Skip to content

Instantly share code, notes, and snippets.

@DominicCronin

DominicCronin/TridionPermissions

Created March 21, 2014 13:53
Show Gist options
  • Save DominicCronin/9686772 to your computer and use it in GitHub Desktop.
Save DominicCronin/9686772 to your computer and use it in GitHub Desktop.
Download ZIP
addRightsAndPermissions
Raw
TridionPermissions
# Depends on PowerShell Reflection module (http://poshcode.org/search/Reflection)
# Depends on Tridion Powershell Modules (http://code.google.com/p/tridion-powershell-modules/)
$autoLocalize = $true
import-module Tridion-CoreService
$core = Get-TridionCoreServiceClient
import-module Reflection
import-namespace Tridion.ContentManager.CoreService.Client
$defaultReadOptions = new-object ReadOptions
$groupsFilter = new-object GroupsFilterData
$usersFilter = new-object UsersFilterData
function addRightsAndPermissions( $trustee, $orgItem, $rights, $permissions){
if ($autoLocalize -and $orgItem.BluePrintInfo.IsShared){
$orgItem = $core.Localize($orgItem.Id, $defaultReadOptions)
}
# need to strip out any existing entries for this trustee
$entries = $orgItem.AccessControlList.AccessControlEntries | ? {$_.Trustee.IdRef -ne $trustee.Id}
$link = new-object LinkToTrusteeData
$link.IdRef = $trustee.Id
$ace = new-object AccessControlEntryData
$ace.Trustee = $link
if ($rights -ne $null) {$ace.AllowedRights = $rights}
if ($permissions -ne $null) {
$ace.AllowedPermissions = $permissions
$orgItem.IsPermissionsInheritanceRoot = $true
}
$entries += $ace
$orgItem.AccessControlList.AccessControlEntries = $entries
"Updating $($orgItem.LocationInfo.Webdavurl) for $($trustee.Id)"
$core.Save($orgItem, $null)
}
function addPermissions( $trustee, $orgItem, $permissions){
addRightsAndPermissions $trustee $orgItem $null $permissions
}
function addRights( $trustee, $orgItem, $rights){
addRightsAndPermissions $trustee $orgItem $rights $null
}
# First check to see if our group is there already and delete it
$groupTitle = "TestGroup"
$core.GetSystemWideList($groupsFilter) | ? {$_.Title -eq $groupTitle} | % {$core.Delete($_.Id)}
# First create a test group
$group = $core.GetDefaultData([ItemType]::Group, $null, $null)
$group.Title = $groupTitle
$group.Description = "It's the test group"
$group = $core.Create($group, $defaultReadOptions)
$testUserDescription = "Test User 1"
$testUserTitle = "TRIDIONDEV\test1"
$testUser = @($core.GetSystemWideList($usersFilter) | ? {$_.Description -eq $testUserDescription})[0]
if ($testUser -eq $null) {
$testUser = $core.GetDefaultData([ItemType]::User, $null, $null)
$testUser.Title = $testUserTitle
$testUser.Description = $testUserDescription
$testUser = $core.Create($testUser, $defaultReadOptions)
}
#Add group to test user
$groupMembership = new-object GroupMembershipData
$groupMembership.Group = new-object LinkToGroupData
$groupMembership.Group.IdRef = $group.Id
$testUser.GroupMemberships = $groupMembership
$core.Save($testUser, $null)
# And now for the project-specific stuff.
# Add read permission to the PermsTest category on the "01 Definitions" publication
$catContent = $core.Read("/webdav/01%20Definitions/PermsTest", $defaultReadOptions)
addPermissions $group $catContent Read
# and read and write permissions on the content folder in "02 Content"
$contentFolder = $core.Read("/webdav/02%20Content/Building%20Blocks/Content", $defaultReadOptions)
addPermissions $group $contentFolder Read,Write
# and some rights on the content publication
$contentPub = $core.Read("/webdav/02%20Content", $defaultReadOptions)
addRights $group $contentPub ComponentManagement,FolderManagement,VirtualFolderManagement
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment