是否可以使用REST API查看哪些组/用户具有访问权限,以及对项目中特定管道的权限是什么?
答案 0 :(得分:0)
恐怕没有一个REST API可以直接检查组/用户对特定管道的权限。您必须使用多个rest api才能获得所需的内容。请参阅以下步骤;
1,通过Groups list API获取组。通过Users list API获取所有用户。
您需要从结果中获取组/用户的subject descriptor
。
例如"descriptor: "acs.Nzc4OWYwOWQtZTA1My00ZjJlLWJkZWUtMGM4Zjg0NzZhNGJj"
2,使用rest api上方的主题描述符通过Identities - Read Identities rest api获取identity descriptor
https://vssps.dev.azure.com/{organization}/_apis/identities?subjectDescriptors={subjectDescriptors}&api-version=6.1-preview.1
从结果中获取identity descriptor
:
例如"descriptor": "Microsoft.IdentityModel.Claims.ClaimsIdentity;7a394543-62fd-4274-a7d2-8fac775942b6\\jtseng@vscsi.us"
3,使用identity descriptor
和令牌,使用Access Control Lists - Query Rest api检查该组/用户的权限
GET https://dev.azure.com/{organization}/_apis/accesscontrollists/{securityNamespaceId}?token={token}&descriptors={descriptors}&includeExtendedInfo={includeExtendedInfo}&recurse={recurse}&api-version=6.1-preview.1
Build的securityNamespaceId是一个常量值33344d9c-fc72-4d6f-aba5-fa317101a7e9
。有关所有securityNamespaceId的信息,请参见here。
令牌的格式为projectId/buildDefinitionId
例如,获取buildDefinition权限的请求网址如下:
"https://dev.azure.com/myOrg/_apis/accesscontrollists/33344d9c-fc72-4d6f-aba5-fa317101a7e9?includeExtendedInfo=True&token=****-****-4fa8-b2f1-0ee8f4fc82c5/87&descriptors=Microsoft.TeamFoundation.ServiceIdentity;bfbbe64a-653b-47f8-8f74-a56680a9bc6a:Build:39e13f04-cb4e-4fa8-b2f1-0ee8f4fc82c5&api-version=6.1-preview.1"
然后您将从extendedInfo
获得许可结果,如下所示:
为了了解3
中的权限值(例如下面的extendedInfo
)
extendedInfo": {"effectiveAllow": 3}
您可以检查Security Namespaces - Query rest api。请参阅下面的权限名称及其“构建安全性命名空间”的位。
bit name displayName namespaceId
--- ---- ----------- -----------
1 ViewBuilds View builds 00000000-0000-0000-0000-000000000000
2 EditBuildQuality Edit build quality 00000000-0000-0000-0000-000000000000
4 RetainIndefinitely Retain indefinitely 00000000-0000-0000-0000-000000000000
8 DeleteBuilds Delete builds 00000000-0000-0000-0000-000000000000
16 ManageBuildQualities Manage build qualities 00000000-0000-0000-0000-000000000000
32 DestroyBuilds Destroy builds 00000000-0000-0000-0000-000000000000
64 UpdateBuildInformation Update build information 00000000-0000-0000-0000-000000000000
128 QueueBuilds Queue builds 00000000-0000-0000-0000-000000000000
256 ManageBuildQueue Manage build queue 00000000-0000-0000-0000-000000000000
512 StopBuilds Stop builds 00000000-0000-0000-0000-000000000000
1024 ViewBuildDefinition View build pipeline 00000000-0000-0000-0000-000000000000
2048 EditBuildDefinition Edit build pipeline 00000000-0000-0000-0000-000000000000
4096 DeleteBuildDefinition Delete build pipeline 00000000-0000-0000-0000-000000000000
8192 OverrideBuildCheckInValidation Override check-in validation by build 00000000-0000-0000-0000-000000000000
16384 AdministerBuildPermissions Administer build permissions 00000000-0000-0000-0000-000000000000
effectiveAllow
的值是允许的权限的位总和。在上面的例子中。有效的允许值为3
。因此,该组的权限为ViewBuilds -->allow
和EditBuildQuality-->allow
希望上面有帮助!