How To: Automatically set Umbraco folder permissions after AppVeyor deploy

We've been playing more with AppVeyor over the past few weeks to automate the deployment of our sites and one of the things we got caught out with was the Umbraco folder permissions which we do with PowerShell on the server.

It turns out it's really simple to run a powershell script if you're deploying using Environments -simply add a deploy.ps1 file in the root of your website with the various scripts you want to run and that's it…

I've put our one below in case you want to copy/paste, it also creates the SSL validation folder which you may or not want…

 

# Useful for debugging variables
# Get-ChildItem Env:

$Build_Version=$env:APPVEYOR_BUILD_VERSION;
$Apppool_Name=$env:APPLICATION_SITE_NAME;
$Websitefolder=$env:APPLICATION_PATH;
$GrantAccessTo="IIS APPPOOL\$Apppool_Name";
$SSLValidationPath = ".well-known/pki-validation"

# Add a fallback to a known user
If($GrantAccessTo -eq 'IIS APPPOOL\'){
    $GrantAccessTo="IIS_IUSRS"
}

# Only set umbraco permisisons if it's an Umbraco site
If((test-path "Umbraco") -And (test-path "Umbraco_client")){
    Write-Host "Site looks like an Umbraco instance -setting permissions" -ForegroundColor Green

    Get-ChildItem -path $Websitefolder | Where { $_.name -eq "App_Code"-or $_.name -eq "App_Data"-or $_.name -eq "Bin"-or $_.name -eq "Config"-or $_.name -eq "Css"-or $_.name -eq "MacroScripts"-or $_.name -eq "Masterpages"-or $_.name -eq "Media"-or $_.name -eq "Scripts"-or $_.name -eq "Umbraco"-or $_.name -eq "Umbraco_client"-or $_.name -eq "UserControls"-or $_.name -eq "Views"-or $_.name -eq "Xslt"-or $_.name -eq "web.config"} | ForEach {
        $Path = $_.Fullname
        $Permission = "Modify"
        $GetACL = Get-Acl $Path
     
        if ($_.PSIsContainer){
            Write-Host "Is folder, setting InheritanceFlags: '$Path'" -ForegroundColor Cyan
             
            $Allinherit = [system.security.accesscontrol.InheritanceFlags]"ContainerInherit, ObjectInherit"
            $Allpropagation = [system.security.accesscontrol.PropagationFlags]"None"
            $AccessRule = New-Object system.security.AccessControl.FileSystemAccessRule($GrantAccessTo, $Permission, $AllInherit, $Allpropagation, "Allow")
        }else{
            $AccessRule = New-Object system.security.AccessControl.FileSystemAccessRule($GrantAccessTo, $Permission, "Allow")
        }   
     
        if ($GetACL.Access | Where { $_.IdentityReference -eq $GrantAccessTo}) {
            Write-Host "Modifying Permissions For: '$GrantAccessTo' On: '$Path'" -ForegroundColor Yellow
     
            $AccessModification = New-Object system.security.AccessControl.AccessControlModification
            $AccessModification.value__ = 2
            $Modification = $False
            $GetACL.ModifyAccessRule($AccessModification, $AccessRule, [ref]$Modification) | Out-Null
        } else {
            Write-Host "Adding Permission: '$Permission' For: '$GrantAccessTo' On: '$Path'"
     
            $GetACL.AddAccessRule($AccessRule)
        }
     
        Set-Acl -aclobject $GetACL -Path $Path
     
        Write-Host "Permission: '$Permission' Set For: '$GrantAccessTo'" -ForegroundColor Green
    }
}else{
    Write-Host "Site doesn't look like an Umbraco instance -skipping setting permissions" -ForegroundColor Yellow   
}

# Create the SSL validation folders if not already created (awkward because of the "." at the start of well-known)
If(!(test-path $SSLValidationPath))
{
    New-Item -ItemType Directory -Force -Path $SSLValidationPath
}
else{
    Write-Host "SSL Folder already exists: '$SSLValidationPath'" -ForegroundColor Yellow
}

Author

Tim

comments powered by Disqus