public static void SetReadOnly(SPListItem item, int userId) { SPWeb web = item.Web; bool allowUnsafeUpdates = web.AllowUnsafeUpdates; web.AllowUnsafeUpdates = true; if (!item.HasUniqueRoleAssignments) { item.BreakRoleInheritance(true); } web.AllowUnsafeUpdates = true; SPRoleAssignmentCollection roleAssignments = item.RoleAssignments; for (int i = roleAssignments.Count - 1; i > -1; i--) { SPRoleAssignment assignment = roleAssignments[i]; if (assignment.Member.ID == userId) { SPRoleDefinitionBindingCollection roleDefinitionBindings = assignment.RoleDefinitionBindings; if ((roleDefinitionBindings.Count != 1) || (roleDefinitionBindings[0].Type != SPRoleType.Reader)) { roleDefinitionBindings.RemoveAll(); SPRoleDefinition byType = web.RoleDefinitions.GetByType(SPRoleType.Reader); roleDefinitionBindings.Add(byType); assignment.Update(); } break; } } web.AllowUnsafeUpdates = allowUnsafeUpdates; }
public static void ClearRights(SPListItem item) { SPWeb web = item.Web; bool allowUnsafeUpdates = web.AllowUnsafeUpdates; web.AllowUnsafeUpdates = true; if (!item.HasUniqueRoleAssignments) { item.BreakRoleInheritance(false); if (web.AssociatedOwnerGroup != null) { var roleAssignment = new SPRoleAssignment(web.AssociatedOwnerGroup); SPRoleDefinition byType = web.RoleDefinitions.GetByType(SPRoleType.Administrator); roleAssignment.RoleDefinitionBindings.Add(byType); item.RoleAssignments.Add(roleAssignment); } } else { const int num = 0x3fffffff; int num2 = (web.AssociatedOwnerGroup != null) ? web.AssociatedOwnerGroup.ID : -1; for (int i = item.RoleAssignments.Count - 1; i >= 0; i--) { int iD = item.RoleAssignments[i].Member.ID; if ((iD != num) && (iD != num2)) { item.RoleAssignments.Remove(i); } } } web.AllowUnsafeUpdates = allowUnsafeUpdates; }
public static void SetPermissions(this SPList list, SPUser user, SPRoleDefinition roleDefinition) { if (list != null) { SetPermissions(list, (SPPrincipal)user, roleDefinition); } }
public override bool Perform() { LogMessage("Removing management of personal views from Contribute2 permission level", 2); try { Web.AllowUnsafeUpdates = true; SPRoleDefinition roleDef = Web.RoleDefinitions["Contribute2"]; if (roleDef.BasePermissions.ToString().Contains(SPBasePermissions.ManagePersonalViews.ToString())) { roleDef.BasePermissions &= ~SPBasePermissions.ManagePersonalViews; roleDef.Update(); Web.Update(); LogMessage("Removed management of personal views from Contribute2 permission level", MessageKind.SUCCESS, 4); } else { LogMessage("Management of personal views already removed from Contribute2 permission level.", MessageKind.SKIPPED, 4); } Web.AllowUnsafeUpdates = false; } catch (Exception ex) { LogMessage(ex.Message, MessageKind.FAILURE, 4); } return(true); }
protected void assign_roles(SPWeb web, SPListItem item, SPListItem project, string field_name, string field_guid, SPRoleDefinition definition) { try { string value = project[field_name].ToString(); SPFieldUserValueCollection field_user_value = (SPFieldUserValueCollection)project.Fields[new Guid(field_guid)].GetFieldValue(value); foreach (SPFieldUserValue user_value in field_user_value) { if (user_value.User == null) { SPGroup group = web.SiteGroups.GetByID(user_value.LookupId); bind_role(item, group, definition); } else { bind_role(item, user_value.User, definition); } } } catch (Exception ex) { log(web.Site, "为项目【" + project["Title"] + "】的【" + field_name + "】的文档授权时发生错误", "错误", ex.ToString()); } }
/// <summary> /// Adds a given permission to the root SPWeb of a given SPSite, if it doesn't exist. /// An optional set of base permissions are added to the permission. /// </summary> /// /// <param name="spSiteGuid">The GUID of the SPSite to add permissions to the root SPWeb of. /// </param> /// /// <param name="permissionName">The name of the permission to create.</param> /// /// <param name="permissionDescription">The description of the permission to create.</param> /// /// <param name="basePermissionsToAdd">Base permissions to add to the permission. Use 0 if /// no base permissions need to be added.</param> /// static void CreatePermission(Guid spSiteGuid, string permissionName, string permissionDescription, SPBasePermissions basePermissionsToAdd) { SPSecurity.RunWithElevatedPrivileges(delegate() { using (SPSite spSite = new SPSite(spSiteGuid)) { using (SPWeb rootWeb = spSite.RootWeb) { SPRoleDefinitionCollection roleDefs = rootWeb.RoleDefinitions; try { SPRoleDefinition roleDef = roleDefs[permissionName]; roleDef.BasePermissions |= basePermissionsToAdd; roleDef.Update(); // permission already exists } catch (SPException) { // permission doesn't exist -- create it SPRoleDefinition roleDef = new SPRoleDefinition(); roleDef.Name = permissionName; roleDef.Description = permissionDescription; roleDef.BasePermissions |= basePermissionsToAdd; roleDefs.Add(roleDef); } } } }); }
/// <summary> /// 给Item授权 /// </summary> /// <param name="principal"></param> /// <param name="web"></param> /// <param name="ListItem"></param> /// <param name="DelegateName"></param> public static void DelegateForListItem(SPPrincipal principal, SPWeb web, SPListItem ListItem, string DelegateName) { SPSecurity.RunWithElevatedPrivileges(delegate() { try { using (SPSite site = new SPSite(web.Site.ID)) { using (SPWeb _web = site.OpenWeb(web.ServerRelativeUrl)) { SPListItem _listitem = _web.Lists[ListItem.ParentList.ID].GetItemById(ListItem.ID); _web.AllowUnsafeUpdates = true; SPRoleAssignment sra = new SPRoleAssignment(principal); SPRoleDefinition srd = _web.RoleDefinitions[DelegateName]; sra.RoleDefinitionBindings.Add(srd); _listitem.BreakRoleInheritance(true, false); _listitem.RoleAssignments.Add(sra); _listitem.Update(); } } } catch (Exception ex) { } }); }
