From f655c6d6605aa9962aa98cb298319f1fe8e5a1d7 Mon Sep 17 00:00:00 2001
From: Hai Cao <hacao@microsoft.com>
Date: Thu, 11 May 2023 13:15:08 -0700
Subject: [PATCH] Fix a few securable search/permission issue related to Azure
 (#2056)

---
 .../ObjectTypes/Security/LoginData.cs         |  5 +++-
 .../ObjectManagement/SecurableUtils.cs        | 23 +++++++++++++++----
 2 files changed, 23 insertions(+), 5 deletions(-)

diff --git a/src/Microsoft.SqlTools.ServiceLayer/ObjectManagement/ObjectTypes/Security/LoginData.cs b/src/Microsoft.SqlTools.ServiceLayer/ObjectManagement/ObjectTypes/Security/LoginData.cs
index adedb9e9..641937db 100644
--- a/src/Microsoft.SqlTools.ServiceLayer/ObjectManagement/ObjectTypes/Security/LoginData.cs
+++ b/src/Microsoft.SqlTools.ServiceLayer/ObjectManagement/ObjectTypes/Security/LoginData.cs
@@ -2100,7 +2100,10 @@ INNER JOIN sys.sql_logins AS sql_logins
             this.comparer       = new SqlCollationSensitiveStringComparer(server.Information.Collation);
             this.securablePermissions = SecurableUtils.GetSecurablePermissions(this.exists, PrincipalType.Login, login, context);
             this.principal = SecurableUtils.CreatePrincipal(true, PrincipalType.Login, login, null, context);
-            this.principal.AddExistingSecurables();
+            if (context.Server.DatabaseEngineType != DatabaseEngineType.SqlAzureDatabase)
+            {
+                this.principal.AddExistingSecurables();
+            }
         }
 
         /// <summary>
diff --git a/src/Microsoft.SqlTools.ServiceLayer/ObjectManagement/SecurableUtils.cs b/src/Microsoft.SqlTools.ServiceLayer/ObjectManagement/SecurableUtils.cs
index 0d741a18..73dbb75d 100644
--- a/src/Microsoft.SqlTools.ServiceLayer/ObjectManagement/SecurableUtils.cs
+++ b/src/Microsoft.SqlTools.ServiceLayer/ObjectManagement/SecurableUtils.cs
@@ -82,7 +82,7 @@ namespace Microsoft.SqlTools.ServiceLayer.ObjectManagement
                 case SqlObjectType.ApplicationRole:
                 case SqlObjectType.DatabaseRole:
                 case SqlObjectType.User:
-                    AddSecurableTypeMetadata(res, securableTypesForDbLevel, null, serverVersion, databaseName, databaseEngineType, engineEdition);
+                    AddSecurableTypeMetadata(res, securableTypesForDbLevel, databaseEngineType == DatabaseEngineType.SqlAzureDatabase ? new SearchableObjectType[] {SearchableObjectType.ServiceQueue} : null, serverVersion, databaseName, databaseEngineType, engineEdition);
                     break;
                 default:
                     break;
@@ -90,7 +90,7 @@ namespace Microsoft.SqlTools.ServiceLayer.ObjectManagement
             return res.ToArray();
         }
 
-        private static void AddSecurableTypeMetadata(List<SecurableTypeMetadata> res, SearchableObjectType[] supportedTypes, SearchableObjectType[] excludeList, Version serverVersion, string databaseName,DatabaseEngineType databaseEngineType, DatabaseEngineEdition engineEdition)
+        private static void AddSecurableTypeMetadata(List<SecurableTypeMetadata> res, SearchableObjectType[] supportedTypes, SearchableObjectType[]? excludeList, Version serverVersion, string databaseName,DatabaseEngineType databaseEngineType, DatabaseEngineEdition engineEdition)
         {
             foreach(SearchableObjectType t in supportedTypes)
             {
@@ -125,6 +125,11 @@ namespace Microsoft.SqlTools.ServiceLayer.ObjectManagement
 
         public static SecurablePermissions[] GetSecurablePermissions(bool principalExists, PrincipalType principalType, SqlSmoObject o, CDataContainer dataContainer)
         {
+            if (principalType == PrincipalType.Login && dataContainer?.Server?.DatabaseEngineType == DatabaseEngineType.SqlAzureDatabase)
+            {
+                return new SecurablePermissions[0];
+            }
+
             List<SecurablePermissions> res = new List<SecurablePermissions>();
             Principal principal;
 
@@ -169,7 +174,7 @@ namespace Microsoft.SqlTools.ServiceLayer.ObjectManagement
                     Schema = s.Schema,
                     Type = s.TypeName,
                     Permissions = permissions,
-                    EffectivePermissions = CanHaveEffectivePermissions(principalType) ? GetEffectivePermissions(dataContainer, s, principal) : new string[0]
+                    EffectivePermissions = CanHaveEffectivePermissions(principalType, dataContainer) ? GetEffectivePermissions(dataContainer, s, principal) : new string[0]
                 };
                 res.Add(secPerm);
             }
@@ -177,8 +182,13 @@ namespace Microsoft.SqlTools.ServiceLayer.ObjectManagement
             return res.ToArray();
         }
 
-        public static bool CanHaveEffectivePermissions(PrincipalType principalType)
+        public static bool CanHaveEffectivePermissions(PrincipalType principalType, CDataContainer dataContainer)
         {
+            if (dataContainer?.Server?.DatabaseEngineType == DatabaseEngineType.SqlAzureDatabase)
+            {
+                return false;
+            }
+
             if (principalType == PrincipalType.ServerRole || principalType == PrincipalType.DatabaseRole || principalType == PrincipalType.ApplicationRole)
             {
                 return false;
@@ -445,6 +455,11 @@ namespace Microsoft.SqlTools.ServiceLayer.ObjectManagement
                 return;
             }
 
+            if (principal.PrincipalType == PrincipalType.Login && dataContainer.Server.DatabaseEngineType == DatabaseEngineType.SqlAzureDatabase)
+            {
+                return;
+            }
+
             if (!exists)
             {
                 foreach (SecurablePermissions secPerm in securablePermissions)