/// <summary>
/// Adds a given permission to the root SPWeb of a given SPSite, if it doesn't exist.
/// An optional set of base permissions are added to the permission.
/// </summary>
///
/// <param name="spSiteGuid">The GUID of the SPSite to add permissions to the root SPWeb of.
/// </param>
///
/// <param name="permissionName">The name of the permission to create.</param>
///
/// <param name="permissionDescription">The description of the permission to create.</param>
///
/// <param name="basePermissionsToAdd">Base permissions to add to the permission. Use 0 if
/// no base permissions need to be added.</param>
///
static void CreatePermission(Guid spSiteGuid, string permissionName,
string permissionDescription, SPBasePermissions basePermissionsToAdd)
{
SPSecurity.RunWithElevatedPrivileges(delegate()
{
using (SPSite spSite = new SPSite(spSiteGuid))
{
using (SPWeb rootWeb = spSite.RootWeb)
{
SPRoleDefinitionCollection roleDefs = rootWeb.RoleDefinitions;
try
{
SPRoleDefinition roleDef = roleDefs[permissionName];
roleDef.BasePermissions |= basePermissionsToAdd;
roleDef.Update();
// permission already exists
}
catch (SPException)
{
// permission doesn't exist -- create it
SPRoleDefinition roleDef = new SPRoleDefinition();
roleDef.Name = permissionName;
roleDef.Description = permissionDescription;
roleDef.BasePermissions |= basePermissionsToAdd;
roleDefs.Add(roleDef);
}
}
}
});
}
public override bool Perform()
{
LogMessage("Removing management of personal views from Contribute2 permission level", 2);
try
{
Web.AllowUnsafeUpdates = true;
SPRoleDefinition roleDef = Web.RoleDefinitions["Contribute2"];
if (roleDef.BasePermissions.ToString().Contains(SPBasePermissions.ManagePersonalViews.ToString()))
{
roleDef.BasePermissions &= ~SPBasePermissions.ManagePersonalViews;
roleDef.Update();
Web.Update();
LogMessage("Removed management of personal views from Contribute2 permission level", MessageKind.SUCCESS, 4);
}
else
{
LogMessage("Management of personal views already removed from Contribute2 permission level.", MessageKind.SKIPPED, 4);
}
Web.AllowUnsafeUpdates = false;
}
catch (Exception ex)
{
LogMessage(ex.Message, MessageKind.FAILURE, 4);
}
return(true);
}
private void EnableFormsLockDown(SPFeatureReceiverProperties properties)
{
if (properties.Feature.Parent is SPSite)
{
SPSite site = (SPSite)properties.Feature.Parent;
foreach (SPWeb web in site.AllWebs)
{
try
{
//SPWeb rootWeb = site.RootWeb;
SPRoleDefinition guestRole = web.RoleDefinitions.GetByType(SPRoleType.Guest);
guestRole.BasePermissions &= ~(SPBasePermissions.EmptyMask | SPBasePermissions.ViewFormPages);
guestRole.BasePermissions &= ~SPBasePermissions.UseRemoteAPIs;
guestRole.BasePermissions |= SPBasePermissions.ViewVersions;
guestRole.Update();
SPBasePermissions guest = guestRole.BasePermissions;
web.AnonymousPermMask64 &= ~(SPBasePermissions.UseRemoteAPIs | SPBasePermissions.ViewFormPages);
web.Update();
web.AnonymousPermMask64 |= SPBasePermissions.ViewVersions;
web.Update();
SPBasePermissions permissions = web.AnonymousPermMask64;
}
catch (Exception ex)
{
SPDiagnosticsService.Local.WriteTrace(0, new SPDiagnosticsCategory(ex.Source, TraceSeverity.High, EventSeverity.Error), TraceSeverity.High, ex.Message, ex.Data);
}
}
}
}
public override void FeatureActivated(SPFeatureReceiverProperties properties)
{
if (properties.Feature.Parent is SPWeb)
{
try
{
SPWeb subWeb = (SPWeb)properties.Feature.Parent;
if (!subWeb.IsRootWeb && !subWeb.HasUniqueRoleDefinitions)
{
subWeb.RoleDefinitions.BreakInheritance(true, false);
}
//subWeb.BreakRoleInheritance(true);
SPRoleDefinition guestRole = subWeb.RoleDefinitions.GetByType(SPRoleType.Guest);
