从SharePoint中删除不需要的用户权限

Question

I have a POSH script that sets a user's access to a specific folder for some files to read.

The user's group gets assigned to the folder (which happens to be the same name).

I then created a new view, set it to default, and told it to display all files without folders.

This script has been working perfectly for 4 months but now some people want to use the mobile view and I am running into an issue. If a user does not have read access from the root directory to the folder in question, SharePoints mobile view will not show the folder.

For example the user has the following permissions set: Limited Access on the root Limited Access on the Alpha folder Read access to the folder under Alpha

I need to make it so a user can view this in the mobile view.

Here is my code:

#region Start
# Create Connection to stopwatch diagnostics
[Void][System.Diagnostics.Stopwatch] $sw;
# New Stopwatch object
$sw = New-Object System.Diagnostics.StopWatch;
# Stop any watches that might be running
$sw.Stop();                                         
$sw.Start();
clear
[int]$a = 0;
# Which folders to assign
[array]$sections = "Alpha","Bravo","Charlie","Delta";
[Void][System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint");
#endregion

#region The meat and potatoes
foreach ($section in $sections) {
    #region get the Directories
    $pathtowd = "\\path\to\webdav\$section";                                    # UNC Path to the pivots
    $dirs = Get-ChildItem $pathtowd | Where-Object { $_.Attributes -band [System.IO.FileAttributes]::Directory }
    #endregion

    #region Connect to SharePoint
    $SPSite = New-Object Microsoft.SharePoint.SPSite("http://sharepoint");                  # Connect to SharePoint
    $OpenWeb = $SpSite.OpenWeb("/Downloads");                                               # Subsite of downloads
    #endregion
    [int]$i = 0;                                                                            # Integer to increment
    foreach ($dir in $dirs) {
        $verify_groups = $OpenWeb.groups | ? {$_.Name -eq "$dir"; }                         # Verify the groups
        if ($verify_groups -ne $null) {
            if ($dir.ToString() -eq $verify_groups.ToString()) {
                $i++;                                                                       # Increment the groups
                Write-Host "[", $sw.Elapsed.ToString(), "] -",$dir -F Green;                # Output status
                $path = "http://sharepoint/Downloads/Pivots/$section/" + $dir;              # Set the Path
                $spc = $OpenWeb.SiteGroups;                                                 # SharePoint connection
                $group = $spc[$dir];                                                        # Directory
                $roleAssignment = New-Object Microsoft.SharePoint.SPRoleAssignment($group); # Role Assignment connection
                $OpenWeb.GetFolder($path).Item.BreakRoleInheritance("true");                # Break inheritance
                $roleAssignment.RoleDefinitionBindings.Add($OpenWeb.RoleDefinitions["Read"]);# Set permissions
                $OpenWeb.GetFolder($path).Item.RoleAssignments.Add($roleAssignment);        # Add the role
                $OpenWeb.GetFolder($path).Item.Update();
            }
            else { Write-Host "[", $sw.Elapsed.ToString(), "] -", $verify_groups " is empty"; }
        }
    }
    Write-Host '[' $sw.Elapsed.ToString() '] - found '$i' Folders' -f Red;                  # Output Status
    $SPSite.Dispose();                                                                      # Dispose the connection
    $OpenWeb.Dispose();
    $a = $a+$i;                                                                             # Total Folders
}
#endregion

$sw.Stop();                                                                             # Stop the timer
[string]$howlong = $sw.Elapsed.ToString();                                              # How long
write-host "Updated in Time: " $howlong -F Green;                                       # Last message

Answer 1

Found it. Took 4 hours straight of trial and error but it works. Hope this helps someone else out as well. Place before $OpenWeb.GetFolder($path).Item.Update();

$returnGroups = $OpenWeb.GetFolder($path).Item.RoleAssignments | `
        where {`
         ($_.RoleDefinitionBindings -eq $OpenWeb.RoleDefinitions["Limited Access"]) -and `
         ($_.RoleDefinitionBindings -notcontains $OpenWeb.RoleDefinitions["Read"])`
        };
        if ($returnGroups -not $null)
        {
         foreach ($item in $returnGroups)
         {
          Write-Host "Removing: " $item.Member;
          $OpenWeb.GetFolder($path).Item.RoleAssignments.Remove($spc[$item.Member]);
         }
        }