public static dataModel.PermissionScopeEntity ToDataModel(this PermissionScope source)
{
var result = new dataModel.PermissionScopeEntity();
result.InjectFrom(source);
return(result);
}
protected bool HasTableAccess(string tableName, IPrincipal currentUser, PermissionScope scope)
{
var security = this.Database.Security(tableName);
// No Table Security? Allowed.
if (!security.HasTableAccessSecurity)
{
return(true);
}
// No user identity? Forbidden!
if (currentUser == null || !currentUser.Identity.IsAuthenticated)
{
return(false);
}
// Try user first, cheap check.
if (security.IsIdentityInPermissionScope(IdentityScope.User, currentUser.Identity.Name, scope))
{
return(true);
}
// See if the user is in any allowed groups.
foreach (var group in security.GetScopeIdentities(scope, IdentityScope.Group))
{
if (_claimsAuth.IsUserInGroup(currentUser, group.Name))
{
return(true);
}
}
return(false);
}
/// <summary>
/// Gets a value indicating whether the specified identity is a member of the specified permission scope.
/// </summary>
/// <param name="type">Identity scope.</param>
/// <param name="identity">Identity.</param>
/// <param name="scope">Permissions scope.</param>
/// <returns>True is the specified identity is within the specified scope, otherwise false.</returns>
public bool IsIdentityInPermissionScope(IdentityScope type, string identity, PermissionScope scope)
{
var si = SecurityIdentity.Create(type, identity);
// TODO: Consider making a virtual hash set and calling contains (it'll be faster).
return(this.GetScopeIdentities(scope, type).Any(i => i.Equals(si)));
}
public Permission(PermissionScope scope, string displayName, string permissionConstant, int permissionBit)
{
this.Scope = scope;
this.PermissionConstant = permissionConstant;
this.DisplayName = displayName;
this.PermissionBit = permissionBit;
}
/// <summary>
/// 获取权限范围的设置
/// </summary>
/// <param name="organizeIds">有权限的组织机构</param>
/// <returns>权限范围</returns>
public static PermissionScope GetPermissionScope(string[] organizeIds)
{
PermissionScope returnValue = PermissionScope.None;
//foreach (PermissionScope permissionScope in (PermissionScope[])Enum.GetValues(typeof(PermissionScope)))
//{
// if (StringUtil.Exists(organizeIds, permissionScope.ToString()))
// {
// returnValue = permissionScope;
// break;
// }
//}
#region BUG修复
foreach (PermissionScope permissionScope in (PermissionScope[])Enum.GetValues(typeof(PermissionScope)))
{
int scope = Convert.ToInt32(permissionScope);
if (StringUtil.Exists(organizeIds, scope.ToString()))
{
returnValue = permissionScope;
break;
}
}
#endregion
return(returnValue);
}
/// <summary>
/// Expose scopes for the web API.
/// </summary>
/// <param name="graphServiceClient"></param>
/// <param name="createdApplication"></param>
/// <returns></returns>
private static async Task ExposeScopes(GraphServiceClient graphServiceClient, Application createdApplication)
{
var updatedApp = new Application
{
IdentifierUris = new[] { $"api://{createdApplication.AppId}" },
};
var scopes = createdApplication.Api.Oauth2PermissionScopes?.ToList() ?? new List <PermissionScope>();
var newScope = new PermissionScope
{
Id = Guid.NewGuid(),
AdminConsentDescription = "Allows the app to access the web API on behalf of the signed-in user",
AdminConsentDisplayName = "Access the API on behalf of a user",
Type = "User",
IsEnabled = true,
UserConsentDescription = "Allows this app to access the web API on your behalf",
UserConsentDisplayName = "Access the API on your behalf",
Value = "access_as_user",
};
scopes.Add(newScope);
updatedApp.Api = new ApiApplication {
Oauth2PermissionScopes = scopes
};
await graphServiceClient.Applications[createdApplication.Id]
.Request()
.UpdateAsync(updatedApp).ConfigureAwait(false);
}
public static PermissionScopeEntity ToDataModel(this PermissionScope source)
{
var result = new PermissionScopeEntity();
