joerodgers/Invoke-ListPermissionInheritanceReset.ps1

## Invoke-ListPermissionInheritanceReset.ps1
#requires -modules "PnP.PowerShell"

[System.Net.WebRequest]::DefaultWebProxy.Credentials = [System.Net.CredentialCache]::DefaultCredentials
[System.Net.ServicePointManager]::SecurityProtocol   = [System.Net.SecurityProtocolType]::Tls12

function Invoke-FolderPermissionInheritanceReset
{
    [CmdletBinding()]
    param
    (
        [Parameter(Mandatory=$true)]
        [Microsoft.SharePoint.Client.List]
        $List,

        [Parameter(Mandatory=$true)]
        [Microsoft.SharePoint.Client.Folder]
        $Folder,

        [Parameter(Mandatory=$false)]
        [switch]
        $Recurse,

        [Parameter(Mandatory=$false)]
        [int]
        $CommitIdle = 100, # milliseconds

        [Parameter(Mandatory=$false)]
        [int]
        $CommitInterval = 10,

        [Parameter(Mandatory=$false)]
        [switch]
        $WhatIf
    )

    begin
    {
        $folderHasUniqueRoleAssignments = Get-PnPProperty -ClientObject $Folder.ListItemAllFields -Property HasUniqueRoleAssignments

        $counter = 0
    }
    process
    {
        $items = Get-PnPListItem -List $list -PageSize 5000 -FolderServerRelativeUrl $Folder.ServerRelativeUrl

        Write-Verbose "$(Get-Date) - Folder: $($Folder.ServerRelativeUrl), ItemCount: $($items.Count)"

        foreach( $item in $items )
        {
            if( $Recurse.IsPresent -and $item.FileSystemObjectType -eq [Microsoft.SharePoint.Client.FileSystemObjectType]::Folder )
            {
                $subfolder = Get-PnPFolder -Url $item.FieldValues.FileRef

                Write-Verbose "$(Get-Date) - Processing subfolder: $($subfolder.ServerRelativeUrl)"

                Invoke-FolderPermissionInheritanceReset `
                    -List           $list `
                    -Folder         $subfolder `
                    -Recurse:       $true `
                    -CommitIdle     $CommitIdle `
                    -CommitInterval $CommitInterval `
                    -WhatIf:        $WhatIf.IsPresent `
            }

            $null = Get-PnPProperty -ClientObject $item -Property HasUniqueRoleAssignments

            if( $item.HasUniqueRoleAssignments )
            {
                $itemUrl = $item.FieldValues.FileRef

                if( $WhatIf.IsPresent )
                {
                    Write-Host "Would have reset permission inheritance on item: $itemUrl"
                }
                else
                {
                    Write-Verbose "$(Get-Date) - Reseting permission inheritance on: $itemUrl"

                    $item.ResetRoleInheritance()
                    $item.Update()

                    $counter++
                }
            }

            if( $counter -gt 0 -and $counter % $CommitInterval -eq 0 )
            {
                Write-Verbose "$(Get-Date) - Committing folder items role inheritance updates."

                Invoke-PnPQuery

                Start-Sleep -Milliseconds $CommitIdle

                $counter = 0
            }
        }

        if( $folderHasUniqueRoleAssignments )
        {
            if( $WhatIf.IsPresent )
            {
                Write-Host "Would have reset permission inheritance on item: $($Folder.ServerRelativeUrl)"
            }
            else
            {
                Write-Verbose "$(Get-Date) - Reseting permission inheritance on folder: $($Folder.ServerRelativeUrl)"

                $list.ResetRoleInheritance()
                $list.Update()
                $counter++
            }
        }

        if( $counter -gt 0 )
        {
            Write-Verbose "$(Get-Date) - Committing final role inheritance updates."
            Invoke-PnPQuery

            Start-Sleep -Milliseconds $CommitIdle
        }
    }
    end
    {
    }
}

function Invoke-ListPermissionInheritanceReset
{
    [CmdletBinding()]
    param
    (
        [Parameter(Mandatory=$true)]
        [Microsoft.SharePoint.Client.List]
        $List,

