Support NTFS permission ensure for shares

2026-03-29 23:13:17 +02:00
parent 54be771569
commit ae65f8e758
3 changed files with 52 additions and 6 deletions
--- a/LiamNtfs/C4IT.LIAM.Ntfs.cs
+++ b/LiamNtfs/C4IT.LIAM.Ntfs.cs
@@ -896,12 +896,33 @@ namespace C4IT.LIAM
            bool ensureTraverseGroups = false,
            bool whatIf = false)
        {
-            if (!IsPermissionManagedFolderPath(folderPath))
+            var classification = ClassifyPath(folderPath);
+            if (!IsSupportedPermissionManagedPathKind(classification, eNtfsPathKind.Folder, eNtfsPathKind.ClassicShare, eNtfsPathKind.DfsLink))
            {
                return Task.FromResult(new ResultToken(System.Reflection.MethodBase.GetCurrentMethod().ToString())
                {
                    resultErrorId = 30008,
-                    resultMessage = $"NTFS permission ensure is only supported for folder paths. Shares, DFS namespaces and server roots are skipped: {folderPath}"
+                    resultMessage = $"NTFS permission ensure is only supported for folder and share paths. DFS namespaces and server roots are skipped: {folderPath}"
+                });
+            }
+
+            string matchingConfigurationKey;
+            string matchingRule;
+            if (IsPathBlacklisted(classification, out matchingConfigurationKey, out matchingRule))
+            {
+                return Task.FromResult(new ResultToken(System.Reflection.MethodBase.GetCurrentMethod().ToString())
+                {
+                    resultErrorId = 30008,
+                    resultMessage = $"NTFS permission ensure skipped for '{folderPath}' due to AdditionalConfiguration rule '{matchingConfigurationKey}={matchingRule}'."
+                });
+            }
+
+            if (!IsPathWhitelisted(classification, false, out matchingConfigurationKey, out matchingRule))
+            {
+                return Task.FromResult(new ResultToken(System.Reflection.MethodBase.GetCurrentMethod().ToString())
+                {
+                    resultErrorId = 30008,
+                    resultMessage = $"NTFS permission ensure skipped for '{folderPath}' because no AdditionalConfiguration whitelist matched."
                });
            }

@@ -915,7 +936,12 @@ namespace C4IT.LIAM
                writerSids);
            engine.WhatIf = whatIf;

-            return Task.FromResult(engine.ensureDataAreaPermissions(ensureTraverseGroups));
+            var allowTraverseGroups = classification.Kind == eNtfsPathKind.Folder && ensureTraverseGroups;
+            var resultToken = engine.ensureDataAreaPermissions(allowTraverseGroups);
+            if (!allowTraverseGroups && ensureTraverseGroups)
+                resultToken.warnings.Add($"Traverse groups are currently only ensured for folder paths. Traverse processing was skipped for '{folderPath}'.");
+
+            return Task.FromResult(resultToken);
        }

        private DataArea_FileSystem CreateFilesystemEngine(
@@ -985,9 +1011,19 @@ namespace C4IT.LIAM
        }

        public bool IsPermissionManagedFolderPath(string path)
+        {
+            return IsPermissionManagedPath(path, eNtfsPathKind.Folder);
+        }
+
+        public bool IsPermissionManagedSharePath(string path)
+        {
+            return IsPermissionManagedPath(path, eNtfsPathKind.ClassicShare, eNtfsPathKind.DfsLink);
+        }
+
+        private bool IsPermissionManagedPath(string path, params eNtfsPathKind[] supportedKinds)
        {
            var classification = ClassifyPath(path);
-            if (classification == null || classification.Kind != eNtfsPathKind.Folder)
+            if (!IsSupportedPermissionManagedPathKind(classification, supportedKinds))
                return false;

            string matchingConfigurationKey;
@@ -998,6 +1034,14 @@ namespace C4IT.LIAM
            return IsPathWhitelisted(classification, false, out matchingConfigurationKey, out matchingRule);
        }

+        private static bool IsSupportedPermissionManagedPathKind(cNtfsPathClassification classification, params eNtfsPathKind[] supportedKinds)
+        {
+            if (classification == null || supportedKinds == null || supportedKinds.Length == 0)
+                return false;
+
+            return supportedKinds.Contains(classification.Kind);
+        }
+
        private IEnumerable<IAM_SecurityGroupTemplate> BuildSecurityGroupTemplates()
        {
            var templates = new List<IAM_SecurityGroupTemplate>();
--- a/LiamWorkflowActivities/C4IT.LIAM.WorkflowActivities.cs
+++ b/LiamWorkflowActivities/C4IT.LIAM.WorkflowActivities.cs
@@ -909,7 +909,7 @@ namespace C4IT.LIAM.Activities
        public InArgument<Guid> ConfigID { get; set; }

        [Category("Input")]
-        [DisplayName("Folder Path")]
+        [DisplayName("Path")]
        [RequiredArgument]
        public InArgument<string> FolderPath { get; set; }

--- a/LiamWorkflowActivities/LiamWorkflowRuntime.cs
+++ b/LiamWorkflowActivities/LiamWorkflowRuntime.cs
@@ -420,7 +420,9 @@ namespace LiamWorkflowActivities
            if (!IsAdditionalConfigurationEnabled(provider, "EnsureNtfsPermissionGroups"))
                return true;

-            foreach (var ntfsArea in dataAreas.OfType<cLiamNtfsFolder>())
+            foreach (var ntfsArea in dataAreas
+                .Where(dataArea => dataArea is cLiamNtfsFolder || dataArea is cLiamNtfsShare)
+                .Cast<cLiamNtfsPermissionDataAreaBase>())
            {
                var folderPath = ntfsArea.TechnicalName;
                if (string.IsNullOrWhiteSpace(folderPath))