public override ProvisioningTemplate ExtractObjects(Web web, ProvisioningTemplate template, ProvisioningTemplateCreationInformation creationInfo)
{
using (var scope = new PnPMonitoredScope(this.Name))
{
web.EnsureProperties(w => w.HasUniqueRoleAssignments, w => w.Title);
// Changed by Paolo Pialorsi to embrace the new sub-site attributes for break role inheritance and copy role assignments
// if this is a sub site then we're not creating security entities as by default security is inherited from the root site
if (web.IsSubSite() && !web.HasUniqueRoleAssignments)
{
return(template);
}
var ownerGroup = web.AssociatedOwnerGroup;
var memberGroup = web.AssociatedMemberGroup;
var visitorGroup = web.AssociatedVisitorGroup;
web.Context.ExecuteQueryRetry();
if (!ownerGroup.ServerObjectIsNull.Value)
{
web.Context.Load(ownerGroup, o => o.Id, o => o.Users, o => o.Title);
}
if (!memberGroup.ServerObjectIsNull.Value)
{
web.Context.Load(memberGroup, o => o.Id, o => o.Users, o => o.Title);
}
if (!visitorGroup.ServerObjectIsNull.Value)
{
web.Context.Load(visitorGroup, o => o.Id, o => o.Users, o => o.Title);
}
web.Context.ExecuteQueryRetry();
List <int> associatedGroupIds = new List <int>();
var owners = new List <User>();
var members = new List <User>();
var visitors = new List <User>();
if (!ownerGroup.ServerObjectIsNull.Value)
{
associatedGroupIds.Add(ownerGroup.Id);
foreach (var member in ownerGroup.Users)
{
owners.Add(new User()
{
Name = member.LoginName
});
}
}
if (!memberGroup.ServerObjectIsNull.Value)
{
associatedGroupIds.Add(memberGroup.Id);
foreach (var member in memberGroup.Users)
{
members.Add(new User()
{
Name = member.LoginName
});
}
}
if (!visitorGroup.ServerObjectIsNull.Value)
{
associatedGroupIds.Add(visitorGroup.Id);
foreach (var member in visitorGroup.Users)
{
visitors.Add(new User()
{
Name = member.LoginName
});
}
}
var siteSecurity = new SiteSecurity();
siteSecurity.AdditionalOwners.AddRange(owners);
siteSecurity.AdditionalMembers.AddRange(members);
siteSecurity.AdditionalVisitors.AddRange(visitors);
var query = from user in web.SiteUsers
where user.IsSiteAdmin
select user;
var allUsers = web.Context.LoadQuery(query);
web.Context.ExecuteQueryRetry();
var admins = new List <User>();
foreach (var member in allUsers)
{
admins.Add(new User()
{
Name = member.LoginName
});
}
siteSecurity.AdditionalAdministrators.AddRange(admins);
if (creationInfo.IncludeSiteGroups)
{
web.Context.Load(web.SiteGroups,
o => o.IncludeWithDefaultProperties(
gr => gr.Id,
gr => gr.Title,
gr => gr.AllowMembersEditMembership,
gr => gr.AutoAcceptRequestToJoinLeave,
gr => gr.AllowRequestToJoinLeave,
gr => gr.Description,
gr => gr.Users.Include(u => u.LoginName),
gr => gr.OnlyAllowMembersViewMembership,
gr => gr.Owner.LoginName,
gr => gr.RequestToJoinLeaveEmailSetting
));
web.Context.ExecuteQueryRetry();
if (web.IsSubSite())
{
WriteMessage("You are requesting to export sitegroups from a subweb. Notice that ALL sitegroups from the site collection are included in the result.", ProvisioningMessageType.Warning);
}
foreach (var group in web.SiteGroups.AsEnumerable().Where(o => !associatedGroupIds.Contains(o.Id)))
{
try
{
scope.LogDebug("Processing group {0}", group.Title);
var siteGroup = new SiteGroup()
{
Title = !string.IsNullOrEmpty(web.Title) ? group.Title.Replace(web.Title, "{sitename}") : group.Title,
