public static void ApplyPermissions(ClientContext clientContext, Web web)
{
clientContext.Load(web, w => w.Url);
clientContext.ExecuteQuery();
string webVisitor = String.Format("{0}s", VisitorName);
// check to see if group has already been created and assigned to this sub-site
int groupId = -1;
try
{
groupId = web.GetGroupID(webVisitor);
}
catch
{
}
if (groupId != -1)
{
return;
}
Console.WriteLine("Applying custom permissions to {0}", web.Url);
web.AddGroup(webVisitor, VisitorName, true);
web.AddPermissionLevelToGroup(webVisitor, VisitorName);
string webContributor = String.Format("{0} {1}s", web.Title, ContentContributorName);
web.AddGroup(webContributor, ContentContributorName, true);
web.AddPermissionLevelToGroup(webContributor, ContentContributorName);
string webManager = String.Format("{0} {1}s", web.Title, ContentManagerName);
web.AddGroup(webManager, ContentManagerName, true);
web.AddPermissionLevelToGroup(webManager, ContentManagerName);
web.Update();
clientContext.ExecuteQuery();
}
public override TokenParser ProvisionObjects(Web web, ProvisioningTemplate template, TokenParser parser, ProvisioningTemplateApplyingInformation applyingInformation)
{
using (var scope = new PnPMonitoredScope(this.Name))
{
// Changed by Paolo Pialorsi to embrace the new sub-site attributes to break role inheritance and copy role assignments
// if this is a sub site then we're not provisioning security as by default security is inherited from the root site
//if (web.IsSubSite() && !template.Security.BreakRoleInheritance)
//{
// scope.LogDebug(CoreResources.Provisioning_ObjectHandlers_SiteSecurity_Context_web_is_subweb__skipping_site_security_provisioning);
// return parser;
//}
if (web.IsSubSite() && template.Security.BreakRoleInheritance)
{
web.BreakRoleInheritance(template.Security.CopyRoleAssignments, template.Security.ClearSubscopes);
web.Update();
web.Context.ExecuteQueryRetry();
}
var siteSecurity = template.Security;
var ownerGroup = web.AssociatedOwnerGroup;
var memberGroup = web.AssociatedMemberGroup;
var visitorGroup = web.AssociatedVisitorGroup;
web.Context.Load(ownerGroup, o => o.Title, o => o.Users);
web.Context.Load(memberGroup, o => o.Title, o => o.Users);
web.Context.Load(visitorGroup, o => o.Title, o => o.Users);
web.Context.Load(web.SiteUsers);
web.Context.ExecuteQueryRetry();
if (!ownerGroup.ServerObjectIsNull())
{
AddUserToGroup(web, ownerGroup, siteSecurity.AdditionalOwners, scope, parser);
}
if (!memberGroup.ServerObjectIsNull())
{
AddUserToGroup(web, memberGroup, siteSecurity.AdditionalMembers, scope, parser);
}
if (!visitorGroup.ServerObjectIsNull())
{
AddUserToGroup(web, visitorGroup, siteSecurity.AdditionalVisitors, scope, parser);
}
foreach (var siteGroup in siteSecurity.SiteGroups
.Sort <SiteGroup>(
_grp => {
string groupOwner = _grp.Owner;
if (string.IsNullOrWhiteSpace(groupOwner) ||
"SHAREPOINT\\system".Equals(groupOwner, StringComparison.OrdinalIgnoreCase) ||
_grp.Title.Equals(groupOwner, StringComparison.OrdinalIgnoreCase) ||
(groupOwner.StartsWith("{{associated") && groupOwner.EndsWith("group}}")))
{
return(Enumerable.Empty <SiteGroup>());
}
return(siteSecurity.SiteGroups.Where(_item => _item.Title.Equals(groupOwner, StringComparison.OrdinalIgnoreCase)));
}
))
{
Group group;
var allGroups = web.Context.LoadQuery(web.SiteGroups.Include(gr => gr.LoginName));
web.Context.ExecuteQueryRetry();
string parsedGroupTitle = parser.ParseString(siteGroup.Title);
string parsedGroupOwner = parser.ParseString(siteGroup.Owner);
string parsedGroupDescription = parser.ParseString(siteGroup.Description);
if (!web.GroupExists(parsedGroupTitle))
{
scope.LogDebug("Creating group {0}", parsedGroupTitle);
group = web.AddGroup(
parsedGroupTitle,
//If the description is more than 512 characters long a server exception will be thrown.
PnPHttpUtility.ConvertSimpleHtmlToText(parsedGroupDescription, int.MaxValue),
parsedGroupTitle == parsedGroupOwner);
group.AllowMembersEditMembership = siteGroup.AllowMembersEditMembership;
group.AllowRequestToJoinLeave = siteGroup.AllowRequestToJoinLeave;
group.AutoAcceptRequestToJoinLeave = siteGroup.AutoAcceptRequestToJoinLeave;
group.OnlyAllowMembersViewMembership = siteGroup.OnlyAllowMembersViewMembership;
group.RequestToJoinLeaveEmailSetting = siteGroup.RequestToJoinLeaveEmailSetting;
if (parsedGroupTitle != parsedGroupOwner)
{
Principal ownerPrincipal = allGroups.FirstOrDefault(gr => gr.LoginName.Equals(parsedGroupOwner, StringComparison.OrdinalIgnoreCase));
if (ownerPrincipal == null)
{
ownerPrincipal = web.EnsureUser(parsedGroupOwner);
}
group.Owner = ownerPrincipal;
}
group.Update();
web.Context.Load(group, g => g.Id, g => g.Title);
web.Context.ExecuteQueryRetry();
parser.AddToken(new GroupIdToken(web, group.Title, group.Id));
var groupItem = web.SiteUserInfoList.GetItemById(group.Id);
groupItem["Notes"] = parsedGroupDescription;
groupItem.Update();
web.Context.ExecuteQueryRetry();
}
else
{
group = web.SiteGroups.GetByName(parsedGroupTitle);
web.Context.Load(group,
g => g.Id,
g => g.Title,
g => g.Description,
g => g.AllowMembersEditMembership,
g => g.AllowRequestToJoinLeave,
g => g.AutoAcceptRequestToJoinLeave,
g => g.OnlyAllowMembersViewMembership,
g => g.RequestToJoinLeaveEmailSetting,
g => g.Owner.LoginName);
web.Context.ExecuteQueryRetry();
var groupNeedsUpdate = false;
var executeQuery = false;
if (!String.IsNullOrEmpty(parsedGroupDescription))
{
var groupItem = web.SiteUserInfoList.GetItemById(group.Id);
web.Context.Load(groupItem, g => g["Notes"]);
web.Context.ExecuteQueryRetry();
var description = groupItem["Notes"]?.ToString();
if (description != parsedGroupDescription)
{
groupItem["Notes"] = parsedGroupDescription;
groupItem.Update();
executeQuery = true;
}
var plainTextDescription = PnPHttpUtility.ConvertSimpleHtmlToText(parsedGroupDescription, int.MaxValue);
if (group.Description != plainTextDescription)
{
//If the description is more than 512 characters long a server exception will be thrown.
