protected SPGroup create_group(string group_name, SPWeb web) { SPUser user = web.EnsureUser("Administrator"); web.SiteGroups.Add(group_name, user, null, group_name); SPGroup group = web.SiteGroups[group_name]; web.Update(); SPRoleAssignment assignment = new SPRoleAssignment(group); SPRoleDefinition role = web.RoleDefinitions["读取"]; assignment.RoleDefinitionBindings.Add(role); web.RoleAssignments.Add(assignment); return group; }
public static void CreateSubSiteGroup(SPWeb web, string groupName, string PermissionLevel, string groupDescription) { try { web.AllowUnsafeUpdates = true; SPUserCollection users = web.AllUsers; SPUser owner = web.SiteAdministrators[0]; SPMember member = web.SiteAdministrators[0]; SPGroupCollection groups = web.SiteGroups; groups.Add(groupName, member, owner, groupDescription); SPGroup newSPGroup = groups[groupName]; newSPGroup.OnlyAllowMembersViewMembership = false; newSPGroup.Update(); SPRoleDefinition role = web.RoleDefinitions[PermissionLevel]; SPRoleAssignment roleAssignment = new SPRoleAssignment(newSPGroup); roleAssignment.RoleDefinitionBindings.Add(role); web.RoleAssignments.Add(roleAssignment); web.Update(); web.AllowUnsafeUpdates = false; } catch (Exception ex) { ULSLogger.LogErrorInULS(ex.Message, TraceSeverity.Unexpected); } }
/// <summary> /// Creates one or more role assignments for a given user on a given SharePoint Web site. /// </summary> /// /// <param name="loginName">The login name, e.g. "MyDomain\SlkLearner123". If the login name /// starts with ".\", it's assumed to be a local machine account.</param> /// /// <param name="permissions">A comma-separated list of permission names to use for the role /// assignments, "Contribute,SLK Instructor".</param> /// /// <param name="webSiteUrl">The URL of the Web site.</param> /// static void GrantUserAccess(string loginName, string permissions, string webSiteUrl) { Console.WriteLine("Giving \"{0}\" permission(s) \"{1}\" on \"{2}\"", loginName, permissions, webSiteUrl); using (SPSite spSite = new SPSite(webSiteUrl)) { using (SPWeb spWeb = spSite.OpenWeb()) { if (loginName.StartsWith(@".\")) { loginName = String.Format(@"{0}\{1}", spSite.HostName, loginName.Substring(2)); } SPUser spUser = spWeb.SiteUsers[loginName]; foreach (string substring in permissions.Split(',')) { string permission = substring.Trim(); SPRoleAssignment roleAssignment = new SPRoleAssignment(spUser); SPRoleDefinition roleDefinition; try { roleDefinition = spWeb.RoleDefinitions[permission]; } catch (SPException) { throw new Exception(String.Format( "Cannot access permission \"{0}\"", permission)); } roleAssignment.RoleDefinitionBindings.Add(roleDefinition); spWeb.RoleAssignments.Add(roleAssignment); } } } }
public static void ClearRights(SPListItem item) { SPWeb web = item.Web; bool allowUnsafeUpdates = web.AllowUnsafeUpdates; web.AllowUnsafeUpdates = true; if (!item.HasUniqueRoleAssignments) { item.BreakRoleInheritance(false); if (web.AssociatedOwnerGroup != null) { var roleAssignment = new SPRoleAssignment(web.AssociatedOwnerGroup); SPRoleDefinition byType = web.RoleDefinitions.GetByType(SPRoleType.Administrator); roleAssignment.RoleDefinitionBindings.Add(byType); item.RoleAssignments.Add(roleAssignment); } } else { const int num = 0x3fffffff; int num2 = (web.AssociatedOwnerGroup != null) ? web.AssociatedOwnerGroup.ID : -1; for (int i = item.RoleAssignments.Count - 1; i >= 0; i--) { int iD = item.RoleAssignments[i].Member.ID; if ((iD != num) && (iD != num2)) { item.RoleAssignments.Remove(i); } } } web.AllowUnsafeUpdates = allowUnsafeUpdates; }
private void CreateConfigurationList(SPWeb web) { SPList configurationList = web.Lists.TryGetList(Resource.ConfigurationList); if (configurationList == null) { Guid configurationListGuid = web.Lists.Add(Resource.ConfigurationList, Resource.ConfigurationListDesc, SPListTemplateType.GenericList); configurationList = web.Lists[configurationListGuid]; configurationList.Fields.Add("Property", SPFieldType.Text, true); configurationList.Fields.Add("Setting", SPFieldType.Text, true); configurationList.EnableVersioning = true; // Only system admins should be able to edit this, but everybody needs to view it configurationList.BreakRoleInheritance(false); SPPrincipal group = web.SiteGroups["Guidewire Owners"]; if (group != null) { SPRoleAssignment roleAssignment = new SPRoleAssignment(group); SPRoleDefinition roleDefinition = web.RoleDefinitions.GetByType(SPRoleType.Administrator); roleAssignment.RoleDefinitionBindings.Add(roleDefinition); configurationList.RoleAssignments.Add(roleAssignment); } configurationList.Update(); Configuration.AddDefaultConfigurationValue(web, Resource.ConfigGWWsUserName, "GWSharePointIntegration"); Configuration.AddDefaultConfigurationValue(web, Resource.ConfigGWWsPassword, "gw"); Configuration.AddDefaultConfigurationValue(web, Resource.ConfigGWWsEndpoint, "http://manclredev02:8080/cc/ws/riverstone/webservice/document/trg_UpdateMetadataAPI"); } }
/// <summary> /// Adds a user to specified roles on the website /// </summary> /// <param name="SiteWeb">site to which the user will be assigned</param> /// <param name="SiteUser">user to be added. Make sure its Roles collection contains some roles otherwise the user will not be added.</param> private void AddSiteUser(CS4User siteUser) { string siteUrl = System.String.Empty; SPSite site = null; SPWeb siteWeb = null; SPUser spUser = null; foreach (CS4User.UserPermission userPermission in siteUser.UserRoles) { if (siteUrl != userPermission.WebUrl) { siteUrl = userPermission.WebUrl; site = new SPSite(siteUrl); siteWeb = site.OpenWeb(); try { spUser = siteWeb.SiteUsers[siteUser.UserLoginWithDomain]; } catch { //user has not been added to this site yet siteWeb.Users.Add(siteUser.UserLoginWithDomain, siteUser.Email, siteUser.UserName, ""); spUser = siteWeb.SiteUsers[siteUser.UserLoginWithDomain]; } } //siteWeb.Roles[userPermission.Role].AddUser(siteUser.UserLoginWithDomain, siteUser.Email, siteUser.UserName, ""); SPRoleAssignment roleAssignment = new SPRoleAssignment(spUser); SPRoleDefinition roleDefinition = siteWeb.RoleDefinitions[userPermission.Role]; roleAssignment.RoleDefinitionBindings.Add(roleDefinition); siteWeb.RoleAssignments.Add(roleAssignment); } }
private void setupWebUserGroup(SPWeb web, string groupName, SPRoleType role, string groupDescription = null) { SPGroup group = null; try { group = web.SiteGroups[groupName]; log.addInformation("Existing Group '" + group.Name + "' found. Will attach to site " + web.ServerRelativeUrl.ToString()); } catch { log.addWarning("'" + groupName + "' Group wasn't found. Will be created."); web.SiteGroups.Add(groupName, web.CurrentUser, web.CurrentUser, groupDescription); group = web.SiteGroups[groupName]; group.RemoveUser(web.CurrentUser); } finally { SPRoleDefinition roleDefinition = web.RoleDefinitions.GetByType(role); SPRoleAssignment roleAssignment = new SPRoleAssignment(group); roleAssignment.RoleDefinitionBindings.Add(roleDefinition); web.RoleAssignments.Add(roleAssignment); web.Update(); } }
private void AssignRoles(SPWeb web, SPListItem item, SPRoleDefinition roleDef) { foreach (string principalName in Principals) { SPPrincipalInfo principalInfo = SPUtility.ResolvePrincipal(web.Site.WebApplication, null, principalName, SPPrincipalType.All, SPPrincipalSource.All, false); if (principalInfo != null) { SPRoleAssignment roleAssign = new SPRoleAssignment(principalInfo.LoginName, principalInfo.Email, principalInfo.DisplayName, ""); roleAssign.RoleDefinitionBindings.Add(roleDef); item.RoleAssignments.Add(roleAssign); } else { try { SPPrincipal group = web.SiteGroups[principalName]; SPRoleAssignment roleAssign = new SPRoleAssignment(group); roleAssign.RoleDefinitionBindings.Add(roleDef); item.RoleAssignments.Add(roleAssign); } catch (Exception ex) { SPRoleAssignment roleAssign = new SPRoleAssignment(principalName, "", "", ""); roleAssign.RoleDefinitionBindings.Add(roleDef); item.RoleAssignments.Add(roleAssign); } } } }