result = Mapper.Map <PermissionScope, PermissionScopeEntity>(source);
return(result);
}
public async Task RevokePermissionsAsync(PermissionScope scope, IdentityScope identityType, string identity)
{
var resp = await _client.SendObjectAsync(HttpMethod.Delete, String.Format("table/{0}/permissions/{1}", _tableName, scope.ToString().ToLowerInvariant()), value : SecurityIdentity.Create(identityType, identity));
await resp.EnsureArribaSuccess();
return;
}
public PermissionGroupFactory(PermissionScope scope, Guid securityNamespaceId, string displayName, IEnumerable <string> excludedActions, Func <TfsTeamProjectCollection, TfsMajorVersion, string, string, IList <string> > objectTokenFactory)
{
this.scope = scope;
this.securityNamespaceId = securityNamespaceId;
this.displayName = displayName;
this.excludedActions = excludedActions ?? Enumerable.Empty <string>();
this.objectTokenFactory = objectTokenFactory;
}
public async Task RemovePermissionsAsync(PermissionScope permissionsScope, string identity)
{
var resp = await _client.SendObjectAsync(
HttpMethod.Delete,
String.Format("table/{0}/permissions/{1}/{2}", _tableName, permissionsScope, identity));
await resp.EnsureArribaSuccess();
return;
}
/// <summary>
/// Loads from json.
/// </summary>
/// <param name="jsonProperty">The json property.</param>
/// <param name="service"></param>
internal override void LoadFromJson(JsonObject jsonProperty, ExchangeService service)
{
foreach (string key in jsonProperty.Keys)
{
switch (key)
{
case XmlElementNames.UserId:
this.UserId = new UserId();
this.UserId.LoadFromJson(jsonProperty.ReadAsJsonObject(key), service);
break;
case XmlElementNames.CanCreateItems:
this.canCreateItems = jsonProperty.ReadAsBool(key);
break;
case XmlElementNames.CanCreateSubFolders:
this.canCreateSubFolders = jsonProperty.ReadAsBool(key);
break;
case XmlElementNames.IsFolderOwner:
this.isFolderOwner = jsonProperty.ReadAsBool(key);
break;
case XmlElementNames.IsFolderVisible:
this.isFolderVisible = jsonProperty.ReadAsBool(key);
break;
case XmlElementNames.IsFolderContact:
this.isFolderContact = jsonProperty.ReadAsBool(key);
break;
case XmlElementNames.EditItems:
this.editItems = jsonProperty.ReadEnumValue <PermissionScope>(key);
break;
case XmlElementNames.DeleteItems:
this.deleteItems = jsonProperty.ReadEnumValue <PermissionScope>(key);
break;
case XmlElementNames.ReadItems:
this.readItems = jsonProperty.ReadEnumValue <FolderPermissionReadAccess>(key);
break;
case XmlElementNames.PermissionLevel:
case XmlElementNames.CalendarPermissionLevel:
this.permissionLevel = jsonProperty.ReadEnumValue <FolderPermissionLevel>(key);
break;
default:
break;
}
}
this.AdjustPermissionLevel();
}
public async Task <PermissionScope> ExecuteAsync(PermissionScope scope, SqlConnection connection, SqlTransaction transaction = default, CancellationToken cancellationToken = default)
{
using var command = Get(scope, connection, transaction);
if (await command.ExecuteNonQueryAsync(cancellationToken) == ALLOWEDAFFECTEDROWS)
{
scope.Id = command.Parameters.GetInt32(PARAM_ID);
return(scope);
}
return(default);
/// <summary>
/// Copies the values of the individual permissions of the specified folder permission
/// to this folder permissions.
/// </summary>
/// <param name="permission">The folder permission to copy the values from.</param>
private void AssignIndividualPermissions(FolderPermission permission)
{
this.canCreateItems = permission.CanCreateItems;
this.canCreateSubFolders = permission.CanCreateSubFolders;
this.isFolderContact = permission.IsFolderContact;
this.isFolderOwner = permission.IsFolderOwner;
this.isFolderVisible = permission.IsFolderVisible;
this.editItems = permission.EditItems;
this.deleteItems = permission.DeleteItems;
this.readItems = permission.ReadItems;
}
/// <summary>
/// Grant the specified identity for the specified permission scope.
