public static ModelNode AddBreakRoleInheritance(this ModelNode model, BreakRoleInheritanceDefinition definition, Action <ModelNode> action) { return(model.AddDefinitionNode(definition, action)); }
private void ProcessRoleInheritance(object modelHost, SPSecurableObject securableObject, BreakRoleInheritanceDefinition breakRoleInheritanceModel) { InvokeOnModelEvent(this, new ModelEventArgs { CurrentModelNode = null, Model = null, EventType = ModelEventType.OnProvisioning, Object = securableObject, ObjectType = typeof(SPSecurableObject), ObjectDefinition = breakRoleInheritanceModel, ModelHost = modelHost }); if (!securableObject.HasUniqueRoleAssignments) { TraceService.VerboseFormat((int)LogEventId.ModelProvisionCoreCall, "HasUniqueRoleAssignments is FALSE. Breaking role inheritance with CopyRoleAssignments: [{0}] and ClearSubscopes: [{1}]", new object[] { breakRoleInheritanceModel.CopyRoleAssignments, breakRoleInheritanceModel.ClearSubscopes }); securableObject.BreakRoleInheritance(breakRoleInheritanceModel.CopyRoleAssignments, breakRoleInheritanceModel.ClearSubscopes); } if (breakRoleInheritanceModel.ForceClearSubscopes) { TraceService.Verbose((int)LogEventId.ModelProvisionCoreCall, "ForceClearSubscopes is TRUE. Removing all role assignments."); while (securableObject.RoleAssignments.Count > 0) { securableObject.RoleAssignments.Remove(0); } } InvokeOnModelEvent(this, new ModelEventArgs { CurrentModelNode = null, Model = null, EventType = ModelEventType.OnProvisioned, Object = securableObject, ObjectType = typeof(SPSecurableObject), ObjectDefinition = breakRoleInheritanceModel, ModelHost = modelHost }); }
public void CanDeploySimpleBreakRoleInheritance_OnWeb() { var privateProjectWebDef = new WebDefinition { Title = "Private project", Url = "private-project", WebTemplate = BuiltInWebTemplates.Collaboration.TeamSite }; var privateProjectWebBreakRoleInheritance = new BreakRoleInheritanceDefinition { CopyRoleAssignments = false }; var privateSecurityGroupMembers = new SecurityGroupDefinition { Name = "Private Project Group Members" }; var privateSecurityGroupViewers = new SecurityGroupDefinition { Name = "Private Project Group Viewers" }; // site model with the groups var siteModel = SPMeta2Model.NewSiteModel(site => { site.AddSecurityGroup(privateSecurityGroupMembers); site.AddSecurityGroup(privateSecurityGroupViewers); }); // web model var webModel = SPMeta2Model.NewWebModel(web => { web.AddWeb(privateProjectWebDef, publicProjectWeb => { publicProjectWeb.AddBreakRoleInheritance(privateProjectWebBreakRoleInheritance, privateProjectResetWeb => { // privateProjectResetWeb is your web but after breaking role inheritance // link group with roles by SecurityRoleType / SecurityRoleName // use BuiltInSecurityRoleTypes or BuiltInSecurityRoleNames // add group with contributor permission privateProjectResetWeb.AddSecurityGroupLink(privateSecurityGroupMembers, group => { group.AddSecurityRoleLink(new SecurityRoleLinkDefinition { SecurityRoleType = BuiltInSecurityRoleTypes.Contributor }); }); // add group with reader permission privateProjectResetWeb.AddSecurityGroupLink(privateSecurityGroupViewers, group => { group.AddSecurityRoleLink(new SecurityRoleLinkDefinition { SecurityRoleType = BuiltInSecurityRoleTypes.Reader }); }); }); }); }); // deploy site model with groups, and then web model with the rest DeployModel(siteModel); DeployModel(webModel); }
public static ModelNode AddBreakRoleInheritance(this ModelNode model, BreakRoleInheritanceDefinition definition) { return(AddBreakRoleInheritance(model, definition, null)); }
