functions/SPClientPermission/Grant-SPClientPermission.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
#Requires -Version 3.0

<#
  Grant-SPClientPermission.ps1
 
  Copyright (c) 2017 karamem0
 
  This software is released under the MIT License.
  https://github.com/karamem0/SPClient/blob/master/LICENSE
#>


function Grant-SPClientPermission {

<#
.SYNOPSIS
  Grants one or more permissions.
.DESCRIPTION
  The Grant-SPClientPermission function grants role assignments to the specified object.
.PARAMETER ClientContext
  Indicates the client context. If not specified, uses default context.
.PARAMETER ClientObject
  Indicates the site, list or item.
.PARAMETER Member
  Indicates the user or group to be granted permission.
.PARAMETER Roles
  Indicates the roles to be added.
.PARAMETER PassThru
  If specified, returns input object.
.EXAMPLE
  Grant-SPClientPermission $item -Member $user -Roles "Full Control"
.INPUTS
  None or Microsoft.SharePoint.Client.SecurableObject
.OUTPUTS
  None
.LINK
  https://github.com/karamem0/SPClient/blob/master/doc/Grant-SPClientPermission.md
#>


    [CmdletBinding()]
    param (
        [Parameter(Mandatory = $false)]
        [Microsoft.SharePoint.Client.ClientContext]
        $ClientContext = $SPClient.ClientContext,
        [Parameter(Mandatory = $true, Position = 0, ValueFromPipeline = $true)]
        [Microsoft.SharePoint.Client.SecurableObject]
        $ClientObject,
        [Parameter(Mandatory = $true)]
        [Microsoft.SharePoint.Client.Principal]
        $Member,
        [Parameter(Mandatory = $true)]
        [object[]]
        $Roles,
        [Parameter(Mandatory = $false)]
        [switch]
        $PassThru
    )

    process {
        if ($ClientContext -eq $null) {
            throw "Cannot bind argument to parameter 'ClientContext' because it is null."
        }
        $RoleDefinitionBindings = New-Object Microsoft.SharePoint.Client.RoleDefinitionBindingCollection($ClientContext)
        $RoleDefinitionCollection = $ClientContext.Site.RootWeb.RoleDefinitions
        foreach ($Role in $Roles) {
            if ($Role -is 'Microsoft.SharePoint.Client.RoleType') {
                $RoleDefinition = $RoleDefinitionCollection.GetByType($Role)
                $RoleDefinitionBindings.Add($RoleDefinition)
            } else {
                $RoleDefinition = $RoleDefinitionCollection.GetByName($Role.ToString())
                $RoleDefinitionBindings.Add($RoleDefinition)
            }
        }
        $ClientObject.RoleAssignments.Add($Member, $RoleDefinitionBindings) | Out-Null
        Invoke-ClientContextLoad `
            -ClientContext $ClientContext `
            -ClientObject $ClientObject `
            -Retrieval 'RoleAssignments.Include(Member,RoleDefinitionBindings)'
        if ($PassThru) {
            Write-Output $ClientObject
        }
    }

}