private void AssertSPListHost(SPList targetList, SPGroup securityGroup, SecurityRoleLinkDefinition securityRoleLinkModel)
{
var web = targetList.ParentWeb;
var role = web.RoleDefinitions[securityRoleLinkModel.SecurityRoleName];
// check if roleAssignment has current role
TraceUtils.WithScope(traceScope =>
{
traceScope.WriteLine(string.Format("Validate model:[{0}] securableObject:[{1}]", securityRoleLinkModel, targetList));
traceScope.WithTraceIndent(trace =>
{
// asserting it exists
traceScope.WriteLine(string.Format("Validating existance..."));
var roleAssignment = targetList
.RoleAssignments
.OfType<SPRoleAssignment>()
.FirstOrDefault(r => r.Member.ID == securityGroup.ID);
Assert.IsNotNull(roleAssignment);
traceScope.WriteLine(string.Format("Validating role presence..."));
roleAssignment.RoleDefinitionBindings.Contains(role);
traceScope.WriteLine(string.Format("Role [{0}] exists!", securityRoleLinkModel.SecurityRoleName));
});
});
}
protected SPRoleDefinition ResolveSecurityRole(SPWeb web, SecurityRoleLinkDefinition rolDefinitionModel)
{
var roleDefinitions = web.RoleDefinitions;
if (!string.IsNullOrEmpty(rolDefinitionModel.SecurityRoleName))
{
foreach (SPRoleDefinition roleDefinition in roleDefinitions)
if (string.Compare(roleDefinition.Name, rolDefinitionModel.SecurityRoleName, true) == 0)
return roleDefinition;
}
else if (rolDefinitionModel.SecurityRoleId > 0)
{
foreach (SPRoleDefinition roleDefinition in roleDefinitions)
{
if (roleDefinition.Id == rolDefinitionModel.SecurityRoleId)
return roleDefinition;
}
}
else if (!string.IsNullOrEmpty(rolDefinitionModel.SecurityRoleType))
{
var roleType = (SPRoleType)Enum.Parse(typeof(SPRoleType), rolDefinitionModel.SecurityRoleType, true);
return roleDefinitions.GetByType(roleType);
}
throw new ArgumentException(string.Format("Cannot resolve role definition for role definition link model:[{0}]", rolDefinitionModel));
}
public static ModelNode AddSecurityRoleLink(this ModelNode model, string securityRoleName, Action<ModelNode> action)
{
var roleLinkDefinition = new SecurityRoleLinkDefinition
{
SecurityRoleName = securityRoleName
};
return model.AddSecurityRoleLink(roleLinkDefinition, action);
}
public static ModelNode AddSecurityRoleLink(this ModelNode model, SecurityRoleDefinition definition, Action<ModelNode> action)
{
var roleLinkDefinition = new SecurityRoleLinkDefinition
{
SecurityRoleName = definition.Name
};
return model.AddDefinitionNode(roleLinkDefinition, action);
}
private void ProcessSPGroupHost(SPGroup modelHost, SPGroup securityGroup, SecurityRoleLinkDefinition securityRoleLinkModel)
{
// TODO
// need common validation infrastructure
var web = securityGroup.ParentWeb;
var securityRoleAssignment = new SPRoleAssignment(securityGroup);
var roleDefinition = web.RoleDefinitions[securityRoleLinkModel.SecurityRoleName];
if (!securityRoleAssignment.RoleDefinitionBindings.Contains(roleDefinition))
{
InvokeOnModelEvent(this, new ModelEventArgs
{
CurrentModelNode = null,
Model = null,
EventType = ModelEventType.OnProvisioning,
Object = null,
ObjectType = typeof(SPRoleDefinition),
ObjectDefinition = securityRoleLinkModel,
ModelHost = modelHost
});
securityRoleAssignment.RoleDefinitionBindings.Add(roleDefinition);
}
else
{
InvokeOnModelEvent(this, new ModelEventArgs
{
CurrentModelNode = null,
Model = null,
EventType = ModelEventType.OnProvisioning,
Object = roleDefinition,
ObjectType = typeof(SPRoleDefinition),
ObjectDefinition = securityRoleLinkModel,
ModelHost = modelHost
