public void Deploy_SecurityGroups()
{
// Step 1, define security groups
var customerSupport = new SecurityGroupDefinition
{
Name = "Customer support",
Description = "Customer support team."
};
var customerReviewers = new SecurityGroupDefinition
{
Name = "Customer reviewers",
Description = "Customer reviewers team."
};
// Step 2, define web model and artifact relationships - add security groups t the web
var model = SPMeta2Model
.NewSiteModel(site =>
{
site
.AddSecurityGroup(customerSupport)
.AddSecurityGroup(customerReviewers);
});
// Step 3, deploy model
DeploySiteModel(model);
}
public static ModelNode AddSecurityGroupLink(this ModelNode model, SecurityGroupDefinition definition, Action <ModelNode> action)
{
return(AddSecurityGroupLink(model, new SecurityGroupLinkDefinition
{
SecurityGroupName = definition.Name
}, action));
}
//[SampleMetadataTag(Name = BuiltInTagNames.SampleHidden)]
public void CanDeploySimpleSecurityGroupLinkDefinitionToList()
{
var auditors = new SecurityGroupDefinition
{
Name = "External Auditors",
Description = "External auditors group."
};
var auditorsList = new ListDefinition
{
Title = "Auditors documents",
TemplateType = BuiltInListTemplateTypeId.DocumentLibrary,
CustomUrl = "audit-docs"
};
// add group to the site first
var siteModel = SPMeta2Model.NewSiteModel(site =>
{
site.AddSecurityGroup(auditors);
});
// assign group to the list, via .AddSecurityGroupLink() method
var webModel = SPMeta2Model.NewWebModel(web =>
{
web.AddList(auditorsList, list =>
{
list.AddSecurityGroupLink(auditors);
});
});
DeployModel(siteModel);
DeployModel(webModel);
}
protected virtual SPUser EnsureDefaultUser(SPWeb web, SecurityGroupDefinition groupModel)
{
if (string.IsNullOrEmpty(groupModel.DefaultUser))
{
return(null);
}
else
{
return(web.EnsureUser(groupModel.DefaultUser));
}
}
public static ModelNode AddSecurityGroupLink(this ModelNode model, SecurityGroupDefinition definition, Action <ModelNode> action)
{
return(AddSecurityGroupLink(model, new SecurityGroupLinkDefinition
{
SecurityGroupName = definition.Name,
IsAssociatedMemberGroup = definition.IsAssociatedMemberGroup,
IsAssociatedOwnerGroup = definition.IsAssociatedOwnerGroup,
IsAssociatedVisitorGroup = definition.IsAssociatedVisitorsGroup
}, action));
}
protected virtual SPUser EnsureOwnerUser(SPWeb web, SecurityGroupDefinition groupModel)
{
if (string.IsNullOrEmpty(groupModel.Owner))
{
return(web.Site.Owner);
}
else
{
return(web.EnsureUser(groupModel.Owner));
}
}
public override ModelNode ReverseSingleHost(object reverseHost, ReverseOptions options)
{
var item = (reverseHost as SecurityGroupReverseHost).HostGroup;
var def = new SecurityGroupDefinition();
def.Name = item.Title;
def.Description = item.Description;
return(new SecurityGroupModelNode
{
Options = { RequireSelfProcessing = true },
Value = def
});
}
protected void AddSecurityGroupLinkWithRoleLinks <TModelNode>(TModelNode node,
SecurityGroupDefinition securityGroup)
where TModelNode : ModelNode, ISecurableObjectHostModelNode, new()
{
// we need to ensire that role links can be aded as well
// SSOM provision gives WebpartPageModelHost not supported error #654
// https://github.com/SubPointSolutions/spmeta2/issues/654
node.AddSecurityGroupLink(securityGroup, group =>
{
group
.AddSecurityRoleLink(BuiltInSecurityRoleNames.Edit)
.AddSecurityRoleLink(BuiltInSecurityRoleNames.Design)
.AddSecurityRoleLink(BuiltInSecurityRoleNames.Approve);
});
}
//[SampleMetadataTag(Name = BuiltInTagNames.SampleHidden)]
public void CanDeploySimpleSecurityGroupLinkDefinitionToWeb()
{
var auditors = new SecurityGroupDefinition
{
Name = "External Auditors",
Description = "External auditors group."
};
// add group to the site first
var siteModel = SPMeta2Model.NewSiteModel(site =>
{
site.AddSecurityGroup(auditors);
});
// assign group to the web, via .AddSecurityGroupLink() method
var webModel = SPMeta2Model.NewWebModel(web =>
{
web.AddSecurityGroupLink(auditors);
});
DeployModel(siteModel);
DeployModel(webModel);
}
//[SampleMetadataTag(Name = BuiltInTagNames.SampleHidden)]
public void CanDeploySimpleSecurityGroup()
{
var auditors = new SecurityGroupDefinition
{
Name = "External Auditors",
Description = "External auditors group."
};
var reviewers = new SecurityGroupDefinition
{
Name = "External Reviewers",
Description = "External reviewers group."
