Module: SharepointApi::Permissions

Included in:

SharepointApi

Defined in:

lib/sharepoint_api/permissions.rb

Instance Method Summary

• #add_group(group_name) ⇒ Object
• #add_role_assignment(path, principal_id, role_id) ⇒ Object

  Alternate version would be: def add_role_assignment(library_guid:, list_item_id:, principal_id:, role_id:) list_item_path = “Lists(guid’#@library_guid‘)/Items(#@list_item_id)” You would do it the above way if you had a problem with the file names being too long.

• #add_user_to_group(login_name, group_name) ⇒ Object
• #break_permission_inheritance_for(path, copy_role_assignments: false, clear_subscopes: true) ⇒ Object

  NO SPACES in url or Addressable::URI.encode the url.

• #fetch_role_assignments(path, principal_id: nil) ⇒ Object
• #find_group(group_name) ⇒ Object
• #find_role(role_name = 'Edit') ⇒ Object
• #list_item_for(path) ⇒ Object
• #remove_group(group_name) ⇒ Object

  This also removes any role definitions the groups is using.

• #remove_role_assignment(path, principal_id, role_id) ⇒ Object
• #remove_user_from_group(login_name, group_name) ⇒ Object

  Addressable::URI.encode does not encode ‘:#.` characters, which is a must for login names.

• #rename_group(old_group_name, new_group_name) ⇒ Object

  to rename a sp group when the acronym changes.

• #users_in_group(group_name) ⇒ Object

Instance Method Details

#add_group(group_name) ⇒ Object

# File 'lib/sharepoint_api/permissions.rb', line 37

def add_group(group_name)
  site.query(:post, 'SiteGroups', {
    '__metadata' => { 'type': 'SP.Group' },
    'Title' => group_name,
    'Description' => "Access Group for #{group_name}"
  }.to_json)
rescue Sharepoint::SPException => e
  log_as(__method__, e)
  false
end

#add_role_assignment(path, principal_id, role_id) ⇒ Object

Alternate version would be: def add_role_assignment(library_guid:, list_item_id:, principal_id:, role_id:)

list_item_path = "Lists(guid'#{@library_guid}')/Items(#{@list_item_id})"

You would do it the above way if you had a problem with the file names being too long.

# File 'lib/sharepoint_api/permissions.rb', line 151

def add_role_assignment(path, principal_id, role_id)
  server_path = server_relative_path(path)
  list_item_path = "GetFolderByServerRelativeUrl('#{server_path}')/ListItemAllFields"

  site.query( # returns nothing on success
    :post,
    "#{list_item_path}/RoleAssignments/AddRoleAssignment(PrincipalId=#{principal_id},RoleDefId=#{role_id})"
  )

  true
rescue Sharepoint::SPException => e
  log_as(__method__, e)
  false
end

#add_user_to_group(login_name, group_name) ⇒ Object

# File 'lib/sharepoint_api/permissions.rb', line 73

def add_user_to_group(login_name, group_name)
  user = site.query(:post, "SiteGroups/GetByName('#{group_name}')/Users", {
    '__metadata' => { 'type' => 'SP.User' }, 'LoginName' => login_name
  }.to_json)

  !user.nil?
rescue Sharepoint::SPException => e
  log_as(__method__, e)
  false
end

#break_permission_inheritance_for(path, copy_role_assignments: false, clear_subscopes: true) ⇒ Object

NO SPACES in url or Addressable::URI.encode the url.

# File 'lib/sharepoint_api/permissions.rb', line 15

def break_permission_inheritance_for(path, copy_role_assignments: false, clear_subscopes: true)
  server_path = server_relative_path(path)
  site.query(
    :post,
    "GetFolderByServerRelativeUrl('#{server_path}')/ListItemAllFields/" \
    "BreakRoleInheritance(CopyRoleAssignments=#{copy_role_assignments},ClearSubscopes=#{clear_subscopes})"
  )

  true # Anything other than an error is success
rescue Sharepoint::SPException => e
  log_as(__method__, e)
  nil
end

