SPClient

0.12

functions/SPClientPermission/Revoke-SPClientPermission.ps1

                                #Requires -Version 3.0

<#

  Revoke-SPClientPermission.ps1

  Copyright (c) 2017 karamem0

  This software is released under the MIT License.

  https://github.com/karamem0/SPClient/blob/master/LICENSE

#>

function Revoke-SPClientPermission {

<#

.SYNOPSIS

  Revokes one or more permissions.

.DESCRIPTION

  The Revoke-SPClientPermission function revokes role assignments to the specified object.

.PARAMETER ClientContext

  Indicates the client context. If not specified, uses default context.

.PARAMETER ClientObject

  Indicates the site, list or item.

.PARAMETER Member

  Indicates the user or group to be revoked permission.

.PARAMETER Roles

  Indicates the roles to be removed.

.PARAMETER PassThru

  If specified, returns input object.

.EXAMPLE

  Revoke-SPClientPermission $item -Member $user -Roles "Full Control"

.INPUTS

  None or Microsoft.SharePoint.Client.SecurableObject

.OUTPUTS

  None

.LINK

  https://github.com/karamem0/SPClient/blob/master/doc/Revoke-SPClientPermission.md

#>

    [CmdletBinding(DefaultParameterSetName = 'All')]

    param (

        [Parameter(Mandatory = $false, ParameterSetName = 'All')]

        [Parameter(Mandatory = $false, ParameterSetName = 'Roles')]

        [Microsoft.SharePoint.Client.ClientContext]

        $ClientContext = $SPClient.ClientContext,

        [Parameter(Mandatory = $true, Position = 0, ValueFromPipeline = $true)]

        [Microsoft.SharePoint.Client.SecurableObject]

        $ClientObject,

        [Parameter(Mandatory = $true)]

        [Microsoft.SharePoint.Client.Principal]

        $Member,

        [Parameter(Mandatory = $true, ParameterSetName = 'All')]

        [switch]

        $All,

        [Parameter(Mandatory = $true, ParameterSetName = 'Roles')]

        [object[]]

        $Roles,

        [Parameter(Mandatory = $false)]

        [switch]

        $PassThru

    )

    process {

        if ($ClientContext -eq $null) {

            throw "Cannot bind argument to parameter 'ClientContext' because it is null."

        }

        $RoleAssignment = $ClientObject.RoleAssignments.GetByPrincipal($Member)

        if ($PSCmdlet.ParameterSetName -eq 'All') {

            $RoleAssignment.DeleteObject()

        }

        if ($PSCmdlet.ParameterSetName -eq 'Roles') {

            $RoleDefinitionBindings = $RoleAssignment.RoleDefinitionBindings

            $RoleDefinitionCollection = $ClientContext.Site.RootWeb.RoleDefinitions

            foreach ($Role in $Roles) {

                if ($Role -is 'Microsoft.SharePoint.Client.RoleType') {

                    $RoleDefinition = $RoleDefinitionCollection.GetByType($Role)

                    $RoleDefinitionBindings.Remove($RoleDefinition)

                } else {

                    $RoleDefinition = $RoleDefinitionCollection.GetByName($Role.ToString())

                    $RoleDefinitionBindings.Remove($RoleDefinition)

                }

            }

            $RoleAssignment.Update()

        }

        Invoke-ClientContextLoad `

            -ClientContext $ClientContext `

            -ClientObject $ClientObject `

            -Retrieval 'RoleAssignments.Include(Member,RoleDefinitionBindings)'

        if ($PassThru) {

            Write-Output $ClientObject

        }

    }

}