Exemplo n.º 1
0
        internal static void VerifyIsInScopes(ADObject adObject, ScopeSet scopeSet, Task.TaskErrorLoggingDelegate writeErrorDelegate)
        {
            ADScopeException ex;

            if (!ADSession.TryVerifyIsWithinScopes(adObject, scopeSet.RecipientReadScope, scopeSet.RecipientWriteScopes, scopeSet.ExclusiveRecipientScopes, false, out ex))
            {
                writeErrorDelegate(new TaskException(Strings.ErrorCannotChangeObjectOutOfWriteScope(adObject.Identity.ToString(), (ex == null) ? string.Empty : ex.Message), ex), ErrorCategory.PermissionDenied, null);
            }
        }
Exemplo n.º 2
0
        private static bool VerifyIsWithinScopes(ADRawEntry givenObject, List <ADScope> exclusiveScopes, List <ADScope> customScopes, ADScope readScope)
        {
            List <ADScopeCollection> list             = null;
            ADScopeCollection        exclusiveScopes2 = null;

            if (exclusiveScopes != null && exclusiveScopes.Count > 0)
            {
                exclusiveScopes2 = new ADScopeCollection(exclusiveScopes);
            }
            if (customScopes != null && customScopes.Count > 0)
            {
                list = new List <ADScopeCollection>();
                list.Add(new ADScopeCollection(customScopes));
            }
            ADScopeException ex;

            return(ADSession.TryVerifyIsWithinScopes(givenObject, readScope, list, exclusiveScopes2, true, out ex));
        }
        // Token: 0x0600141C RID: 5148 RVA: 0x00048C88 File Offset: 0x00046E88
        public virtual bool IsTargetObjectInRoleScope(RoleType roleType, ADRecipient targetRecipient)
        {
            if (targetRecipient == null)
            {
                throw new ArgumentNullException("targetRecipient");
            }
            List <ADObjectId> rolesFromRoleType = this.GetRolesFromRoleType(roleType);

            if (rolesFromRoleType == null)
            {
                ExTraceGlobals.AccessDeniedTracer.TraceWarning <string, RoleType>((long)this.GetHashCode(), "IsTargetObjectInRoleScope() returns false because identity {0} doesn't have role {1}", this.identityName, roleType);
                return(false);
            }
            using (List <ADObjectId> .Enumerator enumerator = rolesFromRoleType.GetEnumerator())
            {
                while (enumerator.MoveNext())
                {
                    ADObjectId roleId = enumerator.Current;
                    IEnumerable <ExchangeRoleAssignment> enumerable = from x in this.allRoleAssignments
                                                                      where x.Role.Equals(roleId)
                                                                      select x;
                    foreach (ExchangeRoleAssignment exchangeRoleAssignment in enumerable)
                    {
                        RoleAssignmentScopeSet effectiveScopeSet = exchangeRoleAssignment.GetEffectiveScopeSet(this.allScopes, base.UserAccessToken);
                        OrganizationId         organizationId    = targetRecipient.OrganizationId;
                        effectiveScopeSet.RecipientReadScope.PopulateRootAndFilter(organizationId, targetRecipient);
                        effectiveScopeSet.RecipientWriteScope.PopulateRootAndFilter(organizationId, targetRecipient);
                        ADScopeException ex;
                        if (ADSession.TryVerifyIsWithinScopes(targetRecipient, effectiveScopeSet.RecipientReadScope, new ADScopeCollection[]
                        {
                            new ADScopeCollection(new ADScope[]
                            {
                                effectiveScopeSet.RecipientWriteScope
                            })
                        }, this.exclusiveRecipientScopesCollection, false, out ex))
                        {
                            return(true);
                        }
                    }
                }
            }
            ExTraceGlobals.AccessDeniedTracer.TraceWarning <string, RoleType, ObjectId>((long)this.GetHashCode(), "IsTargetObjectInRoleScope() returns false because identity {0}'s roles of type {1} don't have the scope that covers target object {2}.", this.identityName, roleType, targetRecipient.Identity);
            return(false);
        }