Delen via


TeamFoundationSecurityNamespace Class

Class for managing and enforcing security for a set of AccessControlLists.

Inheritance Hierarchy

System.Object
  Microsoft.TeamFoundation.Framework.Server.TeamFoundationSecurityNamespace

Namespace:  Microsoft.TeamFoundation.Framework.Server
Assembly:  Microsoft.TeamFoundation.Framework.Server (in Microsoft.TeamFoundation.Framework.Server.dll)

Syntax

'Declaration
Public Class TeamFoundationSecurityNamespace _
    Implements IDisposable
public class TeamFoundationSecurityNamespace : IDisposable
public ref class TeamFoundationSecurityNamespace : IDisposable
type TeamFoundationSecurityNamespace =  
    class 
        interface IDisposable 
    end
public class TeamFoundationSecurityNamespace implements IDisposable

The TeamFoundationSecurityNamespace type exposes the following members.

Properties

  Name Description
Public property Description The description this security namespace was built from.
Public property NamespaceExtension The extension for this namespace.

Top

Methods

  Name Description
Public method CheckPermission(TeamFoundationRequestContext, IEnumerable<String>, Int32, Boolean, PermissionEvaluationCallback) First checks to see whether the request context making the call is a SystemRequestContext and if it is, it returns immediately. Next, it queries the underlying permission store to determine whether the requestContext.UserContext has the requested permissions for the tokens and all its children. If alwaysAllowAdministrators is true and the UserContext is an admin on this server, the user will have permissions regardless of what the permission evaluation says. If the UserContext does not have the requestedPermissions for all of the children, a SecurityAccessException will be thrown.
Public method CheckPermission(TeamFoundationRequestContext, String, Int32, Boolean, PermissionEvaluationCallback) First checks to see whether the request context making the call is a SystemRequestContext and if it is, it returns immediately. Next, it queries the underlying permission store to determine whether the requestContext.UserContext has the requested permissions for this token. If alwaysAllowAdministrators is true and the UserContext is an admin on this server, the user will have permissions regardless of what the permission evaluation says. If the UserContext does not have the requestedPermissions, a SecurityAccessException will be thrown.
Public method CheckPermissionForAllChildren(TeamFoundationRequestContext, IEnumerable<String>, Int32, Boolean, Boolean, PermissionEvaluationCallback) First checks to see whether the request context making the call is a SystemRequestContext and if it is, it returns immediately. Next, it queries the underlying permission store to determine whether the requestContext.UserContext has the requested permissions for the tokens and all its children. If alwaysAllowAdministrators is true and the UserContext is an admin on this host, the user will have permissions regardless of what the permission evaluation says. If the UserContext does not have the requestedPermissions for all of the children, a AccessCheckException will be thrown.
Public method CheckPermissionForAllChildren(TeamFoundationRequestContext, String, Int32, Boolean, Boolean, PermissionEvaluationCallback) First checks to see whether the request context making the call is a SystemRequestContext and if it is, it returns immediately. Next, it queries the underlying permission store to determine whether the requestContext.UserContext has the requested permissions for this token and all its children. If alwaysAllowAdministrators is true and the UserContext is an admin on this host, the user will have permissions regardless of what the permission evaluation says. If the UserContext does not have the requestedPermissions for all of the children, an AccessCheckException will be thrown.
Public method CheckPermissionForAnyChildren(TeamFoundationRequestContext, IEnumerable<String>, Int32, Boolean, Boolean, PermissionEvaluationCallback) First checks to see whether the request context making the call is a SystemRequestContext and if it is, it returns immediately. Next, it queries the underlying permission store to determine whether the requestContext.UserContext has the requested permissions for this token or any one of its children. If alwaysAllowAdministrators is true and the UserContext is an admin on this host, the user will have permissions regardless of what the permission evaluation says. If the UserContext does not have the requestedPermissions for any of the children, a SecurityAccessException will be thrown.
Public method CheckPermissionForAnyChildren(TeamFoundationRequestContext, String, Int32, Boolean, Boolean, PermissionEvaluationCallback) First checks to see whether the request context making the call is a SystemRequestContext and if it is, it returns immediately. Next, it queries the underlying permission store to determine whether the requestContext.UserContext has the requested permissions for this token or any one of its children. If alwaysAllowAdministrators is true and the UserContext is an admin on this host, the user will have permissions regardless of what the permission evaluation says. If the UserContext does not have the requestedPermissions for any of the children, a SecurityAccessException will be thrown.
Public method Dispose
Public method EnsureIdentityIsKnown Ensures the identity is in the security group for the given security namespace. This function only needs to be called if ACEs are being persisted in a manner other than using the APIs on this interface
Public method Equals Determines whether the specified object is equal to the current object. (Inherited from Object.)
Protected method Finalize Allows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection. (Inherited from Object.)
Public method GetHashCode Serves as the default hash function. (Inherited from Object.)
Public method GetType Gets the Type of the current instance. (Inherited from Object.)
Public method HasPermission(TeamFoundationRequestContext, IEnumerable<String>, Int32, Boolean, PermissionEvaluationCallback) First checks to see whether the request context making the call is a SystemRequestContext and if it is, it returns true immediately. Next, it queries the underlying permission store to determine whether the requestContext.UserContext has the requested permissions on the tokens. If alwaysAllowAdministrators is true and the UserContext is an admin on this server, the user will have permissions regardless of what the permission evaluation says. If the UserContext does not have the requestedPermissions, false will be returned.
