#
# This script defines custom trust level for ASP.Net
#

param (
    [string]$frameworkPath
)

function delete-node {
    param(
        [Xml.Xpath.XPathNavigator]$n,
        [string]$path
    )
    $node = $n.SelectSingleNode($path)
    $n.MoveTo($node)
    $n.DeleteSelf()
}

# Edit configuration file
$frameworkPath = join-path $frameworkPath 'CONFIG'
$cfg = [xml](cat (join-path $frameworkPath web_mediumtrust.config))
$nav = $cfg.CreateNavigator()

delete-node $nav "//IPermission[@class='WebPermission']/ConnectAccess"
$nav.CreateAttribute("","Unrestricted","","true")
# If not required, delete PrintingPermission and EnvironmentPermission
delete-node $nav "//IPermission[@class='PrintingPermission']"
delete-node $nav "//IPermission[@class='EnvironmentPermission']"

# save new configuration file
$filePath = join-path $frameworkPath "web_CustomTrust.config"
$cfg.Save($filePath)

# make changes to the root web.config file

# make a backup of root web.config
copy-item (join-path $frameworkPath web.config) (join-path $frameworkPath web.config.backup)
# add trust level
$cfg = [xml](cat (join-path $frameworkPath web.config))
$nav = $cfg.CreateNavigator()

$node = $nav.SelectSingleNode('//securityPolicy')
$nav.MoveTo($node)
# add new trustLevel
$nav.AppendChild('<trustLevel name="Custom" policyFile="web_CustomTrust.config" />')

# lock this section
$node = $nav.SelectSingleNode('//location/system.web/securityPolicy/parent::node()/parent::node()/@allowOverride')
$nav.MoveTo($node)
$nav.SetValue("false")

$filePath = join-path $frameworkPath "web.config"
$cfg.Save($filePath)