protected override void ExecuteCmdlet()
{
var list = SelectedWeb.GetList(Identity);
if (list != null)
{
Principal principal = null;
if (ParameterSetName == "Group")
{
if (Group.Id != -1)
{
principal = SelectedWeb.SiteGroups.GetById(Group.Id);
}
else if (!string.IsNullOrEmpty(Group.Name))
{
principal = SelectedWeb.SiteGroups.GetByName(Group.Name);
}
else if (Group.Group != null)
{
principal = Group.Group;
}
}
else
{
principal = SelectedWeb.EnsureUser(User);
}
if (principal != null)
{
if (!string.IsNullOrEmpty(AddRole))
{
var roleDefinition = SelectedWeb.RoleDefinitions.GetByName(AddRole);
var roleDefinitionBindings = new RoleDefinitionBindingCollection(ClientContext);
roleDefinitionBindings.Add(roleDefinition);
var roleAssignments = list.RoleAssignments;
roleAssignments.Add(principal, roleDefinitionBindings);
ClientContext.Load(roleAssignments);
ClientContext.ExecuteQueryRetry();
}
if (!string.IsNullOrEmpty(RemoveRole))
{
var roleAssignment = list.RoleAssignments.GetByPrincipal(principal);
var roleDefinitionBindings = roleAssignment.RoleDefinitionBindings;
ClientContext.Load(roleDefinitionBindings);
ClientContext.ExecuteQueryRetry();
foreach (var roleDefinition in roleDefinitionBindings.Where(roleDefinition => roleDefinition.Name == RemoveRole))
{
roleDefinitionBindings.Remove(roleDefinition);
roleAssignment.Update();
ClientContext.ExecuteQueryRetry();
break;
}
}
}
else
{
WriteError(new ErrorRecord(new Exception("Principal not found"), "1", ErrorCategory.ObjectNotFound, null));
}
}
}
private void ProcessRoleAssignments(SecurableObject securableObject, ClientContext clientContext)
{
clientContext.Load(securableObject, x => x.HasUniqueRoleAssignments);
clientContext.ExecuteQuery();
if (!securableObject.HasUniqueRoleAssignments)
{
outPutText += "Same perms as parent" + "<br/>";
}
else
{
RoleAssignmentCollection roleAssignments = securableObject.RoleAssignments;
clientContext.Load <RoleAssignmentCollection>(roleAssignments);
clientContext.ExecuteQuery();
foreach (RoleAssignment roleAssignment in roleAssignments)
{
Principal member = roleAssignment.Member;
RoleDefinitionBindingCollection roleDef = roleAssignment.RoleDefinitionBindings;
clientContext.Load(member);
clientContext.Load <RoleDefinitionBindingCollection>(roleDef);
clientContext.ExecuteQuery();
foreach (var binding in roleDef)
{
outPutText += string.Format("[{0}]{1}: {2}<br/>", member.PrincipalType, member.LoginName, binding.Name);
}
}
}
}
public static void AsignarPermis(ClientContext c)
{
try
{
Principal buffet = c.Web.SiteGroups.GetByName("Buffet");
RoleDefinition buffetPermiso = c.Web.RoleDefinitions.GetByName("Colaborar");
RoleDefinitionBindingCollection coleccionBPermisos = new RoleDefinitionBindingCollection(c);
coleccionBPermisos.Add(buffetPermiso);
RoleAssignment buffetRoleAssigment = c.Web.RoleAssignments.Add(buffet, coleccionBPermisos);
Principal integrantes = c.Web.SiteGroups.GetByName("Integrantes");
RoleDefinition integrantesPermiso = c.Web.RoleDefinitions.GetByName("Leer");
RoleDefinitionBindingCollection coleccionIPermisos = new RoleDefinitionBindingCollection(c);
coleccionIPermisos.Add(integrantesPermiso);
RoleAssignment integrantesRoleAssigment = c.Web.RoleAssignments.Add(integrantes, coleccionIPermisos);
c.ExecuteQuery();
Console.ForegroundColor = ConsoleColor.Green;
Console.WriteLine("--- PERMISOS ASIGNADOS ---");
Console.ResetColor();
}
catch (Exception ex) {
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine("--- ERROR AL ASIGNAR PERMISOS A LOS GRUPOS ---");
Console.ResetColor();
}
}
public static void SetSecurity(this SecurableObject securable, TokenParser parser, ObjectSecurity security)
{
//using (var scope = new PnPMonitoredScope("Set Security"))
//{
var context = securable.Context as ClientContext;
var groups = context.LoadQuery(context.Web.SiteGroups.Include(g => g.LoginName));
var webRoleDefinitions = context.LoadQuery(context.Web.RoleDefinitions);
context.ExecuteQueryRetry();
securable.BreakRoleInheritance(security.CopyRoleAssignments, security.ClearSubscopes);
foreach (var roleAssignment in security.RoleAssignments)
{
Principal principal = groups.FirstOrDefault(g => g.LoginName == parser.ParseString(roleAssignment.Principal));
if (principal == null)
{
principal = context.Web.EnsureUser(roleAssignment.Principal);
}
var roleDefinitionBindingCollection = new RoleDefinitionBindingCollection(context);
var roleDefinition = webRoleDefinitions.FirstOrDefault(r => r.Name == roleAssignment.RoleDefinition);
if (roleDefinition != null)
{
roleDefinitionBindingCollection.Add(roleDefinition);
}
securable.RoleAssignments.Add(principal, roleDefinitionBindingCollection);
}
context.ExecuteQueryRetry();
//}
}
public static void AsignarPermiso(ClientContext c)
{
Console.ForegroundColor = ConsoleColor.Blue;
Console.WriteLine("Asignando Permisos a Pedido.");
List pedidos = c.Web.Lists.GetByTitle("Pedidos");
RoleDefinitionBindingCollection integrantesPedidos = new RoleDefinitionBindingCollection(c);
RoleDefinition colaborarSinEliminar = c.Web.RoleDefinitions.GetByName("Colaborar sin eliminar");
Group integrantes = c.Web.SiteGroups.GetByName("Integrantes"); ///////////////////////////////////////////////
integrantesPedidos.Add(colaborarSinEliminar);
pedidos.BreakRoleInheritance(false, false);
c.Load(pedidos.RoleAssignments.Add(integrantes, integrantesPedidos));
pedidos.Update();
c.ExecuteQuery();
Console.ForegroundColor = ConsoleColor.White;
Console.WriteLine(" Asiganado");
Console.ForegroundColor = ConsoleColor.Blue;
Console.WriteLine("Asignando Permisos a Pedido Detalle.");
List pedidosDetalles = c.Web.Lists.GetByTitle("Pedido Detalle");
RoleDefinitionBindingCollection integrantesPedidosD = new RoleDefinitionBindingCollection(c);
integrantesPedidos.Add(colaborarSinEliminar);
pedidosDetalles.BreakRoleInheritance(false, false);
c.Load(pedidosDetalles.RoleAssignments.Add(integrantes, integrantesPedidos));
pedidosDetalles.Update();
c.ExecuteQuery();
Console.ForegroundColor = ConsoleColor.White;
Console.WriteLine(" Asiganado");
}
protected override void ExecuteCmdlet()
{
var url = PnPConnection.Current.Url;
if (ParameterSpecified(nameof(Site)))
{
url = Site.Url;
}
var rootWeb = this.Tenant.GetSiteByUrl(url).RootWeb;
var roleDefinitions = GetRoleDefinitions(rootWeb);
var roleDefCollection = new RoleDefinitionBindingCollection(ClientContext);
foreach (var permissionToAdd in PermissionLevels)
{
if (!roleDefinitions.Contains(permissionToAdd))
{
throw new PSArgumentException($"Permission level {permissionToAdd} not defined in site");
}
var existingRoleDef = rootWeb.RoleDefinitions.GetByName(permissionToAdd);
roleDefCollection.Add(existingRoleDef);
}
var groupCI = new GroupCreationInformation();
groupCI.Title = Name;
var group = rootWeb.SiteGroups.Add(groupCI);
rootWeb.RoleAssignments.Add(group, roleDefCollection);
ClientContext.Load(group, g => g.Title, g => g.LoginName, g => g.Users, g => g.Owner.LoginName, g => g.OwnerTitle);
ClientContext.ExecuteQueryRetry();
var siteGroup = new SiteGroup(ClientContext, Tenant, group, rootWeb);
WriteObject(siteGroup);
}
/// <summary>
/// Assigns permissions to users on the specified list item.
/// </summary>
/// <param name="clientcontext">Client context object</param>
/// <param name="listName">Site pages library</param>
/// <param name="users">List of users</param>
/// <param name="permission">Permission to grant</param>
/// <param name="listItemId">Unique list item Id for permissions assignment</param>
/// <returns>Status of permission assignment</returns>
internal static string AssignUserPermissionsToItem(ClientContext clientcontext, string listName, List <string> users, string permission, int listItemId)
{
{
string returnvalue = "false";
try
{
List <string> permissions = new List <string>();
permissions.Add(permission);
Web web = clientcontext.Web;
clientcontext.Load(web.RoleDefinitions);
ListItem listItem = web.Lists.GetByTitle(listName).GetItemById(listItemId);
clientcontext.Load(listItem, item => item.HasUniqueRoleAssignments);
clientcontext.ExecuteQuery();
if (listItem.HasUniqueRoleAssignments)
{
if (null != permissions && null != users) //matter.permissions=read/limited access/contribute/ full control/ view only
{
foreach (string rolename in permissions)
{
try
{
RoleDefinitionCollection roleDefinitions = clientcontext.Web.RoleDefinitions;
RoleDefinition role = (from roleDef in roleDefinitions
where roleDef.Name == rolename
select roleDef).First();
foreach (string user in users)
{
//get the user object
Principal userprincipal = clientcontext.Web.EnsureUser(user);
//create the role definition binding collection
RoleDefinitionBindingCollection roledefinitionbindingcollection = new RoleDefinitionBindingCollection(clientcontext);
//add the role definition to the collection
roledefinitionbindingcollection.Add(role);
//create a role assignment with the user and role definition
listItem.RoleAssignments.Add(userprincipal, roledefinitionbindingcollection);
}
//execute the query to add everything
clientcontext.ExecuteQuery();
}
catch (Exception exception)
{
MatterProvisionHelperFunction.DisplayAndLogError(errorFilePath, "Message: " + exception.Message + "\nStacktrace: " + exception.StackTrace);
throw; // Check
}
}
}
// success. return a success code
returnvalue = "true";
}
}
catch (Exception exception)
{
MatterProvisionHelperFunction.DisplayAndLogError(errorFilePath, string.Format(CultureInfo.InvariantCulture, ConfigurationManager.AppSettings["ErrorMessage"], "assigning Permission"));
MatterProvisionHelperFunction.DisplayAndLogError(errorFilePath, "Message: " + exception.Message + "\nStacktrace: " + exception.StackTrace);
throw;
}
return(returnvalue);
}
}
//windows role ile sharepoint role eşleştirilmesi
private RoleDefinitionBindingCollection GetRole(string windowsRole)
{
RoleDefinitionBindingCollection roles = new RoleDefinitionBindingCollection(cContext);
switch (windowsRole)
{
case "FullControl":
roles.Add(site.RootWeb.RoleDefinitions.GetByType(RoleType.Administrator));
break;
case "Reader":
roles.Add(site.RootWeb.RoleDefinitions.GetByType(RoleType.Reader));
break;
case "Write":
roles.Add(site.RootWeb.RoleDefinitions.GetByType(RoleType.Contributor));
break;
case "Read & execute":
roles.Add(site.RootWeb.RoleDefinitions.GetByType(RoleType.Reader));
break;
case "Modify":
roles.Add(site.RootWeb.RoleDefinitions.GetByType(RoleType.Contributor));
break;
default:
roles.Add(site.RootWeb.RoleDefinitions.GetByType(RoleType.Reader));
break;
}
return(roles);
}
public static void ChangePermissionForLibrary(string webFullUrl, string libraryName,
IEnumerable<SpPermission> permissions = null)
{
using (var ctx = new ClientContext(webFullUrl))
{
var list = ctx.Web.Lists.GetByTitle(libraryName);
if (permissions == null)
{
list.ResetRoleInheritance();
}
else
{
list.BreakRoleInheritance(false, false);
var spPermissions = permissions as SpPermission[] ?? permissions.ToArray();
foreach (var permission in spPermissions)
{
foreach (var userOrGroup in permission.UsersOrGroups)
{
Principal user = ctx.Web.EnsureUser(userOrGroup);
var roleDefinition = ctx.Site.RootWeb.RoleDefinitions.GetByType(permission.RoleType);
