private void PrepareRoleAssignments(RoleAssigneeType assigneeType)
{
foreach (ExchangeRole role in this.roles)
{
bool flag = false;
ExchangeRoleAssignment exchangeRoleAssignment = new ExchangeRoleAssignment();
RoleHelper.PrepareNewRoleAssignmentWithUniqueNameAndDefaultScopes(null, exchangeRoleAssignment, role, this.DataObject.Id, this.DataObject.OrganizationId, assigneeType, RoleAssignmentDelegationType.Regular, this.ConfigurationSession, new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), new Task.TaskErrorLoggingDelegate(base.WriteError));
RoleHelper.AnalyzeAndStampCustomizedWriteScopes(this, exchangeRoleAssignment, role, this.ConfigurationSession, new DataAccessHelper.GetDataObjectDelegate(base.GetDataObject <ExchangeOrganizationalUnit>), new DataAccessHelper.GetDataObjectDelegate(base.GetDataObject <ManagementScope>), ref flag, ref this.ou, ref this.customRecipientScope, ref this.customConfigScope);
if (!flag && base.ExchangeRunspaceConfig != null)
{
RoleHelper.HierarchicalCheckForRoleAssignmentCreation(this, exchangeRoleAssignment, this.customRecipientScope, this.customConfigScope, new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), new Task.TaskErrorLoggingDelegate(base.WriteError));
}
this.roleAssignments.Add(exchangeRoleAssignment);
}
}
protected override IConfigurable PrepareDataObject()
{
TaskLogger.LogEnter();
ADGroup result = (ADGroup)base.PrepareDataObject();
if (!this.PartnerManaged.IsPresent)
{
SharedConfigurationTaskHelper.VerifyIsNotTinyTenant(base.CurrentOrgState, new Task.ErrorLoggerDelegate(base.WriteError));
}
RoleAssigneeType roleAssigneeType = RoleAssigneeType.RoleGroup;
if ("crossforest" == base.ParameterSetName)
{
roleAssigneeType = RoleAssigneeType.LinkedRoleGroup;
}
if (base.Fields.IsChanged("Roles") && this.Roles != null)
{
this.roles = new MultiValuedProperty <ExchangeRole>();
this.roleAssignments = new List <ExchangeRoleAssignment>();
foreach (RoleIdParameter roleIdParameter in this.Roles)
{
ExchangeRole item = (ExchangeRole)base.GetDataObject <ExchangeRole>(roleIdParameter, this.ConfigurationSession, null, new LocalizedString?(Strings.ErrorRoleNotFound(roleIdParameter.ToString())), new LocalizedString?(Strings.ErrorRoleNotUnique(roleIdParameter.ToString())));
this.roles.Add(item);
}
this.ConfigurationSession.SessionSettings.IsSharedConfigChecked = true;
foreach (ExchangeRole role in this.roles)
{
bool flag = false;
ExchangeRoleAssignment exchangeRoleAssignment = new ExchangeRoleAssignment();
RoleHelper.PrepareNewRoleAssignmentWithUniqueNameAndDefaultScopes(null, exchangeRoleAssignment, role, this.DataObject.Id, this.DataObject.OrganizationId, roleAssigneeType, RoleAssignmentDelegationType.Regular, this.ConfigurationSession, new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), new Task.TaskErrorLoggingDelegate(base.WriteError));
RoleHelper.AnalyzeAndStampCustomizedWriteScopes(this, exchangeRoleAssignment, role, this.ConfigurationSession, new DataAccessHelper.GetDataObjectDelegate(base.GetDataObject <ExchangeOrganizationalUnit>), new DataAccessHelper.GetDataObjectDelegate(base.GetDataObject <ManagementScope>), ref flag, ref this.ou, ref this.customRecipientScope, ref this.customConfigScope);
if (!flag && base.ExchangeRunspaceConfig != null)
{
RoleHelper.HierarchicalCheckForRoleAssignmentCreation(this, exchangeRoleAssignment, this.customRecipientScope, this.customConfigScope, new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), new Task.TaskErrorLoggingDelegate(base.WriteError));
}
this.roleAssignments.Add(exchangeRoleAssignment);
}
}
TaskLogger.LogExit();
return(result);
}
protected override IConfigurable PrepareDataObject()
{
TaskLogger.LogEnter();
ExchangeOrganizationalUnit exchangeOrganizationalUnit = null;
((IConfigurationSession)base.DataSession).SessionSettings.IsSharedConfigChecked = true;
this.ConfigurationSession.SessionSettings.IsSharedConfigChecked = true;
this.DataObject = (ExchangeRoleAssignment)base.PrepareDataObject();
if (base.HasErrors)
{
return(null);
}
if (!this.IgnoreDehydratedFlag)
{
SharedConfigurationTaskHelper.VerifyIsNotTinyTenant(base.CurrentOrgState, new Task.ErrorLoggerDelegate(base.WriteError));
}
this.role = (ExchangeRole)base.GetDataObject <ExchangeRole>(this.Role, base.DataSession, null, new LocalizedString?(Strings.ErrorRoleNotFound(this.Role.ToString())), new LocalizedString?(Strings.ErrorRoleNotUnique(this.Role.ToString())));
