private TeamFoundationIdentity ResolveIdentityInternal(
string id,
MembershipQuery queryMembership,
ReadIdentityOptions readIdentityOptions,
IdentitySearchFactor searchFactor)
{
id = id.Trim();
try
{
TeamFoundationIdentity resolvedId = m_identityManagement.ReadIdentity(searchFactor, id, queryMembership, readIdentityOptions);
if (null == resolvedId)
{
resolvedId = ADSearchAssistResolveIdentityInternal(id, queryMembership, readIdentityOptions);
}
return(resolvedId);
}
catch (System.NotSupportedException notSupportedEx)
{
if (notSupportedEx.Message.Contains(searchFactor.ToString()) &&
searchFactor == IdentitySearchFactor.DisplayName)
{
return(ADSearchAssistResolveIdentityInternal(id, queryMembership, readIdentityOptions));
}
else
{
throw;
}
}
}
private void PerformSearch()
{
this.TextBoxSearch.Foreground = Brushes.Black;
if (!string.IsNullOrWhiteSpace(this.TextBoxSearch.Text))
{
ITeamFoundationContext context = this.ParentSection.GetContext();
IIdentityManagementService ims = context.TeamProjectCollection.GetService <IIdentityManagementService>();
// First try search by AccountName
TeamFoundationIdentity userIdentity = ims.ReadIdentity(IdentitySearchFactor.AccountName, this.TextBoxSearch.Text, MembershipQuery.None, ReadIdentityOptions.ExtendedProperties);
if (userIdentity == null)
{
// Next we try search by DisplayName
userIdentity = ims.ReadIdentity(IdentitySearchFactor.DisplayName, this.TextBoxSearch.Text, MembershipQuery.None, ReadIdentityOptions.ExtendedProperties);
if (userIdentity == null)
{
this.TextBoxSearch.Foreground = Brushes.DarkRed;
return;
}
}
this.ParentSection.UserAccountName = this.TextBoxSearch.Text;
this.ParentSection.UserDisplayName = userIdentity.DisplayName;
}
else
{
this.ParentSection.UserAccountName = "@Me";
this.ParentSection.UserDisplayName = string.Empty;
}
this.ParentSection.Refresh();
}
/// <summary>
/// Retrieve the target identity for a given source descriptor
/// </summary>
/// <param name="sourceIdentityDescriptor">Source identity Descriptor</param>
/// <returns>Target Identity</returns>
private TeamFoundationIdentity GetTargetIdentity(IdentityDescriptor sourceIdentityDescriptor)
{
var sourceIdentity = sourceIdentityManagementService.ReadIdentity(
sourceIdentityDescriptor,
MembershipQuery.Direct,
ReadIdentityOptions.ExtendedProperties);
string sourceIdentityMail = sourceIdentity.GetProperty("Mail") as string;
// Try refresh the Identity if we are missing the Mail property
if (string.IsNullOrEmpty(sourceIdentityMail))
{
sourceIdentity = sourceIdentityManagementService.ReadIdentity(
sourceIdentityDescriptor,
MembershipQuery.Direct,
ReadIdentityOptions.ExtendedProperties);
sourceIdentityMail = sourceIdentity.GetProperty("Mail") as string;
}
if (!string.IsNullOrEmpty(sourceIdentityMail))
{
// translate source assignedto name to target identity
var targetIdentity = targetIdentityManagementService.ReadIdentity(
IdentitySearchFactor.MailAddress,
sourceIdentityMail,
MembershipQuery.Direct,
ReadIdentityOptions.None);
if (targetIdentity == null)
{
targetIdentity = targetIdentityManagementService.ReadIdentity(
IdentitySearchFactor.AccountName,
sourceIdentityMail,
MembershipQuery.Direct,
ReadIdentityOptions.None);
}
if (targetIdentity == null)
{
Trace.Write($"Cannot find tester with e-mail [{sourceIdentityMail}] in target system. Cannot assign.", "TestPlansAndSuites");
return(null);
}
return(targetIdentity);
}
else
{
Trace.Write($"No e-mail address known in source system for [{sourceIdentity.DisplayName}]. Cannot translate to target.",
"TestPlansAndSuites");
return(null);
}
}
string GetUserEmail(string userid, string backupName)
{
if (!_emaillookup.ContainsKey(userid))
{
var member = _managementService.ReadIdentity(IdentitySearchFactor.AccountName, userid,
MembershipQuery.Direct, ReadIdentityOptions.ExtendedProperties);
string email;
if (member == null)
{
email = backupName.ToLower().Replace(' ', '.') + "@unit4.com";
}
else
{
email = member.GetProperty("Mail").ToString().ToLower();
}
if (string.IsNullOrEmpty(email))
{
email = "*****@*****.**";
}
if (email.Contains(".old"))
{
email = email.Replace(".old", "");
}
_emaillookup[userid] = email;
}
return(_emaillookup[userid]);
}
/// <summary>
/// Gets the list of project users in a TFS project
/// </summary>
/// <param name="projectCollection">TFS PROJECT COLLECTION</param>
/// <param name="projectName">TFS PROJECT NAME</param>
/// <returns></returns>
public static List <TeamFoundationIdentity> ListContributors(TfsTeamProjectCollection tfsTeamProjectCollection, string projectName)
{
List <TeamFoundationIdentity> tfsUsers = new List <TeamFoundationIdentity>();
IIdentityManagementService ims = (IIdentityManagementService)tfsTeamProjectCollection.GetService(typeof(IIdentityManagementService));
// get the tfs project
ReadOnlyCollection <CatalogNode> projectNodes = tfsTeamProjectCollection.CatalogNode.QueryChildren(new[] { CatalogResourceTypes.TeamProject }, false, CatalogQueryOptions.None);
CatalogNode projectCatalogNode = projectNodes.FirstOrDefault(c => c.Resource.DisplayName == projectName);
if (projectCatalogNode != null && ims != null)
{
TeamFoundationIdentity[] groups = ims.ListApplicationGroups(projectName, ReadIdentityOptions.None);
foreach (TeamFoundationIdentity group in groups)
{
TeamFoundationIdentity sids = ims.ReadIdentity(IdentitySearchFactor.DisplayName, group.DisplayName, MembershipQuery.Expanded, ReadIdentityOptions.IncludeReadFromSource);
if (sids != null)
{
tfsUsers.AddRange(ims.ReadIdentities(sids.Members, MembershipQuery.Expanded, ReadIdentityOptions.None));
}
}
}
//Remove any duplicates (by user-id)
return(tfsUsers.GroupBy(u => u.UniqueName).Select(u => u.First()).ToList());
}
public static string GetOwnerAlias(this WorkItem request)
{
var identity = _identityManagementService.ReadIdentity(IdentitySearchFactor.DisplayName,
request.Fields["Created By"].Value.ToString(), MembershipQuery.None, ReadIdentityOptions.None);
return(identity.UniqueName);
}
static void Main(string[] args)
{
TfsConfigurationServer tcs = new TfsConfigurationServer(new Uri("http://server:8080/tfs"));
