public static dataModel.PermissionScopeEntity ToDataModel(this PermissionScope source) { var result = new dataModel.PermissionScopeEntity(); result.InjectFrom(source); return(result); }
protected bool HasTableAccess(string tableName, IPrincipal currentUser, PermissionScope scope) { var security = this.Database.Security(tableName); // No Table Security? Allowed. if (!security.HasTableAccessSecurity) { return(true); } // No user identity? Forbidden! if (currentUser == null || !currentUser.Identity.IsAuthenticated) { return(false); } // Try user first, cheap check. if (security.IsIdentityInPermissionScope(IdentityScope.User, currentUser.Identity.Name, scope)) { return(true); } // See if the user is in any allowed groups. foreach (var group in security.GetScopeIdentities(scope, IdentityScope.Group)) { if (_claimsAuth.IsUserInGroup(currentUser, group.Name)) { return(true); } } return(false); }
/// <summary> /// Gets a value indicating whether the specified identity is a member of the specified permission scope. /// </summary> /// <param name="type">Identity scope.</param> /// <param name="identity">Identity.</param> /// <param name="scope">Permissions scope.</param> /// <returns>True is the specified identity is within the specified scope, otherwise false.</returns> public bool IsIdentityInPermissionScope(IdentityScope type, string identity, PermissionScope scope) { var si = SecurityIdentity.Create(type, identity); // TODO: Consider making a virtual hash set and calling contains (it'll be faster). return(this.GetScopeIdentities(scope, type).Any(i => i.Equals(si))); }
public Permission(PermissionScope scope, string displayName, string permissionConstant, int permissionBit) { this.Scope = scope; this.PermissionConstant = permissionConstant; this.DisplayName = displayName; this.PermissionBit = permissionBit; }
/// <summary> /// 获取权限范围的设置 /// </summary> /// <param name="organizeIds">有权限的组织机构</param> /// <returns>权限范围</returns> public static PermissionScope GetPermissionScope(string[] organizeIds) { PermissionScope returnValue = PermissionScope.None; //foreach (PermissionScope permissionScope in (PermissionScope[])Enum.GetValues(typeof(PermissionScope))) //{ // if (StringUtil.Exists(organizeIds, permissionScope.ToString())) // { // returnValue = permissionScope; // break; // } //} #region BUG修复 foreach (PermissionScope permissionScope in (PermissionScope[])Enum.GetValues(typeof(PermissionScope))) { int scope = Convert.ToInt32(permissionScope); if (StringUtil.Exists(organizeIds, scope.ToString())) { returnValue = permissionScope; break; } } #endregion return(returnValue); }
/// <summary> /// Expose scopes for the web API. /// </summary> /// <param name="graphServiceClient"></param> /// <param name="createdApplication"></param> /// <returns></returns> private static async Task ExposeScopes(GraphServiceClient graphServiceClient, Application createdApplication) { var updatedApp = new Application { IdentifierUris = new[] { $"api://{createdApplication.AppId}" }, }; var scopes = createdApplication.Api.Oauth2PermissionScopes?.ToList() ?? new List <PermissionScope>(); var newScope = new PermissionScope { Id = Guid.NewGuid(), AdminConsentDescription = "Allows the app to access the web API on behalf of the signed-in user", AdminConsentDisplayName = "Access the API on behalf of a user", Type = "User", IsEnabled = true, UserConsentDescription = "Allows this app to access the web API on your behalf", UserConsentDisplayName = "Access the API on your behalf", Value = "access_as_user", }; scopes.Add(newScope); updatedApp.Api = new ApiApplication { Oauth2PermissionScopes = scopes }; await graphServiceClient.Applications[createdApplication.Id] .Request() .UpdateAsync(updatedApp).ConfigureAwait(false); }
public static PermissionScopeEntity ToDataModel(this PermissionScope source) { var result = new PermissionScopeEntity(); result = Mapper.Map <PermissionScope, PermissionScopeEntity>(source); return(result); }
