internal Permission GetTargetPermission(PermissionSet permissionSet)
{
Permission result = null;
switch (this.MailboxFolderUserId.UserType)
{
case MailboxFolderUserId.MailboxFolderUserType.Default:
return(permissionSet.DefaultPermission);
case MailboxFolderUserId.MailboxFolderUserType.Anonymous:
return(permissionSet.AnonymousPermission);
case MailboxFolderUserId.MailboxFolderUserType.Internal:
case MailboxFolderUserId.MailboxFolderUserType.External:
{
PermissionSecurityPrincipal securityPrincipal = this.MailboxFolderUserId.ToSecurityPrincipal();
return(permissionSet.GetEntry(securityPrincipal));
}
}
foreach (Permission permission in permissionSet)
{
if (this.MailboxFolderUserId.Equals(permission.Principal))
{
result = permission;
break;
}
}
return(result);
}
private void AddPermissions(CalendarFolderPermissionSet permissions, PermissionSet fbPermissions)
{
List <ADRecipient> list = new List <ADRecipient>(this.policyMembersToAddPermission.Count + this.delegatesToAddPermission.Count);
foreach (string legacyExchangeDN in this.policyMembersToAddPermission)
{
list.Add(base.TenantGlobalCatalogSession.FindByLegacyExchangeDN(legacyExchangeDN));
}
foreach (ADObjectId entryId in this.delegatesToAddPermission)
{
list.Add(base.TenantGlobalCatalogSession.Read(entryId));
}
foreach (ADRecipient adrecipient in list)
{
if (adrecipient != null && adrecipient.IsValidSecurityPrincipal && (adrecipient.RecipientType == RecipientType.UserMailbox || adrecipient.RecipientType == RecipientType.MailUser || adrecipient.RecipientType == RecipientType.MailUniversalSecurityGroup))
{
PermissionSecurityPrincipal securityPrincipal = new PermissionSecurityPrincipal(adrecipient);
CalendarFolderPermission calendarFolderPermission = permissions.GetEntry(securityPrincipal);
bool flag = this.delegatesToAddPermission.Contains(adrecipient.Id);
if (calendarFolderPermission == null)
{
calendarFolderPermission = permissions.AddEntry(securityPrincipal, PermissionLevel.None);
}
calendarFolderPermission.FreeBusyAccess = FreeBusyAccess.Details;
if (flag)
{
calendarFolderPermission.PermissionLevel = PermissionLevel.Editor;
calendarFolderPermission.DeleteItems = ItemPermissionScope.AllItems;
calendarFolderPermission.IsFolderVisible = true;
}
}
}
}
private void RemovePermissions(CalendarFolderPermissionSet permissions, PermissionSet fbPermissions)
{
List <ADRecipient> list = new List <ADRecipient>(this.policyMembersToRemovePermission.Count + this.delegatesToRemovePermission.Count);
foreach (string legacyExchangeDN in this.policyMembersToRemovePermission)
{
list.Add(base.TenantGlobalCatalogSession.FindByLegacyExchangeDN(legacyExchangeDN));
}
foreach (ADObjectId entryId in this.delegatesToRemovePermission)
{
list.Add(base.TenantGlobalCatalogSession.Read(entryId));
}
foreach (ADRecipient adrecipient in list)
{
if (adrecipient != null && adrecipient.IsValidSecurityPrincipal)
{
PermissionSecurityPrincipal securityPrincipal = new PermissionSecurityPrincipal(adrecipient);
CalendarFolderPermission entry = permissions.GetEntry(securityPrincipal);
bool flag = this.delegatesToRemovePermission.Contains(adrecipient.Id);
bool flag2 = this.policyMembersToRemovePermission.Contains(adrecipient.LegacyExchangeDN);
if (entry != null)
{
if (flag)
{
if (!this.newPolicyMembers.Contains(adrecipient.LegacyExchangeDN))
{
permissions.RemoveEntry(securityPrincipal);
}
else
{
entry.PermissionLevel = PermissionLevel.None;
}
}
if (flag2 && entry.PermissionLevel != PermissionLevel.Editor)
{
entry.FreeBusyAccess = FreeBusyAccess.None;
if (entry.PermissionLevel == PermissionLevel.None)
{
permissions.RemoveEntry(securityPrincipal);
}
}
}
if (flag)
{
Permission entry2 = fbPermissions.GetEntry(securityPrincipal);
if (entry2 != null)
{
fbPermissions.RemoveEntry(securityPrincipal);
}
}
}
}
}
internal override bool InternalProcessPermissions(Folder folder)
{
MemberRights memberRights = (MemberRights)MailboxFolderAccessRight.CalculateMemberRights(this.AccessRights, folder.ClassName == "IPF.Appointment");
PermissionSet permissionSet = folder.GetPermissionSet();