AllowMembersEditMembership = group.AllowMembersEditMembership,
AutoAcceptRequestToJoinLeave = group.AutoAcceptRequestToJoinLeave,
AllowRequestToJoinLeave = group.AllowRequestToJoinLeave,
Description = group.Description,
OnlyAllowMembersViewMembership = group.OnlyAllowMembersViewMembership,
Owner = ReplaceGroupTokens(web, group.Owner.LoginName),
RequestToJoinLeaveEmailSetting = group.RequestToJoinLeaveEmailSetting
};
if (String.IsNullOrEmpty(siteGroup.Description))
{
var groupItem = web.SiteUserInfoList.GetItemById(group.Id);
web.Context.Load(groupItem);
web.Context.ExecuteQueryRetry();
var groupNotes = (String)groupItem["Notes"];
if (!String.IsNullOrEmpty(groupNotes))
{
siteGroup.Description = groupNotes;
}
}
foreach (var member in group.Users)
{
scope.LogDebug("Processing member {0} of group {0}", member.LoginName, group.Title);
siteGroup.Members.Add(new User()
{
Name = member.LoginName
});
}
siteSecurity.SiteGroups.Add(siteGroup);
}
catch (Exception ee)
{
scope.LogError(ee.StackTrace);
scope.LogError(ee.Message);
scope.LogError(ee.InnerException.StackTrace);
}
}
}
var webRoleDefinitions = web.Context.LoadQuery(web.RoleDefinitions.Include(r => r.Name, r => r.Description, r => r.BasePermissions, r => r.RoleTypeKind));
web.Context.ExecuteQueryRetry();
if (web.HasUniqueRoleAssignments)
{
var permissionKeys = Enum.GetNames(typeof(PermissionKind));
if (!web.IsSubSite())
{
foreach (var webRoleDefinition in webRoleDefinitions)
{
if (webRoleDefinition.RoleTypeKind == RoleType.None)
{
scope.LogDebug("Processing custom role definition {0}", webRoleDefinition.Name);
var modelRoleDefinitions = new Model.RoleDefinition();
modelRoleDefinitions.Description = webRoleDefinition.Description;
modelRoleDefinitions.Name = webRoleDefinition.Name;
foreach (var permissionKey in permissionKeys)
{
scope.LogDebug("Processing custom permissionKey definition {0}", permissionKey);
var permissionKind =
(PermissionKind)Enum.Parse(typeof(PermissionKind), permissionKey);
if (webRoleDefinition.BasePermissions.Has(permissionKind))
{
modelRoleDefinitions.Permissions.Add(permissionKind);
}
}
siteSecurity.SiteSecurityPermissions.RoleDefinitions.Add(modelRoleDefinitions);
}
else
{
scope.LogDebug("Skipping OOTB role definition {0}", webRoleDefinition.Name);
}
}
}
var webRoleAssignments = web.Context.LoadQuery(web.RoleAssignments.Include(
r => r.RoleDefinitionBindings.Include(
rd => rd.Name,
rd => rd.RoleTypeKind),
r => r.Member.LoginName,
r => r.Member.PrincipalType));
web.Context.ExecuteQueryRetry();
foreach (var webRoleAssignment in webRoleAssignments)
{
scope.LogDebug("Processing Role Assignment {0}", webRoleAssignment.ToString());
if (webRoleAssignment.Member.PrincipalType == PrincipalType.SharePointGroup &&
!creationInfo.IncludeSiteGroups)
{
continue;
}
if (webRoleAssignment.Member.LoginName != "Excel Services Viewers")
{
foreach (var roleDefinition in webRoleAssignment.RoleDefinitionBindings)
{
if (roleDefinition.RoleTypeKind != RoleType.Guest)
{
var modelRoleAssignment = new Model.RoleAssignment();
var roleDefinitionValue = roleDefinition.Name;
if (roleDefinition.RoleTypeKind != RoleType.None)
{
// Replace with token
roleDefinitionValue = $"{{roledefinition:{roleDefinition.RoleTypeKind}}}";
}
modelRoleAssignment.RoleDefinition = roleDefinitionValue;
