/// <summary>
/// Initializes a new instance of the <see cref="SitePolicySharingSetting" /> class.
/// </summary>
/// <param name="isEnabled">isEnabled.</param>
/// <param name="sharingCapabilities">sharingCapabilities.</param>
/// <param name="membersCanShare">membersCanShare.</param>
/// <param name="allowMembersEditMembership">allowMembersEditMembership.</param>
/// <param name="allowAccessRequests">allowAccessRequests.</param>
/// <param name="requestAccessEmail">requestAccessEmail.</param>
/// <param name="accessRequestType">accessRequestType.</param>
/// <param name="accessRequestMessage">accessRequestMessage.</param>
public SitePolicySharingSetting(bool isEnabled = default(bool), SharingCapabilities sharingCapabilities = default(SharingCapabilities), bool membersCanShare = default(bool), bool allowMembersEditMembership = default(bool), bool allowAccessRequests = default(bool), string requestAccessEmail = default(string), AccessRequestType accessRequestType = default(AccessRequestType), string accessRequestMessage = default(string))
{
this.IsEnabled = isEnabled;
this.SharingCapabilities = sharingCapabilities;
this.MembersCanShare = membersCanShare;
this.AllowMembersEditMembership = allowMembersEditMembership;
this.AllowAccessRequests = allowAccessRequests;
this.RequestAccessEmail = requestAccessEmail;
this.AccessRequestType = accessRequestType;
this.AccessRequestMessage = accessRequestMessage;
}
/// <summary>
/// Proposed permission model and permission delta for the created group
/// </summary>
/// <returns>PRIVATE or PUBLIC</returns>
public Tuple <string, List <string> > PermissionModel(string claim1, string claim2)
{
// Do we have a public claim in Members, Owners or Admins? ==> PUBLIC site
bool hasPublicClaimWithEditPermissions = HasClaim(Admins, claim1, claim2);
if (!hasPublicClaimWithEditPermissions)
{
hasPublicClaimWithEditPermissions = HasClaim(Owners, claim1, claim2);
}
if (!hasPublicClaimWithEditPermissions)
{
hasPublicClaimWithEditPermissions = HasClaim(Members, claim1, claim2);
}
List <string> permissionDelta = new List <string>();
// Potential issue 1: private group, but public claim has been used outside of Site Admins, Owners, Members
//if (EveryoneClaimsGranted && !hasPublicClaimWithEditPermissions)
//{
// permissionDelta.Add("PrivateGroupButEveryoneUsedOutsideOfAdminOwnerMemberGroups");
//}
//// Potential issue 2: public claim in visitors group will lead to private site while still allow everyone view access
//if (HasClaim(Visitors, claim1, claim2) && !hasPublicClaim)
//{
// permissionDelta.Add("PrivateGroupButEveryoneInVisitors");
//}
// Potential issue 3: external sharing disabled, but will be possible by default on groups
if (!String.IsNullOrEmpty(SharingCapabilities))
{
if (SharingCapabilities.Equals("Disabled", StringComparison.InvariantCultureIgnoreCase))
{
permissionDelta.Add("SharingDisabledForSiteButGroupWillAllowExternalSharing");
}
}
// Potential issue 4: sub site has broken permission inheritance
if (SubSitesWithBrokenPermissionInheritance)
{
permissionDelta.Add("SubSiteWithBrokenPermissionInheritance");
}
// Potential issue 5: ad groups used which will not expand into the Office 365 group
if (ContainsADGroup(Owners) || ContainsADGroup(Admins) || ContainsADGroup(Members))
{
permissionDelta.Add("ADGroupWillNotBeExpanded");
}
return(new Tuple <string, List <string> >(hasPublicClaimWithEditPermissions ? "PUBLIC" : "PRIVATE", permissionDelta));
}
static void Main(string[] args)
{
/* Prompt for you Admin Tenant*/
Console.WriteLine("Enter your Tenant Admin URL for your Office 365 subscription:");
string tenantAdminURL = GetSite();
/* End Program if no tenantAdmin */
if (string.IsNullOrEmpty(tenantAdminURL))
