/// <summary> /// Adds the specified user to the specified role for the specified list. Breaks Role Inheritance on the List Item if it hasn't already been broken. /// </summary> /// <param name="sourceWeb"></param> /// <param name="list"></param> /// <param name="principal"></param> /// <param name="roleTypeValue"></param> public static void AddListPermissionsForPrincipal(SPWeb sourceWeb, SPList list, SPPrincipal principal, SPRoleType roleTypeValue) { if (principal == null) { throw new ArgumentNullException("principal"); } SPRoleAssignment roleAssignment = new SPRoleAssignment(principal); SPRoleDefinition roleDefinition = sourceWeb.RoleDefinitions.GetByType(roleTypeValue); roleAssignment.RoleDefinitionBindings.Add(roleDefinition); sourceWeb.AllowUnsafeUpdates = true; try { if (!list.HasUniqueRoleAssignments) { list.BreakRoleInheritance(true); } sourceWeb.AllowUnsafeUpdates = true; list.RoleAssignments.Add(roleAssignment); list.Update(); } finally { sourceWeb.AllowUnsafeUpdates = false; } }
private void CreateConfigurationList(SPWeb web) { SPList configurationList = web.Lists.TryGetList(Resource.ConfigurationList); if (configurationList == null) { Guid configurationListGuid = web.Lists.Add(Resource.ConfigurationList, Resource.ConfigurationListDesc, SPListTemplateType.GenericList); configurationList = web.Lists[configurationListGuid]; configurationList.Fields.Add("Property", SPFieldType.Text, true); configurationList.Fields.Add("Setting", SPFieldType.Text, true); configurationList.EnableVersioning = true; // Only system admins should be able to edit this, but everybody needs to view it configurationList.BreakRoleInheritance(false); SPPrincipal group = web.SiteGroups["Guidewire Owners"]; if (group != null) { SPRoleAssignment roleAssignment = new SPRoleAssignment(group); SPRoleDefinition roleDefinition = web.RoleDefinitions.GetByType(SPRoleType.Administrator); roleAssignment.RoleDefinitionBindings.Add(roleDefinition); configurationList.RoleAssignments.Add(roleAssignment); } configurationList.Update(); Configuration.AddDefaultConfigurationValue(web, Resource.ConfigGWWsUserName, "GWSharePointIntegration"); Configuration.AddDefaultConfigurationValue(web, Resource.ConfigGWWsPassword, "gw"); Configuration.AddDefaultConfigurationValue(web, Resource.ConfigGWWsEndpoint, "http://manclredev02:8080/cc/ws/riverstone/webservice/document/trg_UpdateMetadataAPI"); } }
private void BreakInheritance() { //ClientScript.RegisterClientScriptBlock(this.GetType(), "alert", "alert('breaking PermMask64 Inheritance');", true); try { string itemID = (Request.QueryString["LibraryName"]); Guid ListGUID = new Guid(itemID); SPWeb web = this.Site.OpenWeb(); SPList list = web.Lists[ListGUID]; if (list != null) //ClientScript.RegisterClientScriptBlock(this.GetType(), "alert", "alert('result');", true); { //LogInfo("found list " + list.Title); //LogInfo("setting new AnonymousPermMask64 for list " + list.ParentWebUrl + "/" + list.Title + " with the following permissions: OpenItems, ViewPages, ViewVersions, Open, UseClientIntegration, ViewListItems, ViewFormPages"); list.BreakRoleInheritance(true, false); list.AllowEveryoneViewItems = true; list.AnonymousPermMask64 = SPBasePermissions.ViewPages | SPBasePermissions.OpenItems | SPBasePermissions.ViewVersions | SPBasePermissions.Open | SPBasePermissions.UseClientIntegration | SPBasePermissions.ViewFormPages | SPBasePermissions.ViewListItems; list.Update(); ClientScript.RegisterClientScriptBlock(this.GetType(), "alert", "alert('Setzen der AnonymousPermMask64 für anonymen Zugriff auf Liste " + list.Title + " erfolgreich.\\r\\n\\r\\nDie Berechtigungsvererbung wurde aufgehoben.');", true); //return list.Title; } } catch (Exception) { //return "list not found"; } }
}//SetListPermissions() static void BreakInheritanceAndDeletePermissions(SPWeb web, SPList ccpList, SPList library, SPListItem eventLogItem) { try { //Ensure library permissions are broken library.BreakRoleInheritance(true); //Delete list permissions SPRoleAssignmentCollection roleAssignments = library.RoleAssignments; for (int i = roleAssignments.Count - 1; i >= 0; i--) { library.RoleAssignments.Remove(0); } } catch (Exception e) { //Log if (library.Title == "Contracts") { eventLogItem["Contracts"] = e.Message + " at " + web.Title + " : " + web.Url; eventLogItem.Update(); } else if (library.Title == "Proposals") { eventLogItem["Proposals"] = e.Message + " at " + web.Title + " : " + web.Url; eventLogItem.Update(); } } }//BreakInheritanceAndDeletePermissions()