IIdentityManagementService ims = tcs.GetService <IIdentityManagementService>();
TeamFoundationIdentity tfi = ims.ReadIdentity(IdentitySearchFactor.AccountName, "Project Collection Valid Users", MembershipQuery.Expanded, ReadIdentityOptions.None);
TeamFoundationIdentity[] ids = ims.ReadIdentities(tfi.Members, MembershipQuery.None, ReadIdentityOptions.None);
using (StreamWriter file = new StreamWriter("userlist.txt"))
foreach (TeamFoundationIdentity id in ids)
{
if (id.Descriptor.IdentityType == "System.Security.Principal.WindowsIdentity")
{
Console.WriteLine(id.DisplayName);
}
//{ Console.WriteLine(id.UniqueName); }
file.WriteLine("[{0}]", id.DisplayName);
}
var count = ids.Count(x => ids.Contains(x));
Console.WriteLine(count);
Console.ReadLine();
}
public static IEnumerable <TeamFoundationIdentity> ReadTFSUsers(TfsTeamProjectCollection tfsTeamProjectCollection, ILogger logger)
{
try
{
logger.Information("Querying Team Foundation Identities from TFS.");
IIdentityManagementService identityService = tfsTeamProjectCollection.GetService <IIdentityManagementService>();
TeamFoundationIdentity teamFoundationIdentity = identityService.ReadIdentity(IdentitySearchFactor.AccountName, "Project Collection Valid Users", MembershipQuery.Expanded, ReadIdentityOptions.ExtendedProperties);
TeamFoundationIdentity[][] teamFoundationIdentities = identityService
.ReadIdentities(
IdentitySearchFactor.Identifier,
teamFoundationIdentity
.Members
.Select(id => id.Identifier)
.ToArray(),
MembershipQuery.None,
ReadIdentityOptions.ExtendedProperties);
return(teamFoundationIdentities
.SelectMany(tfi => tfi)
.Where(tfi => !tfi.IsContainer));
}
catch (Exception e)
{
logger.Error(e.Message);
return(null);
}
}
/// <summary>
/// Extracts the generic security namespace permissions.
/// </summary>
/// <param name="server">The server.</param>
/// <param name="permissionScope">The permission scope.</param>
/// <param name="userIdentity">The user identity.</param>
/// <param name="securityToken">The security token.</param>
/// <param name="identityManagementService">The identityManagementService.</param>
/// <param name="groups">The groups.</param>
/// <returns>List of Permissions</returns>
private static List <Permission> ExtractGenericSecurityNamespacePermissions(ISecurityService server, PermissionScope permissionScope, TeamFoundationIdentity userIdentity, string securityToken, IIdentityManagementService identityManagementService, IEnumerable <string> groups)
{
SecurityNamespace genericSecurityNamespace = server.GetSecurityNamespace(Helpers.GetSecurityNamespaceId(permissionScope, server));
AccessControlList userAccessList =
genericSecurityNamespace.QueryAccessControlList(
securityToken,
new List <IdentityDescriptor> {
userIdentity.Descriptor
},
true);
var result = new List <Permission>();
result.AddRange(Helpers.AccessControlEntryToPermission(genericSecurityNamespace, userAccessList.AccessControlEntries, false, string.Empty));
// handle group inheritance
foreach (string group in groups)
{
TeamFoundationIdentity groupIdentity = identityManagementService.ReadIdentity(IdentitySearchFactor.Identifier, group, MembershipQuery.None, ReadIdentityOptions.IncludeReadFromSource);
AccessControlList groupAccessList =
genericSecurityNamespace.QueryAccessControlList(
securityToken,
new List <IdentityDescriptor> {
groupIdentity.Descriptor
},
true);
result.AddRange(Helpers.AccessControlEntryToPermission(genericSecurityNamespace, groupAccessList.AccessControlEntries, true, groupIdentity.DisplayName));
}
var modifiedPermissions = Helpers.RemoveDuplicatePermissionsAndCombineGroups(result);
return(modifiedPermissions);
}
private static TeamFoundationIdentity GetAllValidUsers(IIdentityManagementService ims)
{
var validUsersGroupMembers = ims.ReadIdentity(GroupWellKnownDescriptors.EveryoneGroup,
MembershipQuery.Direct,
ReadIdentityOptions.None);
return(validUsersGroupMembers);
}
public static TfsTeamProjectCollection CreateImpersonatedCollection(Uri collectionToUse, string userToImpersonate)
{
NetworkCredential defaultNetworkCredentials = CredentialCache.DefaultNetworkCredentials;
TfsTeamProjectCollection tfsTeamProjectCollection = new TfsTeamProjectCollection(collectionToUse, defaultNetworkCredentials);
IIdentityManagementService service = tfsTeamProjectCollection.GetService <IIdentityManagementService>();
TeamFoundationIdentity teamFoundationIdentity = service.ReadIdentity(IdentitySearchFactor.AccountName, userToImpersonate, MembershipQuery.None, ReadIdentityOptions.None);
return(new TfsTeamProjectCollection(collectionToUse, new TfsClientCredentials(), teamFoundationIdentity.Descriptor));
}
public TeamFoundationIdentity GetIdentity(IdentityDescriptor identity)
{
var tfsIdentity = _identityService.ReadIdentity(identity, MembershipQuery.Direct, ReadIdentityOptions.None);
if (tfsIdentity != null)
{
return(tfsIdentity);
}
var adIdentity = _identityService.ReadIdentity(identity, MembershipQuery.Direct, ReadIdentityOptions.IncludeReadFromSource);
if (adIdentity != null)
{
return(adIdentity);
}
throw new Exception($"Identity not found: {identity}");
}
/// <summary>
/// Returns whether the user identity of the given account name or display name exists or not
/// </summary>
/// <param name="userDisplayNameOrAccount">The given account name or display name</param>
/// <returns>True if the given user account or display name exists. False otherwise</returns>
private bool UserIdentityExists(string userDisplayNameOrAccount)
{
ITeamFoundationContext context = this.ParentSection.Context;
IIdentityManagementService ims = context.TeamProjectCollection.GetService <IIdentityManagementService>();
// First try search by AccountName
TeamFoundationIdentity userIdentity = ims.ReadIdentity(IdentitySearchFactor.AccountName, userDisplayNameOrAccount, MembershipQuery.None, ReadIdentityOptions.ExtendedProperties);
if (userIdentity == null)
{
// Next we try search by DisplayName
userIdentity = ims.ReadIdentity(IdentitySearchFactor.DisplayName, userDisplayNameOrAccount, MembershipQuery.None, ReadIdentityOptions.ExtendedProperties);