{
Console.WriteLine("Hmm, i tried to work on it but you didn't supply your admin tenant url:");
return;
}
// Request Office365 site from the user
Console.WriteLine("Enter your Office 365 Site Collection URL:");
string siteUrl = GetSite();
/* Prompt for Credentials */
Console.WriteLine("Enter Credentials for your Office 365 Site Collection {0}:", siteUrl);
string userName = GetUserName();
SecureString pwd = GetPassword();
/* End Program if no Credentials */
if (string.IsNullOrEmpty(userName) || (pwd == null))
{
Console.WriteLine("Hmm, i tried to work on it but you didn't supply your credentials:");
return;
}
try
{
SharingCapabilities _sharingSettingToApply = GetInputSharing(siteUrl);
using (ClientContext cc = new ClientContext(tenantAdminURL))
{
cc.AuthenticationMode = ClientAuthenticationMode.Default;
cc.Credentials = new SharePointOnlineCredentials(userName, pwd);
SetSiteSharing(cc, siteUrl, _sharingSettingToApply);
}
}
catch (Exception ex)
{
Console.WriteLine("Opps, Mistakes can happen to anyone. An Error occured : {0}", ex.Message);
}
Console.WriteLine("Hit Enter to exit.");
Console.Read();
}
/// <summary>
/// Sets the Site Collection External Sharing Setting using the SharePoint Tenant API
/// </summary>
/// <param name="adminCC"></param>
/// <param name="siteCollectionURl"></param>
/// <param name="shareSettings"></param>
public static void SetSiteSharing(ClientContext adminCC, string siteCollectionURl, SharingCapabilities shareSettings)
{
var _tenantAdmin = new Tenant(adminCC);
SiteProperties _siteprops = _tenantAdmin.GetSitePropertiesByUrl(siteCollectionURl, true);
adminCC.Load(_tenantAdmin);
adminCC.Load(_siteprops);
adminCC.ExecuteQuery();
SharingCapabilities _tenantSharing = _tenantAdmin.SharingCapability;
var _currentShareSettings = _siteprops.SharingCapability;
bool _isUpdatable = false;
if (_tenantSharing == SharingCapabilities.Disabled)
{
Console.WriteLine("Sharing is currently disabled in your tenant! I am unable to work on it.");
}
else
{
if (shareSettings == SharingCapabilities.Disabled)
{
_isUpdatable = true;
}
else if (shareSettings == SharingCapabilities.ExternalUserSharingOnly)
{
_isUpdatable = true;
}
else if (shareSettings == SharingCapabilities.ExternalUserAndGuestSharing)
{
if (_tenantSharing == SharingCapabilities.ExternalUserAndGuestSharing)
{
_isUpdatable = true;
}
else
{
Console.WriteLine("ExternalUserAndGuestSharing is currently disabled in your tenant! I am unable to work on it.");
}
}
}
if (_currentShareSettings != shareSettings && _isUpdatable)
{
_siteprops.SharingCapability = shareSettings;
_siteprops.Update();
adminCC.ExecuteQuery();
Console.WriteLine("Set Sharing on site {0} to {1}.", siteCollectionURl, shareSettings);
}
}
/// <summary>
/// Get the external sharing status of a site collection based on both of the site and tenant level setting.
/// </summary>
/// <param name="siteCapability">The external sharing capability of the site collection</param>
/// <param name="tenantCapability">The external sharing capability setting of the current tenant</param>
/// <returns></returns>
private int IsExternalSharingEnabled(SharingCapabilities siteCapability, SharingCapabilities tenantCapability)
{
if (tenantCapability == SharingCapabilities.Disabled ||
siteCapability == SharingCapabilities.Disabled)
{
return(0);
}
else if (siteCapability == SharingCapabilities.ExternalUserSharingOnly)
{
return(1);
}
else if (tenantCapability == SharingCapabilities.ExternalUserAndGuestSharing &&
siteCapability == SharingCapabilities.ExternalUserAndGuestSharing)
{
return(2);
}
return(0);
}
protected void Page_Load(object sender, EventArgs e)
{
if (!Page.IsPostBack)
{
using (var ctx = GetAdminContext())
{
// get site collections.
