public static void DeleteRoleDefinition(this RoleDefinitionCollection roleDefinitions, int id)
{
RoleDefinition roleDefinition = roleDefinitions.GetById(id);
roleDefinition.DeleteObject();
roleDefinitions.Context.ExecuteQuery();
}
/// <summary>
/// Assigns permissions to users on the specified list item.
/// </summary>
/// <param name="clientcontext">Client context object</param>
/// <param name="listName">Site pages library</param>
/// <param name="users">List of users</param>
/// <param name="permission">Permission to grant</param>
/// <param name="listItemId">Unique list item Id for permissions assignment</param>
/// <returns>Status of permission assignment</returns>
internal static string AssignUserPermissionsToItem(ClientContext clientcontext, string listName, List <string> users, string permission, int listItemId)
{
{
string returnvalue = "false";
try
{
List <string> permissions = new List <string>();
permissions.Add(permission);
Web web = clientcontext.Web;
clientcontext.Load(web.RoleDefinitions);
ListItem listItem = web.Lists.GetByTitle(listName).GetItemById(listItemId);
clientcontext.Load(listItem, item => item.HasUniqueRoleAssignments);
clientcontext.ExecuteQuery();
if (listItem.HasUniqueRoleAssignments)
{
if (null != permissions && null != users) //matter.permissions=read/limited access/contribute/ full control/ view only
{
foreach (string rolename in permissions)
{
try
{
RoleDefinitionCollection roleDefinitions = clientcontext.Web.RoleDefinitions;
RoleDefinition role = (from roleDef in roleDefinitions
where roleDef.Name == rolename
select roleDef).First();
foreach (string user in users)
{
//get the user object
Principal userprincipal = clientcontext.Web.EnsureUser(user);
//create the role definition binding collection
RoleDefinitionBindingCollection roledefinitionbindingcollection = new RoleDefinitionBindingCollection(clientcontext);
//add the role definition to the collection
roledefinitionbindingcollection.Add(role);
//create a role assignment with the user and role definition
listItem.RoleAssignments.Add(userprincipal, roledefinitionbindingcollection);
}
//execute the query to add everything
clientcontext.ExecuteQuery();
}
catch (Exception exception)
{
MatterProvisionHelperFunction.DisplayAndLogError(errorFilePath, "Message: " + exception.Message + "\nStacktrace: " + exception.StackTrace);
throw; // Check
}
}
}
// success. return a success code
returnvalue = "true";
}
}
catch (Exception exception)
{
MatterProvisionHelperFunction.DisplayAndLogError(errorFilePath, string.Format(CultureInfo.InvariantCulture, ConfigurationManager.AppSettings["ErrorMessage"], "assigning Permission"));
MatterProvisionHelperFunction.DisplayAndLogError(errorFilePath, "Message: " + exception.Message + "\nStacktrace: " + exception.StackTrace);
throw;
}
return(returnvalue);
}
}
public static void DeleteRoleDefinition(this RoleDefinitionCollection roleDefinitions, string name)
{
RoleDefinition roleDefinition = roleDefinitions.GetByName(name);
roleDefinition.DeleteObject();
roleDefinitions.Context.ExecuteQuery();
}
public static RoleDefinition CreateRoleDefinition(this RoleDefinitionCollection roleDefinitions, RoleDefinitionCreationInformation roleDefCreateInfo)
{
RoleDefinition roleDefinition = roleDefinitions.Add(roleDefCreateInfo);
roleDefinitions.Context.Load(roleDefinition);
roleDefinitions.Context.ExecuteQuery();
return(roleDefinition);
}
/// <summary>
/// Get permissions of specified permission level
/// </summary>
/// <param name="clientContext">Client context</param>
/// <param name="permissionLevelName">Name of permission level</param>
/// <returns>RoleDefinition object that represents specified permission level</returns>
private static RoleDefinition GetPermissionLevel(ClientContext clientContext, string permissionLevelName)
{
RoleDefinitionCollection roleDefCollection = clientContext.Web.RoleDefinitions;
clientContext.Load(roleDefCollection, item => item);
clientContext.ExecuteQuery();
RoleDefinition matterCenterContribute = roleDefCollection.Where(item => item.Name == permissionLevelName).FirstOrDefault();
return(matterCenterContribute);
}
/// <summary>
/// Returns all names of given RoleDefinitions as HashSet.
