/// <summary>
/// 删除指定角色的权限
/// </summary>
/// <param name="principal">角色</param>
/// <param name="web"></param>
/// <param name="ListItem">item对象</param>
/// <param name="DelegateName">权限名称</param>
public static void DeleteDelegateFromListItem(SPPrincipal principal, SPWeb web, SPListItem ListItem, string DelegateName)
{
SPSecurity.RunWithElevatedPrivileges(delegate()
{
try
{
if (principal != null)
{
using (SPSite site = new SPSite(web.Site.ID))
{
using (SPWeb _web = site.OpenWeb(web.ServerRelativeUrl))
{
SPListItem _listitem = _web.Lists[ListItem.ParentList.ID].GetItemById(ListItem.ID);
_web.AllowUnsafeUpdates = true;
//断开原来列表项所继承的权限,使其可以设置独立权限
if (!_listitem.HasUniqueRoleAssignments)
{
_listitem.BreakRoleInheritance(true);
}
SPRoleAssignment role = _listitem.RoleAssignments.GetAssignmentByPrincipal(principal);
if (!string.IsNullOrWhiteSpace(DelegateName))
{
SPRoleDefinition def = _web.RoleDefinitions[DelegateName];
if (role != null)
{
if (role.RoleDefinitionBindings.Contains(def))
{
role.RoleDefinitionBindings.Remove(def);
role.Update();
_listitem.SystemUpdate(false);
}
}
}
else
{
if (role != null)
{
role.RoleDefinitionBindings.RemoveAll();
role.Update();
_listitem.SystemUpdate(false);
}
}
}
}
}
else
{
//throw new Exception("没有可以删除权限的员工或组织!");
}
}
catch (Exception ex)
{
}
});
}
public static void SetReadOnly(SPListItem item, int userId)
{
SPWeb web = item.Web;
bool allowUnsafeUpdates = web.AllowUnsafeUpdates;
web.AllowUnsafeUpdates = true;
if (!item.HasUniqueRoleAssignments)
{
item.BreakRoleInheritance(true);
}
web.AllowUnsafeUpdates = true;
SPRoleAssignmentCollection roleAssignments = item.RoleAssignments;
for (int i = roleAssignments.Count - 1; i > -1; i--)
{
SPRoleAssignment assignment = roleAssignments[i];
if (assignment.Member.ID == userId)
{
SPRoleDefinitionBindingCollection roleDefinitionBindings = assignment.RoleDefinitionBindings;
if ((roleDefinitionBindings.Count != 1) || (roleDefinitionBindings[0].Type != SPRoleType.Reader))
{
roleDefinitionBindings.RemoveAll();
SPRoleDefinition byType = web.RoleDefinitions.GetByType(SPRoleType.Reader);
roleDefinitionBindings.Add(byType);
assignment.Update();
}
break;
}
}
web.AllowUnsafeUpdates = allowUnsafeUpdates;
}
public static void SetReadOnly(SPListItem item)
{
SPWeb web = item.Web;
bool allowUnsafeUpdates = web.AllowUnsafeUpdates;
web.AllowUnsafeUpdates = true;
if (!item.HasUniqueRoleAssignments)
{
item.BreakRoleInheritance(true);
}
web.AllowUnsafeUpdates = true;
SPRoleAssignmentCollection roleAssignments = item.RoleAssignments;
int iD = web.Site.SystemAccount.ID;
int num2 = (web.AssociatedOwnerGroup != null) ? web.AssociatedOwnerGroup.ID : -1;
for (int i = roleAssignments.Count - 1; i > -1; i--)
{
SPRoleAssignment assignment = roleAssignments[i];
int num4 = assignment.Member.ID;
if ((num4 != iD) && (num4 != num2))
{
SPRoleDefinitionBindingCollection roleDefinitionBindings = assignment.RoleDefinitionBindings;
if ((roleDefinitionBindings.Count != 1) || (roleDefinitionBindings[0].Type != SPRoleType.Reader))
{
roleDefinitionBindings.RemoveAll();
SPRoleDefinition byType = web.RoleDefinitions.GetByType(SPRoleType.Reader);
roleDefinitionBindings.Add(byType);
assignment.Update();
}
}
}
web.AllowUnsafeUpdates = allowUnsafeUpdates;
}
private void UpdatePrincipal(SPWeb web, XmlNode principalGroupNode, string principalName, SPRoleAssignment roleAssignment)
{
XmlNodeList roleNodes = principalGroupNode.SelectNodes("role");
foreach (XmlNode roleNode in roleNodes)
{
string roleName = roleNode.Attributes["name"].Value;
if (roleName.ToLower().Equals("limited access"))
{
roleName = "Limited User";
}
bool found = false;