if (webRoleAssignment.Member.PrincipalType == PrincipalType.SharePointGroup)
{
modelRoleAssignment.Principal = ReplaceGroupTokens(web, webRoleAssignment.Member.LoginName);
}
else
{
modelRoleAssignment.Principal = webRoleAssignment.Member.LoginName;
}
siteSecurity.SiteSecurityPermissions.RoleAssignments.Add(modelRoleAssignment);
}
}
}
}
}
template.Security = siteSecurity;
// If a base template is specified then use that one to "cleanup" the generated template model
if (creationInfo.BaseTemplate != null)
{
template = CleanupEntities(template, creationInfo.BaseTemplate);
}
}
return(template);
}
private static Principal GetPrincipal(Web web, TokenParser parser, PnPMonitoredScope scope, IEnumerable <Group> groups, Model.RoleAssignment roleAssignment)
{
var parsedRoleDefinition = parser.ParseString(roleAssignment.Principal);
Principal principal = groups.FirstOrDefault(g => g.LoginName.Equals(parsedRoleDefinition, StringComparison.OrdinalIgnoreCase));
if (principal == null)
{
if (parsedRoleDefinition.Contains("#ext#"))
{
principal = web.SiteUsers.FirstOrDefault(u => u.LoginName.Equals(parsedRoleDefinition));
if (principal == null)
{
scope.LogInfo($"Skipping external user {parsedRoleDefinition}");
}
}
else
{
try
{
principal = web.EnsureUser(parsedRoleDefinition);
web.Context.ExecuteQueryRetry();
}
catch (Exception ex)
{
scope.LogWarning(ex, "Failed to EnsureUser {0}", parsedRoleDefinition);
}
}
}
principal.EnsureProperty(p => p.Id);
return(principal);
}
public override ProvisioningTemplate ExtractObjects(Web web, ProvisioningTemplate template, ProvisioningTemplateCreationInformation creationInfo)
{
using (var scope = new PnPMonitoredScope(this.Name))
{
// if this is a sub site then we're not creating security entities as by default security is inherited from the root site
if (web.IsSubSite())
{
return(template);
}
web.Context.Load(web, w => w.HasUniqueRoleAssignments, w => w.Title);
var ownerGroup = web.AssociatedOwnerGroup;
var memberGroup = web.AssociatedMemberGroup;
var visitorGroup = web.AssociatedVisitorGroup;
web.Context.ExecuteQueryRetry();
if (!ownerGroup.ServerObjectIsNull.Value)
{
web.Context.Load(ownerGroup, o => o.Id, o => o.Users, o => o.Title);
}
if (!memberGroup.ServerObjectIsNull.Value)
{
web.Context.Load(memberGroup, o => o.Id, o => o.Users, o => o.Title);
}
if (!visitorGroup.ServerObjectIsNull.Value)
{
web.Context.Load(visitorGroup, o => o.Id, o => o.Users, o => o.Title);
}
web.Context.ExecuteQueryRetry();
List <int> associatedGroupIds = new List <int>();
var owners = new List <User>();
var members = new List <User>();
var visitors = new List <User>();
if (!ownerGroup.ServerObjectIsNull.Value)
{
associatedGroupIds.Add(ownerGroup.Id);
foreach (var member in ownerGroup.Users)
{
owners.Add(new User()
{
Name = member.LoginName
});
}
}
if (!memberGroup.ServerObjectIsNull.Value)
{
associatedGroupIds.Add(memberGroup.Id);
foreach (var member in memberGroup.Users)
{
members.Add(new User()
{
Name = member.LoginName
});
}
}
if (!visitorGroup.ServerObjectIsNull.Value)
{
associatedGroupIds.Add(visitorGroup.Id);
foreach (var member in visitorGroup.Users)
{
visitors.Add(new User()
{
Name = member.LoginName
});
}
}
var siteSecurity = new SiteSecurity();
siteSecurity.AdditionalOwners.AddRange(owners);
siteSecurity.AdditionalMembers.AddRange(members);
siteSecurity.AdditionalVisitors.AddRange(visitors);