public async Task RevokePermissionsAsync(PermissionScope scope, IdentityScope identityType, string identity) { var resp = await _client.SendObjectAsync(HttpMethod.Delete, String.Format("table/{0}/permissions/{1}", _tableName, scope.ToString().ToLowerInvariant()), value : SecurityIdentity.Create(identityType, identity)); await resp.EnsureArribaSuccess(); return; }
public PermissionGroupFactory(PermissionScope scope, Guid securityNamespaceId, string displayName, IEnumerable <string> excludedActions, Func <TfsTeamProjectCollection, TfsMajorVersion, string, string, IList <string> > objectTokenFactory) { this.scope = scope; this.securityNamespaceId = securityNamespaceId; this.displayName = displayName; this.excludedActions = excludedActions ?? Enumerable.Empty <string>(); this.objectTokenFactory = objectTokenFactory; }
public async Task RemovePermissionsAsync(PermissionScope permissionsScope, string identity) { var resp = await _client.SendObjectAsync( HttpMethod.Delete, String.Format("table/{0}/permissions/{1}/{2}", _tableName, permissionsScope, identity)); await resp.EnsureArribaSuccess(); return; }
/// <summary> /// Loads from json. /// </summary> /// <param name="jsonProperty">The json property.</param> /// <param name="service"></param> internal override void LoadFromJson(JsonObject jsonProperty, ExchangeService service) { foreach (string key in jsonProperty.Keys) { switch (key) { case XmlElementNames.UserId: this.UserId = new UserId(); this.UserId.LoadFromJson(jsonProperty.ReadAsJsonObject(key), service); break; case XmlElementNames.CanCreateItems: this.canCreateItems = jsonProperty.ReadAsBool(key); break; case XmlElementNames.CanCreateSubFolders: this.canCreateSubFolders = jsonProperty.ReadAsBool(key); break; case XmlElementNames.IsFolderOwner: this.isFolderOwner = jsonProperty.ReadAsBool(key); break; case XmlElementNames.IsFolderVisible: this.isFolderVisible = jsonProperty.ReadAsBool(key); break; case XmlElementNames.IsFolderContact: this.isFolderContact = jsonProperty.ReadAsBool(key); break; case XmlElementNames.EditItems: this.editItems = jsonProperty.ReadEnumValue <PermissionScope>(key); break; case XmlElementNames.DeleteItems: this.deleteItems = jsonProperty.ReadEnumValue <PermissionScope>(key); break; case XmlElementNames.ReadItems: this.readItems = jsonProperty.ReadEnumValue <FolderPermissionReadAccess>(key); break; case XmlElementNames.PermissionLevel: case XmlElementNames.CalendarPermissionLevel: this.permissionLevel = jsonProperty.ReadEnumValue <FolderPermissionLevel>(key); break; default: break; } } this.AdjustPermissionLevel(); }
public async Task <PermissionScope> ExecuteAsync(PermissionScope scope, SqlConnection connection, SqlTransaction transaction = default, CancellationToken cancellationToken = default) { using var command = Get(scope, connection, transaction); if (await command.ExecuteNonQueryAsync(cancellationToken) == ALLOWEDAFFECTEDROWS) { scope.Id = command.Parameters.GetInt32(PARAM_ID); return(scope); } return(default);
/// <summary> /// Copies the values of the individual permissions of the specified folder permission /// to this folder permissions. /// </summary> /// <param name="permission">The folder permission to copy the values from.</param> private void AssignIndividualPermissions(FolderPermission permission) { this.canCreateItems = permission.CanCreateItems; this.canCreateSubFolders = permission.CanCreateSubFolders; this.isFolderContact = permission.IsFolderContact; this.isFolderOwner = permission.IsFolderOwner; this.isFolderVisible = permission.IsFolderVisible; this.editItems = permission.EditItems; this.deleteItems = permission.DeleteItems; this.readItems = permission.ReadItems; }
/// <summary> /// Grant the specified identity for the specified permission scope. /// </summary> /// <param name="identity">Identity to grant permissions to.</param> /// <param name="scope">Scope of permissions to grant (Owner, Writer, Reader)</param> public void Grant(SecurityIdentity identity, PermissionScope scope) { if (Owners.Count == 0 && scope != PermissionScope.Owner) { throw new ArribaException(String.Format("Unable to grant permission scope {0} as there are no identities with owner scope", scope)); } var target = GetSpecificPermissionsScopeHashSet(scope); target.Add(identity); }