Tenant tenant = new Tenant(ctx);
SPOSitePropertiesEnumerable sites = tenant.GetSiteProperties(0, true);
ctx.Load(tenant);
ctx.Load(sites);
ctx.ExecuteQuery();
SharingCapabilities tenantSharing = tenant.SharingCapability;
switch (tenantSharing)
{
case SharingCapabilities.Disabled:
lblStatus.Text = "External sharing is disabled at tenant level.";
break;
case SharingCapabilities.ExternalUserSharingOnly:
lblStatus.Text = "External sharing at tenant level is set only for authenticated users.";
break;
case SharingCapabilities.ExternalUserAndGuestSharing:
lblStatus.Text = "External sharing at tenant level is for authenticated and guest users.";
break;
default:
break;
}
if (tenantSharing != SharingCapabilities.Disabled)
{
// List site collections
foreach (var item in sites)
{
sitecollections.Items.Add(new System.Web.UI.WebControls.ListItem(item.Url, item.Url));
}
}
}
}
}
public bool IsTenantExternalSharingEnabled()
{
bool isTenantExternalShaingEnabled = false;
string siteCollectionUrl = SPOAdminURL;
string message = string.Empty;
ClientContext clientContext;
try
{
using (clientContext = GetClientContext(siteCollectionUrl, clientID, clientSecret))
{
clientContext.ExecuteQuery();
Tenant currentO365Tenant = new Tenant(clientContext);
clientContext.Load(currentO365Tenant, O365t => O365t.SharingCapability);
clientContext.ExecuteQuery();
SharingCapabilities _tenantSharing = currentO365Tenant.SharingCapability;
if (_tenantSharing == SharingCapabilities.Disabled)
{
message = "Sharing is currently disabled in our tenant.";
isTenantExternalShaingEnabled = false;
}
else
{
isTenantExternalShaingEnabled = true;
}
}
}
catch (Exception ex)
{
message = ex.Message;
}
return(isTenantExternalShaingEnabled);
}
/// <summary>
/// Sets tenant site Properties
/// </summary>
/// <param name="tenant">A tenant object pointing to the context of a Tenant Administration site</param>
/// <param name="siteFullUrl"></param>
/// <param name="title"></param>
/// <param name="allowSelfServiceUpgrade"></param>
/// <param name="sharingCapability"></param>
/// <param name="storageMaximumLevel"></param>
/// <param name="storageWarningLevel"></param>
/// <param name="userCodeMaximumLevel"></param>
/// <param name="userCodeWarningLevel"></param>
public static void SetSiteProperties(this Tenant tenant, string siteFullUrl,
string title = null,
bool? allowSelfServiceUpgrade = null,
SharingCapabilities? sharingCapability = null,
long? storageMaximumLevel = null,
long? storageWarningLevel = null,
double? userCodeMaximumLevel = null,
double? userCodeWarningLevel = null
)
{
var siteProps = tenant.GetSitePropertiesByUrl(siteFullUrl, true);
tenant.Context.Load(siteProps);
tenant.Context.ExecuteQueryRetry();
if (siteProps != null)
{
if (allowSelfServiceUpgrade != null)
siteProps.AllowSelfServiceUpgrade = allowSelfServiceUpgrade.Value;
if (sharingCapability != null)
siteProps.SharingCapability = sharingCapability.Value;
if (storageMaximumLevel != null)
siteProps.StorageMaximumLevel = storageMaximumLevel.Value;
if (storageWarningLevel != null)
siteProps.StorageWarningLevel = storageMaximumLevel.Value;
if (userCodeMaximumLevel != null)
siteProps.UserCodeMaximumLevel = userCodeMaximumLevel.Value;
if (userCodeWarningLevel != null)
siteProps.UserCodeWarningLevel = userCodeWarningLevel.Value;
if (title != null)
siteProps.Title = title;
siteProps.Update();
tenant.Context.ExecuteQueryRetry();
}
}
/// <summary>
/// Sets the Site Collection External Sharing Setting using the SharePoint Tenant API
/// </summary>
/// <param name="adminCC"></param>
/// <param name="siteCollectionURl"></param>
/// <param name="shareSettings"></param>
public static void SetSiteSharing(ClientContext adminCC, string siteCollectionURl, SharingCapabilities shareSettings)
{
var _tenantAdmin = new Tenant(adminCC);
SiteProperties _siteprops = _tenantAdmin.GetSitePropertiesByUrl(siteCollectionURl, true);
adminCC.Load(_tenantAdmin);
adminCC.Load(_siteprops);
adminCC.ExecuteQuery();
SharingCapabilities _tenantSharing = _tenantAdmin.SharingCapability;
var _currentShareSettings = _siteprops.SharingCapability;
bool _isUpdatable = false;
if(_tenantSharing == SharingCapabilities.Disabled)
{
Console.WriteLine("Sharing is currently disabled in your tenant! I am unable to work on it.");
}
else
{
if(shareSettings == SharingCapabilities.Disabled)
{ _isUpdatable = true; }
else if(shareSettings == SharingCapabilities.ExternalUserSharingOnly)
{
_isUpdatable = true;
}
else if (shareSettings == SharingCapabilities.ExternalUserAndGuestSharing)
{
if (_tenantSharing == SharingCapabilities.ExternalUserAndGuestSharing)
{
_isUpdatable = true;
}
else
{
Console.WriteLine("ExternalUserAndGuestSharing is currently disabled in your tenant! I am unable to work on it.");
}
}
}
if (_currentShareSettings != shareSettings && _isUpdatable)
{
_siteprops.SharingCapability = shareSettings;
_siteprops.Update();
adminCC.ExecuteQuery();
Console.WriteLine("Set Sharing on site {0} to {1}.", siteCollectionURl, shareSettings);
}
}
/// <summary>
/// Get the external sharing status of a site collection based on both of the site and tenant level setting.