/// </summary>
/// <param name="roleDefinitions">RoleDefinitions to read the names</param>
/// <returns>names of RoleDefinitions</returns>
internal static HashSet <string> ReadNames(this RoleDefinitionCollection roleDefinitions)
{
HashSet <string> names = new HashSet <string>();
foreach (var roleDefinition in roleDefinitions)
{
names.Add(roleDefinition.Name);
}
return(names);
}
private RoleDefinition FindRoleDefinition(RoleDefinitionCollection roleDefinitions, string roleDefinitionName)
{
foreach (var roleDefinition in roleDefinitions)
{
if (string.Compare(roleDefinition.Name, roleDefinitionName, true) == 0)
{
return(roleDefinition);
}
}
return(null);
}
public static RoleDefinition CreateRoleDefinition(this RoleDefinitionCollection roleDefinitions, BasePermissions permissions, string name, string description, int order)
{
RoleDefinitionCreationInformation roleDefCreateInfo = new RoleDefinitionCreationInformation
{
BasePermissions = permissions,
Name = name,
Description = description,
Order = order
};
return(roleDefinitions.CreateRoleDefinition(roleDefCreateInfo));
}
private HashSet <string> GetRoleDefinitions(Web web)
{
RoleDefinitionCollection roleDefinitions = web.RoleDefinitions;
ClientContext.Load(roleDefinitions);
ClientContext.ExecuteQueryRetry();
var hashSet = new HashSet <string>(StringComparer.OrdinalIgnoreCase);
foreach (var roleDef in roleDefinitions)
{
hashSet.Add(roleDef.Name);
}
return(hashSet);
}
protected RoleDefinition FindRoleDefinition(RoleDefinitionCollection roleDefinitions, string roleDefinitionName)
{
TraceService.VerboseFormat((int)LogEventId.ModelProvisionCoreCall, "Resolving view by Name: [{0}]", roleDefinitionName);
foreach (var roleDefinition in roleDefinitions)
{
if (string.Compare(roleDefinition.Name, roleDefinitionName, true) == 0)
{
return(roleDefinition);
}
}
return(null);
}
/// <summary>
/// Imports the new RoleDefinitions.
/// </summary>
/// <exception cref="ElementsMigrationException">If migration fails</exception>
private void ImportNewRoleDefinitions()
{
Console.WriteLine("import new RoleDefinitions...");
Logger.AddMessage("import new RoleDefinitions...");
RoleDefinitionCollection sourceRoleDefinitionCollection = this.GetAllRollDefinitions(SourceClientContext);
RoleDefinitionCollection targetRoleDefinitionCollection = this.GetAllRollDefinitions(TargetClientContext);
HashSet <string> targetRoleDefinitionNames = targetRoleDefinitionCollection.ReadNames();
foreach (var sourceRoleDefinition in sourceRoleDefinitionCollection)
{
if (!targetRoleDefinitionNames.Contains(sourceRoleDefinition.Name))
{
Console.WriteLine("import roleDefinition '{0}'", sourceRoleDefinition.Name);
Logger.AddMessage("import RoleDefinition '" + sourceRoleDefinition.Name + "'");
RoleDefinitionCreationInformation creationObject = new RoleDefinitionCreationInformation();
creationObject.BasePermissions = sourceRoleDefinition.BasePermissions;
creationObject.Description = sourceRoleDefinition.Description;
creationObject.Name = sourceRoleDefinition.Name;
creationObject.Order = sourceRoleDefinition.Order;
RoleDefinition targetRoleDefinition = targetRoleDefinitionCollection.Add(creationObject);
try
{
targetRoleDefinition.Tag = sourceRoleDefinition.Tag;
}
catch (PropertyOrFieldNotInitializedException)
{
}
}
else
{
Console.WriteLine("don't have to import '{0}'", sourceRoleDefinition.Name);
Logger.AddMessage("don't have to import '" + sourceRoleDefinition.Name + "'");
}
}
try
{
TargetClientContext.ExecuteQuery();
}
catch (Exception e)
{
Console.WriteLine("Exception during importing new RoleDefinition.", e);
Logger.AddMessage("Exception during importing new RoleDefinition. Error = " + e.Message);
throw new ElementsMigrationException("Exception during importing new RoleDefinition.", e);
}
}
/// <summary>
/// Returns all RoleDefinition of given SharePoint.