public override void ItemUpdated(SPItemEventProperties properties) { SPListItem item1 = properties.ListItem; var delemans = item1["Delegates"].AsString(); if (delemans.AsString().IsNullOrWhitespace()) { return; } char[] split = { '#' }; string[] deles = delemans.Split(split); List<SPPrincipal> principals = new List<SPPrincipal>(); for (int i = 0; i < deles.Length; i++) { if (deles[i].IsNullOrWhitespace()) { continue; } principals.Add(item1.Web.Users[deles[i]]); } if (principals.Count > 0) { SPSecurity.RunWithElevatedPrivileges(delegate { using (SPSite site = new SPSite(properties.SiteId)) { using (SPWeb web = site.OpenWeb("WorkFlowCenter")) { try { SPListItem item = web.Lists["Travel Request Workflow2"].GetItemById(item1.ID); if (!item.HasUniqueRoleAssignments) { item.BreakRoleInheritance(true); } SPRoleDefinition AdminRoleDefinition = web.RoleDefinitions.GetByType(SPRoleType.Administrator); SPRoleDefinition GuestRoleDefinition = web.RoleDefinitions.GetByType(SPRoleType.Guest); foreach (SPPrincipal principal in principals) { SPRoleAssignment RoleAssignment = new SPRoleAssignment(principal); RoleAssignment.RoleDefinitionBindings.Add(AdminRoleDefinition); RoleAssignment.RoleDefinitionBindings.Remove(GuestRoleDefinition); item.RoleAssignments.Remove(principal); item.RoleAssignments.Add(RoleAssignment); } item["Delegates"] = string.Empty; base.DisableEventFiring(); item.Update(); base.EnableEventFiring(); } catch (Exception ex) { //TO-DO } } } }); } }
public Hashtable CreateGroup(SPUserCodeWorkflowContext context, string groupName, string siteUrl, string owner, string description, string permissions) { Hashtable result = new Hashtable(); SPSite site = null; SPWeb web = null; try { if (String.IsNullOrEmpty(siteUrl)) { siteUrl = context.CurrentWebUrl; } site = new SPSite(siteUrl); web = site.OpenWeb(); var ownerUser = web.EnsureUser(owner); web.SiteGroups.Add(groupName, ownerUser, null, description); var group = web.SiteGroups.OfType <SPGroup>().Where(gn => gn.Name == groupName).First(); if (!String.IsNullOrEmpty(permissions)) { StringReader permReader = new StringReader(permissions); var roleAssignment = new SPRoleAssignment(group); string perm; while ((perm = permReader.ReadLine()) != null) { var roleDef = web.RoleDefinitions[perm]; roleAssignment.RoleDefinitionBindings.Add(roleDef); } web.RoleAssignments.Add(roleAssignment); } result["error"] = String.Empty; } catch (Exception ex) { result["error"] = ex.Message; } finally { if (web != null) { web.Dispose(); } if (site != null) { site.Dispose(); } } return(result); }
/// <summary> /// Adds the specified user to the specified role for the specified list. Breaks Role Inheritance on the List Item if it hasn't already been broken. /// </summary> /// <param name="sourceWeb"></param> /// <param name="list"></param> /// <param name="principal"></param> /// <param name="roleTypeValue"></param> public static void AddListPermissionsForPrincipal(SPWeb sourceWeb, SPList list, SPPrincipal principal, SPRoleType roleTypeValue) { if (principal == null) { throw new ArgumentNullException("principal"); } SPRoleAssignment roleAssignment = new SPRoleAssignment(principal); SPRoleDefinition roleDefinition = sourceWeb.RoleDefinitions.GetByType(roleTypeValue); roleAssignment.RoleDefinitionBindings.Add(roleDefinition); sourceWeb.AllowUnsafeUpdates = true; try { if (!list.HasUniqueRoleAssignments) { list.BreakRoleInheritance(true); } sourceWeb.AllowUnsafeUpdates = true; list.RoleAssignments.Add(roleAssignment); list.Update(); } finally { sourceWeb.AllowUnsafeUpdates = false; } }
internal static void AddRole(SPWeb web, SPSecurableObject target, SPPrincipal principal, string roleDefinitionName) { var roleToAdd = web.RoleDefinitions.Cast <SPRoleDefinition>().FirstOrDefault(x => x.Name == roleDefinitionName); if (roleToAdd != null) { EnsureBrokenRoleInheritance(target); var assignments = target.RoleAssignments.Cast <SPRoleAssignment>().FirstOrDefault(x => x.Member.ID == principal.ID); if (assignments == null) { assignments = new SPRoleAssignment(principal); assignments.RoleDefinitionBindings.Add(roleToAdd); target.RoleAssignments.Add(assignments); } else { assignments.RoleDefinitionBindings.Add(roleToAdd); assignments.Update(); } } else { throw new ArgumentException("No RoleDefinition found for the name " + roleDefinitionName); } }
internal void SetPermissions(SPWeb web) { try { var list = web.GetList("UserPhotos"); var allUsers = web.EnsureUser("NT AUTHORITY\\authenticated users"); var roleAssignment = new SPRoleAssignment(allUsers); var readerRole = web.RoleDefinitions.GetByType(SPRoleType.Reader); roleAssignment.RoleDefinitionBindings.Add(readerRole); if (!list.HasUniqueRoleAssignments) { list.BreakRoleInheritance(true); } list.RoleAssignments.Add(roleAssignment); list.Update(); } catch (Exception ex) { FoundationSync.LogMessage(1003, FoundationSync.LogCategories.FoundationSync, TraceSeverity.Unexpected, string.Format("Unable to set permissions on UserPhotos list. " + "Add Authenticated Users with Read rights manually. {0}", ex.InnerException), null); } }
public static int GetDelegateCount(SPPrincipal principal, SPWeb web, SPListItem ListItem) { int permissionCount = 0; SPSecurity.RunWithElevatedPrivileges(delegate() { try { if (principal != null) { using (SPSite site = new SPSite(web.Site.ID)) { using (SPWeb _web = site.OpenWeb(web.ServerRelativeUrl)) { SPListItem _listitem = _web.Lists[ListItem.ParentList.ID].GetItemById(ListItem.ID); _web.AllowUnsafeUpdates = true; SPRoleAssignment role = _listitem.RoleAssignments.GetAssignmentByPrincipal(principal); permissionCount = role.RoleDefinitionBindings.Count; } } } else { } } catch (Exception ex) { } }); return(permissionCount); }
/// <summary> /// 给Item授权 /// </summary> /// <param name="principal"></param> /// <param name="web"></param> /// <param name="ListItem"></param> /// <param name="DelegateName"></param> public static void DelegateForListItem(SPPrincipal principal, SPWeb web, SPListItem ListItem, string DelegateName) { SPSecurity.RunWithElevatedPrivileges(delegate() { try { using (SPSite site = new SPSite(web.Site.ID)) { using (SPWeb _web = site.OpenWeb(web.ServerRelativeUrl)) { SPListItem _listitem = _web.Lists[ListItem.ParentList.ID].GetItemById(ListItem.ID); _web.AllowUnsafeUpdates = true; SPRoleAssignment sra = new SPRoleAssignment(principal); SPRoleDefinition srd = _web.RoleDefinitions[DelegateName]; sra.RoleDefinitionBindings.Add(srd); _listitem.BreakRoleInheritance(true, false); _listitem.RoleAssignments.Add(sra); _listitem.Update(); } } } catch (Exception ex) { } }); }
public static void AddPermissionsToItem(SPWeb web, SPListItem item, Dictionary <SPPrincipal, string[]> assignments) { if (!item.HasUniqueRoleAssignments) { item.BreakRoleInheritance(false); } while (item.RoleAssignments.Count > 0) { item.RoleAssignments.Remove(0); } foreach (SPPrincipal principal in assignments.Keys) { foreach (string itemAssignment in assignments[principal]) { SPRoleDefinition roleDef = GetPermissionLevel(web, itemAssignment); if (roleDef == null) { continue; } SPRoleAssignment roleAssignment = new SPRoleAssignment(principal); roleAssignment.RoleDefinitionBindings.Add(roleDef); item.RoleAssignments.Add(roleAssignment); } } //item.Update(); }
/// <summary> /// Da permisos a la carpeta especificada /// </summary> /// <param name="name">Ruta de la Carpeta</param> /// <param name="group">Grupo de Usuarios a los que da permisos</param> /// <param name="role">Rol de la administrador</param> /// <returns></returns> public bool AddPermissionsInFolder(string name, string group, SPRoleType role) { try { var list = Web.Lists.TryGetList(Name); if (list == null) { return(false); } var folderCollection = list.RootFolder.SubFolders[name]; if (!list.HasUniqueRoleAssignments) { list.BreakRoleInheritance(false); } if (!folderCollection.Item.HasUniqueRoleAssignments) { folderCollection.Item.BreakRoleInheritance(false); } var oGroup = Web.SiteGroups[group]; var roleAssignment = new SPRoleAssignment(oGroup); var roleDefinition = Web.RoleDefinitions.GetByType(role); roleAssignment.RoleDefinitionBindings.Add(roleDefinition); folderCollection.Item.RoleAssignments.Add(roleAssignment); folderCollection.Item.Update(); return(true); } catch (Exception exception) { Logger.Error(string.Concat("Exceptin Folder", exception.Message)); return(false); } }