public static PermissionScope GetPermissionScope(string[] organizeIds) { PermissionScope none = PermissionScope.None; foreach (PermissionScope scope2 in (PermissionScope[])Enum.GetValues(typeof(PermissionScope))) { if (Exists(organizeIds, scope2.ToString())) { return(scope2); } } return(none); }
protected bool HasTableAccess(string tableName, IPrincipal currentUser, PermissionScope scope) { var security = this.Database.Security(tableName); // No security? Allowed. if (!security.HasTableAccessSecurity) { return(true); } // Otherwise check permissions return(HasPermission(security, currentUser, scope)); }
/// <summary> /// 权限验证 /// </summary> /// <param name="itemKey">权限项目标识</param> /// <param name="permissionScope">权限许可范围</param> /// <returns>通过验证返回true,否则返回false</returns> public bool Validate(string itemKey, PermissionScope permissionScope) { bool result = false; if (userPermissionSettings.ContainsKey(itemKey)) { PermissionSetting permissionSetting = userPermissionSettings[itemKey]; if (permissionSetting.PermissionType == PermissionType.Allow && (int)permissionSetting.PermissionScope >= (int)permissionScope) { result = true; } } return(result); }
/// <summary> /// Tries to read element from XML. /// </summary> /// <param name="reader">The reader.</param> /// <returns>True if element was read.</returns> internal override bool TryReadElementFromXml(EwsServiceXmlReader reader) { switch (reader.LocalName) { case XmlElementNames.UserId: this.UserId = new UserId(); this.UserId.LoadFromXml(reader, reader.LocalName); return(true); case XmlElementNames.CanCreateItems: this.canCreateItems = reader.ReadValue <bool>(); return(true); case XmlElementNames.CanCreateSubFolders: this.canCreateSubFolders = reader.ReadValue <bool>(); return(true); case XmlElementNames.IsFolderOwner: this.isFolderOwner = reader.ReadValue <bool>(); return(true); case XmlElementNames.IsFolderVisible: this.isFolderVisible = reader.ReadValue <bool>(); return(true); case XmlElementNames.IsFolderContact: this.isFolderContact = reader.ReadValue <bool>(); return(true); case XmlElementNames.EditItems: this.editItems = reader.ReadValue <PermissionScope>(); return(true); case XmlElementNames.DeleteItems: this.deleteItems = reader.ReadValue <PermissionScope>(); return(true); case XmlElementNames.ReadItems: this.readItems = reader.ReadValue <FolderPermissionReadAccess>(); return(true); case XmlElementNames.PermissionLevel: case XmlElementNames.CalendarPermissionLevel: this.permissionLevel = reader.ReadValue <FolderPermissionLevel>(); return(true); default: return(false); } }
/// <summary> /// Initializes a new instance of the <see cref="Permission"/> class. /// </summary> /// <param name="scope"> /// The scope. /// </param> /// <param name="displayName"> /// The display name. /// </param> /// <param name="internalName"> /// The internal name. /// </param> /// <param name="permissionConstant"> /// The permission constant. /// </param> /// <param name="permissionId"> /// The permission id. /// </param> /// <param name="permissionState"> /// The permission state. /// </param> public Permission( PermissionScope scope, string displayName, string internalName, string permissionConstant, int permissionId, string permissionState) { Scope = scope; PermissionConstant = permissionConstant; DisplayName = displayName; PermissionId = permissionId; InternalName = internalName; Value = permissionState; }
/// <summary> /// Gets an enumeration of security identities that match the specified permission scope. /// </summary> /// <param name="permissions">Permission scope</param> /// <param name="identityScope">Identity scope predicate.</param> /// <returns>Enumeration of security identities.</returns> public IEnumerable <SecurityIdentity> GetScopeIdentities(PermissionScope permissions, IdentityScope?identityScope = null, bool merge = true) { // Readers = Readers | Writers | Owners // Writers = Writers | Owners // Owners = Owners IEnumerable <SecurityIdentity> enumerable = merge ? GetPermissionScopeSet(permissions) : GetSpecificPermissionsScopeHashSet(permissions); if (identityScope != null) { enumerable = enumerable.Where(i => i.Scope == identityScope.Value); } return(enumerable); }
