private bool IsSafeToRemoveDisableAssignmentFromGroup(ExchangeRoleAssignment roleAssignment) { if (!RoleAssignmentsGlobalConstraints.IsValidCannedRoleToGroupAssignment(roleAssignment)) { return(true); } ExchangeRole role = this.GetRole(roleAssignment.Role); if (!role.IsValid) { return(true); } bool flag = true; bool verifyGroupEmptiness = false; if (roleAssignment.RoleAssignmentDelegationType.Equals(RoleAssignmentDelegationType.DelegatingOrgWide) && role.IsRootRole && !role.IsUnscoped) { flag = false; } if (roleAssignment.RoleAssignmentDelegationType.Equals(RoleAssignmentDelegationType.Regular) && role.IsRootRole && RoleAssignmentsGlobalConstraints.RoleTypesWithRegularAssignment.Contains(role.RoleType)) { flag = false; verifyGroupEmptiness = true; } flag = (flag || !role.GetImplicitScopeSet().Equals(roleAssignment.GetSimpleScopeSet())); if (!flag) { flag = this.ExistDistinctRoleAssignmentForGroup(roleAssignment, role, verifyGroupEmptiness); } return(flag); }
protected override void InternalValidate() { TaskLogger.LogEnter(); base.InternalValidate(); if (base.HasErrors) { return; } RoleHelper.ValidateAssignmentMethod(this.Identity, this.Identity.User, this.DataObject.Role, this.DataObject.User, new RoleHelper.ErrorRoleAssignmentDelegate(Strings.ErrorSetGroupRoleAssignment), new RoleHelper.ErrorRoleAssignmentDelegate(Strings.ErrorSetMailboxPlanRoleAssignment), new RoleHelper.ErrorRoleAssignmentDelegate(Strings.ErrorSetPolicyRoleAssignment), new Task.TaskErrorLoggingDelegate(base.WriteError)); bool flag = false; if (base.Fields.IsModified(RbacCommonParameters.ParameterEnabled)) { if (this.Enabled && this.DataObject.Enabled) { this.WriteWarning(Strings.WarningEnableEnabledRoleAssignment(this.DataObject.Id.ToString())); } else if (!this.Enabled && !this.DataObject.Enabled) { this.WriteWarning(Strings.WarningDisableDisabledRoleAssignment(this.DataObject.Id.ToString())); } else if (!this.Enabled && this.DataObject.Enabled) { flag = true; } } if (RoleAssignmentsGlobalConstraints.IsValidCannedRoleToGroupAssignment(this.DataObject) && (flag || RoleHelper.IsScopeSpecified(base.Fields))) { RoleAssignmentsGlobalConstraints roleAssignmentsGlobalConstraints = new RoleAssignmentsGlobalConstraints(this.ConfigurationSession, base.TenantGlobalCatalogSession, new Task.ErrorLoggerDelegate(base.WriteError)); roleAssignmentsGlobalConstraints.ValidateIsSafeToModifyAssignment(this.DataObject, flag); } TaskLogger.LogExit(); }
private bool IsUserRequiredForAssignment(ExchangeRoleAssignment roleAssignment) { if (!RoleAssignmentsGlobalConstraints.IsValidCannedRoleToGroupAssignment(roleAssignment)) { return(false); } ExchangeRole role = this.GetRole(roleAssignment.Role); return(role.IsValid && (roleAssignment.RoleAssignmentDelegationType.Equals(RoleAssignmentDelegationType.Regular) && role.IsRootRole && RoleAssignmentsGlobalConstraints.RoleTypesWithRegularAssignment.Contains(role.RoleType)) && role.GetImplicitScopeSet().Equals(roleAssignment.GetSimpleScopeSet())); }
private bool HierarchicalCheckForGroupEmptiness(ADGroup group, out ExchangeRoleAssignment roleAssignment) { roleAssignment = null; Result <ExchangeRoleAssignment>[] inheritedRoleAssignments = this.GetInheritedRoleAssignments(group); if (inheritedRoleAssignments == null) { return(true); } this.excludedFromEmptinessValidation.Add(group.Id); List <ADGroup> list = new List <ADGroup>(); Result <ExchangeRoleAssignment>[] array = inheritedRoleAssignments; for (int i = 0; i < array.Length; i++) { Result <ExchangeRoleAssignment> assignment = array[i]; Result <ExchangeRoleAssignment> assignment8 = assignment; if (RoleAssignmentsGlobalConstraints.IsValidCannedRoleToGroupAssignment(assignment8.Data)) { if (!list.Exists(delegate(ADGroup x) { ADObjectId id = x.Id; Result <ExchangeRoleAssignment> assignment7 = assignment; return(id.Equals(assignment7.Data.User)); })) { Result <ExchangeRoleAssignment> assignment2 = assignment; if (this.IsUserRequiredForAssignment(assignment2.Data)) { Result <ExchangeRoleAssignment> assignment3 = assignment; if (!this.IsGroupEmpty(assignment3.Data.User)) { list.Add(group); } else { Result <ExchangeRoleAssignment> assignment4 = assignment; ExchangeRoleAssignment data = assignment4.Data; Result <ExchangeRoleAssignment> assignment5 = assignment; if (!this.ExistDistinctRoleAssignmentForGroup(data, this.GetRole(assignment5.Data.Role), true)) { Result <ExchangeRoleAssignment> assignment6 = assignment; roleAssignment = assignment6.Data; return(false); } } } } } } return(true); }