dsd

1. function Get-SPUserEffectivePermissions() {
2. [CmdletBinding(DefaultParameterSetName="Farm")]
3. param (
4. [Parameter(Mandatory=$true, Position=0)]
5. [ValidateNotNull()]
6. [object[]]$users,
7.  
8. [Parameter(Mandatory=$true, ValueFromPipeline=$true, Position=1)]
9. [ValidateNotNull()]
10. [Microsoft.SharePoint.SPSecurableObject]$InputObject
11. )
12. begin { }
13. process {
14. $so = $InputObject
15.  
16. if ($so -isnot [Microsoft.SharePoint.SPSecurableObject]) {
17. throw "A valid SPWeb, SPList, or SPListItem must be provided."
18. }
19.  
20. foreach ($user in $users) {
21. # Set the users login name
22. $loginName = $user
23. if ($user -is [Microsoft.SharePoint.SPUser] -or $user -is [PSCustomObject]) {
24. $loginName = $user.LoginName
25. }
26. if ($loginName -eq $null) {
27. throw "The provided user is null or empty. Specify a valid SPUser object or login name."
28. }
29. # Determine the URL to the securable object being evaluated
30. $resource = $null
31. $webApp = $null
32. if ($so -is [Microsoft.SharePoint.SPWeb]) {
33. $resource = $so.Url
34. $webApp = $so.Site.WebApplication
35. } elseif ($so -is [Microsoft.SharePoint.SPList]) {
36. $resource = $so.ParentWeb.Site.MakeFullUrl($so.RootFolder.ServerRelativeUrl)
37. $webApp = $so.ParentWeb.Site.WebApplication
38. } elseif ($so -is [Microsoft.SharePoint.SPListItem]) {
39. $resource = $so.ParentList.ParentWeb.Site.MakeFullUrl($so.Url)
40. $webAPp = $so.ParentList.ParentWeb.Site.WebApplication
41. }
42. if ($webApp.UseClaimsAuthentication -and !$loginName.Contains("|")) {
43. $claim = [Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager]::CreateUserClaim($loginName, "Windows")
44. $loginName = [Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager]::Local.EncodeClaim($claim)
45. }
46.  
47.  
48. # Get the users permission details.
49. $permInfo = $so.GetUserEffectivePermissionInfo($loginName)
50.  
51.  
52. # Get the role assignments and iterate through them
53. $roleAssignments = $permInfo.RoleAssignments
54. if ($roleAssignments.Count -gt 0) {
55. foreach ($roleAssignment in $roleAssignments) {
56. $member = $roleAssignment.Member
57.  
58. # Build a string array of all the permission level names
59. $permName = @()
60. foreach ($definition in $roleAssignment.RoleDefinitionBindings) {
61. $permName += $definition.Name
62. }
63.  
64. # Determine how the users permissions were assigned
65. $assignment = "Direct Assignment"
66. if ($member -is [Microsoft.SharePoint.SPGroup]) {
67. $assignment = $member.Name
68. } else {
69. if ($member.IsDomainGroup -and ($member.LoginName -ne $loginName)) {
70. $assignment = $member.LoginName
71. }
72. }
73.  
74. # Create a hash table with all the data
75. $hash = @{
76. Resource = $resource
77. "Resource Type" = $so.GetType().Name
78. User = $loginName
79. Permission = $permName -join ", "
80. "Granted By" = $assignment
81. }
82.  
83. # Convert the hash to an object and output to the pipeline
84. New-Object PSObject -Property $hash
85. }
86. }
87. }
88. }
89. end {}
90. }