/// <summary> /// Adds a new permission level to the web. /// </summary> /// <param name = "web"></param> /// <param name = "name"></param> /// <param name = "description"></param> /// <param name = "permissions"></param> public static void CreatePermissionLevel(SPWeb web, string name, string description, SPBasePermissions permissions) { if (!web.IsRootWeb && !web.HasUniqueRoleDefinitions) { throw new NotSupportedException("This web must be broken permission before adding new permission level."); } var roleDefinition = GetRoleDefinition(web, name); if (roleDefinition != null) { if (roleDefinition.BasePermissions != permissions || roleDefinition.Description != description) { roleDefinition.BasePermissions = permissions; roleDefinition.Description = description; roleDefinition.Update(); } } else { roleDefinition = new SPRoleDefinition { Name = name, Description = description, BasePermissions = permissions }; web.RoleDefinitions.Add(roleDefinition); } }
public static bool IsGroupInItemRole(this SPListItem item, SPPrincipal group, int roleId) { SPRoleAssignment AssignmentsOfGroup; SPRoleDefinition roleDefinition = item.Web.RoleDefinitions.GetById(roleId); try { AssignmentsOfGroup = item.RoleAssignments.GetAssignmentByPrincipal(group); } catch { return(false); } SPRoleDefinitionBindingCollection RoleBindingsOfGroup = AssignmentsOfGroup.RoleDefinitionBindings; if (RoleBindingsOfGroup.Contains(roleDefinition)) { return(true); } else { return(false); } }
public static void AssignPermissions(this SPSecurableObject securableObject, SPPrincipal principal, string roleDefinitionName, bool replaceAllDefinitions = false, bool copyRoleAssignments = false, bool clearSubscopes = true) { SPWeb web = principal.ParentWeb; SPRoleDefinition roleDefinition = web.RoleDefinitions[roleDefinitionName]; AssignPermissions(securableObject, principal, roleDefinition, replaceAllDefinitions, copyRoleAssignments, clearSubscopes); }
/// <summary>Finds all Slk members of a site.</summary> /// <param name="web">The site to get the members for.</param> /// <param name="store">The ISlkStore to use.</param> /// <param name="instructorsOnly">Whether to only get instructors or not.</param> public void FindAllSlkMembers(SPWeb web, ISlkStore store, bool instructorsOnly) { if (web == null) { throw new ArgumentNullException("web"); } this.store = store; // keep track of when this method started, for timeout purposes startTime = DateTime.Now; // Verify that the SPWeb is in the SPSite associated with this SlkStore, because if it // isn't then the code below below may be using the wrong SLK instructor and learner // permission names; for example, the SPSite of this SlkStore may name the instructor // permission "SLK Instructor", but <web> may be in a different SPSite which might name // the instructor permission "SLK Teacher" if (web.Site.ID != store.SPSiteGuid) { throw new InvalidOperationException(culture.Resources.SPWebDoesNotMatchSlkSPSite); } // Security checks: Fails if the user isn't an instructor and a Reader (implemented by EnsureInstructor) // since we use SPSecurity.RunWithElevatedPrivileges, we need to make sure the current user is an instructor if (instructorsOnly == false) { store.EnsureInstructor(web); } SlkSPSiteMapping mapping = store.Mapping; SPRoleDefinition instructorRole = FindRole(web, mapping.InstructorPermission); SPRoleDefinition learnerRole = FindRole(web, mapping.LearnerPermission); domainGroupEnumeratorType = store.Settings.DomainGroupEnumeratorType; domainGroupEnumeratorAssembly = store.Settings.DomainGroupEnumeratorAssembly; SPSecurity.RunWithElevatedPrivileges(delegate() { using (SPSite site2 = new SPSite(web.Url)) { using (SPWeb elevatedWeb = site2.OpenWeb()) { IterateWebRoles(elevatedWeb, instructorRole, learnerRole, instructorsOnly, store.Settings.HideDisabledUsers); } } }); store.AssignUserItemIdentifier(users.Values); // populate the Users property of each item in <learnerGroups> foreach (SlkGroup learnerGroup in learnerGroups) { foreach (string userKey in learnerGroup.UserKeys) { learnerGroup.AddUser(users[userKey]); } } learnerGroups.Sort(); }
/// <summary> /// First attempts to locate an OOTB role definition from the SPRoleType enumeration. If no role matches the /// provided name, it iterates over all roles in the SPWeb until it finds the matching definition. /// </summary> /// <param name="web">the web containing role definitions</param> /// <param name="roleName">the name of the role desired</param> /// <param name="roleDef"></param> /// <returns>returns True if a match is found, otherwise false</returns> public static bool TryGetRoleDefinition(this SPWeb web, string roleName, out SPRoleDefinition roleDef) { bool retVal = false; SPRoleDefinitionCollection roles = web.RoleDefinitions; try { // Try to get the definition based on the OOTB RoleTypes (Reader, Contributor, etc), ignoring case roleDef = roles.GetByType((SPRoleType)Enum.Parse(typeof(SPRoleType), roleName, true)); } catch (Exception x) { Logger.Instance.Info("Error in TryGetRoleDefinition", x, DiagnosticsCategories.eCaseExtensions); roleDef = null; } if (roleDef == null) { foreach (SPRoleDefinition role in roles) { // Case insensitive comparison if (string.Compare(role.Name, roleName, true) == 0) { roleDef = role; break; } } } return(retVal); }
