//gavdcodeend 12
//gavdcodebegin 13
static void SpCsCsomUpdateUserSecurityRoleInList(ClientContext spCtx)
{
Web myWeb = spCtx.Web;
List myList = myWeb.Lists.GetByTitle("NewListCsCsom");
User myUser = myWeb.EnsureUser(ConfigurationManager.AppSettings["spUserName"]);
RoleDefinitionBindingCollection roleDefinition =
new RoleDefinitionBindingCollection(spCtx);
roleDefinition.Add(myWeb.RoleDefinitions.GetByType(RoleType.Administrator));
RoleAssignment myRoleAssignment = myList.RoleAssignments.GetByPrincipal(myUser);
myRoleAssignment.ImportRoleDefinitionBindings(roleDefinition);
myRoleAssignment.Update();
spCtx.ExecuteQuery();
}
/// <summary>
/// Assign existing permission level to group
/// </summary>
/// <param name="clientContext">Client context</param>
/// <param name="matterCenterContribute">Role to assign a group</param>
/// <param name="group">RoleAssignment to which permission added</param>
private static void AssignPermissionLevelToGroup(ClientContext clientContext, RoleDefinition matterCenterContribute, RoleAssignment group)
{
clientContext.Load(group.RoleDefinitionBindings, item => item.Include(items => items.Name, items => items.BasePermissions));
clientContext.ExecuteQuery();
RoleDefinitionBindingCollection rolesAssignedToGroup = group.RoleDefinitionBindings;
clientContext.Load(rolesAssignedToGroup, role => role.Include(item => item.Name, item => item.BasePermissions));
clientContext.ExecuteQuery();
RoleDefinition roleDefinition = rolesAssignedToGroup.Select(item => item).Where(item => item.Name == matterCenterContribute.Name).FirstOrDefault();
if (null == roleDefinition)
{
group.RoleDefinitionBindings.Add(matterCenterContribute);
group.Update();
clientContext.ExecuteQuery();
ErrorMessage.ShowMessage(string.Format(CultureInfo.InvariantCulture, ConfigurationManager.AppSettings["PermissionAssign"], matterCenterContribute.Name, group.Member.Title), ErrorMessage.MessageType.Notification);
}
}
//gavdcodeend 22
//gavdcodebegin 23
static void SpCsCsomUpdateUserSecurityRoleInWeb()
{
string myWebFullUrl = ConfigurationManager.AppSettings["spUrl"] +
"/NewWebSiteModernCsCsom";
ClientContext spCtx = LoginCsom(myWebFullUrl);
Web myWeb = spCtx.Web;
User myUser = myWeb.EnsureUser(ConfigurationManager.AppSettings["spUserName"]);
RoleDefinitionBindingCollection roleDefinition =
new RoleDefinitionBindingCollection(spCtx);
roleDefinition.Add(myWeb.RoleDefinitions.GetByType(RoleType.Administrator));
RoleAssignment myRoleAssignment = myWeb.RoleAssignments.GetByPrincipal(
myUser);
myRoleAssignment.ImportRoleDefinitionBindings(roleDefinition);
myRoleAssignment.Update();
spCtx.ExecuteQuery();
}
protected override void DeployModelInternal(object modelHost, DefinitionBase model)
{
var securityGroupModelHost = modelHost.WithAssertAndCast <SecurityGroupModelHost>("modelHost", value => value.RequireNotNull());
var securityRoleLinkModel = model.WithAssertAndCast <SecurityRoleLinkDefinition>("model", value => value.RequireNotNull());
var securableObject = securityGroupModelHost.SecurableObject;
var group = securityGroupModelHost.SecurityGroup;
var web = GetWebFromSPSecurableObject(securityGroupModelHost.SecurableObject);
var context = group.Context;
var existingRoleAssignments = web.RoleAssignments;
context.Load(existingRoleAssignments, r => r.Include(d => d.Member, d => d.RoleDefinitionBindings));
context.ExecuteQuery();
RoleAssignment existingRoleAssignment = null;
foreach (var roleAs in existingRoleAssignments)
{
if (roleAs.Member.Id == group.Id)
{
existingRoleAssignment = roleAs;
break;
}
}
var roleDefinitions = web.RoleDefinitions;
context.Load(roleDefinitions);
context.ExecuteQuery();
var currentRoleDefinition = FindRoleDefinition(roleDefinitions, securityRoleLinkModel.SecurityRoleName);
InvokeOnModelEvent(this, new ModelEventArgs
{
CurrentModelNode = null,
Model = null,
EventType = ModelEventType.OnProvisioning,
Object = currentRoleDefinition,
ObjectType = typeof(RoleDefinition),
ObjectDefinition = securityRoleLinkModel,
ModelHost = modelHost
});
// MESSY, refactor
if (existingRoleAssignment == null)
{
var roleBindings = new RoleDefinitionBindingCollection(context);
roleBindings.Add(currentRoleDefinition);
existingRoleAssignment = web.RoleAssignments.Add(group, roleBindings);
InvokeOnModelEvent(this, new ModelEventArgs
{
CurrentModelNode = null,
Model = null,
EventType = ModelEventType.OnProvisioned,
Object = currentRoleDefinition,
ObjectType = typeof(RoleDefinition),
ObjectDefinition = securityRoleLinkModel,
ModelHost = modelHost
});
existingRoleAssignment.Update();
context.ExecuteQuery();
}
else
{
var ensureDefinition = true;
foreach (var t in existingRoleAssignment.RoleDefinitionBindings)
{
if (t.Name == currentRoleDefinition.Name)
{
ensureDefinition = false;
break;
}
}
if (ensureDefinition)
{
existingRoleAssignment.RoleDefinitionBindings.Add(currentRoleDefinition);
InvokeOnModelEvent(this, new ModelEventArgs
{
CurrentModelNode = null,
Model = null,
EventType = ModelEventType.OnProvisioned,
Object = currentRoleDefinition,
ObjectType = typeof(RoleDefinition),
ObjectDefinition = securityRoleLinkModel,
ModelHost = modelHost
});
existingRoleAssignment.Update();
context.ExecuteQuery();
}
else
{
InvokeOnModelEvent(this, new ModelEventArgs
{
CurrentModelNode = null,
Model = null,
EventType = ModelEventType.OnProvisioned,
Object = currentRoleDefinition,
ObjectType = typeof(RoleDefinition),
ObjectDefinition = securityRoleLinkModel,
ModelHost = modelHost
});
}
}
}
public override void DeployModel(object modelHost, DefinitionBase model)
{
var securityGroupModelHost = modelHost.WithAssertAndCast <SecurityGroupModelHost>("modelHost", value => value.RequireNotNull());
var securityRoleLinkModel = model.WithAssertAndCast <SecurityRoleLinkDefinition>("model", value => value.RequireNotNull());
var securableObject = securityGroupModelHost.SecurableObject;
var group = securityGroupModelHost.SecurityGroup;
var web = ExtractWeb(securityGroupModelHost.SecurableObject);
var context = group.Context;
var existingRoleAssignments = securableObject.RoleAssignments;
context.Load(existingRoleAssignments, r => r.Include(d => d.Member, d => d.RoleDefinitionBindings));
context.ExecuteQueryWithTrace();
RoleAssignment existingRoleAssignment = null;
foreach (var roleAs in existingRoleAssignments)
{
if (roleAs.Member.Id == group.Id)
{
existingRoleAssignment = roleAs;
break;
}
}
var currentRoleDefinition = ResolveSecurityRole(web, securityRoleLinkModel);
context.Load(currentRoleDefinition, r => r.Id, r => r.Name);
context.ExecuteQueryWithTrace();
InvokeOnModelEvent(this, new ModelEventArgs
{
CurrentModelNode = null,
Model = null,
EventType = ModelEventType.OnProvisioning,
Object = currentRoleDefinition,
ObjectType = typeof(RoleDefinition),
ObjectDefinition = securityRoleLinkModel,
ModelHost = modelHost
});
// MESSY, refactor
if (existingRoleAssignment == null)
{
TraceService.Information((int)LogEventId.ModelProvisionProcessingNewObject, "Processing new security role link");