/// <summary> /// This method should be used instead of BreakRoleInheritance(true). /// /// The OOTB method replicates all permissions from the parent, including the "Limited Access" permissions. /// In environments with many users, there can be many of these meaningless permissions, which bloats the /// SharePoint permission tables in SQL. This method reviews all RoleDefinitions in each principal's /// RoleAssignments, stripping "Limited Access", before adding them to the item. /// </summary> /// <param name="item"></param> public static void BreakCopyRoleInheritance(this SPListItem item) { SPRoleAssignmentCollection roleAssignments = item.RoleAssignments; var activeAssignments = from SPRoleAssignment p in roleAssignments where p.RoleDefinitionBindings.Count >= 1 select p; item.BreakRoleInheritance(false); foreach (SPRoleAssignment p in activeAssignments) { SPRoleAssignment assignment = new SPRoleAssignment(p.Member); SPRoleDefinitionBindingCollection bindings = new SPRoleDefinitionBindingCollection(); foreach (SPRoleDefinition roleDef in p.RoleDefinitionBindings) { if (roleDef.Name != "Limited Access") { bindings.Add(roleDef); } } if (bindings.Count > 0) { assignment.ImportRoleDefinitionBindings(bindings); item.RoleAssignments.Add(assignment); } } }
public static void SetReadOnly(SPListItem item, int userId) { SPWeb web = item.Web; bool allowUnsafeUpdates = web.AllowUnsafeUpdates; web.AllowUnsafeUpdates = true; if (!item.HasUniqueRoleAssignments) { item.BreakRoleInheritance(true); } web.AllowUnsafeUpdates = true; SPRoleAssignmentCollection roleAssignments = item.RoleAssignments; for (int i = roleAssignments.Count - 1; i > -1; i--) { SPRoleAssignment assignment = roleAssignments[i]; if (assignment.Member.ID == userId) { SPRoleDefinitionBindingCollection roleDefinitionBindings = assignment.RoleDefinitionBindings; if ((roleDefinitionBindings.Count != 1) || (roleDefinitionBindings[0].Type != SPRoleType.Reader)) { roleDefinitionBindings.RemoveAll(); SPRoleDefinition byType = web.RoleDefinitions.GetByType(SPRoleType.Reader); roleDefinitionBindings.Add(byType); assignment.Update(); } break; } } web.AllowUnsafeUpdates = allowUnsafeUpdates; }
/// <summary> /// Removes the specified role from the specified principal's role assignments. This method will not /// break role inheritance, and instead will return False. /// </summary> /// <param name="item">the effected list item</param> /// <param name="principal">the principal whose permissions will be modified</param> /// <param name="roleDef">the role to remove from the principal's role assignments. If null, all permissions are removed</param> /// <returns>True if the role is successfully removed, otherwise false</returns> public static bool TryRemovePermission(this SPListItem item, SPPrincipal principal, SPRoleDefinition roleDef) { bool retVal = true; if (principal == null || item.HasUniqueRoleAssignments == false) { retVal = false; } else { try { SPRoleAssignment roleAssignment = item.RoleAssignments.GetAssignmentByPrincipal(principal); if (roleAssignment != null) { item.RoleAssignments.Remove(principal); if (roleDef != null && roleAssignment.RoleDefinitionBindings.Contains(roleDef)) { roleAssignment.RoleDefinitionBindings.Remove(roleDef); if (roleAssignment.RoleDefinitionBindings.Count > 0) { item.RoleAssignments.Add(roleAssignment); } } } } catch (ArgumentOutOfRangeException) { } catch (ArgumentException) { } } return(retVal); }
private void AddCustomPermissions(SPListItem myItem, SPWeb web) { // Give Contribute to the author SPRoleDefinition roledefinition = web.RoleDefinitions.GetByType(SPRoleType.Contributor); SPRoleAssignment roleAssignment = new SPRoleAssignment(GetSPUser(myItem, "Author")); roleAssignment.RoleDefinitionBindings.Add(roledefinition); myItem.RoleAssignments.Add(roleAssignment); // Give Read to anyone that the item has been shared with if (myItem["SharedWith"] != null) { SPFieldUserValueCollection values = (SPFieldUserValueCollection)myItem["SharedWith"]; foreach (SPFieldUserValue value in values) { // Get a user from the key var sharedUser = value.User; // Change our role definition to Read roledefinition = web.RoleDefinitions.GetByType(SPRoleType.Reader); // Change our role assignment to the new user roleAssignment = new SPRoleAssignment(sharedUser); // Bind the new role roleAssignment.RoleDefinitionBindings.Add(roledefinition); myItem.RoleAssignments.Add(roleAssignment); } } }
public static void SetReadOnly(SPListItem item) { SPWeb web = item.Web; bool allowUnsafeUpdates = web.AllowUnsafeUpdates; web.AllowUnsafeUpdates = true; if (!item.HasUniqueRoleAssignments) { item.BreakRoleInheritance(true); } web.AllowUnsafeUpdates = true; SPRoleAssignmentCollection roleAssignments = item.RoleAssignments; int iD = web.Site.SystemAccount.ID; int num2 = (web.AssociatedOwnerGroup != null) ? web.AssociatedOwnerGroup.ID : -1; for (int i = roleAssignments.Count - 1; i > -1; i--) { SPRoleAssignment assignment = roleAssignments[i]; int num4 = assignment.Member.ID; if ((num4 != iD) && (num4 != num2)) { SPRoleDefinitionBindingCollection roleDefinitionBindings = assignment.RoleDefinitionBindings; if ((roleDefinitionBindings.Count != 1) || (roleDefinitionBindings[0].Type != SPRoleType.Reader)) { roleDefinitionBindings.RemoveAll(); SPRoleDefinition byType = web.RoleDefinitions.GetByType(SPRoleType.Reader); roleDefinitionBindings.Add(byType); assignment.Update(); } } } web.AllowUnsafeUpdates = allowUnsafeUpdates; }
private void SetGroupPermissions(SPWeb web, SPGroup group) { SetBaseLinePermissions(web, group); string roleName = ""; switch (Role) { case "owner": roleName = "Full Control"; break; case "member": roleName = "Contribute"; break; default: roleName = "Read"; break; } SPRoleAssignment assignment = new SPRoleAssignment(group); SPRoleDefinition role = web.RoleDefinitions[roleName]; assignment.RoleDefinitionBindings.Add(role); web.RoleAssignments.Add(assignment); }
public override void FeatureActivated(SPFeatureReceiverProperties properties) { SPWeb web = (SPWeb)properties.Feature.Parent; SPMember owner = web.SiteAdministrators[0]; SPUser user = (SPUser)owner; if (!GroupExistsInSite(web, "Riverstone TFS Default Members")) { web.SiteGroups.Add("Riverstone TFS Default Members", owner, user, "This group contains the Riverstone Active Directory groups that have access to TFS portal sites by default."); } SPGroup defaultGroup = web.SiteGroups["Riverstone TFS Default Members"]; defaultGroup.OnlyAllowMembersViewMembership = false; defaultGroup.Update(); SPRoleAssignment roleAssignment = new SPRoleAssignment(defaultGroup); SPRoleDefinition contributeDefinition = web.RoleDefinitions["Contribute"]; roleAssignment.RoleDefinitionBindings.Add(contributeDefinition); if (!GroupExistsInWeb(web, "Riverstone TFS Default Members")) { web.RoleAssignments.Add(roleAssignment); } AddUserToGroup(defaultGroup, "trg\\biudatasmes"); AddUserToGroup(defaultGroup, "trg\\biuoperations"); AddUserToGroup(defaultGroup, "trg\\biureporting"); AddUserToGroup(defaultGroup, "trg\\dataarchitect"); AddUserToGroup(defaultGroup, "trg\\developer"); AddUserToGroup(defaultGroup, "trg\\enterprisearchitect"); AddUserToGroup(defaultGroup, "trg\\pmuba"); AddUserToGroup(defaultGroup, "trg\\pmupm"); AddUserToGroup(defaultGroup, "trg\\tfsadministrator"); AddUserToGroup(defaultGroup, "trg\\OpsManagement"); }