public static void CreateSubSiteGroup(SPWeb web, string groupName, string PermissionLevel, string groupDescription) { try { web.AllowUnsafeUpdates = true; SPUserCollection users = web.AllUsers; SPUser owner = web.SiteAdministrators[0]; SPMember member = web.SiteAdministrators[0]; SPGroupCollection groups = web.SiteGroups; groups.Add(groupName, member, owner, groupDescription); SPGroup newSPGroup = groups[groupName]; newSPGroup.OnlyAllowMembersViewMembership = false; newSPGroup.Update(); SPRoleDefinition role = web.RoleDefinitions[PermissionLevel]; SPRoleAssignment roleAssignment = new SPRoleAssignment(newSPGroup); roleAssignment.RoleDefinitionBindings.Add(role); web.RoleAssignments.Add(roleAssignment); web.Update(); web.AllowUnsafeUpdates = false; } catch (Exception ex) { ULSLogger.LogErrorInULS(ex.Message, TraceSeverity.Unexpected); } }
public override void FeatureActivated(SPFeatureReceiverProperties properties) { SPWeb web = (SPWeb)properties.Feature.Parent; SPMember owner = web.SiteAdministrators[0]; SPUser user = (SPUser)owner; if (!GroupExistsInSite(web, "Riverstone TFS Default Members")) { web.SiteGroups.Add("Riverstone TFS Default Members", owner, user, "This group contains the Riverstone Active Directory groups that have access to TFS portal sites by default."); } SPGroup defaultGroup = web.SiteGroups["Riverstone TFS Default Members"]; defaultGroup.OnlyAllowMembersViewMembership = false; defaultGroup.Update(); SPRoleAssignment roleAssignment = new SPRoleAssignment(defaultGroup); SPRoleDefinition contributeDefinition = web.RoleDefinitions["Contribute"]; roleAssignment.RoleDefinitionBindings.Add(contributeDefinition); if (!GroupExistsInWeb(web, "Riverstone TFS Default Members")) { web.RoleAssignments.Add(roleAssignment); } AddUserToGroup(defaultGroup, "trg\\biudatasmes"); AddUserToGroup(defaultGroup, "trg\\biuoperations"); AddUserToGroup(defaultGroup, "trg\\biureporting"); AddUserToGroup(defaultGroup, "trg\\dataarchitect"); AddUserToGroup(defaultGroup, "trg\\developer"); AddUserToGroup(defaultGroup, "trg\\enterprisearchitect"); AddUserToGroup(defaultGroup, "trg\\pmuba"); AddUserToGroup(defaultGroup, "trg\\pmupm"); AddUserToGroup(defaultGroup, "trg\\tfsadministrator"); AddUserToGroup(defaultGroup, "trg\\OpsManagement"); }
internal static SPRoleDefinition AddRoleDefinition(SPRoleDefinitionCollection roles, string name, string description, SPBasePermissions permissions, int order) { SPRoleDefinition role = null; try { role = roles[name]; role.BasePermissions = permissions; role.Description = description; role.Order = order; } catch (SPException exception) { if (-2146232832 != exception.ErrorCode) { throw; } role = new SPRoleDefinition(); role.Name = name; role.Description = description; role.BasePermissions = permissions; role.Order = order; roles.Add(role); role = roles[name]; } return(role); }
private void AddPermissionsProd(SPListItem item, SPPrincipal principal, SPRoleDefinition roleDefinition) { SPRoleAssignment ra = new SPRoleAssignment(principal); ra.RoleDefinitionBindings.Add(roleDefinition); item.RoleAssignments.Add(ra); }
private void EnableFormsLockDown(SPFeatureReceiverProperties properties) { if (properties.Feature.Parent is SPSite) { SPSite site = (SPSite)properties.Feature.Parent; foreach (SPWeb web in site.AllWebs) { try { //SPWeb rootWeb = site.RootWeb; SPRoleDefinition guestRole = web.RoleDefinitions.GetByType(SPRoleType.Guest); guestRole.BasePermissions &= ~(SPBasePermissions.EmptyMask | SPBasePermissions.ViewFormPages); guestRole.BasePermissions &= ~SPBasePermissions.UseRemoteAPIs; guestRole.BasePermissions |= SPBasePermissions.ViewVersions; guestRole.Update(); SPBasePermissions guest = guestRole.BasePermissions; web.AnonymousPermMask64 &= ~(SPBasePermissions.UseRemoteAPIs | SPBasePermissions.ViewFormPages); web.Update(); web.AnonymousPermMask64 |= SPBasePermissions.ViewVersions; web.Update(); SPBasePermissions permissions = web.AnonymousPermMask64; } catch (Exception ex) { SPDiagnosticsService.Local.WriteTrace(0, new SPDiagnosticsCategory(ex.Source, TraceSeverity.High, EventSeverity.Error), TraceSeverity.High, ex.Message, ex.Data); } } } }
public static void CreateGroup(SPWeb web) { DeleteGroup(web); try { web.SiteGroups.Add(Language.SMUGroupName, web.AssociatedOwnerGroup, null, Language.SMUGroupDescription); SPGroup grp = web.SiteGroups.Cast <SPGroup>().FirstOrDefault(p => p.Name == Language.SMUGroupName); if (grp == null) { throw new Exception(Language.GroupCreateError); } if (!web.HasUniqueRoleAssignments) { throw new Exception(Language.WebInheritsAssignments); } SPRoleAssignment ass = new SPRoleAssignment(grp); SPRoleDefinition def = web.RoleDefinitions[Language.SMUPermissionName]; ass.RoleDefinitionBindings.Add(def); web.RoleAssignments.Add(ass); web.Update(); } catch (Exception ex) { DeleteGroup(web); WriteException(ex); throw ex; } }
/// <summary> /// Adds the specified user to the specified role for the specified list. Breaks Role Inheritance on the List Item if it hasn't already been broken. /// </summary> /// <param name="sourceWeb"></param> /// <param name="list"></param> /// <param name="principal"></param> /// <param name="roleTypeValue"></param> public static void AddListPermissionsForPrincipal(SPWeb sourceWeb, SPList list, SPPrincipal principal, SPRoleType roleTypeValue) { if (principal == null) { throw new ArgumentNullException("principal"); } SPRoleAssignment roleAssignment = new SPRoleAssignment(principal); SPRoleDefinition roleDefinition = sourceWeb.RoleDefinitions.GetByType(roleTypeValue); roleAssignment.RoleDefinitionBindings.Add(roleDefinition); sourceWeb.AllowUnsafeUpdates = true; try { if (!list.HasUniqueRoleAssignments) { list.BreakRoleInheritance(true); } sourceWeb.AllowUnsafeUpdates = true; list.RoleAssignments.Add(roleAssignment); list.Update(); } finally { sourceWeb.AllowUnsafeUpdates = false; } }