/// <summary> /// This method should be used instead of BreakRoleInheritance(true). /// /// The OOTB method replicates all permissions from the parent, including the "Limited Access" permissions. /// In environments with many users, there can be many of these meaningless permissions, which bloats the /// SharePoint permission tables in SQL. This method reviews all RoleDefinitions in each principal's /// RoleAssignments, stripping "Limited Access", before adding them to the item. /// </summary> /// <param name="list"></param> public static void BreakCopyRoleInheritance(this SPList list) { SPRoleAssignmentCollection roleAssignments = list.RoleAssignments; var activeAssignments = from SPRoleAssignment p in roleAssignments where p.RoleDefinitionBindings.Count >= 1 select p; list.BreakRoleInheritance(false); foreach (SPRoleAssignment p in activeAssignments) { SPRoleAssignment assignment = new SPRoleAssignment(p.Member); SPRoleDefinitionBindingCollection bindings = new SPRoleDefinitionBindingCollection(); foreach (SPRoleDefinition roleDef in p.RoleDefinitionBindings) { if (roleDef.Name != "Limited Access") { bindings.Add(roleDef); } } if (bindings.Count > 0) { assignment.ImportRoleDefinitionBindings(bindings); list.RoleAssignments.Add(assignment); } } }
private void UpdateListSettings() { SPSecurity.RunWithElevatedPrivileges(delegate() { SPSite site = SPContext.Current.Site; foreach (DesignDataSource source in sources) { SPWeb web = site.OpenWeb(new Guid(source.WebId)); SPList list = web.Lists[new Guid(source.ListId)]; if (!list.HasUniqueRoleAssignments) { list.BreakRoleInheritance(true); source.ListInheritanceChange = true; } SPBasePermissions anon = list.AnonymousPermMask64; list.AnonymousPermMask64 = anon | SPBasePermissions.AddListItems; list.Update(); source.ListRoleChange = true; } SourceValue = Utilities.SerializeObject(sources); }); }
/// <summary> /// Breaks the role assignment inheritance for the list and gives the current list its own copy of the role assignments. /// </summary> /// <param name = "list"></param> public static void BreakRoleInheritance(SPList list) { if (!list.HasUniqueRoleAssignments) { list.BreakRoleInheritance(false); list.Update(); } }
/// <summary> /// Breaks the role assignment inheritance for the list and gives the current list its own copy of the role assignments. /// </summary> /// <param name = "list"></param> /// <param name = "copyRoleAssigements"></param> public static void BreakRoleInheritance(SPList list, bool copyRoleAssigements) { if (!list.HasUniqueRoleAssignments) { list.BreakRoleInheritance(copyRoleAssigements); list.Update(); } }
private void CheckLists(XmlNode siteNode, string url) { bool containsIgnoreInheritance = ContainsAttribute("ignoreinheritance", siteNode); bool containsImportOptions = ContainsAttribute("import", siteNode); bool ignoreInheritance = containsIgnoreInheritance ? Boolean.Parse(siteNode.Attributes["ignoreinheritance"].Value) : true; ImportOptions importOptions = containsImportOptions ? (ImportOptions)Enum.Parse(typeof(ImportOptions), siteNode.Attributes["import"].Value) : ImportOptions.All; if (importOptions == ImportOptions.Files) { return; } using (SPWeb web = new SPSite(url).OpenWeb()) { XmlNodeList listNodes = siteNode.SelectNodes("folder[@list='true']"); foreach (XmlNode listNode in listNodes) { string listTitle = listNode.Attributes["folder"].Value; try { SPList list = web.Lists[listTitle]; output.Append(string.Format("checking list: {0}" + Environment.NewLine, listTitle)); bool breakInheritance = !list.HasUniqueRoleAssignments && !ignoreInheritance; bool applyPermissions = list.HasUniqueRoleAssignments || breakInheritance; if (applyPermissions) { if (breakInheritance) { output.Append(string.Format("Breaking Inheritance!" + Environment.NewLine)); list.BreakRoleInheritance(false, false); } XmlNodeList principalGroupNodes = listNode.SelectNodes("principal[@Group='true']"); CheckGroups(web, list, principalGroupNodes); XmlNodeList principalUserNodes = listNode.SelectNodes("principal[@Group='false']"); CheckUsers(web, list, principalUserNodes); } else { output.Append(string.Format("target list: {0,20}, is inheriting permissions" + Environment.NewLine, listTitle)); } } catch { output.Append(string.Format("list missing: {0,20}" + Environment.NewLine, listTitle)); } } } }
private void ApplyPermissionForList(PermissionEntity pentity, SPList list) { try { SPSecurity.RunWithElevatedPrivileges(delegate() { SPUtility.ValidateFormDigest(); using (SPSite elevatedSite = new SPSite(list.ParentWeb.Site.ID)) { using (SPWeb elevatedWeb = elevatedSite.OpenWeb(list.ParentWeb.ID)) { elevatedWeb.AllowUnsafeUpdates = true; SPList elevatedList = elevatedWeb.Lists[list.Title]; if (pentity.PermissionType == "Inherit") { elevatedList.ResetRoleInheritance(); } else if (pentity.PermissionType == "Unique") { elevatedList.BreakRoleInheritance(false); ClearPermissions(elevatedList); foreach (RoleEntity rentity in pentity.Roles) { if (rentity.Type == RoleTypeEnum.SharePointGroup) { CreateGroup(elevatedList.ParentWeb, rentity.AssignmentName, rentity.Owner); AddUsersToGroup(elevatedList.ParentWeb, rentity.AssignmentName, rentity.Users); AssignPermissionLevels(elevatedList, rentity.AssignmentName, rentity.PermissionLevels); } else if ((rentity.Type == RoleTypeEnum.DomainGroup) || (rentity.Type == RoleTypeEnum.User)) { AssignPermissionLevelsToNonSharePointGroup(elevatedList, rentity.AssignmentName, rentity.PermissionLevels); } } } } } }); } catch (Exception ex) { SquadronContext.HandleException(ex); } }
public static void ApplyGroupRoleAssignments(SPWeb web, SPList list) { list.BreakRoleInheritance(true); SPGroup grp = web.SiteGroups[Language.SMUGroupName]; SPRoleAssignment ass = new SPRoleAssignment(grp); SPRoleDefinition def = web.RoleDefinitions[Language.SMUPermissionName]; ass.RoleDefinitionBindings.Add(def); list.RoleAssignments.Add(ass); list.RoleAssignments.Remove(web.AssociatedMemberGroup); list.Update(); }