private void CreateSubSiteGroup(SPWeb web, string groupName, SPRoleType roleType, string groupDescription) { var groupInSite = GroupExistsInSiteCollection(web, groupName); if (!groupInSite) { web.AllowUnsafeUpdates = true; web.Update(); web.BreakRoleInheritance(false); SPGroupCollection groups = web.SiteGroups; //for (int i = 0; i < web.SiteAdministrators.Count; i++) //{ // SPUser owner = web.SiteAdministrators[i]; // SPMember member = web.SiteAdministrators[i]; //} SPUser owner = web.SiteAdministrators[0]; SPMember member = web.SiteAdministrators[0]; groups.Add(groupName, member, owner, groupDescription); SPGroup newSPGroup = groups[groupName]; SPRoleDefinition role = web.RoleDefinitions.GetByType(roleType); SPRoleAssignment roleAssignment = new SPRoleAssignment(newSPGroup); roleAssignment.RoleDefinitionBindings.Add(role); web.RoleAssignments.Add(roleAssignment); web.Update(); } }
public static void CreateGroup(SPWeb web) { DeleteGroup(web); try { web.SiteGroups.Add(Language.SMUGroupName, web.AssociatedOwnerGroup, null, Language.SMUGroupDescription); SPGroup grp = web.SiteGroups.Cast <SPGroup>().FirstOrDefault(p => p.Name == Language.SMUGroupName); if (grp == null) { throw new Exception(Language.GroupCreateError); } if (!web.HasUniqueRoleAssignments) { throw new Exception(Language.WebInheritsAssignments); } SPRoleAssignment ass = new SPRoleAssignment(grp); SPRoleDefinition def = web.RoleDefinitions[Language.SMUPermissionName]; ass.RoleDefinitionBindings.Add(def); web.RoleAssignments.Add(ass); web.Update(); } catch (Exception ex) { DeleteGroup(web); WriteException(ex); throw ex; } }
private void AddPermissionsProd(SPListItem item, SPPrincipal principal, SPRoleDefinition roleDefinition) { SPRoleAssignment ra = new SPRoleAssignment(principal); ra.RoleDefinitionBindings.Add(roleDefinition); item.RoleAssignments.Add(ra); }
public static bool SetUserPermission(this SPListItem item, string userName, string permissionLevel) { var isSet = false; try { item.Web.AllowUnsafeUpdates = true; if (!item.HasUniqueRoleAssignments) { item.BreakRoleInheritance(false, false); } item.Update(); item.Web.Update(); var roleAssignment = new SPRoleAssignment(item.Web.AllUsers[userName]); roleAssignment.RoleDefinitionBindings.Add(item.Web.RoleDefinitions[permissionLevel]); item.RoleAssignments.Add(roleAssignment); item.Update(); item.ParentList.Update(); item.Web.Update(); isSet = true; } catch (Exception ex) { Log.Error(ex); throw new Exception($"SharePointCore: Error on {nameof(SetUserPermission)}", ex); } return(isSet); }
private bool UpdateUserPermissions(SPWeb web, SPRoleAssignmentCollection roleAssignments, XmlNodeList principalUserNodes) { bool dirty = false; foreach (XmlNode principalUserNode in principalUserNodes) { string loginName = principalUserNode.Attributes["login"].Value; string userName = principalUserNode.Attributes["name"].Value; try { SPClaimProviderManager cpm = SPClaimProviderManager.Local; SPClaim userClaim = cpm.ConvertIdentifierToClaim(loginName, SPIdentifierTypes.WindowsSamAccountName); SPUser user = web.EnsureUser(userClaim.ToEncodedString()); if (user == null) { throw new Exception(); } SPPrincipal userPrincipal = (SPPrincipal)user; try { SPRoleAssignment roleAssignment = roleAssignments.GetAssignmentByPrincipal(userPrincipal); if (roleAssignment == null) { throw new Exception(); } UpdatePrincipal(web, principalUserNode, string.Format("{0,20}, '{1,15}'", userName, loginName), roleAssignment); } catch { output.Append(string.Format("permissins missing for user: {0,20} with login: {1,15}, adding new..." + Environment.NewLine, userName, loginName)); SPRoleAssignment roleAssignmentNew = new SPRoleAssignment(userPrincipal); XmlNodeList roleNodes = principalUserNode.SelectNodes("role"); foreach (XmlNode roleNode in roleNodes) { string roleName = roleNode.Attributes["name"].Value; if (roleName.ToLower().Equals("limited access")) { roleName = "Limited User"; } SPRoleDefinition role = web.RoleDefinitions[roleName]; roleAssignmentNew.RoleDefinitionBindings.Add(role); } roleAssignments.Add(roleAssignmentNew); output.Append("completed" + Environment.NewLine); dirty = true; } } catch { output.Append(string.Format("user not found: {0,20} with login: {1,15}" + Environment.NewLine, userName, loginName)); } } return(dirty); }
private static void SetFolderPermissions(SPWeb web, string folderName, string memGrpName, string visGrpName, string blackbeltGroupName, string greenbeltGroupName, SPFolder fldr) { try { SPRoleDefinition pwcContribute = web.RoleDefinitions["PWC Contribute"]; SPRoleDefinition read = web.RoleDefinitions["Read"]; SPRoleDefinition viewOnly = web.RoleDefinitions["View Only"]; SPRoleDefinition pwcBronzeAdmin = web.RoleDefinitions["PWC Bronze Admin"]; SPRoleDefinition fullControl = web.RoleDefinitions["Full Control"]; SPGroup newMemGroup = web.SiteGroups[memGrpName]; SPGroup newVisGroup = web.SiteGroups[visGrpName]; SPGroup BBGroup = web.SiteGroups[blackbeltGroupName]; SPGroup GBGroup = web.SiteGroups[greenbeltGroupName]; SPListItem li = fldr.Item; if (li.Name.Equals(folderName)) { li.BreakRoleInheritance(false); while (li.RoleAssignments.Count > 0) { li.RoleAssignments.Remove(0); } SPRoleAssignment spRoleAssignMemGrp = new SPRoleAssignment(newMemGroup); spRoleAssignMemGrp.RoleDefinitionBindings.Add(pwcContribute); li.RoleAssignments.Add(spRoleAssignMemGrp); SPRoleAssignment spRoleAssignVisGrp = new SPRoleAssignment(newVisGroup); spRoleAssignVisGrp.RoleDefinitionBindings.Add(read); li.RoleAssignments.Add(spRoleAssignVisGrp); SPRoleAssignment spRoleAssignBBGroup = new SPRoleAssignment(BBGroup); spRoleAssignBBGroup.RoleDefinitionBindings.Add(read); li.RoleAssignments.Add(spRoleAssignBBGroup); SPRoleAssignment spRoleAssignGBGroup = new SPRoleAssignment(GBGroup); spRoleAssignGBGroup.RoleDefinitionBindings.Add(read); li.RoleAssignments.Add(spRoleAssignGBGroup); //SPRoleAssignment spRoleAssignBronzeAdminGrp = new SPRoleAssignment(bronzeAdminGroup); //spRoleAssignBronzeAdminGrp.RoleDefinitionBindings.Add(pwcBronzeAdmin); //spRoleAssignBronzeAdminGrp.RoleDefinitionBindings.Add(pwcContribute); // li.RoleAssignments.Add(spRoleAssignBronzeAdminGrp); //SPRoleAssignment spRoleAssignOwnerGrp = new SPRoleAssignment(ownerGroup); //spRoleAssignOwnerGrp.RoleDefinitionBindings.Add(fullControl); // li.RoleAssignments.Add(spRoleAssignOwnerGrp); } } catch (Exception e) { e.Message.ToString(); // ULSLogger.LogErrorInULS("Inside catch in setFolderPermissions() in PWC Secure Folder Feature---" + e.Message); } }
public static SPRoleAssignment GetRoleAssignment(SPWeb web, SPPrincipal principal, SPRoleType roleType) { SPRoleAssignment roleAssign = new SPRoleAssignment(principal); SPRoleDefinition roleDef = web.RoleDefinitions.GetByType(roleType); roleAssign.RoleDefinitionBindings.Add(roleDef); return roleAssign; }
public void For(SPPrincipal principal) { var assignment = new SPRoleAssignment(principal); assignment.RoleDefinitionBindings.Add(web.RoleDefinitions[roleDefinitionName]); roleAssignments.Add(assignment); }
public void AddNewItemLvlPerm(SPListItem item, SPWeb oWeb, SPRoleType roleType, SPPrincipal principal) { SPRoleDefinition role = oWeb.RoleDefinitions.GetByType(roleType); SPRoleAssignment assign = new SPRoleAssignment(principal); assign.RoleDefinitionBindings.Add(role); item.RoleAssignments.Add(assign); }
/// <summary> /// Grants the permission to specified user or group. /// </summary> /// <param name="web">The web.</param> /// <param name="subject">The subject.</param> /// <param name="userName">Name of the user.</param> /// <param name="roleType">Type of the role.</param> public static void GrantPermission(SPWeb web, SPSecurableObject subject, string userName, SPRoleType roleType) { SPPrincipal user = TryGetUser(userName, web); SPPrincipal principal = user != null ? user : (SPPrincipal)web.SiteGroups[userName]; SPRoleDefinition roleDefinition = web.RoleDefinitions.GetByType(roleType); SPRoleAssignment roleAssignment = new SPRoleAssignment(principal); roleAssignment.RoleDefinitionBindings.Add(roleDefinition); subject.RoleAssignments.Add(roleAssignment); }