Permission permission = null;
try
{
if (base.MailboxFolderUserId.UserType == MailboxFolderUserId.MailboxFolderUserType.Default)
{
if (permissionSet.DefaultPermission != null && permissionSet.DefaultPermission.MemberRights != MemberRights.None)
{
throw new UserAlreadyExistsInPermissionEntryException(base.MailboxFolderUserId.ToString());
}
permissionSet.SetDefaultPermission(memberRights);
permission = permissionSet.DefaultPermission;
}
else if (base.MailboxFolderUserId.UserType == MailboxFolderUserId.MailboxFolderUserType.Anonymous)
{
if (permissionSet.AnonymousPermission != null && permissionSet.AnonymousPermission.MemberRights != MemberRights.None)
{
throw new UserAlreadyExistsInPermissionEntryException(base.MailboxFolderUserId.ToString());
}
permissionSet.SetAnonymousPermission(memberRights);
permission = permissionSet.AnonymousPermission;
}
else
{
PermissionSecurityPrincipal securityPrincipal = base.MailboxFolderUserId.ToSecurityPrincipal();
Permission entry = permissionSet.GetEntry(securityPrincipal);
if (entry != null)
{
throw new UserAlreadyExistsInPermissionEntryException(base.MailboxFolderUserId.ToString());
}
permission = permissionSet.AddEntry(securityPrincipal, memberRights);
}
}
catch (ArgumentOutOfRangeException exception)
{
base.WriteError(exception, (ErrorCategory)1003, this.Identity);
return(false);
}
base.WriteObject(MailboxFolderPermission.FromXsoPermission(folder.DisplayName, permission, this.ResolvedObjectId));
return(true);
}
internal static MailboxFolderUserId CreateFromSecurityPrincipal(PermissionSecurityPrincipal securityPrincipal)
{
if (securityPrincipal == null)
{
throw new ArgumentNullException("securityPrincipal");
}
switch (securityPrincipal.Type)
{
case PermissionSecurityPrincipal.SecurityPrincipalType.ADRecipientPrincipal:
return(new MailboxFolderUserId(securityPrincipal.ADRecipient));
case PermissionSecurityPrincipal.SecurityPrincipalType.ExternalUserPrincipal:
return(new MailboxFolderUserId(securityPrincipal.ExternalUser));
case PermissionSecurityPrincipal.SecurityPrincipalType.SpecialPrincipal:
return(new MailboxFolderUserId(securityPrincipal.SpecialType));
}
return(new MailboxFolderUserId(securityPrincipal.UnknownPrincipalMemberName));
}
internal bool Equals(PermissionSecurityPrincipal securityPrincipal)
{
if (securityPrincipal == null)
{
return(false);
}
switch (securityPrincipal.Type)
{
case PermissionSecurityPrincipal.SecurityPrincipalType.ADRecipientPrincipal:
return(this.UserType == MailboxFolderUserId.MailboxFolderUserType.Internal && securityPrincipal.ADRecipient.Id.Equals(this.adRecipient.Id));
case PermissionSecurityPrincipal.SecurityPrincipalType.ExternalUserPrincipal:
return(this.UserType == MailboxFolderUserId.MailboxFolderUserType.External && securityPrincipal.ExternalUser.SmtpAddress.Equals(this.smtpAddress));
case PermissionSecurityPrincipal.SecurityPrincipalType.SpecialPrincipal:
return((securityPrincipal.SpecialType == PermissionSecurityPrincipal.SpecialPrincipalType.Default && this.UserType == MailboxFolderUserId.MailboxFolderUserType.Default) || (securityPrincipal.SpecialType == PermissionSecurityPrincipal.SpecialPrincipalType.Anonymous && this.UserType == MailboxFolderUserId.MailboxFolderUserType.Anonymous));
}
return(this.UserType == MailboxFolderUserId.MailboxFolderUserType.Unknown && StringComparer.InvariantCultureIgnoreCase.Equals(this.unknownMemberName, securityPrincipal.UnknownPrincipalMemberName));
}
public static bool ModifyPermission(PermissionSet permissionSet, PermissionSecurityPrincipal permissionSecurityPrincipal, MemberRights memberRights)
{
bool result = false;
if (permissionSecurityPrincipal.Type == PermissionSecurityPrincipal.SecurityPrincipalType.SpecialPrincipal && permissionSecurityPrincipal.SpecialType == PermissionSecurityPrincipal.SpecialPrincipalType.Default)
{
GroupMailboxPermissionHandler.Tracer.TraceDebug <PermissionSecurityPrincipal.SpecialPrincipalType, MemberRights>(0L, "Modifying permissions for permissionSecurityPrincipal {0} with rights {1}", PermissionSecurityPrincipal.SpecialPrincipalType.Default, memberRights);