};
var model = SPMeta2Model.NewSiteModel(site =>
{
site
.AddSecurityGroup(auditors)
.AddSecurityGroup(reviewers);
});
DeployModel(model);
}
public static ModelNode AddSecurityGroup(this ModelNode model, SecurityGroupDefinition definition, Action <ModelNode> action)
{
return(model.AddDefinitionNode(definition, action));
}
public static TModelNode AddSecurityGroup <TModelNode>(this TModelNode model, SecurityGroupDefinition definition,
Action <SecurityGroupModelNode> action)
where TModelNode : ModelNode, ISecurityGroupHostModelNode, new()
{
return(model.AddTypedDefinitionNode(definition, action));
}
private static void CreateOrUpdateSubSite(SPSite spSite, string siteName, int itemId, SPFieldUserValue director, SPFieldUserValueCollection members)
{
const string securityGroupNameFormat = "{0} - {1}";
string siteUrl = "user-web-" + itemId;
var newWebDef = new WebDefinition
{
Title = siteName,
Description = "",
Url = siteUrl,
WebTemplate = BuiltInWebTemplates.Collaboration.TeamSite
};
var newWebBreakRoleInheritance = new BreakRoleInheritanceDefinition
{
CopyRoleAssignments = false
};
var ownersGroup = new SecurityGroupDefinition
{
Name = string.Format(securityGroupNameFormat, siteName, Constants.SecurityGroups.OfficeOwners),
Owner = director.LoginName
};
var membersGroup = new SecurityGroupDefinition
{
Name = string.Format(securityGroupNameFormat, siteName, Constants.SecurityGroups.OfficeMembers),
Owner = director.LoginName
};
var visitorsGroup = new SecurityGroupDefinition
{
Name = string.Format(securityGroupNameFormat, siteName, Constants.SecurityGroups.OfficeVisitors),
Owner = director.LoginName
};
// site model with the groups
var siteModel = SPMeta2Model.NewSiteModel(site =>
{
site.AddSecurityGroup(ownersGroup);
site.AddSecurityGroup(membersGroup);
site.AddSecurityGroup(visitorsGroup);
});
// web model
var webModel = SPMeta2Model.NewWebModel(web =>
{
web.AddWeb(newWebDef, publicProjectWeb =>
{
publicProjectWeb.AddBreakRoleInheritance(newWebBreakRoleInheritance, newResetWeb =>
{
// add group with owner permission
newResetWeb.AddSecurityGroupLink(ownersGroup, group =>
{
group.AddSecurityRoleLink(new SecurityRoleLinkDefinition
{
SecurityRoleType = BuiltInSecurityRoleTypes.Administrator
});
});
// add group with contributor permission
newResetWeb.AddSecurityGroupLink(membersGroup, group =>
{
group.AddSecurityRoleLink(new SecurityRoleLinkDefinition
{
SecurityRoleType = BuiltInSecurityRoleTypes.Contributor
});
});
// add group with reader permission
newResetWeb.AddSecurityGroupLink(visitorsGroup, group =>
{
group.AddSecurityRoleLink(new SecurityRoleLinkDefinition
{
SecurityRoleType = BuiltInSecurityRoleTypes.Reader
});
});
});
});
});
var csomProvisionService = new SSOMProvisionService();
csomProvisionService.DeploySiteModel(spSite, siteModel);
csomProvisionService.DeployWebModel(spSite.RootWeb, webModel);
SPWeb existWeb = spSite.AllWebs.SingleOrDefault(w => w.Url.Contains(siteUrl));
if (existWeb == null)
{
return;
}
// add users to members group
SPGroup spOwnerGroup = existWeb.SiteGroups.Cast <SPGroup>().FirstOrDefault(siteGroup => siteGroup.Name == string.Format(securityGroupNameFormat, siteName, Constants.SecurityGroups.OfficeOwners));
if (spOwnerGroup != null)
{
spOwnerGroup.AddUser(director.User);
}
SPGroup spMembersGroup = existWeb.SiteGroups.Cast <SPGroup>().FirstOrDefault(siteGroup => siteGroup.Name == string.Format(securityGroupNameFormat, siteName, Constants.SecurityGroups.OfficeMembers));
if (spMembersGroup != null)
{
foreach (SPFieldUserValue member in members)
{
spMembersGroup.AddUser(member.User);
}
}
}
public static ModelNode AddSecurityGroup(this ModelNode model, SecurityGroupDefinition definition)
{
return(AddSecurityGroup(model, definition, null));
}
public static TModelNode AddSecurityGroup <TModelNode>(this TModelNode model, SecurityGroupDefinition definition)
where TModelNode : ModelNode, ISecurityGroupHostModelNode, new()
{
return(AddSecurityGroup(model, definition, null));
}
/// <inheritdoc cref="ComputeService.UpdateSecurityGroupAsync" />
public static SecurityGroup UpdateSecurityGroup(this ComputeService service, Identifier securityGroupid, SecurityGroupDefinition securityGroup)
{
return(service.UpdateSecurityGroupAsync(securityGroupid, securityGroup).ForceSynchronous());
}