group.Description = plainTextDescription;
groupNeedsUpdate = true;
}
}
if (group.AllowMembersEditMembership != siteGroup.AllowMembersEditMembership)
{
group.AllowMembersEditMembership = siteGroup.AllowMembersEditMembership;
groupNeedsUpdate = true;
}
if (group.AllowRequestToJoinLeave != siteGroup.AllowRequestToJoinLeave)
{
group.AllowRequestToJoinLeave = siteGroup.AllowRequestToJoinLeave;
groupNeedsUpdate = true;
}
if (group.AutoAcceptRequestToJoinLeave != siteGroup.AutoAcceptRequestToJoinLeave)
{
group.AutoAcceptRequestToJoinLeave = siteGroup.AutoAcceptRequestToJoinLeave;
groupNeedsUpdate = true;
}
if (group.OnlyAllowMembersViewMembership != siteGroup.OnlyAllowMembersViewMembership)
{
group.OnlyAllowMembersViewMembership = siteGroup.OnlyAllowMembersViewMembership;
groupNeedsUpdate = true;
}
if (!String.IsNullOrEmpty(group.RequestToJoinLeaveEmailSetting) && group.RequestToJoinLeaveEmailSetting != siteGroup.RequestToJoinLeaveEmailSetting)
{
group.RequestToJoinLeaveEmailSetting = siteGroup.RequestToJoinLeaveEmailSetting;
groupNeedsUpdate = true;
}
if (group.Owner.LoginName != parsedGroupOwner)
{
if (parsedGroupTitle != parsedGroupOwner)
{
Principal ownerPrincipal = allGroups.FirstOrDefault(gr => gr.LoginName.Equals(parsedGroupOwner, StringComparison.OrdinalIgnoreCase));
if (ownerPrincipal == null)
{
ownerPrincipal = web.EnsureUser(parsedGroupOwner);
}
group.Owner = ownerPrincipal;
}
else
{
group.Owner = group;
}
groupNeedsUpdate = true;
}
if (groupNeedsUpdate)
{
scope.LogDebug("Updating existing group {0}", group.Title);
group.Update();
executeQuery = true;
}
if (executeQuery)
{
web.Context.ExecuteQueryRetry();
}
}
if (group != null && siteGroup.Members.Any())
{
AddUserToGroup(web, group, siteGroup.Members, scope, parser);
}
}
foreach (var admin in siteSecurity.AdditionalAdministrators)
{
var parsedAdminName = parser.ParseString(admin.Name);
try
{
var user = web.EnsureUser(parsedAdminName);
user.IsSiteAdmin = true;
user.Update();
web.Context.ExecuteQueryRetry();
}
catch (Exception ex)
{
scope.LogWarning(ex, "Failed to add AdditionalAdministrator {0}", parsedAdminName);
}
}
// With the change from october, manage permission levels on subsites as well
if (siteSecurity.SiteSecurityPermissions != null)
{
var existingRoleDefinitions = web.Context.LoadQuery(web.RoleDefinitions.Include(wr => wr.Name, wr => wr.BasePermissions, wr => wr.Description));
web.Context.ExecuteQueryRetry();
if (siteSecurity.SiteSecurityPermissions.RoleDefinitions.Any())
{
foreach (var templateRoleDefinition in siteSecurity.SiteSecurityPermissions.RoleDefinitions)
{
var roleDefinitions = existingRoleDefinitions as RoleDefinition[] ?? existingRoleDefinitions.ToArray();
var parsedRoleDefinitionName = parser.ParseString(templateRoleDefinition.Name);
var parsedTemplateRoleDefinitionDesc = parser.ParseString(templateRoleDefinition.Description);
var siteRoleDefinition = roleDefinitions.FirstOrDefault(erd => erd.Name == parsedRoleDefinitionName);
if (siteRoleDefinition == null)
{
scope.LogDebug("Creating role definition {0}", parsedRoleDefinitionName);
var roleDefinitionCI = new RoleDefinitionCreationInformation();
roleDefinitionCI.Name = parsedRoleDefinitionName;
roleDefinitionCI.Description = parsedTemplateRoleDefinitionDesc;
BasePermissions basePermissions = new BasePermissions();
foreach (var permission in templateRoleDefinition.Permissions)
{
basePermissions.Set(permission);
}
roleDefinitionCI.BasePermissions = basePermissions;
var newRoleDefinition = web.RoleDefinitions.Add(roleDefinitionCI);
web.Context.Load(newRoleDefinition, nrd => nrd.Name, nrd => nrd.Id);
web.Context.ExecuteQueryRetry();
parser.AddToken(new RoleDefinitionIdToken(web, newRoleDefinition.Name, newRoleDefinition.Id));
}
else
{
var isDirty = false;
if (siteRoleDefinition.Description != parsedTemplateRoleDefinitionDesc)
{
siteRoleDefinition.Description = parsedTemplateRoleDefinitionDesc;
isDirty = true;
}
var templateBasePermissions = new BasePermissions();
templateRoleDefinition.Permissions.ForEach(p => templateBasePermissions.Set(p));
if (siteRoleDefinition.BasePermissions != templateBasePermissions)
{
isDirty = true;
foreach (var permission in templateRoleDefinition.Permissions)
{
siteRoleDefinition.BasePermissions.Set(permission);
}
}
if (isDirty)
{
scope.LogDebug("Updating role definition {0}", parsedRoleDefinitionName);
siteRoleDefinition.Update();
web.Context.ExecuteQueryRetry();
}
}
}
}
var webRoleDefinitions = web.Context.LoadQuery(web.RoleDefinitions);
var webRoleAssignments = web.Context.LoadQuery(web.RoleAssignments);
var groups = web.Context.LoadQuery(web.SiteGroups.Include(g => g.LoginName));
web.Context.ExecuteQueryRetry();
if (siteSecurity.SiteSecurityPermissions.RoleAssignments.Any())
{
foreach (var roleAssignment in siteSecurity.SiteSecurityPermissions.RoleAssignments)
{
var parsedRoleDefinition = parser.ParseString(roleAssignment.RoleDefinition);
if (!roleAssignment.Remove)
{
var roleDefinition = webRoleDefinitions.FirstOrDefault(r => r.Name == parsedRoleDefinition);
if (roleDefinition != null)
{
Principal principal = GetPrincipal(web, parser, scope, groups, roleAssignment);
if (principal != null)
{
var roleDefinitionBindingCollection = new RoleDefinitionBindingCollection(web.Context);
roleDefinitionBindingCollection.Add(roleDefinition);
web.RoleAssignments.Add(principal, roleDefinitionBindingCollection);
web.Context.ExecuteQueryRetry();
}
}
else
{
scope.LogWarning("Role assignment {0} not found in web", roleAssignment.RoleDefinition);
