/// <summary>
/// Creates new role assignment.
/// </summary>
/// <param name="parameters">The create parameters</param>
/// <returns>The created role assignment object</returns>
public PSRoleAssignment CreateRoleAssignment(FilterRoleAssignmentsOptions parameters)
{
Guid principalId = ActiveDirectoryClient.GetObjectId(parameters.ADObjectFilter);
Guid roleAssignmentId = RoleAssignmentNames.Count == 0 ? Guid.NewGuid() : RoleAssignmentNames.Dequeue();
string roleDefinitionId = GetRoleRoleDefinition(parameters.RoleDefinition).Id;
RoleAssignmentCreateParameters createParameters = new RoleAssignmentCreateParameters
{
Properties = new RoleAssignmentProperties {
PrincipalId = principalId,
RoleDefinitionId = roleDefinitionId
}
};
AuthorizationManagementClient.RoleAssignments.Create(parameters.Scope, roleAssignmentId, createParameters);
return(AuthorizationManagementClient.RoleAssignments.Get(parameters.Scope, roleAssignmentId).RoleAssignment.ToPSRoleAssignment(this, ActiveDirectoryClient));
}
/// <summary>
/// Creates new role assignment.
/// </summary>
/// <param name="parameters">The create parameters</param>
/// <returns>The created role assignment object</returns>
public PSRoleAssignment CreateRoleAssignment(FilterRoleAssignmentsOptions parameters, string subscriptionId)
{
Guid principalId = ActiveDirectoryClient.GetObjectId(parameters.ADObjectFilter);
Guid roleAssignmentId = RoleAssignmentNames.Count == 0 ? Guid.NewGuid() : RoleAssignmentNames.Dequeue();
string roleDefinitionId = !string.IsNullOrEmpty(parameters.RoleDefinitionName)
? AuthorizationHelper.GetRoleDefinitionFullyQualifiedId(subscriptionId, GetRoleRoleDefinition(parameters.RoleDefinitionName).Id)
: AuthorizationHelper.GetRoleDefinitionFullyQualifiedId(subscriptionId, parameters.RoleDefinitionId);
RoleAssignmentCreateParameters createParameters = new RoleAssignmentCreateParameters
{
Properties = new RoleAssignmentProperties
{
PrincipalId = principalId,
RoleDefinitionId = roleDefinitionId
}
};
RoleAssignment assignment = AuthorizationManagementClient.RoleAssignments.Create(parameters.Scope, roleAssignmentId, createParameters).RoleAssignment;
IEnumerable <RoleAssignment> assignments = new List <RoleAssignment>()
{
assignment
};
return(assignments.ToPSRoleAssignments(this, ActiveDirectoryClient).FirstOrDefault());
}
/// <summary>
/// Creates new role assignment.
/// </summary>
/// <param name="parameters">The create parameters</param>
/// <returns>The created role assignment object</returns>
public PSRoleAssignment CreateRoleAssignment(FilterRoleAssignmentsOptions parameters)
{
Guid principalId = ActiveDirectoryClient.GetObjectId(parameters.ADObjectFilter);
Guid roleAssignmentId = RoleAssignmentNames.Count == 0 ? Guid.NewGuid() : RoleAssignmentNames.Dequeue();
string scope = parameters.Scope;
ValidateScope(scope);
string roleDefinitionId = !string.IsNullOrEmpty(parameters.RoleDefinitionName)
? AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(scope, GetSingleRoleDefinitionByName(parameters.RoleDefinitionName, scope).Id)
: AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(scope, parameters.RoleDefinitionId);
#if !NETSTANDARD
RoleAssignmentCreateParameters createParameters = new RoleAssignmentCreateParameters
{
Properties = new RoleAssignmentProperties
{
PrincipalId = principalId,
RoleDefinitionId = roleDefinitionId
}
};
RoleAssignment assignment = AuthorizationManagementClient.RoleAssignments.Create(parameters.Scope, roleAssignmentId, createParameters).RoleAssignment;
#else
var createParameters = new RoleAssignmentProperties
{
PrincipalId = principalId.ToString(),
RoleDefinitionId = roleDefinitionId
};
RoleAssignment assignment = AuthorizationManagementClient.RoleAssignments.Create(
parameters.Scope,
roleAssignmentId.ToString(), createParameters);
#endif
return(assignment.ToPSRoleAssignment(this, ActiveDirectoryClient));
}
/// <summary>
/// Creates new role assignment.
/// </summary>
/// <param name="parameters">The create parameters</param>
/// <returns>The created role assignment object</returns>
public PSRoleAssignment CreateRoleAssignment(FilterRoleAssignmentsOptions parameters)
{
Guid principalId = ActiveDirectoryClient.GetObjectId(parameters.ADObjectFilter);
string principalIdStr = null;
if (principalId == Guid.Empty)
{
principalIdStr = ActiveDirectoryClient.GetAdfsObjectId(parameters.ADObjectFilter);
}
else
{
principalIdStr = principalId.ToString();
}
Guid roleAssignmentId = RoleAssignmentNames.Count == 0 ? Guid.NewGuid() : RoleAssignmentNames.Dequeue();
string scope = parameters.Scope;
string roleDefinitionId = !string.IsNullOrEmpty(parameters.RoleDefinitionName)
? AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(scope, GetSingleRoleDefinitionByName(parameters.RoleDefinitionName, scope).Id)
: AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(scope, parameters.RoleDefinitionId);
var createProperties = new RoleAssignmentProperties
{
PrincipalId = principalIdStr,
RoleDefinitionId = roleDefinitionId
};
var createParameters = new RoleAssignmentCreateParameters(createProperties);
RoleAssignment assignment = AuthorizationManagementClient.RoleAssignments.Create(
parameters.Scope, roleAssignmentId.ToString(), createParameters);
return(assignment.ToPSRoleAssignment(this, ActiveDirectoryClient));
}
