valentia

0.5.2.3

Functions/Helper/ACL/Set-ValentiaACL.ps1

                                #Requires -Version 3.0

<#

.SYNOPSIS 

Set ACL from selected source path.

.DESCRIPTION

You can Set ACL information to selected source path.

This is same logic as gACLResource. 

.NOTES

Author: guitarrapc

Created: 3/Sep/2014

.EXAMPLE

Set-ValentiaACL -Path c:\Deployment -Account Users -Rights Modify -Ensure Present -Access Allow -Inherit $false -Recurse $false

--------------------------------------------

Add FullControl to the c:\Deployment for user "Users", means no Computer/Domain user name checking.

.EXAMPLE

Set-ValentiaACL -Path c:\Deployment -Account contoso\John -Rights Modify -Ensure Present -Access Allow -Inherit $false -Recurse $false

--------------------------------------------

Add FullControl to the c:\Deployment for user "BuiltIn\Users", means strict user name checking.

.ExternalHelp "https://github.com/guitarrapc/DSCResources/tree/master/Custom/gACLResource"

#>

function Set-ValentiaACL

{

    [CmdletBinding()]

    param

    (

        [Parameter(mandatory = $true, position = 0)]

        [ValidateNotNullOrEmpty()]

        [String]$Path,

        [Parameter(mandatory = $true, position = 1)]

        [ValidateNotNullOrEmpty()]

        [String]$Account,

        [Parameter(mandatory = $false, position = 2)]

        [ValidateNotNullOrEmpty()]

        [System.Security.AccessControl.FileSystemRights]$Rights = "ReadAndExecute",

        [Parameter(mandatory = $false, position = 3)]

        [ValidateSet("Present", "Absent")]

        [ValidateNotNullOrEmpty()]

        [String]$Ensure = "Present",

        [Parameter(mandatory = $false, position = 4)]

        [ValidateNotNullOrEmpty()]

        [ValidateSet("Allow", "Deny")]

        [System.Security.AccessControl.AccessControlType]$Access = "Allow",

        [Parameter(mandatory = $false, position = 5)]

        [Bool]$Inherit = $false,

        [Parameter(mandatory = $false, position = 6)]

        [Bool]$Recurse = $false,

        [Parameter(mandatory = $false, position = 7)]

        [Bool]$Strict = $false

    )

    $desiredRule = GetDesiredRule -Path $Path -Account $Account -Rights $Rights -Access $Access -Inherit $Inherit -Recurse $Recurse

    $currentACL = (Get-Item $Path).GetAccessControl("Access")

    $currentRules = $currentACL.GetAccessRules($true, $true, [System.Security.Principal.NTAccount])

    $match = IsDesiredRuleAndCurrentRuleSame -DesiredRule $desiredRule -CurrentRules $currentRules -Strict $Strict

    if ($Ensure -eq "Present")

    {

        $CurrentACL.AddAccessRule($DesiredRule)

        $CurrentACL | Set-Acl -Path $Path 

    }

    elseif ($Ensure -eq "Absent")

    {

        $CurrentACL.RemoveAccessRule($DesiredRule) > $null

        $CurrentACL | Set-Acl -Path $Path 

    }

}