Public method HasPermission(TeamFoundationRequestContext, String, Int32, Boolean, PermissionEvaluationCallback) First checks to see whether the request context making the call is a SystemRequestContext and if it is, it returns true immediately. Next, it queries the underlying permission store to determine whether the requestContext.UserContext has the requested permissions on this token. If alwaysAllowAdministrators is true and the UserContext is an admin on this server, the user will have permissions regardless of what the permission evaluation says. If the UserContext does not have the requestedPermissions, false will be returned.
Public method HasPermissionForAllChildren(TeamFoundationRequestContext, IEnumerable<String>, Int32, Boolean, Boolean, PermissionEvaluationCallback) First checks to see whether the request context making the call is a SystemRequestContext and if it is, it returns immediately. Next, it queries the underlying permission store to determine whether the requestContext.UserContext has the requested permissions for the tokens and all their children. If alwaysAllowAdministrators is true and the UserContext is an admin on this host, the user will have permissions regardless of what the permission evaluation says. If the UserContext does not have the requestedPermissions for all of the children, false will be returned.
Public method HasPermissionForAllChildren(TeamFoundationRequestContext, String, Int32, Boolean, Boolean, PermissionEvaluationCallback) First checks to see whether the request context making the call is a SystemRequestContext and if it is, it returns immediately. Next, it queries the underlying permission store to determine whether the requestContext.UserContext has the requested permissions for this token and all its children. If alwaysAllowAdministrators is true and the UserContext is an admin on this host, the user will have permissions regardless of what the permission evaluation says. If the UserContext does not have the requestedPermissions for all of the children, false will be returned.
Public method HasPermissionForAnyChildren(TeamFoundationRequestContext, IEnumerable<String>, Int32, Boolean, Boolean, PermissionEvaluationCallback) First checks to see whether the request context making the call is a SystemRequestContext and if it is, it returns immediately. Next, it queries the underlying permission store to determine whether the requestContext.UserContext has the requested permissions for the tokens or any one of its children. If alwaysAllowAdministrators is true and the UserContext is an admin on this server, the user will have permissions regardless of what the permission evaluation says. If the UserContext does not have the requestedPermissions for any of the children, false will be returned.
Public method HasPermissionForAnyChildren(TeamFoundationRequestContext, String, Int32, Boolean, Boolean, PermissionEvaluationCallback) First checks to see whether the request context making the call is a SystemRequestContext and if it is, it returns immediately. Next, it queries the underlying permission store to determine whether the requestContext.UserContext has the requested permissions for this token or any one of its children. If alwaysAllowAdministrators is true and the UserContext is an admin on this host, the user will have permissions regardless of what the permission evaluation says. If the UserContext does not have the requestedPermissions for any of the children, false will be returned.
Protected method MemberwiseClone Creates a shallow copy of the current Object. (Inherited from Object.)
Public method OnDataChanged This function will be called when the data behind the securityNamespace is changed without using this namespaces instance. This allows the security namespaces to refresh the internal cache from the database on the next use.
Public method QueryAccessControlList In all cases: This method will query the AccessControlList for the token specified. It will return AccessControlEntry information on the descriptors that are supplied or all descriptors if null is supplied for the descriptors parameter.
Public method QueryAccessControlLists In all cases: This method will query the AccessControlList for the token specified. It will return AccessControlEntry information for the descriptors that are supplied or all descriptors if null is supplied for the descriptors parameter.
Public method QueryEffectivePermissions Returns the effective allowed permissions for the given descriptor.
Public method RemoveAccessControlEntries(TeamFoundationRequestContext, String, IEnumerable<AccessControlEntry>) Removes all permissions for the provided user on the provided token from the permission store.
Public method RemoveAccessControlEntries(TeamFoundationRequestContext, String, IEnumerable<IdentityDescriptor>)
Public method RemoveAccessControlLists Removes the AccessControlList for the specified tokens.
Public method RemovePermissions Removes the specified permission bits from the existing allows and denys for this descriptor. If no existing AccessControlEntry is found for this descriptor then nothing is done and an empty AccessControlList is returned. This function will not throw an exception if either the token or descriptor cannot be found.
Public method RenameToken This function will move the ACL for the existingToken and all its children to the corresponding newToken. It will begin by querying permissions on the existing token. If none exist, null will be returned. If permissions do exist, all existing permissions under newToken will be cleared and the existing ACLs will be copied over to the newToken path. If the copy parameter is false, the ACLs under existingToken will be deleted.
Public method RenameTokens
Public method SetAccessControlEntries(TeamFoundationRequestContext, String, IEnumerable<AccessControlEntry>, Boolean) Sets the provided AccessControlEntries in this SecurityNamespace. If invalid identities are supplied in this call, it will throw.
Public method SetAccessControlEntries(TeamFoundationRequestContext, String, IEnumerable<AccessControlEntry>, Boolean, Boolean) Sets the provided AccessControlEntries in this SecurityNamespace.
Public method SetAccessControlEntry Sets the provided AccessControlEntry in this SecurityNamespace.
Public method SetAccessControlLists(TeamFoundationRequestContext, IEnumerable<AccessControlList>) Sets the AccessControlLists specified in the SecurityNamespace. Setting an AccessControlList will always overwrite an existing AccessControlList if one exists.
Public method SetAccessControlLists(TeamFoundationRequestContext, IEnumerable<AccessControlList>, Boolean) Sets the AccessControlLists specified in the SecurityNamespace. Setting an AccessControlList will always overwrite an existing AccessControlList if one exists.
Public method SetInheritFlag Sets whether an AccessControlList should inherit permissions from its parents.
Public method SetPermissions Sets a permission for the descriptor in this SecurityNamespace.
Public method ToString Returns a string that represents the current object. (Inherited from Object.)

Top

Thread Safety

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

See Also

Reference

Microsoft.TeamFoundation.Framework.Server Namespace