}
}
else
{
var principal = GetPrincipal(web, parser, scope, groups, roleAssignment);
var assignmentsForPrincipal = webRoleAssignments.Where(t => t.PrincipalId == principal.Id);
foreach (var assignmentForPrincipal in assignmentsForPrincipal)
{
var binding = assignmentForPrincipal.EnsureProperty(r => r.RoleDefinitionBindings).FirstOrDefault(b => b.Name == parsedRoleDefinition);
if (binding != null)
{
assignmentForPrincipal.DeleteObject();
web.Context.ExecuteQueryRetry();
break;
}
}
}
}
}
}
}
return(parser);
}
public override TokenParser ProvisionObjects(Web web, ProvisioningTemplate template, TokenParser parser, ProvisioningTemplateApplyingInformation applyingInformation)
{
using (var scope = new PnPMonitoredScope(this.Name))
{
// if this is a sub site then we're not provisioning security as by default security is inherited from the root site
if (web.IsSubSite())
{
scope.LogDebug(CoreResources.Provisioning_ObjectHandlers_SiteSecurity_Context_web_is_subweb__skipping_site_security_provisioning);
return parser;
}
var siteSecurity = template.Security;
var ownerGroup = web.AssociatedOwnerGroup;
var memberGroup = web.AssociatedMemberGroup;
var visitorGroup = web.AssociatedVisitorGroup;
web.Context.Load(ownerGroup, o => o.Title, o => o.Users);
web.Context.Load(memberGroup, o => o.Title, o => o.Users);
web.Context.Load(visitorGroup, o => o.Title, o => o.Users);
web.Context.ExecuteQueryRetry();
if (!ownerGroup.ServerObjectIsNull.Value)
{
AddUserToGroup(web, ownerGroup, siteSecurity.AdditionalOwners, scope);
}
if (!memberGroup.ServerObjectIsNull.Value)
{
AddUserToGroup(web, memberGroup, siteSecurity.AdditionalMembers, scope);
}
if (!visitorGroup.ServerObjectIsNull.Value)
{
AddUserToGroup(web, visitorGroup, siteSecurity.AdditionalVisitors, scope);
}
foreach (var siteGroup in siteSecurity.SiteGroups)
{
Group group = null;
var allGroups = web.Context.LoadQuery(web.SiteGroups.Include(gr => gr.LoginName));
web.Context.ExecuteQueryRetry();
if (!web.GroupExists(siteGroup.Title))
{
scope.LogDebug("Creating group {0}", siteGroup.Title);
group = web.AddGroup(
parser.ParseString(siteGroup.Title),
parser.ParseString(siteGroup.Description),
parser.ParseString(siteGroup.Title) == parser.ParseString(siteGroup.Owner));
group.AllowMembersEditMembership = siteGroup.AllowMembersEditMembership;
group.AllowRequestToJoinLeave = siteGroup.AllowRequestToJoinLeave;
group.AutoAcceptRequestToJoinLeave = siteGroup.AutoAcceptRequestToJoinLeave;
if (parser.ParseString(siteGroup.Title) != parser.ParseString(siteGroup.Owner))
{
Principal ownerPrincipal = allGroups.FirstOrDefault(gr => gr.LoginName == parser.ParseString(siteGroup.Owner));
if (ownerPrincipal == null)
{
ownerPrincipal = web.EnsureUser(parser.ParseString(siteGroup.Owner));
}
group.Owner = ownerPrincipal;
}
group.Update();
web.Context.ExecuteQueryRetry();
}
else
{
group = web.SiteGroups.GetByName(parser.ParseString(siteGroup.Title));
web.Context.Load(group,
g => g.Title,
g => g.Description,
g => g.AllowMembersEditMembership,
g => g.AllowRequestToJoinLeave,
g => g.AutoAcceptRequestToJoinLeave,
g => g.Owner.LoginName);
web.Context.ExecuteQueryRetry();
var isDirty = false;
if (group.Description != parser.ParseString(siteGroup.Description))
{
group.Description = parser.ParseString(siteGroup.Description);
isDirty = true;
}
if (group.AllowMembersEditMembership != siteGroup.AllowMembersEditMembership)
{
group.AllowMembersEditMembership = siteGroup.AllowMembersEditMembership;
isDirty = true;
}
if (group.AllowRequestToJoinLeave != siteGroup.AllowRequestToJoinLeave)
{
group.AllowRequestToJoinLeave = siteGroup.AllowRequestToJoinLeave;
isDirty = true;
}
if (group.AutoAcceptRequestToJoinLeave != siteGroup.AutoAcceptRequestToJoinLeave)
{
group.AutoAcceptRequestToJoinLeave = siteGroup.AutoAcceptRequestToJoinLeave;
isDirty = true;
}
if (group.Owner.LoginName != parser.ParseString(siteGroup.Owner))
{
if (parser.ParseString(siteGroup.Title) != parser.ParseString(siteGroup.Owner))
{
Principal ownerPrincipal = allGroups.FirstOrDefault(gr => gr.LoginName == parser.ParseString(siteGroup.Owner));
if (ownerPrincipal == null)
{
ownerPrincipal = web.EnsureUser(parser.ParseString(siteGroup.Owner));
}
group.Owner = ownerPrincipal;
}
else
{
group.Owner = group;
}
isDirty = true;
}
if (isDirty)
{
scope.LogDebug("Updating existing group {0}", group.Title);
group.Update();
web.Context.ExecuteQueryRetry();
}
}
if (group != null && siteGroup.Members.Any())
{
AddUserToGroup(web, group, siteGroup.Members, scope);
}
}
foreach (var admin in siteSecurity.AdditionalAdministrators)
{
var user = web.EnsureUser(admin.Name);
user.IsSiteAdmin = true;
user.Update();
web.Context.ExecuteQueryRetry();
}
if (siteSecurity.SiteSecurityPermissions != null)
{
var existingRoleDefinitions = web.Context.LoadQuery(web.RoleDefinitions.Include(wr => wr.Name, wr => wr.BasePermissions, wr => wr.Description));
web.Context.ExecuteQueryRetry();
if (siteSecurity.SiteSecurityPermissions.RoleDefinitions.Any())
{
foreach (var templateRoleDefinition in siteSecurity.SiteSecurityPermissions.RoleDefinitions)
{
var siteRoleDefinition = existingRoleDefinitions.FirstOrDefault(erd => erd.Name == parser.ParseString(templateRoleDefinition.Name));
if (siteRoleDefinition == null)
{
scope.LogDebug("Creation role definition {0}", parser.ParseString(templateRoleDefinition.Name));
var roleDefinitionCI = new RoleDefinitionCreationInformation();
