public SecurityNamespaceDescription GetGitSecurityNamespace() { VssConnection connection = this.Context.Connection; SecurityHttpClient securityClient = connection.GetClient<SecurityHttpClient>(); IEnumerable<SecurityNamespaceDescription> namespaces = securityClient.QuerySecurityNamespacesAsync(this.GitSecurityNamespace).Result; SecurityNamespaceDescription gitNamespace = namespaces.First(); Console.WriteLine("{0}", gitNamespace.DisplayName); foreach (ActionDefinition actionDef in gitNamespace.Actions) { string knownBit = ""; if (actionDef.Bit == gitNamespace.ReadPermission) { knownBit += " [Read]"; } if (actionDef.Bit == gitNamespace.WritePermission) { knownBit += " [Write]"; } Console.WriteLine("\"{0}\" ({1}){2}", actionDef.DisplayName ?? actionDef.Name, actionDef.Bit, knownBit); } return gitNamespace; }
internal IEnumerable <AccessControlList> ListAccessControl(Guid identify) { SecurityHttpClient securityClient = connection.GetClient <SecurityHttpClient>(); IEnumerable <SecurityNamespaceDescription> namespaces = securityClient.QuerySecurityNamespacesAsync(identify).Result; IEnumerable <AccessControlList> acls = securityClient.QueryAccessControlListsAsync( identify, string.Empty, descriptors: null, includeExtendedInfo: false, recurse: true).Result; return(acls); }
public IEnumerable<SecurityNamespaceDescription> ListLocalSecurityNamespaces() { VssConnection connection = this.Context.Connection; SecurityHttpClient securityClient = connection.GetClient<SecurityHttpClient>(); IEnumerable<SecurityNamespaceDescription> namespaces = securityClient.QuerySecurityNamespacesAsync(Guid.Empty, localOnly: true).Result; Console.WriteLine("Listing local security namespaces"); foreach (SecurityNamespaceDescription ns in namespaces) { Console.WriteLine("{0} ({1}) - {2} permissions", ns.DisplayName ?? ns.Name, ns.NamespaceId, ns.Actions.Count()); } return namespaces; }
internal Dictionary <int, string> GetGitPermissionNames() { SecurityHttpClient securityClient = connection.GetClient <SecurityHttpClient>(); IEnumerable <SecurityNamespaceDescription> namespaces; namespaces = securityClient.QuerySecurityNamespacesAsync(GitId).Result; SecurityNamespaceDescription gitNamespace = namespaces.First(); Dictionary <int, string> permission = new Dictionary <int, string>(); foreach (ActionDefinition actionDef in gitNamespace.Actions) { permission[actionDef.Bit] = actionDef.DisplayName; } return(permission); }
private static Dictionary <int, string> GetGitPermissionNames() { SecurityHttpClient securityClient = connection.GetClient <SecurityHttpClient>(); IEnumerable <Microsoft.VisualStudio.Services.Security.SecurityNamespaceDescription> namespaces; Guid g = Guid.Parse("2e9eb7ed-3c0a-47d4-87c1-0ffdd275fd87"); namespaces = securityClient.QuerySecurityNamespacesAsync(g).Result; Microsoft.VisualStudio.Services.Security.SecurityNamespaceDescription gitNamespace = namespaces.First(); Dictionary <int, string> permission = new Dictionary <int, string>(); foreach (Microsoft.VisualStudio.Services.Security.ActionDefinition actionDef in gitNamespace.Actions) { permission[actionDef.Bit] = actionDef.DisplayName; } return(permission); }
private Dictionary <int, string> GetGitPermissionNames() { VssConnection connection = this.Context.Connection; SecurityHttpClient securityClient = connection.GetClient <SecurityHttpClient>(); IEnumerable <SecurityNamespaceDescription> namespaces; using (new ClientSampleHttpLoggerOutputSuppression()) { namespaces = securityClient.QuerySecurityNamespacesAsync(this.GitSecurityNamespace).Result; } SecurityNamespaceDescription gitNamespace = namespaces.First(); Dictionary <int, string> permission = new Dictionary <int, string>(); foreach (ActionDefinition actionDef in gitNamespace.Actions) { permission[actionDef.Bit] = actionDef.DisplayName; } return(permission); }
