.RoleEntries.Count = {1}", exchangeRole.Name, exchangeRole.RoleEntries.Count);
            }
            if (1 == recursionCount && !flag)
            {
                this.CreateDCSafeRoleIfNeeded(updatedParentRole, roleDefinition);
            }
            recursionCount--;
            ExTraceGlobals.AccessCheckTracer.TraceFunction <int>(20005L, "<--FindAndUpdateDerivedRoles: recursionCount = {0}", recursionCount);
        }