/// <summary> /// Initializes a new instance of the <see cref="Permission"/> class. /// </summary> /// <param name="scope"> /// The scope. /// </param> /// <param name="displayName"> /// The display name. /// </param> /// <param name="internalName"> /// The internal name. /// </param> /// <param name="permissionConstant"> /// The permission constant. /// </param> /// <param name="permissionId"> /// The permission id. /// </param> /// <param name="permissionState"> /// The permission state. /// </param> public Permission( PermissionScope scope, string displayName, string internalName, string permissionConstant, int permissionId, string permissionState) { this.Scope = scope; this.PermissionConstant = permissionConstant; this.DisplayName = displayName; this.PermissionId = permissionId; this.InternalName = internalName; this.Value = permissionState; }
/// <summary> /// Gets the security namespace identifier. /// </summary> /// <param name="permissionScope">The permission scope.</param> /// <param name="server">The server.</param> /// <returns>Guid</returns> public static Guid GetSecurityNamespaceId(PermissionScope permissionScope, ISecurityService server) { var securityNamespaceId = Guid.Empty; switch (permissionScope) { case PermissionScope.TeamProject: securityNamespaceId = server.GetSecurityNamespaces().SingleOrDefault(secuirtyNamespace => secuirtyNamespace.Description.Name == "Project").Description.NamespaceId; break; case PermissionScope.Workspaces: securityNamespaceId = server.GetSecurityNamespaces().SingleOrDefault(secuirtyNamespace => secuirtyNamespace.Description.Name == "Workspaces").Description.NamespaceId; break; case PermissionScope.WorkItems: securityNamespaceId = server.GetSecurityNamespaces().SingleOrDefault(secuirtyNamespace => secuirtyNamespace.Description.Name == "WorkItemQueryFolders").Description.NamespaceId; break; case PermissionScope.TeamBuild: securityNamespaceId = server.GetSecurityNamespaces().SingleOrDefault(secuirtyNamespace => secuirtyNamespace.Description.Name == "Build").Description.NamespaceId; break; case PermissionScope.WorkItemAreas: securityNamespaceId = server.GetSecurityNamespaces().SingleOrDefault(secuirtyNamespace => secuirtyNamespace.Description.Name == "CSS").Description.NamespaceId; break; case PermissionScope.WorkItemIterations: securityNamespaceId = server.GetSecurityNamespaces().SingleOrDefault(secuirtyNamespace => secuirtyNamespace.Description.Name == "Iteration").Description.NamespaceId; break; case PermissionScope.SourceControl: securityNamespaceId = server.GetSecurityNamespaces().SingleOrDefault(secuirtyNamespace => secuirtyNamespace.Description.Name == "VersionControlItems").Description.NamespaceId; break; case PermissionScope.GitSourceControl: securityNamespaceId = server.GetSecurityNamespaces().SingleOrDefault(secuirtyNamespace => secuirtyNamespace.Description.Name == "Git Repositories").Description.NamespaceId; break; // case PermissionScope.Warehouse: // securityNamespaceId = server.GetSecurityNamespaces().SingleOrDefault(secuirtyNamespace => secuirtyNamespace.Description.Name == "Warehouse").Description.NamespaceId; // break; case PermissionScope.Collection: securityNamespaceId = server.GetSecurityNamespaces().SingleOrDefault(secuirtyNamespace => secuirtyNamespace.Description.Name == "CollectionManagement").Description.NamespaceId; break; } return(securityNamespaceId); }
public IActionResult FrontEndGrantDebug() { var context = _dataProtector.Protect(Guid.NewGuid().ToString()); var client = Client.Create(Guid.NewGuid(), "http://za-pt.org/exchange"); client.DisplayName = "iTech"; ViewBag.Client = client; ViewBag.Scopes = new[] { PermissionScope.Create(Guid.NewGuid(), "obsidian.basicinfo", "Basic Information", "Includes you name and gender."), PermissionScope.Create(Guid.NewGuid(), "obsidian.email", "Email address", "Your email address."), PermissionScope.Create(Guid.NewGuid(), "obsidian.admin", "Admin access", "Manage the system.") }; return(View("PermissionGrant", new PermissionGrantModel { ProtectedOAuthContext = context })); }