public static void AssignPermissions(this SPSecurableObject securableObject, SPPrincipal principal, SPRoleDefinition roleDefinition, bool replaceAllDefinitions = false, bool copyRoleAssignments = false, bool clearSubscopes = true) { if (securableObject is SPWeb) { if (!securableObject.HasUniqueRoleAssignments) { securableObject.BreakRoleInheritance(copyRoleAssignments, clearSubscopes); } } else { securableObject.BreakRoleInheritance(copyRoleAssignments, clearSubscopes); } SPRoleAssignment roleAssignment = GetAssignment(securableObject, principal); if (roleAssignment != null) { if (replaceAllDefinitions) { roleAssignment.RoleDefinitionBindings.RemoveAll(); roleAssignment.RoleDefinitionBindings.Add(roleDefinition); } else { if (!roleAssignment.RoleDefinitionBindings.Contains(roleDefinition)) { roleAssignment.RoleDefinitionBindings.Add(roleDefinition); } } try { roleAssignment.Update(); } catch (ArgumentException) { //Note: fix for 'Cannot update a permission level assignment that is not part of a permission level assignment collection.' securableObject.RoleAssignments.Add(roleAssignment); } } else { roleAssignment = new SPRoleAssignment(principal); if (!roleAssignment.RoleDefinitionBindings.Contains(roleDefinition)) { roleAssignment.RoleDefinitionBindings.Add(roleDefinition); } securableObject.RoleAssignments.Add(roleAssignment); } }
public SPDGServerRoleAssignment(SPDGPrincipal member) : base(member, new List<SPDGRoleDefinition>()) { if (member is SPDGServerUser) { _roleAssignment = new SPRoleAssignment(((SPDGServerUser) member).SPUser); } else { _roleAssignment = new SPRoleAssignment(((SPDGServerGroup) member).Group); } }
/// <summary> /// Add role assignment for the principal into web /// </summary> /// <param name="web"></param> /// <param name="principal"></param> /// <param name="permissionLevel"></param> public static void AddRoleAssignment(SPWeb web, SPPrincipal principal, string permissionLevel) { var roleDefinition = GetRoleDefinition(web, permissionLevel); if (roleDefinition == null) { throw new ArgumentNullException(permissionLevel); } var roleAssignment = new SPRoleAssignment(principal); roleAssignment.RoleDefinitionBindings.Add(roleDefinition); web.RoleAssignments.Add(roleAssignment); }
/// <summary> /// An item was added. /// </summary> public override void ItemAdded(SPItemEventProperties properties) { try { SPList spList = properties.List; if (spList.Title.Equals("MSA Schedule")) { SPFieldUrlValue spFieldURL = new SPFieldUrlValue(); spFieldURL.Url = "/sites/ffl/Pages/MSA.aspx?SID=" + properties.ListItemId; spFieldURL.Description = "Please click here"; SPListItem spListItem = properties.ListItem; spListItem["MSAFormLink"] = spFieldURL; SPGroup spGroup = properties.Web.SiteGroups["HSE-FFL"]; SPRoleDefinition spRole = properties.Web.RoleDefinitions["Contribute"]; SPRoleAssignment roleAssignment = new SPRoleAssignment(spGroup); roleAssignment.RoleDefinitionBindings.Add(spRole); if (Convert.ToString(spListItem["FFLEmailAddress"]) != null) { SPUser spUSer = properties.Web.SiteUsers.GetByEmail(Convert.ToString(spListItem["FFLEmailAddress"])); SPRoleDefinition spRole1 = properties.Web.RoleDefinitions["Read"]; SPRoleAssignment roleAssignment1 = new SPRoleAssignment(spUSer); roleAssignment1.RoleDefinitionBindings.Add(spRole1); spListItem.BreakRoleInheritance(false); spListItem.RoleAssignments.Add(roleAssignment); spListItem.RoleAssignments.Add(roleAssignment1); } spListItem.Update(); } else { properties.Status = SPEventReceiverStatus.CancelNoError; } } catch (Exception ex) { SPDiagnosticsService.Local.WriteTrace(0, new SPDiagnosticsCategory("MSAEventReceiver", TraceSeverity.Unexpected, EventSeverity.Error), TraceSeverity.Unexpected, ex.Message, ex.StackTrace); } finally { base.ItemAdded(properties); } }
private void ProcessSPGroupHost(SPGroup modelHost, SPGroup securityGroup, SecurityRoleLinkDefinition securityRoleLinkModel) { // TODO // need common validation infrastructure var web = securityGroup.ParentWeb; var securityRoleAssignment = new SPRoleAssignment(securityGroup); var roleDefinition = web.RoleDefinitions[securityRoleLinkModel.SecurityRoleName]; if (!securityRoleAssignment.RoleDefinitionBindings.Contains(roleDefinition)) { InvokeOnModelEvent(this, new ModelEventArgs { CurrentModelNode = null, Model = null, EventType = ModelEventType.OnProvisioning, Object = null, ObjectType = typeof(SPRoleDefinition), ObjectDefinition = securityRoleLinkModel, ModelHost = modelHost }); securityRoleAssignment.RoleDefinitionBindings.Add(roleDefinition); } else { InvokeOnModelEvent(this, new ModelEventArgs { CurrentModelNode = null, Model = null, EventType = ModelEventType.OnProvisioning, Object = roleDefinition, ObjectType = typeof(SPRoleDefinition), ObjectDefinition = securityRoleLinkModel, ModelHost = modelHost }); } InvokeOnModelEvent(this, new ModelEventArgs { CurrentModelNode = null, Model = null, EventType = ModelEventType.OnProvisioned, Object = roleDefinition, ObjectType = typeof(SPRoleDefinition), ObjectDefinition = securityRoleLinkModel, ModelHost = modelHost }); web.RoleAssignments.Add(securityRoleAssignment); web.Update(); }
protected void bind_role(SPListItem item, SPPrincipal principal, SPRoleDefinition definition) { try { SPRoleAssignment assignment = new SPRoleAssignment(principal); assignment.RoleDefinitionBindings.Add(definition); item.RoleAssignments.Add(assignment); } catch (Exception ex) { throw ex; } }
protected void btnGrantPermssion_Click(object sender, EventArgs e) { SPPrincipal principal = web.SiteUsers[ddUsers.SelectedValue]; SPFolderCollection submissions = web.Lists[ddDocLibs.SelectedValue].RootFolder.SubFolders; SPFolder newFolder = submissions.Add(folderName.Text); SPListItem folderItem = newFolder.Item; folderItem.BreakRoleInheritance(false); folderItem.Update(); SPRoleAssignment folderRoleAssignment = new SPRoleAssignment(principal); folderRoleAssignment.RoleDefinitionBindings.Add(web.RoleDefinitions[ddPermissionsLevels.SelectedValue]); folderItem.RoleAssignments.Add(folderRoleAssignment); }
protected override void DeployModelInternal(object modelHost, DefinitionBase model) { var securableObject = modelHost.WithAssertAndCast<SPSecurableObject>("modelHost", value => value.RequireNotNull()); var securityGroupLinkModel = model.WithAssertAndCast<SecurityGroupLinkDefinition>("model", value => value.RequireNotNull()); var web = GetWebFromSPSecurableObject(securableObject); var securityGroup = web.SiteGroups[securityGroupLinkModel.SecurityGroupName]; var roleAssignment = new SPRoleAssignment(securityGroup); // default one, it will be removed later var dummyRole = web.RoleDefinitions.GetByType(SPRoleType.Reader); if (!roleAssignment.RoleDefinitionBindings.Contains(dummyRole)) roleAssignment.RoleDefinitionBindings.Add(dummyRole); // this is has to be decided later - what is the strategy fro breaking role inheritance if (!securableObject.HasUniqueRoleAssignments) securableObject.BreakRoleInheritance(false); InvokeOnModelEvent(this, new ModelEventArgs { CurrentModelNode = null, Model = null, EventType = ModelEventType.OnProvisioning, Object = roleAssignment, ObjectType = typeof(SPRoleAssignment), ObjectDefinition = model, ModelHost = modelHost }); securableObject.RoleAssignments.Add(roleAssignment); InvokeOnModelEvent(this, new ModelEventArgs { CurrentModelNode = null, Model = null, EventType = ModelEventType.OnProvisioned, Object = roleAssignment, ObjectType = typeof(SPRoleAssignment), ObjectDefinition = model, ModelHost = modelHost }); // GOTCHA!!! supposed to continue chain with adding role definitions via RoleDefinitionLinks roleAssignment.RoleDefinitionBindings.RemoveAll(); }
