Click here to Skip to main content
15,885,048 members
Search within:


Articles / DevOps / TFS
 
Technical Blog
View Original

TFS SDK Get Groups Users Permissions using TFS API with Linqpad

Rate me:
Please Sign up or sign in to vote.
4.00/5 (4 votes)
1 Oct 2011CPOL2 min read 36.3K   4   10
How to use the TFS API to get the security groups, members, permissions and security settings of users in Team Projects in TFS

In this blog post, I'll show you how to use the TFS API to get the security groups, members, permissions and security settings of users in Team Projects in TFS.

Problem

I would like to see the version control permissions and security settings for each user in a Group for each Team Project. Can I see all of this in one place in a report?

Solution

Is the report below similar to what you are looking for? Let’s build one using the TFS SDK… if you enjoy the post, remember to subscribe to http://feeds.feedburner.com/TarunArora.

image

Connect to TFS Programmatically

I have a separate blog post on how to connect to TFS programmatically using the TFS API. In the below code snippet, you can see that I am getting a list of team projects using the VersionControlServerService.

C#
var tfs = TfsTeamProjectCollectionFactory
                .GetTeamProjectCollection(new Uri("https://avanade.tfspreview.com/defaultcollection")); 
tfs.EnsureAuthenticated();

// Version control service exposes methods to work with TFS version control
var vcs = tfs.GetService<VersionControlServer>();

// Since we'll be reporting groups for all team projects, imp to get all team projects
var teamProjects = vcs.GetAllTeamProjects(false);

Get all Application Groups Programmatically

When I say application groups, I am referring to the list of groups that you expect to see if you were to right click on Team Project => Click Team Project Settings => and choose Group Membership. I will be using the IGroupSecurityService service to get the list of application groups.

image

C#
// Group Security service exposes methods to get groups, users and security details
var sec = tfs.GetService<IGroupSecurityService>();

Identity[] appGroups = sec.ListApplicationGroups(teamProject.ArtifactUri.AbsoluteUri);

Get All Members Within the Application Groups Programmatically

When I say application groups, I am referring to the list of users you would expect to see if you double click on the group name in the group membership window. This will allow you to get the details of which group the user is a member of as well.

image

C#
foreach (Identity group in appGroups)
{

 Identity[] groupMembers = sec.ReadIdentities(SearchFactor.Sid, 
                new string[] { group.Sid }, QueryMembership.Expanded);
                    
 foreach (Identity member in groupMembers)
 {
     var groupM = new GroupMembership {GroupName = member.DisplayName, GroupSid = member.Sid};
                    
     if (member.Members != null)
     {
         foreach (string memberSid in member.Members)
         {
             Identity memberInfo = sec.ReadIdentity(SearchFactor.Sid, 
                                   memberSid, QueryMembership.Expanded);

             var userName = memberInfo.Domain + "\\" + memberInfo.AccountName;
             var permissions = vcs.GetEffectivePermissions(userName, teamProject.ServerItem);

Get the Security Settings of a User Programmatically

When I say security settings, I am referring to the list of project security that you expect to see if you were to right click on Team Project => Click Team Project Settings => and choose Security. I will be using the VersionControlServer service to get the list of permissions. This will allow me to see if these permissions have been inherited or explicitly allowed or denied.

image

C#
var actualPermission = vcs.GetPermissions(new string[] { teamProject.ServerItem },
                                          RecursionType.Full);
foreach (var memberOf in memberInfo.MemberOf)
{
      // Get information about the members
}

Version Control Permissions

When I say Version Control permissions, I am referring to the list of permissions you expect to see if you were to right click on Team Project => Security. I will be using the VersionControlServer service to get the list of permissions.

image

C#
var permissions = vcs.GetEffectivePermissions(userName, teamProject.ServerItem);

foreach (var permission in permissions)
{
     versionControlPermissions.Add(new VersionControlPermission(){Name = permission});
}

Putting Everything Together

Let's put all the snippets together, you can also download the working demo Linqpad query from this blog post. Look for the demo download link at the top of the post.

C#
public class TeamProject
{
    public string Name { get; set; }
    public string TeamProjectCollectionName { get; set; }
}

public class GroupMembership
{
    public string GroupName { get; set; }
    public string GroupSid { get; set; }
    public List<GroupMember> GroupMember { get; set; }
}

public class GroupMember
{
    public string MemberName { get; set; }
    public string MemberSid { get; set; }
    public string Domain { get; set; }
    public string Email { get; set; }
    public List<VersionControlPermission> VersionControlPermissions { get; set; }
}

public class VersionControlPermission
{
    public string Name { get; set; }
}

public class Security
{
    public TeamProject TeamProject { get; set; }
    public List<GroupMembership> GroupMembership { get; set; }
}

void Main()
{
    // Connect to TFS - VersioControlServer service
    var tfs =
        TfsTeamProjectCollectionFactory.GetTeamProjectCollection(
          new Uri("https://avanade.tfspreview.com/defaultcollection")); 
    tfs.EnsureAuthenticated();

    // Group Security service exposes methods to get groups, users and security details
    var sec = tfs.GetService<IGroupSecurityService>();

