fixed bugs with flipped protection attribute

2024-09-14 20:13:21 +02:00 · 2015-10-22 14:22:50 +02:00 · 2015-10-22 14:22:50 +02:00 · 867b7a9649
commit 867b7a9649
parent 632df80276
1 changed files with 15 additions and 11 deletions
--- a/lib/ansible/modules/extras/windows/win_acl_inheritance.ps1
+++ b/lib/ansible/modules/extras/windows/win_acl_inheritance.ps1
@ -38,20 +38,14 @@ Try {
    $inheritanceEnabled = !$objACL.AreAccessRulesProtected

    If (($state -eq "present") -And !$inheritanceEnabled) {
-        If ($reorganize) {
-            $objACL.SetAccessRuleProtection($True, $True)
-        } Else {
-            $objACL.SetAccessRuleProtection($True, $False)
-        }
-
-        Set-ACL $path $objACL
-        Set-Attr $result "changed" $true;
-    }
-    Elseif (($state -eq "absent") -And $inheritanceEnabled) {
        # second parameter is ignored if first=$False
        $objACL.SetAccessRuleProtection($False, $False)

        If ($reorganize) {
+            # it wont work without intermediate save, state would be the same
+            Set-ACL $path $objACL
+            $objACL = Get-ACL $path
+
            # convert explicit ACE to inherited ACE
            ForEach($inheritedRule in $objACL.Access) {
                If (!$inheritedRule.IsInherited) {
@ -59,7 +53,7 @@ Try {
                }

                ForEach($explicitRrule in $objACL.Access) {
-                    If ($inheritedRule.IsInherited) {
+                    If ($explicitRrule.IsInherited) {
                        Continue
                    }

@ -70,6 +64,16 @@ Try {
            }
        }

+        Set-ACL $path $objACL
+        Set-Attr $result "changed" $true;
+    }
+    Elseif (($state -eq "absent") -And $inheritanceEnabled) {
+        If ($reorganize) {
+            $objACL.SetAccessRuleProtection($True, $True)
+        } Else {
+            $objACL.SetAccessRuleProtection($True, $False)
+        }
+
        Set-ACL $path $objACL
        Set-Attr $result "changed" $true;
    }