SharePoint: read security setting from CSV and apply them

1. # CSV (from EXCEL)
2. #Group Name,Folder Url,U1,U2,U3,U4,U5,U6,U7,U8,U9,U10,U11,U12
3. #Food Services,/sites/Policies/ACME1/Food Services,dtlynnf,,,,,,,,,,,
4. #Lab Services,/sites/Policies/ACME1/Lab Services,lbkathys,issimone,,,,,,,,,,
5. #Laundry and Linen,/sites/Policies/ACME1/Laundry,lnyvonne,lnkay,,,,,,,,,,
6.  
7. $w = Get-SPWeb http://acmeportal.acme.bm/sites/Policies
8. $ownerLogin = "acme\pinky"
9. $csvPath = "C:\temp\20150409\newGroups.csv"
10.  
11. $roleRead = "Read"
12. $roleContributeNotDelete = "Contribute not Delete"
13. $roleContribute = "Contribute"
14.  
15. $groupPoliciesVisitors = "Policies Visitors"
16. $groupPoliciesMembers = "Policies Members"
17.  
18. $grpPoliciesVisitors = $w.SiteGroups[$groupPoliciesVisitors]
19. if($grpPoliciesVisitors -eq $null){
20.     throw "Error"
21. }
22.  
23. $grpPoliciesMembers = $w.SiteGroups[$groupPoliciesMembers]
24. if($grpPoliciesMembers -eq $null){
25.     throw "Error"
26. }
27.  
28. $roleDefRead = $w.RoleDefinitions[$roleRead]
29. if($roleDefRead -eq $null){
30.     throw "Error"
31. }
32.  
33. $roleDefContribute = $w.RoleDefinitions[$roleContribute]
34. if($roleDefContribute -eq $null){
35.     throw "Error"
36. }
37.  
38. $roleDefContributeNotDelete = $w.RoleDefinitions[$roleContributeNotDelete]
39. if($roleDefContributeNotDelete -eq $null){
40.     throw "Error"
41. }
42.  
43.  
44. $lists = @( "ACME1", "ACME2")
45.  
46.  
47. function createGroups(){
48.     $recs = Import-Csv -Path $csvPath
49.     $owner = $w.EnsureUser($ownerLogin)
50.  
51.     foreach($rec in $recs){
52.         $grName = $rec."Group Name"
53.         $w.SiteGroups.Add($grName, $owner, $null, '')
54.         $g = $w.SiteGroups[$grName]
55.         Write-Host "Created group: $($g.Name)"
56.         foreach($i in 1..12){
57.             $memberX = $rec."U$($i)"
58.             if($memberX -ne $null -and $memberX -ne ""){
59.                 $uu = Get-SPUser -Web $w -Identity "acme\$($memberX)" -ErrorAction SilentlyContinue
60.                 if($uu -ne $null){
61.                     $g.AddUser($uu)
62.                     Write-Host "Added user: $($uu.DisplayName)"
63.                 }
64.             }
65.         }
66.         $g.Update()
67.     }
68. }
69.  
70. function addSecurity(){
71.     $recs = Import-Csv -Path $csvPath
72.     $owner = $w.EnsureUser($ownerLogin)
73.  
74.     foreach($listName in $lists){
75.         $l = $w.Lists.TryGetList($listName)
76.         if($l -ne $null){
77.             setListSecurity $l
78.         }
79.     }
80.  
81.     foreach($rec in $recs){
82.         $grName = $rec."Group Name"
83.         $g = $w.SiteGroups[$grName]
84.         if($g -eq $null){
85.             write-host "Group `"$($grName)`" does not exist"
86.         } else {
87.             write-host "Processing group $($grName)"
88.             $fldUrl = $rec."Folder Url"
89.             if($fldUrl -ne $null -and $fldUrl -ne ""){
90.                 $fld = $w.GetFolder($fldUrl)
91.                 if($fld.Exists){
92.                     setFolderSecurity $fld $g
93.                 } else {
94.                     Write-Host $("Folder `"" + $rec."Folder Url" + "`" does not exist")
95.                 }
96.             } else {
97.                 Write-Host "Folder not specified"
98.             }
99.         }
100.     }
101. }
102.  
103. function setListSecurity($l){
104.     $l.BreakRoleInheritance($false)
105.     $roleAssigment = new-object Microsoft.SharePoint.SPRoleAssignment($grpPoliciesMembers)
106.     $roleAssigment.RoleDefinitionBindings.Add($roleDefContribute)
107.     $l.RoleAssignments.Add($roleAssigment)
108.  
109.     $roleAssigment = new-object Microsoft.SharePoint.SPRoleAssignment($grpPoliciesVisitors)
110.     $roleAssigment.RoleDefinitionBindings.Add($roleDefRead)
111.     $l.RoleAssignments.Add($roleAssigment)
112. }
113.  
114. function setFolderSecurity($fld, $grp){
115.     # add admins
116.     setFolderSecurityLevel $fld $grpPoliciesMembers $roleDefContribute
117.    
118.     # add viewers
119.     setFolderSecurityLevel $fld $grpPoliciesVisitors $roleDefRead
120.    
121.     # add contributor not delete
122.     setFolderSecurityLevel $fld $grp $roleDefContributeNotDelete
123.  
124. }
125.  
126. function setFolderSecurityLevel($fld, $grp, $permLevel){
127.     #$fld.ServerRelativeUrl
128.     #$grp.Name
129.     #$permLevel.Name
130.    
131.     $item = $fld.Item
132.     if($item -eq $null){
133.         Write-Host "No item"
134.     } else {
135.         $item.BreakRoleInheritance($false)
136.  
137.         $roleAssigment = new-object Microsoft.SharePoint.SPRoleAssignment($grp)
138.         $roleAssigment.RoleDefinitionBindings.Add($permLevel)
139.         $item.RoleAssignments.Add($roleAssigment)
140.     }
141. }
142.  
143. function cleanSecurity() {
144.     foreach($listName in $lists){
145.         $l = $w.Lists.TryGetList($listName)
146.         if($l -ne $null){
147.             Write-Host -NoNewline "Processing list $($listName): "
148.             $l.ResetRoleInheritance()
149.  
150.             $query = new-object  -TypeName "Microsoft.SharePoint.SPQuery"
151.             $query.ViewAttributes = "Scope=`"RecursiveAll`""
152.             $items = $l.GetItems($query)
153.  
154.             $c = 0
155.             foreach($item in $items){
156.                 $c++
157.                 if($item.HasUniqueRoleAssignments){
158.                     $item.ResetRoleInheritance()
159.                     Write-Host -NoNewline "+"
160.                 }
161.                 if(($c % 100) -eq 0){
162.                     Write-Host -NoNewline "."
163.                 }
164.             }
165.             Write-Host " done"
166.         }
167.     }
168. }
169.  
170. # run cleanSecurity and then addSecurity