/// <summary>
/// This method should be used instead of BreakRoleInheritance(true).
///
/// The OOTB method replicates all permissions from the parent, including the "Limited Access" permissions.
/// In environments with many users, there can be many of these meaningless permissions, which bloats the
/// SharePoint permission tables in SQL. This method reviews all RoleDefinitions in each principal's
/// RoleAssignments, stripping "Limited Access", before adding them to the item.
/// </summary>
/// <param name="item"></param>
public static void BreakCopyRoleInheritance(this SPListItem item)
{
SPRoleAssignmentCollection roleAssignments = item.RoleAssignments;
var activeAssignments = from SPRoleAssignment p in roleAssignments
where p.RoleDefinitionBindings.Count >= 1
select p;
item.BreakRoleInheritance(false);
foreach (SPRoleAssignment p in activeAssignments)
{
SPRoleAssignment assignment = new SPRoleAssignment(p.Member);
SPRoleDefinitionBindingCollection bindings = new SPRoleDefinitionBindingCollection();
foreach (SPRoleDefinition roleDef in p.RoleDefinitionBindings)
{
if (roleDef.Name != "Limited Access")
{
bindings.Add(roleDef);
}
}
if (bindings.Count > 0)
{
assignment.ImportRoleDefinitionBindings(bindings);
item.RoleAssignments.Add(assignment);
}
}
}
public void ImportRoleDefinitionBindings(SPRoleDefinitionBindingCollectionInstance roleDefinitionBindings)
{
if (roleDefinitionBindings == null)
{
return;
}
m_roleAssignment.ImportRoleDefinitionBindings(roleDefinitionBindings.SPRoleDefinitionBindingCollection);
}
/// <summary>
/// Runs the specified command.
/// </summary>
/// <param name="command">The command.</param>
/// <param name="keyValues">The key values.</param>
/// <param name="output">The output.</param>
/// <returns></returns>
public override int Execute(string command, StringDictionary keyValues, out string output)
{
output = string.Empty;
if (Params["role"].UserTypedIn && Params["group"].UserTypedIn)
throw new SPException(SPResource.GetString("ExclusiveArgs", new object[] { "role, group" }));
string url = Params["url"].Value.TrimEnd('/');
string login = Params["userlogin"].Value;
string email = Params["useremail"].Value;
string username = Params["username"].Value;
using (SPSite site = new SPSite(url))
using (SPWeb web = site.AllWebs[Utilities.GetServerRelUrlFromFullUrl(url)])
{
login = Utilities.TryGetNT4StyleAccountName(login, web.Site.WebApplication);
// First lets see if our user already exists.
SPUser user = null;
try
{
user = web.AllUsers[login];
}
catch (SPException) { }
if (user == null)
{
web.SiteUsers.Add(login, email, username, string.Empty);
user = web.AllUsers[login];
}
if (Params["role"].UserTypedIn)
{
SPRoleDefinition roleDefinition = null;
try
{
roleDefinition = web.RoleDefinitions[Params["role"].Value];
}
catch (ArgumentException) {}
if (roleDefinition == null)
throw new SPException("The specified role does not exist.");
SPRoleDefinitionBindingCollection roleDefinitionBindings = new SPRoleDefinitionBindingCollection();
roleDefinitionBindings.Add(roleDefinition);
SPRoleAssignment roleAssignment = new SPRoleAssignment(user);
roleAssignment.ImportRoleDefinitionBindings(roleDefinitionBindings);
web.RoleAssignments.Add(roleAssignment);
}
else if (Params["group"].UserTypedIn)
{
SPGroup group = null;
try
{
group = web.SiteGroups[Params["group"].Value];
}
catch (ArgumentException) {}
if (group == null)
throw new SPException("The specified group does not exist.");
group.AddUser(user);
}
}
return (int)ErrorCodes.NoError;
}
/// <summary>
/// Runs the specified command.
/// </summary>
/// <param name="command">The command.</param>
/// <param name="keyValues">The key values.</param>
/// <param name="output">The output.</param>
/// <returns></returns>
public override int Execute(string command, StringDictionary keyValues, out string output)
{
output = string.Empty;
if (Params["role"].UserTypedIn && Params["group"].UserTypedIn)
{
throw new SPException(SPResource.GetString("ExclusiveArgs", new object[] { "role, group" }));
}
string url = Params["url"].Value.TrimEnd('/');
string login = Params["userlogin"].Value;
string email = Params["useremail"].Value;
string username = Params["username"].Value;
using (SPSite site = new SPSite(url))
using (SPWeb web = site.AllWebs[Utilities.GetServerRelUrlFromFullUrl(url)])
{
login = Utilities.TryGetNT4StyleAccountName(login, web.Site.WebApplication);
// First lets see if our user already exists.
SPUser user = null;
try
{
user = web.AllUsers[login];
}
catch (SPException) { }
if (user == null)
{
web.SiteUsers.Add(login, email, username, string.Empty);
user = web.AllUsers[login];
}
if (Params["role"].UserTypedIn)
{
SPRoleDefinition roleDefinition = null;
try
{
roleDefinition = web.RoleDefinitions[Params["role"].Value];
}
catch (ArgumentException) {}
if (roleDefinition == null)
{
throw new SPException("The specified role does not exist.");
}
SPRoleDefinitionBindingCollection roleDefinitionBindings = new SPRoleDefinitionBindingCollection();
roleDefinitionBindings.Add(roleDefinition);
SPRoleAssignment roleAssignment = new SPRoleAssignment(user);
roleAssignment.ImportRoleDefinitionBindings(roleDefinitionBindings);
web.RoleAssignments.Add(roleAssignment);
}
else if (Params["group"].UserTypedIn)
{
SPGroup group = null;
try
{
group = web.SiteGroups[Params["group"].Value];
}
catch (ArgumentException) {}
if (group == null)
{
throw new SPException("The specified group does not exist.");
}
group.AddUser(user);
}
}
return((int)ErrorCodes.NoError);
}