        [Parameter(Mandatory=$false)]
        [switch]
        $WhatIf
    )

    begin
    {
        $listHasUniqueRoleAssignments = Get-PnPProperty -ClientObject $List -Property HasUniqueRoleAssignments
    }
    process
    {
        $items = Get-PnPListItem -List $list -PageSize 5000

        Write-Verbose "$(Get-Date) - List: $($list.DefaultViewUrl), ItemCount: $($items.Count)"

        foreach( $item in $items )
        {
            $null = Get-PnPProperty -ClientObject $item -Property HasUniqueRoleAssignments

            if( $item.HasUniqueRoleAssignments )
            {
                $itemUrl = $item.FieldValues.FileRef

                if( $WhatIf.IsPresent )
                {
                    Write-Host "Would have reset permission inheritance on item: $itemUrl"
                }
                else
                {
                    Write-Verbose "$(Get-Date) - Reseting permission inheritance on: $itemUrl"

                    $item.ResetRoleInheritance()
                    $item.Update()
                    Invoke-PnPQuery
                }
            }
        }

        if( $listHasUniqueRoleAssignments )
        {
            if( $WhatIf.IsPresent )
            {
                Write-Host "Would have reset permission inheritance on item: $itemUrl"
            }
            else
            {
                Write-Verbose "$(Get-Date) - Reseting permission inheritance on list: $($list.DefaultViewUrl)"

                $list.ResetRoleInheritance()
                $list.Update()
                Invoke-PnPQuery
            }
        }
    }
    end
    {
    }
}

function Invoke-WebPermissionInheritanceReset
{
    [CmdletBinding()]
    param
    (
        [Parameter(Mandatory=$true)]
        [Microsoft.SharePoint.Client.Web]
        $Web,

        [Parameter(Mandatory=$false)]
        [switch]
        $WhatIf
    )

    begin
    {
        $lists = Get-PnPList -Includes Hidden, HasUniqueRoleAssignments, ItemCount, IsCatalog
    }
    process
    {
        foreach( $list in $lists )
        {
            Write-Verbose "$(Get-Date) - List: $($list.DefaultViewUrl), Hidden: $($list.Hidden), IsCatalog: $($list.IsCatalog), ItemCount: $($List.ItemCount)"

            if( $list.Hidden -or $list.IsCatalog )
            {
                continue
            }

            Invoke-ListPermissionInheritanceReset `
                -List $list `
                -WhatIf:$WhatIf.IsPresent
        }
    }
    end
    {
    }
}

function Invoke-SitePermissionInheritanceReset
{
    [CmdletBinding()]
    param
    (
        [Parameter(Mandatory=$true)]
        [Microsoft.SharePoint.Client.Site]
        $Site,

        [Parameter(Mandatory=$false)]
        [switch]
        $WhatIf
    )

    begin
    {
        $webs = Get-PnPSubWeb -IncludeRootWeb -Recurse
    }
    process
    {
        foreach( $web in $webs )
        {
            Write-Verbose "$(Get-Date) - Web: $($web.ServerRelativeUrl)"

            Invoke-WebPermissionInheritanceReset `
                -Web $web `
                -WhatIf:$WhatIf.IsPresent
        }
    }
    end
    {
    }
}

Connect-PnPOnline `
    -Url        "https://$env:O365_TENANT.sharepoint.com/sites/modernsite2" `
    -ClientId   $env:O365_CLIENTID `
    -Thumbprint $env:O365_THUMBPRINT `
    -Tenant     $env:O365_TENANTID

<#

## LIST EXAMPLE

    $list   = Get-PnpList -Identity "PermTest01"

    Invoke-ListPermissionInheritanceReset -List $list

## FOLDER EXAMPLE

    $list   = Get-PnpList -Identity "PermTest01"

    $folder = Get-PnPFolder -Url "/sites/ModernSite2/PermTest01/Folder 1/Folder 2/Folder 3/Folder 4/Folder 5"

    Invoke-FolderPermissionInheritanceReset `
        -List           $list `
        -Folder         $folder `
        -CommitIdle     0 `
        -CommitInterval 5 `
        -Recurse `
        -Verbose