public static void ClearPermission(this SPList list) { if (!list.HasUniqueRoleAssignments) { list.BreakRoleInheritance(true); } int countListRole = list.RoleAssignments.Count; for (int i = 0; i < countListRole; i++) { list.RoleAssignments.Remove(0); } }
public void ClearListGroups(SPWeb web, SPList list) { list.BreakRoleInheritance(true); // remove all existing roles int listCounter = list.RoleAssignments.Count; for (int i = 0; i < listCounter; i++) { SPRoleAssignment roleAssignment = list.RoleAssignments[0]; list.RoleAssignments.RemoveById(roleAssignment.Member.ID); } }
//private string _ListDesc = "Contains list of users requesting a site account."; #endregion /// <summary> /// Activate the membership review event receiver here, as the declarative definition will link /// the event receiver to all lists within the site, if the feature is scoped to site /// </summary> /// <param name="properties"></param> public void ActivateMembershipReviewList(SPFeatureReceiverProperties properties) { SPSite site = null; SPWeb web = null; SPList list = null; try { site = properties.Feature.Parent as SPSite; web = site.RootWeb; if (web != null) { //guidList = web.Lists.Add(_ListName, _ListDesc, _ListName, new Guid("{69CE2076-9A2F-4c71-AEDF-F4252C01DE4E}").ToString(), (int)SPListTemplateType.GenericList, "100"); //web.Update(); list = web.Lists[_ListName]; list.EventReceivers.Add(SPEventReceiverType.ItemUpdated, Assembly.GetExecutingAssembly().FullName, "Visigo.Sharepoint.FormsBasedAuthentication.MembershipReviewHandler"); //list.EventReceivers.Add(SPEventReceiverType.ItemAdded, Assembly.GetExecutingAssembly().FullName, "Visigo.Sharepoint.FormsBasedAuthentication.MembershipReviewHandler"); //list.ContentTypesEnabled = false; //list.EnableAttachments = false; //list.EnableFolderCreation = false; //list.EnableVersioning = false; //list.NoCrawl = true; //Remove permissions from the list - only site collection admins should have permission list.BreakRoleInheritance(false, true); list.Update(); } } catch (Exception ex) { Utils.LogError(ex); } finally { if (web != null) { web.Dispose(); } if (site != null) { site.Dispose(); } } }
private void ResetListInheritance(SPList list, bool makeInherit) { SPWeb elevatedWeb = null; SPList elevatedList = null; try { SPSecurity.RunWithElevatedPrivileges(delegate() { SPUtility.ValidateFormDigest(); using (SPSite elevatedSite = new SPSite(list.ParentWeb.Site.ID)) { using (elevatedWeb = elevatedSite.OpenWeb(list.ParentWeb.ID)) { elevatedWeb.AllowUnsafeUpdates = true; elevatedList = elevatedWeb.Lists[list.Title]; if (makeInherit) { elevatedList.ResetRoleInheritance(); } else { elevatedList.BreakRoleInheritance(false); } elevatedList.Update(); elevatedWeb.AllowUnsafeUpdates = false; } } }); } catch (Exception ex) { SquadronContext.HandleException(ex); } finally { if (elevatedWeb != null) { elevatedWeb.Dispose(); } } }
public override void FeatureActivated(SPFeatureReceiverProperties properties) { var web = (properties.Feature.Parent as SPSite).RootWeb; string groupName = "WOFHonorGroup"; string listName = "WallOfHonorList"; try { if (!GroupExistsInSiteCollection(web, groupName)) { web.SiteGroups.Add(groupName, web.CurrentUser, web.CurrentUser, "Группа для редактирования доски почета"); web.AssociatedGroups.Add(web.SiteGroups[groupName]); web.Update(); } SPUser allUsers = web.AllUsers[@"c:0(.s|true"]; SPRoleAssignment roleAssignmentEdit = new SPRoleAssignment(web.SiteGroups[groupName]); SPRoleAssignment roleAssignmentRead = new SPRoleAssignment((SPPrincipal)allUsers); SPRoleDefinition roleDefinitionEdit = web.RoleDefinitions.GetByType(SPRoleType.Contributor); SPRoleDefinition roleDefinitionRead = web.RoleDefinitions.GetByType(SPRoleType.Reader); roleAssignmentEdit.RoleDefinitionBindings.Add(roleDefinitionEdit); roleAssignmentRead.RoleDefinitionBindings.Add(roleDefinitionRead); if (web.Lists.TryGetList(listName) == null) { web.AllowUnsafeUpdates = true; SPListTemplate template = web.ListTemplates["WallOfHonorList"]; web.Lists.Add("Доска почета", "Доска почета", template); } SPList list = web.Lists["Доска почета"]; if (!list.HasUniqueRoleAssignments) { list.BreakRoleInheritance(false); list.RoleAssignments.Add(roleAssignmentEdit); list.RoleAssignments.Add(roleAssignmentRead); list.Update(); } } catch { //Лог } }