var roleBindings = new RoleDefinitionBindingCollection(ctx) { roleDefinition };
list.RoleAssignments.Add(user, roleBindings);
}
}
}
ctx.ExecuteQuery();
}
}
public static void ChangePermissionForFolder(string webFullUrl, string libraryName, string folderName,
IEnumerable<SpPermission> permissions = null)
{
using (var ctx = new ClientContext(webFullUrl))
{
var list = ctx.Web.Lists.GetByTitle(libraryName);
var folderUrl = string.Format("{0}/{1}/{2}", webFullUrl, libraryName, folderName);
var folder = list.LoadItemByUrl(folderUrl);
if (permissions == null)
{
folder.ResetRoleInheritance();
ctx.ExecuteQuery();
}
else
{
if (folder == null) return;
folder.BreakRoleInheritance(false, false);
var spPermissions = permissions as SpPermission[] ?? permissions.ToArray();
foreach (var permission in spPermissions)
{
foreach (var userOrGroup in permission.UsersOrGroups)
{
var user = ctx.Web.EnsureUser(userOrGroup);
var roleDefinition = ctx.Site.RootWeb.RoleDefinitions.GetByType(permission.RoleType);
var roleBindings = new RoleDefinitionBindingCollection(ctx) {roleDefinition};
folder.RoleAssignments.Add(user, roleBindings);
}
}
ctx.ExecuteQuery();
}
}
}
public static void SPPermission(ClientContext ctx, ListItem item, string role, FieldUserValue[] users, bool createADL)
{
if (users != null)
// using (ClientContext ctx = SPConnection.GetSPOLContext(ctx1.Url))
{
// ListItem item = ctx.Web.Lists.GetByTitle("GED").GetItemById(item1.Id);
//ctx.Load(item);
foreach (FieldUserValue user in users)
{
User userpermission = ctx.Web.SiteUsers.GetById(user.LookupId);
ctx.Load(userpermission);
ctx.ExecuteQuery();
// item.BreakRoleInheritance(true, true);
RoleDefinitionBindingCollection collRoleDefinitionBinding = new RoleDefinitionBindingCollection(ctx);
if (createADL)
{
AddAccusseDeLecture("https://ghtpdfr.sharepoint.com/sites/ged", item.Id, item["Title"].ToString(), userpermission);
}
if (role == "modify")
{
collRoleDefinitionBinding.Add(ctx.Web.RoleDefinitions.GetByType(RoleType.Contributor)); //Set permission type
}
else if (role == "read")
{
collRoleDefinitionBinding.Add(ctx.Web.RoleDefinitions.GetByType(RoleType.Reader)); //Set permission type
}
// if(item.RoleAssignments.GetByPrincipalId(user.LookupId) !=null)
// item.RoleAssignments.GetByPrincipalId(user.LookupId).DeleteObject();
item.RoleAssignments.Add(userpermission, collRoleDefinitionBinding);
}
// item.SystemUpdate();
// ctx.ExecuteQuery();
}
}
protected override void ExecuteCmdlet()
{
var group = Identity.GetGroup(SelectedWeb);
if (AddRole != null)
{
foreach (var role in AddRole)
{
var roleDefinition = SelectedWeb.RoleDefinitions.GetByName(role);
var roleDefinitionBindings = new RoleDefinitionBindingCollection(ClientContext) {roleDefinition};
var roleAssignments = SelectedWeb.RoleAssignments;
roleAssignments.Add(group, roleDefinitionBindings);
ClientContext.Load(roleAssignments);
ClientContext.ExecuteQueryRetry();
}
}
if (RemoveRole != null)
{
foreach (var role in RemoveRole)
{
var roleAssignment = SelectedWeb.RoleAssignments.GetByPrincipal(group);
var roleDefinitionBindings = roleAssignment.RoleDefinitionBindings;
ClientContext.Load(roleDefinitionBindings);
ClientContext.ExecuteQueryRetry();
foreach (var roleDefinition in roleDefinitionBindings.Where(roleDefinition => roleDefinition.Name == role))
{
roleDefinitionBindings.Remove(roleDefinition);
roleAssignment.Update();
ClientContext.ExecuteQueryRetry();
break;
}
}
}
}
private RoleDefinitionBindingCollection BuildRoleDefninitionBinding(DocLibContext context, DCTRoleAssignment dctRoleAssignment, out bool ignore)
{
RoleDefinitionBindingCollection binding = new RoleDefinitionBindingCollection(context);
int count = 0;
foreach (DCTRoleDefinition dctRoleDefinition in dctRoleAssignment.RoleDefinitions)
{
if (dctRoleDefinition.Name == IgnoreRole)
{
continue;
}
RoleDefinition spRoleDefinition = null;
if (!string.IsNullOrEmpty(dctRoleDefinition.Name))
{
spRoleDefinition = context.Web.RoleDefinitions.GetByName(dctRoleDefinition.Name);
}
else
{
spRoleDefinition = context.Web.RoleDefinitions.GetById(dctRoleDefinition.ID);
}
context.Load(spRoleDefinition);
context.ExecuteQuery();
binding.Add(spRoleDefinition);
count++;
}
ignore = (count == 0);
return(binding);
}
public static void SetSecurity(this SecurableObject securable, TokenParser parser, ObjectSecurity security)
{
//using (var scope = new PnPMonitoredScope("Set Security"))
//{
var context = securable.Context as ClientContext;
var groups = context.LoadQuery(context.Web.SiteGroups.Include(g => g.LoginName));
var webRoleDefinitions = context.LoadQuery(context.Web.RoleDefinitions);
context.ExecuteQueryRetry();
securable.BreakRoleInheritance(security.CopyRoleAssignments, security.ClearSubscopes);
foreach (var roleAssignment in security.RoleAssignments)
{
Principal principal = groups.FirstOrDefault(g => g.LoginName == parser.ParseString(roleAssignment.Principal));
if (principal == null)
{
principal = context.Web.EnsureUser(roleAssignment.Principal);
}
var roleDefinitionBindingCollection = new RoleDefinitionBindingCollection(context);
var roleDefinition = webRoleDefinitions.FirstOrDefault(r => r.Name == roleAssignment.RoleDefinition);
if (roleDefinition != null)
{
roleDefinitionBindingCollection.Add(roleDefinition);
}
securable.RoleAssignments.Add(principal, roleDefinitionBindingCollection);
}
context.ExecuteQueryRetry();
//}
}
/// <summary>
/// Method to assign permissions
/// </summary>
/// <param name="item">data storage object</param>
/// <param name="clientContext">client context</param>
/// <param name="site">site object</param>
/// <param name="currentGrp">group object</param>
private static void AssignPermission(DataStorage item, ClientContext clientContext, Web site, Group currentGrp)
{
Console.WriteLine("Assigning " + item.Permissions + " permission to group " + item.GroupName);
RoleDefinitionBindingCollection grpRole = new RoleDefinitionBindingCollection(clientContext);
RoleDefinition grpRoleDef = null;
switch (item.Permissions.ToLower(new CultureInfo("en-US", false)))
{
case "contribute":
grpRoleDef = site.RoleDefinitions.GetByType(RoleType.Contributor);
break;
case "fullcontrol":
case "full control":
grpRoleDef = site.RoleDefinitions.GetByType(RoleType.Administrator);
break;
case "read":
default:
grpRoleDef = site.RoleDefinitions.GetByType(RoleType.Reader);
break;
}
grpRole.Add(grpRoleDef);
site.RoleAssignments.Add(currentGrp, grpRole);
clientContext.Load(currentGrp);
clientContext.Load(grpRole);
clientContext.ExecuteQuery();
Console.WriteLine("Successfully assigned " + item.Permissions + " to group " + item.GroupName);
}
private void SetPermissions(Talent talent, ListItem newItem, ClientContext ctx, RoleDefinition editPermissionLevel)
{
newItem.BreakRoleInheritance(false, true);
RoleDefinitionBindingCollection collRoleDefinitionBinding =
new RoleDefinitionBindingCollection(ctx);
collRoleDefinitionBinding.Add(editPermissionLevel);
//Add access to Talent Admins and Division group
newItem.RoleAssignments.Add(this._talentAdmins, collRoleDefinitionBinding);
newItem.RoleAssignments.Add(this._divisionAllRecordsSecurityGroup, collRoleDefinitionBinding);
newItem.RoleAssignments.Add(this._streamAllRecordsSecurityGroup, collRoleDefinitionBinding);
if (talent.IsL2Employee())
{
newItem.RoleAssignments.Add(this._upToL2SecurityGroup, collRoleDefinitionBinding);
}
if (talent.IsL1Employee())
{
newItem.RoleAssignments.Add(this._upToL2SecurityGroup, collRoleDefinitionBinding);
newItem.RoleAssignments.Add(this._upToL1SecurityGroup, collRoleDefinitionBinding);
}
if (talent.IsCorMEmployee())
{
newItem.RoleAssignments.Add(this._upToL2SecurityGroup, collRoleDefinitionBinding);
newItem.RoleAssignments.Add(this._upToL1SecurityGroup, collRoleDefinitionBinding);
newItem.RoleAssignments.Add(this._upToM3SecurityGroup, collRoleDefinitionBinding);
}
}
public async Task GivePermissions(PermissionAndRole permission)
{
ClientContext context = GetSharepointContext(permission.Url);
List list = context.Web.Lists.GetByTitle(permission.ListName);
context.Load(list);
await context.ExecuteQueryAsync();
var item = list.GetItemById(permission.ItemId);
context.Load(item);
await context.ExecuteQueryAsync();
Principal user;
if (permission.IsGroup)
{
user = context.Web.SiteGroups.GetById(permission.Id);
}
else
{
user = context.Web.SiteUsers.GetById(permission.Id);
context.Load(user);
await context.ExecuteQueryAsync();
}
RoleDefinition writeDefinition = context.Web.RoleDefinitions.GetByName(permission.roleDefinitionName);
RoleDefinitionBindingCollection roleDefCollection = new RoleDefinitionBindingCollection(context);
roleDefCollection.Add(writeDefinition);
RoleAssignment newRoleAssignment = item.RoleAssignments.Add(user, roleDefCollection);
await context.ExecuteQueryAsync();
}
private void ApplyItemLevelPermissions(ListItem item, ListItemPermission lip, bool alwaysBreakItemLevelPermissions = false)
{
if (lip == null || item == null)
{
return;
}
//item.EnsureProperties(p => p.RoleAssignments, p => p.HasUniqueRoleAssignments);
// Break permission inheritance on the item if not done yet
if (alwaysBreakItemLevelPermissions || !item.HasUniqueRoleAssignments)
{
item.BreakRoleInheritance(false, false);
this.clientContext.ExecuteQueryRetry();
}
// Assign item level permissions
foreach (var roleAssignment in lip.RoleAssignments)
{
if (lip.Principals.TryGetValue(roleAssignment.Member.LoginName, out Principal principal))
{
var roleDefinitionBindingCollection = new RoleDefinitionBindingCollection(this.clientContext);
foreach (var roleDef in roleAssignment.RoleDefinitionBindings)
{
roleDefinitionBindingCollection.Add(roleDef);
}
item.RoleAssignments.Add(principal, roleDefinitionBindingCollection);
}
}
this.clientContext.ExecuteQueryRetry();
}
public void AssignPermission(ClientContext ctx, string User, Folder newFolder, List <RoleType> Mappedrole, string destinationLigraryTitle)
{
try
{
List Doclibraryname = ctx.Web.Lists.GetByTitle(destinationLigraryTitle);
ctx.ExecuteQuery();
/*------------------- assigns roles basing on mapping----------------- */
foreach (RoleType roleType in Mappedrole)
{
if (User.Length > 0)
{
newFolder.ListItemAllFields.BreakRoleInheritance(false, true);
var roles = new RoleDefinitionBindingCollection(ctx);
roles.Add(ctx.Web.RoleDefinitions.GetByType(roleType));
Microsoft.SharePoint.Client.Principal user1 = ctx.Web.EnsureUser(User + "@" + Environment.UserDomainName.ToLower() + ".com");
newFolder.ListItemAllFields.RoleAssignments.Add(user1, roles);
newFolder.Update();
ctx.ExecuteQuery();
}
}
ctx.ExecuteQuery();
}
catch (Exception ex)
{
DAL.Repository.ErrrorLog.ErrorlogWrite(ex);
}
}
private bool AssignPermssionDesigner(string listTitle, string accountAdd)
{
if (!UtilApp.IsExist(context, listTitle, Basic_CSOM.Enums.TypeSharepointEnum.List))
{
return(false);
}
// get list
var oList = context.Web.Lists.GetByTitle(listTitle);
// break role permission
oList.BreakRoleInheritance(false, true);
Web web = context.Web;
//context.Load(web, a => a.SiteUsers);
context.ExecuteQuery();
// Change permission
Principal user = web.SiteUsers.GetByEmail(accountAdd);