if (userIdentity == null)
{
return(false);
}
}
return(true);
}
public TestPlanMigration(TfsTeamProjectCollection sourceTfs, TfsTeamProjectCollection destinationTfs, string sourceProject, string destinationProject, Hashtable workItemMap, ProgressBar progressBar)
{
this.sourceproj = GetProject(sourceTfs, sourceProject);
this.destinationproj = GetProject(destinationTfs, destinationProject);
this.workItemMap = workItemMap;
this.progressBar = progressBar;
projectName = sourceProject;
store = (WorkItemStore)destinationTfs.GetService(typeof(WorkItemStore));
workItemTypes = store.Projects[destinationProject].WorkItemTypes;
ims = (IIdentityManagementService)sourceTfs.GetService(typeof(IIdentityManagementService));
UserID = ims.ReadIdentity(IdentitySearchFactor.MailAddress, "*****@*****.**", MembershipQuery.Direct, ReadIdentityOptions.None);
}
public static bool AddAADGroupToTPCustomGroup(string teamProject, string tpCustomGroupName, string aadGroupName, string organizationUrl)
{
VssCredentials creds = new VssClientCredentials();
creds.Storage = new VssClientCredentialStorage();
var tpc = new TfsTeamProjectCollection(new Uri(organizationUrl), creds);
tpc.Connect(Microsoft.TeamFoundation.Framework.Common.ConnectOptions.IncludeServices);
IIdentityManagementService ims = tpc.GetService <IIdentityManagementService>();
string tpCustomGroupNameFull = "[" + teamProject + "]" + "\\" + tpCustomGroupName;
string aadGroupNameFull = "[TEAM FOUNDATION]" + "\\" + aadGroupName; //for AAD Groups
try
{
var tfsGroupIdentity = ims.ReadIdentity(IdentitySearchFactor.AccountName,
tpCustomGroupNameFull,
MembershipQuery.None,
ReadIdentityOptions.IncludeReadFromSource);
var aadGroupIdentity = ims.ReadIdentity(IdentitySearchFactor.AccountName,
aadGroupNameFull,
MembershipQuery.None,
ReadIdentityOptions.IncludeReadFromSource);
ims.AddMemberToApplicationGroup(tfsGroupIdentity.Descriptor, aadGroupIdentity.Descriptor);
Console.WriteLine("Group added: " + aadGroupName + " to " + tpCustomGroupName);
return(true);
}
catch (Exception ex)
{
Console.WriteLine("Group cannot be added: " + aadGroupName + ", " + tpCustomGroupName);
return(false);
}
}
private static void PerformUserAction(ApplicationTask task, IIdentityManagementService ims, string userName, Action <TeamFoundationIdentity> action)
{
// Look up the user by account name.
var userIdentity = ims.ReadIdentity(IdentitySearchFactor.AccountName, userName, MembershipQuery.None, ReadIdentityOptions.IncludeReadFromSource);
if (userIdentity == null)
{
task.SetWarning("The requested user was not found: \"{0}\". Please make sure to use the account name, not the display name (which can be ambiguous).".FormatCurrent(userName));
}
else
{
action(userIdentity);
}
}
/// <summary>
/// Checks if a group exists and returns the descriptor.
/// If the group does not exist, it is created (if the createIfNew flag is set to true).
/// </summary>
/// <param name="scope">Scope Id to limit the search area - default (empty string) is collection level.</param>
/// <param name="groupName">Name of the group. Also used as group description for create.</param>
/// <param name="createIfNew">Set to true for create. Default is false.</param>
/// <returns>The IdentityDescriptor of the group. Returns null in case of any errors.</returns>
private IdentityDescriptor CheckIfGroupExists(string scope, string groupName, bool createIfNew)
{
TeamFoundationIdentity tfi = null;
try
{
// Find the group using Account Name
tfi = idMgmtSvc.ReadIdentity(IdentitySearchFactor.AccountName, groupName,
MembershipQuery.Direct, ReadIdentityOptions.None);
if (tfi == null && createIfNew)
{
FileHelper.Log("Creating new group..." + groupName);
// SCOPE: If a Team Project is found, add the group in that TP.
// If not, add the group at collection level.
// string scopeId = (teamProjectIdentity == null) ? string.Empty : teamProjectIdentity.Descriptor.Identifier;
//string scopeId = tpCollection.Uri.ToString() + "/" + scope;
IdentityDescriptor idDesc = idMgmtSvc.CreateApplicationGroup(scope, groupName, groupName);
FileHelper.Log("Group creation successful..." + groupName);
return(idDesc);
}
else
{
FileHelper.Log("Group identity found..." + groupName);
return(tfi.Descriptor);
}
}
catch (Exception ex)
{
FileHelper.Log(ex.Message);
FileHelper.Log(ex.StackTrace);
}
return(null);
}
private ICollection <UserInfo> GetAllUsers()
{
// Read "everyone" group
var group = _identityManagementService.ReadIdentity(GroupWellKnownDescriptors.EveryoneGroup, MembershipQuery.Expanded, ReadIdentityOptions.None);
// Read identities of that groups members
var resultIdentities = _identityManagementService.ReadIdentities(group.Members, MembershipQuery.Direct, ReadIdentityOptions.DoNotQualifyAccountNames);
// Filter machine accounts
var validLocalUsers = resultIdentities.Where(
identity => identity.Descriptor.IdentityType == "System.Security.Principal.WindowsIdentity" && identity.IsActive && identity.IsContainer == false)
.ToArray();
return(validLocalUsers.Select(x => new UserInfo(x.DisplayName, x.UniqueName)).OrderBy(x => x.DisplayName).ToArray());
}
public static void ScanUsers(TfsTeamProjectCollection tfsTeamProjectCollection, ProjectInfo projectInfo)
{
IIdentityManagementService identityManagementService = tfsTeamProjectCollection.GetService <IIdentityManagementService>();
TeamFoundationIdentity[] projectSecurityGroups = identityManagementService.ListApplicationGroups(
projectInfo.Uri, ReadIdentityOptions.None);
// Get projectValidUsersIdentity Identifier
TeamFoundationIdentity projectValidUsersIdentity = projectSecurityGroups
.FirstOrDefault(psg => psg.GetProperty("SpecialType").ToString().Equals("EveryoneApplicationGroup"));
if (projectValidUsersIdentity == null)
{
return;
}
// Expand projectValidUsersIdentity from Identifier to get the list of Members
projectValidUsersIdentity = identityManagementService.ReadIdentity(
IdentitySearchFactor.Identifier,
projectValidUsersIdentity.Descriptor.Identifier,
MembershipQuery.Expanded, // Number of Members: Direct gives 20, Expanded gives 111, ExpandedDown gives 111, ExpandedUp gives 0.