roleDefinitionCI.Name = parser.ParseString(templateRoleDefinition.Name);
roleDefinitionCI.Description = parser.ParseString(templateRoleDefinition.Description);
BasePermissions basePermissions = new BasePermissions();
foreach (var permission in templateRoleDefinition.Permissions)
{
basePermissions.Set(permission);
}
roleDefinitionCI.BasePermissions = basePermissions;
web.RoleDefinitions.Add(roleDefinitionCI);
web.Context.ExecuteQueryRetry();
}
else
{
var isDirty = false;
if (siteRoleDefinition.Description != parser.ParseString(templateRoleDefinition.Description))
{
siteRoleDefinition.Description = parser.ParseString(templateRoleDefinition.Description);
isDirty = true;
}
var templateBasePermissions = new BasePermissions();
templateRoleDefinition.Permissions.ForEach(p => templateBasePermissions.Set(p));
if (siteRoleDefinition.BasePermissions != templateBasePermissions)
{
isDirty = true;
foreach (var permission in templateRoleDefinition.Permissions)
{
siteRoleDefinition.BasePermissions.Set(permission);
}
}
if (isDirty)
{
scope.LogDebug("Updating role definition {0}", parser.ParseString(templateRoleDefinition.Name));
siteRoleDefinition.Update();
web.Context.ExecuteQueryRetry();
}
}
}
}
var webRoleDefinitions = web.Context.LoadQuery(web.RoleDefinitions);
var groups = web.Context.LoadQuery(web.SiteGroups.Include(g => g.LoginName));
web.Context.ExecuteQueryRetry();
if (siteSecurity.SiteSecurityPermissions.RoleAssignments.Any())
{
foreach (var roleAssignment in siteSecurity.SiteSecurityPermissions.RoleAssignments)
{
Principal principal = groups.FirstOrDefault(g => g.LoginName == parser.ParseString(roleAssignment.Principal));
if (principal == null)
{
principal = web.EnsureUser(parser.ParseString(roleAssignment.Principal));
}
var roleDefinitionBindingCollection = new RoleDefinitionBindingCollection(web.Context);
var roleDefinition = webRoleDefinitions.FirstOrDefault(r => r.Name == roleAssignment.RoleDefinition);
if (roleDefinition != null)
{
roleDefinitionBindingCollection.Add(roleDefinition);
}
web.RoleAssignments.Add(principal, roleDefinitionBindingCollection);
web.Context.ExecuteQueryRetry();
}
}
}
}
return parser;
}
public override TokenParser ProvisionObjects(Web web, ProvisioningTemplate template, TokenParser parser, ProvisioningTemplateApplyingInformation applyingInformation)
{
using (var scope = new PnPMonitoredScope(this.Name))
{
// if this is a sub site then we're not provisioning security as by default security is inherited from the root site
if (web.IsSubSite())
{
scope.LogDebug(CoreResources.Provisioning_ObjectHandlers_SiteSecurity_Context_web_is_subweb__skipping_site_security_provisioning);
return(parser);
}
var siteSecurity = template.Security;
var ownerGroup = web.AssociatedOwnerGroup;
var memberGroup = web.AssociatedMemberGroup;
var visitorGroup = web.AssociatedVisitorGroup;
web.Context.Load(ownerGroup, o => o.Title, o => o.Users);
web.Context.Load(memberGroup, o => o.Title, o => o.Users);
web.Context.Load(visitorGroup, o => o.Title, o => o.Users);
web.Context.ExecuteQueryRetry();
if (!ownerGroup.ServerObjectIsNull.Value)
{
AddUserToGroup(web, ownerGroup, siteSecurity.AdditionalOwners, scope);
}
if (!memberGroup.ServerObjectIsNull.Value)
{
AddUserToGroup(web, memberGroup, siteSecurity.AdditionalMembers, scope);
}
if (!visitorGroup.ServerObjectIsNull.Value)
{
AddUserToGroup(web, visitorGroup, siteSecurity.AdditionalVisitors, scope);
}
foreach (var siteGroup in siteSecurity.SiteGroups)
{
Group group = null;
var allGroups = web.Context.LoadQuery(web.SiteGroups.Include(gr => gr.LoginName));
web.Context.ExecuteQueryRetry();
if (!web.GroupExists(siteGroup.Title))
{
scope.LogDebug("Creating group {0}", siteGroup.Title);
group = web.AddGroup(
parser.ParseString(siteGroup.Title),
parser.ParseString(siteGroup.Description),
parser.ParseString(siteGroup.Title) == parser.ParseString(siteGroup.Owner));
group.AllowMembersEditMembership = siteGroup.AllowMembersEditMembership;
group.AllowRequestToJoinLeave = siteGroup.AllowRequestToJoinLeave;
group.AutoAcceptRequestToJoinLeave = siteGroup.AutoAcceptRequestToJoinLeave;
if (parser.ParseString(siteGroup.Title) != parser.ParseString(siteGroup.Owner))
{
Principal ownerPrincipal = allGroups.FirstOrDefault(gr => gr.LoginName == parser.ParseString(siteGroup.Owner));
if (ownerPrincipal == null)
{
ownerPrincipal = web.EnsureUser(parser.ParseString(siteGroup.Owner));
}
group.Owner = ownerPrincipal;
}
group.Update();
web.Context.ExecuteQueryRetry();
}
else
{
group = web.SiteGroups.GetByName(parser.ParseString(siteGroup.Title));
web.Context.Load(group,
g => g.Title,
g => g.Description,
g => g.AllowMembersEditMembership,
g => g.AllowRequestToJoinLeave,
g => g.AutoAcceptRequestToJoinLeave,
g => g.Owner.LoginName);
web.Context.ExecuteQueryRetry();
var isDirty = false;
if (group.Description != parser.ParseString(siteGroup.Description))
{
group.Description = parser.ParseString(siteGroup.Description);
isDirty = true;
}
if (group.AllowMembersEditMembership != siteGroup.AllowMembersEditMembership)
{
group.AllowMembersEditMembership = siteGroup.AllowMembersEditMembership;
isDirty = true;
}
if (group.AllowRequestToJoinLeave != siteGroup.AllowRequestToJoinLeave)
{
group.AllowRequestToJoinLeave = siteGroup.AllowRequestToJoinLeave;
isDirty = true;
}
if (group.AutoAcceptRequestToJoinLeave != siteGroup.AutoAcceptRequestToJoinLeave)
{
group.AutoAcceptRequestToJoinLeave = siteGroup.AutoAcceptRequestToJoinLeave;
isDirty = true;
}
if (group.Owner.LoginName != parser.ParseString(siteGroup.Owner))
{
if (parser.ParseString(siteGroup.Title) != parser.ParseString(siteGroup.Owner))
{
Principal ownerPrincipal = allGroups.FirstOrDefault(gr => gr.LoginName == parser.ParseString(siteGroup.Owner));
if (ownerPrincipal == null)
{
ownerPrincipal = web.EnsureUser(parser.ParseString(siteGroup.Owner));
}
group.Owner = ownerPrincipal;
}
else
{
group.Owner = group;
}
isDirty = true;
}
if (isDirty)
{
scope.LogDebug("Updating existing group {0}", group.Title);
group.Update();
web.Context.ExecuteQueryRetry();
}
}
if (group != null && siteGroup.Members.Any())
{
AddUserToGroup(web, group, siteGroup.Members, scope);
}
}
foreach (var admin in siteSecurity.AdditionalAdministrators)
{
var user = web.EnsureUser(admin.Name);
user.IsSiteAdmin = true;
user.Update();
web.Context.ExecuteQueryRetry();
}
if (siteSecurity.SiteSecurityPermissions != null)
{
var existingRoleDefinitions = web.Context.LoadQuery(web.RoleDefinitions.Include(wr => wr.Name, wr => wr.BasePermissions, wr => wr.Description));
web.Context.ExecuteQueryRetry();
if (siteSecurity.SiteSecurityPermissions.RoleDefinitions.Any())
{
foreach (var templateRoleDefinition in siteSecurity.SiteSecurityPermissions.RoleDefinitions)
{
var siteRoleDefinition = existingRoleDefinitions.FirstOrDefault(erd => erd.Name == parser.ParseString(templateRoleDefinition.Name));
if (siteRoleDefinition == null)
{
scope.LogDebug("Creation role definition {0}", parser.ParseString(templateRoleDefinition.Name));
var roleDefinitionCI = new RoleDefinitionCreationInformation();
roleDefinitionCI.Name = parser.ParseString(templateRoleDefinition.Name);
roleDefinitionCI.Description = parser.ParseString(templateRoleDefinition.Description);
BasePermissions basePermissions = new BasePermissions();
foreach (var permission in templateRoleDefinition.Permissions)
{
basePermissions.Set(permission);
}
roleDefinitionCI.BasePermissions = basePermissions;
web.RoleDefinitions.Add(roleDefinitionCI);
web.Context.ExecuteQueryRetry();
}
else
{
var isDirty = false;
if (siteRoleDefinition.Description != parser.ParseString(templateRoleDefinition.Description))
{
siteRoleDefinition.Description = parser.ParseString(templateRoleDefinition.Description);
isDirty = true;
}
var templateBasePermissions = new BasePermissions();
templateRoleDefinition.Permissions.ForEach(p => templateBasePermissions.Set(p));
if (siteRoleDefinition.BasePermissions != templateBasePermissions)
{
isDirty = true;
foreach (var permission in templateRoleDefinition.Permissions)
{
siteRoleDefinition.BasePermissions.Set(permission);
}
}
if (isDirty)
{
scope.LogDebug("Updating role definition {0}", parser.ParseString(templateRoleDefinition.Name));
siteRoleDefinition.Update();
web.Context.ExecuteQueryRetry();
}
}
}
}
var webRoleDefinitions = web.Context.LoadQuery(web.RoleDefinitions);
var groups = web.Context.LoadQuery(web.SiteGroups.Include(g => g.LoginName));
web.Context.ExecuteQueryRetry();
if (siteSecurity.SiteSecurityPermissions.RoleAssignments.Any())
{
foreach (var roleAssignment in siteSecurity.SiteSecurityPermissions.RoleAssignments)
{
Principal principal = groups.FirstOrDefault(g => g.LoginName == parser.ParseString(roleAssignment.Principal));
if (principal == null)
{
principal = web.EnsureUser(parser.ParseString(roleAssignment.Principal));
}
var roleDefinitionBindingCollection = new RoleDefinitionBindingCollection(web.Context);
var roleDefinition = webRoleDefinitions.FirstOrDefault(r => r.Name == roleAssignment.RoleDefinition);
if (roleDefinition != null)
{
roleDefinitionBindingCollection.Add(roleDefinition);
}
web.RoleAssignments.Add(principal, roleDefinitionBindingCollection);
web.Context.ExecuteQueryRetry();
}
}
}
}
return(parser);
}
public override TokenParser ProvisionObjects(Web web, ProvisioningTemplate template, TokenParser parser, ProvisioningTemplateApplyingInformation applyingInformation)
{
using (var scope = new PnPMonitoredScope(this.Name))
{
// Changed by Paolo Pialorsi to embrace the new sub-site attributes to break role inheritance and copy role assignments
// if this is a sub site then we're not provisioning security as by default security is inherited from the root site
//if (web.IsSubSite() && !template.Security.BreakRoleInheritance)
//{
// scope.LogDebug(CoreResources.Provisioning_ObjectHandlers_SiteSecurity_Context_web_is_subweb__skipping_site_security_provisioning);
// return parser;
//}
if (web.IsSubSite() && template.Security.BreakRoleInheritance)
{
web.BreakRoleInheritance(template.Security.CopyRoleAssignments, template.Security.ClearSubscopes);
web.Update();
web.Context.ExecuteQueryRetry();
}
var siteSecurity = template.Security;
var ownerGroup = web.AssociatedOwnerGroup;
var memberGroup = web.AssociatedMemberGroup;
var visitorGroup = web.AssociatedVisitorGroup;
web.Context.Load(ownerGroup, o => o.Title, o => o.Users);
web.Context.Load(memberGroup, o => o.Title, o => o.Users);
web.Context.Load(visitorGroup, o => o.Title, o => o.Users);
web.Context.ExecuteQueryRetry();
if (!ownerGroup.ServerObjectIsNull())
{
AddUserToGroup(web, ownerGroup, siteSecurity.AdditionalOwners, scope, parser);
}
if (!memberGroup.ServerObjectIsNull())
{
AddUserToGroup(web, memberGroup, siteSecurity.AdditionalMembers, scope, parser);
}
if (!visitorGroup.ServerObjectIsNull())
{
AddUserToGroup(web, visitorGroup, siteSecurity.AdditionalVisitors, scope, parser);
}
foreach (var siteGroup in siteSecurity.SiteGroups)
{
Group group;
var allGroups = web.Context.LoadQuery(web.SiteGroups.Include(gr => gr.LoginName));