var designRole = new RoleDefinitionBindingCollection(context);
designRole.Add(context.Web.RoleDefinitions.GetByType(RoleType.WebDesigner));
oList.RoleAssignments.Add(user, designRole);
//context.Load(newRoleAssignment);
context.ExecuteQuery();
return(true);
}
/// <summary>
/// Assigns item level permission
/// </summary>
/// <param name="clientContext">Client context object</param>
/// <param name="listName">List name</param>
/// <param name="listItemId">List item id</param>
internal static void AssignItemPermission(ClientContext clientContext, string listName, int listItemId)
{
try
{
if (null != clientContext && !string.IsNullOrEmpty(listName))
{
ListItem listItem = clientContext.Web.Lists.GetByTitle(listName).GetItemById(listItemId);
clientContext.Load(listItem, item => item.HasUniqueRoleAssignments);
clientContext.ExecuteQuery();
if (listItem.HasUniqueRoleAssignments)
{
SecurableObject listItemObject = listItem;
ClientRuntimeContext clientRuntimeContext = clientContext;
// get the user object
Principal userPrincipal = clientContext.Web.AssociatedOwnerGroup;
string roleName = ConfigurationManager.AppSettings["Role"];
RoleDefinition roleDefinition = clientContext.Web.RoleDefinitions.GetByName(roleName);
// create the role definition binding collection
RoleDefinitionBindingCollection roleDefinitionBindingCollection = new RoleDefinitionBindingCollection(clientRuntimeContext);
// add the role definition to the collection
roleDefinitionBindingCollection.Add(roleDefinition);
// create a RoleAssigment with the user and role definition
listItemObject.RoleAssignments.Add(userPrincipal, roleDefinitionBindingCollection);
clientRuntimeContext.ExecuteQuery();
}
}
}
catch (Exception exception)
{
ErrorLogger.DisplayErrorMessage(string.Format(CultureInfo.InvariantCulture, Constants.AssigningPermissionsExceptionMessage, Constants.SettingsPage, exception.Message));
}
}
protected override void ExecuteCmdlet()
{
var list = Identity.GetList(SelectedWeb);
if (list != null)
{
Principal principal = null;
if (ParameterSetName == "Group")
{
if (Group.Id != -1)
{
principal = SelectedWeb.SiteGroups.GetById(Group.Id);
}
else if (!string.IsNullOrEmpty(Group.Name))
{
principal = SelectedWeb.SiteGroups.GetByName(Group.Name);
}
else if (Group.Group != null)
{
principal = Group.Group;
}
}
else
{
principal = SelectedWeb.EnsureUser(User);
ClientContext.ExecuteQueryRetry();
}
if (principal != null)
{
if (!string.IsNullOrEmpty(AddRole))
{
var roleDefinition = SelectedWeb.RoleDefinitions.GetByName(AddRole);
var roleDefinitionBindings = new RoleDefinitionBindingCollection(ClientContext);
roleDefinitionBindings.Add(roleDefinition);
var roleAssignments = list.RoleAssignments;
roleAssignments.Add(principal, roleDefinitionBindings);
ClientContext.Load(roleAssignments);
ClientContext.ExecuteQueryRetry();
}
if (!string.IsNullOrEmpty(RemoveRole))
{
var roleAssignment = list.RoleAssignments.GetByPrincipal(principal);
var roleDefinitionBindings = roleAssignment.RoleDefinitionBindings;
ClientContext.Load(roleDefinitionBindings);
ClientContext.ExecuteQueryRetry();
foreach (var roleDefinition in roleDefinitionBindings.Where(roleDefinition => roleDefinition.Name == RemoveRole))
{
roleDefinitionBindings.Remove(roleDefinition);
roleAssignment.Update();
ClientContext.ExecuteQueryRetry();
break;
}
}
}
else
{
WriteError(new ErrorRecord(new Exception("Principal not found"), "1", ErrorCategory.ObjectNotFound, null));
}
}
}
private static void ApplySecurity(SecurableObject securable, TokenParser parser, ClientContext context, IEnumerable <Microsoft.SharePoint.Client.Group> groups, IEnumerable <Microsoft.SharePoint.Client.RoleDefinition> webRoleDefinitions, IEnumerable <Microsoft.SharePoint.Client.RoleAssignment> securableRoleAssignments, IEnumerable <Model.RoleAssignment> roleAssignmentsToHandle)
{
foreach (var roleAssignment in roleAssignmentsToHandle)
{
if (!roleAssignment.Remove)
{
var roleAssignmentPrincipal = parser.ParseString(roleAssignment.Principal);
Principal principal = TryGetGroupPrincipal(groups, roleAssignmentPrincipal);
if (principal == null)
{
principal = context.Web.EnsureUser(roleAssignmentPrincipal);
}
if (principal != null)
{
var roleDefinitionBindingCollection = new RoleDefinitionBindingCollection(context);
var roleAssignmentRoleDefinition = parser.ParseString(roleAssignment.RoleDefinition);
var roleDefinition = webRoleDefinitions.FirstOrDefault(r => r.Name == roleAssignmentRoleDefinition);
if (roleDefinition != null)
{
roleDefinitionBindingCollection.Add(roleDefinition);
securable.RoleAssignments.Add(principal, roleDefinitionBindingCollection);
}
}
}
else
{
var roleAssignmentPrincipal = parser.ParseString(roleAssignment.Principal);
Principal principal = TryGetGroupPrincipal(groups, roleAssignmentPrincipal);
if (principal == null)
{
principal = context.Web.EnsureUser(roleAssignmentPrincipal);
}
principal.EnsureProperty(p => p.Id);
if (principal != null)
{
var assignmentsForPrincipal = securableRoleAssignments.Where(t => t.PrincipalId == principal.Id);
foreach (var assignmentForPrincipal in assignmentsForPrincipal)
{
var roleAssignmentRoleDefinition = parser.ParseString(roleAssignment.RoleDefinition);
var binding = assignmentForPrincipal.EnsureProperty(r => r.RoleDefinitionBindings).FirstOrDefault(b => b.Name == roleAssignmentRoleDefinition);
if (binding != null)
{
assignmentForPrincipal.DeleteObject();
context.ExecuteQueryRetry();
break;
}
}
}
}
}
}
private void ExecuteAddFolderPermissionByName()
{
ServiceObject serviceObject = ServiceBroker.Service.ServiceObjects[0];
string listTitle = serviceObject.GetListTitle();
string siteURL = GetSiteURL();
string folderName = base.GetStringProperty(Constants.SOProperties.FolderName, true);
string userLogins = base.GetStringProperty(Constants.SOProperties.UserLogins);
string groupLogins = base.GetStringProperty(Constants.SOProperties.GroupLogins);
string permission = base.GetStringProperty(Constants.SOProperties.Permission, true);
if (string.IsNullOrEmpty(userLogins) && string.IsNullOrEmpty(groupLogins))
{
throw new ApplicationException(Constants.ErrorMessages.UserGroupLoginsAreEmptyException);
}
using (ClientContext context = InitializeContext(siteURL))
{
Web spWeb = context.Web;
List list = spWeb.Lists.GetByTitle(listTitle);
context.Load(list, d => d.RootFolder);
context.ExecuteQuery();
Folder currentFolder = null;
try
{
currentFolder = spWeb.GetFolderByServerRelativeUrl(string.Format("{0}/{1}", list.RootFolder.ServerRelativeUrl, folderName));
context.Load(currentFolder);
context.ExecuteQuery();
}
catch (Exception ex)
{
throw new ApplicationException(string.Format(Constants.ErrorMessages.FolderWasNotFound, folderName), ex);
}
var role = new RoleDefinitionBindingCollection(context);
role.Add(context.Web.RoleDefinitions.GetByName(permission));
if (!string.IsNullOrEmpty(userLogins))
{
foreach (User user in GetUsersByLoginString(context, userLogins))
{
currentFolder.ListItemAllFields.RoleAssignments.Add(user, role);
}
}
if (!string.IsNullOrEmpty(groupLogins))
{
foreach (Group group in GetGroupsByLoginString(context, groupLogins))
{
currentFolder.ListItemAllFields.RoleAssignments.Add(group, role);
}
}
currentFolder.Update();
context.ExecuteQuery();
}
}
private void ExecuteGetFolderPermissionByName()
{
ServiceObject serviceObject = ServiceBroker.Service.ServiceObjects[0];
serviceObject.Properties.InitResultTable();
DataTable results = base.ServiceBroker.ServicePackage.ResultTable;
string listTitle = serviceObject.GetListTitle();
string siteURL = GetSiteURL();
string folderName = base.GetStringProperty(Constants.SOProperties.FolderName, true);
string userOrGroup = base.GetStringProperty(Constants.SOProperties.UserOrGroup, true);
string permissions = string.Empty;
using (ClientContext context = InitializeContext(siteURL))
{
Web spWeb = context.Web;
List list = spWeb.Lists.GetByTitle(listTitle);
context.Load(list);
context.Load(list, l => l.RootFolder, l => l.DefaultDisplayFormUrl);
context.ExecuteQuery();
Folder currentFolder = null;
try
{
currentFolder = spWeb.GetFolderByServerRelativeUrl(string.Format("{0}/{1}", list.RootFolder.ServerRelativeUrl, folderName));
context.Load(currentFolder);
context.ExecuteQuery();
}
catch (Exception ex)
{
throw new ApplicationException(string.Format(Constants.ErrorMessages.FolderWasNotFound, folderName), ex);
}
RoleAssignmentCollection roles = currentFolder.ListItemAllFields.RoleAssignments;
context.Load(roles, role => role.Include(roleassigned => roleassigned.Member.LoginName, roleassigned => roleassigned.Member));
context.ExecuteQuery();
foreach (RoleAssignment role in roles)
{
if (role.Member.LoginName == GetUserOrGroupLogin(context, userOrGroup))
{
RoleDefinitionBindingCollection roleDefinitions = role.RoleDefinitionBindings;
context.Load(roleDefinitions);
context.ExecuteQuery();
foreach (var roleDefinition in roleDefinitions)
{
DataRow dataRow = results.NewRow();
dataRow[Constants.SOProperties.Permission] = roleDefinition.Name;
results.Rows.Add(dataRow);
}
}
}
}
}
public void DCMAddUserRole(int storageObjID, string userAccount, string rolename)
{
(storageObjID > 0).FalseThrow <ArgumentException>("ID值{0}无效,请传入大于0的值.", storageObjID);
using (DocLibContext context = new DocLibContext(ServiceHelper.GetDocumentLibraryName()))
{
context.Load(context.Web.RoleDefinitions);
context.ExecuteQuery();
RoleDefinition selectedRoleDef = null;
foreach (RoleDefinition role in context.Web.RoleDefinitions)
{
if (role.Name == rolename)
{
selectedRoleDef = role;
break;
}
}
if (null == selectedRoleDef)
{
return;
}
context.Load(selectedRoleDef);
ListItem listItem = GetListItemById(storageObjID, context);
if (null == listItem)
{
return;
}
context.Load(listItem);
context.Load(listItem.RoleAssignments);
context.ExecuteQuery();
RoleAssignmentCollection roleAssignments = listItem.RoleAssignments;
bool userFound = false;
foreach (RoleAssignment roleAssignment in roleAssignments)
{
context.Load(roleAssignment.Member);
context.ExecuteQuery();
if (roleAssignment.Member.LoginName != userAccount)
{
continue;
}
userFound = true;
roleAssignment.RoleDefinitionBindings.Add(selectedRoleDef);
roleAssignment.Update();
}
if (!userFound)
{
RoleDefinitionBindingCollection newBinding = new RoleDefinitionBindingCollection(context);
newBinding.Add(selectedRoleDef);
User user = context.Web.EnsureUser(userAccount);
listItem.RoleAssignments.Add(user, newBinding);
listItem.Update();
}
context.ExecuteQuery();
}
}
public static void AddRoleWithPermissions(this List value, ClientRuntimeContext context, Web web, Principal principal, RoleType roleType)
{
var ownersRoleDefinition = web.RoleDefinitions.GetByType(roleType);
var ownersRoleDefinitionBindingColl = new RoleDefinitionBindingCollection(context)
{
ownersRoleDefinition
};
value.RoleAssignments.Add(principal, ownersRoleDefinitionBindingColl);
}
public string[] ParseBindings(RoleDefinitionBindingCollection bindingCol)
{
string[] strPerms = new string[bindingCol.Count];
for (int i = 0; i < bindingCol.Count; i++)
{
RoleDefinition bind = bindingCol[i];
strPerms[i] = bind.Name;
}
return(strPerms);
}