## WEB EXAMPLE

    $web = Get-PnPWeb

    Invoke-WebPermissionInheritanceReset -Web $web


## SITE EXAMPLE

    $site = Get-PnPSite

    Invoke-SitePermissionInheritanceReset -Site $site

#>
	#requires -modules "PnP.PowerShell"

	[System.Net.WebRequest]::DefaultWebProxy.Credentials = [System.Net.CredentialCache]::DefaultCredentials
	[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12

	function Invoke-FolderPermissionInheritanceReset
	{
	[CmdletBinding()]
	param
	(
	[Parameter(Mandatory=$true)]
	[Microsoft.SharePoint.Client.List]
	$List,

	[Parameter(Mandatory=$true)]
	[Microsoft.SharePoint.Client.Folder]
	$Folder,

	[Parameter(Mandatory=$false)]
	[switch]
	$Recurse,

	[Parameter(Mandatory=$false)]
	[int]
	$CommitIdle = 100, # milliseconds

	[Parameter(Mandatory=$false)]
	[int]
	$CommitInterval = 10,

	[Parameter(Mandatory=$false)]
	[switch]
	$WhatIf
	)

	begin
	{
	$folderHasUniqueRoleAssignments = Get-PnPProperty -ClientObject $Folder.ListItemAllFields -Property HasUniqueRoleAssignments

	$counter = 0
	}
	process
	{
	$items = Get-PnPListItem -List $list -PageSize 5000 -FolderServerRelativeUrl $Folder.ServerRelativeUrl

	Write-Verbose "$(Get-Date) - Folder: $($Folder.ServerRelativeUrl), ItemCount: $($items.Count)"

	foreach( $item in $items )
	{
	if( $Recurse.IsPresent -and $item.FileSystemObjectType -eq [Microsoft.SharePoint.Client.FileSystemObjectType]::Folder )
	{
	$subfolder = Get-PnPFolder -Url $item.FieldValues.FileRef

	Write-Verbose "$(Get-Date) - Processing subfolder: $($subfolder.ServerRelativeUrl)"

	Invoke-FolderPermissionInheritanceReset `
	-List $list `
	-Folder $subfolder `
	-Recurse: $true `
	-CommitIdle $CommitIdle `
	-CommitInterval $CommitInterval `
	-WhatIf: $WhatIf.IsPresent `
	}

	$null = Get-PnPProperty -ClientObject $item -Property HasUniqueRoleAssignments

	if( $item.HasUniqueRoleAssignments )
	{
	$itemUrl = $item.FieldValues.FileRef

	if( $WhatIf.IsPresent )
	{
	Write-Host "Would have reset permission inheritance on item: $itemUrl"
	}
	else
	{
	Write-Verbose "$(Get-Date) - Reseting permission inheritance on: $itemUrl"

	$item.ResetRoleInheritance()
	$item.Update()

	$counter++
	}
	}

	if( $counter -gt 0 -and $counter % $CommitInterval -eq 0 )
	{
	Write-Verbose "$(Get-Date) - Committing folder items role inheritance updates."

	Invoke-PnPQuery

	Start-Sleep -Milliseconds $CommitIdle

	$counter = 0
	}
	}

	if( $folderHasUniqueRoleAssignments )
	{
	if( $WhatIf.IsPresent )
	{
	Write-Host "Would have reset permission inheritance on item: $($Folder.ServerRelativeUrl)"
	}
	else
	{
	Write-Verbose "$(Get-Date) - Reseting permission inheritance on folder: $($Folder.ServerRelativeUrl)"

	$list.ResetRoleInheritance()
	$list.Update()
	$counter++
	}
	}

	if( $counter -gt 0 )
	{
	Write-Verbose "$(Get-Date) - Committing final role inheritance updates."
	Invoke-PnPQuery

	Start-Sleep -Milliseconds $CommitIdle
	}
	}
	end
	{
	}
	}

	function Invoke-ListPermissionInheritanceReset
	{
	[CmdletBinding()]
	param
	(
	[Parameter(Mandatory=$true)]
	[Microsoft.SharePoint.Client.List]
	$List,

	[Parameter(Mandatory=$false)]
	[switch]
	$WhatIf
	)

	begin
	{
	$listHasUniqueRoleAssignments = Get-PnPProperty -ClientObject $List -Property HasUniqueRoleAssignments
	}
	process
	{
	$items = Get-PnPListItem -List $list -PageSize 5000