Permission permission = permissionSet.DefaultPermission;
if (permission != null && permission.MemberRights != memberRights)
{
permissionSet.SetDefaultPermission(memberRights);
result = true;
}
}
else
{
GroupMailboxPermissionHandler.Tracer.TraceDebug <string, MemberRights>(0L, "Modifying permissions for permissionSecurityPrincipal {0} with rights {1}", (permissionSecurityPrincipal.Type == PermissionSecurityPrincipal.SecurityPrincipalType.ExternalUserPrincipal) ? permissionSecurityPrincipal.ExternalUser.ExternalId : string.Empty, memberRights);
Permission permission = permissionSet.GetEntry(permissionSecurityPrincipal);
if (permission == null && memberRights != MemberRights.None)
{
permission = permissionSet.AddEntry(permissionSecurityPrincipal, PermissionLevel.None);
permission.MemberRights = memberRights;
result = true;
}
else if (permission != null && memberRights == MemberRights.None)
{
permissionSet.RemoveEntry(permissionSecurityPrincipal);
result = true;
}
else if (permission != null && permission.MemberRights != memberRights)
{
permission.MemberRights = memberRights;
result = true;
}
}
return(result);
}
private void SetFolderPermissions()
{
ExternalUser externalUser = ExternalUser.CreateExternalUserForGroupMailbox(this.MailboxPrincipal.MailboxInfo.DisplayName, "Member@local", this.MailboxPrincipal.MailboxInfo.MailboxGuid, SecurityIdentity.GroupMailboxMemberType.Member);
ExternalUser externalUser2 = ExternalUser.CreateExternalUserForGroupMailbox(this.MailboxPrincipal.MailboxInfo.DisplayName, "Owner@local", this.MailboxPrincipal.MailboxInfo.MailboxGuid, SecurityIdentity.GroupMailboxMemberType.Owner);
using (ExternalUserCollection externalUsers = this.mailboxSession.GetExternalUsers())
{
if (!externalUsers.Contains(externalUser))
{
externalUsers.Add(externalUser);
}
if (!externalUsers.Contains(externalUser2))
{
externalUsers.Add(externalUser2);
}
externalUsers.Save();
if (!externalUsers.Contains(externalUser))
{
throw new GroupMailboxFailedToAddExternalUserException(Strings.ErrorUnableToAddExternalUser(externalUser.Name));
}
if (!externalUsers.Contains(externalUser2))
{
throw new GroupMailboxFailedToAddExternalUserException(Strings.ErrorUnableToAddExternalUser(externalUser2.Name));
}
this.TraceDebug("Added external member user {0} to external user collection", new object[]
{
externalUser.Name
});
this.TraceDebug("Added external owner user {0} to external user collection", new object[]
{
externalUser2.Name
});
}
PermissionSecurityPrincipal userSecurityPrincipal = new PermissionSecurityPrincipal(externalUser);
PermissionSecurityPrincipal userSecurityPrincipal2 = new PermissionSecurityPrincipal(externalUser2);
int num = 0;
List <PermissionEntry> list = new List <PermissionEntry>(3);
var array = new < > f__AnonymousType0 <DefaultFolderType, MemberRights, MemberRights>[]
{
new
{
Folder = DefaultFolderType.MailboxAssociation,
OwnerPermission = GroupMailboxPermissionHandler.MailboxAssociationPermission,
MemberPermission = GroupMailboxPermissionHandler.MailboxAssociationPermission
},
new
{
Folder = DefaultFolderType.SearchFolders,
OwnerPermission = (GroupMailboxPermissionHandler.SearchFolderPermission | GroupMailboxPermissionHandler.OwnerSpecificPermission),
MemberPermission = GroupMailboxPermissionHandler.SearchFolderPermission
},
new
{
Folder = DefaultFolderType.Calendar,
OwnerPermission = GroupMailboxPermissionHandler.CalendarFolderPermission,
MemberPermission = GroupMailboxPermissionHandler.CalendarFolderPermission
}
};
list.Add(new PermissionEntry(userSecurityPrincipal2, GroupMailboxPermissionHandler.ConfigurationFolderPermission));
int num2;
GroupMailboxPermissionHandler.AssignMemberRight(this.mailboxSession, list, DefaultFolderType.Configuration, out num2);
num += num2;
var array2 = array;
for (int i = 0; i < array2.Length; i++)
{
var <> f__AnonymousType = array2[i];
list.Clear();
list.Add(new PermissionEntry(userSecurityPrincipal2, <> f__AnonymousType.OwnerPermission));
list.Add(new PermissionEntry(userSecurityPrincipal, <> f__AnonymousType.MemberPermission));