private static void AddPermissionLevelImplementation(this Web web, Principal principal, RoleType permissionLevel, bool removeExistingPermissionLevels = false)
{
if (principal != null)
{
bool processed = false;
RoleAssignmentCollection rac = web.RoleAssignments;
web.Context.Load(rac);
web.Context.ExecuteQuery();
//Find the roles assigned to the principal
foreach (RoleAssignment ra in rac)
{
// correct role assignment found
if (ra.PrincipalId == principal.Id)
{
// load the role definitions for this role assignment
RoleDefinitionBindingCollection rdc = ra.RoleDefinitionBindings;
web.Context.Load(rdc);
web.Context.Load(web.RoleDefinitions);
web.Context.ExecuteQuery();
// Load the role definition to add (e.g. contribute)
RoleDefinition roleDefinition = web.RoleDefinitions.GetByType(permissionLevel);
if (removeExistingPermissionLevels)
{
// Remove current role definitions by removing all current role definitions
rdc.RemoveAll();
}
// Add the selected role definition
rdc.Add(roleDefinition);
//update
ra.ImportRoleDefinitionBindings(rdc);
ra.Update();
web.Context.ExecuteQuery();
// Leave the for each loop
processed = true;
break;
}
}
// For a principal without role definitions set we follow a different code path
if (!processed)
{
RoleDefinitionBindingCollection rdc = new RoleDefinitionBindingCollection(web.Context);
RoleDefinition roleDefinition = web.RoleDefinitions.GetByType(permissionLevel);
rdc.Add(roleDefinition);
web.RoleAssignments.Add(principal, rdc);
web.Context.ExecuteQuery();
}
}
}
private void AssignRead(ClientContext clientContext, ListItem listItem, List <string> accountList)
{
var roleDefinitionBindings = new RoleDefinitionBindingCollection(clientContext);
roleDefinitionBindings.Add(clientContext.Web.RoleDefinitions.GetByType(RoleType.Reader));
foreach (var editor in accountList)
{
var user = clientContext.Web.EnsureUser(editor);
listItem.RoleAssignments.Add(user, roleDefinitionBindings);
}
}
public void AddAsReader(string title, string password)
{
var clientContext = authentication.Credentials(password);
List oList = clientContext.Web.Lists.GetByTitle(title);
User oUser = clientContext.Web.SiteUsers.GetByEmail("*****@*****.**");
//oList.RoleAssignments.GetByPrincipal(oUser).DeleteObject(); //delete the users already exisiting roles (if role existed)
RoleDefinitionBindingCollection collRoleDefinitionBinding = new RoleDefinitionBindingCollection(clientContext);
collRoleDefinitionBinding.Add(clientContext.Web.RoleDefinitions.GetByType(RoleType.Reader));
oList.RoleAssignments.Add(oUser, collRoleDefinitionBinding);
clientContext.ExecuteQuery();
}
public void AddPermission(SPBindingCollection bindingCol, bool forceBreak, bool permissionsApplyRecursively)
{
if (HasUniquePermissions.HasValue && !HasUniquePermissions.Value)
{
if (!forceBreak)
{
throw new NoForceBreakException(this.Id);
}
else
{
SecObj.BreakRoleInheritance(true, true);
}
}
else if (!HasUniquePermissions.HasValue)
{
throw new InvalidOperationException("The permissions for object id \"" + Convert.ToString(this.Id) + "\" cannot be modified!");
}
var list = new List <RoleAssignment>(bindingCol.Count);
for (int i = 0; i < bindingCol.Count; i++)
{
var binding = bindingCol[i];
var bCol = new RoleDefinitionBindingCollection(CTX.SP1)
{
binding.Definition
};
list.Add(SecObj.RoleAssignments.Add(
binding.Principal, bCol));
foreach (var ass in list)
{
CTX.Lae(ass, false);
}
Update();
CTX.Lae();
}
if (Permissions != null)
{
for (int ra = 0; ra < list.Count; ra++)
{
var r = list[ra];
CTX.Lae(r, true, ras => ras.Member.Id, ras => ras.Member.Title);
}
Permissions.AddRange(this, list);
}
else
{
this.GetPermissions();
}
//if ()
}
public void Create(string title, string description, string strOwner, string[] permissions = null, IList <string> users = null)
{
try
{
if (string.IsNullOrEmpty(title))
{
throw new ArgumentException("O title precisa ser informado");
}
if (string.IsNullOrEmpty(strOwner))
{
throw new ArgumentException("O Owner precisa ser informado");
}
if (permissions == null || permissions.Length == 0)
{
throw new ArgumentException("É necessário informar ao menos uma permissão para o grupo");
}
GroupCreationInformation groupCreationInfo = new GroupCreationInformation
{
Title = title,
Description = description
};
User owner = _ctx.Web.EnsureUser(strOwner);
Group group = _ctx.Web.SiteGroups.Add(groupCreationInfo);
RoleDefinitionBindingCollection objBindingColl = new RoleDefinitionBindingCollection(_ctx);
if (permissions != null && permissions.Length > 0)
{
foreach (var permission in permissions)
{
RoleDefinition customPermissionRole = _ctx.Web.RoleDefinitions.GetByName(permission);
objBindingColl.Add(customPermissionRole);
}
}
_ctx.Web.RoleAssignments.Add(group, objBindingColl);
if (users != null)
{
foreach (var user in users)
{
User member = _ctx.Web.EnsureUser(user);
group.Users.AddUser(member);
}
}
group.Update();
_ctx.ExecuteQuery();
}
catch (Exception ex)
{
throw ex;
}
}
private void SetListPermissions(List list)
{
if (!list.HasUniqueRoleAssignments || !_settings.Value.Force)
{
var membersGroup = list.ParentWeb.AssociatedMemberGroup;
if (membersGroup == null)
{
_logger.LogWarning($"Members Group not found on {list.DefaultViewUrl}");
return;
}
_logger.LogDebug($"Granting Members Group Read to {list.DefaultViewUrl}");
// ensure list perms are broken
list.BreakRoleInheritance(true, true);
// add "read" perms to the members group
{
var roleDefinition = new RoleDefinitionBindingCollection(list.Context)
{
list.ParentWeb.RoleDefinitions.GetByName("Read")
};
list.Context.Load(list.RoleAssignments.Add(membersGroup, roleDefinition));
list.Context.ExecuteQueryRetry();
}
_logger.LogDebug($"Removing Members Edit rights from {list.DefaultViewUrl}");
// remove "edit" perms from the members group
{
var roleAssignment = list.RoleAssignments.GetByPrincipal(membersGroup);
var roleDefinitionBindings = roleAssignment.RoleDefinitionBindings;
list.Context.Load(roleDefinitionBindings);
list.Context.ExecuteQueryRetry();
foreach (var roleDefinition in roleDefinitionBindings.Where(roleDefinition => roleDefinition.Name == "Edit"))
{
roleDefinitionBindings.Remove(roleDefinition);
roleAssignment.Update();
list.Context.ExecuteQueryRetry();
break;
}
}
}
else
{
_logger.LogDebug($"HasUniqueRoleAssignments == true for {list.DefaultViewUrl}");
}
}
/// <summary>
/// Static method to assign the role
/// </summary>
/// <param name="clientContext">Client context</param>
/// <param name="userList">User list object</param>
/// <param name="roleAssignments">Role assignments collection</param>
/// <param name="limitedAccessRole">Limited to access role</param>
private static void RoleAssignment(ClientContext clientContext, List <string> userList, RoleAssignmentCollection roleAssignments, string limitedAccessRole)
{
foreach (RoleAssignment roleAssignment in roleAssignments)
{
RoleDefinitionBindingCollection roleDefinitionsCollection = roleAssignment.RoleDefinitionBindings;
clientContext.Load(roleDefinitionsCollection, roleDefinition => roleDefinition.Where(definitionItem => definitionItem.Name == limitedAccessRole));
clientContext.ExecuteQuery();
if (0 == roleDefinitionsCollection.Count)
{
userList.Add(roleAssignment.Member.Title);
}
}
}
public void Execute(ClientContext ctx, string groupName, IEnumerable<string> roleDefinitionNames, List library)
{
Logger.Verbose($"About to execute {nameof(AddGroupRoleAssignmentToLibrary)} for group '{groupName}' and library '{library.Title}'");
var group = ctx.Web.SiteGroups.GetByName(groupName);
var roleDefinitionBindingCollection = new RoleDefinitionBindingCollection(ctx);
roleDefinitionNames.ToList().ForEach(name =>
{
var rd = ctx.Web.RoleDefinitions.GetByName(name);
roleDefinitionBindingCollection.Add(rd);
});
library.RoleAssignments.Add(group, roleDefinitionBindingCollection);
ctx.ExecuteQuery();
}
public static void AddRoleAssignment(SecurableObject securableObject, ClientContext context, SPDGPrincipal principal, IEnumerable<SPDGRoleDefinition> roleDefinitions)
{
Principal p;
if (principal is SPDGClientUser)
{
p = ((SPDGClientUser)principal).User;
}
else
{
p = ((SPDGClientGroup)principal).Group;
}
var roleDefinitionBindingCollection = new RoleDefinitionBindingCollection(context);
foreach (var spdgRoleDefinition in roleDefinitions)
{
roleDefinitionBindingCollection.Add(((SPDGClientRoleDefinition)spdgRoleDefinition).Definition);
}
securableObject.RoleAssignments.Add(p, roleDefinitionBindingCollection);
context.ExecuteQuery();
}
/// <summary>
/// Add a SharePoint group into list
/// </summary>
/// <param name="groupName">Group name</param>
/// <param name="clientContext">Client context</param>
/// <param name="list">List to which group added</param>
/// <param name="matterCenterContribute">RoleDefinition/PermissionLevel that assigned to group</param>
private static void AddGroupToList(string groupName, ClientContext clientContext, List list, RoleDefinition matterCenterContribute)
{
Group matterCenterGroup = clientContext.Web.SiteGroups.GetByName(groupName);
clientContext.Load(matterCenterGroup);
clientContext.ExecuteQuery();
Principal MCGroup = matterCenterGroup;
RoleDefinitionBindingCollection grpRole = new RoleDefinitionBindingCollection(clientContext);
grpRole.Add(matterCenterContribute);
list.RoleAssignments.Add(MCGroup, grpRole);
list.Update();
clientContext.ExecuteQuery();
}
public override void DeployModel(object modelHost, DefinitionBase model)
{
var securityGroupModelHost = modelHost.WithAssertAndCast<SecurityGroupModelHost>("modelHost", value => value.RequireNotNull());
var securityRoleLinkModel = model.WithAssertAndCast<SecurityRoleLinkDefinition>("model", value => value.RequireNotNull());
var securableObject = securityGroupModelHost.SecurableObject;
var group = securityGroupModelHost.SecurityGroup;
var web = ExtractWeb(securityGroupModelHost.SecurableObject);
var context = group.Context;
var existingRoleAssignments = securableObject.RoleAssignments;
context.Load(existingRoleAssignments, r => r.Include(d => d.Member, d => d.RoleDefinitionBindings));
context.ExecuteQueryWithTrace();
RoleAssignment existingRoleAssignment = null;
foreach (var roleAs in existingRoleAssignments)
{
if (roleAs.Member.Id == group.Id)
{
existingRoleAssignment = roleAs;
break;
}
}
var currentRoleDefinition = ResolveSecurityRole(web, securityRoleLinkModel);
context.Load(currentRoleDefinition, r => r.Id, r => r.Name);
context.ExecuteQueryWithTrace();
InvokeOnModelEvent(this, new ModelEventArgs
{
CurrentModelNode = null,
Model = null,
EventType = ModelEventType.OnProvisioning,
Object = currentRoleDefinition,
ObjectType = typeof(RoleDefinition),
ObjectDefinition = securityRoleLinkModel,
ModelHost = modelHost
});
// MESSY, refactor
if (existingRoleAssignment == null)
{
TraceService.Information((int)LogEventId.ModelProvisionProcessingNewObject, "Processing new security role link");
var roleBindings = new RoleDefinitionBindingCollection(context);
roleBindings.Add(currentRoleDefinition);
existingRoleAssignment = web.RoleAssignments.Add(group, roleBindings);
InvokeOnModelEvent(this, new ModelEventArgs
{
CurrentModelNode = null,
Model = null,
EventType = ModelEventType.OnProvisioned,