/// </summary>
/// <param name="identity">Identity to grant permissions to.</param>
/// <param name="scope">Scope of permissions to grant (Owner, Writer, Reader)</param>
public void Grant(SecurityIdentity identity, PermissionScope scope)
{
if (Owners.Count == 0 && scope != PermissionScope.Owner)
{
throw new ArribaException(String.Format("Unable to grant permission scope {0} as there are no identities with owner scope", scope));
}
var target = GetSpecificPermissionsScopeHashSet(scope);
target.Add(identity);
}
public static PermissionScope GetPermissionScope(string[] organizeIds)
{
PermissionScope none = PermissionScope.None;
foreach (PermissionScope scope2 in (PermissionScope[])Enum.GetValues(typeof(PermissionScope)))
{
if (Exists(organizeIds, scope2.ToString()))
{
return(scope2);
}
}
return(none);
}
protected bool HasTableAccess(string tableName, IPrincipal currentUser, PermissionScope scope)
{
var security = this.Database.Security(tableName);
// No security? Allowed.
if (!security.HasTableAccessSecurity)
{
return(true);
}
// Otherwise check permissions
return(HasPermission(security, currentUser, scope));
}
/// <summary>
/// 权限验证
/// </summary>
/// <param name="itemKey">权限项目标识</param>
/// <param name="permissionScope">权限许可范围</param>
/// <returns>通过验证返回true,否则返回false</returns>
public bool Validate(string itemKey, PermissionScope permissionScope)
{
bool result = false;
if (userPermissionSettings.ContainsKey(itemKey))
{
PermissionSetting permissionSetting = userPermissionSettings[itemKey];
if (permissionSetting.PermissionType == PermissionType.Allow && (int)permissionSetting.PermissionScope >= (int)permissionScope)
{
result = true;
}
}
return(result);
}
/// <summary>
/// Tries to read element from XML.
/// </summary>
/// <param name="reader">The reader.</param>
/// <returns>True if element was read.</returns>
internal override bool TryReadElementFromXml(EwsServiceXmlReader reader)
{
switch (reader.LocalName)
{
case XmlElementNames.UserId:
this.UserId = new UserId();
this.UserId.LoadFromXml(reader, reader.LocalName);
return(true);
case XmlElementNames.CanCreateItems:
this.canCreateItems = reader.ReadValue <bool>();
return(true);
case XmlElementNames.CanCreateSubFolders:
this.canCreateSubFolders = reader.ReadValue <bool>();
return(true);
case XmlElementNames.IsFolderOwner:
this.isFolderOwner = reader.ReadValue <bool>();
return(true);
case XmlElementNames.IsFolderVisible:
this.isFolderVisible = reader.ReadValue <bool>();
return(true);
case XmlElementNames.IsFolderContact:
this.isFolderContact = reader.ReadValue <bool>();
return(true);
case XmlElementNames.EditItems:
this.editItems = reader.ReadValue <PermissionScope>();
return(true);
case XmlElementNames.DeleteItems:
this.deleteItems = reader.ReadValue <PermissionScope>();
return(true);
case XmlElementNames.ReadItems:
this.readItems = reader.ReadValue <FolderPermissionReadAccess>();
return(true);
case XmlElementNames.PermissionLevel:
case XmlElementNames.CalendarPermissionLevel:
this.permissionLevel = reader.ReadValue <FolderPermissionLevel>();
return(true);
default:
return(false);
}
}
/// <summary>
/// Initializes a new instance of the <see cref="Permission"/> class.
/// </summary>
/// <param name="scope">
/// The scope.
/// </param>
/// <param name="displayName">
/// The display name.
/// </param>
/// <param name="internalName">
/// The internal name.
/// </param>
/// <param name="permissionConstant">
/// The permission constant.
/// </param>
/// <param name="permissionId">
/// The permission id.
/// </param>
/// <param name="permissionState">
/// The permission state.