RoleHelper.VerifyNoScopeForUnScopedRole(base.Fields, this.role, new Task.TaskErrorLoggingDelegate(base.WriteError));
if (this.role != null && this.role.IsDeprecated)
{
base.WriteError(new InvalidOperationException(Strings.ErrorCannotCreateRoleAssignmentToADeprecatedRole(this.role.ToString())), ErrorCategory.InvalidOperation, null);
}
RoleAssigneeType roleAssigneeType;
ADObject adobject;
if (this.Policy != null)
{
RoleAssignmentPolicy roleAssignmentPolicy = (RoleAssignmentPolicy)base.GetDataObject <RoleAssignmentPolicy>(this.Policy, RecipientTaskHelper.GetTenantLocalConfigSession(base.CurrentOrganizationId, base.ExecutingUserOrganizationId, base.RootOrgContainerId), null, new LocalizedString?(Strings.ErrorRBACPolicyNotFound(this.Policy.ToString())), new LocalizedString?(Strings.ErrorRBACPolicyNotUnique(this.Policy.ToString())));
if (!this.role.IsEndUserRole)
{
base.WriteError(new InvalidOperationException(Strings.ErrorNonEndUserRoleCannoBeAssignedToPolicy(this.role.Name)), ErrorCategory.InvalidOperation, roleAssignmentPolicy.Id);
}
OrganizationId organizationId = OrganizationId.ForestWideOrgId;
if (this.ConfigurationSession is ITenantConfigurationSession)
{
organizationId = TaskHelper.ResolveOrganizationId(this.role.Id, ExchangeRole.RdnContainer, (ITenantConfigurationSession)this.ConfigurationSession);
}
ADObjectId adobjectId;
if (OrganizationId.ForestWideOrgId.Equals(organizationId))
{
adobjectId = this.ConfigurationSession.GetOrgContainerId();
}
else
{
adobjectId = organizationId.ConfigurationUnit;
}
if (!roleAssignmentPolicy.Id.IsDescendantOf(adobjectId))
{
base.WriteError(new InvalidOperationException(Strings.ErrorPolicyOutOfRoleScope(roleAssignmentPolicy.Id.ToString(), adobjectId.Name)), ErrorCategory.InvalidOperation, null);
}
roleAssigneeType = RoleAssigneeType.RoleAssignmentPolicy;
adobject = roleAssignmentPolicy;
}
else
{
ADRecipient adrecipient = null;
if (this.User != null)
{
adrecipient = (ADUser)base.GetDataObject <ADUser>(this.User, base.TenantGlobalCatalogSession, null, new LocalizedString?(Strings.ErrorAssigneeUserNotFound(this.User.ToString())), new LocalizedString?(Strings.ErrorAssigneeUserNotUnique(this.User.ToString())));
}
else if (this.SecurityGroup != null)
{
adrecipient = (ADGroup)base.GetDataObject <ADGroup>(this.SecurityGroup, base.TenantGlobalCatalogSession, null, new LocalizedString?(Strings.ErrorAssigneeSecurityGroupNotFound(this.SecurityGroup.ToString())), new LocalizedString?(Strings.ErrorAssigneeSecurityGroupNotUnique(this.SecurityGroup.ToString())));
}
else if (this.Computer != null)
{
adrecipient = (ADComputerRecipient)base.GetDataObject <ADComputerRecipient>(this.Computer, base.TenantGlobalCatalogSession, null, new LocalizedString?(Strings.ErrorAssigneeComputerNotFound(this.Computer.ToString())), new LocalizedString?(Strings.ErrorAssigneeComputerNotUnique(this.Computer.ToString())));
}
RoleHelper.ValidateRoleAssignmentUser(adrecipient, new Task.TaskErrorLoggingDelegate(base.WriteError), false);
roleAssigneeType = ExchangeRoleAssignment.RoleAssigneeTypeFromADRecipient(adrecipient);
adobject = adrecipient;
}
((IDirectorySession)base.DataSession).LinkResolutionServer = adobject.OriginatingServer;
RoleHelper.PrepareNewRoleAssignmentWithUniqueNameAndDefaultScopes(this.Name, this.DataObject, this.role, adobject.Id, adobject.OrganizationId, roleAssigneeType, this.Delegating.IsPresent ? RoleAssignmentDelegationType.Delegating : RoleAssignmentDelegationType.Regular, this.ConfigurationSession, new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), new Task.TaskErrorLoggingDelegate(base.WriteError));
if (this.role.IsUnscopedTopLevel && this.UnScopedTopLevel)
{
this.skipHRoleCheck = true;
if (this.Delegating)
{
this.DataObject.RoleAssignmentDelegationType = RoleAssignmentDelegationType.DelegatingOrgWide;
}
}
else
{
RoleHelper.AnalyzeAndStampCustomizedWriteScopes(this, this.DataObject, this.role, this.ConfigurationSession, new DataAccessHelper.GetDataObjectDelegate(base.GetDataObject <ExchangeOrganizationalUnit>), new DataAccessHelper.GetDataObjectDelegate(base.GetDataObject <ManagementScope>), ref this.skipHRoleCheck, ref exchangeOrganizationalUnit, ref this.customRecipientScope, ref this.customConfigScope);
}
TaskLogger.LogExit();
return(this.DataObject);
}
