private void ProcessRoleInheritance(object modelHost, SecurableObject securableObject, BreakRoleInheritanceDefinition breakRoleInheritanceModel) { var context = securableObject.Context; InvokeOnModelEvent(this, new ModelEventArgs { CurrentModelNode = null, Model = null, EventType = ModelEventType.OnProvisioning, Object = securableObject, ObjectType = typeof(SecurableObject), ObjectDefinition = breakRoleInheritanceModel, ModelHost = modelHost }); //context.Load(securableObject); //context.ExecuteQueryWithTrace(); if (!securableObject.IsPropertyAvailable("HasUniqueRoleAssignments")) { context.Load(securableObject, s => s.HasUniqueRoleAssignments); context.ExecuteQueryWithTrace(); } if (!securableObject.HasUniqueRoleAssignments) { TraceService.VerboseFormat((int)LogEventId.ModelProvisionCoreCall, "HasUniqueRoleAssignments is FALSE. Breaking role inheritance with CopyRoleAssignments: [{0}] and ClearSubscopes: [{1}]", new object[] { breakRoleInheritanceModel.CopyRoleAssignments, breakRoleInheritanceModel.ClearSubscopes }); securableObject.BreakRoleInheritance(breakRoleInheritanceModel.CopyRoleAssignments, breakRoleInheritanceModel.ClearSubscopes); context.ExecuteQueryWithTrace(); } if (breakRoleInheritanceModel.ForceClearSubscopes) { TraceService.Verbose((int)LogEventId.ModelProvisionCoreCall, "ForceClearSubscopes is TRUE. Removing all role assignments."); context.Load(securableObject.RoleAssignments); context.ExecuteQueryWithTrace(); while (securableObject.RoleAssignments.Count > 0) securableObject.RoleAssignments[0].DeleteObject(); } InvokeOnModelEvent(this, new ModelEventArgs { CurrentModelNode = null, Model = null, EventType = ModelEventType.OnProvisioned, Object = securableObject, ObjectType = typeof(SecurableObject), ObjectDefinition = breakRoleInheritanceModel, ModelHost = modelHost }); }
public static void SetSecurity(this SecurableObject securable, TokenParser parser, ObjectSecurity security) { //using (var scope = new PnPMonitoredScope("Set Security")) //{ var context = securable.Context as ClientContext; var groups = context.LoadQuery(context.Web.SiteGroups.Include(g => g.LoginName)); var webRoleDefinitions = context.LoadQuery(context.Web.RoleDefinitions); context.ExecuteQueryRetry(); securable.BreakRoleInheritance(security.CopyRoleAssignments, security.ClearSubscopes); foreach (var roleAssignment in security.RoleAssignments) { Principal principal = groups.FirstOrDefault(g => g.LoginName == parser.ParseString(roleAssignment.Principal)); if (principal == null) { principal = context.Web.EnsureUser(roleAssignment.Principal); } var roleDefinitionBindingCollection = new RoleDefinitionBindingCollection(context); var roleDefinition = webRoleDefinitions.FirstOrDefault(r => r.Name == roleAssignment.RoleDefinition); if (roleDefinition != null) { roleDefinitionBindingCollection.Add(roleDefinition); } securable.RoleAssignments.Add(principal, roleDefinitionBindingCollection); } context.ExecuteQueryRetry(); //} }
private void SetInheritance(SecurableObject objectToSecure, SecureObjectCreator definition) { if (definition.BreakInheritance) { objectToSecure.BreakRoleInheritance(definition.CopyExisting, definition.ResetChildPermissions); } }
private void ProcessRoleInheritance(object modelHost, SecurableObject securableObject, BreakRoleInheritanceDefinition breakRoleInheritanceModel) { var context = securableObject.Context; InvokeOnModelEvent(this, new ModelEventArgs { CurrentModelNode = null, Model = null, EventType = ModelEventType.OnProvisioning, Object = securableObject, ObjectType = typeof(SecurableObject), ObjectDefinition = breakRoleInheritanceModel, ModelHost = modelHost }); if (!securableObject.IsObjectPropertyInstantiated("HasUniqueRoleAssignments")) { context.Load(securableObject, s => s.HasUniqueRoleAssignments); context.ExecuteQueryWithTrace(); } if (!securableObject.HasUniqueRoleAssignments) { TraceService.VerboseFormat((int)LogEventId.ModelProvisionCoreCall, "HasUniqueRoleAssignments is FALSE. Breaking role inheritance with CopyRoleAssignments: [{0}] and ClearSubscopes: [{1}]", new object[] { breakRoleInheritanceModel.CopyRoleAssignments, breakRoleInheritanceModel.ClearSubscopes }); securableObject.BreakRoleInheritance(breakRoleInheritanceModel.CopyRoleAssignments, breakRoleInheritanceModel.ClearSubscopes); context.ExecuteQueryWithTrace(); } if (breakRoleInheritanceModel.ForceClearSubscopes) { TraceService.Verbose((int)LogEventId.ModelProvisionCoreCall, "ForceClearSubscopes is TRUE. Removing all role assignments."); context.Load(securableObject.RoleAssignments); context.ExecuteQueryWithTrace(); while (securableObject.RoleAssignments.Count > 0) { securableObject.RoleAssignments[0].DeleteObject(); } } InvokeOnModelEvent(this, new ModelEventArgs { CurrentModelNode = null, Model = null, EventType = ModelEventType.OnProvisioned, Object = securableObject, ObjectType = typeof(SecurableObject), ObjectDefinition = breakRoleInheritanceModel, ModelHost = modelHost }); }