// Uncomment the method below to handle the event raised after a feature has been activated. public override void FeatureActivated(SPFeatureReceiverProperties properties) { SPSite currentSite = properties.Feature.Parent as SPSite; SPWeb rootWeb = currentSite.RootWeb; SPUser currentUser = rootWeb.CurrentUser; SPGroupCollection groups = rootWeb.SiteGroups; groups.Add("Training Administrators", currentUser, currentUser, "All Globomantics Training Administrators are in this group"); SPGroup trainingAdmins = groups["Training Administrators"]; groups.Add("Trainers", trainingAdmins, currentUser, "All Globomantics Trainers are in this group"); groups.Add("Students", trainingAdmins, currentUser, "All Globomantics students are in this group"); SPRoleDefinition fullControl = rootWeb.RoleDefinitions["Full Control"]; SPRoleDefinition contribute = rootWeb.RoleDefinitions["Contribute"]; SPRoleDefinition read = rootWeb.RoleDefinitions["Read"]; SPRoleAssignment trainersRoleAssignment = new SPRoleAssignment(groups["Trainers"]); trainersRoleAssignment.RoleDefinitionBindings.Add(contribute); rootWeb.RoleAssignments.Add(trainersRoleAssignment); SPRoleAssignment studentsRoleAssignment = new SPRoleAssignment(groups["Students"]); studentsRoleAssignment.RoleDefinitionBindings.Add(read); rootWeb.RoleAssignments.Add(studentsRoleAssignment); SPList registrationsList = rootWeb.Lists["Registrations"]; registrationsList.BreakRoleInheritance(true); SPRoleAssignment registrationsRoleAssignment = new SPRoleAssignment(groups["Students"]); registrationsRoleAssignment.RoleDefinitionBindings.Add(contribute); registrationsList.RoleAssignments.Add(registrationsRoleAssignment); SPRoleAssignment trainingAdminsRoleAssignment = new SPRoleAssignment(trainingAdmins); trainingAdminsRoleAssignment.RoleDefinitionBindings.Add(fullControl); rootWeb.RoleAssignments.Add(trainingAdminsRoleAssignment); }
/// <summary> /// Set a SharePoint as a product catalog without navigation term associated /// Note: For more information, see PublishingCatalogUtility in Microsoft.SharePoint.Publishing /// </summary> /// <param name="list">The SharePoint list.</param> /// <param name="availableFields">List of internal field names that are available through the catalog.</param> /// <param name="activateAnonymousAccess">if set to <c>true</c> [activate anonymous access].</param> /// <returns> /// The SharePoint list configured as a catalog. /// </returns> private SPList SetListAsCatalog(SPList list, IEnumerable <string> availableFields, bool activateAnonymousAccess) { // TODO: Validate "availableFields" param name. Should it be availableManagedProperties? The comment says internal name. What does FurlFields really expect as format? this.logger.Info("Start method 'SetListAsCatalog' for list: '{0}'", list.RootFolder.Url); // Add properties for catalog publishing on the root folder list.IndexedRootFolderPropertyKeys.Add("PublishingCatalogSettings"); list.IndexedRootFolderPropertyKeys.Add("IsPublishingCatalog"); if (activateAnonymousAccess) { // Allow anonymous access on the parentWeb list.ParentWeb.FirstUniqueAncestorWeb.AnonymousPermMask64 |= SPBasePermissions.AnonymousSearchAccessWebLists; // Break list inheritance for anonymous access list.BreakRoleInheritance(true, false); // Allow anonymous access on the list list.AnonymousPermMask64 |= SPBasePermissions.AnonymousSearchAccessList; } var fieldList = new Collection <string>(); // For fields name, you need to pass the internal name of the column directly followed by "OWSTEXT" foreach (var availableField in availableFields) { fieldList.Add("\"" + availableField + "\""); } var friendlyUrlFieldsProperty = string.Join(",", fieldList.ToArray()); var rootFolder = list.RootFolder; rootFolder.Properties["IsPublishingCatalog"] = "True"; rootFolder.Properties["PublishingCatalogSettings"] = "{\"FurlFields\":[" + friendlyUrlFieldsProperty + "],\"TaxonomyFieldMap\":[]}"; rootFolder.Properties["vti_indexedpropertykeys"] = "UAB1AGIAbABpAHMAaABpAG4AZwBDAGEAdABhAGwAbwBnAFMAZQB0AHQAaQBuAGcAcwA=|SQBzAFAAdQBiAGwAaQBzAGgAaQBuAGcAQwBhAHQAYQBsAG8AZwA=|"; rootFolder.Update(); list.Update(); return(list); }
public static bool RemoveListPermissionsForPrincipal(SPWeb sourceWeb, SPList list, SPPrincipal principal, SPRoleType roleTypeValue) { if (principal == null) { throw new ArgumentNullException("principal"); } sourceWeb.AllowUnsafeUpdates = true; bool result = false; try { if (!list.HasUniqueRoleAssignments) { list.BreakRoleInheritance(true); } sourceWeb.AllowUnsafeUpdates = true; var roleAssignment = list.RoleAssignments.GetAssignmentByPrincipal(principal); var roleDefinition = sourceWeb.RoleDefinitions.GetByType(roleTypeValue); if (roleAssignment.RoleDefinitionBindings.Contains(roleDefinition)) { roleAssignment.RoleDefinitionBindings.Remove(roleDefinition); roleAssignment.Update(); if (roleAssignment.RoleDefinitionBindings.OfType <SPRoleDefinition>().All(rd => rd.Name == "Limited Access")) { list.RoleAssignments.Remove(principal); } list.Update(); result = true; } } finally { sourceWeb.AllowUnsafeUpdates = false; } return(result); }
private static void SetSecurityOnRessouces(SPWeb Web, SPList List) { // list permission levels foreach (SPRoleDefinition PermLevel in Web.RoleDefinitions) { Console.WriteLine(string.Format("Role: {0}, ID: {1}", PermLevel.Name, PermLevel.Id)); } // list groups foreach (SPGroup gp in Web.SiteGroups) { Console.WriteLine(string.Format("Group: {0}", gp.Name)); } // break rights inheritance - boolean: copy permissions List.BreakRoleInheritance(false); // assign permissions to class\katja Web.SiteUsers.Add(@"class\katja", "*****@*****.**", "Katja", "a test user"); SPUser usrKatja = Web.SiteUsers[@"class\katja"]; //login name if (usrKatja != null) { usrKatja.Name = "Katja"; usrKatja.Email = "*****@*****.**"; usrKatja.Update(); // create a new permission level SPRoleDefinition PermLevelFull = Web.RoleDefinitions["Full Control"]; SPRoleAssignment KatjaAssign = new SPRoleAssignment(usrKatja.LoginName, usrKatja.Email, usrKatja.Name, usrKatja.Notes); // Bind Assignment to definition KatjaAssign.RoleDefinitionBindings.Add(PermLevelFull); List.RoleAssignments.Add(KatjaAssign); List.Update(); } }