private IEnumerable <SecurityIdentity> GetPermissionScopeSet(PermissionScope permissions) { switch (permissions) { case PermissionScope.Reader: return(Readers.Concat(Writers).Concat(Owners)); case PermissionScope.Writer: return(Writers.Concat(Owners)); case PermissionScope.Owner: return(Owners); default: throw new ArribaException(String.Format("Unknown permission scope {0}", permissions)); } }
/// <summary> /// Gets the permission scope hashset for the specified scope. /// </summary> private HashSet <SecurityIdentity> GetSpecificPermissionsScopeHashSet(PermissionScope scope) { switch (scope) { case PermissionScope.Owner: return(Owners); case PermissionScope.Reader: return(Readers); case PermissionScope.Writer: return(Writers); default: throw new ArribaException(String.Format("Unknown permission scope {0}", scope)); } }
/// <summary> /// 获得用户的数据权限范围 /// </summary> /// <param name="userInfo">用户</param> /// <param name="userId">用户主键</param> /// <param name="permissionItemCode">数据权限编号</param> /// <returns>数据权限范围</returns> public PermissionScope GetUserPermissionScope(BaseUserInfo userInfo, string userId, string permissionItemCode) { // 写入调试信息 #if (DEBUG) int milliStart = BaseBusinessLogic.StartDebug(userInfo, MethodBase.GetCurrentMethod()); #endif // 加强安全验证防止未授权匿名调用 #if (!DEBUG) LogOnService.UserIsLogOn(userInfo); #endif PermissionScope returnValue = PermissionScope.None; using (IDbHelper dbHelper = DbHelperFactory.GetHelper(BaseSystemInfo.UserCenterDbType)) { try { dbHelper.Open(UserCenterDbConnection); // 是超级管理员,就不用继续判断权限了 BasePermissionScopeManager permissionScopeManager = new BasePermissionScopeManager(dbHelper, userInfo); returnValue = permissionScopeManager.GetUserPermissionScope(userId, permissionItemCode); BaseLogManager.Instance.Add(dbHelper, userInfo, this.serviceName, AppMessage.PermissionService_GetUserPermissionScope, MethodBase.GetCurrentMethod()); } catch (Exception ex) { BaseExceptionManager.LogException(dbHelper, userInfo, ex); throw ex; } finally { dbHelper.Close(); } } // 写入调试信息 #if (DEBUG) BaseBusinessLogic.EndDebug(MethodBase.GetCurrentMethod(), milliStart); #endif return(returnValue); }
/// <summary> /// The get action details by name. /// </summary> /// <param name="actionNames"> /// The action names. /// </param> /// <param name="permissionState"> /// The permission state. /// </param> /// <param name="scope"> /// The scope. /// </param> /// <returns>IEnumerable of Permission</returns> public static IEnumerable <Permission> GetActionDetailsByName( string actionNames, string permissionState, PermissionScope scope) { string[] actions = actionNames.Split(','); return((from item in actions select(from constPermission in Permissions where constPermission.InternalName == item.TrimStart() && constPermission.Scope == scope select constPermission).FirstOrDefault() into selectedPermission where selectedPermission != null select new Permission( scope, selectedPermission.DisplayName, selectedPermission.InternalName, selectedPermission.PermissionConstant, selectedPermission.PermissionId, permissionState)).ToList()); }
public bool AuthenticateFirstStep(string clientId, Uri redirectUri, PermissionScope scope = PermissionScope.None, string state = null) { var request = new RestRequest(); request.Resource = "oauth/"; request.RootElement = "data"; request.Method = Method.GET; request.AddParameter("response_type", "code", ParameterType.UrlSegment); request.AddParameter("client_id", clientId, ParameterType.UrlSegment); if (state != null) { request.AddParameter("scope", scope.GetDescription(), ParameterType.UrlSegment); } request.AddParameter("redirect_uri", redirectUri.ToString(), ParameterType.UrlSegment); var response = client.Execute(request); return(response.ResponseStatus == ResponseStatus.Completed); }