private void CreateSubSiteGroup(SPWeb web, string groupName, SPRoleType roleType, string groupDescription) { var groupInSite = GroupExistsInSiteCollection(web, groupName); if (!groupInSite) { web.AllowUnsafeUpdates = true; web.Update(); web.BreakRoleInheritance(false); SPGroupCollection groups = web.SiteGroups; //for (int i = 0; i < web.SiteAdministrators.Count; i++) //{ // SPUser owner = web.SiteAdministrators[i]; // SPMember member = web.SiteAdministrators[i]; //} SPUser owner = web.SiteAdministrators[0]; SPMember member = web.SiteAdministrators[0]; groups.Add(groupName, member, owner, groupDescription); SPGroup newSPGroup = groups[groupName]; SPRoleDefinition role = web.RoleDefinitions.GetByType(roleType); SPRoleAssignment roleAssignment = new SPRoleAssignment(newSPGroup); roleAssignment.RoleDefinitionBindings.Add(role); web.RoleAssignments.Add(roleAssignment); web.Update(); } }
private void setupWebUserGroup(SPWeb web, string groupName, SPRoleType role, string groupDescription = null) { SPGroup group = null; try { group = web.SiteGroups[groupName]; log.addInformation("Existing Group '" + group.Name + "' found. Will attach to site " + web.ServerRelativeUrl.ToString()); } catch { log.addWarning("'" + groupName + "' Group wasn't found. Will be created."); web.SiteGroups.Add(groupName, web.CurrentUser, web.CurrentUser, groupDescription); group = web.SiteGroups[groupName]; group.RemoveUser(web.CurrentUser); } finally { SPRoleDefinition roleDefinition = web.RoleDefinitions.GetByType(role); SPRoleAssignment roleAssignment = new SPRoleAssignment(group); roleAssignment.RoleDefinitionBindings.Add(roleDefinition); web.RoleAssignments.Add(roleAssignment); web.Update(); } }
public override void FeatureActivated(SPFeatureReceiverProperties properties) { if (properties.Feature.Parent is SPWeb) { try { SPWeb subWeb = (SPWeb)properties.Feature.Parent; if (!subWeb.IsRootWeb && !subWeb.HasUniqueRoleDefinitions) { subWeb.RoleDefinitions.BreakInheritance(true, false); } //subWeb.BreakRoleInheritance(true); SPRoleDefinition guestRole = subWeb.RoleDefinitions.GetByType(SPRoleType.Guest); guestRole.BasePermissions |= SPBasePermissions.EmptyMask | Microsoft.SharePoint.SPBasePermissions.ViewFormPages;// | Microsoft.SharePoint.SPBasePermissions.Open | Microsoft.SharePoint.SPBasePermissions.BrowseUserInfo | Microsoft.SharePoint.SPBasePermissions.UseClientIntegration | Microsoft.SharePoint.SPBasePermissions.UseRemoteAPIs; guestRole.BasePermissions |= SPBasePermissions.UseRemoteAPIs; //guestRole.BasePermissions = Microsoft.SharePoint.SPBasePermissions.ViewFormPages | Microsoft.SharePoint.SPBasePermissions.Open | Microsoft.SharePoint.SPBasePermissions.BrowseUserInfo | Microsoft.SharePoint.SPBasePermissions.UseClientIntegration | Microsoft.SharePoint.SPBasePermissions.UseRemoteAPIs ; guestRole.Update(); //subWeb.AnonymousPermMask64 = Microsoft.SharePoint.SPBasePermissions.ViewListItems | Microsoft.SharePoint.SPBasePermissions.ViewFormPages | Microsoft.SharePoint.SPBasePermissions.Open | Microsoft.SharePoint.SPBasePermissions.ViewPages | Microsoft.SharePoint.SPBasePermissions.UseClientIntegration; subWeb.Update(); } catch (Exception ex) { SPDiagnosticsService.Local.WriteTrace(0, new SPDiagnosticsCategory(ex.Source, TraceSeverity.High, EventSeverity.Error), TraceSeverity.High, ex.Message, ex.Data); //throw; } } }
private void AssignRoles(SPWeb web, SPListItem item, SPRoleDefinition roleDef) { foreach (string principalName in Principals) { SPPrincipalInfo principalInfo = SPUtility.ResolvePrincipal(web.Site.WebApplication, null, principalName, SPPrincipalType.All, SPPrincipalSource.All, false); if (principalInfo != null) { SPRoleAssignment roleAssign = new SPRoleAssignment(principalInfo.LoginName, principalInfo.Email, principalInfo.DisplayName, ""); roleAssign.RoleDefinitionBindings.Add(roleDef); item.RoleAssignments.Add(roleAssign); } else { try { SPPrincipal group = web.SiteGroups[principalName]; SPRoleAssignment roleAssign = new SPRoleAssignment(group); roleAssign.RoleDefinitionBindings.Add(roleDef); item.RoleAssignments.Add(roleAssign); } catch (Exception ex) { SPRoleAssignment roleAssign = new SPRoleAssignment(principalName, "", "", ""); roleAssign.RoleDefinitionBindings.Add(roleDef); item.RoleAssignments.Add(roleAssign); } } } }
private void SetGroupPermissions(SPWeb web, SPGroup group) { SetBaseLinePermissions(web, group); string roleName = ""; switch (Role) { case "owner": roleName = "Full Control"; break; case "member": roleName = "Contribute"; break; default: roleName = "Read"; break; } SPRoleAssignment assignment = new SPRoleAssignment(group); SPRoleDefinition role = web.RoleDefinitions[roleName]; assignment.RoleDefinitionBindings.Add(role); web.RoleAssignments.Add(assignment); }