/// <inheritdoc cref="ComputeService.CreateSecurityGroupAsync" />
public static SecurityGroup CreateSecurityGroup(this ComputeService service, SecurityGroupDefinition securityGroup)
{
return(service.CreateSecurityGroupAsync(securityGroup).ForceSynchronous());
}
public void CanDeploySimpleBreakRoleInheritance_OnWeb()
{
var privateProjectWebDef = new WebDefinition
{
Title = "Private project",
Url = "private-project",
WebTemplate = BuiltInWebTemplates.Collaboration.TeamSite
};
var privateProjectWebBreakRoleInheritance = new BreakRoleInheritanceDefinition
{
CopyRoleAssignments = false
};
var privateSecurityGroupMembers = new SecurityGroupDefinition
{
Name = "Private Project Group Members"
};
var privateSecurityGroupViewers = new SecurityGroupDefinition
{
Name = "Private Project Group Viewers"
};
// site model with the groups
var siteModel = SPMeta2Model.NewSiteModel(site =>
{
site.AddSecurityGroup(privateSecurityGroupMembers);
site.AddSecurityGroup(privateSecurityGroupViewers);
});
// web model
var webModel = SPMeta2Model.NewWebModel(web =>
{
web.AddWeb(privateProjectWebDef, publicProjectWeb =>
{
publicProjectWeb.AddBreakRoleInheritance(privateProjectWebBreakRoleInheritance, privateProjectResetWeb =>
{
// privateProjectResetWeb is your web but after breaking role inheritance
// link group with roles by SecurityRoleType / SecurityRoleName
// use BuiltInSecurityRoleTypes or BuiltInSecurityRoleNames
// add group with contributor permission
privateProjectResetWeb.AddSecurityGroupLink(privateSecurityGroupMembers, group =>
{
group.AddSecurityRoleLink(new SecurityRoleLinkDefinition
{
SecurityRoleType = BuiltInSecurityRoleTypes.Contributor
});
});
// add group with reader permission
privateProjectResetWeb.AddSecurityGroupLink(privateSecurityGroupViewers, group =>
{
group.AddSecurityRoleLink(new SecurityRoleLinkDefinition
{
SecurityRoleType = BuiltInSecurityRoleTypes.Reader
});
});
});
});
});
// deploy site model with groups, and then web model with the rest
DeployModel(siteModel);
DeployModel(webModel);
}
public void CanDeploySimpleBreakRoleInheritance_OnList()
{
var privateListDef = new ListDefinition
{
Title = "Private records",
TemplateType = BuiltInListTemplateTypeId.GenericList,
CustomUrl = "lists/private-records",
};
var privateProjectWebBreakRoleInheritance = new BreakRoleInheritanceDefinition
{
CopyRoleAssignments = false
};
var privateSecurityGroupMembers = new SecurityGroupDefinition
{
Name = "Private Project Group Members"
};
var privateSecurityGroupViewers = new SecurityGroupDefinition
{
Name = "Private Project Group Viewers"
};
// site model with the groups
var siteModel = SPMeta2Model.NewSiteModel(site =>
{
site.AddSecurityGroup(privateSecurityGroupMembers);
site.AddSecurityGroup(privateSecurityGroupViewers);
});
// web model
var webModel = SPMeta2Model.NewWebModel(web =>
{
web.AddList(privateListDef, publicProjectWeb =>
{
publicProjectWeb.AddBreakRoleInheritance(privateProjectWebBreakRoleInheritance, privateResetList =>
{
// privateResetList is your list but after breaking role inheritance
// link group with roles by SecurityRoleType / SecurityRoleName
// use BuiltInSecurityRoleTypes or BuiltInSecurityRoleNames
// add group with contributor permission
privateResetList.AddSecurityGroupLink(privateSecurityGroupMembers, group =>
{
group.AddSecurityRoleLink(new SecurityRoleLinkDefinition
{
SecurityRoleType = BuiltInSecurityRoleTypes.Contributor
});
});
// add group with reader permission
privateResetList.AddSecurityGroupLink(privateSecurityGroupViewers, group =>
{
group.AddSecurityRoleLink(new SecurityRoleLinkDefinition
{
SecurityRoleType = BuiltInSecurityRoleTypes.Reader
});
});
});
});
});
// deploy site model with groups, and then web model with the rest
DeployModel(siteModel);
DeployModel(webModel);
}
public static TModelNode AddSecurityGroupLink <TModelNode>(this TModelNode model, SecurityGroupDefinition definition,
Action <SecurityGroupLinkModelNode> action)
where TModelNode : ModelNode, ISecurableObjectHostModelNode, new()
{
return(AddSecurityGroupLink(model, new SecurityGroupLinkDefinition
{
SecurityGroupName = definition.Name,
IsAssociatedMemberGroup = definition.IsAssociatedMemberGroup,
IsAssociatedOwnerGroup = definition.IsAssociatedOwnerGroup,
IsAssociatedVisitorGroup = definition.IsAssociatedVisitorsGroup
}, action));
}