ReadIdentityOptions.None);
// Expand projectValidUsersIdentity with Members into collection of identities
TeamFoundationIdentity[] projectUsersIdentities = identityManagementService.ReadIdentities(projectValidUsersIdentity.Members,
MembershipQuery.Direct,
ReadIdentityOptions.None);
// First build map from Identifier (which is part of the Descriptor) to Identity object.
foreach (TeamFoundationIdentity userIdentity in projectUsersIdentities)
{
TeamFoundationIdentity currentIdentity = userIdentity;
if (!currentIdentity.BelongsToProject(projectInfo.Uri))
{
continue;
}
TeamProjectScanner.IdToIdentity[currentIdentity.Descriptor.Identifier] = currentIdentity;
TeamProjectScanner.DisplayNameToIdentity[currentIdentity.DisplayName] = currentIdentity;
//Debug.WriteLine("{0}: Members = {1}, MemberOf = {2}", currentIdentity.DisplayName(), currentIdentity.Members.Length, currentIdentity.MemberOf.Length);
}
}
private static string GetNameFromIdentity(string identity)
{
TfsConfigurationServer tcs = new TfsConfigurationServer(new Uri(serverUrl));
IIdentityManagementService ims = tcs.GetService <IIdentityManagementService>();
TeamFoundationIdentity tfi = ims.ReadIdentity(IdentitySearchFactor.AccountName, "[TEAM FOUNDATION]\\Team Foundation Valid Users", MembershipQuery.Expanded, ReadIdentityOptions.None);
TeamFoundationIdentity[] ids = ims.ReadIdentities(tfi.Members, MembershipQuery.None, ReadIdentityOptions.None);
foreach (TeamFoundationIdentity id in ids)
{
if (id.Descriptor.Identifier.ToString().Equals(identity))
{
return(id.DisplayName);
}
}
return("N/A");
}
public string GetEmail(string accountUniqueName)
{
var tfs = this.dte.GetObject("Microsoft.VisualStudio.TeamFoundation.TeamFoundationServerExt") as TeamFoundationServerExt;
if (tfs == null || tfs.ActiveProjectContext == null)
{
return(null);
}
string activeUri = tfs.ActiveProjectContext.DomainUri;
if (string.IsNullOrEmpty(activeUri))
{
return(null);
}
TfsTeamProjectCollection collection = TfsTeamProjectCollectionFactory.GetTeamProjectCollection(new Uri(activeUri));
if (collection == null)
{
return(null);
}
IIdentityManagementService ims = collection.GetService(typeof(IIdentityManagementService)) as IIdentityManagementService;
if (ims == null)
{
return(null);
}
TeamFoundationIdentity identity = ims.ReadIdentity(IdentitySearchFactor.AccountName, accountUniqueName, MembershipQuery.Direct, ReadIdentityOptions.None);
if (identity == null)
{
return(null);
}
string email = identity.GetProperty("Mail") as string;
return(email);
}
/// <summary>
/// Get Email Address from TFS Account or Display Name
/// </summary>
/// <remarks>https://paulselles.wordpress.com/2014/03/24/tfs-api-tfs-user-email-address-lookup-and-reverse-lookup/</remarks>
private string GetEmailAddress(TfsTeamProjectCollection tpc, string displayName)
{
if (string.IsNullOrEmpty(displayName))
{
return(string.Empty);
}
try
{
IIdentityManagementService IdentityManagementService = tpc.GetService <IIdentityManagementService>();
TeamFoundationIdentity teamFoundationIdentity =
IdentityManagementService.ReadIdentity(
IdentitySearchFactor.AccountName | IdentitySearchFactor.DisplayName,
displayName,
MembershipQuery.None,
ReadIdentityOptions.None);
return(teamFoundationIdentity.GetAttribute("Mail", null));
} catch
{
return(string.Empty);
}
}
internal static void CheckBypassRulePermission(TfsTeamProjectCollection tfs)
{
IIdentityManagementService identityService = (IIdentityManagementService)tfs.GetService(typeof(IIdentityManagementService));
TeamFoundationIdentity serviceAccountIdentity = identityService.ReadIdentity(GroupWellKnownDescriptors.ServiceUsersGroup, MembershipQuery.None, ReadIdentityOptions.None);
TeamFoundationIdentity authenticatedUser;
tfs.GetAuthenticatedIdentity(out authenticatedUser);
if (null == authenticatedUser)
{
return;
}
if (!identityService.IsMember(serviceAccountIdentity.Descriptor, authenticatedUser.Descriptor))
{
return;
throw new PermissionException(
string.Format(TfsWITAdapterResources.UserNotInServiceAccountGroup, authenticatedUser.DisplayName, tfs.Uri.ToString()),
authenticatedUser.DisplayName, string.Empty, serviceAccountIdentity.DisplayName);
}
TraceManager.TraceInformation("BypassRulePermission verified for user '{0}'", authenticatedUser.DisplayName);
}
// ===============================================================
// Utility methods - could be moved elsewhere
// For call to create TR we need Ericsson user id (also domain?) - seems like we have what we want here.
// See http://stackoverflow.com/questions/19911368/using-the-tfs-2012-api-how-do-i-get-the-email-address-of-a-user
static public TeamFoundationIdentity GetSignumForAssignedTo(
Microsoft.TeamFoundation.WorkItemTracking.Client.WorkItem workItem)
{
TfsTeamProjectCollection tpc = workItem.Store.TeamProjectCollection;
String userName = workItem.Fields[TFSMapper.TFS_OWNER].Value.ToString();
IIdentityManagementService mgmntService = tpc.GetService <IIdentityManagementService>();
TeamFoundationIdentity member = mgmntService.ReadIdentity(
IdentitySearchFactor.DisplayName,
userName,
MembershipQuery.Direct,
ReadIdentityOptions.ExtendedProperties);
if (member == null)
{
HandlerSettings.LogMessage(
String.Format("Failed to get user identity for user: {0}", userName),
HandlerSettings.LoggingLevel.WARN);
}
return(member);
}
/// <summary>
/// Create TFS Group if not exists
/// </summary>
/// <param name="groupName"></param>
/// <returns></returns>
public TeamFoundationIdentity CreateGroup(string groupName)
{
// Check if group already exists
TeamFoundationIdentity group = _identityManagementService
.ListApplicationGroups(_projectInfo.Uri, ReadIdentityOptions.IncludeReadFromSource)
.FirstOrDefault(g => string.Equals(g.DisplayName, groupName, StringComparison.OrdinalIgnoreCase));
if (group == null)
{
// Prepare group name
var groupNameToCreate = groupName.Replace($"[{_teamProjectName}]\\", "");
// Group doesn't exist, create one
var groupDescriptor = _identityManagementService.CreateApplicationGroup(_projectInfo.Uri, groupNameToCreate, null);
group = _identityManagementService.ReadIdentity(groupDescriptor, MembershipQuery.None, ReadIdentityOptions.IncludeReadFromSource);
Console.WriteLine($"Group created: '{groupName}'");
}
else
{
Console.WriteLine($"Group already exists: '{groupName}'");
}
return(group);
}
private static void AddExpandedMembershipOfValidUsersGroup(IIdentityManagementService ims,
List <TeamFoundationIdentity> membershipGroups,
Dictionary <IdentityDescriptor, TeamFoundationIdentity> allIdentities)
{
// Get expanded membership of the Valid Users group, which is all identities in this host
var validUsersGroupMembers = ims.ReadIdentity(GroupWellKnownDescriptors.EveryoneGroup,
MembershipQuery.Expanded,
ReadIdentityOptions.None);
// If total membership exceeds batch size limit for Read, break it up
const int batchSizeLimit = 100000;
if (validUsersGroupMembers.Members.Length > batchSizeLimit)
{
BatchUpMembershipThatExceedsSizeLimit(validUsersGroupMembers, batchSizeLimit, ims, membershipGroups,
allIdentities);
}
else
{