foreach (SPRoleDefinition roleDefinition in roleAssignment.RoleDefinitionBindings)
{
if (roleDefinition.Name.ToLower().Equals(roleName.ToLower()))
{
found = true;
}
}
if (!found)
{
output.Append(string.Format("role: {0,15} missing for principal: {1,20}, adding new...",
roleName,
principalName));
SPRoleDefinition role = web.RoleDefinitions[roleName];
roleAssignment.RoleDefinitionBindings.Add(role);
roleAssignment.Update();
output.Append("completed" + Environment.NewLine);
}
}
}
public static void ChangePermissions(this SPList list, SPPrincipal principal, SPRoleDefinition roleDefinition)
{
SPRoleAssignment roleAssignment = list.RoleAssignments.GetAssignmentByPrincipal(principal);
if (roleAssignment != null)
{
roleAssignment.RoleDefinitionBindings.RemoveAll();
roleAssignment.RoleDefinitionBindings.Add(roleDefinition);
roleAssignment.Update();
}
}
/// <summary>
/// Copies the role definition bindings.
/// </summary>
/// <param name="targetWeb">The target web.</param>
/// <param name="sourceRoleAssignment">The source role assignment.</param>
/// <param name="targetRoleAssignment">The target role assignment.</param>
/// <param name="quiet">if set to <c>true</c> [quiet].</param>
private static void CopyRoleDefinitionBindings(SPWeb targetWeb, SPRoleAssignment sourceRoleAssignment, SPRoleAssignment targetRoleAssignment, bool quiet)
{
bool modified = false;
foreach (SPRoleDefinition rd in sourceRoleAssignment.RoleDefinitionBindings)
{
if (rd.Name == "Limited Access")
{
continue;
}
SPRoleDefinition existingRoleDef = null;
try
{
existingRoleDef = targetWeb.RoleDefinitions[rd.Name];
}
catch (SPException) { }
if (existingRoleDef == null)
{
existingRoleDef = new SPRoleDefinition();
existingRoleDef.BasePermissions = rd.BasePermissions;
existingRoleDef.Description = rd.Description;
existingRoleDef.Name = rd.Name;
SPWeb tempWeb = targetWeb;
while (!tempWeb.HasUniqueRoleDefinitions)
{
tempWeb = tempWeb.ParentWeb;
}
tempWeb.RoleDefinitions.Add(existingRoleDef);
existingRoleDef = tempWeb.RoleDefinitions[rd.Name];
if (!quiet)
{
Logger.Write("Progress: Added \"{0}\" role definition to web \"{1}\".", rd.Name, targetWeb.ServerRelativeUrl);
}
}
if (!targetRoleAssignment.RoleDefinitionBindings.Contains(targetWeb.RoleDefinitions[existingRoleDef.Name]))
{
modified = true;
targetRoleAssignment.RoleDefinitionBindings.Add(targetWeb.RoleDefinitions[existingRoleDef.Name]);
if (!quiet)
{
Logger.Write("Progress: Added \"{0}\" role definition to target role assignment \"{1}\".", existingRoleDef.Name, targetRoleAssignment.Member.Name);
}
}
}
if (modified)
{
targetRoleAssignment.Update();
}
}
public static void AssignPermissions(this SPSecurableObject securableObject, SPPrincipal principal, SPRoleDefinition roleDefinition, bool replaceAllDefinitions = false, bool copyRoleAssignments = false, bool clearSubscopes = true)
{
if (securableObject is SPWeb)
{
if (!securableObject.HasUniqueRoleAssignments)
{
securableObject.BreakRoleInheritance(copyRoleAssignments, clearSubscopes);
}
}
else
{
securableObject.BreakRoleInheritance(copyRoleAssignments, clearSubscopes);
}
SPRoleAssignment roleAssignment = GetAssignment(securableObject, principal);
if (roleAssignment != null)
{
if (replaceAllDefinitions)
{
roleAssignment.RoleDefinitionBindings.RemoveAll();
roleAssignment.RoleDefinitionBindings.Add(roleDefinition);
}
else
{
if (!roleAssignment.RoleDefinitionBindings.Contains(roleDefinition))
{
roleAssignment.RoleDefinitionBindings.Add(roleDefinition);
}
}
try
{
roleAssignment.Update();
}
catch (ArgumentException)
{
//Note: fix for 'Cannot update a permission level assignment that is not part of a permission level assignment collection.'
