internal void VerifyIsWithinScopes(IDirectorySession session, ADObject adObject, bool isModification, DataAccessTask <TDataObject> .ADObjectOutOfScopeString adObjectOutOfScopeString) { ADScopeException ex; if (!session.TryVerifyIsWithinScopes(adObject, isModification, out ex)) { base.WriteError(new InvalidOperationException(adObjectOutOfScopeString(adObject.Identity.ToString(), (ex == null) ? string.Empty : ex.Message), ex), ErrorCategory.InvalidOperation, adObject.Identity); } }
internal static void VerifyIsInConfigScopes(ADObject adObject, ADSessionSettings sessionSettings, Task.TaskErrorLoggingDelegate writeErrorDelegate) { IDirectorySession tenantOrTopologyConfigurationSession = DirectorySessionFactory.Default.GetTenantOrTopologyConfigurationSession(ConsistencyMode.PartiallyConsistent, sessionSettings, 312, "VerifyIsInConfigScopes", "f:\\15.00.1497\\sources\\dev\\Management\\src\\Management\\Elc\\ELCTaskHelper.cs"); ADScopeException ex; if (!tenantOrTopologyConfigurationSession.TryVerifyIsWithinScopes(adObject, false, out ex)) { writeErrorDelegate(new TaskException(Strings.ErrorCannotChangeObjectOutOfWriteScope(adObject.Identity.ToString(), (ex == null) ? string.Empty : ex.Message), ex), ErrorCategory.PermissionDenied, null); } }
internal static ADObjectId GetExecutingUserAndCheckGroupOwnership(Task task, IDirectorySession dataSession, IRecipientSession gcSession, ADGroup group, bool bypassSecurityGroupManagerCheck) { ADScopeException ex2 = null; ADObjectId adobjectId = null; bool flag = task.TryGetExecutingUserId(out adobjectId); LocalizedException ex = null; ExchangeErrorCategory errCategory = ExchangeErrorCategory.Client; object targetObj = null; bool flag2 = false; if (flag && adobjectId != null && !dataSession.TryVerifyIsWithinScopes(group, true, out ex2)) { task.WriteVerbose(Strings.VerboseDGOwnershipDeepSearch(adobjectId.ToString(), group.Identity.ToString())); RecipientTaskHelper.ValidateUserIsGroupManager(adobjectId, group, delegate(LocalizedException exception, ExchangeErrorCategory category, object target) { ex = exception; errCategory = category; targetObj = target; }, true, gcSession); flag2 = true; group.IsExecutingUserGroupOwner = (ex == null); } if (RecipientType.MailUniversalSecurityGroup == group.RecipientType && !bypassSecurityGroupManagerCheck) { if (!flag) { task.WriteError(new RecipientTaskException(Strings.ErrorExecutingUserOutOfTargetOrg(task.MyInvocation.MyCommand.Name)), ExchangeErrorCategory.Client, group.Identity.ToString()); } if (!flag2) { task.WriteVerbose(Strings.VerboseDGOwnershipDeepSearch(adobjectId.ToString(), group.Identity.ToString())); RecipientTaskHelper.ValidateUserIsGroupManager(adobjectId, group, new Task.ErrorLoggerDelegate(task.WriteError), true, gcSession); group.IsExecutingUserGroupOwner = true; } else if (ex != null) { task.WriteError(ex, errCategory, targetObj); } } group.propertyBag.ResetChangeTracking(ADGroupSchema.IsExecutingUserGroupOwner); return(adobjectId); }