/// <summary>
/// Add members into group
/// </summary>
/// <param name="identity"></param>
/// <param name="members"></param>
public void AddMembers(TeamFoundationIdentity identity, List <TeamFoundationIdentity> members)
{
foreach (var member in members)
{
try
{
_identityManagementService.AddMemberToApplicationGroup(identity.Descriptor, member.Descriptor);
Console.WriteLine($"Identity '{member.DisplayName}' added to group '{identity.DisplayName}'.");
}
catch (Exception ex)
{
Console.WriteLine($"Error happened while adding member '{member.DisplayName}' to group '{identity.DisplayName}' ::: {ex.Message}");
}
}
}
private static bool CopyPermissions(TeamFoundationIdentity sourceUser, TeamFoundationIdentity targetUser)
{
// Copy permissions based on direct group membership
WriteLog(string.Format("Copying permissions from {0} to {1}", sourceUser.UniqueName, targetUser.UniqueName));
foreach (IdentityDescriptor group in sourceUser.MemberOf)
{
TeamFoundationIdentity groupIdentity = GetIdentityBySid(group.Identifier);
if (_excludedGroups.Contains(groupIdentity.DisplayName))
{
WriteLog(string.Format("Skipping group {0} because it is part of the exclusion list", groupIdentity.DisplayName));
continue;
}
if (groupIdentity.DisplayName == _securityServiceGroup)
{
WriteLog(LogLevel.Warning, "WARNING: this user might have permissions on specific objects (outside groups), these permissions are not copied!");
continue;
}
WriteLog(LogLevel.Ok, string.Format("Adding user {0} to group {1}", targetUser.UniqueName, groupIdentity.DisplayName));
try
{
_ims.AddMemberToApplicationGroup(group, targetUser.Descriptor);
}
catch (AddMemberIdentityAlreadyMemberException)
{
// Is already member, skip
WriteLog(LogLevel.Ok, string.Format("The user {0} is already a member of the group {1}", targetUser.UniqueName, groupIdentity.DisplayName));
}
catch (Exception ex)
{
WriteLog(LogLevel.Error, string.Format("The user {0} cannot be added to the group {1}: {2}\n\nDo you want to continue with the next user/group (y/n)?", targetUser.UniqueName, groupIdentity.DisplayName, ex.ToString()));
if (Console.ReadKey().Key != ConsoleKey.Y)
{
return(false);
}
}
}
return(true);
}
private static void ApplyGroupMemberChanges(ApplicationTask task, SecurityGroupChange securityGroup, IdentityDescriptor groupDescriptor, IIdentityManagementService ims, IList <TeamFoundationIdentity> existingMembers)
{
var existingMemberAccountNames = existingMembers.Select(m => GetAccountName(m));
// Remove requested members.
if (securityGroup.RemoveAllUsers)
{
foreach (var member in existingMembers)
{
ims.RemoveMemberFromApplicationGroup(groupDescriptor, member.Descriptor);
}
}
else
{
if (!string.IsNullOrEmpty(securityGroup.UsersToRemove))
{
foreach (var userToRemove in securityGroup.UsersToRemove.Split(new char[] { ';' }, StringSplitOptions.RemoveEmptyEntries).Select(u => u.Trim()))
{
if (existingMemberAccountNames.Any(m => string.Equals(m, userToRemove, StringComparison.OrdinalIgnoreCase)))
{
PerformUserAction(task, ims, userToRemove, identityToRemove => ims.RemoveMemberFromApplicationGroup(groupDescriptor, identityToRemove.Descriptor));
}
}
}
}
// Add requested members.
if (!string.IsNullOrEmpty(securityGroup.UsersToAdd))
{
foreach (var userToAdd in securityGroup.UsersToAdd.Split(new char[] { ';' }, StringSplitOptions.RemoveEmptyEntries).Select(u => u.Trim()))
{
if (!existingMemberAccountNames.Any(m => string.Equals(m, userToAdd, StringComparison.OrdinalIgnoreCase)))
{
PerformUserAction(task, ims, userToAdd, identityToAdd => ims.AddMemberToApplicationGroup(groupDescriptor, identityToAdd.Descriptor));
}
}
}
}
public static bool AddAADGroupToTPCustomGroup(string teamProject, string tpCustomGroupName, string aadGroupName, string organizationUrl)
{
VssCredentials creds = new VssClientCredentials();
creds.Storage = new VssClientCredentialStorage();
var tpc = new TfsTeamProjectCollection(new Uri(organizationUrl), creds);
tpc.Connect(Microsoft.TeamFoundation.Framework.Common.ConnectOptions.IncludeServices);
IIdentityManagementService ims = tpc.GetService <IIdentityManagementService>();
string tpCustomGroupNameFull = "[" + teamProject + "]" + "\\" + tpCustomGroupName;
string aadGroupNameFull = "[TEAM FOUNDATION]" + "\\" + aadGroupName; //for AAD Groups
try
{
var tfsGroupIdentity = ims.ReadIdentity(IdentitySearchFactor.AccountName,
tpCustomGroupNameFull,
MembershipQuery.None,
ReadIdentityOptions.IncludeReadFromSource);
var aadGroupIdentity = ims.ReadIdentity(IdentitySearchFactor.AccountName,
aadGroupNameFull,
MembershipQuery.None,
ReadIdentityOptions.IncludeReadFromSource);
ims.AddMemberToApplicationGroup(tfsGroupIdentity.Descriptor, aadGroupIdentity.Descriptor);
Console.WriteLine("Group added: " + aadGroupName + " to " + tpCustomGroupName);
return(true);
}
catch (Exception ex)
{
Console.WriteLine("Group cannot be added: " + aadGroupName + ", " + tpCustomGroupName);
return(false);
}
}
/// <summary>
/// Adds the specified user to the TFS security group
/// </summary>
/// <param name="groupID">The TFS Security Group identifier</param>
/// <param name="userName">The User name</param>
/// <returns>true, if successful.</returns>
private bool AddMemberToGroup(IdentityDescriptor groupId, string userName)
{
try
{
TeamFoundationIdentity tfiUser =
idMgmtSvc.ReadIdentity(IdentitySearchFactor.AccountName, userName, MembershipQuery.Direct, ReadIdentityOptions.IncludeReadFromSource);
if (idMgmtSvc.IsMember(groupId, tfiUser.Descriptor))
{
FileHelper.Log("User {0} already part of group {1}", userName, groupId.Identifier);
}
else
{
idMgmtSvc.AddMemberToApplicationGroup(groupId, tfiUser.Descriptor);
FileHelper.Log("User {0} added to group {1}", userName, groupId.Identifier);
}
}
catch (Exception ex)
{
FileHelper.Log(ex.Message);
return(false);
}
return(true);
}