Object = currentRoleDefinition,
ObjectType = typeof(RoleDefinition),
ObjectDefinition = securityRoleLinkModel,
ModelHost = modelHost
});
TraceService.Verbose((int)LogEventId.ModelProvisionCoreCall, "Calling existingRoleAssignment.Update()");
existingRoleAssignment.Update();
context.ExecuteQueryWithTrace();
}
else
{
TraceService.Information((int)LogEventId.ModelProvisionProcessingExistingObject, "Processing existing security role link");
var ensureDefinition = true;
foreach (var t in existingRoleAssignment.RoleDefinitionBindings)
{
if (t.Name == currentRoleDefinition.Name)
{
ensureDefinition = false;
break;
}
}
if (ensureDefinition)
{
// pre-remove Edit if it is the only one - this is default role def in order to create binding
if (existingRoleAssignment.RoleDefinitionBindings.Count == 1
&& existingRoleAssignment.RoleDefinitionBindings[0].RoleTypeKind == RoleType.Reader)
{
existingRoleAssignment.RoleDefinitionBindings.RemoveAll();
}
existingRoleAssignment.RoleDefinitionBindings.Add(currentRoleDefinition);
InvokeOnModelEvent(this, new ModelEventArgs
{
CurrentModelNode = null,
Model = null,
EventType = ModelEventType.OnProvisioned,
Object = currentRoleDefinition,
ObjectType = typeof(RoleDefinition),
ObjectDefinition = securityRoleLinkModel,
ModelHost = modelHost
});
TraceService.Verbose((int)LogEventId.ModelProvisionCoreCall, "Calling existingRoleAssignment.Update()");
existingRoleAssignment.Update();
context.ExecuteQueryWithTrace();
}
else
{
InvokeOnModelEvent(this, new ModelEventArgs
{
CurrentModelNode = null,
Model = null,
EventType = ModelEventType.OnProvisioned,
Object = currentRoleDefinition,
ObjectType = typeof(RoleDefinition),
ObjectDefinition = securityRoleLinkModel,
ModelHost = modelHost
});
}
}
}
/// <summary>
/// Method to update items
/// </summary>
/// <param name="clientContext">client context</param>
/// <param name="listItems">list item collection</param>
/// <param name="fullControl">role definition</param>
private static void UpdateItems(ClientContext clientContext, ListItemCollection listItems, RoleDefinition fullControl)
{
foreach (ListItem item in listItems) // For each list item
{
User itemOwner = GetAuthor(clientContext, item);
// 2. break permissions for list item
item.BreakRoleInheritance(false, true);
// 3. Assign full control to user on list item
Principal user = itemOwner;
RoleDefinitionBindingCollection roleDefinitionBinding = new RoleDefinitionBindingCollection(clientContext);
roleDefinitionBinding.Add(fullControl);
item.RoleAssignments.Add(user, roleDefinitionBinding);
item.Update();
clientContext.ExecuteQuery();
ErrorMessage.ShowMessage(string.Format(CultureInfo.InvariantCulture, ConfigurationManager.AppSettings["PermissionUpdate"]), ErrorMessage.MessageType.Notification);
}
}
public override void DeployModel(object modelHost, DefinitionBase model)
{
var securableObject = ExtractSecurableObject(modelHost);
var securityGroupLinkModel = model.WithAssertAndCast<SecurityGroupLinkDefinition>("model", value => value.RequireNotNull());
var web = GetWebFromSPSecurableObject(securableObject);
var context = web.Context;
context.Load(web, w => w.SiteGroups);
context.Load(web, w => w.RoleDefinitions);
context.Load(securableObject, s => s.HasUniqueRoleAssignments);
context.Load(securableObject, s => s.RoleAssignments.Include(r => r.Member));
context.ExecuteQueryWithTrace();
Group securityGroup = ResolveSecurityGroup(securityGroupLinkModel, web, context);
if (!securableObject.HasUniqueRoleAssignments)
{
TraceService.Information((int)LogEventId.ModelProvisionCoreCall, "securableObject.HasUniqueRoleAssignments = false. Breaking with false-false options.");
securableObject.BreakRoleInheritance(false, false);
}
var roleAssignment = FindRoleRoleAssignment(securableObject.RoleAssignments, securityGroup);
InvokeOnModelEvent(this, new ModelEventArgs
{
CurrentModelNode = null,
Model = null,
EventType = ModelEventType.OnProvisioning,
Object = roleAssignment,
ObjectType = typeof(RoleAssignment),
ObjectDefinition = securityGroupLinkModel,
ModelHost = modelHost
});
if (roleAssignment == null)
{
TraceService.Information((int)LogEventId.ModelProvisionProcessingNewObject, "Processing new security group link");
// add default guest role as hidden one
// we need to at least one role in order to create assignment
// further provision will chech of there is only one role - Reader, and will remove it
var bindings = new RoleDefinitionBindingCollection(context);
bindings.Add(web.RoleDefinitions.GetByType(RoleType.Reader));
var assegnment = securableObject.RoleAssignments.Add(securityGroup, bindings);
InvokeOnModelEvent(this, new ModelEventArgs
{
CurrentModelNode = null,
Model = null,
EventType = ModelEventType.OnProvisioned,
Object = assegnment,
ObjectType = typeof(RoleAssignment),
ObjectDefinition = securityGroupLinkModel,
ModelHost = modelHost
});
context.ExecuteQueryWithTrace();
}
else
{
TraceService.Information((int)LogEventId.ModelProvisionProcessingExistingObject, "Processing existing security group link");
InvokeOnModelEvent(this, new ModelEventArgs
{
CurrentModelNode = null,
Model = null,
EventType = ModelEventType.OnProvisioned,
Object = roleAssignment,
ObjectType = typeof(RoleAssignment),
ObjectDefinition = securityGroupLinkModel,
ModelHost = modelHost
});
}
}
/// <summary>
/// Assigns permissions to users on the specified list item.
/// </summary>
/// <param name="clientcontext">Client context object</param>
/// <param name="listName">Site pages library</param>
/// <param name="users">List of users</param>
/// <param name="permission">Permission to grant</param>
/// <param name="listItemId">Unique list item Id for permissions assignment</param>
/// <returns>Status of permission assignment</returns>
internal static string AssignUserPermissionsToItem(ClientContext clientcontext, string listName, List<string> users, string permission, int listItemId)
{
{
string returnvalue = "false";
try
{
List<string> permissions = new List<string>();
permissions.Add(permission);
Web web = clientcontext.Web;
clientcontext.Load(web.RoleDefinitions);
ListItem listItem = web.Lists.GetByTitle(listName).GetItemById(listItemId);
clientcontext.Load(listItem, item => item.HasUniqueRoleAssignments);
clientcontext.ExecuteQuery();
if (listItem.HasUniqueRoleAssignments)
{
if (null != permissions && null != users) //matter.permissions=read/limited access/contribute/ full control/ view only
{
foreach (string rolename in permissions)
{
try
{
RoleDefinitionCollection roleDefinitions = clientcontext.Web.RoleDefinitions;
RoleDefinition role = (from roleDef in roleDefinitions
where roleDef.Name == rolename
select roleDef).First();
foreach (string user in users)
{
//get the user object
Principal userprincipal = clientcontext.Web.EnsureUser(user);
//create the role definition binding collection
RoleDefinitionBindingCollection roledefinitionbindingcollection = new RoleDefinitionBindingCollection(clientcontext);
//add the role definition to the collection
roledefinitionbindingcollection.Add(role);
//create a role assignment with the user and role definition
listItem.RoleAssignments.Add(userprincipal, roledefinitionbindingcollection);
}
//execute the query to add everything
clientcontext.ExecuteQuery();
}
catch (Exception exception)
{
Utility.DisplayAndLogError(Utility.ErrorFilePath, "Message: " + exception.Message + "\nStacktrace: " + exception.StackTrace);
throw; // Check
}
}
}
// success. return a success code
returnvalue = "true";
}
}
catch (Exception exception)
{
Utility.DisplayAndLogError(Utility.ErrorFilePath, string.Format(CultureInfo.InvariantCulture, ConfigurationManager.AppSettings["ErrorMessage"], "assigning Permission"));
Utility.DisplayAndLogError(Utility.ErrorFilePath, "Message: " + exception.Message + "\nStacktrace: " + exception.StackTrace);
throw;
}
return returnvalue;
}
}
public void AddExistingGroupToSite(int groupId,string subSiteUrl,Action<bool, Exception> reply)
{
ClientRequestSucceededEventHandler SuccessHandler = null;
ClientRequestFailedEventHandler FailureHandler = null;
ClientContext ictx = new ClientContext(subSiteUrl);
Group group = ictx.Site.RootWeb.SiteGroups.GetById(groupId);
ictx.Load(group,g=>g.Description,g=>g.Id,g=>g.LoginName,g=>g.OwnerTitle,g=>g.Owner.LoginName);
RoleDefinitionBindingCollection rbc = new RoleDefinitionBindingCollection(ictx);
RoleDefinition rd = ictx.Web.RoleDefinitions.GetByName("View Only");
rbc.Add(rd);
ictx.Web.RoleAssignments.Add(group, rbc);
SuccessHandler = (s, e) =>
{
reply(true, null);
};
FailureHandler = (s, e) =>
{
Logger.AddLog(_log, e.Exception);
reply(false, e.Exception);
};
ictx.ExecuteQueryAsync(SuccessHandler, FailureHandler);
}
/// <summary>
/// Assign permissions to the list
/// </summary>
/// <param name="clientContext">Client context object</param>
/// <param name="list">List object</param>
/// <param name="userList">User list object</param>
internal static void AssignListPermissions(ClientContext clientContext, List list, List<string> userList)
{
if (null != clientContext && null != list)
{
try
{
Web web = clientContext.Web;
clientContext.Load(web, item => item.SiteGroups);
clientContext.Load(list, l => l.HasUniqueRoleAssignments);
clientContext.ExecuteQuery();
if (list.HasUniqueRoleAssignments)
{
ClientRuntimeContext clientRuntimeContext = clientContext;
Principal userPrincipal = clientContext.Web.AssociatedOwnerGroup;
string roleName = ConfigurationManager.AppSettings["Role"];
RoleDefinition roleDefinition = clientContext.Web.RoleDefinitions.GetByName(roleName);
RoleDefinitionBindingCollection roleDefinitionBindingCollection = new RoleDefinitionBindingCollection(clientRuntimeContext);
/////add the role definition to the collection
roleDefinitionBindingCollection.Add(roleDefinition);
/////create a RoleAssigment with the owner group and role definition
list.RoleAssignments.Add(userPrincipal, roleDefinitionBindingCollection);
clientRuntimeContext.ExecuteQuery();
}
// Assign permissions to users
if (null != userList && 0 < userList.Count)
{
string roleName = ConfigurationManager.AppSettings["ReadRole"];
foreach (string userItem in userList)
{
try
{
Principal user = null;
user = web.SiteGroups.Where(groupItem => groupItem.Title == userItem).FirstOrDefault<Principal>();
if (null == user)
{
user = web.EnsureUser(userItem);
}
if (null != user)
{
RoleDefinition roleDefinition = clientContext.Web.RoleDefinitions.GetByName(roleName);
RoleDefinitionBindingCollection roleDefinitionBindingCollection = new RoleDefinitionBindingCollection(clientContext);
// add the role definition to the collection
roleDefinitionBindingCollection.Add(roleDefinition);
list.RoleAssignments.Add(user, roleDefinitionBindingCollection);
clientContext.ExecuteQuery();
}
}
catch (Exception exception)
{
Console.WriteLine(string.Format(CultureInfo.InvariantCulture, Constants.AssigningPermissionsUsersExceptionMessage, userItem, exception.Message));
}
}
}
}
catch (Exception exception)
{
ErrorLogger.DisplayErrorMessage(string.Format(CultureInfo.InvariantCulture, Constants.AssigningPermissionsExceptionMessage, Constants.ConfigurationList, exception.Message));
}
}
}
protected override void ExecuteCmdlet()