securableObject.RoleAssignments.Add(roleAssignment);
}
}
else
{
roleAssignment = new SPRoleAssignment(principal);
if (!roleAssignment.RoleDefinitionBindings.Contains(roleDefinition))
{
roleAssignment.RoleDefinitionBindings.Add(roleDefinition);
}
securableObject.RoleAssignments.Add(roleAssignment);
}
}
public static void ClearRights(SPWeb web, SPListItem item, bool deleteGuest)
{
bool allowUnsafeUpdates = web.AllowUnsafeUpdates;
web.AllowUnsafeUpdates = true;
item.BreakRoleInheritance(true);
web.AllowUnsafeUpdates = true;
SPRoleAssignmentCollection roleAssignments = item.RoleAssignments;
bool flag2 = false;
bool flag3 = false;
int iD = web.Site.SystemAccount.ID;
int num2 = (web.AssociatedOwnerGroup != null) ? web.AssociatedOwnerGroup.ID : -1;
for (int i = roleAssignments.Count - 1; i > -1; i--)
{
SPRoleAssignment assignment = roleAssignments[i];
int num4 = assignment.Member.ID;
if (num4 == iD)
{
flag3 = true;
}
else if (num4 == num2)
{
flag2 = true;
}
else if (deleteGuest)
{
roleAssignments.Remove(i);
}
else
{
assignment.RoleDefinitionBindings.RemoveAll();
assignment.Update();
}
}
web.AllowUnsafeUpdates = true;
SPRoleDefinition byType = web.RoleDefinitions.GetByType(SPRoleType.Administrator);
if (!flag3)
{
var roleAssignment = new SPRoleAssignment(web.Site.SystemAccount);
roleAssignment.RoleDefinitionBindings.Add(byType);
roleAssignments.Add(roleAssignment);
}
if (!(flag2 || (web.AssociatedOwnerGroup == null)))
{
var assignment3 = new SPRoleAssignment(web.AssociatedOwnerGroup);
assignment3.RoleDefinitionBindings.Add(byType);
roleAssignments.Add(assignment3);
}
web.AllowUnsafeUpdates = allowUnsafeUpdates;
}
protected override void DeleteDataObject()
{
bool test = false;
ShouldProcessReason reason;
if (!base.ShouldProcess(null, null, null, out reason))
{
if (reason == ShouldProcessReason.WhatIf)
{
test = true;
}
}
if (test)
{
Logger.Verbose = true;
}
SPGroup group = DataObject;
if (group != null)
{
SPRoleAssignment ra = group.ParentWeb.RoleAssignments.GetAssignmentByPrincipal(group);
foreach (string permission in Permission)
{
SPRoleDefinition rd = null;
try
{
rd = group.ParentWeb.RoleDefinitions[permission];
}
catch (SPException)
{
throw new SPException(string.Format("Permission level \"{0}\" cannot be found.", permission));
}
if (ra.RoleDefinitionBindings.Contains(rd))
{
ra.RoleDefinitionBindings.Remove(rd);
}
}
if (!test)
{
ra.Update();
group.Update();
}
}
}
/// <summary>
/// Sets the object security.