/// </param>
public Permission(
PermissionScope scope,
string displayName,
string internalName,
string permissionConstant,
int permissionId,
string permissionState)
{
Scope = scope;
PermissionConstant = permissionConstant;
DisplayName = displayName;
PermissionId = permissionId;
InternalName = internalName;
Value = permissionState;
}
/// <summary>
/// Gets an enumeration of security identities that match the specified permission scope.
/// </summary>
/// <param name="permissions">Permission scope</param>
/// <param name="identityScope">Identity scope predicate.</param>
/// <returns>Enumeration of security identities.</returns>
public IEnumerable <SecurityIdentity> GetScopeIdentities(PermissionScope permissions, IdentityScope?identityScope = null, bool merge = true)
{
// Readers = Readers | Writers | Owners
// Writers = Writers | Owners
// Owners = Owners
IEnumerable <SecurityIdentity> enumerable = merge ? GetPermissionScopeSet(permissions) : GetSpecificPermissionsScopeHashSet(permissions);
if (identityScope != null)
{
enumerable = enumerable.Where(i => i.Scope == identityScope.Value);
}
return(enumerable);
}
/// <summary>
/// Initializes a new instance of the <see cref="Permission"/> class.
/// </summary>
/// <param name="scope">
/// The scope.
/// </param>
/// <param name="displayName">
/// The display name.
/// </param>
/// <param name="internalName">
/// The internal name.
/// </param>
/// <param name="permissionConstant">
/// The permission constant.
/// </param>
/// <param name="permissionId">
/// The permission id.
/// </param>
/// <param name="permissionState">
/// The permission state.
/// </param>
public Permission(
PermissionScope scope,
string displayName,
string internalName,
string permissionConstant,
int permissionId,
string permissionState)
{
this.Scope = scope;
this.PermissionConstant = permissionConstant;
this.DisplayName = displayName;
this.PermissionId = permissionId;
this.InternalName = internalName;
this.Value = permissionState;
}
/// <summary>
/// Initializes a new instance of the <see cref="Permission"/> class.
/// </summary>
/// <param name="scope">
/// The scope.
/// </param>
/// <param name="displayName">
/// The display name.
/// </param>
/// <param name="internalName">
/// The internal name.
/// </param>
/// <param name="permissionConstant">
/// The permission constant.
/// </param>
/// <param name="permissionId">
/// The permission id.
/// </param>
/// <param name="permissionState">
/// The permission state.
/// </param>
public Permission(
PermissionScope scope,
string displayName,
string internalName,
string permissionConstant,
int permissionId,
string permissionState)
{
this.Scope = scope;
this.PermissionConstant = permissionConstant;
this.DisplayName = displayName;
this.PermissionId = permissionId;
this.InternalName = internalName;
this.Value = permissionState;
}
/// <summary>
/// Gets the security namespace identifier.
/// </summary>
/// <param name="permissionScope">The permission scope.</param>
/// <param name="server">The server.</param>
/// <returns>Guid</returns>
public static Guid GetSecurityNamespaceId(PermissionScope permissionScope, ISecurityService server)
{
var securityNamespaceId = Guid.Empty;
switch (permissionScope)
{
case PermissionScope.TeamProject:
securityNamespaceId = server.GetSecurityNamespaces().SingleOrDefault(secuirtyNamespace => secuirtyNamespace.Description.Name == "Project").Description.NamespaceId;
break;
case PermissionScope.Workspaces:
securityNamespaceId = server.GetSecurityNamespaces().SingleOrDefault(secuirtyNamespace => secuirtyNamespace.Description.Name == "Workspaces").Description.NamespaceId;
break;
case PermissionScope.WorkItems:
securityNamespaceId = server.GetSecurityNamespaces().SingleOrDefault(secuirtyNamespace => secuirtyNamespace.Description.Name == "WorkItemQueryFolders").Description.NamespaceId;
break;
case PermissionScope.TeamBuild:
securityNamespaceId = server.GetSecurityNamespaces().SingleOrDefault(secuirtyNamespace => secuirtyNamespace.Description.Name == "Build").Description.NamespaceId;
break;
case PermissionScope.WorkItemAreas:
securityNamespaceId = server.GetSecurityNamespaces().SingleOrDefault(secuirtyNamespace => secuirtyNamespace.Description.Name == "CSS").Description.NamespaceId;
break;
case PermissionScope.WorkItemIterations:
securityNamespaceId = server.GetSecurityNamespaces().SingleOrDefault(secuirtyNamespace => secuirtyNamespace.Description.Name == "Iteration").Description.NamespaceId;
break;
case PermissionScope.SourceControl:
securityNamespaceId = server.GetSecurityNamespaces().SingleOrDefault(secuirtyNamespace => secuirtyNamespace.Description.Name == "VersionControlItems").Description.NamespaceId;
break;
case PermissionScope.GitSourceControl:
securityNamespaceId = server.GetSecurityNamespaces().SingleOrDefault(secuirtyNamespace => secuirtyNamespace.Description.Name == "Git Repositories").Description.NamespaceId;
break;
// case PermissionScope.Warehouse:
// securityNamespaceId = server.GetSecurityNamespaces().SingleOrDefault(secuirtyNamespace => secuirtyNamespace.Description.Name == "Warehouse").Description.NamespaceId;
// break;
case PermissionScope.Collection:
securityNamespaceId = server.GetSecurityNamespaces().SingleOrDefault(secuirtyNamespace => secuirtyNamespace.Description.Name == "CollectionManagement").Description.NamespaceId;
break;
}
return(securityNamespaceId);
}
public IActionResult FrontEndGrantDebug()
{
var context = _dataProtector.Protect(Guid.NewGuid().ToString());
var client = Client.Create(Guid.NewGuid(), "http://za-pt.org/exchange");
client.DisplayName = "iTech";
ViewBag.Client = client;
ViewBag.Scopes = new[] {
PermissionScope.Create(Guid.NewGuid(), "obsidian.basicinfo", "Basic Information", "Includes you name and gender."),
PermissionScope.Create(Guid.NewGuid(), "obsidian.email", "Email address", "Your email address."),
PermissionScope.Create(Guid.NewGuid(), "obsidian.admin", "Admin access", "Manage the system.")
};
return(View("PermissionGrant", new PermissionGrantModel {
ProtectedOAuthContext = context
}));
}
private IEnumerable <SecurityIdentity> GetPermissionScopeSet(PermissionScope permissions)
{
switch (permissions)
{
case PermissionScope.Reader:
return(Readers.Concat(Writers).Concat(Owners));
case PermissionScope.Writer:
return(Writers.Concat(Owners));
case PermissionScope.Owner:
return(Owners);
default:
throw new ArribaException(String.Format("Unknown permission scope {0}", permissions));
}
}
/// <summary>
/// Gets the permission scope hashset for the specified scope.
/// </summary>
private HashSet <SecurityIdentity> GetSpecificPermissionsScopeHashSet(PermissionScope scope)
{
switch (scope)
{
case PermissionScope.Owner:
return(Owners);
case PermissionScope.Reader:
return(Readers);
case PermissionScope.Writer:
return(Writers);
default:
throw new ArribaException(String.Format("Unknown permission scope {0}", scope));
}
}
/// <summary>
/// 获得用户的数据权限范围
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="userId">用户主键</param>
/// <param name="permissionItemCode">数据权限编号</param>
/// <returns>数据权限范围</returns>
public PermissionScope GetUserPermissionScope(BaseUserInfo userInfo, string userId, string permissionItemCode)
{
// 写入调试信息
#if (DEBUG)
int milliStart = BaseBusinessLogic.StartDebug(userInfo, MethodBase.GetCurrentMethod());
#endif
// 加强安全验证防止未授权匿名调用
#if (!DEBUG)
LogOnService.UserIsLogOn(userInfo);
#endif
PermissionScope returnValue = PermissionScope.None;
using (IDbHelper dbHelper = DbHelperFactory.GetHelper(BaseSystemInfo.UserCenterDbType))
{
try
{
dbHelper.Open(UserCenterDbConnection);
// 是超级管理员,就不用继续判断权限了
BasePermissionScopeManager permissionScopeManager = new BasePermissionScopeManager(dbHelper, userInfo);
returnValue = permissionScopeManager.GetUserPermissionScope(userId, permissionItemCode);
BaseLogManager.Instance.Add(dbHelper, userInfo, this.serviceName, AppMessage.PermissionService_GetUserPermissionScope, MethodBase.GetCurrentMethod());
}
catch (Exception ex)
{
BaseExceptionManager.LogException(dbHelper, userInfo, ex);
throw ex;
}
finally
{
dbHelper.Close();
}
}
// 写入调试信息
#if (DEBUG)
BaseBusinessLogic.EndDebug(MethodBase.GetCurrentMethod(), milliStart);
#endif
return(returnValue);
}
/// <summary>
/// The get action details by name.