{
var group = Identity.GetGroup(SelectedWeb);
ClientContext.Load(group,
g => g.AllowMembersEditMembership,
g => g.AllowRequestToJoinLeave,
g => g.AutoAcceptRequestToJoinLeave,
g => g.OnlyAllowMembersViewMembership,
g => g.RequestToJoinLeaveEmailSetting);
ClientContext.ExecuteQueryRetry();
if (SetAssociatedGroup != AssociatedGroupType.None)
{
switch (SetAssociatedGroup)
{
case AssociatedGroupType.Visitors:
{
SelectedWeb.AssociateDefaultGroups(null, null, group);
break;
}
case AssociatedGroupType.Members:
{
SelectedWeb.AssociateDefaultGroups(null, group, null);
break;
}
case AssociatedGroupType.Owners:
{
SelectedWeb.AssociateDefaultGroups(group, null, null);
break;
}
}
}
if(!string.IsNullOrEmpty(AddRole))
{
var roleDefinition = SelectedWeb.RoleDefinitions.GetByName(AddRole);
var roleDefinitionBindings = new RoleDefinitionBindingCollection(ClientContext);
roleDefinitionBindings.Add(roleDefinition);
var roleAssignments = SelectedWeb.RoleAssignments;
roleAssignments.Add(group,roleDefinitionBindings);
ClientContext.Load(roleAssignments);
ClientContext.ExecuteQueryRetry();
}
if(!string.IsNullOrEmpty(RemoveRole))
{
var roleAssignment = SelectedWeb.RoleAssignments.GetByPrincipal(group);
var roleDefinitionBindings = roleAssignment.RoleDefinitionBindings;
ClientContext.Load(roleDefinitionBindings);
ClientContext.ExecuteQueryRetry();
foreach (var roleDefinition in roleDefinitionBindings.Where(roleDefinition => roleDefinition.Name == RemoveRole))
{
roleDefinitionBindings.Remove(roleDefinition);
roleAssignment.Update();
ClientContext.ExecuteQueryRetry();
break;
}
}
var dirty = false;
if (!string.IsNullOrEmpty(Title))
{
group.Title = Title;
dirty = true;
}
if (!string.IsNullOrEmpty(Description))
{
group.Description = Description;
dirty = true;
}
if (AllowRequestToJoinLeave != group.AllowRequestToJoinLeave)
{
group.AllowRequestToJoinLeave = AllowRequestToJoinLeave;
dirty = true;
}
if (AutoAcceptRequestToJoinLeave != group.AutoAcceptRequestToJoinLeave)
{
group.AutoAcceptRequestToJoinLeave = AutoAcceptRequestToJoinLeave;
dirty = true;
}
if (AllowMembersEditMembership != group.AllowMembersEditMembership)
{
group.AllowMembersEditMembership = AllowMembersEditMembership;
dirty = true;
}
if (OnlyAllowMembersViewMembership != group.OnlyAllowMembersViewMembership)
{
group.OnlyAllowMembersViewMembership = OnlyAllowMembersViewMembership;
dirty = true;
}
if (RequestToJoinEmail != group.RequestToJoinLeaveEmailSetting)
{
group.RequestToJoinLeaveEmailSetting = RequestToJoinEmail;
dirty = true;
}
if(dirty)
{
group.Update();
ClientContext.ExecuteQueryRetry();
}
if (!string.IsNullOrEmpty(Owner))
{
Principal groupOwner;
try
{
groupOwner = SelectedWeb.EnsureUser(Owner);
group.Owner = groupOwner;
group.Update();
ClientContext.ExecuteQueryRetry();
}
catch
{
groupOwner = SelectedWeb.SiteGroups.GetByName(Owner);
group.Owner = groupOwner;
group.Update();
ClientContext.ExecuteQueryRetry();
}
}
}
/// <summary>
/// Create group if it's not existed
/// </summary>
/// <param name="collGroup"></param>
/// <param name="groupName"></param>
/// <param name="oWebsite"></param>
/// <param name="clientContext"></param>
/// <param name="roleType"></param>
/// <param name="users"></param>
private static void CreateGroup(GroupCollection collGroup, string groupName, Web oWebsite, ClientContext clientContext, RoleType roleType, List<FieldUserValue> users)
{
try
{
Group grp = collGroup.Where(g => g.Title == groupName).FirstOrDefault();
oWebsite.BreakRoleInheritance(true, false);
if (grp == null)
{
GroupCreationInformation groupCreationInfo = new GroupCreationInformation();
groupCreationInfo.Title = groupName;
groupCreationInfo.Description = "Use this group to grant people " + roleType.ToString() + " permissions to the SharePoint site: " + oWebsite.Title;
grp = oWebsite.SiteGroups.Add(groupCreationInfo);
//clientContext.Load(grp);
//clientContext.ExecuteQuery();
}
// grant role to group
RoleDefinitionBindingCollection collRoleDefinitionBinding = new RoleDefinitionBindingCollection(clientContext);
RoleDefinition oRoleDefinition = oWebsite.RoleDefinitions.GetByType(roleType);
collRoleDefinitionBinding.Add(oRoleDefinition);
oWebsite.RoleAssignments.Add(grp, collRoleDefinitionBinding);
clientContext.Load(grp, group => group.Title);
clientContext.Load(oRoleDefinition, role => role.Name);
clientContext.ExecuteQuery();
// Add users to newly created group or existing group
AddUsertoGroup(grp, clientContext, users);
}
catch (Exception e)
{
Console.Write(e.Message);
}
}
private static void AddPermissionLevelImplementation(this SecurableObject securableObject, Principal principal, RoleDefinition roleDefinition, bool removeExistingPermissionLevels = false)
{
if (principal == null)
{
return;
}
var roleAssignments = securableObject.RoleAssignments;
securableObject.Context.Load(roleAssignments);
securableObject.Context.ExecuteQueryRetry();
var roleAssignment = roleAssignments.FirstOrDefault(ra => ra.PrincipalId.Equals(principal.Id));
//current principal doesn't have any roles assigned for this securableObject
if (roleAssignment == null)
{
var rdc = new RoleDefinitionBindingCollection(securableObject.Context);
rdc.Add(roleDefinition);
securableObject.RoleAssignments.Add(principal, rdc);
securableObject.Context.ExecuteQueryRetry();
}
else //current principal has roles assigned for this securableObject, then add new role definition for the role assignment
{
var roleDefinitionBindings = roleAssignment.RoleDefinitionBindings;
securableObject.Context.Load(roleDefinitionBindings);
securableObject.Context.ExecuteQueryRetry();
// Load the role definition to add (e.g. contribute)
if (removeExistingPermissionLevels)
{
// Remove current role definitions by removing all current role definitions
roleDefinitionBindings.RemoveAll();
}
// Add the selected role definition
if (!roleDefinitionBindings.Any(r => r.Name.Equals(roleDefinition.EnsureProperty(rd => rd.Name))))
{
roleDefinitionBindings.Add(roleDefinition);
//update
roleAssignment.ImportRoleDefinitionBindings(roleDefinitionBindings);
roleAssignment.Update();
securableObject.Context.ExecuteQueryRetry();
}
}
}
/// <summary>
/// Sets permissions for the list.
/// </summary>
/// <param name="clientContext">Client Context</param>
/// <param name="AssignUserEmails">List of User emails to give permission</param>
/// <param name="permissions">Permissions for the users</param>
/// <param name="listName">List name</param>
/// <returns>String stating success flag</returns>
public static bool SetPermission(ClientContext clientContext, IList<IList<string>> AssignUserEmails, IList<string> permissions, string listName)
{
bool result = false;
if (null != clientContext && !string.IsNullOrWhiteSpace(listName))
{
ClientRuntimeContext clientRuntimeContext = clientContext;
try
{
List list = clientContext.Web.Lists.GetByTitle(listName);
clientContext.Load(list, l => l.HasUniqueRoleAssignments);
clientContext.ExecuteQuery();
if (list.HasUniqueRoleAssignments && null != permissions && null != AssignUserEmails && permissions.Count == AssignUserEmails.Count)
{
int position = 0;
foreach (string roleName in permissions)
{
IList<string> assignUserEmails = AssignUserEmails[position];
if (!string.IsNullOrWhiteSpace(roleName) && null != assignUserEmails)
{
RoleDefinition roleDefinition = clientContext.Web.RoleDefinitions.GetByName(roleName);
foreach (string user in assignUserEmails)
{
if (!string.IsNullOrWhiteSpace(user))
{
/////get the user object
Principal userPrincipal = clientContext.Web.EnsureUser(user.Trim());
/////create the role definition binding collection
RoleDefinitionBindingCollection roleDefinitionBindingCollection = new RoleDefinitionBindingCollection(clientRuntimeContext);
/////add the role definition to the collection
roleDefinitionBindingCollection.Add(roleDefinition);
/////create a RoleAssigment with the user and role definition
list.RoleAssignments.Add(userPrincipal, roleDefinitionBindingCollection);
}
}
/////execute the query to add everything
clientRuntimeContext.ExecuteQuery();
}
position++;
}
///// Success. Return a success code
result = true;
}
}
catch (Exception)
{
result = false;
}
}
return result;
}
/// <summary>
/// Method to assign permissions
/// </summary>
/// <param name="item">data storage object</param>
/// <param name="clientContext">client context</param>
/// <param name="site">site object</param>
/// <param name="currentGrp">group object</param>
private static void AssignPermission(DataStorage item, ClientContext clientContext, Web site, Group currentGrp)
{
Console.WriteLine("Assigning " + item.Permissions + " permission to group " + item.GroupName);
RoleDefinitionBindingCollection grpRole = new RoleDefinitionBindingCollection(clientContext);
RoleDefinition grpRoleDef = null;
switch (item.Permissions.ToLower(new CultureInfo("en-US", false)))
{
case "contribute":
grpRoleDef = site.RoleDefinitions.GetByType(RoleType.Contributor);
break;
case "fullcontrol":
case "full control":
grpRoleDef = site.RoleDefinitions.GetByType(RoleType.Administrator);
break;
case "read":
default:
grpRoleDef = site.RoleDefinitions.GetByType(RoleType.Reader);
break;
}
grpRole.Add(grpRoleDef);
site.RoleAssignments.Add(currentGrp, grpRole);
clientContext.Load(currentGrp);
clientContext.Load(grpRole);
clientContext.ExecuteQuery();
Console.WriteLine("Successfully assigned " + item.Permissions + " to group " + item.GroupName);
}
private void SetRoleForGroup(ClientContext clientContext, Web oWebsite, Group group, string role)
{
RoleDefinitionBindingCollection collRoleDefinitionBinding = new RoleDefinitionBindingCollection(clientContext);
RoleDefinition oRoleDefinition = oWebsite.RoleDefinitions.GetByName(role);
collRoleDefinitionBinding.Add(oRoleDefinition);
oWebsite.RoleAssignments.Add(group, collRoleDefinitionBinding);
}
public override TokenParser ProvisionObjects(Web web, ProvisioningTemplate template, TokenParser parser, ProvisioningTemplateApplyingInformation applyingInformation)
{
using (var scope = new PnPMonitoredScope(this.Name))
{
// if this is a sub site then we're not provisioning security as by default security is inherited from the root site
if (web.IsSubSite())
{
scope.LogDebug(CoreResources.Provisioning_ObjectHandlers_SiteSecurity_Context_web_is_subweb__skipping_site_security_provisioning);
return parser;
}
var siteSecurity = template.Security;
var ownerGroup = web.AssociatedOwnerGroup;
var memberGroup = web.AssociatedMemberGroup;
var visitorGroup = web.AssociatedVisitorGroup;
web.Context.Load(ownerGroup, o => o.Title, o => o.Users);
web.Context.Load(memberGroup, o => o.Title, o => o.Users);
web.Context.Load(visitorGroup, o => o.Title, o => o.Users);
web.Context.ExecuteQueryRetry();
if (!ownerGroup.ServerObjectIsNull.Value)
{
AddUserToGroup(web, ownerGroup, siteSecurity.AdditionalOwners, scope);
}
if (!memberGroup.ServerObjectIsNull.Value)
{
AddUserToGroup(web, memberGroup, siteSecurity.AdditionalMembers, scope);
}
if (!visitorGroup.ServerObjectIsNull.Value)
{
AddUserToGroup(web, visitorGroup, siteSecurity.AdditionalVisitors, scope);
}
foreach (var siteGroup in siteSecurity.SiteGroups)
{
Group group = null;