var memberIdentities = ims.ReadIdentities(validUsersGroupMembers.Members, MembershipQuery.Direct,
ReadIdentityOptions.None);
AddCollectionUsersAndGroupsToLists(memberIdentities, membershipGroups, allIdentities);
}
}
private static void AddExpandedMembershipOfValidUsersGroup(IIdentityManagementService ims,
List<TeamFoundationIdentity> membershipGroups,
Dictionary<IdentityDescriptor, TeamFoundationIdentity> allIdentities)
{
// Get expanded membership of the Valid Users group, which is all identities in this host
var validUsersGroupMembers = ims.ReadIdentity(GroupWellKnownDescriptors.EveryoneGroup,
MembershipQuery.Expanded,
ReadIdentityOptions.None);
// If total membership exceeds batch size limit for Read, break it up
const int batchSizeLimit = 100000;
if (validUsersGroupMembers.Members.Length > batchSizeLimit)
{
BatchUpMembershipThatExceedsSizeLimit(validUsersGroupMembers, batchSizeLimit, ims, membershipGroups,
allIdentities);
}
else
{
var memberIdentities = ims.ReadIdentities(validUsersGroupMembers.Members, MembershipQuery.Direct,
ReadIdentityOptions.None);
AddCollectionUsersAndGroupsToLists(memberIdentities, membershipGroups, allIdentities);
}
}
static void Main(string[] args)
{
TfsConfigurationServer tcs = new TfsConfigurationServer(new Uri("http://tfsserver:8080/tfs"));
IIdentityManagementService ims = tcs.GetService <IIdentityManagementService>();
TeamFoundationIdentity tfi = ims.ReadIdentity(IdentitySearchFactor.AccountName, "[TEAM FOUNDATION]\\Team Foundation Valid Users", MembershipQuery.Expanded, ReadIdentityOptions.None);
TeamFoundationIdentity[] ids = ims.ReadIdentities(tfi.Members, MembershipQuery.None, ReadIdentityOptions.None);
foreach (TeamFoundationIdentity id in ids)
{
if (id.Descriptor.IdentityType == "System.Security.Principal.WindowsIdentity")
{
Console.WriteLine(id.DisplayName);
Console.WriteLine(id.UniqueName);
}
}
Console.ReadLine();
}
/// <summary>
/// Run the extraction algorithm for a specific user
/// </summary>
/// <param name="ims">Identity management service</param>
/// <param name="userName">user name</param>
/// <param name="options">command line parameters</param>
/// <param name="fileName">File name</param>
/// <param name="tfs">team project collection</param>
/// <returns>true if successful</returns>
private static bool ExtractPermissionForUserName(IIdentityManagementService ims, string userName, Options options, string fileName, TfsTeamProjectCollection tfs)
{
TeamFoundationIdentity userIdentity = ims.ReadIdentity(
IdentitySearchFactor.AccountName,
userName,
MembershipQuery.None,
ReadIdentityOptions.IncludeReadFromSource);
if (userIdentity == null)
{
Console.WriteLine("User {0} can't connect to the Collection {1}. Please verifiy!", userName, options.Collection);
Console.ReadLine();
return(false);
}
// get workItem store
var workItemStore = tfs.GetService <WorkItemStore>();
////Initiate Report
// Initiate a new object of Permission Report
var permissionsReport = new PermissionsReport
{
Date = DateTime.Now,
TfsCollectionUrl = options.Collection,
UserName = userName,
TeamProjects = new List <TfsTeamProject>()
};
try
{
// retrieve list of Team Projects in the given collection
ProjectCollection workItemsProjects = workItemStore.Projects;
foreach (Project teamProject in workItemsProjects)
{
if (options.Projects != null)
{
if (!options.Projects.Contains(teamProject.Name))
{
Console.WriteLine(" ...skipping Team Project: {0}", teamProject.Name);
continue;
}
}
// Create project security token
string projectSecurityToken = "$PROJECT:" + teamProject.Uri.AbsoluteUri;
// Project Permissions
var server = tfs.GetService <ISecurityService>();
var vcs = tfs.GetService <VersionControlServer>();
TeamFoundation.Git.Client.GitRepositoryService gitRepostoryService = tfs.GetService <TeamFoundation.Git.Client.GitRepositoryService>();
Console.WriteLine("==== Extracting Permissions for {0} Team Project ====", teamProject.Name);
List <string> groups = GetUserGroups(tfs, teamProject.Uri.AbsoluteUri, userIdentity);
List <Permission> projectLevelPermissions = ExtractGenericSecurityNamespacePermissions(server, PermissionScope.TeamProject, userIdentity, projectSecurityToken, ims, groups);
// Version Control Permissions
List <Permission> versionControlPermissions = ExtractVersionControlPermissions(server, groups, userIdentity, teamProject.Name, ims, vcs);
List <GitPermission> gitVersionControlPermissions = ExtractGitVersionControlPermissions(server, groups, userIdentity, teamProject.Name, ims, vcs, gitRepostoryService);
// Build Permissions
List <Permission> buildPermissions = ExtractBuildPermissions(server, projectSecurityToken, userIdentity);
// WorkItems Area Permissions
List <AreaPermission> areasPermissions = ExtractAreasPermissions(server, teamProject, userIdentity, ims, groups);
// WorkItems Iteration Permissions
List <IterationPermission> iterationPermissions = ExtractIterationPermissions(server, teamProject, userIdentity, ims, groups);
// Workspace Permissions
// var workspacePermission = ExtractGenericSecurityNamespacePermissions(server, PermissionScope.Workspaces, userIdentity, projectSecurityToken, ims, groups);
// Set TFS report Data
// Create Team Project node in XML file
var tfsTeamProject = new TfsTeamProject
{
Name = teamProject.Name,
AreaPermissions = areasPermissions,
BuildPermissions = buildPermissions,
IterationPermissions = iterationPermissions,
ProjectLevelPermissions =
new ProjectLevelPermissions
{
ProjectLevelPermissionsList
=
projectLevelPermissions
},
GitVersionControlPermissions = new GitVersionControlPermissions
{
VersionControlPermissionsList = gitVersionControlPermissions
},
VersionControlPermissions = new VersionControlPermissions
{
VersionControlPermissionsList = versionControlPermissions
}
};
tfsTeamProject.VersionControlPermissions.VersionControlPermissionsList.AddRange(versionControlPermissions);
permissionsReport.TeamProjects.Add(tfsTeamProject);
}
// Generate output file
FileInfo fi = new FileInfo(fileName);
if (!Directory.Exists(fi.DirectoryName))
{
Console.Write("Creating Output Directory {0}", fi.DirectoryName);
Directory.CreateDirectory(fi.DirectoryName);
}
var fs = new FileStream(fileName, FileMode.Create);
var streamWriter = new StreamWriter(fs, Encoding.UTF8);
using (streamWriter)
{
var xmlSerializer = new XmlSerializer(typeof(PermissionsReport));
xmlSerializer.Serialize(streamWriter, permissionsReport);
streamWriter.Flush();
}
if (options.Html)
{
var tranformationFileName = Path.Combine(Path.GetDirectoryName(fileName), "ALMRanger.xsl");
File.WriteAllText(tranformationFileName, Resources.ALMRangers_SampleXslt);
var htmlOuput = Path.ChangeExtension(fileName, ".html");
var logoFile = Path.Combine(Path.GetDirectoryName(fileName), "ALMRangers_Logo.png");
Resources.ALMRangers_Logo.Save(logoFile);
XmlTransformationManager.TransformXmlUsingXsl(fileName, tranformationFileName, htmlOuput);
}
return(true);
}
catch (TeamFoundationServiceException ex)
{
Console.WriteLine(ex.Message);
return(false);
}
}
/// <summary>
/// Sample method on how to extracts the git version control permissions.
