//-----------------------------------------------------------------------
//
// Copyright (C) 2011 Microsoft Corporation
//
//-----------------------------------------------------------------------
namespace Microsoft.Samples.Management.OData.RoleBasedPlugins
{
using System;
using System.Collections.Generic;
using System.IO;
using System.Security.Principal;
///
/// Class represents a group in RBAC
///
internal class RbacGroup
{
/// Default key guid
private Guid keyGuid = Guid.NewGuid();
///
/// Initializes a new instance of the RbacGroup class
///
/// Group information
public RbacGroup(XmlGroup group)
: this(group != null ? group.Name : string.Empty, group)
{
}
///
/// Initializes a new instance of the RbacGroup class.
///
/// Group name
/// Group configuration
public RbacGroup(string groupName, XmlGroup group)
{
if (string.IsNullOrEmpty(groupName))
{
throw new ArgumentException("groupName is passed as empty or null");
}
this.Name = groupName;
if (group != null)
{
if (group.MapIncomingUser == true)
{
this.MapIncomingUser = group.MapIncomingUser;
if (string.IsNullOrEmpty(group.UserName) == false || string.IsNullOrEmpty(group.Password) == false || string.IsNullOrEmpty(group.DomainName) == false)
{
throw new ArgumentException("Group " + groupName + " has defined incoming user to true and defined credential for mapped user. They are exclusive and only one can be defined.");
}
}
else
{
this.UserName = group.UserName;
this.Password = group.Password;
this.DomainName = group.DomainName;
}
}
if (group != null && group.Cmdlets != null)
{
this.Cmdlets = new List(group.Cmdlets);
}
else
{
this.Cmdlets = new List();
}
this.Scripts = new List();
if (group != null && group.Scripts != null)
{
foreach (string script in group.Scripts)
{
this.Scripts.Add(script);
}
}
this.Modules = new List();
if (group != null && group.Modules != null)
{
foreach (string module in group.Modules)
{
this.Modules.Add(Path.Combine(Utils.GetBasePath(), module));
}
}
}
/// Gets name of the group
public string Name { get; private set; }
/// Gets collection of Commands supported in the group
public List Cmdlets { get; private set; }
/// Gets collection of Scripts supported in the group
public List Scripts { get; private set; }
/// Gets collection of Modules supported in the group
public List Modules { get; private set; }
/// Gets a value indicating whether to use network client identity for executing a cmdlet
public bool MapIncomingUser { get; private set; }
/// Gets user name
public string UserName { get; private set; }
/// Gets password
public string Password { get; private set; }
/// Gets domain name
public string DomainName { get; private set; }
///
/// Gets the membershipId for the group
///
/// Membership id of the group
public string GetMembershipId()
{
return this.Name + this.keyGuid.ToString();
}
///
/// Gets Windows Identity associated with this group
///
/// Incoming identity
/// Windows Identity associated with this group
public WindowsIdentity GetWindowsIdentity(WindowsIdentity incomingIdentity)
{
WindowsIdentity identity = null;
if (this.MapIncomingUser == true)
{
if (incomingIdentity == null)
{
throw new ArgumentException("Current user is mapped to group " + this.Name + " which is expected to return context of the incoming user. But context of the incoming user passed is null.");
}
return incomingIdentity;
}
if (this.UserName == null || this.Password == null)
{
if (this.UserName == null && this.Password == null)
{
identity = WindowsIdentityHelper.GetCurrentWindowsIdentity();
}
else
{
if (this.UserName == null)
{
throw new ArgumentException("User name is null for group " + this.Name);
}
if (this.Password == null)
{
throw new ArgumentException("Password is null for group " + this.Name);
}
}
}
else
{
identity = WindowsIdentityHelper.GetWindowsIdentity(this.UserName, this.Password, this.DomainName);
}
return identity;
}
}
}