var allGroups = web.Context.LoadQuery(web.SiteGroups.Include(gr => gr.LoginName));
web.Context.ExecuteQueryRetry();
if (!web.GroupExists(siteGroup.Title))
{
scope.LogDebug("Creating group {0}", siteGroup.Title);
group = web.AddGroup(
parser.ParseString(siteGroup.Title),
parser.ParseString(siteGroup.Description),
parser.ParseString(siteGroup.Title) == parser.ParseString(siteGroup.Owner));
group.AllowMembersEditMembership = siteGroup.AllowMembersEditMembership;
group.AllowRequestToJoinLeave = siteGroup.AllowRequestToJoinLeave;
group.AutoAcceptRequestToJoinLeave = siteGroup.AutoAcceptRequestToJoinLeave;
if (parser.ParseString(siteGroup.Title) != parser.ParseString(siteGroup.Owner))
{
Principal ownerPrincipal = allGroups.FirstOrDefault(gr => gr.LoginName == parser.ParseString(siteGroup.Owner));
if (ownerPrincipal == null)
{
ownerPrincipal = web.EnsureUser(parser.ParseString(siteGroup.Owner));
}
group.Owner = ownerPrincipal;
}
group.Update();
web.Context.ExecuteQueryRetry();
}
else
{
group = web.SiteGroups.GetByName(parser.ParseString(siteGroup.Title));
web.Context.Load(group,
g => g.Title,
g => g.Description,
g => g.AllowMembersEditMembership,
g => g.AllowRequestToJoinLeave,
g => g.AutoAcceptRequestToJoinLeave,
g => g.Owner.LoginName);
web.Context.ExecuteQueryRetry();
var isDirty = false;
if (group.Description != parser.ParseString(siteGroup.Description))
{
group.Description = parser.ParseString(siteGroup.Description);
isDirty = true;
}
if (group.AllowMembersEditMembership != siteGroup.AllowMembersEditMembership)
{
group.AllowMembersEditMembership = siteGroup.AllowMembersEditMembership;
isDirty = true;
}
if (group.AllowRequestToJoinLeave != siteGroup.AllowRequestToJoinLeave)
{
group.AllowRequestToJoinLeave = siteGroup.AllowRequestToJoinLeave;
isDirty = true;
}
if (group.AutoAcceptRequestToJoinLeave != siteGroup.AutoAcceptRequestToJoinLeave)
{
group.AutoAcceptRequestToJoinLeave = siteGroup.AutoAcceptRequestToJoinLeave;
isDirty = true;
}
if (group.Owner.LoginName != parser.ParseString(siteGroup.Owner))
{
if (parser.ParseString(siteGroup.Title) != parser.ParseString(siteGroup.Owner))
{
Principal ownerPrincipal = allGroups.FirstOrDefault(gr => gr.LoginName == parser.ParseString(siteGroup.Owner));
if (ownerPrincipal == null)
{
ownerPrincipal = web.EnsureUser(parser.ParseString(siteGroup.Owner));
}
group.Owner = ownerPrincipal;
}
else
{
group.Owner = group;
}
isDirty = true;
}
if (isDirty)
{
scope.LogDebug("Updating existing group {0}", group.Title);
group.Update();
web.Context.ExecuteQueryRetry();
}
}
if (group != null && siteGroup.Members.Any())
{
AddUserToGroup(web, group, siteGroup.Members, scope);
}
}
foreach (var admin in siteSecurity.AdditionalAdministrators)
{
var user = web.EnsureUser(admin.Name);
user.IsSiteAdmin = true;
user.Update();
web.Context.ExecuteQueryRetry();
}
if (siteSecurity.SiteSecurityPermissions != null)
{
var existingRoleDefinitions = web.Context.LoadQuery(web.RoleDefinitions.Include(wr => wr.Name, wr => wr.BasePermissions, wr => wr.Description));
web.Context.ExecuteQueryRetry();
if (siteSecurity.SiteSecurityPermissions.RoleDefinitions.Any())
{
foreach (var templateRoleDefinition in siteSecurity.SiteSecurityPermissions.RoleDefinitions)
{
var siteRoleDefinition = existingRoleDefinitions.FirstOrDefault(erd => erd.Name == parser.ParseString(templateRoleDefinition.Name));
if (siteRoleDefinition == null)
{
scope.LogDebug("Creation role definition {0}", parser.ParseString(templateRoleDefinition.Name));
var roleDefinitionCI = new RoleDefinitionCreationInformation();
roleDefinitionCI.Name = parser.ParseString(templateRoleDefinition.Name);
roleDefinitionCI.Description = parser.ParseString(templateRoleDefinition.Description);
BasePermissions basePermissions = new BasePermissions();
foreach (var permission in templateRoleDefinition.Permissions)
{
basePermissions.Set(permission);
}
roleDefinitionCI.BasePermissions = basePermissions;
web.RoleDefinitions.Add(roleDefinitionCI);
web.Context.ExecuteQueryRetry();
}
else
{
var isDirty = false;
if (siteRoleDefinition.Description != parser.ParseString(templateRoleDefinition.Description))
{
siteRoleDefinition.Description = parser.ParseString(templateRoleDefinition.Description);
isDirty = true;
}
var templateBasePermissions = new BasePermissions();
templateRoleDefinition.Permissions.ForEach(p => templateBasePermissions.Set(p));
if (siteRoleDefinition.BasePermissions != templateBasePermissions)
{
isDirty = true;
foreach (var permission in templateRoleDefinition.Permissions)
{
siteRoleDefinition.BasePermissions.Set(permission);
}
}
if (isDirty)
{
scope.LogDebug("Updating role definition {0}", parser.ParseString(templateRoleDefinition.Name));
siteRoleDefinition.Update();
web.Context.ExecuteQueryRetry();
}
}
}
}
var webRoleDefinitions = web.Context.LoadQuery(web.RoleDefinitions);
var groups = web.Context.LoadQuery(web.SiteGroups.Include(g => g.LoginName));
web.Context.ExecuteQueryRetry();
if (siteSecurity.SiteSecurityPermissions.RoleAssignments.Any())
{
foreach (var roleAssignment in siteSecurity.SiteSecurityPermissions.RoleAssignments)
{
Principal principal = groups.FirstOrDefault(g => g.LoginName == parser.ParseString(roleAssignment.Principal));
if (principal == null)
{
principal = web.EnsureUser(parser.ParseString(roleAssignment.Principal));
}
var roleDefinitionBindingCollection = new RoleDefinitionBindingCollection(web.Context);
var roleDefinition = webRoleDefinitions.FirstOrDefault(r => r.Name == roleAssignment.RoleDefinition);
if (roleDefinition != null)
{
roleDefinitionBindingCollection.Add(roleDefinition);
}
web.RoleAssignments.Add(principal, roleDefinitionBindingCollection);
web.Context.ExecuteQueryRetry();
}
}
}
}
return parser;
}
/// <summary>
/// Assigns item level permission
/// </summary>
/// <param name="clientContext">Client context object</param>
/// <param name="listName">List name</param>
/// <param name="listItemId">List item id</param>
internal static void AssignItemPermission(ClientContext clientContext, string listName, int listItemId)
{
try
{
if (null != clientContext && !string.IsNullOrEmpty(listName))
{
ListItem listItem = clientContext.Web.Lists.GetByTitle(listName).GetItemById(listItemId);
clientContext.Load(listItem, item => item.HasUniqueRoleAssignments);
clientContext.ExecuteQuery();
if (listItem.HasUniqueRoleAssignments)
{
SecurableObject listItemObject = listItem;
ClientRuntimeContext clientRuntimeContext = clientContext;
// get the user object
Principal userPrincipal = clientContext.Web.AssociatedOwnerGroup;
string roleName = ConfigurationManager.AppSettings["Role"];
RoleDefinition roleDefinition = clientContext.Web.RoleDefinitions.GetByName(roleName);
// create the role definition binding collection
RoleDefinitionBindingCollection roleDefinitionBindingCollection = new RoleDefinitionBindingCollection(clientRuntimeContext);
// add the role definition to the collection
roleDefinitionBindingCollection.Add(roleDefinition);
// create a RoleAssigment with the user and role definition
listItemObject.RoleAssignments.Add(userPrincipal, roleDefinitionBindingCollection);
clientRuntimeContext.ExecuteQuery();
}
}
}
catch (Exception exception)
{
ErrorLogger.DisplayErrorMessage(string.Format(CultureInfo.InvariantCulture, Constants.AssigningPermissionsExceptionMessage, Constants.SettingsPage, exception.Message));
}
}
protected override void ExecuteCmdlet()
{
var group = Identity.GetGroup(SelectedWeb);
List list = List.GetList(SelectedWeb);
if (list == null && !string.IsNullOrEmpty(List.Title))
{
throw new Exception($"List with Title {List.Title} not found");
}
else if (list == null && List.Id != Guid.Empty )
{
throw new Exception($"List with Id {List.Id} not found");
}
if (AddRole != null)
{
foreach (var role in AddRole)
{
var roleDefinition = SelectedWeb.RoleDefinitions.GetByName(role);
var roleDefinitionBindings = new RoleDefinitionBindingCollection(ClientContext) { roleDefinition };
RoleAssignmentCollection roleAssignments;
if (list != null)
{
roleAssignments = list.RoleAssignments;
}
else
{
roleAssignments = SelectedWeb.RoleAssignments;
}
roleAssignments.Add(group, roleDefinitionBindings);
ClientContext.Load(roleAssignments);
ClientContext.ExecuteQueryRetry();
}
}
if (RemoveRole != null)
{
foreach (var role in RemoveRole)
{
RoleAssignment roleAssignment;
if (list != null)
{
roleAssignment = list.RoleAssignments.GetByPrincipal(group);
}
else
{
roleAssignment = SelectedWeb.RoleAssignments.GetByPrincipal(group);
}
var roleDefinitionBindings = roleAssignment.RoleDefinitionBindings;
ClientContext.Load(roleDefinitionBindings);
ClientContext.ExecuteQueryRetry();
foreach (var roleDefinition in roleDefinitionBindings.Where(roleDefinition => roleDefinition.Name == role))
{
roleDefinitionBindings.Remove(roleDefinition);
roleAssignment.Update();
ClientContext.ExecuteQueryRetry();
break;
}
}
}
}
private void SetupPermissionSchemeOfList(ClientContext context, List list, ShList listConfig)
{
if (listConfig.PermissionScheme != null)
{
if (listConfig.PermissionScheme.BreakInheritance)
{
list.BreakRoleInheritance(true, false);
list.Update();
context.ExecuteQuery();
}
if (listConfig.PermissionScheme.RemoveDefaultRoleAssignments)
{
context.Load(list.RoleAssignments);
context.ExecuteQuery();
for (var i = list.RoleAssignments.Count - 1; i >= 0; i--)
{
list.RoleAssignments[i].DeleteObject();
}
}
foreach (var roleAssignment in listConfig.PermissionScheme.RoleAssignments)
{
Group group = null;
if (roleAssignment.Group.Name != "")
{
group = context.Web.SiteGroups.GetByName(roleAssignment.Group.Name);
}
else
{
group = GetAssociatedGroup(context, roleAssignment.Group.AssociatedGroup);
}
RoleDefinitionBindingCollection roleDefBinding = new RoleDefinitionBindingCollection(context);
RoleDefinition roleDef = context.Web.RoleDefinitions.GetByName(roleAssignment.PermissionLevel);
roleDefBinding.Add(roleDef);
list.RoleAssignments.Add(group, roleDefBinding);
context.Load(group);
context.Load(roleDef);
context.ExecuteQuery();
}
}
}
/// <summary>
/// Set permission to the specified list item
/// </summary>
/// <param name="clientContext">Client context object</param>
/// <param name="assignUserName">Users to give permission</param>
/// <param name="listName">List name</param>
/// <param name="listItemId">Unique list item id to break item level permission</param>
/// <param name="permissions">Permissions for the users</param>
/// <returns>Status of the unique item level permission assignment operation</returns>
public static bool SetItemPermission(ClientContext clientContext, IList<IList<string>> assignUserName, string listName, int listItemId, IList<string> permissions)
{
bool result = false;
try
{
if (null != clientContext)
{
ClientRuntimeContext clientRuntimeContext = clientContext;
ListItem listItem = clientContext.Web.Lists.GetByTitle(listName).GetItemById(listItemId);
clientContext.Load(listItem, item => item.HasUniqueRoleAssignments);
clientContext.ExecuteQuery();
if (listItem.HasUniqueRoleAssignments && null != permissions && null != assignUserName && permissions.Count == assignUserName.Count)
{
int position = 0;
