private bool IsSafeToRemoveDisableAssignmentFromGroup(ExchangeRoleAssignment roleAssignment)
{
if (!RoleAssignmentsGlobalConstraints.IsValidCannedRoleToGroupAssignment(roleAssignment))
{
return(true);
}
ExchangeRole role = this.GetRole(roleAssignment.Role);
if (!role.IsValid)
{
return(true);
}
bool flag = true;
bool verifyGroupEmptiness = false;
if (roleAssignment.RoleAssignmentDelegationType.Equals(RoleAssignmentDelegationType.DelegatingOrgWide) && role.IsRootRole && !role.IsUnscoped)
{
flag = false;
}
if (roleAssignment.RoleAssignmentDelegationType.Equals(RoleAssignmentDelegationType.Regular) && role.IsRootRole && RoleAssignmentsGlobalConstraints.RoleTypesWithRegularAssignment.Contains(role.RoleType))
{
flag = false;
verifyGroupEmptiness = true;
}
flag = (flag || !role.GetImplicitScopeSet().Equals(roleAssignment.GetSimpleScopeSet()));
if (!flag)
{
flag = this.ExistDistinctRoleAssignmentForGroup(roleAssignment, role, verifyGroupEmptiness);
}
return(flag);
}
protected override void InternalValidate()
{
TaskLogger.LogEnter();
base.InternalValidate();
if (base.HasErrors)
{
return;
}
RoleHelper.ValidateAssignmentMethod(this.Identity, this.Identity.User, this.DataObject.Role, this.DataObject.User, new RoleHelper.ErrorRoleAssignmentDelegate(Strings.ErrorSetGroupRoleAssignment), new RoleHelper.ErrorRoleAssignmentDelegate(Strings.ErrorSetMailboxPlanRoleAssignment), new RoleHelper.ErrorRoleAssignmentDelegate(Strings.ErrorSetPolicyRoleAssignment), new Task.TaskErrorLoggingDelegate(base.WriteError));
bool flag = false;
if (base.Fields.IsModified(RbacCommonParameters.ParameterEnabled))
{
if (this.Enabled && this.DataObject.Enabled)
{
this.WriteWarning(Strings.WarningEnableEnabledRoleAssignment(this.DataObject.Id.ToString()));
}
else if (!this.Enabled && !this.DataObject.Enabled)
{
this.WriteWarning(Strings.WarningDisableDisabledRoleAssignment(this.DataObject.Id.ToString()));
}
else if (!this.Enabled && this.DataObject.Enabled)
{
flag = true;
}
}
if (RoleAssignmentsGlobalConstraints.IsValidCannedRoleToGroupAssignment(this.DataObject) && (flag || RoleHelper.IsScopeSpecified(base.Fields)))
{
RoleAssignmentsGlobalConstraints roleAssignmentsGlobalConstraints = new RoleAssignmentsGlobalConstraints(this.ConfigurationSession, base.TenantGlobalCatalogSession, new Task.ErrorLoggerDelegate(base.WriteError));
roleAssignmentsGlobalConstraints.ValidateIsSafeToModifyAssignment(this.DataObject, flag);
}
TaskLogger.LogExit();
}
private bool IsUserRequiredForAssignment(ExchangeRoleAssignment roleAssignment)
{
if (!RoleAssignmentsGlobalConstraints.IsValidCannedRoleToGroupAssignment(roleAssignment))
{
return(false);
}
ExchangeRole role = this.GetRole(roleAssignment.Role);
return(role.IsValid && (roleAssignment.RoleAssignmentDelegationType.Equals(RoleAssignmentDelegationType.Regular) && role.IsRootRole && RoleAssignmentsGlobalConstraints.RoleTypesWithRegularAssignment.Contains(role.RoleType)) && role.GetImplicitScopeSet().Equals(roleAssignment.GetSimpleScopeSet()));
}
protected override void InternalValidate()
{
TaskLogger.LogEnter();
base.InternalValidate();
bool flag = false;
if (base.Fields.IsModified(ADGroupSchema.Members))
{
if (this.DataObject.RoleGroupType == RoleGroupType.Linked)
{
base.WriteError(new RecipientTaskException(Strings.ErrorLinkedRoleGroupCannotHaveMembers), (ErrorCategory)1000, null);
}
List <ADObjectId> list = null;
SecurityPrincipalIdParameter[] parameters = this.GetChangedValues(true);
SecurityPrincipalIdParameter[] changedValues = this.GetChangedValues(false);
if (this.Members == null || !this.Members.IsChangesOnlyCopy)
{
flag = true;