public bool AuthenticateFirstStep(Uri redirectUri, PermissionScope scope = PermissionScope.None, string state = null) { if (redirectUri == null) { throw new ArgumentNullException(nameof(redirectUri)); } if (ConfigurationManager.AppSettings["USE_STORED_TOKEN"].ToLower() == "true") { return(false); } var clientId = ConfigurationManager.AppSettings["APP_ID"]; if (string.IsNullOrEmpty(clientId)) { return(false); } var request = new RestRequest(); request.Resource = "oauth/"; request.RootElement = "data"; request.Method = Method.GET; request.AddParameter("response_type", "code", ParameterType.UrlSegment); request.AddParameter("client_id", clientId, ParameterType.UrlSegment); if (state != null) { request.AddParameter("scope", scope.GetDescription(), ParameterType.UrlSegment); } request.AddParameter("redirect_uri", redirectUri.ToString(), ParameterType.UrlSegment); var response = client.Execute(request); return(response.ResponseStatus == ResponseStatus.Completed); }
public async Task <ScopeCreationResult> StartAsync(CreateScopeCommand command) { _isCompleted = true; if (await _repo.FindByScopeNameAsync(command.ScopeName) != null) { return(new ScopeCreationResult { Succeed = false, Message = $"Scope of scope name {command.ScopeName} already exists." }); } var scope = PermissionScope.Create(Guid.NewGuid(), command.ScopeName, command.DisplayName, command.Description); command.ClaimTypes.ToList().ForEach(s => scope.ClaimTypes.Add(s)); await _repo.AddAsync(scope); return(new ScopeCreationResult { Succeed = true, Message = $"Scope successfully created.", Id = scope.Id }); }
/// <summary> /// Gets the security namespace identifier. /// </summary> /// <param name="permissionScope">The permission scope.</param> /// <param name="server">The server.</param> /// <returns>Guid</returns> public static Guid GetSecurityNamespaceId(PermissionScope permissionScope, ISecurityService server) { var securityNamespaceId = Guid.Empty; switch (permissionScope) { case PermissionScope.TeamProject: securityNamespaceId = server.GetSecurityNamespaces().SingleOrDefault(secuirtyNamespace => secuirtyNamespace.Description.Name == "Project").Description.NamespaceId; break; case PermissionScope.Workspaces: securityNamespaceId = server.GetSecurityNamespaces().SingleOrDefault(secuirtyNamespace => secuirtyNamespace.Description.Name == "Workspaces").Description.NamespaceId; break; case PermissionScope.WorkItems: securityNamespaceId = server.GetSecurityNamespaces().SingleOrDefault(secuirtyNamespace => secuirtyNamespace.Description.Name == "WorkItemQueryFolders").Description.NamespaceId; break; case PermissionScope.TeamBuild: securityNamespaceId = server.GetSecurityNamespaces().SingleOrDefault(secuirtyNamespace => secuirtyNamespace.Description.Name == "Build").Description.NamespaceId; break; case PermissionScope.WorkItemAreas: securityNamespaceId = server.GetSecurityNamespaces().SingleOrDefault(secuirtyNamespace => secuirtyNamespace.Description.Name == "CSS").Description.NamespaceId; break; case PermissionScope.WorkItemIterations: securityNamespaceId = server.GetSecurityNamespaces().SingleOrDefault(secuirtyNamespace => secuirtyNamespace.Description.Name == "Iteration").Description.NamespaceId; break; case PermissionScope.SourceControl: securityNamespaceId = server.GetSecurityNamespaces().SingleOrDefault(secuirtyNamespace => secuirtyNamespace.Description.Name == "VersionControlItems").Description.NamespaceId; break; case PermissionScope.GitSourceControl: securityNamespaceId = server.GetSecurityNamespaces().SingleOrDefault(secuirtyNamespace => secuirtyNamespace.Description.Name == "Git Repositories").Description.NamespaceId; break; // case PermissionScope.Warehouse: // securityNamespaceId = server.GetSecurityNamespaces().SingleOrDefault(secuirtyNamespace => secuirtyNamespace.Description.Name == "Warehouse").Description.NamespaceId; // break; case PermissionScope.Collection: securityNamespaceId = server.GetSecurityNamespaces().SingleOrDefault(secuirtyNamespace => secuirtyNamespace.Description.Name == "CollectionManagement").Description.NamespaceId; break; } return securityNamespaceId; }