/// </summary>
/// <param name="server">The server.</param>
/// <param name="groups">The groups.</param>
/// <param name="userIdentity">The user identity.</param>
/// <param name="projectSecurityToken">The project security token.</param>
/// <param name="identityManagementService">The identityManagementService.</param>
/// <param name="vcs">The VCS.</param>
/// <param name="gitService">The git service.</param>
/// <returns>List of Permissions</returns>
private static List <GitPermission> ExtractGitVersionControlPermissions(
ISecurityService server,
List <string> groups,
TeamFoundationIdentity userIdentity,
string projectSecurityToken,
IIdentityManagementService identityManagementService,
VersionControlServer vcs,
GitRepositoryService gitService)
{
Console.WriteLine("== Extract Git Version Control Permissions ==");
SecurityNamespace gitVersionControlSecurityNamespace = server.GetSecurityNamespace(Helpers.GetSecurityNamespaceId(PermissionScope.GitSourceControl, server));
IList <GitRepository> gitProjectRepoService = gitService.QueryRepositories(projectSecurityToken);
var groupsIdentities = new List <TeamFoundationIdentity>(groups.Count);
foreach (string group in groups)
{
TeamFoundationIdentity groupIdentity = identityManagementService.ReadIdentity(
IdentitySearchFactor.Identifier, group, MembershipQuery.None,
ReadIdentityOptions.IncludeReadFromSource);
groupsIdentities.Add(groupIdentity);
}
var results = new List <GitPermission>();
foreach (GitRepository repo in gitProjectRepoService)
{
string primaryBranch = (repo.DefaultBranch ?? "(no default branch)").StartsWith("refs/heads/") ?
repo.DefaultBranch.Substring(11) :
repo.DefaultBranch;
Console.WriteLine(" -- Repo: {0} branch {1}", repo.Name, primaryBranch);
// Repository Security Token is repoV2/TeamProjectId/RepositoryId
string repoIdToken = string.Format("repoV2{0}{1}{2}{3}",
gitVersionControlSecurityNamespace.Description.SeparatorValue,
repo.ProjectReference.Id,
gitVersionControlSecurityNamespace.Description.SeparatorValue,
repo.Id);
AccessControlList versionControlAccessList =
gitVersionControlSecurityNamespace.QueryAccessControlList(
repoIdToken,
new List <IdentityDescriptor> {
userIdentity.Descriptor
},
true);
var gitVersionControlPermissions = new List <Permission>();
foreach (AccessControlEntry ace in versionControlAccessList.AccessControlEntries)
{
foreach (AclAndName aclAndName in Helpers.EnumerateAcls(ace, false))
{
if (aclAndName.Acl != 0)
{
string versionControlPermissions = ((EnumerationsList.GitPermissions)aclAndName.Acl).ToString();
gitVersionControlPermissions.AddRange(
Helpers.GetActionDetailsByName(versionControlPermissions, aclAndName.Name,
PermissionScope.GitSourceControl));
}
}
}
foreach (TeamFoundationIdentity groupIdentity in groupsIdentities)
{
AccessControlList groupAccessList =
gitVersionControlSecurityNamespace.QueryAccessControlList(
repoIdToken,
new List <IdentityDescriptor> {
groupIdentity.Descriptor
},
true);
foreach (AccessControlEntry ace in groupAccessList.AccessControlEntries)
{
foreach (AclAndName aclAndName in Helpers.EnumerateAcls(ace, true))
{
if (aclAndName.Acl != 0)
{
string versionControlPermissions = ((EnumerationsList.GitPermissions)aclAndName.Acl).ToString();
gitVersionControlPermissions.AddRange(
Helpers.GetActionDetailsByName(versionControlPermissions, aclAndName.Name,
PermissionScope.GitSourceControl));
}
}
}
}
List <Permission> modifiedPermissions = Helpers.RemoveDuplicatePermissionsAndCombineGroups(gitVersionControlPermissions);
results.AddRange(modifiedPermissions.Select(perm => new GitPermission(perm, repo.Name, primaryBranch)));
}
return(results);
}
/// <summary>
/// Extracts the generic security namespace permissions.