#fetch_role_assignments(path, principal_id: nil) ⇒ Object

# File 'lib/sharepoint_api/permissions.rb', line 116

def fetch_role_assignments(path, principal_id: nil)
  server_path = server_relative_path(path)
  list_item_path = "GetFolderByServerRelativeUrl('#{server_path}')/ListItemAllFields"
  query = '$expand=Member,RoleDefinitionBindings&$select=RoleDefinitionBindings/Name&$select=RoleDefinitionBindings/Id,PrincipalId,Member/LoginName'

  unless principal_id.nil?
    principal_filter = encode_path("PrincipalId eq #{principal_id}")
    query += "&$filter=#{principal_filter}"
  end

  response = site.query(:get, "#{list_item_path}/RoleAssignments?#{query}")

  formatted = response.map do |assignment|
    data = assignment.data

    current_roles = data['RoleDefinitionBindings']['results'].map { |rdb| { role_id: rdb['Id'], role_name: rdb['Name'] } }

    {
      login_name: data['Member']['LoginName'],
      principal_id: data['PrincipalId'],
      roles: current_roles
    }
  end

  principal_id.nil? ? formatted : formatted.first
rescue Sharepoint::SPException => e
  log_as(__method__, e)
  false
end

#find_group(group_name) ⇒ Object

# File 'lib/sharepoint_api/permissions.rb', line 29

def find_group(group_name)
  escaped_group_name = encode_path(group_name)
  site.query(:get, "SiteGroups/GetByName('#{escaped_group_name}')")
rescue Sharepoint::SPException => e
  log_as(__method__, e)
  nil
end

#find_role(role_name = 'Edit') ⇒ Object

# File 'lib/sharepoint_api/permissions.rb', line 108

def find_role(role_name = 'Edit')
  escaped_role_name = encode_path(role_name)
  site.query :get, "RoleDefinitions/GetByName('#{escaped_role_name}')"
rescue Sharepoint::SPException => e
  log_as(__method__, e)
  false
end

#list_item_for(path) ⇒ Object

# File 'lib/sharepoint_api/permissions.rb', line 5

def list_item_for(path)
  server_path = server_relative_path(path)
  site.query(:get, "GetFolderByServerRelativeUrl('#{server_path}')/ListItemAllFields")
rescue Sharepoint::SPException => e
  log_as(__method__, e)
  nil
end

#remove_group(group_name) ⇒ Object

This also removes any role definitions the groups is using.

# File 'lib/sharepoint_api/permissions.rb', line 66

def remove_group(group_name)
  site.query(:post, "SiteGroups/RemoveByLoginName('#{group_name}')")
rescue Sharepoint::SPException => e
  log_as(__method__, e)
  false
end

#remove_role_assignment(path, principal_id, role_id) ⇒ Object

# File 'lib/sharepoint_api/permissions.rb', line 166

def remove_role_assignment(path, principal_id, role_id)
  server_path = server_relative_path(path)
  list_item_path = "GetFolderByServerRelativeUrl('#{server_path}')/ListItemAllFields"

  site.query( # returns nothing on success
    :post,
    "#{list_item_path}/RoleAssignments/RemoveRoleAssignment(PrincipalId=#{principal_id},RoleDefId=#{role_id})"
  )

  true
rescue Sharepoint::SPException => e
  log_as(__method__, e)
  false
end

#remove_user_from_group(login_name, group_name) ⇒ Object

Addressable::URI.encode does not encode ‘:#.` characters, which is a must for login names.

# File 'lib/sharepoint_api/permissions.rb', line 87

def remove_user_from_group(login_name, group_name)
  encoded_login_name = ERB::Util.url_encode(login_name)
  site.query(
    :post,
    "SiteGroups/GetByName('#{group_name}')/" \
    "Users/RemoveByLoginName(@v)?@v='#{encoded_login_name}'"
  )

  true
rescue Sharepoint::SPException => e
  log_as(__method__, e)
  false
end

#rename_group(old_group_name, new_group_name) ⇒ Object

to rename a sp group when the acronym changes

# File 'lib/sharepoint_api/permissions.rb', line 49

def rename_group(old_group_name, new_group_name)
  escaped_group_name = encode_path(old_group_name)
  site.query(:post, "SiteGroups/GetByName('#{escaped_group_name}')", {
    '__metadata' => { 'type': 'SP.Group' },
    'Title' => new_group_name,
    'Description' => "Access Group for #{new_group_name}"
  }.to_json) do |curl|
    curl.headers['X-HTTP-Method'] = 'MERGE'
  end
  true
rescue Sharepoint::SPException => e
  log_as(__method__, e)
  false
end

#users_in_group(group_name) ⇒ Object

# File 'lib/sharepoint_api/permissions.rb', line 101

def users_in_group(group_name)
  site.query(:get, "SiteGroups/GetByName('#{group_name}')/Users")
rescue Sharepoint::SPException => e
  log_as(__method__, e)
  nil
end