var query = from user in web.SiteUsers
where user.IsSiteAdmin
select user;
var allUsers = web.Context.LoadQuery(query);
web.Context.ExecuteQueryRetry();
var admins = new List <User>();
foreach (var member in allUsers)
{
admins.Add(new User()
{
Name = member.LoginName
});
}
siteSecurity.AdditionalAdministrators.AddRange(admins);
if (creationInfo.IncludeSiteGroups)
{
web.Context.Load(web.SiteGroups,
o => o.IncludeWithDefaultProperties(
gr => gr.Title,
gr => gr.AllowMembersEditMembership,
gr => gr.AutoAcceptRequestToJoinLeave,
gr => gr.AllowRequestToJoinLeave,
gr => gr.Description,
gr => gr.Users.Include(u => u.LoginName),
gr => gr.OnlyAllowMembersViewMembership,
gr => gr.Owner.LoginName,
gr => gr.RequestToJoinLeaveEmailSetting
));
web.Context.ExecuteQueryRetry();
foreach (var group in web.SiteGroups.AsEnumerable().Where(o => !associatedGroupIds.Contains(o.Id)))
{
scope.LogDebug("Processing group {0}", group.Title);
var siteGroup = new SiteGroup()
{
Title = group.Title.Replace(web.Title, "{sitename}"),
AllowMembersEditMembership = group.AllowMembersEditMembership,
AutoAcceptRequestToJoinLeave = group.AutoAcceptRequestToJoinLeave,
AllowRequestToJoinLeave = group.AllowRequestToJoinLeave,
Description = group.Description,
OnlyAllowMembersViewMembership = group.OnlyAllowMembersViewMembership,
Owner = ReplaceGroupTokens(web, group.Owner.LoginName),
RequestToJoinLeaveEmailSetting = group.RequestToJoinLeaveEmailSetting
};
foreach (var member in group.Users)
{
siteGroup.Members.Add(new User()
{
Name = member.LoginName
});
}
siteSecurity.SiteGroups.Add(siteGroup);
}
}
var webRoleDefinitions = web.Context.LoadQuery(web.RoleDefinitions.Include(r => r.Name, r => r.Description, r => r.BasePermissions, r => r.RoleTypeKind));
web.Context.ExecuteQueryRetry();
if (web.HasUniqueRoleAssignments)
{
var permissionKeys = Enum.GetNames(typeof(PermissionKind));
foreach (var webRoleDefinition in webRoleDefinitions)
{
if (webRoleDefinition.RoleTypeKind == RoleType.None)
{
scope.LogDebug("Processing custom role definition {0}", webRoleDefinition.Name);
var modelRoleDefinitions = new Model.RoleDefinition();
modelRoleDefinitions.Description = webRoleDefinition.Description;
modelRoleDefinitions.Name = webRoleDefinition.Name;
var permissions = new List <PermissionKind>();
foreach (var permissionKey in permissionKeys)
{
var permissionKind = (PermissionKind)Enum.Parse(typeof(PermissionKind), permissionKey);
if (webRoleDefinition.BasePermissions.Has(permissionKind))
{
modelRoleDefinitions.Permissions.Add(permissionKind);
}
}
siteSecurity.SiteSecurityPermissions.RoleDefinitions.Add(modelRoleDefinitions);
}
else
{
scope.LogDebug("Skipping OOTB role definition {0}", webRoleDefinition.Name);
}
}
var webRoleAssignments = web.Context.LoadQuery(web.RoleAssignments.Include(
r => r.RoleDefinitionBindings.Include(
rd => rd.Name,
rd => rd.RoleTypeKind),
r => r.Member.LoginName));
web.Context.ExecuteQueryRetry();
foreach (var webRoleAssignment in webRoleAssignments)
{
if (webRoleAssignment.Member.LoginName != "Excel Services Viewers")
{
foreach (var roleDefinition in webRoleAssignment.RoleDefinitionBindings)
{
if (roleDefinition.RoleTypeKind != RoleType.Guest)
{
var modelRoleAssignment = new Model.RoleAssignment();
modelRoleAssignment.RoleDefinition = roleDefinition.Name;