// Uncomment the method below to handle the event raised before a feature is deactivated. //public override void FeatureDeactivating(SPFeatureReceiverProperties properties) //{ //} // Uncomment the method below to handle the event raised after a feature has been installed. public override void FeatureInstalled(SPFeatureReceiverProperties properties) { SPSite site = new SPSite(NewsString.RootSiteUrl); SPWeb spWeb = site.RootWeb; spWeb.AllowUnsafeUpdates = true; SPGroupCollection groupCollection = spWeb.Groups; if (NewsUtil.IsGroupAlreadyExist(spWeb,NewsString.GroupContribute) == false) { spWeb.SiteGroups.Add(NewsString.GroupContribute, spWeb.CurrentUser, spWeb.CurrentUser, string.Empty); SPGroup group = spWeb.SiteGroups[NewsString.GroupContribute]; SPRoleDefinition roleDefinition = spWeb.RoleDefinitions.GetByType(SPRoleType.Contributor); SPRoleAssignment roleAssigment = new SPRoleAssignment(group); roleAssigment.RoleDefinitionBindings.Add(roleDefinition); spWeb.RoleAssignments.Add(roleAssigment); spWeb.Update(); } }
public static void AddRoleAssignment(SPSecurableObject securableObject, SPDGPrincipal principal, IEnumerable<SPDGRoleDefinition> roleDefinitions) { SPPrincipal spPrincipal; if (principal is SPDGServerUser) { spPrincipal = ((SPDGServerUser)principal).SPUser; } else { spPrincipal = ((SPDGServerGroup)principal).Group; } SPRoleAssignment roleAss = new SPRoleAssignment(spPrincipal); foreach (var spdgRoleDefinition in roleDefinitions) { var spRoleDef = ((SPDGServerRoleDefinition)spdgRoleDefinition).RoleDefinition; roleAss.RoleDefinitionBindings.Add(spRoleDef); } securableObject.RoleAssignments.Add(roleAss); }
/// <summary> /// 为某个SPPrincipal赋于针对某个SPListItem的权限. 权限由rd来决定. /// </summary> /// <param name="item">某个需要赋于权限的SPListItem</param> /// <param name="spPrincipalName">用户登录名称或者是MOSS User Group, 如果是EMail地址, 则略过</param> /// <param name="rd">需要赋于的权限级别名称</param> public static void AddRoleAssignmentToListItem(SPListItem item, string spPrincipalName, SPRoleDefinition rd) { // 表明这个LoginName是电子邮件地址类型:SmtpAddress if (spPrincipalName.IndexOf("@") >= 0) return; SPRoleAssignment ra = null; // 如果spPrincipalName里面包含\, 则表示是一个AccountId, 否则是一个SPGroup if (spPrincipalName.IndexOf("\\") >= 0) ra = new SPRoleAssignment(spPrincipalName, string.Empty, string.Empty, string.Empty); else { try { SPGroup group = item.Web.Groups[spPrincipalName]; if (group != null) { ra = new SPRoleAssignment(group); } } catch { } } if (ra == null) return; SPRoleDefinition rd_temp = null; // 特别处理的地方:rd在创建并添加到Web.RoleDefinitions之后, 还不能直接使用rd这个变量,可能是复制了一个副本,然后再添加到Collection中去的,所以这里需要从Collection中查找副本, 然后再对其进行引用 // 不可以直接写为: ra.RoleDefinitionBindings.Add(rd) ; 会报错称不能使用Web中未定义的RD // 这个问题的本质原因在于创建类RoleDefinition之后, 前面拿到的SPWeb不会同步更新, 重新打开SPWeb就可以解决问题 for (int index = 0; index < item.Web.RoleDefinitions.Count; index++) if (item.Web.RoleDefinitions[index].Name.ToLower() == rd.Name.ToLower()) rd_temp = item.Web.Site.RootWeb.RoleDefinitions[index]; ra.RoleDefinitionBindings.Add(rd_temp); item.BreakRoleInheritance(false); item.RoleAssignments.Add(ra); }
/// <summary> /// Create SharePoint grou /// </summary> /// <param name="web"></param> /// <param name="groupName">SharePoint group name</param> /// <param name="permissionLevel">Type of Permission</param> /// <returns></returns> public static bool CreateGroup(this SPWeb web, string groupName, SPRoleType permissionLevel) { try { var owner = web.SiteAdministrators[0]; var member = web.SiteAdministrators[0]; var groups = web.SiteGroups; groups.Add(groupName, member, owner, string.Empty); var newSPGroup = groups[groupName]; var role = web.RoleDefinitions.GetByType(permissionLevel); var roleAssignment = new SPRoleAssignment(newSPGroup); roleAssignment.RoleDefinitionBindings.Add(role); web.RoleAssignments.Add(roleAssignment); web.Update(); return true; } catch (Exception exception) { Logger.Error(string.Concat("Error Create ", exception.Message)); return false; } }
/// <summary> /// Add Permission in a Site /// </summary> /// <param name="group"></param> /// <param name="role"></param> /// <returns></returns> public bool AddPermision(string group, RoleType role) { try { var oGroup = Web.Site.RootWeb.Groups.GetByName(group); var roleAssignment = new SPRoleAssignment(oGroup); var roleDefinition = Web.RoleDefinitions.GetByType((SPRoleType) role); roleAssignment.RoleDefinitionBindings.Add(roleDefinition); if (!Web.HasUniqueRoleAssignments) { Web.BreakRoleInheritance(false); } Web.RoleAssignments.Add(roleAssignment); Web.Update(); return true; } catch (Exception exception) { Logger.Error(string.Concat("Error AddPermission :", exception.Message)); return false; } }
/// <summary> /// Sets the object security. /// </summary> /// <param name="web">The web.</param> /// <param name="targetObject">The target object.</param> /// <param name="itemName">Name of the item.</param> /// <param name="sourceElement">The source element.</param> private static void SetObjectSecurity(SPWeb web, SPSecurableObject targetObject, string itemName, XmlElement sourceElement) { bool hasUniqueRoleAssignments = bool.Parse(sourceElement.GetAttribute("HasUniqueRoleAssignments")); if (!hasUniqueRoleAssignments && targetObject.HasUniqueRoleAssignments) { Logger.Write("Progress: Setting target object to inherit permissions from parent for \"{0}\".", itemName); targetObject.ResetRoleInheritance(); return; } else if (hasUniqueRoleAssignments && !targetObject.HasUniqueRoleAssignments) { Logger.Write("Progress: Breaking target object inheritance from parent for \"{0}\".", itemName); targetObject.BreakRoleInheritance(false); } else if (!hasUniqueRoleAssignments && !targetObject.HasUniqueRoleAssignments) { Logger.Write("Progress: Ignoring \"{0}\". Target object and source object both inherit from parent.", itemName); return; // Both are inheriting so don't change. } if (hasUniqueRoleAssignments && targetObject.HasUniqueRoleAssignments) { while (targetObject.RoleAssignments.Count > 0) targetObject.RoleAssignments.Remove(0); // Clear out any existing permissions } foreach (XmlElement roleAssignmentElement in sourceElement.SelectNodes("RoleAssignments/RoleAssignment")) { string memberName = roleAssignmentElement.GetAttribute("Member"); string userName = null; if (roleAssignmentElement.HasAttribute("LoginName")) userName = roleAssignmentElement.GetAttribute("LoginName"); SPRoleAssignment existingRoleAssignment = GetRoleAssignement(web, targetObject, memberName, userName); if (existingRoleAssignment != null) { if (AddRoleDefinitions(web, existingRoleAssignment, roleAssignmentElement)) { existingRoleAssignment.Update(); Logger.Write("Progress: Updated \"{0}\" at target object \"{1}\".", memberName, itemName); } } else { SPPrincipal principal = GetPrincipal(web, memberName, userName); if (principal == null) { Logger.WriteWarning("Progress: Unable to add Role Assignment for \"{0}\" - Member \"{1}\" not found.", itemName, memberName); continue; } SPRoleAssignment newRA = new SPRoleAssignment(principal); AddRoleDefinitions(web, newRA, roleAssignmentElement); if (newRA.RoleDefinitionBindings.Count == 0) { Logger.WriteWarning("Progress: Unable to add \"{0}\" to target object \"{1}\" (principals with only \"Limited Access\" cannot be added).", memberName, itemName); continue; } Logger.Write("Progress: Adding new Role Assignment \"{0}\".", newRA.Member.Name); targetObject.RoleAssignments.Add(newRA); existingRoleAssignment = GetRoleAssignement(targetObject, principal); if (existingRoleAssignment == null) { Logger.WriteWarning("Progress: Unable to add \"{0}\" to target object \"{1}\".", memberName, itemName); } else { Logger.Write("Progress: Added \"{0}\" to target object \"{1}\".", memberName, itemName); } } } }