/// </summary>
/// <param name="clientContext">ClientContext of SharePoint</param>
/// <returns>RoleDefinitions of given SharePoint</returns>
/// <exception cref="ElementsMigrationException">If RoleDefinitions could not be fetched</exception>
private RoleDefinitionCollection GetAllRollDefinitions(ClientContext clientContext)
{
Web web = clientContext.Web;
RoleDefinitionCollection roleDefinitions = web.RoleDefinitions;
try
{
clientContext.Load(roleDefinitions);
clientContext.ExecuteQuery();
}
catch (Exception e)
{
Console.WriteLine("Exception during fetching the RoleDefinitons.", e);
Logger.AddMessage("Exception during fetching the RoleDefinitons. Error = " + e.Message);
throw new ElementsMigrationException("Exception during fetching the RoleDefinitons.", e);
}
return(roleDefinitions);
}
/// <summary>
/// Updates user permission
/// </summary>
/// <param name="clientcontext">Client context</param>
/// <param name="matterName">Matter name</param>
/// <param name="users">Users object</param>
/// <param name="list">List object</param>
/// <param name="rolename">Role name</param>
private static void UpdateUserPermission(ClientContext clientcontext, string matterName, List <string> users, List list, string rolename)
{
try
{
RoleDefinitionCollection roleDefinitions = clientcontext.Web.RoleDefinitions;
RoleDefinition role = (from roleDef in roleDefinitions
where roleDef.Name == rolename
select roleDef).First();
foreach (string user in users)
{
//get the user object
Principal userprincipal = clientcontext.Web.EnsureUser(user);
//create the role definition binding collection
RoleDefinitionBindingCollection roledefinitionbindingcollection = new RoleDefinitionBindingCollection(clientcontext);
//add the role definition to the collection
roledefinitionbindingcollection.Add(role);
//create a role assignment with the user and role definition
list.RoleAssignments.Add(userprincipal, roledefinitionbindingcollection);
}
//execute the query to add everything
clientcontext.ExecuteQuery();
}
// SharePoint specific exception
catch (ClientRequestException clientRequestException)
{
Utility.DisplayAndLogError(Utility.ErrorFilePath, "Message: " + clientRequestException.Message + "Matter name: " + matterName + "\nStacktrace: " + clientRequestException.StackTrace);
throw;
}
// SharePoint specific exception
catch (ServerException serverException)
{
Utility.DisplayAndLogError(Utility.ErrorFilePath, "Message: " + serverException.Message + "Matter name: " + matterName + "\nStacktrace: " + serverException.StackTrace);
throw;
}
}
/// <summary>
/// Constructor for SiteSecurityPermissions class
/// </summary>
public SiteSecurityPermissions()
{
this._roleDefinitions = new RoleDefinitionCollection(this.ParentTemplate);
this._roleAssignments = new RoleAssignmentCollection(this.ParentTemplate);
}
/// <summary>
/// Assigns permission to group
/// </summary>
/// <param name="clientcontext">Client Context</param>
/// <param name="matterCenterGroup">Group for which permission is to be assigned</param>
/// <param name="list">List at which permission is to be assigned</param>
/// <param name="listName">Name of the list</param>
/// <param name="isCustomPermission">Custom permission flag</param>
/// <returns>Status of operation</returns>
private static bool AssignPermission(ClientContext clientcontext, Group matterCenterGroup, List list, string listName, bool isCustomPermission)
{
string errorFilePath = Directory.GetParent(Directory.GetCurrentDirectory()) + "/" + "ErrorLog.txt";
bool result = false;
try
{
if (null != clientcontext && null != list && null != matterCenterGroup)
{
// first breaking permissions
Console.WriteLine("Breaking Permissions for " + listName + " list...");
if (!list.HasUniqueRoleAssignments)
{
list.BreakRoleInheritance(true, true);
list.Update();
clientcontext.Load(list);
clientcontext.ExecuteQuery();
}
//// assigning permissions
Principal principal = matterCenterGroup;
RoleDefinition role = null;
int permission = Convert.ToInt32(ConfigurationManager.AppSettings["Permission"], CultureInfo.InvariantCulture);
permission = isCustomPermission ? 3 : permission;
switch (permission)
{
case 0:
role = clientcontext.Web.RoleDefinitions.GetByType(RoleType.Contributor);
break;
case 1:
role = clientcontext.Web.RoleDefinitions.GetByType(RoleType.Administrator);
break;
case 3:
string permissionLevel = ConfigurationManager.AppSettings["MatterCenterContributePermission"];
RoleDefinitionCollection roles = clientcontext.Web.RoleDefinitions;
clientcontext.Load(roles);
clientcontext.ExecuteQuery();
role = roles.Where(item => item.Name == permissionLevel).FirstOrDefault();
break;
case 2:
default:
role = clientcontext.Web.RoleDefinitions.GetByType(RoleType.Reader);
break;
}
RoleDefinitionBindingCollection grpRole = new RoleDefinitionBindingCollection(clientcontext);
if (null != role)
{
grpRole.Add(role);
}
list.RoleAssignments.Add(principal, grpRole);
list.Update();
clientcontext.ExecuteQuery();
result = true;
}
}
catch (Exception exception)
{
result = false;
ErrorLogger.LogErrorToTextFile(errorFilePath, "Message: " + exception.Message + "\nStacktrace: " + exception.StackTrace);
}
return(result);
}
public static async Task <HttpResponseMessage> Run([HttpTrigger(AuthorizationLevel.Anonymous, "post", Route = "AddExternalUser")] HttpRequestMessage req, TraceWriter log)
{
try
{
// Gets data from request body.
