Throws error message if using wrong parameters

johlju · johlju · commit 5ba83db77a17 · 2019-04-04T19:00:54.000+02:00
diff --git a/Modules/ComputerManagementDsc/DSCResources/MSFT_SmbShare/MSFT_SmbShare.psm1 b/Modules/ComputerManagementDsc/DSCResources/MSFT_SmbShare/MSFT_SmbShare.psm1
@@ -245,6 +245,8 @@ function Set-TargetResource
         $Ensure = 'Present'
     )
 
+    Assert-AccessPermissionParameters @PSBoundParameters
+
     <#
         Copy the $PSBoundParameters to a new hash table, so we have the
         original intact.
@@ -332,19 +334,6 @@ function Set-TargetResource
             }
 
             New-SmbShare @smbShareParameters -ErrorAction 'Stop'
-
-            <#
-                The group 'Everyone' is automatically given read access by
-                the cmdlet New-SmbShare, if ReadAccess is set to @().
-
-                if ReadAccess was specified in the configuration, and if
-                ReadAccess is set to @(), then this removes that access
-                permission,
-            #>
-            if ($PSBoundParameters.ContainsKey('ReadAccess') -and -not $ReadAccess)
-            {
-                Remove-SmbShareAccessPermission -Name $Name -ReadAccess $ReadAccess
-            }
         }
     }
 }
@@ -460,6 +449,8 @@ function Test-TargetResource
         $Ensure = 'Present'
     )
 
+    Assert-AccessPermissionParameters @PSBoundParameters
+
     Write-Verbose -Message ($script:localizedData.TestTargetResourceMessage -f $Name)
 
     $testTargetResourceResult = $false
@@ -777,3 +768,90 @@ function Add-SmbShareAccessPermission
         }
     }
 }
+
+<#
+    .SYNOPSIS
+        Assert that not only empty collections are passed in the
+        respectively access permission collections (FullAccess,
+        ChangeAccess, ReadAccess, and NoAccess).
+
+    .PARAMETER Name
+        The name of the SMB share to add access permission to.
+
+    .PARAMETER FullAccess
+        A string collection of account names that should have full access
+        permission. The accounts in this collection will be added to the
+        SMB share.
+
+    .PARAMETER ChangeAccess
+        A string collection of account names that should have change access
+        permission. The accounts in this collection will be added to the
+        SMB share.
+
+    .PARAMETER ReadAccess
+        A string collection of account names that should have read access
+        permission. The accounts in this collection will be added to the
+        SMB share.
+
+    .PARAMETER NoAccess
+        A string collection of account names that should be denied access
+        to the SMB share. The accounts in this collection will be added to
+        the SMB share.
+
+    .PARAMETER RemainingParameters
+        Container for the rest of the potentially splatted parameters from
+        the $PSBoundParameters object.
+
+    .NOTES
+        The group 'Everyone' is automatically given read access by
+        the cmdlet New-SmbShare if all access permission parameters
+        (FullAccess, ChangeAccess, ReadAccess, NoAccess) is set to @().
+        For that reason we are need either none of the parameters, or
+        at least one to specify an account.
+
+#>
+function Assert-AccessPermissionParameters
+{
+    param
+    (
+        [Parameter()]
+        [System.String[]]
+        $FullAccess,
+
+        [Parameter()]
+        [System.String[]]
+        $ChangeAccess,
+
+        [Parameter()]
+        [System.String[]]
+        $ReadAccess,
+
+        [Parameter()]
+        [System.String[]]
+        $NoAccess,
+
+        [Parameter(ValueFromRemainingArguments)]
+        [System.Collections.Generic.List`1[System.Object]]
+        $RemainingParameters
+    )
+
+    <#
+        First check if ReadAccess is monitored (part of the configuration).
+        If it is not monitored, then we don't need to worry if Everyone is
+        added.
+    #>
+    if ($PSBoundParameters.ContainsKey('ReadAccess') -and -not $ReadAccess)
+    {
+        $fullAccessHasNoMembers = $PSBoundParameters.ContainsKey('FullAccess') -and -not $FullAccess
+        $changeAccessHasNoMembers = $PSBoundParameters.ContainsKey('ChangeAccess') -and -not $ChangeAccess
+        $noAccessHasNoMembers = $PSBoundParameters.ContainsKey('NoAccess') -and -not $NoAccess
+        <#
+            If ReadAccess should have no members, then we need at least one
+            member in one of the other access permission collections.
+        #>
+        if ($fullAccessHasNoMembers -and $changeAccessHasNoMembers -and $noAccessHasNoMembers)
+        {
+            New-InvalidArgumentException -Message $script:localizedData.WrongAccessParameters -ArgumentName 'FullAccess, ChangeAccess, ReadAccess, NoAccess'
+        }
+    }
+}
diff --git a/Modules/ComputerManagementDsc/DSCResources/MSFT_SmbShare/en-US/MSFT_SmbShare.strings.psd1 b/Modules/ComputerManagementDsc/DSCResources/MSFT_SmbShare/en-US/MSFT_SmbShare.strings.psd1
@@ -14,4 +14,5 @@ ConvertFrom-StringData @'
     UnblockAccess = Revoking denied permission for account '{0}' on the SMB share with the name '{1}'.
     GrantAccess = Granting '{0}' permission for account '{1}' on the SMB share with the name '{2}'.
     DenyAccess = Denying permission for account '{0}' on the SMB share with the name '{1}'.
+    WrongAccessParameters = Not allowed to have all access permission parameters set to empty collections. Must either remove the access permission parameters completely, or add at least one member to one of the access permission parameters.
 '@
diff --git a/Tests/Unit/MSFT_SmbShare.Tests.ps1 b/Tests/Unit/MSFT_SmbShare.Tests.ps1