/// <summary> /// Adds the role definitions. /// </summary> /// <param name="web">The web.</param> /// <param name="roleAssignment">The role assignment.</param> /// <param name="roleAssignmentElement">The role assignment element.</param> /// <returns></returns> private static bool AddRoleDefinitions(SPWeb web, SPRoleAssignment roleAssignment, XmlElement roleAssignmentElement) { bool modified = false; foreach (XmlElement roleDefinitionElement in roleAssignmentElement.SelectNodes("RoleDefinitionBindings/RoleDefinition")) { string name = roleDefinitionElement.GetAttribute("Name"); if (name == "Limited Access") continue; SPRoleDefinition existingRoleDef = null; try { existingRoleDef = web.RoleDefinitions[name]; } catch (Exception) { } if (existingRoleDef == null) { Logger.Write("Progress: Adding new Role Definition \"{0}\".", name); SPBasePermissions perms = SPBasePermissions.EmptyMask; foreach (string perm in roleDefinitionElement.GetAttribute("BasePermissions").Split(',')) { perms = perms | (SPBasePermissions)Enum.Parse(typeof(SPBasePermissions), perm, true); } existingRoleDef = new SPRoleDefinition(); existingRoleDef.Name = name; existingRoleDef.BasePermissions = perms; existingRoleDef.Description = roleDefinitionElement.GetAttribute("Description"); existingRoleDef.Order = int.Parse(roleDefinitionElement.GetAttribute("Order")); existingRoleDef.Update(); SPWeb tempWeb = web; while (!tempWeb.HasUniqueRoleDefinitions) tempWeb = tempWeb.ParentWeb; tempWeb.RoleDefinitions.Add(existingRoleDef); } if (!roleAssignment.RoleDefinitionBindings.Contains(existingRoleDef)) { roleAssignment.RoleDefinitionBindings.Add(existingRoleDef); modified = true; } } List<SPRoleDefinition> roleDefsToRemove = new List<SPRoleDefinition>(); foreach (SPRoleDefinition roleDef in roleAssignment.RoleDefinitionBindings) { if (roleDef.Name == "Limited Access") continue; bool found = false; foreach (XmlElement roleDefinitionElement in roleAssignmentElement.SelectNodes("RoleDefinitionBindings/RoleDefinition")) { if (roleDef.Name == roleDefinitionElement.GetAttribute("Name")) { found = true; break; } } if (!found) { roleDefsToRemove.Add(roleDef); modified = true; } } foreach (SPRoleDefinition roleDef in roleDefsToRemove) { Logger.Write("Progress: Removing '{0}' from '{1}'", roleDef.Name, roleAssignment.Member.Name); roleAssignment.RoleDefinitionBindings.Remove(roleDef); } return modified; }
public SPDGServerRoleAssignment(SPRoleAssignment roleAssignment, SPDGPrincipal member, IEnumerable<SPDGRoleDefinition> roleDefinitionBindings) : base(member, roleDefinitionBindings) { _roleAssignment = roleAssignment; }
public static bool AddGroupRole(SPList list, string groupName, SPRoleType role) { bool res = false; try { SPGroupCollection groups = list.ParentWeb.SiteGroups; foreach (SPGroup gr in groups) { if (gr.Name == groupName) return true; } SPGroup group = GroupManager.CreateGroup(list.ParentWeb, groupName); if (group == null) return res; SPRoleAssignment roleAssignmentAdmin = new SPRoleAssignment((SPPrincipal)group); SPRoleDefinition roleAdmin = list.ParentWeb.RoleDefinitions.GetByType(role); roleAssignmentAdmin.RoleDefinitionBindings.Add(roleAdmin); list.RoleAssignments.Add(roleAssignmentAdmin); list.Update(); res = true; } catch (Exception ex) { UlsLogging.LogError("AddGroupRole(SPList list, string groupName, SPRoleType role). Message: {0}, StackTrace: {1}", ex.Message, ex.StackTrace); } return res; }
/// <summary> /// /// <summary> /// format param "userID#RoleName,UserID#RoleName" /// format param "groupName#RoleName,groupName#RoleName" /// </summary> /// <param name="item"></param> /// <param name="parameters"> /// <param name="UsersIDAndRole"></param> /// <param name="GroupsAndRole"></param> /// </param> /// <returns></returns> public static bool SetPermissionToListItem(SPListItem item, IDictionary<string, string> parameters) { bool res = false; try { RunSite.ByWeb(item.ParentList.ParentWeb, (site, web) => { SPListItem _item = web.GetList(item.ParentList.DefaultViewUrl).Items.GetItemById(item.ID); _item.BreakRoleInheritance(false); while (_item.RoleAssignments.Count > 0) { _item.RoleAssignments.Remove(0); } if (parameters.ContainsKey("UsersIDAndRole")) { string users = parameters["UsersIDAndRole"]; string[] fields = users.Split(','); foreach (string field in fields) { int userID = Int32.Parse(field.Split('#')[0]); SPUser user = web.AllUsers.GetByID(userID); string roleName = Convert.ToString(field.Split('#')[1]); SPRoleAssignment roleassignment_user = new SPRoleAssignment(user); SPRoleDefinition roleDefinition = web.RoleDefinitions.Cast<SPRoleDefinition>().FirstOrDefault(r => r.Name == roleName); roleassignment_user.RoleDefinitionBindings.Add(roleDefinition); _item.RoleAssignments.Add(roleassignment_user); } } if (parameters.ContainsKey("GroupsAndRole")) { string groups = parameters["GroupsAndRole"]; string[] fields = groups.Split(','); foreach (string field in fields) { string[] pField = field.Split('#'); string groupName = pField[0]; SPGroup group = web.SiteGroups[groupName]; string roleName = Convert.ToString(pField[1]); if (group == null) { UlsLogging.LogInformation("On site {0} not found group {1}", web.Url, field); } else { SPRoleAssignment roleassignment_user = new SPRoleAssignment(group); SPRoleDefinition roleDefinition = web.RoleDefinitions.Cast<SPRoleDefinition>().FirstOrDefault(r => r.Name == roleName); roleassignment_user.RoleDefinitionBindings.Add(roleDefinition); _item.RoleAssignments.Add(roleassignment_user); } } } _item.Update(); res = true; }); } catch (Exception ex) { UlsLogging.LogError("ListItem. GetWorkflowItemHistory(SPListItem item). Message: {0}, StackTrace: {1}", ex.Message, ex.StackTrace); } return res; }
/// <summary> /// Runs the specified command. /// </summary> /// <param name="command">The command.</param> /// <param name="keyValues">The key values.</param> /// <param name="output">The output.</param> /// <returns></returns> public override int Execute(string command, StringDictionary keyValues, out string output) { output = string.Empty; if (Params["role"].UserTypedIn && Params["group"].UserTypedIn) throw new SPException(SPResource.GetString("ExclusiveArgs", new object[] { "role, group" })); string url = Params["url"].Value.TrimEnd('/'); string login = Params["userlogin"].Value; string email = Params["useremail"].Value; string username = Params["username"].Value; using (SPSite site = new SPSite(url)) using (SPWeb web = site.AllWebs[Utilities.GetServerRelUrlFromFullUrl(url)]) { login = Utilities.TryGetNT4StyleAccountName(login, web.Site.WebApplication); // First lets see if our user already exists. SPUser user = null; try { user = web.AllUsers[login]; } catch (SPException) { } if (user == null) { web.SiteUsers.Add(login, email, username, string.Empty); user = web.AllUsers[login]; } if (Params["role"].UserTypedIn) { SPRoleDefinition roleDefinition = null; try { roleDefinition = web.RoleDefinitions[Params["role"].Value]; } catch (ArgumentException) {} if (roleDefinition == null) throw new SPException("The specified role does not exist."); SPRoleDefinitionBindingCollection roleDefinitionBindings = new SPRoleDefinitionBindingCollection(); roleDefinitionBindings.Add(roleDefinition); SPRoleAssignment roleAssignment = new SPRoleAssignment(user); roleAssignment.ImportRoleDefinitionBindings(roleDefinitionBindings); web.RoleAssignments.Add(roleAssignment); } else if (Params["group"].UserTypedIn) { SPGroup group = null; try { group = web.SiteGroups[Params["group"].Value]; } catch (ArgumentException) {} if (group == null) throw new SPException("The specified group does not exist."); group.AddUser(user); } } return (int)ErrorCodes.NoError; }
private void GiveUserPrivelegesToWorkspace(SPUser user, SPItemEventProperties properties) { InitializeWebAppProperties(properties); string workspaceURL = properties.Web.ServerRelativeUrl; //workspaceURL = workspaceURL.Remove(0, emisSiteURL.Length); workspaceURL = workspaceURL.Substring(workspaceURL.IndexOf("Agenda-")); using (SPSite emisSite = new SPSite(emisSiteURL)) { using (SPWeb currentWorkspace = emisSite.OpenWeb(workspaceURL)) { currentWorkspace.AllowUnsafeUpdates = true; SPRoleAssignment role; role = new SPRoleAssignment(currentWorkspace.EnsureUser(user.LoginName)); role.RoleDefinitionBindings.Add(currentWorkspace.RoleDefinitions["Restricted Contribute"]); currentWorkspace.RoleAssignments.Add(role); currentWorkspace.AllowUnsafeUpdates = false; currentWorkspace.Update(); } } }
