asked on

Set SharePoint permission on a folder using SPQuery \ CAML

I need to set permissions on a lot of SharePoint folders in a document library but I don't want to have to spin through all folders to find the specific one each time. I have to set permissions on about 1000 folders and have an XML document where I'm getting the folders and their permissions from.

I have the script about 90% written using a CAML query to get the specific folder. (This works fine and returns the specific folder I'm looking for)

        $spQuery = New-Object Microsoft.SharePoint.SPQuery
	 	$spQuery.Query =	"<OrderBy>
								<FieldRef Name=BaseName Ascending=TRUE></FieldRef>
							</OrderBy>
							<Where>
								<And>
								    <Eq><FieldRef Name=ContentType/><Value Type=Text>Folder</Value></Eq>
								    <Eq><FieldRef Name=BaseName/><Value Type=Text>$folderName</Value></Eq>
								</And>
							</Where>"
		$spQuery.ViewAttributes = "Scope=RecursiveAll"
		
        $spListItems = $spList.GetItems($spQuery)

Open in new window

However, when I try to set the $currentFolder, it is an SPFolder instead of SPItem.

			foreach ($spListItem in $spListItems)
            {
			
				$currentItem = $spListItem.Name
				$folderName = $spListItem.Folder.URL
				$folderName = $folderName.Replace($currentItem,"")
								
				$RelativeFolderURL = $spListItem.URL
				$currentFolder =$SPWeb.GetFolder($RelativeFolderURL)
				
			GrantGroupPermission $currentFolder
			}

Open in new window

And the method to break inheritance and set permissions is only available on an SPItem object

  function GrantGroupPermission($groupName)
  {
   [Microsoft.SharePoint.SPGroupCollection]$spgroups = $web.SiteGroups
   [Microsoft.SharePoint.SPGroup]$spgroup = $spgroups[$groupName]
   $sproleass=new-object Microsoft.SharePoint.SPRoleAssignment([Microsoft.SharePoint.SPPrincipal]$spgroup)
[b][u]#The Next Line Breaks[/u][/b]
   $folder.BreakRoleInheritance("true")
   $sproleass.RoleDefinitionBindings.Add($web.RoleDefinitions["Contribute"])
[b][u]#This Line Doesn't Work Either[/u][/b]
   $folder.RoleAssignments.Add($sproleass);
   Write-Host "Permission provided for group ", $groupName
  }

Open in new window

I've attached 2 files.
One that works when I explicitly give it a folder name.
The second is my script that I'm trying to use CAML to get the folder name

I'm hoping someone here will be able to help figure this out.
WorkingAddPermissions.txt
SetPermissions.txt

colly92002

Use this:
folder.Item.BreakRoleInheritance(true);

.item will get you the SPListItem of the folder.

Doug

ASKER

Colly,
Thank you very much for the response. I tried your suggestion previously, and again just to make sure. I got the following error(s).

I've also included a screencap of how it looks without the $folder.item....

Thank you again for helping.

Rainer Jeschor

Hi,
which SharePoint version and edition?
Thanks.
Rainer

Doug

ASKER

SP 2010 Enterprise

ASKER CERTIFIED SOLUTION

colly92002

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Doug

ASKER

I think that was it! I was casting it to an item instead of letting the object cast itself. I'm going to run through a couple more to verify but I think that was it.
FolderObject.gif

Doug

ASKER

Colly, you rock! That was exactly it.

Do you know what the logic is behind why this fails? In normal programming, you can cast a string as an integer to use it in a calculation. Any insight as to why this didn't work would be appreciated.

colly92002

It's because you are casting an object to another type that does not allow it (probably because it is incompatible) and this results in a null object.

These articles will probably explain it better than I can:
http://www.blackwasp.co.uk/CSharpAs.aspx
http://www.codeproject.com/Articles/447634/A-Beginners-Tutorial-Type-Casting-and-Type-Convers
http://www.codeproject.com/Articles/5044/Cheat-Sheet-Casting-in-VB-NET-and-C