0

I am working on a script to allow my sys admins to make changes to an ACL without having to drill down to the folder level. So far, everything is executing as intended except for my first "If..Else" statement in my first switch. It gets skipped entirely and moves on to asking for the account name and I cannot figure out why.

enter image description here

Does anyone have any ideas?

$account     = $null
$accesslevel = $null
$accesstype  = $null
$acl = $null

$title  = Write-Host "Modify ACL" -ForegroundColor Green
$message  = Write-Host "Select the action to initiate:" -ForegroundColor Cyan

$add         = New-Object System.Management.Automation.Host.ChoiceDescription "&Add Permissions", "Add Permissions"
$remove      = New-Object System.Management.Automation.Host.ChoiceDescription "&Remove Permissions", "Remove Permissions"

$options  = [System.Management.Automation.Host.ChoiceDescription[]]($add, $remove)

$selectAction = $Host.UI.PromptForChoice($title, $message, $options, 0)
switch($selectAction){
    0{                      
        $pathPrompt  = Write-Host "Please enter path to file/folder:" -ForegroundColor Green
        $path        = Read-Host
        $test        = Test-Path $path | Out-Null

        if($test -eq $false){
            Write-Host "ERROR! Invalid Path!" -ForegroundColor Red
            Break                
        }Else{
            Write-Host "Getting ACL on`r"$path -ForegroundColor Green
            $acl = get-acl $path   
        }

        if($account -eq $null){
            Write-Host "Enter Account (ex. Domain\Account)" -ForegroundColor Green
            $account = Read-Host 
            }

        $title2   = Write-Host "Permission Levels" -ForegroundColor Green
        $message2 = Write-Host "Select the appropriate permissions to apply:" -ForegroundColor Cyan

        $fullControl = New-Object System.Management.Automation.Host.ChoiceDescription "&FullControl", "FullControl"
        $modify      = New-Object System.Management.Automation.Host.ChoiceDescription "&Modify", "Modify"
        $readExecute = New-Object System.Management.Automation.Host.ChoiceDescription "&ReadAndExecute", "ReadAndExecute"
        $read        = New-Object System.Management.Automation.Host.ChoiceDescription "&Read", "Read"
        $write       = New-Object System.Management.Automation.Host.ChoiceDescription "&Write", "Write"
        $readWrite   = New-Object System.Management.Automation.Host.ChoiceDescription "&Read, Write", "Read, Write"
        $list        = New-Object System.Management.Automation.Host.ChoiceDescription "&List", "List"

        $options2 = [System.Management.Automation.Host.ChoiceDescription[]]($fullControl, $modify, $readExecute, $read, $write, $readWrite, $list)

        do{
            $selectAction2 = $Host.UI.PromptForChoice($title2, $message2, $options2, 1)
                switch($selectAction2){
                    0{$accesslevel = 'FullControl'}
                    1{$accesslevel = 'Modify'}
                    2{$accesslevel = 'ReadandExecute'}
                    3{$accesslevel = 'Read'}
                    4{$accesslevel = 'Write'}
                    5{$accesslevel = 'Read, Write'}
                    6{$accesslevel = 'List'}
                }
        }Until($accesslevel -ne $null)

        $title3   = Write-Host "Access Type" -ForegroundColor Green
        $message3 = Write-Host "Select the type of access:" -ForegroundColor Cyan

        $allow = New-Object System.Management.Automation.Host.ChoiceDescription "&Allow", "Allow"
        $deny  = New-Object System.Management.Automation.Host.ChoiceDescription "&Deny", "Deny"

        $options3 = [System.Management.Automation.Host.ChoiceDescription[]]($allow, $deny)

        do{
            $selectAction3 = $Host.UI.PromptForChoice($title3, $message3, $options3, 0)
                switch($selectAction3){
                    0{$accesstype = 'Allow'}
                    1{$accesstype = 'Deny'}
                }
        }Until($accesstype -ne $null)

        Write-Host "Setting ACL on"$path -ForegroundColor Yellow

        $arguments = $account, $accesslevel, $accesstype

        Try{
            $accessrule = New-Object System.Security.AccessControl.FileSystemAccessRule $arguments
                $acl.SetAccessRule($accessrule)
        }Catch{
            Write-Host "Exception thrown : $($error[0].exception.message)"
        }Finally{
            $acl | set-acl $path
        }

        Write-Host "ACL settings have been completed." -ForegroundColor Cyan
    }
    1{
        $pathPrompt
        $path
        $test | Out-Null

        if($test -eq $false){
            Write-Host "ERROR! Invalid Path!" -ForegroundColor Red
            Break                
        }Else{
            Write-Host "Getting ACL on`r"$path -ForegroundColor Green
            $acl = get-acl $path   
        }
        if($account -eq $null){
            $account = Read-Host "Enter Account (ex. Domain\Account)" -ForegroundColor Green
            }
    }
}
T4RH33L
  • 159
  • 1
  • 4
  • 14

1 Answers1

4

Your if-else is working correctly as you have written it. What you have written, however, is not what you want.

First: In the Write-Host in the else clause, you do not want to use the escaped `r; you want to use an escaped `n, or perhaps nothing at all. `r indicates a return-to-start-of-line but not go-to-next-line; `n indicates return-to-start-of-line-and-go-to-next-line. The repeating of the entered path in green in your example above is a strong hint that that Write-Host is being executed.

Second, your Test-Path causes $test to have no value, because you are sending the results to the null device instead of allowing it to be returned to the statement for assignment to the variable. Remove the | Out-Null.

Matt
  • 45,022
  • 8
  • 78
  • 119
Jeff Zeitlin
  • 9,773
  • 2
  • 21
  • 33
  • @Matt - thanks - I couldn't figure out (or find a reference) to escape the backtick so that it would appear as you edited it. – Jeff Zeitlin Mar 31 '17 at 13:11
  • Yeah. I always hate when I need to make references to that. The more you know ¸.·⭐ – Matt Mar 31 '17 at 13:16