DSCResources/MSFT_SPWebAppPermissions/MSFT_SPWebAppPermissions.psm1
|
function Get-TargetResource { [CmdletBinding()] [OutputType([System.Collections.Hashtable])] param ( [parameter(Mandatory = $true)] [System.String] $WebAppUrl, [parameter(Mandatory = $false)] [ValidateSet("Manage Lists","Override List Behaviors","Add Items","Edit Items","Delete Items","View Items","Approve Items","Open Items","View Versions","Delete Versions","Create Alerts","View Application Pages")] [System.String[]] $ListPermissions, [parameter(Mandatory = $false)] [ValidateSet("Manage Permissions","View Web Analytics Data","Create Subsites","Manage Web Site","Add and Customize Pages","Apply Themes and Borders","Apply Style Sheets","Create Groups","Browse Directories","Use Self-Service Site Creation","View Pages","Enumerate Permissions","Browse User Information","Manage Alerts","Use Remote Interfaces","Use Client Integration Features","Open","Edit Personal User Information")] [System.String[]] $SitePermissions, [parameter(Mandatory = $false)] [ValidateSet("Manage Personal Views","Add/Remove Personal Web Parts","Update Personal Web Parts")] [System.String[]] $PersonalPermissions, [parameter(Mandatory = $false)] [System.Boolean] $AllPermissions, [parameter(Mandatory = $false)] [System.Management.Automation.PSCredential] $InstallAccount ) Write-Verbose -Message "Getting permissions for Web Application '$WebAppUrl'" Test-SPDSCInput @PSBoundParameters $result = Invoke-SPDSCCommand -Credential $InstallAccount -Arguments $PSBoundParameters -ScriptBlock { $params = $args[0] $wa = Get-SPWebApplication $params.WebAppUrl -ErrorAction SilentlyContinue if ($null -eq $wa) { throw "The specified web application could not be found." } if ($wa.RightsMask -eq [Microsoft.SharePoint.SPBasePermissions]::FullMask) { $returnval = @{ WebAppUrl = "url" AllPermissions = $true } } else { $ListPermissions = @() $SitePermissions = @() $PersonalPermissions = @() $rightsmask = ($wa.RightsMask -split ",").trim() foreach ($rightmask in $rightsmask) { switch ($rightmask) { "ManageLists" { $ListPermissions += "Manage Lists" } "CancelCheckout" { $ListPermissions += "Override List Behaviors" } "AddListItems" { $ListPermissions += "Add Items" } "EditListItems" { $ListPermissions += "Edit Items" } "DeleteListItems" { $ListPermissions += "Delete Items" } "ViewListItems" { $ListPermissions += "View Items" } "ApproveItems" { $ListPermissions += "Approve Items" } "OpenItems" { $ListPermissions += "Open Items" } "ViewVersions" { $ListPermissions += "View Versions" } "DeleteVersions" { $ListPermissions += "Delete Versions" } "CreateAlerts" { $ListPermissions += "Create Alerts" } "ViewFormPages" { $ListPermissions += "View Application Pages" } "ManagePermissions" { $SitePermissions += "Manage Permissions" } "ViewUsageData" { $SitePermissions += "View Web Analytics Data" } "ManageSubwebs" { $SitePermissions += "Create Subsites" } "ManageWeb" { $SitePermissions += "Manage Web Site" } "AddAndCustomizePages" { $SitePermissions += "Add and Customize Pages" } "ApplyThemeAndBorder" { $SitePermissions += "Apply Themes and Borders" } "ApplyStyleSheets" { $SitePermissions += "Apply Style Sheets" } "CreateGroups" { $SitePermissions += "Create Groups" } "BrowseDirectories" { $SitePermissions += "Browse Directories" } "CreateSSCSite" { $SitePermissions += "Use Self-Service Site Creation" } "ViewPages" { $SitePermissions += "View Pages" } "EnumeratePermissions" { $SitePermissions += "Enumerate Permissions" } "BrowseUserInfo" { $SitePermissions += "Browse User Information" } "ManageAlerts" { $SitePermissions += "Manage Alerts" } "UseRemoteAPIs" { $SitePermissions += "Use Remote Interfaces" } "UseClientIntegration" { $SitePermissions += "Use Client Integration Features" } "Open" { $SitePermissions += "Open" } "EditMyUserInfo" { $SitePermissions += "Edit Personal User Information" } "ManagePersonalViews" { $PersonalPermissions += "Manage Personal Views" } "AddDelPrivateWebParts" { $PersonalPermissions += "Add/Remove Personal Web Parts" } "UpdatePersonalWebParts" { $PersonalPermissions += "Update Personal Web Parts" } } } $returnval = @{ WebAppUrl = $params.WebAppUrl ListPermissions = $ListPermissions SitePermissions = $SitePermissions PersonalPermissions = $PersonalPermissions } } return $returnval } return $result } function Set-TargetResource { [CmdletBinding()] param ( [parameter(Mandatory = $true)] [System.String] $WebAppUrl, [parameter(Mandatory = $false)] [ValidateSet("Manage Lists","Override List Behaviors","Add Items","Edit Items","Delete Items","View Items","Approve Items","Open Items","View Versions","Delete Versions","Create Alerts","View Application Pages")] [System.String[]] $ListPermissions, [parameter(Mandatory = $false)] [ValidateSet("Manage Permissions","View Web Analytics Data","Create Subsites","Manage Web Site","Add and Customize Pages","Apply Themes and Borders","Apply Style Sheets","Create Groups","Browse Directories","Use Self-Service Site Creation","View Pages","Enumerate Permissions","Browse User Information","Manage Alerts","Use Remote Interfaces","Use Client Integration Features","Open","Edit Personal User Information")] [System.String[]] $SitePermissions, [parameter(Mandatory = $false)] [ValidateSet("Manage Personal Views","Add/Remove Personal Web Parts","Update Personal Web Parts")] [System.String[]] $PersonalPermissions, [parameter(Mandatory = $false)] [System.Boolean] $AllPermissions, [parameter(Mandatory = $false)] [System.Management.Automation.PSCredential] $InstallAccount ) Write-Verbose -Message "Setting permissions for Web Application '$WebAppUrl'" Test-SPDSCInput @PSBoundParameters $result = Get-TargetResource @PSBoundParameters if ($AllPermissions) { $result = Invoke-SPDSCCommand -Credential $InstallAccount -Arguments $PSBoundParameters -ScriptBlock { $params = $args[0] $wa = Get-SPWebApplication $params.WebAppUrl -ErrorAction SilentlyContinue if ($null -eq $wa) { throw "The specified web application could not be found." } $wa.RightsMask = [Microsoft.SharePoint.SPBasePermissions]::FullMask $wa.Update() } } else { $result = Invoke-SPDSCCommand -Credential $InstallAccount -Arguments $PSBoundParameters -ScriptBlock { $params = $args[0] $wa = Get-SPWebApplication $params.WebAppUrl -ErrorAction SilentlyContinue if ($null -eq $wa) { throw "The specified web application could not be found." } $newMask = [Microsoft.SharePoint.SPBasePermissions]::EmptyMask foreach ($lp in $params.ListPermissions) { switch ($lp) { "Manage Lists" { $newMask = $newMask -bor [Microsoft.SharePoint.SPBasePermissions]::ManageLists} "Override List Behaviors" { $newMask = $newMask -bor [Microsoft.SharePoint.SPBasePermissions]::CancelCheckout} "Add Items" { $newMask = $newMask -bor [Microsoft.SharePoint.SPBasePermissions]::AddListItems} "Edit Items" { $newMask = $newMask -bor [Microsoft.SharePoint.SPBasePermissions]::EditListItems} "Delete Items" { $newMask = $newMask -bor [Microsoft.SharePoint.SPBasePermissions]::DeleteListItems} "View Items" { $newMask = $newMask -bor [Microsoft.SharePoint.SPBasePermissions]::ViewListItems} "Approve Items" { $newMask = $newMask -bor [Microsoft.SharePoint.SPBasePermissions]::ApproveItems} "Open Items" { $newMask = $newMask -bor [Microsoft.SharePoint.SPBasePermissions]::OpenItems} "View Versions" { $newMask = $newMask -bor [Microsoft.SharePoint.SPBasePermissions]::ViewVersions} "Delete Versions" { $newMask = $newMask -bor [Microsoft.SharePoint.SPBasePermissions]::DeleteVersions} "Create Alerts" { $newMask = $newMask -bor [Microsoft.SharePoint.SPBasePermissions]::CreateAlerts} "View Application Pages" { $newMask = $newMask -bor [Microsoft.SharePoint.SPBasePermissions]::ViewFormPages} } } foreach ($sp in $params.SitePermissions) { switch ($sp) { "Manage Permissions" { $newMask = $newMask -bor [Microsoft.SharePoint.SPBasePermissions]::ManagePermissions} "View Web Analytics Data" { $newMask = $newMask -bor [Microsoft.SharePoint.SPBasePermissions]::ViewUsageData} "Create Subsites" { $newMask = $newMask -bor [Microsoft.SharePoint.SPBasePermissions]::ManageSubwebs} "Manage Web Site" { $newMask = $newMask -bor [Microsoft.SharePoint.SPBasePermissions]::ManageWeb} "Add and Customize Pages" { $newMask = $newMask -bor [Microsoft.SharePoint.SPBasePermissions]::AddAndCustomizePages} "Apply Themes and Borders" { $newMask = $newMask -bor [Microsoft.SharePoint.SPBasePermissions]::ApplyThemeAndBorder} "Apply Style Sheets" { $newMask = $newMask -bor [Microsoft.SharePoint.SPBasePermissions]::ApplyStyleSheets} "Create Groups" { $newMask = $newMask -bor [Microsoft.SharePoint.SPBasePermissions]::CreateGroups} "Browse Directories" { $newMask = $newMask -bor [Microsoft.SharePoint.SPBasePermissions]::BrowseDirectories} "Use Self-Service Site Creation" { $newMask = $newMask -bor [Microsoft.SharePoint.SPBasePermissions]::CreateSSCSite} "View Pages" { $newMask = $newMask -bor [Microsoft.SharePoint.SPBasePermissions]::ViewPages} "Enumerate Permissions" { $newMask = $newMask -bor [Microsoft.SharePoint.SPBasePermissions]::EnumeratePermissions} "Browse User Information" { $newMask = $newMask -bor [Microsoft.SharePoint.SPBasePermissions]::BrowseUserInfo} "Manage Alerts" { $newMask = $newMask -bor [Microsoft.SharePoint.SPBasePermissions]::ManageAlerts} "Use Remote Interfaces" { $newMask = $newMask -bor [Microsoft.SharePoint.SPBasePermissions]::UseRemoteAPIs} "Use Client Integration Features" { $newMask = $newMask -bor [Microsoft.SharePoint.SPBasePermissions]::UseClientIntegration} "Open" { $newMask = $newMask -bor [Microsoft.SharePoint.SPBasePermissions]::Open} "Edit Personal User Information" { $newMask = $newMask -bor [Microsoft.SharePoint.SPBasePermissions]::EditMyUserInfo} } } foreach ($pp in $params.PersonalPermissions) { switch ($pp) { "Manage Personal Views" { $newMask = $newMask -bor [Microsoft.SharePoint.SPBasePermissions]::ManagePersonalViews} "Add/Remove Personal Web Parts" { $newMask = $newMask -bor [Microsoft.SharePoint.SPBasePermissions]::AddDelPrivateWebParts} "Update Personal Web Parts" { $newMask = $newMask -bor [Microsoft.SharePoint.SPBasePermissions]::UpdatePersonalWebParts} } } $wa.RightsMask = $newMask $wa.Update() } } } function Test-TargetResource { [CmdletBinding()] [OutputType([System.Boolean])] param ( [parameter(Mandatory = $true)] [System.String] $WebAppUrl, [parameter(Mandatory = $false)] [ValidateSet("Manage Lists","Override List Behaviors","Add Items","Edit Items","Delete Items","View Items","Approve Items","Open Items","View Versions","Delete Versions","Create Alerts","View Application Pages")] [System.String[]] $ListPermissions, [parameter(Mandatory = $false)] [ValidateSet("Manage Permissions","View Web Analytics Data","Create Subsites","Manage Web Site","Add and Customize Pages","Apply Themes and Borders","Apply Style Sheets","Create Groups","Browse Directories","Use Self-Service Site Creation","View Pages","Enumerate Permissions","Browse User Information","Manage Alerts","Use Remote Interfaces","Use Client Integration Features","Open","Edit Personal User Information")] [System.String[]] $SitePermissions, [parameter(Mandatory = $false)] [ValidateSet("Manage Personal Views","Add/Remove