guestRole.BasePermissions |= SPBasePermissions.EmptyMask | Microsoft.SharePoint.SPBasePermissions.ViewFormPages;// | Microsoft.SharePoint.SPBasePermissions.Open | Microsoft.SharePoint.SPBasePermissions.BrowseUserInfo | Microsoft.SharePoint.SPBasePermissions.UseClientIntegration | Microsoft.SharePoint.SPBasePermissions.UseRemoteAPIs;
guestRole.BasePermissions |= SPBasePermissions.UseRemoteAPIs;
//guestRole.BasePermissions = Microsoft.SharePoint.SPBasePermissions.ViewFormPages | Microsoft.SharePoint.SPBasePermissions.Open | Microsoft.SharePoint.SPBasePermissions.BrowseUserInfo | Microsoft.SharePoint.SPBasePermissions.UseClientIntegration | Microsoft.SharePoint.SPBasePermissions.UseRemoteAPIs ;
guestRole.Update();
//subWeb.AnonymousPermMask64 = Microsoft.SharePoint.SPBasePermissions.ViewListItems | Microsoft.SharePoint.SPBasePermissions.ViewFormPages | Microsoft.SharePoint.SPBasePermissions.Open | Microsoft.SharePoint.SPBasePermissions.ViewPages | Microsoft.SharePoint.SPBasePermissions.UseClientIntegration;
subWeb.Update();
}
catch (Exception ex)
{
SPDiagnosticsService.Local.WriteTrace(0, new SPDiagnosticsCategory(ex.Source, TraceSeverity.High, EventSeverity.Error), TraceSeverity.High, ex.Message, ex.Data);
//throw;
}
}
}
public override void FeatureDeactivating(SPFeatureReceiverProperties properties)
{
if (properties.Feature.Parent is SPWeb)
{
try
{
SPWeb web = (SPWeb)properties.Feature.Parent;
SPRoleDefinition guestRole = web.RoleDefinitions.GetByType(SPRoleType.Guest);
guestRole.BasePermissions &= ~(SPBasePermissions.EmptyMask | SPBasePermissions.ViewFormPages);
guestRole.BasePermissions &= ~SPBasePermissions.UseRemoteAPIs;
guestRole.BasePermissions |= SPBasePermissions.ViewVersions;
guestRole.Update();
web.AnonymousPermMask64 &= ~(SPBasePermissions.UseRemoteAPIs | SPBasePermissions.ViewFormPages);// | SPBasePermissions.ViewVersions);
web.AnonymousPermMask64 |= SPBasePermissions.ViewVersions;
web.Update();
}
catch (Exception ex)
{
SPDiagnosticsService.Local.WriteTrace(0, new SPDiagnosticsCategory(ex.Source, TraceSeverity.High, EventSeverity.Error), TraceSeverity.High, ex.Message, ex.Data);
//throw;
}
}
//SPSecurity.RunWithElevatedPrivileges(() =>
//{
try
{
SPSecurity.CatchAccessDeniedException = true;
/*
* Guid id = ((SPWeb)properties.Feature.Parent).Site.ID;
* SPSite site = new SPSite(id);
* SPWebApplication webApp = site.WebApplication;
*
* if (webApp != null)
* {
* webApp.UpdateMappedPage(SPWebApplication.SPCustomPage.AccessDenied, "Error/" + HttpStatusCode.Unauthorized.ToString() + ".aspx;");
* //web.Site.WebApplication.UpdateMappedPage(SPWebApplication.SPCustomPage.Confirmation, "");
* webApp.UpdateMappedPage(SPWebApplication.SPCustomPage.Error, "Error/" + HttpStatusCode.BadRequest.ToString() + ".aspx;");
* webApp.UpdateMappedPage(SPWebApplication.SPCustomPage.Login, "Error/" + HttpStatusCode.Forbidden.ToString() + ".aspx;");
* //web.Site.WebApplication.UpdateMappedPage(SPWebApplication.SPCustomPage.RequestAccess, String.Format("{0}:{1};", "ErrorPage", "Error/" + HttpStatusCode.Forbidden.ToString() + ".aspx;"));
* //web.Site.WebApplication.UpdateMappedPage(SPWebApplication.SPCustomPage.Signout, "");
* webApp.UpdateMappedPage(SPWebApplication.SPCustomPage.WebDeleted, "Error/" + HttpStatusCode.Gone.ToString() + ".aspx;");
*
* webApp.Update(false);
* }
*/
}
catch (Exception ex)
{
SPDiagnosticsService.Local.WriteTrace(0, new SPDiagnosticsCategory(ex.Source, TraceSeverity.High, EventSeverity.Error), TraceSeverity.High, ex.Message, ex.Data);
}
//});
}
internal static SPRoleDefinition SetRoleDefinitionOrder(SPWeb rootWeb, SPRoleType roleType, int order)
{
SPRoleDefinition byType = null;
try
{
byType = rootWeb.RoleDefinitions.GetByType(roleType);
byType.Order = order;
byType.Update();
}
catch (Exception ex)
{
SPDiagnosticsService.Local.WriteTrace(0, new SPDiagnosticsCategory(ex.Source, TraceSeverity.High, EventSeverity.Error), TraceSeverity.High, ex.Message, ex.Data);