public static void ListGitNamespacePermissions() { SecurityHttpClient securityClient = connection.GetClient <SecurityHttpClient>(); Guid g = Guid.Parse("2e9eb7ed-3c0a-47d4-87c1-0ffdd275fd87"); //Git security namespace IEnumerable <Microsoft.VisualStudio.Services.Security.SecurityNamespaceDescription> namespaces = securityClient.QuerySecurityNamespacesAsync(g).Result; Microsoft.VisualStudio.Services.Security.SecurityNamespaceDescription gitNamespace = namespaces.First(); IEnumerable <Microsoft.VisualStudio.Services.Security.AccessControlList> acls = securityClient.QueryAccessControlListsAsync( g, string.Empty, descriptors: null, includeExtendedInfo: false, recurse: true).Result; using (System.IO.StreamWriter file = new System.IO.StreamWriter(@"c:\TFSAdminAutomationData\out_GitAccessControlLists.txt")) { int counter = 0; file.WriteLine("token | inherit? | count of ACEs"); file.WriteLine("------+----------+--------------"); foreach (Microsoft.VisualStudio.Services.Security.AccessControlList acl in acls) { counter++; string[] tokenParser = acl.Token.Split('/'); if (tokenParser.Length != 2) //we are interested in team project level git security { continue; } file.WriteLine(); file.WriteLine(); file.WriteLine("{0} | {1} | {2} ACEs", acl.Token, acl.InheritPermissions, acl.AcesDictionary.Count()); file.WriteLine("Project Name: " + GetProjectName(tokenParser[1])); file.WriteLine("Expanding ACL for {0} ({1} ACEs)", acl.Token, acl.AcesDictionary.Count()); // get the details for Git permissions Dictionary <int, string> permission = GetGitPermissionNames(); // use the Git permissions data to expand the ACL foreach (var kvp in acl.AcesDictionary) { // in the key-value pair, Key is an identity and Value is an ACE (access control entry) // allow and deny are bit flags indicating which permissions are allowed/denied string identity = kvp.Key.Identifier.ToString(); file.WriteLine("Identity {0}", identity); string identityName = GetNameFromIdentity(identity); file.WriteLine("Identity Name {0}", identityName); if (!identityName.EndsWith("Project Administrators")) { continue; } string allowed = GetPermissionString(kvp.Value.Allow, permission); string denied = GetPermissionString(kvp.Value.Deny, permission); file.WriteLine(" Allowed: {0} (value={1})", allowed, kvp.Value.Allow); file.WriteLine(" Denied: {0} (value={1})", denied, kvp.Value.Deny); } } } }
public async Task <List <string> > GetPermissions(string organization, string projectName) { if (string.IsNullOrWhiteSpace(organization)) { throw new ArgumentException($"'{nameof(organization)}' cannot be null or whitespace.", nameof(organization)); } if (string.IsNullOrWhiteSpace(projectName)) { throw new ArgumentException($"'{nameof(projectName)}' cannot be null or whitespace.", nameof(projectName)); } VssConnection connection = null; GraphHttpClient graphHttpClient = null; TeamHttpClient teamClient = null; Guid GitSecurityNamespace = Guid.Parse("2e9eb7ed-3c0a-47d4-87c1-0ffdd275fd87"); try { string url = $"https://dev.azure.com/{organization}"; if (_adoConfig.UsePta) { connection = new VssConnection(new Uri(url), new VssBasicCredential(string.Empty, _adoConfig.AdoPersonalAccessToken)); } else { //connection = new VssConnection(new Uri(url), new VssCredentials(true)); connection = new VssConnection(new Uri(url), new VssClientCredentials(true)); } //projectName = "First-Ado"; //teamClient = connection.GetClient<TeamHttpClient>(); //var allteams = await teamClient.GetTeamsAsync(projectName, null, null, null, true); //var defTeamGroupName = $"{projectName} Team"; //var defTeam = allteams?.FirstOrDefault(a => a.Name.Contains(defTeamGroupName)); //if (defTeam != null) //{ // var members = await teamClient.GetTeamMembersWithExtendedPropertiesAsync(projectName, defTeam.Id.ToString()); // graphHttpClient = connection.GetClient<GraphHttpClient>(); // List<SubjectDescriptor> groupSubjectDescriptors = new(); // groupSubjectDescriptors.Add(SubjectDescriptor.FromString(defTeam.Identity.Descriptor.Identifier)); // var contextCreate = new GraphUserPrincipalNameCreationContext { PrincipalName = "*****@*****.**"}; // var added = await graphHttpClient.CreateUserAsync(contextCreate, groupSubjectDescriptors); // var membersAfter = await teamClient.GetTeamMembersWithExtendedPropertiesAsync(projectName, defTeam.Id.ToString()); //} // Get a client SecurityHttpClient httpClient = connection.GetClient <SecurityHttpClient>(); IEnumerable <SecurityNamespaceDescription> namespaces = await httpClient.QuerySecurityNamespacesAsync(GitSecurityNamespace); SecurityNamespaceDescription gitNamespace = namespaces.FirstOrDefault(); Dictionary <int, string> permission = new Dictionary <int, string>(); foreach (ActionDefinition actionDef in gitNamespace.Actions) { permission[actionDef.Bit] = actionDef.DisplayName; } return(permission.Values?.ToList()); } catch (Exception ex) { //Console.WriteLine("Exception during create project: ", ex.Message); throw; } finally { connection?.Dispose(); graphHttpClient?.Dispose(); teamClient?.Dispose(); } }