Personal Web Parts","Update Personal Web Parts")] [System.String[]] $PersonalPermissions, [parameter(Mandatory = $false)] [System.Boolean] $AllPermissions, [parameter(Mandatory = $false)] [System.Management.Automation.PSCredential] $InstallAccount ) Write-Verbose -Message "Testing permissions for Web Application '$WebAppUrl'" Test-SPDSCInput @PSBoundParameters $CurrentValues = Get-TargetResource @PSBoundParameters if ($AllPermissions -eq $true) { if ($CurrentValues.ContainsKey("AllPermissions")) { return Test-SPDscParameterState -CurrentValues $CurrentValues -DesiredValues $PSBoundParameters -ValuesToCheck @("AllPermissions") } else { return $false } } else { if ($CurrentValues.ContainsKey("AllPermissions")) { return $false } else { if ($null -ne (Compare-Object -ReferenceObject $ListPermissions -DifferenceObject $CurrentValues.ListPermissions)) { return $false } if ($null -ne (Compare-Object -ReferenceObject $SitePermissions -DifferenceObject $CurrentValues.SitePermissions)) { return $false } if ($null -ne (Compare-Object -ReferenceObject $PersonalPermissions -DifferenceObject $CurrentValues.PersonalPermissions)) { return $false } return $true } } } Export-ModuleMember -Function *-TargetResource function Test-SPDSCInput() { [CmdletBinding()] [OutputType([System.Boolean])] param ( [parameter(Mandatory = $true)] [System.String] $WebAppUrl, [parameter(Mandatory = $false)] [ValidateSet("Manage Lists","Override List Behaviors","Add Items","Edit Items","Delete Items","View Items","Approve Items","Open Items","View Versions","Delete Versions","Create Alerts","View Application Pages")] [System.String[]] $ListPermissions, [parameter(Mandatory = $false)] [ValidateSet("Manage Permissions","View Web Analytics Data","Create Subsites","Manage Web Site","Add and Customize Pages","Apply Themes and Borders","Apply Style Sheets","Create Groups","Browse Directories","Use Self-Service Site Creation","View Pages","Enumerate Permissions","Browse User Information","Manage Alerts","Use Remote Interfaces","Use Client Integration Features","Open","Edit Personal User Information")] [System.String[]] $SitePermissions, [parameter(Mandatory = $false)] [ValidateSet("Manage Personal Views","Add/Remove Personal Web Parts","Update Personal Web Parts")] [System.String[]] $PersonalPermissions, [parameter(Mandatory = $false)] [System.Boolean] $AllPermissions, [parameter(Mandatory = $false)] [System.Management.Automation.PSCredential] $InstallAccount ) if ($AllPermissions) { # AllPermissions parameter specified with and one of the other parameters if ($ListPermissions -or $SitePermissions -or $PersonalPermissions) { Throw "Do not specify parameters ListPermissions, SitePermissions or PersonalPermissions when specifying parameter AllPermissions" } } else { # You have to specify all three parameters if (-not ($ListPermissions -and $SitePermissions -and $PersonalPermissions)) { Throw "One of the parameters ListPermissions, SitePermissions or PersonalPermissions is missing" } } #Checks if ($ListPermissions -contains "Approve Items" -and -not ($ListPermissions -contains "Edit Items")) { Throw "Edit Items is required when specifying Approve Items" } if (($ListPermissions -contains "Manage Lists" ` -or $ListPermissions -contains "Override List Behaviors" ` -or $ListPermissions -contains "Add Items" ` -or $ListPermissions -contains "Edit Items" ` -or $ListPermissions -contains "Delete Items" ` -or $ListPermissions -contains "Approve Items" ` -or $ListPermissions -contains "Open Items" ` -or $ListPermissions -contains "View Versions" ` -or $ListPermissions -contains "Delete Versions" ` -or $ListPermissions -contains "Create Alerts" ` -or $SitePermissions -contains "Manage Permissions" ` -or $SitePermissions -contains "Manage Web Site" ` -or $SitePermissions -contains "Add and Customize Pages" ` -or $SitePermissions -contains "Manage Alerts" ` -or $SitePermissions -contains "Use Client Integration Features" ` -or $PersonalPermissions -contains "Manage Personal Views" ` -or $PersonalPermissions -contains "Add/Remove Personal Web Parts" ` -or $PersonalPermissions -contains "Update Personal Web Parts") ` -and -not ($ListPermissions -contains "View Items")) { Throw "View Items is required when specifying Manage Lists, Override List Behaviors, Add Items, Edit Items, Delete Items, Approve Items, Open Items, View Versions, Delete Versions, Create Alerts, Manage Permissions, Manage Web Site, Add and Customize Pages, Manage Alerts, Use Client Integration Features, Manage Personal Views, Add/Remove Personal Web Parts or Update Personal Web Parts" } if (($ListPermissions -contains "View Versions"-or $SitePermissions -contains "Manage Permissions") -and -not ($ListPermissions -contains "Open Items")) { Throw "Open Items is required when specifying View Versions or Manage Permissions" } if (($ListPermissions -contains "Delete Versions" -or $SitePermissions -contains "Manage Permissions") -and -not ($ListPermissions -contains "View Versions")) { Throw "View Versions is required when specifying Delete Versions or Manage Permissions" } if ($SitePermissions -contains "Manage Alerts" -and -not ($ListPermissions -contains "Create Alerts")) { Throw "Create Alerts is required when specifying Manage Alerts" } if ($SitePermissions -contains "Manage Web Site" -and -not ($SitePermissions -contains "Add and Customize Pages")) { Throw "Add and Customize Pages is required when specifying Manage Web Site" } if (($SitePermissions -contains "Manage Permissions" -or $SitePermissions -contains "Manage Web Site" -or $SitePermissions -contains "Add and Customize Pages" -or $SitePermissions -contains "Enumerate Permissions") -and -not ($SitePermissions -contains "Browse Directories")) { Throw "Browse Directories is required when specifying Manage Permissions, Manage Web Site, Add and Customize Pages or Enumerate Permissions" } if (($ListPermissions -contains "Manage Lists" ` -or $ListPermissions -contains "Override List Behaviors" ` -or $ListPermissions -contains "Add Items" ` -or $ListPermissions -contains "Edit Items" ` -or $ListPermissions -contains "Delete Items" ` -or $ListPermissions -contains "View Items" ` -or $ListPermissions -contains "Approve Items" ` -or $ListPermissions -contains "Open Items" ` -or $ListPermissions -contains "View Versions" ` -or $ListPermissions -contains "Delete Versions" ` -or $ListPermissions -contains "Create Alerts" ` -or $SitePermissions -contains "Manage Permissions" ` -or $SitePermissions -contains "View Web Analytics Data" ` -or $SitePermissions -contains "Create Subsites" ` -or $SitePermissions -contains "Manage Web Site" ` -or $SitePermissions -contains "Add and Customize Pages" ` -or $SitePermissions -contains "Apply Themes and Borders" ` -or $SitePermissions -contains "Apply Style Sheets" ` -or $SitePermissions -contains "Create Groups" ` -or $SitePermissions -contains "Browse Directories" ` -or $SitePermissions -contains "Use Self-Service Site Creation" ` -or $SitePermissions -contains "Enumerate Permissions" ` -or $SitePermissions -contains "Manage Alerts" ` -or $PersonalPermissions -contains "Manage Personal Views" ` -or $PersonalPermissions -contains "Add/Remove Personal Web Parts" ` -or $PersonalPermissions -contains "Update Personal Web Parts") ` -and -not ($SitePermissions -contains "View Pages")) { Throw "View Pages is required when specifying Manage Lists, Override List Behaviors, Add Items, Edit Items, Delete