Preview NTFS auto ensure in diagnostics

2026-03-18 14:17:40 +01:00
parent 24e10feffc
commit 3ec73817e8
5 changed files with 132 additions and 9 deletions
--- a/LiamNtfs/C4IT_IAM_SET/DataArea_FileSystem.cs
+++ b/LiamNtfs/C4IT_IAM_SET/DataArea_FileSystem.cs
@@ -52,6 +52,7 @@ namespace C4IT_IAM_SET
        public ICollection<string> readerUserSids;
        public ICollection<string> writerUserSids;
        public bool forceStrictAdGroupNames;
+        public bool WhatIf;

        public int ReadACLPermission = 0x200A9;
        public int WriteACLPermission = 0x301BF;
@@ -317,6 +318,13 @@ namespace C4IT_IAM_SET

                    if (ensureTraverseGroups)
                    {
+                        if (WhatIf)
+                        {
+                            resultToken.warnings.Add("Traverse group preview is not supported in WhatIf mode for automatic DataArea ensure.");
+                            resultToken.resultMessage = "Gruppen- und ACL-Vorschau erfolgreich erstellt";
+                            return resultToken;
+                        }
+
                        var traverseResult = SetTraversePermissions();
                        if (traverseResult != null)
                        {
@@ -335,7 +343,9 @@ namespace C4IT_IAM_SET
                        }
                    }

-                    resultToken.resultMessage = "Gruppen und ACLs erfolgreich sichergestellt";
+                    resultToken.resultMessage = WhatIf
+                        ? "Gruppen- und ACL-Vorschau erfolgreich erstellt"
+                        : "Gruppen und ACLs erfolgreich sichergestellt";
                    return resultToken;
                }
            }
@@ -835,6 +845,12 @@ namespace C4IT_IAM_SET
                var directory = new DirectoryInfo(newDataArea.IAM_Folders[0].technicalName);
                foreach (var currentSecGroup in newSecurityGroups.IAM_SecurityGroups)
                {
+                    if (WhatIf && string.IsNullOrWhiteSpace(currentSecGroup?.UID) && currentSecGroup?.CreatedNewEntry == true)
+                    {
+                        resultToken.addedAclEntries.Add(currentSecGroup.Name);
+                        continue;
+                    }
+
                    if (string.IsNullOrWhiteSpace(currentSecGroup?.UID))
                    {
                        resultToken.warnings.Add($"Keine SID für Gruppe '{currentSecGroup?.Name}' verfügbar.");
@@ -854,7 +870,9 @@ namespace C4IT_IAM_SET
                        continue;
                    }

-                    DataArea.AddDirectorySecurity(newDataArea.IAM_Folders[0].baseFolder, newDataArea.IAM_Folders[0].technicalName, sid, currentSecGroup.rights, AccessControlType.Allow);
+                    if (!WhatIf)
+                        DataArea.AddDirectorySecurity(newDataArea.IAM_Folders[0].baseFolder, newDataArea.IAM_Folders[0].technicalName, sid, currentSecGroup.rights, AccessControlType.Allow);
+
                    resultToken.addedAclEntries.Add(currentSecGroup.Name);
                }

@@ -912,7 +930,16 @@ namespace C4IT_IAM_SET
                    else
                        users = null;

-                    newSecurityGroups.EnsureADGroup(groupOUPath, newSecurityGroups.IAM_SecurityGroups[i], users, newDataArea.IAM_Folders[0].technicalName);
+                    if (WhatIf)
+                    {
+                        var existingGroup = newSecurityGroups.PreviewADGroup(groupOUPath, newSecurityGroups.IAM_SecurityGroups[i], newDataArea.IAM_Folders[0].technicalName);
+                        newSecurityGroups.IAM_SecurityGroups[i].CreatedNewEntry = existingGroup == null;
+                    }
+                    else
+                    {
+                        newSecurityGroups.EnsureADGroup(groupOUPath, newSecurityGroups.IAM_SecurityGroups[i], users, newDataArea.IAM_Folders[0].technicalName);
+                    }
+
                    if (newSecurityGroups.IAM_SecurityGroups[i].CreatedNewEntry)
                        resultToken.createdGroups.Add(newSecurityGroups.IAM_SecurityGroups[i].Name);
                    else
--- a/LiamNtfs/C4IT_IAM_SET/SecurityGroup.cs
+++ b/LiamNtfs/C4IT_IAM_SET/SecurityGroup.cs
@@ -638,6 +638,39 @@ namespace C4IT_IAM_Engine
            }
        }

+        public DirectoryEntry PreviewADGroup(string ouPath, IAM_SecurityGroup secGroup, string folderPath = null)
+        {
+            LogMethodBegin(MethodBase.GetCurrentMethod());
+            try
+            {
+                secGroup.CreatedNewEntry = false;
+                DirectoryEntry existingGroup = null;
+                if (!ForceStrictAdGroupNames)
+                    existingGroup = FindGroupEntryFromFolderAcl(folderPath, secGroup.WildcardPattern);
+
+                if (existingGroup == null)
+                    existingGroup = FindGroupEntry(secGroup.Name);
+
+                if (existingGroup == null && !ForceStrictAdGroupNames && string.IsNullOrWhiteSpace(folderPath))
+                    existingGroup = FindGroupEntryByWildcard(ouPath, secGroup.WildcardPattern);
+
+                if (existingGroup == null)
+                    return null;
+
+                ApplyExistingGroup(secGroup, existingGroup);
+                return existingGroup;
+            }
+            catch (Exception E)
+            {
+                cLogManager.DefaultLogger.LogException(E);
+                throw;
+            }
+            finally
+            {
+                LogMethodEnd(MethodBase.GetCurrentMethod());
+            }
+        }
+
        public DirectoryEntry CreateADGroup(string ouPath, IAM_SecurityGroup secGroup, List<UserPrincipal> users)
        {
            LogMethodBegin(MethodBase.GetCurrentMethod());