private void CreateCategoryList(SPWeb web) { SPList categoryList = web.Lists.TryGetList(Resource.CategoryList); if (categoryList == null) { Guid categoryListGuid = web.Lists.Add(Resource.CategoryList, Resource.CategoryListDesc, SPListTemplateType.GenericList); categoryList = web.Lists[categoryListGuid]; categoryList.Fields.Add(Resource.FieldCategory, SPFieldType.Text, true); categoryList.Fields.Add(Resource.FieldSubCategory, SPFieldType.Text, true); categoryList.EnableVersioning = true; // Only system admins should be able to edit this, but everybody needs to view it categoryList.BreakRoleInheritance(false); SPPrincipal visitor = web.SiteGroups["Guidewire Visitors"]; if (visitor != null) { SPRoleAssignment roleAssignment = new SPRoleAssignment(visitor); SPRoleDefinition roleDefinition = web.RoleDefinitions.GetByType(SPRoleType.Reader); roleAssignment.RoleDefinitionBindings.Add(roleDefinition); categoryList.RoleAssignments.Add(roleAssignment); } SPPrincipal member = web.SiteGroups["Guidewire Members"]; if (member != null) { SPRoleAssignment roleAssignment = new SPRoleAssignment(member); SPRoleDefinition roleDefinition = web.RoleDefinitions.GetByType(SPRoleType.Reader); roleAssignment.RoleDefinitionBindings.Add(roleDefinition); categoryList.RoleAssignments.Add(roleAssignment); } SPPrincipal owner = web.SiteGroups["Guidewire Owners"]; if (member != null) { SPRoleAssignment roleAssignment = new SPRoleAssignment(owner); SPRoleDefinition roleDefinition = web.RoleDefinitions.GetByType(SPRoleType.Administrator); roleAssignment.RoleDefinitionBindings.Add(roleDefinition); categoryList.RoleAssignments.Add(roleAssignment); } categoryList.Update(); } }
public override void FeatureActivated(SPFeatureReceiverProperties properties) { SPSite featureSite = (SPSite)properties.Feature.Parent; SPSecurity.RunWithElevatedPrivileges(() => { using (SPSite site = new SPSite(featureSite.Url)) { using (SPWeb web = site.RootWeb) { SPList wfExternalDataList = Helper.GetExternalEventList(web); wfExternalDataList.BreakRoleInheritance(false, true); } } }); base.FeatureActivated(properties); }
private static void EnsureRoleAssignment(SPWeb web, string listName, SPGroup spGroup, SPRoleDefinition role) { SPList list = web.Lists[listName]; list.BreakRoleInheritance(false); list.ParentWeb.Dispose(); for (int i = 0; i < list.RoleAssignments.Count; i++) { if (list.RoleAssignments[i].Member.Name == spGroup.Name) { list.RoleAssignments.Remove(i); } } SPRoleAssignment roleAssignment = new SPRoleAssignment(spGroup); roleAssignment.RoleDefinitionBindings.Add(role); list.RoleAssignments.Add(roleAssignment); list.Update(); }
public static void AddPermission(this SPList list, SPGroup group, SPRoleDefinition role) { try { if (!list.HasUniqueRoleAssignments) { list.BreakRoleInheritance(true); } SPRoleAssignment groupRoleAssignment = new SPRoleAssignment(group); groupRoleAssignment.RoleDefinitionBindings.RemoveAll(); groupRoleAssignment.RoleDefinitionBindings.Add(role); list.RoleAssignments.Add(groupRoleAssignment); list.Update(); } catch (Exception ex) { Utility.LogError("SetPermissionForList " + ex.ToString(), "AIA.Intranet.Common.Extensions"); throw; } }
public override void BreakRoleInheritance(bool copyRoleAssignments) { _spList.BreakRoleInheritance(copyRoleAssignments); }
static void Main(string[] args) { // create site, list, set security SPSite col = new SPSite("http://sp2016"); SPWeb root = col.RootWeb; foreach (SPWebTemplate t in root.GetAvailableWebTemplates(1033)) { Console.WriteLine(t.Name + " " + t.Title); } SPWeb web = root.Webs.Add("CodedWeb", "CodedWeb", "Demo Description", 1033, "STS#1", true, false); // add navigation SPNavigation navRoot = root.Navigation; SPNavigationNodeCollection navQL = navRoot.QuickLaunch; var newNav = new SPNavigationNode(web.Title, web.ServerRelativeUrl); var ms = new SPNavigationNode("Microsoft", "http://www.microsoft.com"); navQL.Add(newNav, newNav); // alternative // web.QuickLaunchEnabled = true; Guid listid = web.Lists.Add("My Pictures", "PersonalPictures", SPListTemplateType.PictureLibrary); SPList list = web.Lists[listid]; list.OnQuickLaunch = true; // list permission levels foreach (SPRoleDefinition PermLevel in list.ParentWeb.RoleDefinitions) { Console.WriteLine(string.Format("Role: {0}, ID: {1}", PermLevel.Name, PermLevel.Id)); } // list groups foreach (SPGroup gp in list.ParentWeb.SiteGroups) { Console.WriteLine(string.Format("Group: {0}", gp.Name)); } // break rights inheritance - boolean: copy permissions list.BreakRoleInheritance(false); // assign permissions list.ParentWeb.SiteUsers.Add(@"spdom\hsimpson", "*****@*****.**", "Homer Simpson", "A yellow comic guy"); SPUser usrHomer = list.ParentWeb.SiteUsers[@"spdom\hsimpson"]; //login name if (usrHomer != null) { // lookup permission level full control SPRoleDefinition PermLevelFull = list.ParentWeb.RoleDefinitions["Full Control"]; SPRoleAssignment assignment = new SPRoleAssignment(usrHomer); // Bind Assignment to definition assignment.RoleDefinitionBindings.Add(PermLevelFull); list.RoleAssignments.Add(assignment); list.Update(); // Auslesen von Permissions foreach (SPRoleAssignment rs in list.RoleAssignments) { //List Security Principals Console.WriteLine(rs.Member.Name); foreach (SPRoleDefinition rd in rs.RoleDefinitionBindings) { //Rechte Console.WriteLine(rd.Name); } } //Same Pattern for Groups SPGroup mgr = list.ParentWeb.Groups["Manager"]; if (mgr != null) { SPRoleAssignment ass = new SPRoleAssignment(mgr); // .... } } }