Items, View Items, Approve Items, Open Items, View Versions, Delete Versions, Create Alerts, Manage Permissions, View Web Analytics Data, Create Subsites, Manage Web Site, Add and Customize Pages, Apply Themes and Borders, Apply Style Sheets, Create Groups, Browse Directories, Use Self-Service Site Creation, Enumerate Permissions, Manage Alerts, Manage Personal Views, Add/Remove Personal Web Parts or Update Personal Web Parts" } if (($SitePermissions -contains "Manage Permissions" -or $SitePermissions -contains "Manage Web Site") -and -not ($SitePermissions -contains "Enumerate Permissions")) { Throw "Enumerate Permissions is required when specifying Manage Permissions or Manage Web Site" } if (($SitePermissions -contains "Manage Permissions" ` -or $SitePermissions -contains "Create Subsites" ` -or $SitePermissions -contains "Manage Web Site" ` -or $SitePermissions -contains "Create Groups" ` -or $SitePermissions -contains "Use Self-Service Site Creation" ` -or $SitePermissions -contains "Enumerate Permissions" ` -or $SitePermissions -contains "Edit Personal User Information") ` -and -not ($SitePermissions -contains "Browse User Information")) { Throw "Browse User Information is required when specifying Manage Permissions, Create Subsites, Manage Web Site, Create Groups, Use Self-Service Site Creation, Enumerate Permissions or Edit Personal User Information" } if ($SitePermissions -contains "Use Client Integration Features" -and -not ($SitePermissions -contains "Use Remote Interfaces")) { Throw "Use Remote Interfaces is required when specifying Use Client Integration Features" } if (($ListPermissions -contains "Manage Lists" ` -or $ListPermissions -contains "Override List Behaviors" ` -or $ListPermissions -contains "Add Items" ` -or $ListPermissions -contains "Edit Items" ` -or $ListPermissions -contains "Delete Items" ` -or $ListPermissions -contains "View Items" ` -or $ListPermissions -contains "Approve Items" ` -or $ListPermissions -contains "Open Items" ` -or $ListPermissions -contains "View Versions" ` -or $ListPermissions -contains "Delete Versions" ` -or $ListPermissions -contains "Create Alerts" ` -or $ListPermissions -contains "View Application Pages" ` -or $SitePermissions -contains "Manage Permissions" ` -or $SitePermissions -contains "View Web Analytics Data" ` -or $SitePermissions -contains "Create Subsites" ` -or $SitePermissions -contains "Manage Web Site" ` -or $SitePermissions -contains "Add and Customize Pages" ` -or $SitePermissions -contains "Apply Themes and Borders" ` -or $SitePermissions -contains "Apply Style Sheets" ` -or $SitePermissions -contains "Create Groups" ` -or $SitePermissions -contains "Browse Directories" ` -or $SitePermissions -contains "Use Self-Service Site Creation" ` -or $SitePermissions -contains "View Pages" ` -or $SitePermissions -contains "Enumerate Permissions" ` -or $SitePermissions -contains "Browse User Information" ` -or $SitePermissions -contains "Manage Alerts" ` -or $SitePermissions -contains "Use Remote Interfaces" ` -or $SitePermissions -contains "Use Client Integration Features" ` -or $SitePermissions -contains "Edit Personal User Information" ` -or $PersonalPermissions -contains "Manage Personal Views" ` -or $PersonalPermissions -contains "Add/Remove Personal Web Parts" ` -or $PersonalPermissions -contains "Update Personal Web Parts") ` -and -not ($SitePermissions -contains "Open")) { Throw "Open is required when specifying any of the other permissions" } if ($PersonalPermissions -contains "Add/Remove Personal Web Parts" -and -not ($PersonalPermissions -contains "Update Personal Web Parts")) { Throw "Update Personal Web Parts is required when specifying Add/Remove Personal Web Parts" } } |