foreach (string roleName in permissions)
{
IList<string> userName = assignUserName[position];
if (!string.IsNullOrWhiteSpace(roleName) && null != userName)
{
RoleDefinition roleDefinition = clientContext.Web.RoleDefinitions.GetByName(roleName);
foreach (string user in userName)
{
if (!string.IsNullOrWhiteSpace(user))
{
/////get the user object
Principal userPrincipal = clientContext.Web.EnsureUser(user.Trim());
/////create the role definition binding collection
RoleDefinitionBindingCollection roleDefinitionBindingCollection = new RoleDefinitionBindingCollection(clientRuntimeContext);
/////add the role definition to the collection
roleDefinitionBindingCollection.Add(roleDefinition);
/////create a RoleAssigment with the user and role definition
listItem.RoleAssignments.Add(userPrincipal, roleDefinitionBindingCollection);
}
}
/////execute the query to add everything
clientRuntimeContext.ExecuteQuery();
}
position++;
}
///// Success. Return a success code
result = false;
}
}
}
catch (Exception ex)
{
throw;
}
return result;
}
/// <summary>
/// Assigns permission to group
/// </summary>
/// <param name="clientcontext">Client Context</param>
/// <param name="matterCenterGroup">Group for which permission is to be assigned</param>
/// <param name="list">List at which permission is to be assigned</param>
/// <param name="listName">Name of the list</param>
/// <param name="isCustomPermission">Custom permission flag</param>
/// <returns>Status of operation</returns>
private static bool AssignPermission(ClientContext clientcontext, Group matterCenterGroup, List list, string listName, bool isCustomPermission)
{
string errorFilePath = Directory.GetParent(Directory.GetCurrentDirectory()) + "/" + "ErrorLog.txt";
bool result = false;
try
{
if (null != clientcontext && null != list && null != matterCenterGroup)
{
// first breaking permissions
Console.WriteLine("Breaking Permissions for " + listName + " list...");
if (!list.HasUniqueRoleAssignments)
{
list.BreakRoleInheritance(true, true);
list.Update();
clientcontext.Load(list);
clientcontext.ExecuteQuery();
}
//// assigning permissions
Principal principal = matterCenterGroup;
RoleDefinition role = null;
int permission = Convert.ToInt32(ConfigurationManager.AppSettings["Permission"], CultureInfo.InvariantCulture);
permission = isCustomPermission ? 3 : permission;
switch (permission)
{
case 0:
role = clientcontext.Web.RoleDefinitions.GetByType(RoleType.Contributor);
break;
case 1:
role = clientcontext.Web.RoleDefinitions.GetByType(RoleType.Administrator);
break;
case 3:
string permissionLevel = ConfigurationManager.AppSettings["MatterCenterContributePermission"];
RoleDefinitionCollection roles = clientcontext.Web.RoleDefinitions;
clientcontext.Load(roles);
clientcontext.ExecuteQuery();
role = roles.Where(item => item.Name == permissionLevel).FirstOrDefault();
break;
case 2:
default:
role = clientcontext.Web.RoleDefinitions.GetByType(RoleType.Reader);
break;
}
RoleDefinitionBindingCollection grpRole = new RoleDefinitionBindingCollection(clientcontext);
if (null != role)
{
grpRole.Add(role);
}
list.RoleAssignments.Add(principal, grpRole);
list.Update();
clientcontext.ExecuteQuery();
result = true;
}
}
catch (Exception exception)
{
result = false;
ErrorLogger.LogErrorToTextFile(errorFilePath, "Message: " + exception.Message + "\nStacktrace: " + exception.StackTrace);
}
return result;
}
/// <summary>
/// Assigns permissions for user
/// </summary>
internal static string AssignUserPermissions(ClientContext clientcontext, string MatterName, List<string> Users, string permission, string CalendarName = null)
{
{
string returnvalue = "false";
try
{
List<string> permissions = new List<string>();
permissions.Add(permission);
Microsoft.SharePoint.Client.Web web = clientcontext.Web;
clientcontext.Load(web.RoleDefinitions);
string matterOrCalendar = !string.IsNullOrWhiteSpace(CalendarName) ? CalendarName : MatterName;
List list = web.Lists.GetByTitle(matterOrCalendar);
clientcontext.Load(list, l => l.HasUniqueRoleAssignments);
clientcontext.ExecuteQuery();
if (list.HasUniqueRoleAssignments)
{
if (null != permissions && null != Users) //matter.permissions=read/limited access/contribute/ full control/ view only
{
int position = 0;
foreach (string rolename in permissions)
{
try
{
RoleDefinitionCollection roleDefinitions = clientcontext.Web.RoleDefinitions;
RoleDefinition role = (from roleDef in roleDefinitions
where roleDef.Name == rolename
select roleDef).First();
foreach (string user in Users)
{
//get the user object
Principal userprincipal = clientcontext.Web.EnsureUser(user);
//create the role definition binding collection
RoleDefinitionBindingCollection roledefinitionbindingcollection = new RoleDefinitionBindingCollection(clientcontext);
//add the role definition to the collection
roledefinitionbindingcollection.Add(role);
//create a role assignment with the user and role definition
list.RoleAssignments.Add(userprincipal, roledefinitionbindingcollection);
}
//execute the query to add everything
clientcontext.ExecuteQuery();
}
// SharePoint specific exception
catch (ClientRequestException clientRequestException)
{
DisplayAndLogError(errorFilePath, "Message: " + clientRequestException.Message + "Matter name: " + MatterName + "\nStacktrace: " + clientRequestException.StackTrace);
throw;
}
// SharePoint specific exception
catch (ServerException serverException)
{
DisplayAndLogError(errorFilePath, "Message: " + serverException.Message + "Matter name: " + MatterName + "\nStacktrace: " + serverException.StackTrace);
throw;
}
position++;
}
}
// success. return a success code
returnvalue = "true";
}
}
// web exception
catch (Exception exception)
{
DisplayAndLogError(errorFilePath, string.Format(CultureInfo.InvariantCulture, ConfigurationManager.AppSettings["ErrorMessage"], "assigning Permission"));
DisplayAndLogError(errorFilePath, "Message: " + exception.Message + "Matter name: " + MatterName + "\nStacktrace: " + exception.StackTrace);
throw;
}
return returnvalue;
}
}
public void UpdateGroup(ObservableCollection<PermissionLevel> permissionLevels,bool canRemove, string siteUrl, bCheck.Admin.Data.Group gp, Action<bool, Exception> reply)
{
ClientRequestSucceededEventHandler SuccessHandler = null;
ClientRequestFailedEventHandler FailureHandler = null;
Principal principal = null;
ClientContext ictx = null;
if (siteUrl == Constants.Optional)
ictx = _client;
else
ictx = new ClientContext(siteUrl);
if (gp.Owner == null)
{
if (gp.EditOwner.PrincipalType == PrincipalType.SharePointGroup)
principal = ictx.Web.SiteGroups.GetById(gp.EditOwner.Id);
else if (gp.EditOwner.PrincipalType == PrincipalType.User)
principal = ictx.Web.EnsureUser(gp.EditOwner.LoginName);
}
else
{
if (gp.Owner.PrincipalType == PrincipalType.SharePointGroup)
principal = ictx.Web.SiteGroups.GetById(gp.Owner.PrincipalId);
else if (gp.Owner.PrincipalType == PrincipalType.User)
principal = ictx.Web.EnsureUser(gp.Owner.LoginName);
}
Group group = ictx.Web.SiteGroups.GetById(gp.Id);
group.Title = gp.Title;
group.Owner = principal;
group.AllowMembersEditMembership = gp.AllowMembersEditMembership;
group.OnlyAllowMembersViewMembership = gp.OnlyAllowMembersViewMembership;
group.Update();
if (canRemove)
{
RoleAssignment gpRss = ictx.Web.RoleAssignments.GetByPrincipalId(gp.Id);
gpRss.RoleDefinitionBindings.RemoveAll();
gpRss.Update();
}
if (permissionLevels != null && permissionLevels.Count > 0)
{
RoleDefinitionBindingCollection rbc = new RoleDefinitionBindingCollection(ictx);
foreach (PermissionLevel pl in permissionLevels)
{
RoleDefinition rd = ictx.Web.RoleDefinitions.GetByName(pl.LevelName);
rbc.Add(rd);
}
ictx.Web.RoleAssignments.Add(group, rbc);
}
SuccessHandler = (s, e) =>
{
reply(true, null);
};
FailureHandler = (s, e) =>
{
Logger.AddLog(_log, e.Exception);
reply(false, e.Exception);
};
ictx.ExecuteQueryAsync(SuccessHandler, FailureHandler);
}
private static void AddPermissionLevelImplementation(this Web web, Principal principal, RoleType permissionLevel, bool removeExistingPermissionLevels = false)
{
if (principal != null)
{
bool processed = false;
RoleAssignmentCollection rac = web.RoleAssignments;
web.Context.Load(rac);
web.Context.ExecuteQuery();
//Find the roles assigned to the principal
foreach (RoleAssignment ra in rac)
{
// correct role assignment found
if (ra.PrincipalId == principal.Id)
{
// load the role definitions for this role assignment
RoleDefinitionBindingCollection rdc = ra.RoleDefinitionBindings;
web.Context.Load(rdc);
web.Context.Load(web.RoleDefinitions);
web.Context.ExecuteQuery();
// Load the role definition to add (e.g. contribute)
RoleDefinition roleDefinition = web.RoleDefinitions.GetByType(permissionLevel);
if (removeExistingPermissionLevels)
{
// Remove current role definitions by removing all current role definitions
rdc.RemoveAll();
}
// Add the selected role definition
rdc.Add(roleDefinition);
//update
ra.ImportRoleDefinitionBindings(rdc);
ra.Update();
web.Context.ExecuteQuery();
// Leave the for each loop
processed = true;
break;
}
}
// For a principal without role definitions set we follow a different code path
if (!processed)
{
RoleDefinitionBindingCollection rdc = new RoleDefinitionBindingCollection(web.Context);
RoleDefinition roleDefinition = web.RoleDefinitions.GetByType(permissionLevel);
rdc.Add(roleDefinition);
web.RoleAssignments.Add(principal, rdc);
web.Context.ExecuteQuery();
}
}
}
protected override void ExecuteCmdlet()
{
Group group = null;
if (Identity.Id != -1)
{
group = this.SelectedWeb.SiteGroups.GetById(Identity.Id);
}
else if (!string.IsNullOrEmpty(Identity.Name))
{
group = this.SelectedWeb.SiteGroups.GetByName(Identity.Name);
}
else if (Identity.Group != null)
{
group = Identity.Group;
}
if (SetAssociatedGroup != AssociatedGroupTypeEnum.None)
{
switch (SetAssociatedGroup)
{
case AssociatedGroupTypeEnum.Visitors:
{
this.SelectedWeb.AssociateDefaultGroups(null, null, group);
break;
}
case AssociatedGroupTypeEnum.Members:
{
this.SelectedWeb.AssociateDefaultGroups(null, group, null);
break;
}
case AssociatedGroupTypeEnum.Owners:
{
this.SelectedWeb.AssociateDefaultGroups(group, null, null);
break;
}
}
}
if(!string.IsNullOrEmpty(AddRole))
{
var roleDefinition = this.SelectedWeb.RoleDefinitions.GetByName(AddRole);
var roleDefinitionBindings = new RoleDefinitionBindingCollection(ClientContext);
roleDefinitionBindings.Add(roleDefinition);
var roleAssignments = this.SelectedWeb.RoleAssignments;
roleAssignments.Add(group,roleDefinitionBindings);
ClientContext.Load(roleAssignments);
ClientContext.ExecuteQuery();
}
if(!string.IsNullOrEmpty(RemoveRole))
{
var roleAssignment = this.SelectedWeb.RoleAssignments.GetByPrincipal(group);
var roleDefinitionBindings = roleAssignment.RoleDefinitionBindings;
ClientContext.Load(roleDefinitionBindings);
ClientContext.ExecuteQuery();
foreach(var roleDefinition in roleDefinitionBindings)
{
if(roleDefinition.Name == RemoveRole)
{
roleDefinitionBindings.Remove(roleDefinition);
roleAssignment.Update();
ClientContext.ExecuteQuery();
break;
}
}
}
if(!string.IsNullOrEmpty(Title))
{
group.Title = Title;
group.Update();
ClientContext.ExecuteQuery();
}
}
