@ -47,6 +47,7 @@ $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "b
$name = Get-AnsibleParam -obj $params -name " name " -type " str " -failifempty $true
$state = Get-AnsibleParam -obj $params -name " state " -type " str " -default " present " -validateset " present " , " absent "
$rule_action = Get-AnsibleParam -obj $params -name " rule_action " -type " str " -default " set " -validateset " set " , " add "
if ( -not ( Get-Command -Name Get-SmbShare -ErrorAction SilentlyContinue ) ) {
Fail-Json $result " The current host does not support the -SmbShare cmdlets required by this module. Please run on Server 2012 or Windows 8 and later "
@ -151,6 +152,7 @@ If ($state -eq "absent") {
# remove permissions
$permissions = Get-SmbShareAccess -Name $name
if ( $rule_action -eq " set " ) {
ForEach ( $permission in $permissions ) {
If ( $permission . AccessControlType -eq " Deny " ) {
$cim_count = 0
@ -213,6 +215,23 @@ If ($state -eq "absent") {
}
}
}
} ElseIf ( $rule_action -eq " add " ) {
ForEach ( $permission in $permissions ) {
If ( $permission . AccessControlType -eq " Deny " ) {
If ( $permissionDeny . Contains ( $permission . AccountName ) ) {
$permissionDeny . Remove ( $permission . AccountName )
}
} ElseIf ( $permission . AccessControlType -eq " Allow " ) {
If ( $permissionFull . Contains ( $permission . AccountName ) -and $permission . AccessRight -eq " Full " ) {
$permissionFull . Remove ( $permission . AccountName )
} ElseIf ( $permissionChange . Contains ( $permission . AccountName ) -and $permission . AccessRight -eq " Change " ) {
$permissionChange . Remove ( $permission . AccountName )
} ElseIf ( $permissionRead . Contains ( $permission . AccountName ) -and $permission . AccessRight -eq " Read " ) {
$permissionRead . Remove ( $permission . AccountName )
}
}
}
}
# add missing permissions
ForEach ( $user in $permissionRead ) {