protected override ActivityExecutionStatus Execute(ActivityExecutionContext executionContext) { SPSecurity.RunWithElevatedPrivileges(delegate() { using (SPSite site = new SPSite(__Context.Site.ID)) { using (SPWeb web = site.AllWebs[__Context.Web.ID]) { SPList list = web.Lists[Helper.GetListGuid(__Context, ListId)]; SPListItem item = list.Items.GetItemById(__ListItem); SPRoleDefinition roleDef = web.RoleDefinitions[RoleName]; if (item.HasUniqueRoleAssignments == false) { item.BreakRoleInheritance(true); } AssignRoles(web, item, roleDef); } } }); return(ActivityExecutionStatus.Closed); }
public static void SetReadOnly(SPListItem item) { SPWeb web = item.Web; bool allowUnsafeUpdates = web.AllowUnsafeUpdates; web.AllowUnsafeUpdates = true; if (!item.HasUniqueRoleAssignments) { item.BreakRoleInheritance(true); } web.AllowUnsafeUpdates = true; SPRoleAssignmentCollection roleAssignments = item.RoleAssignments; int iD = web.Site.SystemAccount.ID; int num2 = (web.AssociatedOwnerGroup != null) ? web.AssociatedOwnerGroup.ID : -1; for (int i = roleAssignments.Count - 1; i > -1; i--) { SPRoleAssignment assignment = roleAssignments[i]; int num4 = assignment.Member.ID; if ((num4 != iD) && (num4 != num2)) { SPRoleDefinitionBindingCollection roleDefinitionBindings = assignment.RoleDefinitionBindings; if ((roleDefinitionBindings.Count != 1) || (roleDefinitionBindings[0].Type != SPRoleType.Reader)) { roleDefinitionBindings.RemoveAll(); SPRoleDefinition byType = web.RoleDefinitions.GetByType(SPRoleType.Reader); roleDefinitionBindings.Add(byType); assignment.Update(); } } } web.AllowUnsafeUpdates = allowUnsafeUpdates; }
/// <summary> /// Adds a user to specified roles on the website /// </summary> /// <param name="SiteWeb">site to which the user will be assigned</param> /// <param name="SiteUser">user to be added. Make sure its Roles collection contains some roles otherwise the user will not be added.</param> private void AddSiteUser(CS4User siteUser) { string siteUrl = System.String.Empty; SPSite site = null; SPWeb siteWeb = null; SPUser spUser = null; foreach (CS4User.UserPermission userPermission in siteUser.UserRoles) { if (siteUrl != userPermission.WebUrl) { siteUrl = userPermission.WebUrl; site = new SPSite(siteUrl); siteWeb = site.OpenWeb(); try { spUser = siteWeb.SiteUsers[siteUser.UserLoginWithDomain]; } catch { //user has not been added to this site yet siteWeb.Users.Add(siteUser.UserLoginWithDomain, siteUser.Email, siteUser.UserName, ""); spUser = siteWeb.SiteUsers[siteUser.UserLoginWithDomain]; } } //siteWeb.Roles[userPermission.Role].AddUser(siteUser.UserLoginWithDomain, siteUser.Email, siteUser.UserName, ""); SPRoleAssignment roleAssignment = new SPRoleAssignment(spUser); SPRoleDefinition roleDefinition = siteWeb.RoleDefinitions[userPermission.Role]; roleAssignment.RoleDefinitionBindings.Add(roleDefinition); siteWeb.RoleAssignments.Add(roleAssignment); } }
public static void AssignRights(SPWeb web, SPFolder folder, object user, string role) { if (user == null) { return; } bool allowUnsafeUpdates = web.AllowUnsafeUpdates; web.AllowUnsafeUpdates = true; SPRoleDefinition roleDefinition = GetRoleDefinition(web, role); if (user is string) { var value2 = new SPFieldUserValue(web, (string)user); AssignRights(web, value2, roleDefinition, folder); } else if (user is SPFieldUserValueCollection) { AssignRights(web, (SPFieldUserValueCollection)user, roleDefinition, folder); } else if (user is SPFieldUserValue) { AssignRights(web, (SPFieldUserValue)user, roleDefinition, folder); } else if (user is SPPrincipal) { AssignRights(web, (SPPrincipal)user, roleDefinition, folder); } else if (user is List <SPPrincipal> ) { AssignRights(web, (List <SPPrincipal>)user, roleDefinition, folder); } web.AllowUnsafeUpdates = allowUnsafeUpdates; }
public static void AddPermissionsToItem(SPWeb web, SPListItem item, Dictionary <SPPrincipal, string[]> assignments) { if (!item.HasUniqueRoleAssignments) { item.BreakRoleInheritance(false); } while (item.RoleAssignments.Count > 0) { item.RoleAssignments.Remove(0); } foreach (SPPrincipal principal in assignments.Keys) { foreach (string itemAssignment in assignments[principal]) { SPRoleDefinition roleDef = GetPermissionLevel(web, itemAssignment); if (roleDef == null) { continue; } SPRoleAssignment roleAssignment = new SPRoleAssignment(principal); roleAssignment.RoleDefinitionBindings.Add(roleDef); item.RoleAssignments.Add(roleAssignment); } } //item.Update(); }
private void AddCustomPermissions(SPListItem myItem, SPWeb web) { // Give Contribute to the author SPRoleDefinition roledefinition = web.RoleDefinitions.GetByType(SPRoleType.Contributor); SPRoleAssignment roleAssignment = new SPRoleAssignment(GetSPUser(myItem, "Author")); roleAssignment.RoleDefinitionBindings.Add(roledefinition); myItem.RoleAssignments.Add(roleAssignment); // Give Read to anyone that the item has been shared with if (myItem["SharedWith"] != null) { SPFieldUserValueCollection values = (SPFieldUserValueCollection)myItem["SharedWith"]; foreach (SPFieldUserValue value in values) { // Get a user from the key var sharedUser = value.User; // Change our role definition to Read roledefinition = web.RoleDefinitions.GetByType(SPRoleType.Reader); // Change our role assignment to the new user roleAssignment = new SPRoleAssignment(sharedUser); // Bind the new role roleAssignment.RoleDefinitionBindings.Add(roledefinition); myItem.RoleAssignments.Add(roleAssignment); } } }
