PowerShell code for adding AD groups to a VisualSVN repository using the WMI provider. This allows you to manage the repository access with Active Directory groups in ADUC, a huge deal inside large enterprises. I implemented this as part of a new repository creation script that setups up the AD groups, this was the only part with enough difficul…

set-visual-svn-permission.ps1

<# 

SVN Access Level Enum Values
----------------------------
No Access  = 0
Read Only  = 1
Read Write = 2

#>


$userAccountObj = @"
    public class UserAccount {
        public string SID;
        public int Access;

        public UserAccount(string SID, int Access) {
            this.SID = SID;
            this.Access = Access;
        }
    }
"@
Add-Type -TypeDefinition $userAccountObj -Language CSharp


function GetPermObject {
    param([string]$sid, [int]$access)
        
    ## Import System.Management assembly and create WMI objects
    Add-Type -Path $($env:systemroot\Microsoft.NET\Framework64\v2.0.50727\System.Management.dll)

    $connOpts = New-Object System.Management.ConnectionOptions
        
    $connOpts.Impersonation = [System.Management.ImpersonationLevel]::Impersonate;
    $connOpts.EnablePrivileges = $true;
    if ((-not $snv_host -like "localhost") -or (-not $svn_host -like "127.0.0.1")) {
        $connOpts.Username = $cred.UserName;
        $connOpts.SecurePassword = $cred.Password;
    }

    $scope = New-Object System.Management.ManagementScope([string]::Format("\\{0}\{1}", $svn_host, "root\VisualSVN"), $connOpts);
    $scope.Connect();
    
    $se = New-Object System.Management.ManagementPath -ArgumentList "VisualSVN_PermissionEntry";
    $secEntry = New-Object System.Management.ManagementClass($scope, $se, $null);
    
    $wa = New-Object System.Management.ManagementPath -ArgumentList "VisualSVN_WindowsAccount";
    $account = New-Object System.Management.ManagementClass($scope, $wa, $null);
    
    $account.SetPropertyValue("SID", $sid);

    $secEntry.SetPropertyValue("AccessLevel", $access);
    $secEntry.SetPropertyValue("Account", $account);
    
    $secEntry
}


function SetPermissions{
    param($repoObj, [string]$path, [object[]]$permissions)

    Add-Type -Path $($env:systemroot\Microsoft.NET\Framework64\v2.0.50727\System.Management.dll)

    $permsObj = New-Object System.Collections.ArrayList
    $permissions | ForEach-Object -Process { $permsObj.Add($(GetPermObject -sid $_.SID -access $_.Access)) };

    $inParams = $repoObj.GetMethodParameters("SetSecurity");
    $inParams.SetPropertyValue("Path", $path);
    $inParams.ResetChildren = $true
    $inParams.Permissions = $permsObj.ToArray();

    $repoObj.InvokeMethod("SetSecurity", $inParams, $null);    
}


## Set security on repository
Write-Host "Setting security on repository"
$ad_noaccess_group = Get-ADGroup -Filter {Name -like $noaccess_group}
$ad_read_group = Get-ADGroup -Filter {Name -like $read_group}
$ad_write_group = Get-ADGroup -Filter {Name -like $write_group}

$svn_groups = @()
$svn_groups += New-Object UserAccount -ArgumentList @($ad_noaccess_group.SID.Value, 0)
$svn_groups += New-Object UserAccount -ArgumentList @($ad_read_group.SID.Value, 1)
$svn_groups += New-Object UserAccount -ArgumentList @($ad_write_group.SID.Value, 2)

$repoObj = Get-WmiObject -ComputerName $svn_host -Namespace root\VisualSVN -Class VisualSVN_Repository | ? {$_.Name -like $repo_name}

if ($repoObj -ne $null) {
    SetPermissions -repoObj $repoObj -path "/" -permissions $svn_groups
} else { 
    Write-Warning "Cannot find group $repo_name!`nPermissions not set on repository."
}

VisualSVN Server now includes a PowerShell module that adds a number of PowerShell cmdlets. There are cmdlets to manage access rules: Get-SvnAccessRule, Add-SvnAccessRule, Select-SvnAccessRule and Remove-SvnAccessRule. Read more in the article KB88: VisualSVN Server PowerShell Cmdlet Reference.

Glad they finally got around to adding official PowerShell support.