/// <summary> /// An item has been added. /// </summary> public override void ItemAdded(SPItemEventProperties properties) { this.EventFiringEnabled = false; // FINALLY CLAUSE AT END WILL ENSURE IT IS IN PROPER STATE try { SPSecurity.RunWithElevatedPrivileges(delegate() { using (SPSite site = new SPSite(properties.SiteId)) { using (SPWeb web = site.OpenWeb()) { string uniqueUrl = string.Empty; try { SPList casesList = web.Lists[properties.ListId]; SPListItem item = casesList.GetItemById(properties.ListItemId); #region Get LockCase Value bool lockCase; SPListItem caseStatusItem = item.GetFieldLookupAsSPListItem("CaseStatusLookup"); bool.TryParse(caseStatusItem[eCaseConstants.FieldGuids.ECASE_STATUSES_LOCK_SITE].ToString(), out lockCase); #endregion #region Get Users SPUser assignedTo, supervisor; GetAssignedToAndSupervisor(item, out assignedTo, out supervisor); #endregion #region Get Other Properties string title = item[eCaseConstants.FieldGuids.OOTB_TITLE].ToString(); string description = (string)item[eCaseConstants.FieldGuids.ECASES_LIST_DESCRIPTION] ?? string.Empty; string uniqueCaseId = item[eCaseConstants.FieldGuids.ECASES_LIST_UNIQUECASEID].ToString(); #endregion // Get a unique URL that doesn't currently exist uniqueUrl = web.GetValidNewWebUrl(uniqueCaseId); SPWeb caseWeb; string caseWebUrl = string.Empty; try { using (caseWeb = CreateCaseWeb(web, uniqueUrl, title, description)) { #region Configure Proxy Group Lists Permissions SPGroup ownersGroup = eCaseGroups.GetOwners(caseWeb); SPGroup participantsGroup = eCaseGroups.GetParticipants(caseWeb); SPGroup externalSharingGroup = eCaseGroups.GetExternalUsers(caseWeb); SPRoleDefinition fullControl; caseWeb.TryGetRoleDefinition("Full Control", out fullControl); SPRoleDefinition reader; caseWeb.TryGetRoleDefinition("Read", out reader); SPRoleDefinition contributor; caseWeb.TryGetRoleDefinition("Contribute", out contributor); SPList ownersList = caseWeb.GetListByInternalName("Bureau"); ownersList.BreakRoleInheritance(false); ownersList.TryGrantPermission(ownersGroup, fullControl); ownersList.TryGrantPermission(participantsGroup, reader); SPList participantsList = caseWeb.GetListByInternalName("Investigator"); participantsList.BreakRoleInheritance(false); participantsList.TryGrantPermission(ownersGroup, fullControl); participantsList.TryGrantPermission(participantsGroup, reader); #endregion #region Configure Group Memberships via Proxy this.EventFiringEnabled = true; // TURN ON EVENT FIRING SO THAT PROXY GROUP EVENT RECEIVER FIRES UpdateProxyGroups(caseWeb, assignedTo, supervisor, null, null); if (assignedTo.LoginName != properties.UserLoginName && (supervisor == null || supervisor.LoginName != properties.UserLoginName)) { SPList ownersProxyList = eCaseGroups.OwnersList(caseWeb); eCaseGroups.AddGroupProxyItem(ownersProxyList, web.EnsureUserProperly(properties.UserLoginName)); } this.EventFiringEnabled = false; // FINALLY CLAUSE AT END WILL ENSURE IT IS IN PROPER STATE #endregion #region Configure Sharing With External Party SPList shareWithExternalUsersList = caseWeb.GetListByInternalName("ShareWithExternalUsers"); shareWithExternalUsersList.BreakRoleInheritance(false); shareWithExternalUsersList.TryGrantPermission(ownersGroup, fullControl); shareWithExternalUsersList.TryGrantPermission(participantsGroup, contributor); shareWithExternalUsersList.TryGrantPermission(externalSharingGroup, reader); #endregion ConfigureItemPermissions(item, caseWeb, assignedTo, supervisor); #region Configure Group Permissions on Root Web //bool allowunsafeupdate = web.AllowUnsafeUpdates; //web.AllowUnsafeUpdates = true; //SPRoleDefinition topreader; //web.TryGetRoleDefinition("Read", out topreader); //web.TryGrantPermission(ownersGroup, topreader); //web.TryGrantPermission(participantsGroup, topreader); //web.TryGrantPermission(reviewersGroup, topreader); //web.Update(); //web.AllowUnsafeUpdates = allowunsafeupdate; #endregion #region Configure eCase Statuses List Permissions //SPList statusList = web.GetListByInternalName("eCaseStatuses"); //if (!statusList.HasUniqueRoleAssignments) //{ // statusList.BreakRoleInheritance(true); // statusList.Update(); //} //statusList.TryGrantPermission(ownersGroup, topreader); //statusList.TryGrantPermission(participantsGroup, topreader); //statusList.TryGrantPermission(reviewersGroup, topreader); //statusList.Update(); #endregion UpdateDefaultAspx(item, caseWeb); // Record