private void UpdatePrincipal(SPWeb web, XmlNode principalGroupNode, string principalName, SPRoleAssignment roleAssignment) { XmlNodeList roleNodes = principalGroupNode.SelectNodes("role"); foreach (XmlNode roleNode in roleNodes) { string roleName = roleNode.Attributes["name"].Value; if (roleName.ToLower().Equals("limited access")) { roleName = "Limited User"; } bool found = false; foreach (SPRoleDefinition roleDefinition in roleAssignment.RoleDefinitionBindings) { if (roleDefinition.Name.ToLower().Equals(roleName.ToLower())) { found = true; } } if (!found) { output.Append(string.Format("role: {0,15} missing for principal: {1,20}, adding new...", roleName, principalName)); SPRoleDefinition role = web.RoleDefinitions[roleName]; roleAssignment.RoleDefinitionBindings.Add(role); roleAssignment.Update(); output.Append("completed" + Environment.NewLine); } } }
public RoleDefinitionNode(SPRoleDefinition roleDef) { this.Tag = roleDef; this.SPParent = roleDef.ParentWeb; this.Setup(); this.Nodes.Add(new ExplorerNodeBase("Dummy")); }
public static void AssignPermissions(this SPSecurableObject securableObject, SPPrincipal principal, SPRoleDefinition roleDefinition, bool replaceAllDefinitions = false, bool copyRoleAssignments = false, bool clearSubscopes = true) { if (securableObject is SPWeb) { if (!securableObject.HasUniqueRoleAssignments) { securableObject.BreakRoleInheritance(copyRoleAssignments, clearSubscopes); } } else { securableObject.BreakRoleInheritance(copyRoleAssignments, clearSubscopes); } SPRoleAssignment roleAssignment = GetAssignment(securableObject, principal); if (roleAssignment != null) { if (replaceAllDefinitions) { roleAssignment.RoleDefinitionBindings.RemoveAll(); roleAssignment.RoleDefinitionBindings.Add(roleDefinition); } else { if (!roleAssignment.RoleDefinitionBindings.Contains(roleDefinition)) { roleAssignment.RoleDefinitionBindings.Add(roleDefinition); } } try { roleAssignment.Update(); } catch (ArgumentException) { //Note: fix for 'Cannot update a permission level assignment that is not part of a permission level assignment collection.' securableObject.RoleAssignments.Add(roleAssignment); } } else { roleAssignment = new SPRoleAssignment(principal); if (!roleAssignment.RoleDefinitionBindings.Contains(roleDefinition)) { roleAssignment.RoleDefinitionBindings.Add(roleDefinition); } securableObject.RoleAssignments.Add(roleAssignment); } }
protected void assign_role(SPSite site, SPListItem item, SPListItem project, string field_name, string field_guid, SPRoleDefinition definition) { try { string value = project[field_name].ToString(); SPFieldUserValue field_user_value = (SPFieldUserValue)project.Fields[new Guid(field_guid)].GetFieldValue(value); bind_role(item, field_user_value.User, definition); } catch (Exception ex) { log(site, "为项目【" + project["Title"] + "】的【" + field_name + "】的文档授权时发生错误", "错误", ex.ToString()); } }
protected void bind_role(SPListItem item, SPPrincipal principal, SPRoleDefinition definition) { try { SPRoleAssignment assignment = new SPRoleAssignment(principal); assignment.RoleDefinitionBindings.Add(definition); item.RoleAssignments.Add(assignment); } catch (Exception ex) { throw ex; } }
/// <summary> /// 为某个SPPrincipal赋于针对某个SPListItem的权限. 权限由rd来决定. /// </summary> /// <param name="item">某个需要赋于权限的SPListItem</param> /// <param name="spPrincipalName">用户登录名称或者是MOSS User Group, 如果是EMail地址, 则略过</param> /// <param name="rd">需要赋于的权限级别名称</param> public static void AddRoleAssignmentToListItem(SPListItem item, string spPrincipalName, SPRoleDefinition rd) { // 表明这个LoginName是电子邮件地址类型:SmtpAddress if (spPrincipalName.IndexOf("@") >= 0) return; SPRoleAssignment ra = null; // 如果spPrincipalName里面包含\, 则表示是一个AccountId, 否则是一个SPGroup if (spPrincipalName.IndexOf("\\") >= 0) ra = new SPRoleAssignment(spPrincipalName, string.Empty, string.Empty, string.Empty); else { try { SPGroup group = item.Web.Groups[spPrincipalName]; if (group != null) { ra = new SPRoleAssignment(group); } } catch { } } if (ra == null) return; SPRoleDefinition rd_temp = null; // 特别处理的地方:rd在创建并添加到Web.RoleDefinitions之后, 还不能直接使用rd这个变量,可能是复制了一个副本,然后再添加到Collection中去的,所以这里需要从Collection中查找副本, 然后再对其进行引用 // 不可以直接写为: ra.RoleDefinitionBindings.Add(rd) ; 会报错称不能使用Web中未定义的RD // 这个问题的本质原因在于创建类RoleDefinition之后, 前面拿到的SPWeb不会同步更新, 重新打开SPWeb就可以解决问题 for (int index = 0; index < item.Web.RoleDefinitions.Count; index++) if (item.Web.RoleDefinitions[index].Name.ToLower() == rd.Name.ToLower()) rd_temp = item.Web.Site.RootWeb.RoleDefinitions[index]; ra.RoleDefinitionBindings.Add(rd_temp); item.BreakRoleInheritance(false); item.RoleAssignments.Add(ra); }
static void CreateANewRoleDefinition() { //Show whats out there already for Permissions... Dictionary<int, string> PermissionsDictionary = new Dictionary<int, string>(); Console.WriteLine("Possible permissions from the SPBasePermissions set."); int counter = 0; foreach (SPBasePermissions kind in Enum.GetValues(typeof(SPBasePermissions))) { counter++; PermissionsDictionary.Add(counter, Enum.GetName(typeof(SPBasePermissions), kind)); } foreach (KeyValuePair<int, string> entry in PermissionsDictionary) { Console.WriteLine("{0,-5}: {1,-30}", entry.Key, entry.Value); } Console.WriteLine("** END of current permissions**"); SPSecurity.RunWithElevatedPrivileges(delegate () { //Lets's create the new RoleDefinition with 5 Permissions... SPSite mySite = new SPSite("http://abcuniversity/_layouts/15/start.aspx"); SPWeb myWeb = mySite.OpenWeb(); Console.WriteLine("Lets create a new role definition from 5 existing permissions!"); SPRoleDefinition newRoleDefinition = new SPRoleDefinition(); for (int i = 0; i < 5; i++) { Console.Write("New permission #{0}: Choose a number -> ", i + 1); int