public void CanDeploySimpleBreakRoleInheritance_OnList() { var privateListDef = new ListDefinition { Title = "Private records", TemplateType = BuiltInListTemplateTypeId.GenericList, CustomUrl = "lists/private-records", }; var privateProjectWebBreakRoleInheritance = new BreakRoleInheritanceDefinition { CopyRoleAssignments = false }; var privateSecurityGroupMembers = new SecurityGroupDefinition { Name = "Private Project Group Members" }; var privateSecurityGroupViewers = new SecurityGroupDefinition { Name = "Private Project Group Viewers" }; // site model with the groups var siteModel = SPMeta2Model.NewSiteModel(site => { site.AddSecurityGroup(privateSecurityGroupMembers); site.AddSecurityGroup(privateSecurityGroupViewers); }); // web model var webModel = SPMeta2Model.NewWebModel(web => { web.AddList(privateListDef, publicProjectWeb => { publicProjectWeb.AddBreakRoleInheritance(privateProjectWebBreakRoleInheritance, privateResetList => { // privateResetList is your list but after breaking role inheritance // link group with roles by SecurityRoleType / SecurityRoleName // use BuiltInSecurityRoleTypes or BuiltInSecurityRoleNames // add group with contributor permission privateResetList.AddSecurityGroupLink(privateSecurityGroupMembers, group => { group.AddSecurityRoleLink(new SecurityRoleLinkDefinition { SecurityRoleType = BuiltInSecurityRoleTypes.Contributor }); }); // add group with reader permission privateResetList.AddSecurityGroupLink(privateSecurityGroupViewers, group => { group.AddSecurityRoleLink(new SecurityRoleLinkDefinition { SecurityRoleType = BuiltInSecurityRoleTypes.Reader }); }); }); }); }); // deploy site model with groups, and then web model with the rest DeployModel(siteModel); DeployModel(webModel); }
private void ProcessRoleInheritance(object modelHost, SecurableObject securableObject, BreakRoleInheritanceDefinition breakRoleInheritanceModel) { var context = securableObject.Context; InvokeOnModelEvent(this, new ModelEventArgs { CurrentModelNode = null, Model = null, EventType = ModelEventType.OnProvisioning, Object = securableObject, ObjectType = typeof(SecurableObject), ObjectDefinition = breakRoleInheritanceModel, ModelHost = modelHost }); if (!securableObject.IsObjectPropertyInstantiated("HasUniqueRoleAssignments")) { context.Load(securableObject, s => s.HasUniqueRoleAssignments); context.ExecuteQueryWithTrace(); } if (!securableObject.HasUniqueRoleAssignments) { TraceService.VerboseFormat((int)LogEventId.ModelProvisionCoreCall, "HasUniqueRoleAssignments is FALSE. Breaking role inheritance with CopyRoleAssignments: [{0}] and ClearSubscopes: [{1}]", new object[] { breakRoleInheritanceModel.CopyRoleAssignments, breakRoleInheritanceModel.ClearSubscopes }); securableObject.BreakRoleInheritance(breakRoleInheritanceModel.CopyRoleAssignments, breakRoleInheritanceModel.ClearSubscopes); context.ExecuteQueryWithTrace(); } if (breakRoleInheritanceModel.ForceClearSubscopes) { TraceService.Verbose((int)LogEventId.ModelProvisionCoreCall, "ForceClearSubscopes is TRUE. Removing all role assignments."); context.Load(securableObject.RoleAssignments); context.ExecuteQueryWithTrace(); while (securableObject.RoleAssignments.Count > 0) { securableObject.RoleAssignments[0].DeleteObject(); } } InvokeOnModelEvent(this, new ModelEventArgs { CurrentModelNode = null, Model = null, EventType = ModelEventType.OnProvisioned, Object = securableObject, ObjectType = typeof(SecurableObject), ObjectDefinition = breakRoleInheritanceModel, ModelHost = modelHost }); }