item guid in caseweb's property bag so methods can find the parent item easily caseWeb.AddProperty(eCaseConstants.PropertyBagKeys.ECASE_CASE_LIST_ITEM_GUID, item.UniqueId.ToString()); caseWeb.Update(); try { _connectionString = web.Properties[eCaseConstants.PropertyBagKeys.ECASE_DB_CONNECTION_STRING]; using (DbAdapter dbAdapter = new DbAdapter()) { dbAdapter.Connect(_connectionString); try { #region Add Case Site Info to eCaseManagement Database Guid siteGuid = caseWeb.Site.ID; Guid caseWebGuid = caseWeb.ID; Guid activitiesTasksGuid = caseWeb.GetListByInternalName(eCaseConstants.ListInternalNames.ACTIVITIES_AND_TASKS).ID; Guid caseRelatedDatesGuid = caseWeb.GetListByInternalName(eCaseConstants.ListInternalNames.CASE_RELATED_DATES).ID; CreateCaseWebSProc sProc = new CreateCaseWebSProc(siteGuid, item.UniqueId, caseWebGuid, activitiesTasksGuid, caseRelatedDatesGuid); dbAdapter.ExecuteNonQueryStoredProcedure(sProc); #endregion } catch (Exception x) { Logger.Instance.Error(string.Format("Failed while recording new CaseWeb at {0} in database", caseWeb.Url), x, DiagnosticsCategories.eCaseSite); } if (lockCase) { LockCaseSite(item, caseWeb, dbAdapter); } } } catch (Exception x) { Logger.Instance.Error(string.Format("Failed while accessing database at {0} with connection string {1}", caseWeb.Url, _connectionString), x, DiagnosticsCategories.eCaseSite); } caseWebUrl = string.Format("{0}, {1}", caseWeb.Url, "View Case"); } } catch (Exception x) { caseWebUrl = string.Format("{0}/_layouts/1033/error.htm, {1}", web.Url, "ERROR!"); Logger.Instance.Error(string.Format("Failed to create Case Web for {0}", uniqueCaseId), x, DiagnosticsCategories.eCaseSite); if (web.Webs[uniqueUrl].Exists) { RemoveCaseWeb(properties, uniqueUrl); } throw x; } finally { item[eCaseConstants.FieldGuids.ECASES_LIST_CASEURL] = caseWebUrl; item.SystemUpdate(); // Update the change in the DB using the system account } } catch (Exception x) { Logger.Instance.Error(string.Format("Failed to create Case Web for {0}", uniqueUrl), x, DiagnosticsCategories.eCaseSite); throw x; } } } }); } catch (Exception x) { throw x; } finally { this.EventFiringEnabled = true; } }
/// <summary> /// Set a SharePoint as a product catalog without navigation term associated /// Note: For more information, see PublishingCatalogUtility in Microsoft.SharePoint.Publishing /// </summary> /// <param name="list">The SharePoint list.</param> /// <param name="availableFields">List of internal field names that are available through the catalog.</param> /// <param name="activateAnonymousAccess">if set to <c>true</c> [activate anonymous access].</param> /// <returns> /// The SharePoint list configured as a catalog. /// </returns> private SPList SetListAsCatalog(SPList list, IEnumerable<string> availableFields, bool activateAnonymousAccess) { // TODO: Validate "availableFields" param name. Should it be availableManagedProperties? The comment says internal name. What does FurlFields really expect as format? this.logger.Info("Start method 'SetListAsCatalog' for list: '{0}'", list.RootFolder.Url); // Add properties for catalog publishing on the root folder list.IndexedRootFolderPropertyKeys.Add("PublishingCatalogSettings"); list.IndexedRootFolderPropertyKeys.Add("IsPublishingCatalog"); if (activateAnonymousAccess) { // Allow anonymous access on the parentWeb list.ParentWeb.FirstUniqueAncestorWeb.AnonymousPermMask64 |= SPBasePermissions.AnonymousSearchAccessWebLists; // Break list inheritance for anonymous access list.BreakRoleInheritance(true, false); // Allow anonymous access on the list list.AnonymousPermMask64 |= SPBasePermissions.AnonymousSearchAccessList; } var fieldList = new Collection<string>(); // For fields name, you need to pass the internal name of the column directly followed by "OWSTEXT" foreach (var availableField in availableFields) { fieldList.Add("\"" + availableField + "\""); } var friendlyUrlFieldsProperty = string.Join(",", fieldList.ToArray()); var rootFolder = list.RootFolder; rootFolder.Properties["IsPublishingCatalog"] = "True"; rootFolder.Properties["PublishingCatalogSettings"] = "{\"FurlFields\":[" + friendlyUrlFieldsProperty + "],\"TaxonomyFieldMap\":[]}"; rootFolder.Properties["vti_indexedpropertykeys"] = "UAB1AGIAbABpAHMAaABpAG4AZwBDAGEAdABhAGwAbwBnAFMAZQB0AHQAaQBuAGcAcwA=|SQBzAFAAdQBiAGwAaQBzAGgAaQBuAGcAQwBhAHQAYQBsAG8AZwA=|"; rootFolder.Update(); list.Update(); return list; }
private void ModifyListPermissions(SPList list) { // Modifying the permissions for the list to restrict the students for direct list items operations try { if (!list.HasUniqueRoleAssignments) { var web = list.ParentWeb; list.BreakRoleInheritance(false, false); var group = web.SiteGroups[Utilities.StudentsGroupName]; var roleAssignment = new SPRoleAssignment(group); SPRoleDefinition spRole = web.RoleDefinitions["Read"]; roleAssignment.RoleDefinitionBindings.Add(spRole); list.RoleAssignments.Add(roleAssignment); group = web.SiteGroups[Utilities.FacultyGroupName]; roleAssignment = new SPRoleAssignment(group); spRole = web.RoleDefinitions["Full Control"]; roleAssignment.RoleDefinitionBindings.Add(spRole); list.RoleAssignments.Add(roleAssignment); list.Update(); } } catch (Exception ex) { SPDiagnosticsService.Local.WriteTrace(0, new SPDiagnosticsCategory("BethesdaSkillLab", TraceSeverity.Monitorable, EventSeverity.Error), TraceSeverity.Monitorable, ex.Message, new object[] { ex.StackTrace }); } }