/// </summary>
/// <param name="actionNames">
/// The action names.
/// </param>
/// <param name="permissionState">
/// The permission state.
/// </param>
/// <param name="scope">
/// The scope.
/// </param>
/// <returns>IEnumerable of Permission</returns>
public static IEnumerable <Permission> GetActionDetailsByName(
string actionNames,
string permissionState,
PermissionScope scope)
{
string[] actions = actionNames.Split(',');
return((from item in actions
select(from constPermission in Permissions
where constPermission.InternalName == item.TrimStart() && constPermission.Scope == scope
select constPermission).FirstOrDefault()
into selectedPermission
where selectedPermission != null
select
new Permission(
scope,
selectedPermission.DisplayName,
selectedPermission.InternalName,
selectedPermission.PermissionConstant,
selectedPermission.PermissionId,
permissionState)).ToList());
}
public bool AuthenticateFirstStep(string clientId, Uri redirectUri,
PermissionScope scope = PermissionScope.None,
string state = null)
{
var request = new RestRequest();
request.Resource = "oauth/";
request.RootElement = "data";
request.Method = Method.GET;
request.AddParameter("response_type", "code", ParameterType.UrlSegment);
request.AddParameter("client_id", clientId, ParameterType.UrlSegment);
if (state != null)
{
request.AddParameter("scope", scope.GetDescription(), ParameterType.UrlSegment);
}
request.AddParameter("redirect_uri", redirectUri.ToString(), ParameterType.UrlSegment);
var response = client.Execute(request);
return(response.ResponseStatus == ResponseStatus.Completed);
}
public bool AuthenticateFirstStep(Uri redirectUri,
PermissionScope scope = PermissionScope.None,
string state = null)
{
if (redirectUri == null)
{
throw new ArgumentNullException(nameof(redirectUri));
}
if (ConfigurationManager.AppSettings["USE_STORED_TOKEN"].ToLower() == "true")
{
return(false);
}
var clientId = ConfigurationManager.AppSettings["APP_ID"];
if (string.IsNullOrEmpty(clientId))
{
return(false);
}
var request = new RestRequest();
request.Resource = "oauth/";
request.RootElement = "data";
request.Method = Method.GET;
request.AddParameter("response_type", "code", ParameterType.UrlSegment);
request.AddParameter("client_id", clientId, ParameterType.UrlSegment);
if (state != null)
{
request.AddParameter("scope", scope.GetDescription(), ParameterType.UrlSegment);
}
request.AddParameter("redirect_uri", redirectUri.ToString(), ParameterType.UrlSegment);
var response = client.Execute(request);
return(response.ResponseStatus == ResponseStatus.Completed);
}
public async Task <ScopeCreationResult> StartAsync(CreateScopeCommand command)
{
_isCompleted = true;
if (await _repo.FindByScopeNameAsync(command.ScopeName) != null)
{
return(new ScopeCreationResult
{
Succeed = false,
Message = $"Scope of scope name {command.ScopeName} already exists."
});
}
var scope = PermissionScope.Create(Guid.NewGuid(), command.ScopeName, command.DisplayName, command.Description);
command.ClaimTypes.ToList().ForEach(s => scope.ClaimTypes.Add(s));
await _repo.AddAsync(scope);
return(new ScopeCreationResult
{
Succeed = true,
Message = $"Scope successfully created.",
Id = scope.Id
});
}
/// <summary>
/// Gets the security namespace identifier.