}
return(byType);
}
private void DisableFormsLockDown(SPFeatureReceiverProperties properties)
{
if (properties.Feature.Parent is SPSite)
{
try
{
SPSite site = (SPSite)properties.Feature.Parent;
SPWeb rootWeb = site.RootWeb;
SPRoleDefinition guestRole = rootWeb.RoleDefinitions.GetByType(SPRoleType.Guest);
guestRole.BasePermissions |= SPBasePermissions.EmptyMask | Microsoft.SharePoint.SPBasePermissions.ViewFormPages;// | Microsoft.SharePoint.SPBasePermissions.Open | Microsoft.SharePoint.SPBasePermissions.BrowseUserInfo | Microsoft.SharePoint.SPBasePermissions.UseClientIntegration | Microsoft.SharePoint.SPBasePermissions.UseRemoteAPIs;
guestRole.BasePermissions |= SPBasePermissions.UseRemoteAPIs;
guestRole.Update();
//rootWeb.AnonymousPermMask64 = Microsoft.SharePoint.SPBasePermissions.ViewListItems | Microsoft.SharePoint.SPBasePermissions.ViewVersions | Microsoft.SharePoint.SPBasePermissions.ViewFormPages | Microsoft.SharePoint.SPBasePermissions.Open | Microsoft.SharePoint.SPBasePermissions.ViewPages | Microsoft.SharePoint.SPBasePermissions.UseClientIntegration;
rootWeb.Update();
}
catch (Exception ex)
{
SPDiagnosticsService.Local.WriteTrace(0, new SPDiagnosticsCategory(ex.Source, TraceSeverity.High, EventSeverity.Error), TraceSeverity.High, ex.Message, ex.Data);
//ex.ToString();
}
}
}
/// <summary>
/// Adds the role definitions.
/// </summary>
/// <param name="web">The web.</param>
/// <param name="roleAssignment">The role assignment.</param>
/// <param name="roleAssignmentElement">The role assignment element.</param>
/// <returns></returns>
private static bool AddRoleDefinitions(SPWeb web, SPRoleAssignment roleAssignment, XmlElement roleAssignmentElement)
{
bool modified = false;
foreach (XmlElement roleDefinitionElement in roleAssignmentElement.SelectNodes("RoleDefinitionBindings/RoleDefinition"))
{
string name = roleDefinitionElement.GetAttribute("Name");
if (name == "Limited Access")
continue;
SPRoleDefinition existingRoleDef = null;
try
{
existingRoleDef = web.RoleDefinitions[name];
}
catch (Exception) { }
if (existingRoleDef == null)
{
Logger.Write("Progress: Adding new Role Definition \"{0}\".", name);
SPBasePermissions perms = SPBasePermissions.EmptyMask;
foreach (string perm in roleDefinitionElement.GetAttribute("BasePermissions").Split(','))
{
perms = perms | (SPBasePermissions)Enum.Parse(typeof(SPBasePermissions), perm, true);
}
existingRoleDef = new SPRoleDefinition();
existingRoleDef.Name = name;
existingRoleDef.BasePermissions = perms;
existingRoleDef.Description = roleDefinitionElement.GetAttribute("Description");
existingRoleDef.Order = int.Parse(roleDefinitionElement.GetAttribute("Order"));
existingRoleDef.Update();
SPWeb tempWeb = web;
while (!tempWeb.HasUniqueRoleDefinitions)
tempWeb = tempWeb.ParentWeb;
tempWeb.RoleDefinitions.Add(existingRoleDef);
}
if (!roleAssignment.RoleDefinitionBindings.Contains(existingRoleDef))
{
roleAssignment.RoleDefinitionBindings.Add(existingRoleDef);
modified = true;
}
}
List<SPRoleDefinition> roleDefsToRemove = new List<SPRoleDefinition>();
foreach (SPRoleDefinition roleDef in roleAssignment.RoleDefinitionBindings)
{
if (roleDef.Name == "Limited Access")
continue;
bool found = false;
foreach (XmlElement roleDefinitionElement in roleAssignmentElement.SelectNodes("RoleDefinitionBindings/RoleDefinition"))
{
if (roleDef.Name == roleDefinitionElement.GetAttribute("Name"))
{
found = true;
break;
}
}
if (!found)
{
roleDefsToRemove.Add(roleDef);
modified = true;
}
}
foreach (SPRoleDefinition roleDef in roleDefsToRemove)
{
Logger.Write("Progress: Removing '{0}' from '{1}'", roleDef.Name, roleAssignment.Member.Name);
roleAssignment.RoleDefinitionBindings.Remove(roleDef);
}
return modified;
}
/// <summary>
/// Adds the role definitions.