if (this.Members != null)
{
parameters = this.Members.ToArray();
}
list = this.DataObject.Members.ToList <ADObjectId>();
this.DataObject.Members = new MultiValuedProperty <ADObjectId>();
}
SyncTaskHelper.ResolveModifiedMultiReferenceParameter <SecurityPrincipalIdParameter>("Members", "AddedMembers", parameters, new GetRecipientDelegate <SecurityPrincipalIdParameter>(this.GetRecipient), this.ReferenceErrorReporter, this.recipientIdsDictionary, this.recipientsDictionary, this.parameterDictionary);
SyncTaskHelper.ValidateModifiedMultiReferenceParameter <ADGroup>("Members", "AddedMembers", this.DataObject, new ValidateRecipientWithBaseObjectDelegate <ADGroup>(MailboxTaskHelper.ValidateGroupMember), this.ReferenceErrorReporter, this.recipientsDictionary, this.parameterDictionary);
SyncTaskHelper.AddModifiedRecipientIds("AddedMembers", SyncDistributionGroupSchema.Members, this.DataObject, this.recipientIdsDictionary);
if (flag)
{
MultiValuedProperty <ADObjectId> multiValuedProperty = new MultiValuedProperty <ADObjectId>();
foreach (ADObjectId item in list)
{
if (!this.DataObject.Members.Contains(item))
{
multiValuedProperty.Add(item);
}
}
this.recipientIdsDictionary["RemovedMembers"] = multiValuedProperty;
}
else
{
SyncTaskHelper.ResolveModifiedMultiReferenceParameter <SecurityPrincipalIdParameter>("Members", "RemovedMembers", changedValues, new GetRecipientDelegate <SecurityPrincipalIdParameter>(this.GetRecipient), this.ReferenceErrorReporter, this.recipientIdsDictionary, this.recipientsDictionary, this.parameterDictionary);
SyncTaskHelper.RemoveModifiedRecipientIds("RemovedMembers", SyncDistributionGroupSchema.Members, this.DataObject, this.recipientIdsDictionary);
}
}
MailboxTaskHelper.ValidateAddedMembers(base.TenantGlobalCatalogSession, this.DataObject, new Task.ErrorLoggerDelegate(base.WriteError), new DataAccessHelper.CategorizedGetDataObjectDelegate(base.GetDataObject <ADRecipient>));
if (this.recipientIdsDictionary.ContainsKey("RemovedMembers") && this.recipientIdsDictionary["RemovedMembers"].Count > 0)
{
RoleAssignmentsGlobalConstraints roleAssignmentsGlobalConstraints = new RoleAssignmentsGlobalConstraints(this.ConfigurationSession, base.TenantGlobalCatalogSession, new Task.ErrorLoggerDelegate(base.WriteError));
roleAssignmentsGlobalConstraints.ValidateIsSafeToRemoveRoleGroupMember(this.DataObject, new List <ADObjectId>(this.recipientIdsDictionary["RemovedMembers"]));
}
TaskLogger.LogExit();
}
private bool HierarchicalCheckForGroupEmptiness(ADGroup group, out ExchangeRoleAssignment roleAssignment)
{
roleAssignment = null;
Result <ExchangeRoleAssignment>[] inheritedRoleAssignments = this.GetInheritedRoleAssignments(group);
if (inheritedRoleAssignments == null)
{
return(true);
}
this.excludedFromEmptinessValidation.Add(group.Id);
List <ADGroup> list = new List <ADGroup>();
Result <ExchangeRoleAssignment>[] array = inheritedRoleAssignments;
for (int i = 0; i < array.Length; i++)
{
Result <ExchangeRoleAssignment> assignment = array[i];
Result <ExchangeRoleAssignment> assignment8 = assignment;
if (RoleAssignmentsGlobalConstraints.IsValidCannedRoleToGroupAssignment(assignment8.Data))
{
if (!list.Exists(delegate(ADGroup x)
{
ADObjectId id = x.Id;
Result <ExchangeRoleAssignment> assignment7 = assignment;
return(id.Equals(assignment7.Data.User));
}))
{
Result <ExchangeRoleAssignment> assignment2 = assignment;
if (this.IsUserRequiredForAssignment(assignment2.Data))
{
Result <ExchangeRoleAssignment> assignment3 = assignment;
if (!this.IsGroupEmpty(assignment3.Data.User))
{
list.Add(group);
}
else
{
Result <ExchangeRoleAssignment> assignment4 = assignment;