/// </summary>
/// <param name="siteCapability">The external sharing capability of the site collection</param>
/// <param name="tenantCapability">The external sharing capability setting of the current tenant</param>
/// <returns></returns>
private int IsExternalSharingEnabled(SharingCapabilities siteCapability, SharingCapabilities tenantCapability)
{
if (tenantCapability == SharingCapabilities.Disabled ||
siteCapability == SharingCapabilities.Disabled)
return 0;
else if (siteCapability == SharingCapabilities.ExternalUserSharingOnly)
return 1;
else if (tenantCapability == SharingCapabilities.ExternalUserAndGuestSharing &&
siteCapability == SharingCapabilities.ExternalUserAndGuestSharing)
return 2;
return 0;
}
/// <summary>
/// Initializes a new instance of the <see cref="SiteList" /> class.
/// </summary>
/// <param name="id">id.</param>
/// <param name="description">description.</param>
/// <param name="title">title.</param>
/// <param name="url">url.</param>
/// <param name="department">department.</param>
/// <param name="policyName">policyName.</param>
/// <param name="policyId">policyId.</param>
/// <param name="template">template.</param>
/// <param name="owner">owner.</param>
/// <param name="primaryContact">primaryContact.</param>
/// <param name="primaryContactDisplayName">primaryContactDisplayName.</param>
/// <param name="secondaryContact">secondaryContact.</param>
/// <param name="secondaryContactDisplayName">secondaryContactDisplayName.</param>
/// <param name="additionalAdministrators">additionalAdministrators.</param>
/// <param name="additionalAdministratorDisplayNames">additionalAdministratorDisplayNames.</param>
/// <param name="createdTime">createdTime.</param>
/// <param name="status">status.</param>
/// <param name="claimStatus">claimStatus.</param>
/// <param name="sharing">sharing.</param>
/// <param name="storageQuota">storageQuota.</param>
/// <param name="storageUsed">storageUsed.</param>
/// <param name="inactivityThresholdTime">inactivityThresholdTime.</param>
/// <param name="leaseExpirationTime">leaseExpirationTime.</param>
/// <param name="permissionRecertificationStatus">permissionRecertificationStatus.</param>
/// <param name="metadataRecertificationStatus">metadataRecertificationStatus.</param>
/// <param name="ownershipRecertificationStatus">ownershipRecertificationStatus.</param>
/// <param name="geoLocation">geoLocation.</param>
/// <param name="hub">hub.</param>
/// <param name="phase">phase.</param>
/// <param name="metadata">metadata.</param>
public SiteList(Guid id = default(Guid), string description = default(string), string title = default(string), string url = default(string), string department = default(string), string policyName = default(string), Guid policyId = default(Guid), string template = default(string), string owner = default(string), string primaryContact = default(string), string primaryContactDisplayName = default(string), string secondaryContact = default(string), string secondaryContactDisplayName = default(string), string additionalAdministrators = default(string), string additionalAdministratorDisplayNames = default(string), string createdTime = default(string), SiteStatus status = default(SiteStatus), ClaimStatus claimStatus = default(ClaimStatus), SharingCapabilities sharing = default(SharingCapabilities), long storageQuota = default(long), long storageUsed = default(long), DateTime?inactivityThresholdTime = default(DateTime?), DateTime?leaseExpirationTime = default(DateTime?), RecertificationStatus permissionRecertificationStatus = default(RecertificationStatus), RecertificationStatus metadataRecertificationStatus = default(RecertificationStatus), RecertificationStatus ownershipRecertificationStatus = default(RecertificationStatus), string geoLocation = default(string), string hub = default(string), AutoImportPhase phase = default(AutoImportPhase), List <ReportMetadata> metadata = default(List <ReportMetadata>))
{
this.Id = id;
this.Description = description;
this.Title = title;
this.Url = url;
this.Department = department;
this.PolicyName = policyName;
this.PolicyId = policyId;
this.Template = template;
this.Owner = owner;
this.PrimaryContact = primaryContact;
this.PrimaryContactDisplayName = primaryContactDisplayName;
this.SecondaryContact = secondaryContact;
this.SecondaryContactDisplayName = secondaryContactDisplayName;
this.AdditionalAdministrators = additionalAdministrators;
this.AdditionalAdministratorDisplayNames = additionalAdministratorDisplayNames;
this.CreatedTime = createdTime;
this.Status = status;
this.ClaimStatus = claimStatus;
this.Sharing = sharing;
this.StorageQuota = storageQuota;
this.StorageUsed = storageUsed;
this.InactivityThresholdTime = inactivityThresholdTime;
this.LeaseExpirationTime = leaseExpirationTime;
this.PermissionRecertificationStatus = permissionRecertificationStatus;
this.MetadataRecertificationStatus = metadataRecertificationStatus;
this.OwnershipRecertificationStatus = ownershipRecertificationStatus;
this.GeoLocation = geoLocation;
this.Hub = hub;
this.Phase = phase;
this.Metadata = metadata;
}