newPermissionNumberFromCollection = int.Parse(Console.ReadLine()); string newPermissionString = PermissionsDictionary[newPermissionNumberFromCollection].ToString(); SPBasePermissions actualPermission = (SPBasePermissions)Enum.Parse(typeof(SPBasePermissions), newPermissionString); newRoleDefinition.BasePermissions |= actualPermission; } //The loop is the same as doing "newRoleDefinition.BasePermissions = SPBasePermissions.FirstNewOne | // SPBasePermissions.SecondNewOne | SPBasePermissions.ThirdNewOne | etc... Console.Write("Name your new role ->"); string roleName = Console.ReadLine(); newRoleDefinition.Name = roleName; newRoleDefinition.Description = string.Format("A new role created from Visual Studio"); try { mySite.RootWeb.RoleDefinitions.Add(newRoleDefinition); Console.WriteLine("New role added: {0}", newRoleDefinition); } catch (Exception ex) { Console.WriteLine("Role not added: {0}", ex.Message); } //Clean up your mess myWeb.Dispose(); }); }
/// <summary> /// Adds the role definitions. /// </summary> /// <param name="web">The web.</param> /// <param name="roleAssignment">The role assignment.</param> /// <param name="roleAssignmentElement">The role assignment element.</param> /// <returns></returns> private static bool AddRoleDefinitions(SPWeb web, SPRoleAssignment roleAssignment, XmlElement roleAssignmentElement) { bool modified = false; foreach (XmlElement roleDefinitionElement in roleAssignmentElement.SelectNodes("RoleDefinitionBindings/RoleDefinition")) { string name = roleDefinitionElement.GetAttribute("Name"); if (name == "Limited Access") continue; SPRoleDefinition existingRoleDef = null; try { existingRoleDef = web.RoleDefinitions[name]; } catch (Exception) { } if (existingRoleDef == null) { Logger.Write("Progress: Adding new Role Definition \"{0}\".", name); SPBasePermissions perms = SPBasePermissions.EmptyMask; foreach (string perm in roleDefinitionElement.GetAttribute("BasePermissions").Split(',')) { perms = perms | (SPBasePermissions)Enum.Parse(typeof(SPBasePermissions), perm, true); } existingRoleDef = new SPRoleDefinition(); existingRoleDef.Name = name; existingRoleDef.BasePermissions = perms; existingRoleDef.Description = roleDefinitionElement.GetAttribute("Description"); existingRoleDef.Order = int.Parse(roleDefinitionElement.GetAttribute("Order")); existingRoleDef.Update(); SPWeb tempWeb = web; while (!tempWeb.HasUniqueRoleDefinitions) tempWeb = tempWeb.ParentWeb; tempWeb.RoleDefinitions.Add(existingRoleDef); } if (!roleAssignment.RoleDefinitionBindings.Contains(existingRoleDef)) { roleAssignment.RoleDefinitionBindings.Add(existingRoleDef); modified = true; } } List<SPRoleDefinition> roleDefsToRemove = new List<SPRoleDefinition>(); foreach (SPRoleDefinition roleDef in roleAssignment.RoleDefinitionBindings) { if (roleDef.Name == "Limited Access") continue; bool found = false; foreach (XmlElement roleDefinitionElement in roleAssignmentElement.SelectNodes("RoleDefinitionBindings/RoleDefinition")) { if (roleDef.Name == roleDefinitionElement.GetAttribute("Name")) { found = true; break; } } if (!found) { roleDefsToRemove.Add(roleDef); modified = true; } } foreach (SPRoleDefinition roleDef in roleDefsToRemove) { Logger.Write("Progress: Removing '{0}' from '{1}'", roleDef.Name, roleAssignment.Member.Name); roleAssignment.RoleDefinitionBindings.Remove(roleDef); } return modified; }
static void CopyAndCustomizeARoleDefinition() { SPSecurity.RunWithElevatedPrivileges(delegate () { //Get an existing roledefinition SPSite mySite = new SPSite("http://abcuniversity/_layouts/15/start.aspx"); SPWeb myWeb = mySite.OpenWeb(); //Get existingroledefinitions Console.WriteLine("Here's the role definitions we have so far."); foreach(SPRoleDefinition role in mySite.RootWeb.RoleDefinitions) { Console.WriteLine("{0}'\n'{1}'\n", role.Name, role.Description); } Console.Write("Hit any key to continue..."); Console.Read(); //create role definition SPRoleDefinition definitionToCopy = mySite.RootWeb.RoleDefinitions["Read"]; definitionToCopy.Name = "Designer Reader"; definitionToCopy.Description = "Owns all Read permissions, plus the ability to configure CSS," + "Themes, and Borders"; //Copy the exisitng definition...with the constructor! SPRoleDefinition newDefinition = new SPRoleDefinition(definitionToCopy); Console.WriteLine("Current permissions NOT configured for {0} level:", definitionToCopy.Name); foreach (SPBasePermissions permission in Enum.GetValues(typeof(SPBasePermissions))) { if(!definitionToCopy.BasePermissions.HasFlag(permission)) { Console.WriteLine(permission.ToString()); } Console.WriteLine("Hit any key to continue and add two new permissions...");Console.Read(); //So lets add a couple of those to our new definition newDefinition.BasePermissions |= SPBasePermissions.ApplyStyleSheets; newDefinition.BasePermissions |= SPBasePermissions.ApplyThemeAndBorder; try { mySite.RootWeb.RoleDefinitions.Add(newDefinition); Console.WriteLine("New role added: {0}", newDefinition.Name); } catch (Exception ex) { Console.WriteLine("Role not added: {0}", ex.Message); } //Clean up your mess myWeb.Dispose(); } }); }