ExchangeRoleAssignment data = assignment4.Data;
Result <ExchangeRoleAssignment> assignment5 = assignment;
if (!this.ExistDistinctRoleAssignmentForGroup(data, this.GetRole(assignment5.Data.Role), true))
{
Result <ExchangeRoleAssignment> assignment6 = assignment;
roleAssignment = assignment6.Data;
return(false);
}
}
}
}
}
}
return(true);
}
protected override void InternalValidate()
{
TaskLogger.LogEnter();
base.InternalValidate();
if (base.HasErrors)
{
return;
}
RoleHelper.ValidateAssignmentMethod(this.Identity, this.Identity.User, base.DataObject.Role, base.DataObject.User, new RoleHelper.ErrorRoleAssignmentDelegate(Strings.ErrorRemoveGroupRoleAssignment), new RoleHelper.ErrorRoleAssignmentDelegate(Strings.ErrorRemoveMailboxPlanRoleAssignment), new RoleHelper.ErrorRoleAssignmentDelegate(Strings.ErrorRemovePolicyRoleAssignment), new Task.TaskErrorLoggingDelegate(base.WriteError));
RoleAssignmentsGlobalConstraints roleAssignmentsGlobalConstraints = new RoleAssignmentsGlobalConstraints(this.ConfigurationSession, base.TenantGlobalCatalogSession, new Task.ErrorLoggerDelegate(base.WriteError));
roleAssignmentsGlobalConstraints.ValidateIsSafeToRemoveAssignment(base.DataObject);
RoleHelper.HierarchyRoleAssignmentChecking(base.DataObject, base.ExchangeRunspaceConfig, this.ConfigurationSession, base.ExecutingUserOrganizationId, new Task.TaskVerboseLoggingDelegate(base.WriteVerbose), new Task.TaskErrorLoggingDelegate(base.WriteError), new Task.TaskWarningLoggingDelegate(this.WriteWarning), true);
TaskLogger.LogExit();
}
protected override void PerformGroupMemberAction()
{
TaskLogger.LogEnter();
MailboxTaskHelper.ValidateAndRemoveMember(base.TenantGlobalCatalogSession, this.DataObject, base.Member, null, false, new Task.TaskErrorLoggingDelegate(base.WriteError), new DataAccessHelper.GetDataObjectDelegate(base.GetDataObject <ADRecipient>));
if (this.DataObject.Members.Changed)
{
ADRecipient adrecipient = (ADRecipient)base.GetDataObject <ADRecipient>(base.Member, base.TenantGlobalCatalogSession, this.DataObject.OrganizationId.OrganizationalUnit, null, new LocalizedString?(Strings.ErrorRecipientNotFound(base.Member.ToString())), new LocalizedString?(Strings.ErrorRecipientNotUnique(base.Member.ToString())));
RoleAssignmentsGlobalConstraints roleAssignmentsGlobalConstraints = new RoleAssignmentsGlobalConstraints(this.ConfigurationSession, base.TenantGlobalCatalogSession, new Task.ErrorLoggerDelegate(base.WriteError));
roleAssignmentsGlobalConstraints.ValidateIsSafeToRemoveRoleGroupMember(this.DataObject, new List <ADObjectId>
{
adrecipient.Id
});
}
TaskLogger.LogExit();
}
protected override void InternalValidate()
{
base.OptionalIdentityData.RootOrgDomainContainerId = this.RootOrgUSGContainerId;
base.InternalValidate();
if (!this.BypassSecurityGroupManagerCheck)
{
ADObjectId user;
base.TryGetExecutingUserId(out user);
RoleGroupCommon.ValidateExecutingUserHasGroupManagementRights(user, base.DataObject, base.ExchangeRunspaceConfig, new Task.ErrorLoggerDelegate(base.WriteError));
}
if (RoleGroupCommon.IsPrecannedRoleGroup(base.DataObject, this.ConfigurationSession, new Guid[0]))
{
base.WriteError(new TaskInvalidOperationException(Strings.ErrorCannotDeletePrecannedRoleGroup(base.DataObject.Name)), ExchangeErrorCategory.Client, null);
}
RoleAssignmentsGlobalConstraints roleAssignmentsGlobalConstraints = new RoleAssignmentsGlobalConstraints(this.ConfigurationSession, base.TenantGlobalCatalogSession, new Task.ErrorLoggerDelegate(base.WriteError));
roleAssignmentsGlobalConstraints.ValidateIsSafeToRemoveRoleGroup(base.DataObject, this.roleAssignmentResults, this);
}