/// <summary>
/// Adds the specified user to the TFS security group
/// </summary>
/// <param name="groupID">The TFS Security Group identifier</param>
/// <param name="userName">The User name</param>
/// <returns>true, if successful.</returns>
private bool AddMemberToGroup(IdentityDescriptor groupId, string userName)
{
try
{
TeamFoundationIdentity tfiUser =
idMgmtSvc.ReadIdentity(IdentitySearchFactor.AccountName, userName, MembershipQuery.Direct, ReadIdentityOptions.IncludeReadFromSource);
if (idMgmtSvc.IsMember(groupId, tfiUser.Descriptor))
{
FileHelper.Log("User {0} already part of group {1}", userName, groupId.Identifier);
}
else
{
idMgmtSvc.AddMemberToApplicationGroup(groupId, tfiUser.Descriptor);
FileHelper.Log("User {0} added to group {1}", userName, groupId.Identifier);
}
}
catch (Exception ex)
{
FileHelper.Log(ex.Message);
return(false);
}
return(true);
}
internal static void CheckBypassRulePermission(TfsTeamProjectCollection tfs)
{
IIdentityManagementService identityService = (IIdentityManagementService)tfs.GetService(typeof(IIdentityManagementService));
TeamFoundationIdentity serviceAccountIdentity = identityService.ReadIdentity(GroupWellKnownDescriptors.ServiceUsersGroup, MembershipQuery.None, ReadIdentityOptions.None);
TeamFoundationIdentity authenticatedUser;
tfs.GetAuthenticatedIdentity(out authenticatedUser);
if (null == authenticatedUser)
{
return;
}
if (!identityService.IsMember(serviceAccountIdentity.Descriptor, authenticatedUser.Descriptor))
{
return;
throw new PermissionException(
string.Format(TfsWITAdapterResources.UserNotInServiceAccountGroup, authenticatedUser.DisplayName, tfs.Uri.ToString()),
authenticatedUser.DisplayName, string.Empty, serviceAccountIdentity.DisplayName);
}
TraceManager.TraceInformation("BypassRulePermission verified for user '{0}'", authenticatedUser.DisplayName);
}