/// </summary>
/// <param name="permissionScope">The permission scope.</param>
/// <param name="server">The server.</param>
/// <returns>Guid</returns>
public static Guid GetSecurityNamespaceId(PermissionScope permissionScope, ISecurityService server)
{
var securityNamespaceId = Guid.Empty;
switch (permissionScope)
{
case PermissionScope.TeamProject:
securityNamespaceId = server.GetSecurityNamespaces().SingleOrDefault(secuirtyNamespace => secuirtyNamespace.Description.Name == "Project").Description.NamespaceId;
break;
case PermissionScope.Workspaces:
securityNamespaceId = server.GetSecurityNamespaces().SingleOrDefault(secuirtyNamespace => secuirtyNamespace.Description.Name == "Workspaces").Description.NamespaceId;
break;
case PermissionScope.WorkItems:
securityNamespaceId = server.GetSecurityNamespaces().SingleOrDefault(secuirtyNamespace => secuirtyNamespace.Description.Name == "WorkItemQueryFolders").Description.NamespaceId;
break;
case PermissionScope.TeamBuild:
securityNamespaceId = server.GetSecurityNamespaces().SingleOrDefault(secuirtyNamespace => secuirtyNamespace.Description.Name == "Build").Description.NamespaceId;
break;
case PermissionScope.WorkItemAreas:
securityNamespaceId = server.GetSecurityNamespaces().SingleOrDefault(secuirtyNamespace => secuirtyNamespace.Description.Name == "CSS").Description.NamespaceId;
break;
case PermissionScope.WorkItemIterations:
securityNamespaceId = server.GetSecurityNamespaces().SingleOrDefault(secuirtyNamespace => secuirtyNamespace.Description.Name == "Iteration").Description.NamespaceId;
break;
case PermissionScope.SourceControl:
securityNamespaceId = server.GetSecurityNamespaces().SingleOrDefault(secuirtyNamespace => secuirtyNamespace.Description.Name == "VersionControlItems").Description.NamespaceId;
break;
case PermissionScope.GitSourceControl:
securityNamespaceId = server.GetSecurityNamespaces().SingleOrDefault(secuirtyNamespace => secuirtyNamespace.Description.Name == "Git Repositories").Description.NamespaceId;
break;
// case PermissionScope.Warehouse:
// securityNamespaceId = server.GetSecurityNamespaces().SingleOrDefault(secuirtyNamespace => secuirtyNamespace.Description.Name == "Warehouse").Description.NamespaceId;
// break;
case PermissionScope.Collection:
securityNamespaceId = server.GetSecurityNamespaces().SingleOrDefault(secuirtyNamespace => secuirtyNamespace.Description.Name == "CollectionManagement").Description.NamespaceId;
break;
}
return securityNamespaceId;
}
/// <summary>
/// The get action details by name.
/// </summary>
/// <param name="actionNames">
/// The action names.
/// </param>
/// <param name="permissionState">
/// The permission state.
/// </param>
/// <param name="scope">
/// The scope.
/// </param>
/// <returns>IEnumerable of Permission</returns>
public static IEnumerable<Permission> GetActionDetailsByName(
string actionNames,
string permissionState,
PermissionScope scope)
{
string[] actions = actionNames.Split(',');
return (from item in actions
select (from constPermission in Permissions
where constPermission.InternalName == item.TrimStart() && constPermission.Scope == scope
select constPermission).FirstOrDefault()
into selectedPermission
where selectedPermission != null
select
new Permission(
scope,
selectedPermission.DisplayName,
selectedPermission.InternalName,
selectedPermission.PermissionConstant,
selectedPermission.PermissionId,
permissionState)).ToList();
}
/// <summary>
/// Extracts the generic security namespace permissions.