/// </summary>
/// <param name="server">The server.</param>
/// <param name="permissionScope">The permission scope.</param>
/// <param name="userIdentity">The user identity.</param>
/// <param name="securityToken">The security token.</param>
/// <param name="identityManagementService">The identityManagementService.</param>
/// <param name="groups">The groups.</param>
/// <returns>List of Permissions</returns>
private static List<Permission> ExtractGenericSecurityNamespacePermissions(ISecurityService server, PermissionScope permissionScope, TeamFoundationIdentity userIdentity, string securityToken, IIdentityManagementService identityManagementService, IEnumerable<string> groups)
{
SecurityNamespace genericSecurityNamespace = server.GetSecurityNamespace(Helpers.GetSecurityNamespaceId(permissionScope, server));
AccessControlList userAccessList =
genericSecurityNamespace.QueryAccessControlList(
securityToken,
new List<IdentityDescriptor> { userIdentity.Descriptor },
true);
var result = new List<Permission>();
result.AddRange(Helpers.AccessControlEntryToPermission(genericSecurityNamespace, userAccessList.AccessControlEntries, false, string.Empty));
// handle group inheritance
foreach (string group in groups)
{
TeamFoundationIdentity groupIdentity = identityManagementService.ReadIdentity(IdentitySearchFactor.Identifier, group, MembershipQuery.None, ReadIdentityOptions.IncludeReadFromSource);
AccessControlList groupAccessList =
genericSecurityNamespace.QueryAccessControlList(
securityToken,
new List<IdentityDescriptor> { groupIdentity.Descriptor },
true);
result.AddRange(Helpers.AccessControlEntryToPermission(genericSecurityNamespace, groupAccessList.AccessControlEntries, true, groupIdentity.DisplayName));
}
var modifiedPermissions = Helpers.RemoveDuplicatePermissionsAndCombineGroups(result);
return modifiedPermissions;
}
private static TeamFoundationIdentity GetAllValidUsers(IIdentityManagementService ims)
{
var validUsersGroupMembers = ims.ReadIdentity(GroupWellKnownDescriptors.EveryoneGroup,
MembershipQuery.Direct,
ReadIdentityOptions.None);
return validUsersGroupMembers;
}
/// <summary>
/// Run the extraction algorithm for a specific user
/// </summary>
/// <param name="ims">Identity management service</param>
/// <param name="userName">user name</param>
/// <param name="options">command line parameters</param>
/// <param name="fileName">File name</param>
/// <param name="tfs">team project collection</param>
/// <returns>true if successful</returns>
private static bool ExtractPermissionForUserName(IIdentityManagementService ims, string userName, Options options, string fileName, TfsTeamProjectCollection tfs)
{
TeamFoundationIdentity userIdentity = ims.ReadIdentity(
IdentitySearchFactor.AccountName,
userName,
MembershipQuery.None,
ReadIdentityOptions.IncludeReadFromSource);
if (userIdentity == null)
{
Console.WriteLine("User {0} can't connect to the Collection {1}. Please verifiy!", userName, options.Collection);
Console.ReadLine();
return false;
}
// get workItem store
var workItemStore = tfs.GetService<WorkItemStore>();
////Initiate Report
// Initiate a new object of Permission Report
var permissionsReport = new PermissionsReport
{
Date = DateTime.Now,
TfsCollectionUrl = options.Collection,
UserName = userName,
TeamProjects = new List<TfsTeamProject>()
};
try
{
// retrieve list of Team Projects in the given collection
ProjectCollection workItemsProjects = workItemStore.Projects;
foreach (Project teamProject in workItemsProjects)
{
if (options.Projects != null)
{
if (!options.Projects.Contains(teamProject.Name))
{
Console.WriteLine(" ...skipping Team Project: {0}", teamProject.Name);
continue;
}
}
// Create project security token
string projectSecurityToken = "$PROJECT:" + teamProject.Uri.AbsoluteUri;
// Project Permissions
var server = tfs.GetService<ISecurityService>();
var vcs = tfs.GetService<VersionControlServer>();
TeamFoundation.Git.Client.GitRepositoryService gitRepostoryService = tfs.GetService<TeamFoundation.Git.Client.GitRepositoryService>();
Console.WriteLine("==== Extracting Permissions for {0} Team Project ====", teamProject.Name);
var groups = GetUserGroups(tfs, teamProject.Uri.AbsoluteUri, userIdentity);
var projectLevelPermissions = ExtractGenericSecurityNamespacePermissions(server, PermissionScope.TeamProject, userIdentity, projectSecurityToken, ims, groups);
// Version Control Permissions
var versionControlPermissions = ExtractVersionControlPermissions(server, groups, userIdentity, teamProject.Name, ims, vcs);
var gitVersionControlPermissions = ExtractGitVersionControlPermissions(server, groups, userIdentity, teamProject.Name, ims, vcs, gitRepostoryService);
// Build Permissions
var buildPermissions = ExtractBuildPermissions(server, projectSecurityToken, userIdentity);
// WorkItems Area Permissions
var areasPermissions = ExtractAreasPermissions(server, teamProject, userIdentity, ims, groups);
// WorkItems Iteration Permissions
var iterationPermissions = ExtractIterationPermissions(server, teamProject, userIdentity, ims, groups);
// Workspace Permissions
// var workspacePermission = ExtractGenericSecurityNamespacePermissions(server, PermissionScope.Workspaces, userIdentity, projectSecurityToken, ims, groups);
// Set TFS report Data
// Create Team Project node in XML file
var tfsTeamProject = new TfsTeamProject
{
Name = teamProject.Name,
AreaPermissions = areasPermissions,
BuildPermissions = buildPermissions,
IterationPermissions = iterationPermissions,
ProjectLevelPermissions =
new ProjectLevelPermissions
{
ProjectLevelPermissionsList
=
projectLevelPermissions
},
GitVersionControlPermissions = new VersionControlPermissions
{
VersionControlPermissionsList = gitVersionControlPermissions
},
VersionControlPermissions = new VersionControlPermissions
{
VersionControlPermissionsList = versionControlPermissions
}
};
tfsTeamProject.VersionControlPermissions.VersionControlPermissionsList.AddRange(versionControlPermissions);
permissionsReport.TeamProjects.Add(tfsTeamProject);
}
// Generate output file
FileInfo fi = new FileInfo(fileName);
if (!Directory.Exists(fi.DirectoryName))
{
Console.Write("Creating Output Directory {0}", fi.DirectoryName);
Directory.CreateDirectory(fi.DirectoryName);
}
var fs = new FileStream(fileName, FileMode.Create);
var streamWriter = new StreamWriter(fs, Encoding.UTF8);
using (streamWriter)
{
var xmlSerializer = new XmlSerializer(typeof(PermissionsReport));
xmlSerializer.Serialize(streamWriter, permissionsReport);
streamWriter.Flush();
}
if (options.Html)
{
var tranformationFileName = Path.Combine(Path.GetDirectoryName(fileName), "ALMRanger.xsl");
File.WriteAllText(tranformationFileName, Resources.ALMRangers_SampleXslt);
var htmlOuput = Path.ChangeExtension(fileName, ".html");
var logoFile = Path.Combine(Path.GetDirectoryName(fileName), "ALMRangers_Logo.png");
Resources.ALMRangers_Logo.Save(logoFile);
XmlTransformationManager.TransformXmlUsingXsl(fileName, tranformationFileName, htmlOuput);
}
return true;
}
catch (TeamFoundationServiceException ex)
{
Console.WriteLine(ex.Message);
return false;
}
}
static void Main(string[] args)
{
//Get Office VSTS Projects
IEnumerable <TeamProjectReference> projects = GetVstsProjects();
//Access VSTS Groups
TfsConfigurationServer tcs = new TfsConfigurationServer(new Uri(ConfigurationManager.AppSettings["Uri"]));
IIdentityManagementService ims = tcs.GetService <IIdentityManagementService>();
//Create Table for Storing Excel Data
DataTable admins = new DataTable();
admins.Clear();
admins.Columns.Add("ProjectName");
admins.Columns.Add("Email");
//List for storing json strings
List <Project> projectList = new List <Project>();
//Iterate through projects to get admins
foreach (TeamProjectReference project in projects)
{
string projectInfo = $"[{project.Name}]\\{ConfigurationManager.AppSettings["Group"]}";
TeamFoundationIdentity tfi = ims.ReadIdentity(IdentitySearchFactor.AccountName, projectInfo, MembershipQuery.Direct, ReadIdentityOptions.None);
List <TeamFoundationIdentity> ids = new List <TeamFoundationIdentity>();
foreach (IdentityDescriptor identity in tfi.Members)
{
try
{
TeamFoundationIdentity group = ims.ReadIdentity(identity,
MembershipQuery.ExpandedDown, ReadIdentityOptions.None);
GetAllProjectAdmins(group, ims, ref ids);
}
catch
{
TeamFoundationIdentity single = ims.ReadIdentity(identity, MembershipQuery.None, ReadIdentityOptions.None);
ids.Add(single);
}
}
Console.WriteLine($"Members of {projectInfo}");
Project proj = new Project {
Name = project.Name
};
proj.Administrators = new List <string>();
foreach (TeamFoundationIdentity identity in ids)
{
if (!proj.Administrators.Contains(identity.UniqueName))
{
//Add admin to DataTable
DataRow admin = admins.NewRow();
admin["ProjectName"] = project.Name;
admin["Email"] = identity.UniqueName;
admins.Rows.Add(admin);
//Add admin to Project Admin List
proj.Administrators.Add(identity.UniqueName);
Console.WriteLine(identity.UniqueName);
}
}
projectList.Add(proj);
}
//SaveAsExcel(admins);
SaveAsJson(projectList);
}
/// <summary>
/// Sample method on how to extracts the git version control permissions.