public static void UpdatePermissions(this SPList list, List <Assignement> assigments, bool brokenInheritance, SPWeb web) { if (list == null) { return; } foreach (var item in assigments) { string levelName = "Custom Permission for list " + list.Title; var principalNames = item.Name.Split(new char[] { ';' }, StringSplitOptions.RemoveEmptyEntries); foreach (var name in principalNames) { try { if (!list.HasUniqueRoleAssignments) { list.BreakRoleInheritance(brokenInheritance); // Ensure we don't inherit permissions from parent } var principal = web.GetPrinciple(name); if (principal == null) { continue; } // Assuming you already have SPWeb and SPList objects SPRoleAssignment roleAssignment = new SPRoleAssignment(principal); SPRoleDefinition roleDefinition = web.RoleDefinitions .Cast <SPRoleDefinition>() .Where(p => p.Name == levelName) .FirstOrDefault();; bool isRoleExisted = true; if (roleDefinition == null) { isRoleExisted = false; roleDefinition = new SPRoleDefinition(); } if (item.Permissions != null) { foreach (var permission in item.Permissions) { roleDefinition.BasePermissions |= permission; if (!roleDefinition.Description.Contains(permission.ToString())) { roleDefinition.Description += permission.ToString() + ", "; } } } roleDefinition.Description = roleDefinition.Description.TrimBy(500); foreach (var rd in item.RoleDefinitions) { SPRoleDefinition def = web.RoleDefinitions.GetByType(rd); roleAssignment.RoleDefinitionBindings.Add(def); } roleDefinition.Name = levelName; if (roleDefinition.BasePermissions != SPBasePermissions.EmptyMask) { if (!isRoleExisted) { web.RoleDefinitions.Add(roleDefinition); } else { roleDefinition.Update(); } web.Update(); roleAssignment.RoleDefinitionBindings.Add(web.RoleDefinitions[roleDefinition.Name]); } //web.Update(); //roleAssignment.RoleDefinitionBindings.Add(web.RoleDefinitions[roleDefinition.Name]); list.RoleAssignments.Add(roleAssignment); list.Update(); } catch (Exception ex) { Utility.LogError(ex.Message + ex.StackTrace, AIAPortalFeatures.Infrastructure); } } } }
public static void CopyListRoleAssignments(SPList sourceList, SPList destinationList) { //First check if the Source List has Unique permissions if (sourceList.HasUniqueRoleAssignments) { //Break List permission inheritance first destinationList.BreakRoleInheritance(true); //Remove current role assignemnts while (destinationList.RoleAssignments.Count > 0) { destinationList.RoleAssignments.Remove(0); } //Copy Role Assignments from source to destination list. foreach (SPRoleAssignment sourceRoleAsg in sourceList.RoleAssignments) { SPRoleAssignment destinationRoleAsg = null; //Get the source member object SPPrincipal member = sourceRoleAsg.Member; //Check if the member is a user try { SPUser sourceUser = (SPUser)member; SPUser destinationUser = destinationList.ParentWeb.Users.GetByEmail(sourceUser.Email); destinationRoleAsg = new SPRoleAssignment(destinationUser); } catch { } if (destinationRoleAsg == null) { //Check if the member is a group try { SPGroup sourceGroup = (SPGroup)member; SPGroup destinationGroup = destinationList.ParentWeb.SiteGroups[sourceGroup.Name]; destinationRoleAsg = new SPRoleAssignment(destinationGroup); } catch { } } //At this state we should have the role assignment established either by user or group if (destinationRoleAsg != null) { foreach (SPRoleDefinition sourceRoleDefinition in sourceRoleAsg.RoleDefinitionBindings) { try { destinationRoleAsg.RoleDefinitionBindings.Add(destinationList.ParentWeb.RoleDefinitions[sourceRoleDefinition.Name]); } catch { } } if (destinationRoleAsg.RoleDefinitionBindings.Count > 0) { //handle additon of an existing permission assignment error try { destinationList.RoleAssignments.Add(destinationRoleAsg); } catch (ArgumentException) { } } } } //Does not require list update //destinationList.Update(); } else //No need to assign permissions return; }
/// <summary> /// Grants list level permissions to a target sharepoint on the HTS site. /// </summary> /// <param name="spTargetGroup">Represents an instance of a HTS security group.</param> /// <param name="spAssignRoleType">Represents an instance of a target HTS role type.</param> /// <param name="spTargetList">Represents an instance of the target list where we grant the security group permission to.</param> private static void GrantGroupListLevelPermisisons(SPGroup spTargetGroup, SPRoleType spAssignRoleType, SPList spTargetList) { if (spTargetList.HasUniqueRoleAssignments == false) { spTargetList.BreakRoleInheritance(true); } /* Remove the user from the role assignment. */ spTargetList.RoleAssignments.Remove(spTargetGroup); SPRoleAssignment roleAssign = new SPRoleAssignment(spTargetGroup); SPRoleDefinition roleDef = spTargetList.ParentWeb.RoleDefinitions.GetByType(spAssignRoleType); roleAssign.RoleDefinitionBindings.Add(roleDef); spTargetList.RoleAssignments.Add(roleAssign); }