log.Info("Starting...");
dynamic data = await req.Content.ReadAsAsync <object>();
string siteUrl = data.SiteUrl;
string currentEmail = data.CurrentUser_EmailAddress;
string groupName = data.GroupName;
log.Info(siteUrl);
log.Info(currentEmail);
log.Info(groupName);
if (String.IsNullOrEmpty(siteUrl) || String.IsNullOrEmpty(currentEmail))
{
return(req.CreateResponse(HttpStatusCode.BadRequest, "Please pass parametes site URL and Email Address in request body!"));
}
// Fetches client id and client secret from app settings.
string clientId = Environment.GetEnvironmentVariable("ClientId", EnvironmentVariableTarget.Process);
string clientSecret = Environment.GetEnvironmentVariable("ClientSecret", EnvironmentVariableTarget.Process);
string urlAdminSite = Environment.GetEnvironmentVariable("UrlAdminSite", EnvironmentVariableTarget.Process);
// Obtains client context using the client id and client secret.
//var ctx = new OfficeDevPnP.Core.AuthenticationManager().GetAppOnlyAuthenticatedContext(urlAdminSite, clientId, clientSecret);
//Tenant tenant = new Tenant(ctx);
//SiteProperties siteProps = tenant.GetSitePropertiesByUrl(siteUrl, true);
//log.Info("a");
//ctx.Load(siteProps);
//log.Info("after tenant:" + siteUrl);
//ctx.ExecuteQuery();
//log.Info("after line " + siteUrl);
var newctx = new OfficeDevPnP.Core.AuthenticationManager().GetAppOnlyAuthenticatedContext(siteUrl, clientId, clientSecret);
Site site = newctx.Site;
Web web = site.RootWeb;
log.Info("get web");
Group group = null;
RoleDefinitionCollection permissionLevels = web.RoleDefinitions;
log.Info("permissionLevels");
newctx.Load(web);
newctx.Load(web.SiteGroups);
newctx.Load(permissionLevels);
log.Info("execute query");
newctx.ExecuteQuery();
log.Info("after newctx");
//if (CheckUserDomainFrom(siteProps, currentEmail))
//{
// If group doesn't exist in web, add it
if (!GroupExistsInWebSite(web, groupName))
{
if (groupName == "SCJ External Contribute")
{
//var permissionLevelExist = permissionLevels.Select(p => p.Name == "SCJ External Contribute").Count();
// Create Custom Permission Level
//if (permissionLevelExist!=0)
CreateContributePermissionLevel(web);
// Create new Group
group = AddGroup(web, groupName);
// Add Custom Pemission Level to Group
web.AddPermissionLevelToGroup(groupName, "SCJ External Contribute", true);
}
if (groupName == "SCJ External Read")
{
// Create Custom Permission Level
CreateReadPermissionLevel(web);
// Create new Group
group = AddGroup(web, groupName);
// Add Custom Pemission Level to Group
web.AddPermissionLevelToGroup(groupName, "SCJ External Read", true);
}
}
else // Just Add the user to group
{
group = web.SiteGroups.GetByName(groupName);
}
newctx.ExecuteQuery();
return(req.CreateResponse(HttpStatusCode.OK, true));
//}
// return req.CreateResponse(HttpStatusCode.OK, false);
}
catch (Exception e)
{
return(req.CreateResponse(HttpStatusCode.InternalServerError, e.Message));
}
}
protected RoleDefinition FindRoleDefinition(RoleDefinitionCollection roleDefinitions, string roleDefinitionName)
{
TraceService.VerboseFormat((int)LogEventId.ModelProvisionCoreCall, "Resolving view by Name: [{0}]", roleDefinitionName);
foreach (var roleDefinition in roleDefinitions)
if (string.Compare(roleDefinition.Name, roleDefinitionName, true) == 0)
return roleDefinition;
return null;
}
public SiteSecurityPermissions()
{
this._roleDefinitions = new RoleDefinitionCollection(this.ParentTemplate);
this._roleAssignments = new RoleAssignmentCollection(this.ParentTemplate);
}
protected RoleDefinition FindRoleDefinition(RoleDefinitionCollection roleDefinitions, string roleDefinitionName)
{
foreach (var roleDefinition in roleDefinitions)
if (string.Compare(roleDefinition.Name, roleDefinitionName, true) == 0)
return roleDefinition;
return null;
}