	Write-Verbose "$(Get-Date) - List: $($list.DefaultViewUrl), ItemCount: $($items.Count)"

	foreach( $item in $items )
	{
	$null = Get-PnPProperty -ClientObject $item -Property HasUniqueRoleAssignments

	if( $item.HasUniqueRoleAssignments )
	{
	$itemUrl = $item.FieldValues.FileRef

	if( $WhatIf.IsPresent )
	{
	Write-Host "Would have reset permission inheritance on item: $itemUrl"
	}
	else
	{
	Write-Verbose "$(Get-Date) - Reseting permission inheritance on: $itemUrl"

	$item.ResetRoleInheritance()
	$item.Update()
	Invoke-PnPQuery
	}
	}
	}

	if( $listHasUniqueRoleAssignments )
	{
	if( $WhatIf.IsPresent )
	{
	Write-Host "Would have reset permission inheritance on item: $itemUrl"
	}
	else
	{
	Write-Verbose "$(Get-Date) - Reseting permission inheritance on list: $($list.DefaultViewUrl)"

	$list.ResetRoleInheritance()
	$list.Update()
	Invoke-PnPQuery
	}
	}
	}
	end
	{
	}
	}

	function Invoke-WebPermissionInheritanceReset
	{
	[CmdletBinding()]
	param
	(
	[Parameter(Mandatory=$true)]
	[Microsoft.SharePoint.Client.Web]
	$Web,

	[Parameter(Mandatory=$false)]
	[switch]
	$WhatIf
	)

	begin
	{
	$lists = Get-PnPList -Includes Hidden, HasUniqueRoleAssignments, ItemCount, IsCatalog
	}
	process
	{
	foreach( $list in $lists )
	{
	Write-Verbose "$(Get-Date) - List: $($list.DefaultViewUrl), Hidden: $($list.Hidden), IsCatalog: $($list.IsCatalog), ItemCount: $($List.ItemCount)"

	if( $list.Hidden -or $list.IsCatalog )
	{
	continue
	}

	Invoke-ListPermissionInheritanceReset `
	-List $list `
	-WhatIf:$WhatIf.IsPresent
	}
	}
	end
	{
	}
	}

	function Invoke-SitePermissionInheritanceReset
	{
	[CmdletBinding()]
	param
	(
	[Parameter(Mandatory=$true)]
	[Microsoft.SharePoint.Client.Site]
	$Site,

	[Parameter(Mandatory=$false)]
	[switch]
	$WhatIf
	)

	begin
	{
	$webs = Get-PnPSubWeb -IncludeRootWeb -Recurse
	}
	process
	{
	foreach( $web in $webs )
	{
	Write-Verbose "$(Get-Date) - Web: $($web.ServerRelativeUrl)"

	Invoke-WebPermissionInheritanceReset `
	-Web $web `
	-WhatIf:$WhatIf.IsPresent
	}
	}
	end
	{
	}
	}

	Connect-PnPOnline `
	-Url "https://$env:O365_TENANT.sharepoint.com/sites/modernsite2" `
	-ClientId $env:O365_CLIENTID `
	-Thumbprint $env:O365_THUMBPRINT `
	-Tenant $env:O365_TENANTID

	<#

	## LIST EXAMPLE

	$list = Get-PnpList -Identity "PermTest01"

	Invoke-ListPermissionInheritanceReset -List $list

	## FOLDER EXAMPLE

	$list = Get-PnpList -Identity "PermTest01"

	$folder = Get-PnPFolder -Url "/sites/ModernSite2/PermTest01/Folder 1/Folder 2/Folder 3/Folder 4/Folder 5"

	Invoke-FolderPermissionInheritanceReset `
	-List $list `
	-Folder $folder `
	-CommitIdle 0 `
	-CommitInterval 5 `
	-Recurse `
	-Verbose


	## WEB EXAMPLE

	$web = Get-PnPWeb

	Invoke-WebPermissionInheritanceReset -Web $web


	## SITE EXAMPLE

	$site = Get-PnPSite

	Invoke-SitePermissionInheritanceReset -Site $site

	#>