public void BreakRoleInheritance(bool copyRoleAssignments, object clearSubscopes) { if (clearSubscopes == Undefined.Value || clearSubscopes == Null.Value || clearSubscopes == null) { SecurableObject.BreakRoleInheritance(copyRoleAssignments); } else { SecurableObject.BreakRoleInheritance(copyRoleAssignments, TypeConverter.ToBoolean(clearSubscopes)); } }
private void AddPrincipal(SPPrincipal principal, SPRoleDefinition roleDefinition) { var roleAssignment = new SPRoleAssignment(principal); roleAssignment.RoleDefinitionBindings.Add(roleDefinition); if (!SecurableObject.HasUniqueRoleAssignments) { SecurableObject.BreakRoleInheritance(true, false); } SecurableObject.RoleAssignments.Add(roleAssignment); }
public static void SetSecurity(this SecurableObject securable, TokenParser parser, ObjectSecurity security, ProvisioningMessagesDelegate MessageDelegate) { // If there's no role assignments we're returning if (security.RoleAssignments.Count == 0) { return; } var context = securable.Context as ClientContext; var groups = context.LoadQuery(context.Web.SiteGroups.Include(g => g.LoginName, g => g.Id)); var webRoleDefinitions = context.LoadQuery(context.Web.RoleDefinitions); securable.BreakRoleInheritance(security.CopyRoleAssignments, security.ClearSubscopes); var securableRoleAssignments = context.LoadQuery(securable.RoleAssignments); context.ExecuteQueryRetry(); IEnumerable <Model.RoleAssignment> roleAssignmentsToHandle = security.RoleAssignments; // try to apply the security in two steps: step one assumes all principals from the template exist and can be granted permission at once try { // note that this step fails if there is one principal that doesn't exist ApplySecurity(securable, parser, context, groups, webRoleDefinitions, securableRoleAssignments, roleAssignmentsToHandle); context.ExecuteQueryRetry(); } catch (ServerException ex) { // catch user not found; enter step 2: check each and every principal for existence before granting security for those that exist if (ex.ServerErrorCode == -2146232832 && ex.ServerErrorTypeName.Equals("Microsoft.SharePoint.SPException", StringComparison.InvariantCultureIgnoreCase)) { roleAssignmentsToHandle = CheckForAndRemoveNonExistingPrincipals(roleAssignmentsToHandle, parser, groups, context, MessageDelegate); ApplySecurity(securable, parser, context, groups, webRoleDefinitions, securableRoleAssignments, roleAssignmentsToHandle); // if it fails this time we just let it fail context.ExecuteQueryRetry(); } } }
public static void SetSecurity(this SecurableObject securable, TokenParser parser, ObjectSecurity security) { // If there's no role assignments we're returning if (security.RoleAssignments.Count == 0) { return; } var context = securable.Context as ClientContext; var groups = context.LoadQuery(context.Web.SiteGroups.Include(g => g.LoginName)); var webRoleDefinitions = context.LoadQuery(context.Web.RoleDefinitions); var securableRoleAssignments = context.LoadQuery(securable.RoleAssignments); context.ExecuteQueryRetry(); securable.BreakRoleInheritance(security.CopyRoleAssignments, security.ClearSubscopes); foreach (var roleAssignment in security.RoleAssignments) { if (!roleAssignment.Remove) { var roleAssignmentPrincipal = parser.ParseString(roleAssignment.Principal); Principal principal = groups.FirstOrDefault(g => g.LoginName == roleAssignmentPrincipal); if (principal == null) { principal = context.Web.EnsureUser(roleAssignmentPrincipal); } if (principal != null) { var roleDefinitionBindingCollection = new RoleDefinitionBindingCollection(context); var roleAssignmentRoleDefinition = parser.ParseString(roleAssignment.RoleDefinition); var roleDefinition = webRoleDefinitions.FirstOrDefault(r => r.Name == roleAssignmentRoleDefinition); if (roleDefinition != null) { roleDefinitionBindingCollection.Add(roleDefinition); securable.RoleAssignments.Add(principal, roleDefinitionBindingCollection); } } } else { var roleAssignmentPrincipal = parser.ParseString(roleAssignment.Principal); Principal principal = groups.FirstOrDefault(g => g.LoginName == roleAssignmentPrincipal); if (principal == null) { principal = context.Web.EnsureUser(roleAssignmentPrincipal); } principal.EnsureProperty(p => p.Id); if (principal != null) { var assignmentsForPrincipal = securableRoleAssignments.Where(t => t.PrincipalId == principal.Id); foreach (var assignmentForPrincipal in assignmentsForPrincipal) { var roleAssignmentRoleDefinition = parser.ParseString(roleAssignment.RoleDefinition); var binding = assignmentForPrincipal.EnsureProperty(r => r.RoleDefinitionBindings).FirstOrDefault(b => b.Name == roleAssignmentRoleDefinition); if (binding != null) { assignmentForPrincipal.DeleteObject(); context.ExecuteQueryRetry(); break; } } } } } context.ExecuteQueryRetry(); }