/// <summary> /// The get action details by name. /// </summary> /// <param name="actionNames"> /// The action names. /// </param> /// <param name="permissionState"> /// The permission state. /// </param> /// <param name="scope"> /// The scope. /// </param> /// <returns>IEnumerable of Permission</returns> public static IEnumerable<Permission> GetActionDetailsByName( string actionNames, string permissionState, PermissionScope scope) { string[] actions = actionNames.Split(','); return (from item in actions select (from constPermission in Permissions where constPermission.InternalName == item.TrimStart() && constPermission.Scope == scope select constPermission).FirstOrDefault() into selectedPermission where selectedPermission != null select new Permission( scope, selectedPermission.DisplayName, selectedPermission.InternalName, selectedPermission.PermissionConstant, selectedPermission.PermissionId, permissionState)).ToList(); }
/// <summary> /// Extracts the generic security namespace permissions. /// </summary> /// <param name="server">The server.</param> /// <param name="permissionScope">The permission scope.</param> /// <param name="userIdentity">The user identity.</param> /// <param name="securityToken">The security token.</param> /// <param name="identityManagementService">The identityManagementService.</param> /// <param name="groups">The groups.</param> /// <returns>List of Permissions</returns> private static List<Permission> ExtractGenericSecurityNamespacePermissions(ISecurityService server, PermissionScope permissionScope, TeamFoundationIdentity userIdentity, string securityToken, IIdentityManagementService identityManagementService, IEnumerable<string> groups) { SecurityNamespace genericSecurityNamespace = server.GetSecurityNamespace(Helpers.GetSecurityNamespaceId(permissionScope, server)); AccessControlList userAccessList = genericSecurityNamespace.QueryAccessControlList( securityToken, new List<IdentityDescriptor> { userIdentity.Descriptor }, true); var result = new List<Permission>(); result.AddRange(Helpers.AccessControlEntryToPermission(genericSecurityNamespace, userAccessList.AccessControlEntries, false, string.Empty)); // handle group inheritance foreach (string group in groups) { TeamFoundationIdentity groupIdentity = identityManagementService.ReadIdentity(IdentitySearchFactor.Identifier, group, MembershipQuery.None, ReadIdentityOptions.IncludeReadFromSource); AccessControlList groupAccessList = genericSecurityNamespace.QueryAccessControlList( securityToken, new List<IdentityDescriptor> { groupIdentity.Descriptor }, true); result.AddRange(Helpers.AccessControlEntryToPermission(genericSecurityNamespace, groupAccessList.AccessControlEntries, true, groupIdentity.DisplayName)); } var modifiedPermissions = Helpers.RemoveDuplicatePermissionsAndCombineGroups(result); return modifiedPermissions; }
public static PermissionScope ToCoreModel(this dataModel.PermissionScopeEntity source, PermissionScope permissionScope) { permissionScope.InjectFrom(source); return permissionScope; }
/// <summary> /// Tries to read element from XML. /// </summary> /// <param name="reader">The reader.</param> /// <returns>True if element was read.</returns> internal override bool TryReadElementFromXml(EwsServiceXmlReader reader) { switch (reader.LocalName) { case XmlElementNames.UserId: this.UserId = new UserId(); this.UserId.LoadFromXml(reader, reader.LocalName); return true; case XmlElementNames.CanCreateItems: this.canCreateItems = reader.ReadValue<bool>(); return true; case XmlElementNames.CanCreateSubFolders: this.canCreateSubFolders = reader.ReadValue<bool>(); return true; case XmlElementNames.IsFolderOwner: this.isFolderOwner = reader.ReadValue<bool>(); return true; case XmlElementNames.IsFolderVisible: this.isFolderVisible = reader.ReadValue<bool>(); return true; case XmlElementNames.IsFolderContact: this.isFolderContact = reader.ReadValue<bool>(); return true; case XmlElementNames.EditItems: this.editItems = reader.ReadValue<PermissionScope>(); return true; case XmlElementNames.DeleteItems: this.deleteItems = reader.ReadValue<PermissionScope>(); return true; case XmlElementNames.ReadItems: this.readItems = reader.ReadValue<FolderPermissionReadAccess>(); return true; case XmlElementNames.PermissionLevel: case XmlElementNames.CalendarPermissionLevel: this.permissionLevel = reader.ReadValue<FolderPermissionLevel>(); return true; default: return false; } }