web.Context.ExecuteQueryRetry();
string parsedGroupTitle = parser.ParseString(siteGroup.Title);
string parsedGroupOwner = parser.ParseString(siteGroup.Owner);
string parsedGroupDescription = parser.ParseString(siteGroup.Description);
if (!web.GroupExists(parsedGroupTitle))
{
scope.LogDebug("Creating group {0}", parsedGroupTitle);
group = web.AddGroup(
parsedGroupTitle,
parsedGroupDescription,
parsedGroupTitle == parsedGroupOwner);
group.AllowMembersEditMembership = siteGroup.AllowMembersEditMembership;
group.AllowRequestToJoinLeave = siteGroup.AllowRequestToJoinLeave;
group.AutoAcceptRequestToJoinLeave = siteGroup.AutoAcceptRequestToJoinLeave;
if (parsedGroupTitle != parsedGroupOwner)
{
Principal ownerPrincipal = allGroups.FirstOrDefault(gr => gr.LoginName == parsedGroupOwner);
if (ownerPrincipal == null)
{
ownerPrincipal = web.EnsureUser(parsedGroupOwner);
}
group.Owner = ownerPrincipal;
}
group.Update();
web.Context.Load(group, g => g.Id, g => g.Title);
web.Context.ExecuteQueryRetry();
parser.AddToken(new GroupIdToken(web, group.Title, group.Id));
}
else
{
group = web.SiteGroups.GetByName(parsedGroupTitle);
web.Context.Load(group,
g => g.Title,
g => g.Description,
g => g.AllowMembersEditMembership,
g => g.AllowRequestToJoinLeave,
g => g.AutoAcceptRequestToJoinLeave,
g => g.Owner.LoginName);
web.Context.ExecuteQueryRetry();
var isDirty = false;
if (!String.IsNullOrEmpty(group.Description) && group.Description != parsedGroupDescription)
{
group.Description = parsedGroupDescription;
isDirty = true;
}
if (group.AllowMembersEditMembership != siteGroup.AllowMembersEditMembership)
{
group.AllowMembersEditMembership = siteGroup.AllowMembersEditMembership;
isDirty = true;
}
if (group.AllowRequestToJoinLeave != siteGroup.AllowRequestToJoinLeave)
{
group.AllowRequestToJoinLeave = siteGroup.AllowRequestToJoinLeave;
isDirty = true;
}
if (group.AutoAcceptRequestToJoinLeave != siteGroup.AutoAcceptRequestToJoinLeave)
{
group.AutoAcceptRequestToJoinLeave = siteGroup.AutoAcceptRequestToJoinLeave;
isDirty = true;
}
if (group.Owner.LoginName != parsedGroupOwner)
{
if (parsedGroupTitle != parsedGroupOwner)
{
Principal ownerPrincipal = allGroups.FirstOrDefault(gr => gr.LoginName == parsedGroupOwner);
if (ownerPrincipal == null)
{
ownerPrincipal = web.EnsureUser(parsedGroupOwner);
}
group.Owner = ownerPrincipal;
}
else
{
group.Owner = group;
}
isDirty = true;
}
if (isDirty)
{
scope.LogDebug("Updating existing group {0}", group.Title);
group.Update();
web.Context.ExecuteQueryRetry();
}
}
if (group != null && siteGroup.Members.Any())
{
AddUserToGroup(web, group, siteGroup.Members, scope, parser);
}
}
foreach (var admin in siteSecurity.AdditionalAdministrators)
{
var parsedAdminName = parser.ParseString(admin.Name);
var user = web.EnsureUser(parsedAdminName);
user.IsSiteAdmin = true;
user.Update();
web.Context.ExecuteQueryRetry();
}
// With the change from october, manage permission levels on subsites as well
if (siteSecurity.SiteSecurityPermissions != null)
{
var existingRoleDefinitions = web.Context.LoadQuery(web.RoleDefinitions.Include(wr => wr.Name, wr => wr.BasePermissions, wr => wr.Description));
web.Context.ExecuteQueryRetry();
if (siteSecurity.SiteSecurityPermissions.RoleDefinitions.Any())
{
foreach (var templateRoleDefinition in siteSecurity.SiteSecurityPermissions.RoleDefinitions)
{
var roleDefinitions = existingRoleDefinitions as RoleDefinition[] ?? existingRoleDefinitions.ToArray();
var siteRoleDefinition = roleDefinitions.FirstOrDefault(erd => erd.Name == parser.ParseString(templateRoleDefinition.Name));
if (siteRoleDefinition == null)
{
scope.LogDebug("Creating role definition {0}", parser.ParseString(templateRoleDefinition.Name));
var roleDefinitionCI = new RoleDefinitionCreationInformation();
roleDefinitionCI.Name = parser.ParseString(templateRoleDefinition.Name);
roleDefinitionCI.Description = parser.ParseString(templateRoleDefinition.Description);
BasePermissions basePermissions = new BasePermissions();
foreach (var permission in templateRoleDefinition.Permissions)
{
basePermissions.Set(permission);
}
roleDefinitionCI.BasePermissions = basePermissions;
web.RoleDefinitions.Add(roleDefinitionCI);
web.Context.ExecuteQueryRetry();
}
else
{
var isDirty = false;
if (siteRoleDefinition.Description != parser.ParseString(templateRoleDefinition.Description))
{
siteRoleDefinition.Description = parser.ParseString(templateRoleDefinition.Description);
isDirty = true;
}
var templateBasePermissions = new BasePermissions();
templateRoleDefinition.Permissions.ForEach(p => templateBasePermissions.Set(p));
if (siteRoleDefinition.BasePermissions != templateBasePermissions)
{
isDirty = true;
foreach (var permission in templateRoleDefinition.Permissions)
{
siteRoleDefinition.BasePermissions.Set(permission);
}
}
if (isDirty)
{
scope.LogDebug("Updating role definition {0}", parser.ParseString(templateRoleDefinition.Name));
siteRoleDefinition.Update();
web.Context.ExecuteQueryRetry();
}
}
}
}
var webRoleDefinitions = web.Context.LoadQuery(web.RoleDefinitions);
var groups = web.Context.LoadQuery(web.SiteGroups.Include(g => g.LoginName));
web.Context.ExecuteQueryRetry();
if (siteSecurity.SiteSecurityPermissions.RoleAssignments.Any())
{
foreach (var roleAssignment in siteSecurity.SiteSecurityPermissions.RoleAssignments)
{
var roleDefinition = webRoleDefinitions.FirstOrDefault(r => r.Name == parser.ParseString(roleAssignment.RoleDefinition));