/// </summary>
/// <param name="server">The server.</param>
/// <param name="groups">The groups.</param>
/// <param name="userIdentity">The user identity.</param>
/// <param name="projectSecurityToken">The project security token.</param>
/// <param name="identityManagementService">The identityManagementService.</param>
/// <param name="vcs">The VCS.</param>
/// <param name="gitService">The git service.</param>
/// <returns>List of Permissions</returns>
private static List<Permission> ExtractGitVersionControlPermissions(ISecurityService server, IEnumerable<string> groups, TeamFoundationIdentity userIdentity, string projectSecurityToken, IIdentityManagementService identityManagementService, VersionControlServer vcs, TeamFoundation.Git.Client.GitRepositoryService gitService)
{
Console.WriteLine("== Extract Git Version Control Permissions ==");
SecurityNamespace gitVersionControlSecurityNamespace = server.GetSecurityNamespace(Helpers.GetSecurityNamespaceId(PermissionScope.GitSourceControl, server));
var gitProjectRepoService = gitService.QueryRepositories(projectSecurityToken);
// This sample handle only the default repository, you can iterate through all repositories same way
var defaultGitRepo = gitProjectRepoService.SingleOrDefault(gr => gr.Name.Equals(projectSecurityToken));
vcs.TryGetTeamProject(projectSecurityToken);
if (defaultGitRepo == null)
{
return new List<Permission>();
}
// Repository Security Token is repoV2/TeamProjectId/RepositoryId
var repoIdToken = string.Format("repoV2{0}{1}{2}{3}", gitVersionControlSecurityNamespace.Description.SeparatorValue, defaultGitRepo.ProjectReference.Id, gitVersionControlSecurityNamespace.Description.SeparatorValue, defaultGitRepo.Id);
// vcs.GetTeamProject(projectSecurityToken);
AccessControlList versionControlAccessList =
gitVersionControlSecurityNamespace.QueryAccessControlList(
repoIdToken,
new List<IdentityDescriptor> { userIdentity.Descriptor },
true);
var gitVersionControlPermissions = new List<Permission>();
foreach (AccessControlEntry ace in versionControlAccessList.AccessControlEntries)
{
if (0 != ace.Allow)
{
var allowedVersionControlPermissions = ((EnumrationsList.GitPermissions)ace.Allow).ToString();
gitVersionControlPermissions.AddRange(
Helpers.GetActionDetailsByName(allowedVersionControlPermissions, "Allow", PermissionScope.GitSourceControl));
}
if (0 != ace.Deny)
{
var denyVersionControlPermissions = ((EnumrationsList.GitPermissions)ace.Deny).ToString();
gitVersionControlPermissions.AddRange(
Helpers.GetActionDetailsByName(denyVersionControlPermissions, "Deny", PermissionScope.GitSourceControl));
}
}
if (gitVersionControlPermissions.Count == 0)
{
foreach (AccessControlEntry ace in versionControlAccessList.AccessControlEntries)
{
if (0 != ace.ExtendedInfo.EffectiveAllow)
{
var allowedVersionControlPermissions = ((EnumrationsList.GitPermissions)ace.ExtendedInfo.EffectiveAllow).ToString();
gitVersionControlPermissions.AddRange(
Helpers.GetActionDetailsByName(allowedVersionControlPermissions, "Allow", PermissionScope.GitSourceControl));
}
if (0 != ace.ExtendedInfo.EffectiveDeny)
{
var denyVersionControlPermissions = ((EnumrationsList.GitPermissions)ace.ExtendedInfo.EffectiveDeny).ToString();
gitVersionControlPermissions.AddRange(
Helpers.GetActionDetailsByName(denyVersionControlPermissions, "Deny", PermissionScope.GitSourceControl));
}
}
}
foreach (string group in groups)
{
TeamFoundationIdentity groupIdentity = identityManagementService.ReadIdentity(IdentitySearchFactor.Identifier, group, MembershipQuery.None, ReadIdentityOptions.IncludeReadFromSource);
AccessControlList groupAccessList =
gitVersionControlSecurityNamespace.QueryAccessControlList(
repoIdToken,
new List<IdentityDescriptor> { groupIdentity.Descriptor },
true);
foreach (AccessControlEntry ace in groupAccessList.AccessControlEntries)
{
if (0 != ace.Allow)
{
var allowedPermissions = ((EnumrationsList.GitPermissions)ace.Allow).ToString();
var permissionsList = Helpers.GetActionDetailsByName(allowedPermissions, "Inherited Allow", PermissionScope.GitSourceControl);
Helpers.AppendGroupInheritanceInformation(permissionsList, groupIdentity.DisplayName);
gitVersionControlPermissions.AddRange(permissionsList);
}
if (0 != ace.Deny)
{
var denyPermissions = ((EnumrationsList.GitPermissions)ace.Deny).ToString();
var permissionsList = Helpers.GetActionDetailsByName(denyPermissions, "Inherited Deny", PermissionScope.GitSourceControl);
Helpers.AppendGroupInheritanceInformation(permissionsList, groupIdentity.DisplayName);
gitVersionControlPermissions.AddRange(permissionsList);
}
}
}
var modifiedPermissions = Helpers.RemoveDuplicatePermissionsAndCombineGroups(gitVersionControlPermissions);
return modifiedPermissions;
}
