From 2f8d854e95f077e6dbf446c0e652fb2b6ebac1c3 Mon Sep 17 00:00:00 2001
From: Fabian Seitz <fabian.seitz@pari.com>
Date: Thu, 24 Oct 2024 18:26:35 +0200
Subject: [PATCH] check and fix log folder permissions #752

---
 .../functions/Install-Prerequisites.ps1        | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/Sources/Winget-AutoUpdate/functions/Install-Prerequisites.ps1 b/Sources/Winget-AutoUpdate/functions/Install-Prerequisites.ps1
index d0bb676..2b58654 100644
--- a/Sources/Winget-AutoUpdate/functions/Install-Prerequisites.ps1
+++ b/Sources/Winget-AutoUpdate/functions/Install-Prerequisites.ps1
@@ -139,6 +139,24 @@ function Install-Prerequisites {
         else {
             Write-ToLog "-> WinGet is up to date: v$WinGetInstalledVersion" "Green"
         }
+        if (Test-Path "$WorkingDir\logs") {
+            $NewAcl = Get-Acl -Path "$WorkingDir\logs"
+            $identity = New-Object System.Security.Principal.SecurityIdentifier "S-1-1-0"  # S-1-1-0 stands for "Everyone"
+            $hasModifyPermission = $NewAcl.Access | Where-Object {
+                $_.IdentityReference -eq $identity -and $_.FileSystemRights -match "Modify" -and $_.AccessControlType -eq "Allow"
+            }
+        
+            if (-not $hasModifyPermission) {
+                Write-ToLog "-> Adjusting log folder ($WorkingDir\logs) permissions to allow Modify access for Everyone" "Green"
+        
+                $fileSystemRights = "Modify"
+                $type = "Allow"
+                $fileSystemAccessRuleArgumentList = $identity, $fileSystemRights, $type
+                $fileSystemAccessRule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $fileSystemAccessRuleArgumentList
+                $NewAcl.SetAccessRule($fileSystemAccessRule)
+                Set-Acl -Path "$WorkingDir\logs" -AclObject $NewAcl
+            }
+        }
 
         Write-ToLog "Prerequisites checked. OK" "Green"