# api: multitool
# version: 0.1
# title: Get-ACLs for dir
# description: list permitted groups to access a path
# type: inline
# category: bulk
# icon: folder
# vars:
#    { name: paths, type: text, value="\\our.central.dfs\Groups\XYUS-Checkins", description: Fetch ACL list for paths }
# hidden: 0
# status: beta
# config: -
#
# Get group permissions for path
#
#  ❏ either single or list of path (one per line, or semicolon-separated)
#


Param(
    $paths = (Read-Host "Paths"),
	$filter = "^(BUILTIN|NT AUTH)|Administrators|\\evservice"
);

$paths = $paths -split "(\s*[\n;]\s*)+" | ? { $_ -match "\\\\\w+" }

ForEach ($p in $paths) {
     Write-Host -f Yellow "📂 $p"
     try {
	     $a = (Get-Acl $p).Access | ? { $_.IdentityReference -notmatch $filter }
		 ($a |Select IdentityReference, FileSystemRights | FL | Out-String).trim() | Write-Host
	 }
	 catch {
	     Write-Host -f Red "✘ no acl found (Nasuni?)"
	 }
}