var roleBindings = new RoleDefinitionBindingCollection(context);
roleBindings.Add(currentRoleDefinition);
existingRoleAssignment = web.RoleAssignments.Add(group, roleBindings);
InvokeOnModelEvent(this, new ModelEventArgs
{
CurrentModelNode = null,
Model = null,
EventType = ModelEventType.OnProvisioned,
Object = currentRoleDefinition,
ObjectType = typeof(RoleDefinition),
ObjectDefinition = securityRoleLinkModel,
ModelHost = modelHost
});
TraceService.Verbose((int)LogEventId.ModelProvisionCoreCall, "Calling existingRoleAssignment.Update()");
existingRoleAssignment.Update();
context.ExecuteQueryWithTrace();
}
else
{
TraceService.Information((int)LogEventId.ModelProvisionProcessingExistingObject, "Processing existing security role link");
var ensureDefinition = true;
foreach (var t in existingRoleAssignment.RoleDefinitionBindings)
{
if (t.Name == currentRoleDefinition.Name)
{
ensureDefinition = false;
break;
}
}
if (ensureDefinition)
{
// pre-remove Edit if it is the only one - this is default role def in order to create binding
if (existingRoleAssignment.RoleDefinitionBindings.Count == 1 &&
existingRoleAssignment.RoleDefinitionBindings[0].RoleTypeKind == RoleType.Reader)
{
existingRoleAssignment.RoleDefinitionBindings.RemoveAll();
}
existingRoleAssignment.RoleDefinitionBindings.Add(currentRoleDefinition);
InvokeOnModelEvent(this, new ModelEventArgs
{
CurrentModelNode = null,
Model = null,
EventType = ModelEventType.OnProvisioned,
Object = currentRoleDefinition,
ObjectType = typeof(RoleDefinition),
ObjectDefinition = securityRoleLinkModel,
ModelHost = modelHost
});
TraceService.Verbose((int)LogEventId.ModelProvisionCoreCall, "Calling existingRoleAssignment.Update()");
existingRoleAssignment.Update();
context.ExecuteQueryWithTrace();
}
else
{
InvokeOnModelEvent(this, new ModelEventArgs
{
CurrentModelNode = null,
Model = null,
EventType = ModelEventType.OnProvisioned,
Object = currentRoleDefinition,
ObjectType = typeof(RoleDefinition),
ObjectDefinition = securityRoleLinkModel,
ModelHost = modelHost
});
}
}
}
/// <summary>
/// Assign existing permission level to group
/// </summary>
/// <param name="clientContext">Client context</param>
/// <param name="matterCenterContribute">Role to assign a group</param>
/// <param name="group">RoleAssignment to which permission added</param>
private static void AssignPermissionLevelToGroup(ClientContext clientContext, RoleDefinition matterCenterContribute, RoleAssignment group)
{
clientContext.Load(group.RoleDefinitionBindings, item => item.Include(items => items.Name, items => items.BasePermissions));
clientContext.ExecuteQuery();
RoleDefinitionBindingCollection rolesAssignedToGroup = group.RoleDefinitionBindings;
clientContext.Load(rolesAssignedToGroup, role => role.Include(item => item.Name, item => item.BasePermissions));
clientContext.ExecuteQuery();
RoleDefinition roleDefinition = rolesAssignedToGroup.Select(item => item).Where(item => item.Name == matterCenterContribute.Name).FirstOrDefault();
if (null == roleDefinition)
{
group.RoleDefinitionBindings.Add(matterCenterContribute);
group.Update();
clientContext.ExecuteQuery();
ErrorMessage.ShowMessage(string.Format(CultureInfo.InvariantCulture, ConfigurationManager.AppSettings["PermissionAssign"], matterCenterContribute.Name, group.Member.Title), ErrorMessage.MessageType.Notification);
}
}
public override void Update()
{
_roleAssignment.Update();
_roleAssignment.Context.ExecuteQuery();
}