/// </summary>
/// <param name="web">The web.</param>
/// <param name="roleAssignment">The role assignment.</param>
/// <param name="roleAssignmentElement">The role assignment element.</param>
/// <returns></returns>
private static bool AddRoleDefinitions(SPWeb web, SPRoleAssignment roleAssignment, XmlElement roleAssignmentElement)
{
bool modified = false;
foreach (XmlElement roleDefinitionElement in roleAssignmentElement.SelectNodes("RoleDefinitionBindings/RoleDefinition"))
{
string name = roleDefinitionElement.GetAttribute("Name");
if (name == "Limited Access")
{
continue;
}
SPRoleDefinition existingRoleDef = null;
try
{
existingRoleDef = web.RoleDefinitions[name];
}
catch (Exception) { }
if (existingRoleDef == null)
{
Logger.Write("Progress: Adding new Role Definition \"{0}\".", name);
SPBasePermissions perms = SPBasePermissions.EmptyMask;
foreach (string perm in roleDefinitionElement.GetAttribute("BasePermissions").Split(','))
{
perms = perms | (SPBasePermissions)Enum.Parse(typeof(SPBasePermissions), perm, true);
}
existingRoleDef = new SPRoleDefinition();
existingRoleDef.Name = name;
existingRoleDef.BasePermissions = perms;
existingRoleDef.Description = roleDefinitionElement.GetAttribute("Description");
existingRoleDef.Order = int.Parse(roleDefinitionElement.GetAttribute("Order"));
existingRoleDef.Update();
SPWeb tempWeb = web;
while (!tempWeb.HasUniqueRoleDefinitions)
{
tempWeb = tempWeb.ParentWeb;
}
tempWeb.RoleDefinitions.Add(existingRoleDef);
}
if (!roleAssignment.RoleDefinitionBindings.Contains(existingRoleDef))
{
roleAssignment.RoleDefinitionBindings.Add(existingRoleDef);
modified = true;
}
}
List <SPRoleDefinition> roleDefsToRemove = new List <SPRoleDefinition>();
foreach (SPRoleDefinition roleDef in roleAssignment.RoleDefinitionBindings)
{
if (roleDef.Name == "Limited Access")
{
continue;
}
bool found = false;
foreach (XmlElement roleDefinitionElement in roleAssignmentElement.SelectNodes("RoleDefinitionBindings/RoleDefinition"))
{
if (roleDef.Name == roleDefinitionElement.GetAttribute("Name"))
{
found = true;
break;
}
}
if (!found)
{
roleDefsToRemove.Add(roleDef);
modified = true;
}
}
foreach (SPRoleDefinition roleDef in roleDefsToRemove)
{
Logger.Write("Progress: Removing '{0}' from '{1}'", roleDef.Name, roleAssignment.Member.Name);
roleAssignment.RoleDefinitionBindings.Remove(roleDef);
}
return(modified);
}
/// <summary>
/// 创建子项目按钮事件
/// </summary>
/// <param name="sender">The source of the event.</param>
/// <param name="e">The <see cref="EventArgs"/> instance containing the event data.</param>
protected void btnCreateSite_Click(object sender, EventArgs e)
{
try
{
SPSite site = SPContext.Current.Web.Site;
//string spwt = SPWebTemplate.WebTemplateSTS;//默认选择工作组网站模板
SPWeb web = site.OpenWeb("/");
web.AllowUnsafeUpdates = true;
SPMember memUser = web.Users[0];
SPUser suser = web.Users[0];
//新建组
//web.SiteGroups.Add("skyteam3", memUser, suser, "new skyteam");
//web.SiteGroups["skyteam3"].AddUser("adr\\administrator", "[email protected]", "蔡", "系统维修人员");
//web.Groups["skyteam2"].AddUser("adr\\pccai", "[email protected]", "蔡", "系统维修人员");
//新建子站点
string currentTemplate = web.WebTemplate;