    // Version control service exposes methods to work with TFS version control
    var vcs = tfs.GetService<VersionControlServer>();

    // Since we'll be reporting groups for all team projects, imp to get all team projects
    var teamProjects = vcs.GetAllTeamProjects(false);

    var securities = new List<Security>();

    for (int i = 0; i < 1; i++)
    {
        var teamProject = teamProjects[i];
        var security = new Security();
        var myTeamProj = new TeamProject();
        myTeamProj.Name = teamProject.Name;
        myTeamProj.TeamProjectCollectionName = teamProject.TeamProjectCollection.Name;
        security.TeamProject = myTeamProj;
        var groupMemberships = new List<GroupMembership>();
        Identity[] appGroups = 
          sec.ListApplicationGroups(teamProject.ArtifactUri.AbsoluteUri);

        foreach (Identity group in appGroups)
        {
            Identity[] groupMembers = sec.ReadIdentities(SearchFactor.Sid, 
                       new string[] { group.Sid }, QueryMembership.Expanded);

            foreach (Identity member in groupMembers)
            {
                var groupM = 
                  new GroupMembership { GroupName = member.DisplayName, GroupSid = member.Sid };

                if (member.Members != null)
                {
                    var groupMCollection = new List<GroupMember>();
                    foreach (string memberSid in member.Members)
                    {
                        Identity memberInfo = sec.ReadIdentity(SearchFactor.Sid, 
                                 memberSid, QueryMembership.Expanded);
                        
                        // The above is a group and so build a collection of users in the group
                        // Member Name and other available properties about the user

                        var groupMM = new GroupMember();
                        groupMM.MemberName = memberInfo.AccountName;
                        groupMM.MemberSid = memberInfo.Sid;
                        groupMM.Domain = memberInfo.Domain;
                        groupMM.Email = memberInfo.MailAddress;

                        var userName = memberInfo.Domain + "\\" + memberInfo.AccountName;
                        var permissions = 
                            vcs.GetEffectivePermissions(userName, teamProject.ServerItem);
                        var actualPermission = 
                            vcs.GetPermissions(new string[] { teamProject.ServerItem },
                                               RecursionType.Full);
                        var versionControlPermissions = new List<VersionControlPermission>();
                                
                        foreach (var permission in permissions)
                        {
                            versionControlPermissions.Add(
                               new VersionControlPermission() { Name = permission });

                        }
                        groupMM.VersionControlPermissions = versionControlPermissions;

                        foreach (var memberOf in memberInfo.MemberOf)
                        {
                        }

                        groupMCollection.Add(groupMM);
                    }
                    groupM.GroupMember = groupMCollection;
                }
                groupMemberships.Add(groupM);

            }
        }
        security.GroupMembership = groupMemberships;
        securities.Add(security);
    }

    securities.Dump(10);
}

Enjoyed the post? Remember to subscribe to http://feeds.feedburner.com/TarunArora? Have ideas/feedback/questions, please feel free to add comments.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


Written By
Tarun_Arora
Software Developer (Senior) Avanade
United Kingdom United Kingdom
Solution Developer - C# .NET, ALM

Tarun Arora is a Microsoft Certified professional developer for Enterprise Applications. He has over 5 years of experience developing 'Energy Trading & Risk Management' solutions using Microsoft Technologies. Tarun has great passion for technology and travel (not necessarily in the same order)!

Comments and Discussions

 
First Prev Next
QuestionDownloadlink Pin
Member 1083912020-Jan-15 22:35
Member 1083912020-Jan-15 22:35 
GeneralMy vote of 1 Pin
Member 1031417510-Sep-14 8:10
Member 1031417510-Sep-14 8:10 
QuestionDownload link doesn't work. Pin
Member 1031417510-Sep-14 8:10
Member 1031417510-Sep-14 8:10 
Questiontfs administer users - audit report Pin
callramesh22-Jun-14 7:55
callramesh22-Jun-14 7:55 
QuestionHow may I obtain the Project and Collection based Permissions that are associated with a TFS Build Definition? Pin
Member 105697773-Feb-14 19:05
Member 105697773-Feb-14 19:05 
QuestionProblem in retrieving security set up Pin
Member 935763214-Aug-12 7:52
Member 935763214-Aug-12 7:52 
Questionpermissions for Groups at Team project level Pin
nagarajbec26-Jun-12 6:09
nagarajbec26-Jun-12 6:09 
QuestionFolderwise permission Pin
Jaleelali10-May-12 8:17
Jaleelali10-May-12 8:17 
AnswerRe: Folderwise permission Pin
Tarun_Arora10-May-12 22:00
Tarun_Arora10-May-12 22:00 
GeneralRe: Folderwise permission Pin
Jaleelali11-May-12 10:26
Jaleelali11-May-12 10:26 
Last Visit: 31-Dec-99 18:00     Last Update: 24-Apr-24 5:50Refresh1

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

Permalink
Advertise
Privacy
Cookies
Terms of Use
Layout: fixed | fluid

Posted 1 Oct 2011

Article Copyright 2011 by Tarun_Arora
Everything else Copyright © CodeProject, 1999-2024

Web02 2.8:2024-04-02:1