/// </summary>
/// <param name="server">The server.</param>
/// <param name="permissionScope">The permission scope.</param>
/// <param name="userIdentity">The user identity.</param>
/// <param name="securityToken">The security token.</param>
/// <param name="identityManagementService">The identityManagementService.</param>
/// <param name="groups">The groups.</param>
/// <returns>List of Permissions</returns>
private static List<Permission> ExtractGenericSecurityNamespacePermissions(ISecurityService server, PermissionScope permissionScope, TeamFoundationIdentity userIdentity, string securityToken, IIdentityManagementService identityManagementService, IEnumerable<string> groups)
{
SecurityNamespace genericSecurityNamespace = server.GetSecurityNamespace(Helpers.GetSecurityNamespaceId(permissionScope, server));
AccessControlList userAccessList =
genericSecurityNamespace.QueryAccessControlList(
securityToken,
new List<IdentityDescriptor> { userIdentity.Descriptor },
true);
var result = new List<Permission>();
result.AddRange(Helpers.AccessControlEntryToPermission(genericSecurityNamespace, userAccessList.AccessControlEntries, false, string.Empty));
// handle group inheritance
foreach (string group in groups)
{
TeamFoundationIdentity groupIdentity = identityManagementService.ReadIdentity(IdentitySearchFactor.Identifier, group, MembershipQuery.None, ReadIdentityOptions.IncludeReadFromSource);
AccessControlList groupAccessList =
genericSecurityNamespace.QueryAccessControlList(
securityToken,
new List<IdentityDescriptor> { groupIdentity.Descriptor },
true);
result.AddRange(Helpers.AccessControlEntryToPermission(genericSecurityNamespace, groupAccessList.AccessControlEntries, true, groupIdentity.DisplayName));
}
var modifiedPermissions = Helpers.RemoveDuplicatePermissionsAndCombineGroups(result);
return modifiedPermissions;
}
public static PermissionScope ToCoreModel(this dataModel.PermissionScopeEntity source, PermissionScope permissionScope)
{
permissionScope.InjectFrom(source);
return permissionScope;
}
/// <summary>
/// Tries to read element from XML.
/// </summary>
/// <param name="reader">The reader.</param>
/// <returns>True if element was read.</returns>
internal override bool TryReadElementFromXml(EwsServiceXmlReader reader)
{
switch (reader.LocalName)
{
case XmlElementNames.UserId:
this.UserId = new UserId();
this.UserId.LoadFromXml(reader, reader.LocalName);
return true;
case XmlElementNames.CanCreateItems:
this.canCreateItems = reader.ReadValue<bool>();
return true;
case XmlElementNames.CanCreateSubFolders:
this.canCreateSubFolders = reader.ReadValue<bool>();
return true;
case XmlElementNames.IsFolderOwner:
this.isFolderOwner = reader.ReadValue<bool>();
return true;
case XmlElementNames.IsFolderVisible:
this.isFolderVisible = reader.ReadValue<bool>();
return true;
case XmlElementNames.IsFolderContact:
this.isFolderContact = reader.ReadValue<bool>();
return true;
case XmlElementNames.EditItems:
this.editItems = reader.ReadValue<PermissionScope>();
return true;
case XmlElementNames.DeleteItems:
this.deleteItems = reader.ReadValue<PermissionScope>();
return true;
case XmlElementNames.ReadItems:
this.readItems = reader.ReadValue<FolderPermissionReadAccess>();
return true;
case XmlElementNames.PermissionLevel:
case XmlElementNames.CalendarPermissionLevel:
this.permissionLevel = reader.ReadValue<FolderPermissionLevel>();
return true;
default:
return false;
}
}
/// <summary>
/// Copies the values of the individual permissions of the specified folder permission
/// to this folder permissions.
/// </summary>
/// <param name="permission">The folder permission to copy the values from.</param>
private void AssignIndividualPermissions(FolderPermission permission)
{
this.canCreateItems = permission.CanCreateItems;
this.canCreateSubFolders = permission.CanCreateSubFolders;
this.isFolderContact = permission.IsFolderContact;
this.isFolderOwner = permission.IsFolderOwner;
this.isFolderVisible = permission.IsFolderVisible;
this.editItems = permission.EditItems;
this.deleteItems = permission.DeleteItems;
this.readItems = permission.ReadItems;
}