if (roleDefinition != null)
{
Principal principal = groups.FirstOrDefault(g => g.LoginName == parser.ParseString(roleAssignment.Principal));
if (principal == null)
{
principal = web.EnsureUser(parser.ParseString(roleAssignment.Principal));
}
var roleDefinitionBindingCollection = new RoleDefinitionBindingCollection(web.Context);
roleDefinitionBindingCollection.Add(roleDefinition);
web.RoleAssignments.Add(principal, roleDefinitionBindingCollection);
web.Context.ExecuteQueryRetry();
}
else
{
scope.LogWarning("Role assignment {0} not found in web", roleAssignment.RoleDefinition);
}
}
}
}
}
return(parser);
}
private static Group AddGroup(Web web, string groupName)
{
var newGroup = web.AddGroup(groupName, "Permission Control - Custom Contribute Group for External User", true, true, false);
return(newGroup);
}
public override TokenParser ProvisionObjects(Web web, ProvisioningTemplate template, TokenParser parser, ProvisioningTemplateApplyingInformation applyingInformation)
{
using (var scope = new PnPMonitoredScope(this.Name))
{
// Changed by Paolo Pialorsi to embrace the new sub-site attributes to break role inheritance and copy role assignments
// if this is a sub site then we're not provisioning security as by default security is inherited from the root site
//if (web.IsSubSite() && !template.Security.BreakRoleInheritance)
//{
// scope.LogDebug(CoreResources.Provisioning_ObjectHandlers_SiteSecurity_Context_web_is_subweb__skipping_site_security_provisioning);
// return parser;
//}
if (web.IsSubSite() && template.Security.BreakRoleInheritance)
{
web.BreakRoleInheritance(template.Security.CopyRoleAssignments, template.Security.ClearSubscopes);
web.Update();
web.Context.ExecuteQueryRetry();
}
var siteSecurity = template.Security;
var ownerGroup = web.AssociatedOwnerGroup;
var memberGroup = web.AssociatedMemberGroup;
var visitorGroup = web.AssociatedVisitorGroup;
web.Context.Load(ownerGroup, o => o.Title, o => o.Users);
web.Context.Load(memberGroup, o => o.Title, o => o.Users);
web.Context.Load(visitorGroup, o => o.Title, o => o.Users);
web.Context.Load(web.SiteUsers);
web.Context.ExecuteQueryRetry();
if (!ownerGroup.ServerObjectIsNull())
{
AddUserToGroup(web, ownerGroup, siteSecurity.AdditionalOwners, scope, parser);
}
if (!memberGroup.ServerObjectIsNull())
{
AddUserToGroup(web, memberGroup, siteSecurity.AdditionalMembers, scope, parser);
}
if (!visitorGroup.ServerObjectIsNull())
{
AddUserToGroup(web, visitorGroup, siteSecurity.AdditionalVisitors, scope, parser);
}
//sorting groups with respect to possible dependency through Owner property. Groups that are owners of other groups must be processed prior owned groups.
for (int i = siteSecurity.SiteGroups.Count - 1; i >= 0; i--)
{
var currentGroup = siteSecurity.SiteGroups[i];
string currentGroupOwner = parser.ParseString(currentGroup.Owner);
string currentGroupTitle = parser.ParseString(currentGroup.Title);
if (currentGroupOwner != "SHAREPOINT\\system" && currentGroupOwner != currentGroupTitle && !(currentGroupOwner.StartsWith("{{associated") && currentGroupOwner.EndsWith("group}}")))
{
for (int j = 0; j < i; j++)
{
if (parser.ParseString(siteSecurity.SiteGroups[j].Owner) == currentGroupTitle)
{
siteSecurity.SiteGroups.RemoveAt(i);
siteSecurity.SiteGroups.Insert(j, currentGroup);
i++;
break;
}
}
}
}
foreach (var siteGroup in siteSecurity.SiteGroups)
{
Group group;
var allGroups = web.Context.LoadQuery(web.SiteGroups.Include(gr => gr.LoginName));
web.Context.ExecuteQueryRetry();
string parsedGroupTitle = parser.ParseString(siteGroup.Title);
string parsedGroupOwner = parser.ParseString(siteGroup.Owner);
string parsedGroupDescription = parser.ParseString(siteGroup.Description);
bool descriptionHasHtml = HttpUtility.HtmlEncode(parsedGroupDescription) != parsedGroupDescription;
if (!web.GroupExists(parsedGroupTitle))
{
scope.LogDebug("Creating group {0}", parsedGroupTitle);
group = web.AddGroup(
parsedGroupTitle,
parsedGroupDescription,
parsedGroupTitle == parsedGroupOwner);
group.AllowMembersEditMembership = siteGroup.AllowMembersEditMembership;
group.AllowRequestToJoinLeave = siteGroup.AllowRequestToJoinLeave;
group.AutoAcceptRequestToJoinLeave = siteGroup.AutoAcceptRequestToJoinLeave;
if (parsedGroupTitle != parsedGroupOwner)
{
Principal ownerPrincipal = allGroups.FirstOrDefault(gr => gr.LoginName == parsedGroupOwner);
if (ownerPrincipal == null)
{
ownerPrincipal = web.EnsureUser(parsedGroupOwner);
}
group.Owner = ownerPrincipal;
}
group.Update();
web.Context.Load(group, g => g.Id, g => g.Title);
web.Context.ExecuteQueryRetry();
parser.AddToken(new GroupIdToken(web, group.Title, group.Id));
if (descriptionHasHtml)
{
var groupItem = web.SiteUserInfoList.GetItemById(group.Id);
groupItem["Notes"] = parsedGroupDescription;
groupItem.Update();
web.Context.ExecuteQueryRetry();
}
}
else
{
group = web.SiteGroups.GetByName(parsedGroupTitle);
web.Context.Load(group,
g => g.Id,
g => g.Title,
g => g.Description,
g => g.AllowMembersEditMembership,
g => g.AllowRequestToJoinLeave,
g => g.AutoAcceptRequestToJoinLeave,
g => g.Owner.LoginName);
web.Context.ExecuteQueryRetry();
var isDirty = false;
if (descriptionHasHtml)
{
var groupItem = web.SiteUserInfoList.GetItemById(group.Id);
web.Context.Load(groupItem, g => g["Notes"]);
web.Context.ExecuteQueryRetry();
var description = groupItem["Notes"]?.ToString();
if (description != parsedGroupDescription)
{
groupItem["Notes"] = parsedGroupDescription;
groupItem.Update();
isDirty = true;
}
}