if (!GroupMailboxPermissionHandler.AssignMemberRight(this.mailboxSession, list, <> f__AnonymousType.Folder, out num2))
{
throw new GroupMailboxFailedToConfigureMailboxException(Strings.ErrorUnableToConfigureMailbox(< > f__AnonymousType.Folder.ToString(), this.MailboxPrincipal.MailboxInfo.DisplayName));
}
num += num2;
}
this.report.FoldersPrivilegedCount = num;
this.mailboxSession.Mailbox[MailboxSchema.GroupMailboxPermissionsVersion] = GroupMailboxPermissionHandler.GroupMailboxPermissionVersion;
this.mailboxSession.Mailbox.Save();
this.mailboxSession.Mailbox.Load();
}
private bool FolderMembershipUpdate()
{
ArgumentValidator.ThrowIfNull("previousExternalMemberUser", this.previousExternalMemberUser);
ArgumentValidator.ThrowIfNull("currentExternalMemberUser", this.currentExternalMemberUser);
ArgumentValidator.ThrowIfNull("currentExternalOwnerUser", this.currentExternalOwnerUser);
PermissionSecurityPrincipal userSecurityPrincipal = new PermissionSecurityPrincipal(this.previousExternalMemberUser);
PermissionSecurityPrincipal userSecurityPrincipal2 = new PermissionSecurityPrincipal(this.currentExternalMemberUser);
PermissionSecurityPrincipal userSecurityPrincipal3 = new PermissionSecurityPrincipal(this.currentExternalOwnerUser);
List <PermissionEntry> list = new List <PermissionEntry>(3);
int num = 0;
int num2 = 0;
bool result = true;
foreach (DefaultFolderType defaultFolderType in this.mailboxSession.DefaultFolders)
{
list.Clear();
if (!GroupMailboxPermissionHandler.IsFolderToBeIgnored(defaultFolderType) && defaultFolderType != DefaultFolderType.MailboxAssociation)
{
if (this.mailboxSession.GetDefaultFolderId(defaultFolderType) != null)
{
DefaultFolderType defaultFolderType2 = defaultFolderType;
MemberRights memberRights;
MemberRights userRights;
if (defaultFolderType2 != DefaultFolderType.Calendar)
{
switch (defaultFolderType2)
{
case DefaultFolderType.Configuration:
memberRights = GroupMailboxPermissionHandler.DefaultFolderPermission;
userRights = GroupMailboxPermissionHandler.ConfigurationFolderPermission;
break;
case DefaultFolderType.SearchFolders:
memberRights = GroupMailboxPermissionHandler.SearchFolderPermission;
userRights = (memberRights | GroupMailboxPermissionHandler.OwnerSpecificPermission);
break;
default:
memberRights = GroupMailboxPermissionHandler.DefaultFolderPermission;
userRights = (memberRights | GroupMailboxPermissionHandler.OwnerSpecificPermission);
break;
}
}
else
{
memberRights = GroupMailboxPermissionHandler.CalendarFolderPermission;
userRights = GroupMailboxPermissionHandler.CalendarFolderPermission;
}
list.Add(new PermissionEntry(userSecurityPrincipal, MemberRights.None));
list.Add(new PermissionEntry(userSecurityPrincipal3, userRights));
list.Add(new PermissionEntry(userSecurityPrincipal2, memberRights));
if (defaultFolderType == DefaultFolderType.Calendar)
{
list.Add(new PermissionEntry(new PermissionSecurityPrincipal(PermissionSecurityPrincipal.SpecialPrincipalType.Default), MemberRights.FreeBusySimple));
}
else
{
list.Add(new PermissionEntry(new PermissionSecurityPrincipal(PermissionSecurityPrincipal.SpecialPrincipalType.Default), MemberRights.None));
}
if (!GroupMailboxPermissionHandler.AssignMemberRight(this.mailboxSession, list, defaultFolderType, out num2))
{
result = false;
break;
}
num += num2;
}
else
{
GroupMailboxMembershipUpdater.Tracer.TraceError <DefaultFolderType, string>((long)this.GetHashCode(), "MembershipUpdate: Found a folder {0} that is not in group mailbox {1}", defaultFolderType, this.mailboxSession.MailboxOwner.MailboxInfo.PrimarySmtpAddress.ToString());
}
}
}
GroupMailboxMembershipUpdater.Tracer.TraceDebug <int, string>((long)this.GetHashCode(), "MembershipUpdate: {0} folders had been modified for the group mailbox {1}", num, this.mailboxSession.MailboxOwner.MailboxInfo.PrimarySmtpAddress.ToString());
return(result);
}
public PermissionEntry(PermissionSecurityPrincipal userSecurityPrincipal, MemberRights userRights)
{
this.userSecurityPrincipal = userSecurityPrincipal;
this.userRights = userRights;
}