/// </summary>
/// <param name="web">The web.</param>
/// <param name="targetObject">The target object.</param>
/// <param name="itemName">Name of the item.</param>
/// <param name="sourceElement">The source element.</param>
private static void SetObjectSecurity(SPWeb web, SPSecurableObject targetObject, string itemName, XmlElement sourceElement)
{
bool hasUniqueRoleAssignments = bool.Parse(sourceElement.GetAttribute("HasUniqueRoleAssignments"));
if (!hasUniqueRoleAssignments && targetObject.HasUniqueRoleAssignments)
{
Logger.Write("Progress: Setting target object to inherit permissions from parent for \"{0}\".", itemName);
targetObject.ResetRoleInheritance();
return;
}
else if (hasUniqueRoleAssignments && !targetObject.HasUniqueRoleAssignments)
{
Logger.Write("Progress: Breaking target object inheritance from parent for \"{0}\".", itemName);
targetObject.BreakRoleInheritance(false);
}
else if (!hasUniqueRoleAssignments && !targetObject.HasUniqueRoleAssignments)
{
Logger.Write("Progress: Ignoring \"{0}\". Target object and source object both inherit from parent.", itemName);
return; // Both are inheriting so don't change.
}
if (hasUniqueRoleAssignments && targetObject.HasUniqueRoleAssignments)
{
while (targetObject.RoleAssignments.Count > 0)
{
targetObject.RoleAssignments.Remove(0); // Clear out any existing permissions
}
}
foreach (XmlElement roleAssignmentElement in sourceElement.SelectNodes("RoleAssignments/RoleAssignment"))
{
string memberName = roleAssignmentElement.GetAttribute("Member");
string userName = null;
if (roleAssignmentElement.HasAttribute("LoginName"))
{
userName = roleAssignmentElement.GetAttribute("LoginName");
}
SPRoleAssignment existingRoleAssignment = GetRoleAssignement(web, targetObject, memberName, userName);
if (existingRoleAssignment != null)
{
if (AddRoleDefinitions(web, existingRoleAssignment, roleAssignmentElement))
{
existingRoleAssignment.Update();
Logger.Write("Progress: Updated \"{0}\" at target object \"{1}\".", memberName, itemName);
}
}
else
{
SPPrincipal principal = GetPrincipal(web, memberName, userName);
if (principal == null)
{
Logger.WriteWarning("Progress: Unable to add Role Assignment for \"{0}\" - Member \"{1}\" not found.", itemName, memberName);
continue;
}
SPRoleAssignment newRA = new SPRoleAssignment(principal);
AddRoleDefinitions(web, newRA, roleAssignmentElement);
if (newRA.RoleDefinitionBindings.Count == 0)
{
Logger.WriteWarning("Progress: Unable to add \"{0}\" to target object \"{1}\" (principals with only \"Limited Access\" cannot be added).", memberName, itemName);
continue;
}
Logger.Write("Progress: Adding new Role Assignment \"{0}\".", newRA.Member.Name);
targetObject.RoleAssignments.Add(newRA);
existingRoleAssignment = GetRoleAssignement(targetObject, principal);
if (existingRoleAssignment == null)
{
Logger.WriteWarning("Progress: Unable to add \"{0}\" to target object \"{1}\".", memberName, itemName);
}
else
{
Logger.Write("Progress: Added \"{0}\" to target object \"{1}\".", memberName, itemName);
}
}
}
}
public override void Update()
{
_roleAssignment.Update();
}
protected override void InternalProcessRecord()
{
bool test = false;
ShouldProcessReason reason;
if (!base.ShouldProcess(null, null, null, out reason))
{
if (reason == ShouldProcessReason.WhatIf)
{
test = true;
}
}
if (test)
{
Logger.Verbose = true;
}
SPGroup group = null;
if (Web != null)
{
using (SPWeb web = Web.Read())
{
group = Identity.Read(web);
}
}
else
{
group = Identity.Read();
}
if (group == null)
{
WriteError(new PSArgumentException("The specified group could not be found."), ErrorCategory.InvalidArgument, null);
SkipProcessCurrentRecord();
return;
}
SPRoleAssignment ra = group.ParentWeb.RoleAssignments.GetAssignmentByPrincipal(group);
foreach (string permission in Permission)
{
SPRoleDefinition rd = null;
try
{
rd = group.ParentWeb.RoleDefinitions[permission];
}
catch (SPException)
{
throw new SPException(string.Format("Permission level \"{0}\" cannot be found.", permission));
}
if (!ra.RoleDefinitionBindings.Contains(rd))
{
ra.RoleDefinitionBindings.Add(rd);
}
}
if (!test)
{
ra.Update();
group.Update();
}
}
public void Update()
{
m_roleAssignment.Update();
}