public void AddRoleDefinitions() { bool hasProjectManagerRole = false; bool hasMapManagerRole = false; bool hasAuthorRole = false; bool hasReaderRole = false; foreach (SPRoleDefinition definition in Site.RoleDefinitions) { if (definition.Name == GlymaProjectManagerRoleName) { hasProjectManagerRole = true; } if (definition.Name == GlymaMapManagerRoleName) { hasMapManagerRole = true; } if (definition.Name == GlymaAuthorRoleName) { hasAuthorRole = true; } if (definition.Name == GlymaReaderRoleName) { hasReaderRole = true; } if (hasProjectManagerRole && hasMapManagerRole && hasReaderRole && hasAuthorRole) { break; } } if (!hasProjectManagerRole) { SPRoleDefinition glymaProjectManagerRole = new SPRoleDefinition(); glymaProjectManagerRole.Name = GlymaProjectManagerRoleName; glymaProjectManagerRole.Description = "Users have access to create and modify projects in a Glyma map database."; glymaProjectManagerRole.BasePermissions = SPBasePermissions.EmptyMask; Site.RoleDefinitions.Add(glymaProjectManagerRole); } if (!hasMapManagerRole) { SPRoleDefinition glymaMapManagerRole = new SPRoleDefinition(); glymaMapManagerRole.Name = GlymaMapManagerRoleName; glymaMapManagerRole.Description = "Users have access to create and modify root maps in a Glyma Project."; glymaMapManagerRole.BasePermissions = SPBasePermissions.EmptyMask; Site.RoleDefinitions.Add(glymaMapManagerRole); } if (!hasAuthorRole) { SPRoleDefinition glymaAuthorRole = new SPRoleDefinition(); glymaAuthorRole.Name = GlymaAuthorRoleName; glymaAuthorRole.Description = "Users have access to create and modify Glyma maps."; glymaAuthorRole.BasePermissions = SPBasePermissions.EmptyMask; Site.RoleDefinitions.Add(glymaAuthorRole); } if (!hasReaderRole) { SPRoleDefinition glymaReaderRole = new SPRoleDefinition(); glymaReaderRole.Name = GlymaReaderRoleName; glymaReaderRole.Description = "Users have access to read Glyma maps."; glymaReaderRole.BasePermissions = SPBasePermissions.EmptyMask; Site.RoleDefinitions.Add(glymaReaderRole); } SPPropertyBag propertyBag = Site.Properties; propertyBag["Glyma.RolesDefined"] = "true"; propertyBag.Update(); if (!hasReaderRole || !hasAuthorRole) { Site.Update(); } }
private static SPRoleDefinition CreateModifyFileRoleDefinition(SPWeb web) { SPRoleDefinition result = new SPRoleDefinition(); result.Name = SPRoleDefinationName_ModifyFile; result.BasePermissions = SPBasePermissions.EditListItems | SPBasePermissions.OpenItems | SPBasePermissions.ViewListItems | SPBasePermissions.ManagePermissions | SPBasePermissions.AddListItems | SPBasePermissions.DeleteListItems | SPBasePermissions.ViewPages | SPBasePermissions.Open; //SPBasePermissions web.Site.RootWeb.RoleDefinitions.Add(result); return result; }
/// <summary> 在SPWeb上创建只包括查看权限的权限级别定义</summary> /// <param name="web">站点对应的SPWeb</param> /// <returns></returns> private static SPRoleDefinition CreateViewListItemsRoleDefinition(SPWeb web) { SPRoleDefinition result = new SPRoleDefinition(); result.Name = SPRoleDefinationName_ViewListItem; result.BasePermissions = // Edit By Leo @ 23:02 2007-11-26. OpenItems权限使得User可以将文档下载到本地进行编辑, 应该禁用掉. //SPBasePermissions.OpenItems | SPBasePermissions.ViewListItems; web.Site.RootWeb.RoleDefinitions.Add(result); return result; }
protected override void ProcessRecord() { base.ProcessRecord(); SPWeb webToConfigure = GetRootWebFromIdentity(Identity); if (webToConfigure == null) { WriteWarning("No valid 'Identity' specified. Identity must be a SPSite, SPWeb, site/web URL, or site colleciton ID."); } bool hasProjectManagerRole = false; bool hasMapManagerRole = false; bool hasAuthorRole = false; bool hasReaderRole = false; foreach (SPRoleDefinition definition in webToConfigure.RoleDefinitions) { if (definition.Name == GlymaProjectManagerRoleName) { hasProjectManagerRole = true; } if (definition.Name == GlymaMapManagerRoleName) { hasMapManagerRole = true; } if (definition.Name == GlymaAuthorRoleName) { hasAuthorRole = true; } if (definition.Name == GlymaReaderRoleName) { hasReaderRole = true; } if (hasProjectManagerRole && hasMapManagerRole && hasReaderRole && hasAuthorRole) { break; } } if (!hasProjectManagerRole) { SPRoleDefinition glymaProjectManagerRole = new SPRoleDefinition(); glymaProjectManagerRole.Name = GlymaProjectManagerRoleName; glymaProjectManagerRole.Description = "Users have access to create and modify projects in a Glyma map database."; glymaProjectManagerRole.BasePermissions = SPBasePermissions.EmptyMask; webToConfigure.RoleDefinitions.Add(glymaProjectManagerRole); } if (!hasMapManagerRole) { SPRoleDefinition glymaMapManagerRole = new SPRoleDefinition(); glymaMapManagerRole.Name = GlymaMapManagerRoleName; glymaMapManagerRole.Description = "Users have access to create and modify root maps in a Glyma Project."; glymaMapManagerRole.BasePermissions = SPBasePermissions.EmptyMask; webToConfigure.RoleDefinitions.Add(glymaMapManagerRole); } if (!hasAuthorRole) { SPRoleDefinition glymaAuthorRole = new SPRoleDefinition(); glymaAuthorRole.Name = GlymaAuthorRoleName; glymaAuthorRole.Description = "Users have access to create and modify Glyma maps."; glymaAuthorRole.BasePermissions = SPBasePermissions.EmptyMask; webToConfigure.RoleDefinitions.Add(glymaAuthorRole); } if (!hasReaderRole) { SPRoleDefinition glymaReaderRole = new SPRoleDefinition(); glymaReaderRole.Name = GlymaReaderRoleName; glymaReaderRole.Description = "Users have access to read Glyma maps."; glymaReaderRole.BasePermissions = SPBasePermissions.EmptyMask; webToConfigure.RoleDefinitions.Add(glymaReaderRole); } SPPropertyBag propertyBag = webToConfigure.Properties; propertyBag["Glyma.RolesDefined"] = "true"; propertyBag.Update(); if (!hasReaderRole || !hasAuthorRole) { webToConfigure.Update(); } }
public SPDGServerRoleDefinition(SPRoleDefinition spRoleDefinition) { _spRoleDefinition = spRoleDefinition; }