예제 #1
0
        protected override void CreateOrUpdateRoles(RoleNameMapping mapping, List <RoleDefinition> roleDefinitions, List <string> enabledPermissionFeatures, string suffix, string mailboxPlanIndex)
        {
            ExTraceGlobals.AccessCheckTracer.TraceFunction <int>(20009L, "-->CreateOrUpdateRoles: roleDefinitions count = {0}", roleDefinitions.Count);
            RoleDefinition item = roleDefinitions.First((RoleDefinition x) => x.RoleName.Equals(mapping.OldName));

            roleDefinitions.Remove(item);
            List <ExchangeRole> list = new List <ExchangeRole>(roleDefinitions.Count);

            foreach (RoleDefinition definition in roleDefinitions)
            {
                ExchangeRole exchangeRole = base.CreateOrUpdateRole(null, definition, enabledPermissionFeatures, suffix, mailboxPlanIndex);
                if (exchangeRole != null)
                {
                    list.Add(exchangeRole);
                }
            }
            ExchangeRole exchangeRole2       = item.GenerateRole(enabledPermissionFeatures, this.settings.RolesContainerId, suffix, mailboxPlanIndex);
            string       unescapedCommonName = (suffix == null) ? mapping.OldName : (mapping.OldName + suffix);
            ExchangeRole exchangeRole3       = this.settings.ConfigurationSession.Read <ExchangeRole>(this.settings.RolesContainerId.GetChildId(unescapedCommonName));

            if (exchangeRole3 == null)
            {
                if (exchangeRole2.RoleEntries.Count > 0)
                {
                    exchangeRole2.OrganizationId = this.settings.OrganizationId;
                    base.SaveRoleAndSuggestCleanupOnFailure(exchangeRole2);
                    ExTraceGlobals.AccessCheckTracer.TraceFunction(20009L, "<--CreateOrUpdateRole: New Role created");
                }
                return;
            }
            this.settings.LogReadObject(exchangeRole3);
            this.UpdateCannedRole(exchangeRole3, exchangeRole2, list);
            ExTraceGlobals.AccessCheckTracer.TraceFunction(20009L, "<--CreateOrUpdateRoles");
        }
예제 #2
0
        private void CreateCustomRole(RoleDefinition customRoleDefinition, List <string> enabledPermissionFeatures, string suffix, string mailboxPlanIndex)
        {
            ADObjectId   childId      = this.rolesContainerId.GetChildId(customRoleDefinition.ParentRoleName + suffix);
            ExchangeRole exchangeRole = customRoleDefinition.GenerateRole(enabledPermissionFeatures, childId, suffix, mailboxPlanIndex);

            exchangeRole.OrganizationId = base.CurrentOrganizationId;
            this.configurationSession.Save(exchangeRole);
        }
예제 #3
0
        protected void CreateDCSafeRoleIfNeeded(ExchangeRole cannedRole, RoleDefinition roleDefinition)
        {
            if (this.settings.Organization != null || !Datacenter.IsMicrosoftHostedOnly(false))
            {
                return;
            }
            if (!roleDefinition.ContainsProhibitedActions(InstallCannedRbacRoles.DCProhibitedActions))
            {
                return;
            }
            ExchangeRole exchangeRole = roleDefinition.GenerateRole(null, cannedRole.Id, null, null);

            exchangeRole.Name           = RoleDefinition.GetDCSafeNameForRole(cannedRole.Name);
            exchangeRole.RoleEntries    = new MultiValuedProperty <RoleEntry>(roleDefinition.GetRoleEntriesFilteringProhibitedActions(null, InstallCannedRbacRoles.DCProhibitedActions));
            exchangeRole.OrganizationId = this.settings.OrganizationId;
            if (exchangeRole.RoleEntries.Count != 0)
            {
                this.SaveRoleAndWarnOnFailure(exchangeRole);
            }
        }
예제 #4
0
        protected ExchangeRole CreateOrUpdateRole(RoleNameMapping mapping, RoleDefinition definition, List <string> enabledPermissionFeatures, string suffix, string mailboxPlanIndex)
        {
            ExTraceGlobals.AccessCheckTracer.TraceFunction(20005L, "-->CreateOrUpdateRole: RoleDefinition = {0}, enabledPermissionFeatures is Null = {1}, suffix = {2}, mailboxPlanIndex = {3}", new object[]
            {
                definition.RoleName,
                enabledPermissionFeatures == null,
                string.IsNullOrEmpty(suffix) ? string.Empty : suffix,
                string.IsNullOrEmpty(mailboxPlanIndex) ? string.Empty : mailboxPlanIndex
            });
            this.RenameExistingRole(mapping, suffix);
            ExchangeRole exchangeRole = definition.GenerateRole(enabledPermissionFeatures, this.settings.RolesContainerId, suffix, mailboxPlanIndex);

            if (exchangeRole.RoleEntries.Count > 0)
            {
                ExchangeRole exchangeRole2 = this.settings.ConfigurationSession.Read <ExchangeRole>(exchangeRole.Id);
                if (exchangeRole2 != null)
                {
                    this.settings.LogReadObject(exchangeRole2);
                    this.UpdateCannedRole(exchangeRole2, exchangeRole, definition);
                    exchangeRole = exchangeRole2;
                    ExTraceGlobals.AccessCheckTracer.TraceFunction(20005L, "<--CreateOrUpdateRole: Role Updated");
                }
                else
                {
                    exchangeRole.OrganizationId = this.settings.OrganizationId;
                    this.SaveRoleAndSuggestCleanupOnFailure(exchangeRole);
                    ExTraceGlobals.AccessCheckTracer.TraceFunction(20005L, "<--CreateOrUpdateRole: New Role created");
                    this.CreateDCSafeRoleIfNeeded(exchangeRole, definition);
                }
            }
            else
            {
                ExTraceGlobals.AccessCheckTracer.TraceFunction(20005L, "<--CreateOrUpdateRole: No Role created");
                this.settings.RemoveRoleAndAssignments(exchangeRole.Id);
                exchangeRole = null;
            }
            return(exchangeRole);
        }