在Team Foundation Server或VSTS中设置和检索Team Administrator

时间:2018-01-22 19:37:14

标签: tfs azure-devops tfs-sdk

TFS 2012及更高版本以及VSTS都有团队管理员的概念。我在整个API中查找了一种通过代码设置和检索值的简单方法,以便更轻松地设置这些设置,但无法找到它。

通过Web UI的服务器对象模型进行反思可以提供有关如何执行此操作的提示,但它依赖于许多私有方法来完成此操作。特别是计算安全范围令牌的部分是隐藏的魔法。

1 个答案:

答案 0 :(得分:4)

找到this old blogpost from 2013 which details how to do this需要花费相当多的时间,而我似乎并不是唯一被私人方法困扰的人。最后,他们最终使用Reflection来调用私有方法来检索令牌:

此功能现在可通过TFS团队工具获得:

提取

找到与团队匹配的安全组,使用它来计算团队的令牌,获取属于该特殊安全命名空间的人员:

public List<string> ListTeamAdministrators(string team, out string message)
{
    // Retrieve the default team.
    TeamFoundationTeam t = this.teamService.ReadTeam(this.projectInfo.Uri, team, null);
    List<string> lst = null;
    message = "";

    if (t == null)
    {
        message = "Team [" + team + "] not found";
    }
    else
    {
        // Get security namespace for the project collection.
        ISecurityService securityService = this.teamProjectCollection.GetService<ISecurityService>();
        SecurityNamespace securityNamespace =
            securityService.GetSecurityNamespace(FrameworkSecurity.IdentitiesNamespaceId);

        // Use reflection to retrieve a security token for the team.
        var token = GetTeamAdminstratorsToken(t);

        // Retrieve an ACL object for all the team members.
        var allMembers = t.GetMembers(this.teamProjectCollection, MembershipQuery.Expanded)
            .ToArray();
        AccessControlList acl =
            securityNamespace.QueryAccessControlList(token, allMembers.Select(m => m.Descriptor), true);

        // Retrieve the team administrator SIDs by querying the ACL entries.
        var entries = acl.AccessControlEntries;
        var admins = entries.Where(e => (e.Allow & 15) == 15).Select(e => e.Descriptor.Identifier);

        // Finally, retrieve the actual TeamFoundationIdentity objects from the SIDs.
        var adminIdentities = allMembers.Where(m => admins.Contains(m.Descriptor.Identifier));

        lst = adminIdentities.Select(i => i.DisplayName).ToList();
    }
    return lst;
}

private static string GetTeamAdminstratorsToken(TeamFoundationTeam team)
{
    return IdentityHelper.CreateSecurityToken(team.Identity);
}

设置以类似的方式工作。获取令牌,然后将用户唯一标识符添加到访问控制列表:

IdentityDescriptor descriptor = GetMemberDescriptor(memberId);
securityNamespace.SetPermissions(token, descriptor, 15, 0, false);

删除

当然,从列表中删除某人很容易猜到; 

IdentityDescriptor descriptor = GetMemberDescriptor(memberId);
securityNamespace.RemovePermissions(token, descriptor, 15);
相关问题
最新问题