public static TModelNode AddBreakRoleInheritance <TModelNode>(this TModelNode model, BreakRoleInheritanceDefinition definition, Action <TModelNode> action) where TModelNode : ModelNode, ISecurableObjectHostModelNode, new() { return(model.AddTypedDefinitionNode(definition, action)); }
public static TModelNode AddBreakRoleInheritance <TModelNode>(this TModelNode model, BreakRoleInheritanceDefinition definition) where TModelNode : ModelNode, ISecurableObjectHostModelNode, new() { return(AddBreakRoleInheritance(model, definition, null)); }
private static void CreateOrUpdateSubSite(SPSite spSite, string siteName, int itemId, SPFieldUserValue director, SPFieldUserValueCollection members) { const string securityGroupNameFormat = "{0} - {1}"; string siteUrl = "user-web-" + itemId; var newWebDef = new WebDefinition { Title = siteName, Description = "", Url = siteUrl, WebTemplate = BuiltInWebTemplates.Collaboration.TeamSite }; var newWebBreakRoleInheritance = new BreakRoleInheritanceDefinition { CopyRoleAssignments = false }; var ownersGroup = new SecurityGroupDefinition { Name = string.Format(securityGroupNameFormat, siteName, Constants.SecurityGroups.OfficeOwners), Owner = director.LoginName }; var membersGroup = new SecurityGroupDefinition { Name = string.Format(securityGroupNameFormat, siteName, Constants.SecurityGroups.OfficeMembers), Owner = director.LoginName }; var visitorsGroup = new SecurityGroupDefinition { Name = string.Format(securityGroupNameFormat, siteName, Constants.SecurityGroups.OfficeVisitors), Owner = director.LoginName }; // site model with the groups var siteModel = SPMeta2Model.NewSiteModel(site => { site.AddSecurityGroup(ownersGroup); site.AddSecurityGroup(membersGroup); site.AddSecurityGroup(visitorsGroup); }); // web model var webModel = SPMeta2Model.NewWebModel(web => { web.AddWeb(newWebDef, publicProjectWeb => { publicProjectWeb.AddBreakRoleInheritance(newWebBreakRoleInheritance, newResetWeb => { // add group with owner permission newResetWeb.AddSecurityGroupLink(ownersGroup, group => { group.AddSecurityRoleLink(new SecurityRoleLinkDefinition { SecurityRoleType = BuiltInSecurityRoleTypes.Administrator }); }); // add group with contributor permission newResetWeb.AddSecurityGroupLink(membersGroup, group => { group.AddSecurityRoleLink(new SecurityRoleLinkDefinition { SecurityRoleType = BuiltInSecurityRoleTypes.Contributor }); }); // add group with reader permission newResetWeb.AddSecurityGroupLink(visitorsGroup, group => { group.AddSecurityRoleLink(new SecurityRoleLinkDefinition { SecurityRoleType = BuiltInSecurityRoleTypes.Reader }); }); }); }); }); var csomProvisionService = new SSOMProvisionService(); csomProvisionService.DeploySiteModel(spSite, siteModel); csomProvisionService.DeployWebModel(spSite.RootWeb, webModel); SPWeb existWeb = spSite.AllWebs.SingleOrDefault(w => w.Url.Contains(siteUrl)); if (existWeb == null) { return; } // add users to members group SPGroup spOwnerGroup = existWeb.SiteGroups.Cast <SPGroup>().FirstOrDefault(siteGroup => siteGroup.Name == string.Format(securityGroupNameFormat, siteName, Constants.SecurityGroups.OfficeOwners)); if (spOwnerGroup != null) { spOwnerGroup.AddUser(director.User); } SPGroup spMembersGroup = existWeb.SiteGroups.Cast <SPGroup>().FirstOrDefault(siteGroup => siteGroup.Name == string.Format(securityGroupNameFormat, siteName, Constants.SecurityGroups.OfficeMembers)); if (spMembersGroup != null) { foreach (SPFieldUserValue member in members) { spMembersGroup.AddUser(member.User); } } }