});
}
InvokeOnModelEvent(this, new ModelEventArgs
{
CurrentModelNode = null,
Model = null,
EventType = ModelEventType.OnProvisioned,
Object = roleDefinition,
ObjectType = typeof(SPRoleDefinition),
ObjectDefinition = securityRoleLinkModel,
ModelHost = modelHost
});
web.RoleAssignments.Add(securityRoleAssignment);
web.Update();
}
protected RoleDefinition ResolveSecurityRole(Web web, SecurityRoleLinkDefinition rolDefinitionModel)
{
var context = web.Context;
var roleDefinitions = web.RoleDefinitions;
context.Load(roleDefinitions, r => r.Include(l => l.Name, l => l.Id));
context.ExecuteQueryWithTrace();
if (!string.IsNullOrEmpty(rolDefinitionModel.SecurityRoleName))
{
foreach (var roleDefinition in roleDefinitions)
if (string.Compare(roleDefinition.Name, rolDefinitionModel.SecurityRoleName, true) == 0)
return roleDefinition;
}
else if (rolDefinitionModel.SecurityRoleId > 0)
{
foreach (var roleDefinition in roleDefinitions)
{
if (roleDefinition.Id == rolDefinitionModel.SecurityRoleId)
return roleDefinition;
}
}
else if (!string.IsNullOrEmpty(rolDefinitionModel.SecurityRoleType))
{
var roleType = (RoleType)Enum.Parse(typeof(RoleType), rolDefinitionModel.SecurityRoleType, true);
return roleDefinitions.GetByType(roleType);
}
throw new ArgumentException(string.Format("Cannot resolve role definition for role definition link model:[{0}]", rolDefinitionModel));
}
public static ModelNode AddSecurityRoleLink(this ModelNode model, SecurityRoleLinkDefinition definition, Action<ModelNode> action)
{
return model.AddDefinitionNode(definition, action);
}
public static ModelNode AddSecurityRoleLink(this ModelNode model, SecurityRoleLinkDefinition definition)
{
return AddSecurityRoleLink(model, definition, null);
}
private void ProcessSPSecurableObjectHost(SPSecurableObject targetSecurableObject, SPGroup securityGroup,
SecurityRoleLinkDefinition securityRoleLinkModel)
{
//// TODO
// need common validation infrastructure
var web = ExtractWeb(targetSecurableObject);
var roleAssignment = new SPRoleAssignment(securityGroup);
var role = ResolveSecurityRole(web, securityRoleLinkModel);
if (!roleAssignment.RoleDefinitionBindings.Contains(role))
{
if (roleAssignment.RoleDefinitionBindings.Count == 1
&& roleAssignment.RoleDefinitionBindings[0].Type == SPRoleType.Reader)
{
roleAssignment.RoleDefinitionBindings.RemoveAll();
}
InvokeOnModelEvent(this, new ModelEventArgs
{
CurrentModelNode = null,
Model = null,
EventType = ModelEventType.OnProvisioning,
Object = null,
ObjectType = typeof(SPRoleDefinition),
ObjectDefinition = securityRoleLinkModel,
ModelHost = targetSecurableObject
});
TraceService.Information((int)LogEventId.ModelProvisionProcessingNewObject, "Processing new security role link");
roleAssignment.RoleDefinitionBindings.Add(role);
}
else
{
TraceService.Information((int)LogEventId.ModelProvisionProcessingExistingObject, "Processing existing security role link");
InvokeOnModelEvent(this, new ModelEventArgs
{
CurrentModelNode = null,
Model = null,
EventType = ModelEventType.OnProvisioning,
Object = role,
ObjectType = typeof(SPRoleDefinition),
ObjectDefinition = securityRoleLinkModel,
ModelHost = targetSecurableObject
});
}
targetSecurableObject.RoleAssignments.Add(roleAssignment);
InvokeOnModelEvent(this, new ModelEventArgs
{
CurrentModelNode = null,
Model = null,
EventType = ModelEventType.OnProvisioned,
Object = role,
ObjectType = typeof(SPRoleDefinition),
ObjectDefinition = securityRoleLinkModel,
ModelHost = targetSecurableObject
});
}