modelRoleAssignment.Principal = ReplaceGroupTokens(web, webRoleAssignment.Member.LoginName);
siteSecurity.SiteSecurityPermissions.RoleAssignments.Add(modelRoleAssignment);
}
}
}
}
template.Security = siteSecurity;
}
// If a base template is specified then use that one to "cleanup" the generated template model
if (creationInfo.BaseTemplate != null)
{
template = CleanupEntities(template, creationInfo.BaseTemplate);
}
}
return(template);
}
public override ProvisioningTemplate ExtractObjects(Web web, ProvisioningTemplate template, ProvisioningTemplateCreationInformation creationInfo)
{
using (var scope = new PnPMonitoredScope(this.Name))
{
// if this is a sub site then we're not creating security entities as by default security is inherited from the root site
if (web.IsSubSite())
{
return template;
}
web.Context.Load(web, w => w.HasUniqueRoleAssignments, w => w.Title);
var ownerGroup = web.AssociatedOwnerGroup;
var memberGroup = web.AssociatedMemberGroup;
var visitorGroup = web.AssociatedVisitorGroup;
web.Context.ExecuteQueryRetry();
if (!ownerGroup.ServerObjectIsNull.Value)
{
web.Context.Load(ownerGroup, o => o.Id, o => o.Users, o => o.Title);
}
if (!memberGroup.ServerObjectIsNull.Value)
{
web.Context.Load(memberGroup, o => o.Id, o => o.Users, o => o.Title);
}
if (!visitorGroup.ServerObjectIsNull.Value)
{
web.Context.Load(visitorGroup, o => o.Id, o => o.Users, o => o.Title);
}
web.Context.ExecuteQueryRetry();
List<int> associatedGroupIds = new List<int>();
var owners = new List<User>();
var members = new List<User>();
var visitors = new List<User>();
if (!ownerGroup.ServerObjectIsNull.Value)
{
associatedGroupIds.Add(ownerGroup.Id);
foreach (var member in ownerGroup.Users)
{
owners.Add(new User() { Name = member.LoginName });
}
}
if (!memberGroup.ServerObjectIsNull.Value)
{
associatedGroupIds.Add(memberGroup.Id);
foreach (var member in memberGroup.Users)
{
members.Add(new User() { Name = member.LoginName });
}
}
if (!visitorGroup.ServerObjectIsNull.Value)
{
associatedGroupIds.Add(visitorGroup.Id);
foreach (var member in visitorGroup.Users)
{
visitors.Add(new User() { Name = member.LoginName });
}
}
var siteSecurity = new SiteSecurity();
siteSecurity.AdditionalOwners.AddRange(owners);
siteSecurity.AdditionalMembers.AddRange(members);
siteSecurity.AdditionalVisitors.AddRange(visitors);
var query = from user in web.SiteUsers
where user.IsSiteAdmin
select user;
var allUsers = web.Context.LoadQuery(query);
web.Context.ExecuteQueryRetry();
var admins = new List<User>();
foreach (var member in allUsers)
{
admins.Add(new User() { Name = member.LoginName });
}
siteSecurity.AdditionalAdministrators.AddRange(admins);
if (creationInfo.IncludeSiteGroups)
{
web.Context.Load(web.SiteGroups,
o => o.IncludeWithDefaultProperties(
gr => gr.Title,
gr => gr.AllowMembersEditMembership,
gr => gr.AutoAcceptRequestToJoinLeave,
gr => gr.AllowRequestToJoinLeave,
gr => gr.Description,
gr => gr.Users.Include(u => u.LoginName),
gr => gr.OnlyAllowMembersViewMembership,
gr => gr.Owner.LoginName,
gr => gr.RequestToJoinLeaveEmailSetting
));
web.Context.ExecuteQueryRetry();
foreach (var group in web.SiteGroups.AsEnumerable().Where(o => !associatedGroupIds.Contains(o.Id)))
{
scope.LogDebug("Processing group {0}", group.Title);
var siteGroup = new SiteGroup()
{
Title = group.Title.Replace(web.Title, "{sitename}"),