else
{
if (!String.IsNullOrEmpty(group.Description) && group.Description != parsedGroupDescription)
{
group.Description = parsedGroupDescription;
isDirty = true;
}
}
if (group.AllowMembersEditMembership != siteGroup.AllowMembersEditMembership)
{
group.AllowMembersEditMembership = siteGroup.AllowMembersEditMembership;
isDirty = true;
}
if (group.AllowRequestToJoinLeave != siteGroup.AllowRequestToJoinLeave)
{
group.AllowRequestToJoinLeave = siteGroup.AllowRequestToJoinLeave;
isDirty = true;
}
if (group.AutoAcceptRequestToJoinLeave != siteGroup.AutoAcceptRequestToJoinLeave)
{
group.AutoAcceptRequestToJoinLeave = siteGroup.AutoAcceptRequestToJoinLeave;
isDirty = true;
}
if (group.Owner.LoginName != parsedGroupOwner)
{
if (parsedGroupTitle != parsedGroupOwner)
{
Principal ownerPrincipal = allGroups.FirstOrDefault(gr => gr.LoginName == parsedGroupOwner);
if (ownerPrincipal == null)
{
ownerPrincipal = web.EnsureUser(parsedGroupOwner);
}
group.Owner = ownerPrincipal;
}
else
{
group.Owner = group;
}
isDirty = true;
}
if (isDirty)
{
scope.LogDebug("Updating existing group {0}", group.Title);
group.Update();
web.Context.ExecuteQueryRetry();
}
}
if (group != null && siteGroup.Members.Any())
{
AddUserToGroup(web, group, siteGroup.Members, scope, parser);
}
}
foreach (var admin in siteSecurity.AdditionalAdministrators)
{
var parsedAdminName = parser.ParseString(admin.Name);
try
{
var user = web.EnsureUser(parsedAdminName);
user.IsSiteAdmin = true;
user.Update();
web.Context.ExecuteQueryRetry();
}
catch (Exception ex)
{
scope.LogWarning(ex, "Failed to add AdditionalAdministrator {0}", parsedAdminName);
}
}
// With the change from october, manage permission levels on subsites as well
if (siteSecurity.SiteSecurityPermissions != null)
{
var existingRoleDefinitions = web.Context.LoadQuery(web.RoleDefinitions.Include(wr => wr.Name, wr => wr.BasePermissions, wr => wr.Description));
web.Context.ExecuteQueryRetry();
if (siteSecurity.SiteSecurityPermissions.RoleDefinitions.Any())
{
foreach (var templateRoleDefinition in siteSecurity.SiteSecurityPermissions.RoleDefinitions)
{
var roleDefinitions = existingRoleDefinitions as RoleDefinition[] ?? existingRoleDefinitions.ToArray();
var siteRoleDefinition = roleDefinitions.FirstOrDefault(erd => erd.Name == parser.ParseString(templateRoleDefinition.Name));
if (siteRoleDefinition == null)
{
scope.LogDebug("Creating role definition {0}", parser.ParseString(templateRoleDefinition.Name));
var roleDefinitionCI = new RoleDefinitionCreationInformation();
roleDefinitionCI.Name = parser.ParseString(templateRoleDefinition.Name);
roleDefinitionCI.Description = parser.ParseString(templateRoleDefinition.Description);
BasePermissions basePermissions = new BasePermissions();
foreach (var permission in templateRoleDefinition.Permissions)
{
basePermissions.Set(permission);
}
roleDefinitionCI.BasePermissions = basePermissions;
var newRoleDefinition = web.RoleDefinitions.Add(roleDefinitionCI);
web.Context.Load(newRoleDefinition, nrd => nrd.Name, nrd => nrd.Id);
web.Context.ExecuteQueryRetry();
parser.AddToken(new RoleDefinitionIdToken(web, newRoleDefinition.Name, newRoleDefinition.Id));
}
else
{
var isDirty = false;
if (siteRoleDefinition.Description != parser.ParseString(templateRoleDefinition.Description))
{
siteRoleDefinition.Description = parser.ParseString(templateRoleDefinition.Description);
isDirty = true;
}
var templateBasePermissions = new BasePermissions();
templateRoleDefinition.Permissions.ForEach(p => templateBasePermissions.Set(p));
if (siteRoleDefinition.BasePermissions != templateBasePermissions)
{
isDirty = true;
foreach (var permission in templateRoleDefinition.Permissions)
{
siteRoleDefinition.BasePermissions.Set(permission);
}
}
if (isDirty)
{
scope.LogDebug("Updating role definition {0}", parser.ParseString(templateRoleDefinition.Name));
siteRoleDefinition.Update();
web.Context.ExecuteQueryRetry();
}
}
}
}
var webRoleDefinitions = web.Context.LoadQuery(web.RoleDefinitions);
var webRoleAssignments = web.Context.LoadQuery(web.RoleAssignments);
var groups = web.Context.LoadQuery(web.SiteGroups.Include(g => g.LoginName));
web.Context.ExecuteQueryRetry();
if (siteSecurity.SiteSecurityPermissions.RoleAssignments.Any())
{
foreach (var roleAssignment in siteSecurity.SiteSecurityPermissions.RoleAssignments)
{
if (!roleAssignment.Remove)
{
var roleDefinition = webRoleDefinitions.FirstOrDefault(r => r.Name == parser.ParseString(roleAssignment.RoleDefinition));
if (roleDefinition != null)
{
Principal principal = GetPrincipal(web, parser, scope, groups, roleAssignment);
if (principal != null)
{
var roleDefinitionBindingCollection = new RoleDefinitionBindingCollection(web.Context);
roleDefinitionBindingCollection.Add(roleDefinition);
web.RoleAssignments.Add(principal, roleDefinitionBindingCollection);
web.Context.ExecuteQueryRetry();
}
}
else
{
scope.LogWarning("Role assignment {0} not found in web", roleAssignment.RoleDefinition);
}
}
else
{
var principal = GetPrincipal(web, parser, scope, groups, roleAssignment);
var assignmentsForPrincipal = webRoleAssignments.Where(t => t.PrincipalId == principal.Id);
foreach (var assignmentForPrincipal in assignmentsForPrincipal)
{
var binding = assignmentForPrincipal.EnsureProperty(r => r.RoleDefinitionBindings).FirstOrDefault(b => b.Name == roleAssignment.RoleDefinition);
if (binding != null)
{
assignmentForPrincipal.DeleteObject();
web.Context.ExecuteQueryRetry();
break;
}
}
}
}
}
}
}
return(parser);
}