Public/Set-ViewGroupPermission.ps1
function Set-ViewGroupPermission { <# .SYNOPSIS Sets the permissions on one or more Roles which determine the level of access rights to one or more View Groups .DESCRIPTION Each Public View Group on a site has a set of permissions associated with each role on the same site. These permissions determine whether a View Group is visible to any given role, and whether members of that role are allowed to modify the View Group or the contents of that View Group including sub-groups and views. If Overall Security rights are granted to the role, those will overrule any permissions granted at the individual View Group level. .EXAMPLE PS C:\> Get-ViewGroup -Name 'Guards' | Set-ViewGroupPermission -RoleName 'Guards' -PermissionSet Read Grants read-only access to the view group 'Guards' for the role 'Guards' .EXAMPLE PS C:\> Get-ViewGroup -Name 'Managers' | Set-ViewGroupPermission -RoleName 'Guards' -PermissionSet None Revokes all access to the 'Managers' View Group for the role 'Guards' .EXAMPLE PS C:\> Get-ViewGroup -Name 'Managers' | Set-ViewGroupPermission -RoleName 'Managers' -PermissionSet Read, Operate Grants read and operate permissions for the 'Managers' role so that those members are allowed to see, and modify the contents of the 'Managers' View Group #> [CmdletBinding(SupportsShouldProcess)] param ( # Specifies the View Group or collection of View Groups for which permissions should be set [Parameter(Mandatory, ValueFromPipeline)] [VideoOS.Management.VmoClient.PublicViewGroup[]] $ViewGroup, # Specifies the name of the Role or collection of Roles for which the permissions should be updated [Parameter(Mandatory)] [string[]] [ValidateNotNullOrEmpty()] $RoleName, # Specifies which permissions to apply. Omitted permissions will be revoked if currently granted. # Note: Full is the same as specifying Read, Edit, Delete, Operate, and AdministrateSecurity. # Note: Specify None if all permissions should be revoked. # Note: If both Full and None are specified, None will take precedence [Parameter(Mandatory)] [ValidateSet('Read', 'Edit', 'Delete', 'Operate', 'AdministrateSecurity', 'Full', 'None')] [string[]] $PermissionSet ) process { $emptyPermissions = [VideoOS.Management.VmoClient.PublicViewGroupPermissionSet]::new() $permissions = [VideoOS.Management.VmoClient.PublicViewGroupPermissionSet]::new() $inversePermissions = [VideoOS.Management.VmoClient.PublicViewGroupPermissionSet]::new() $inversePermissions += [VideoOS.Management.VmoClient.PublicViewGroupPermission]::Read $inversePermissions += [VideoOS.Management.VmoClient.PublicViewGroupPermission]::Write $inversePermissions += [VideoOS.Management.VmoClient.PublicViewGroupPermission]::Delete $inversePermissions += [VideoOS.Management.VmoClient.PublicViewGroupPermission]::Operate $inversePermissions += [VideoOS.Management.VmoClient.PublicViewGroupPermission]::AdministrateSecurity $fullPermissions = $inversePermissions foreach ($permission in $PermissionSet) { if ($permission -eq 'Edit') { $permission = 'Write' } if ($permission -eq 'None') { $permissions = $emptyPermissions $inversePermissions = $fullPermissions break } if ($permission -eq 'Full') { $permissions = $fullPermissions $inversePermissions = $emptyPermissions break } $permissions += [VideoOS.Management.VmoClient.PublicViewGroupPermission]::$permission $inversePermissions -= [VideoOS.Management.VmoClient.PublicViewGroupPermission]::$permission } <# Strategy is to call Allow() only if at least one of the permissions should be granted and to call Revoke() only if at least one permission should not be granted. #> $identities = [string[]]($RoleName | Foreach-Object { "[VideoOS]\$_" }) foreach ($vg in $ViewGroup) { if ($permissions -ne $emptyPermissions) { if ($PSCmdlet.ShouldProcess($vg.Name, "Allow $($identities.Count) role(s) $permissions")) { $vg.Allow($permissions, $identities) } } if ($inversePermissions -ne $emptyPermissions) { if ($PSCmdlet.ShouldProcess($vg.Name, "Revoke $($identities.Count) role(s) $inversePermissions")) { $vg.Revoke($inversePermissions, $identities) } } } } } |