AllowMembersEditMembership = group.AllowMembersEditMembership,
AutoAcceptRequestToJoinLeave = group.AutoAcceptRequestToJoinLeave,
AllowRequestToJoinLeave = group.AllowRequestToJoinLeave,
Description = group.Description,
OnlyAllowMembersViewMembership = group.OnlyAllowMembersViewMembership,
Owner = ReplaceGroupTokens(web, group.Owner.LoginName),
RequestToJoinLeaveEmailSetting = group.RequestToJoinLeaveEmailSetting
};
foreach (var member in group.Users)
{
siteGroup.Members.Add(new User() { Name = member.LoginName });
}
siteSecurity.SiteGroups.Add(siteGroup);
}
}
var webRoleDefinitions = web.Context.LoadQuery(web.RoleDefinitions.Include(r => r.Name, r => r.Description, r => r.BasePermissions, r => r.RoleTypeKind));
web.Context.ExecuteQueryRetry();
if (web.HasUniqueRoleAssignments)
{
var permissionKeys = Enum.GetNames(typeof(PermissionKind));
foreach (var webRoleDefinition in webRoleDefinitions)
{
if (webRoleDefinition.RoleTypeKind == RoleType.None)
{
scope.LogDebug("Processing custom role definition {0}", webRoleDefinition.Name);
var modelRoleDefinitions = new Model.RoleDefinition();
modelRoleDefinitions.Description = webRoleDefinition.Description;
modelRoleDefinitions.Name = webRoleDefinition.Name;
var permissions = new List<PermissionKind>();
foreach (var permissionKey in permissionKeys)
{
var permissionKind = (PermissionKind)Enum.Parse(typeof(PermissionKind), permissionKey);
if (webRoleDefinition.BasePermissions.Has(permissionKind))
{
modelRoleDefinitions.Permissions.Add(permissionKind);
}
}
siteSecurity.SiteSecurityPermissions.RoleDefinitions.Add(modelRoleDefinitions);
}
else
{
scope.LogDebug("Skipping OOTB role definition {0}", webRoleDefinition.Name);
}
}
var webRoleAssignments = web.Context.LoadQuery(web.RoleAssignments.Include(
r => r.RoleDefinitionBindings.Include(
rd => rd.Name,
rd => rd.RoleTypeKind),
r => r.Member.LoginName));
web.Context.ExecuteQueryRetry();
foreach (var webRoleAssignment in webRoleAssignments)
{
if (webRoleAssignment.Member.LoginName != "Excel Services Viewers")
{
foreach (var roleDefinition in webRoleAssignment.RoleDefinitionBindings)
{
if (roleDefinition.RoleTypeKind != RoleType.Guest)
{
var modelRoleAssignment = new Model.RoleAssignment();
modelRoleAssignment.RoleDefinition = roleDefinition.Name;
modelRoleAssignment.Principal = ReplaceGroupTokens(web, webRoleAssignment.Member.LoginName);
siteSecurity.SiteSecurityPermissions.RoleAssignments.Add(modelRoleAssignment);
}
}
}
}
template.Security = siteSecurity;
}
// If a base template is specified then use that one to "cleanup" the generated template model
if (creationInfo.BaseTemplate != null)
{
template = CleanupEntities(template, creationInfo.BaseTemplate);
}
}
return template;
}
private static Principal GetPrincipal(Web web, TokenParser parser, PnPMonitoredScope scope, IEnumerable <Group> groups, Model.RoleAssignment roleAssignment)
{
var parsedRoleDefinition = parser.ParseString(roleAssignment.Principal);
Principal principal = groups.FirstOrDefault(g => g.LoginName.Equals(parsedRoleDefinition, StringComparison.OrdinalIgnoreCase));
if (principal == null)
{
try
{
principal = web.EnsureUser(parsedRoleDefinition);
web.Context.Load(principal, p => p.Id);
web.Context.ExecuteQueryRetry();
}
catch (Exception ex)
{
scope.LogWarning(ex, "Failed to EnsureUser {0}", parsedRoleDefinition);
}
}
return(principal);
}
