From 867b7a964901fa34edfd44206ecab383cde47e2f Mon Sep 17 00:00:00 2001 From: Hans-Joachim Kliemeck Date: Thu, 22 Oct 2015 14:22:50 +0200 Subject: [PATCH] fixed bugs with flipped protection attribute --- .../extras/windows/win_acl_inheritance.ps1 | 26 +++++++++++-------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/lib/ansible/modules/extras/windows/win_acl_inheritance.ps1 b/lib/ansible/modules/extras/windows/win_acl_inheritance.ps1 index 35b6809d0e..0d808bb8c4 100644 --- a/lib/ansible/modules/extras/windows/win_acl_inheritance.ps1 +++ b/lib/ansible/modules/extras/windows/win_acl_inheritance.ps1 @@ -38,20 +38,14 @@ Try { $inheritanceEnabled = !$objACL.AreAccessRulesProtected If (($state -eq "present") -And !$inheritanceEnabled) { - If ($reorganize) { - $objACL.SetAccessRuleProtection($True, $True) - } Else { - $objACL.SetAccessRuleProtection($True, $False) - } - - Set-ACL $path $objACL - Set-Attr $result "changed" $true; - } - Elseif (($state -eq "absent") -And $inheritanceEnabled) { # second parameter is ignored if first=$False $objACL.SetAccessRuleProtection($False, $False) If ($reorganize) { + # it wont work without intermediate save, state would be the same + Set-ACL $path $objACL + $objACL = Get-ACL $path + # convert explicit ACE to inherited ACE ForEach($inheritedRule in $objACL.Access) { If (!$inheritedRule.IsInherited) { @@ -59,7 +53,7 @@ Try { } ForEach($explicitRrule in $objACL.Access) { - If ($inheritedRule.IsInherited) { + If ($explicitRrule.IsInherited) { Continue } @@ -70,6 +64,16 @@ Try { } } + Set-ACL $path $objACL + Set-Attr $result "changed" $true; + } + Elseif (($state -eq "absent") -And $inheritanceEnabled) { + If ($reorganize) { + $objACL.SetAccessRuleProtection($True, $True) + } Else { + $objACL.SetAccessRuleProtection($True, $False) + } + Set-ACL $path $objACL Set-Attr $result "changed" $true; }