//web.Webs.Add("Test2", "站点名称2", "站点描述2", 2052, "_GLOBAL_#0", true, false);
//打开子站点
SPWeb web2 = site.OpenWeb("Projects/Test2");
web2.AllowUnsafeUpdates = true;
// web2.SiteGroups.Add("skyteam6", memUser, suser, "new skyteam");//新建组
// web2.SiteGroups["skyteam6"].AddUser("adr\\administrator", "[email protected]", "边", "系统维修人员");
//改变站点继承权
if (!web2.HasUniqueRoleDefinitions)
{
web2.RoleDefinitions.BreakInheritance(true, true);
}
//站点继承权改变后重新设置状态
web2.AllowUnsafeUpdates = true;
//添加权限级别 (Role)
//SPRoleDefinition roleDefinition = new SPRoleDefinition();
//roleDefinition.Name = "项目角色";
//roleDefinition.Description = "项目角色可以批准所有项目情况.";
//roleDefinition.BasePermissions = SPBasePermissions.FullMask ^ SPBasePermissions.ManagePermissions;
//web2.RoleDefinitions.Add(roleDefinition);
//更改权限级别 (Permissions)
SPRoleDefinitionCollection roles = web2.RoleDefinitions;
SPRoleDefinition roleDefinition1 = roles["读取"];
roleDefinition1.BasePermissions = SPBasePermissions.AddListItems |
SPBasePermissions.BrowseDirectories |
SPBasePermissions.EditListItems |
SPBasePermissions.DeleteListItems |
SPBasePermissions.AddDelPrivateWebParts;
roleDefinition1.Update();
//用户权限分配与定义(New)
SPRoleDefinitionCollection roleDefinitions = web2.RoleDefinitions;
SPRoleAssignmentCollection roleAssignments = web2.RoleAssignments;
SPRoleAssignment roleAssignment = new SPRoleAssignment("adr\\administrator", "*****@*****.**", "Display_Name", "Notes");
SPRoleDefinitionBindingCollection roleDefBindings = roleAssignment.RoleDefinitionBindings;
roleDefBindings.Add(roleDefinitions["项目角色"]);
roleAssignments.Add(roleAssignment);
//权限定义(Old)
//SPRoleCollection siteGroups = web2.Roles;
//siteGroups.Add("skyteam6", "Description", SPRights.ManageWeb | SPRights.ManageSubwebs);
//获得权限定义
SPRoleDefinition sprole = roleDefinitions.GetByType(SPRoleType.Reader);
string spname = sprole.Name;
//组权限分配与定义(New)
SPRoleDefinitionCollection roleDefinitions1 = web2.RoleDefinitions;
SPRoleAssignmentCollection roleAssignments1 = web2.RoleAssignments;
SPMember memCrossSiteGroup = web2.SiteGroups["skyteam6"];
SPPrincipal myssp = (SPPrincipal)memCrossSiteGroup;
SPRoleAssignment myroles = new SPRoleAssignment(myssp);
SPRoleDefinitionBindingCollection roleDefBindings1 = myroles.RoleDefinitionBindings;
roleDefBindings1.Add(roleDefinitions1["设计"]);
roleDefBindings1.Add(roleDefinitions1["读取"]);
roleAssignments1.Add(myroles);
//组权限分配与定义(Old)
//SPMember member = web2.Roles["skyteam"];
//web2.Permissions[member].PermissionMask =
// SPRights.ManageLists | SPRights.ManageListPermissions;
//更改列表权限(Old)
//SPList list = site.Lists["通知"];
//SPPermissionCollection perms = list.Permissions;
//SPUserCollection users = site.Users;
//SPMember member = users["ADR\\pccai"];
//list.Permissions[member].PermissionMask = SPRights.AddListItems | SPRights.EditListItems;
// PermissionCollection perc = web.Permissions;
//perc.AddUser("adr\\administrator", "[email protected]", "title", "Notes", PortalRight.AllSiteRights);
// SecurityManager.AddRole(context, "title", "descriptions", PortalRight.ManageSite);
}
catch (Exception)
{
throw;
}
}
public void Update()
{
m_roleDefinition.Update();
}