internal static void AddRole(SPWeb web, SPSecurableObject target, SPPrincipal principal, string roleDefinitionName) { var roleToAdd = web.RoleDefinitions.Cast<SPRoleDefinition>().FirstOrDefault(x => x.Name == roleDefinitionName); if (roleToAdd != null) { EnsureBrokenRoleInheritance(target); var assignments = target.RoleAssignments.Cast<SPRoleAssignment>().FirstOrDefault(x => x.Member.ID == principal.ID); if (assignments == null) { assignments = new SPRoleAssignment(principal); assignments.RoleDefinitionBindings.Add(roleToAdd); target.RoleAssignments.Add(assignments); } else { assignments.RoleDefinitionBindings.Add(roleToAdd); assignments.Update(); } } else { throw new ArgumentException("No RoleDefinition found for the name " + roleDefinitionName); } }
protected void btnRedirect_Click(object sender, EventArgs e) { if (pe.CommaSeparatedAccounts == string.Empty) { lblErrorMsg.Visible = true; return; } try { SPWeb web = SPControl.GetContextWeb(this.Context); using (SPSite site = new SPSite(web.Url, web.Site.SystemAccount.UserToken)) { using (SPWeb webSA = site.OpenWeb()) { webSA.AllowUnsafeUpdates = true; SPList taskList = webSA.Lists[taskListId]; SPListItem taskItem = taskList.GetItemById(taskItemId); SPUser newUser = null; string newAssignedTo = string.Empty; try { newUser = webSA.SiteUsers[pe.CommaSeparatedAccounts]; newAssignedTo = newUser.ID.ToString(); } catch { lbl.Text = "Redirect user is not valid."; return; } SPFieldUserValue oldUserVal = new SPFieldUserValue(webSA, taskItem["AssignedTo"].ToString().Split(new string[] { ";#" }, StringSplitOptions.RemoveEmptyEntries)[0]); string oldAssignedTo = oldUserVal.User.LoginName.ToString(); SPRoleAssignmentCollection rolecoll = taskItem.RoleAssignments; for (int i = rolecoll.Count - 1; i > -1; i--) { SPRoleAssignment item = rolecoll[i]; Type type = item.Member.GetType(); if (type.Name == "SPUser" && item.RoleDefinitionBindings[0].Name != "Read") { SPUser user = item.Member as SPUser; if (oldAssignedTo.ToLower() == user.LoginName.ToLower()) { rolecoll.Remove(item.Member); } } } SPRoleDefinition ContributeRoleDefinition = taskItem.Web.RoleDefinitions["Contribute"]; SPRoleAssignment RoleAssignment = new SPRoleAssignment(newUser.LoginName, string.Empty, string.Empty, string.Empty); RoleAssignment.RoleDefinitionBindings.Add(ContributeRoleDefinition); taskItem.RoleAssignments.Add(RoleAssignment); taskItem["AssignedTo"] = newAssignedTo; taskItem.Update(); webSA.AllowUnsafeUpdates = false; lbl.Text = "Successfully redirect task to user " + newUser.LoginName.ToLower(); pe.Enabled = false; btnRedirect.Enabled = false; } } } catch { lbl.Text = "Error. Please try again."; } }
private void CreateNewGroup(SPWeb web, string groupName, string groupDescription) { if (string.IsNullOrEmpty(groupName)) return; try { SPSecurity.RunWithElevatedPrivileges(delegate() { SPUserCollection users = web.AllUsers; SPUser owner = users[web.Author.LoginName]; SPMember member = users[web.Author.LoginName]; try { //Add the group to the SPWeb web SPGroupCollection groups = web.SiteGroups; groups.Add(groupName, member, owner, groupDescription); //Associate the group with SPWeb web.AssociatedGroups.Add(web.SiteGroups[groupName]); web.Update(); } catch { } //Assignment of the roles to the group. SPRoleAssignment assignment = new SPRoleAssignment(web.SiteGroups[groupName]); SPRoleDefinition _role = web.RoleDefinitions.GetByType(SPRoleType.Reader); assignment.RoleDefinitionBindings.Add(_role); web.RoleAssignments.Add(assignment); }); } catch { // Not catch exception because check group exists } }
public override void DeployModel(object modelHost, DefinitionBase model) { var securableObject = ExtractSecurableObject(modelHost); var securityGroupLinkModel = model.WithAssertAndCast<SecurityGroupLinkDefinition>("model", value => value.RequireNotNull()); if (!securableObject.HasUniqueRoleAssignments) { TraceService.Information((int)LogEventId.ModelProvisionCoreCall, "securableObject.HasUniqueRoleAssignments = false. Breaking with false-false options."); securableObject.BreakRoleInheritance(false, false); } var web = GetWebFromSPSecurableObject(securableObject); var securityGroup = ResolveSecurityGroup(web, securityGroupLinkModel); var roleAssignment = securableObject.RoleAssignments .OfType<SPRoleAssignment>() .FirstOrDefault(a => a.Member.ID == securityGroup.ID); var isNewRoleAssignment = false; if (roleAssignment == null) { TraceService.Information((int)LogEventId.ModelProvisionProcessingNewObject, "Processing new security group link"); roleAssignment = new SPRoleAssignment(securityGroup); isNewRoleAssignment = true; } else { TraceService.Information((int)LogEventId.ModelProvisionProcessingExistingObject, "Processing existing security group link"); } InvokeOnModelEvent(this, new ModelEventArgs { CurrentModelNode = null, Model = null, EventType = ModelEventType.OnProvisioning, Object = roleAssignment, ObjectType = typeof(SPRoleAssignment), ObjectDefinition = model, ModelHost = modelHost }); if (isNewRoleAssignment) { // add default guest role as hidden one // we need to at least one role in order to create assignment // further provision will chech of there is only one role - Reader, and will remove it roleAssignment.RoleDefinitionBindings.Add(web.RoleDefinitions.GetByType(SPRoleType.Reader)); } securableObject.RoleAssignments.Add(roleAssignment); InvokeOnModelEvent(this, new ModelEventArgs { CurrentModelNode = null, Model = null, EventType = ModelEventType.OnProvisioned, Object = roleAssignment, ObjectType = typeof(SPRoleAssignment), ObjectDefinition = model, ModelHost = modelHost }); }
private bool HasEditPermission(SPRoleAssignment ra) { foreach (SPRoleDefinition ed in ra.RoleDefinitionBindings) { if ((ed.BasePermissions & SPBasePermissions.EditListItems) == SPBasePermissions.EditListItems || (ed.BasePermissions & SPBasePermissions.DeleteListItems) == SPBasePermissions.DeleteListItems) { return true; } } return false; }
/*private IServiceLocator serviceLocator; private IConfigPropertiesParser configPropertiesParser; private IFileSystemHelper fileSystemHelper; private ILogger logger;*/ public override void FeatureActivated(SPFeatureReceiverProperties properties) { /*serviceLocator = SharePointServiceLocator.GetCurrent(); configPropertiesParser = serviceLocator.GetInstance<IConfigPropertiesParser>(); fileSystemHelper = serviceLocator.GetInstance<IFileSystemHelper>(); logger = serviceLocator.GetInstance<ILogger>();*/ /*logger.Debug(string.Format("Start feature {0} activation.", properties.Feature.Definition.DisplayName)); logger.Debug("Reading configuration...");*/ /*var configuration = GetSitesConfiguration(properties, configPropertiesParser);*/ var configuration = GetSitesConfiguration(properties, null); // logger.Debug("Done. Reading configuration."); var sites = GetSiteCollections(properties); // logger.Debug("Getting application root site"); var rootSite = GetRootSite(properties); if (rootSite == null) { // logger.Debug("Web application root site is not found. Trying to create it."); rootSite = AddSite(sites, configuration.RootSite, configuration); // logger.Debug("Done. Creating web application root site."); } // logger.Debug("Done. Getting application root site."); var rootWeb = GetRootWeb(rootSite); // logger.Debug("Creating groups..."); foreach (var group in configuration.Groups) { // logger.Debug(string.Format("Creating group: {0}", group.Name)); if (!ContainsGroup(rootWeb.SiteGroups, group.Name)) { // logger.Debug(string.Format("Site: {0} hasn't group: {1}", rootWeb.Name, group.Name)); // logger.Debug(string.Format("Ensure user: {0}", configuration.SitesOwner)); var owner = rootWeb.EnsureUser(configuration.SitesOwner); // logger.Debug(string.Format("Done. Ensure user: {0}", configuration.SitesOwner)); // logger.Debug(string.Format("Adding group: {0}", group.Name)); rootWeb.SiteGroups.Add(group.Name, owner, owner, group.Description); // logger.Debug(string.Format("Done. Adding group: {0}", group.Name)); } // logger.Debug(string.Format("Adding users to group: {0}", group.Name)); var newGroup = rootWeb.SiteGroups[group.Name]; foreach (var user in group.Users) { // logger.Debug(string.Format("Adding user: {0} to group {1}", user.Login, group.Name)); newGroup.AddUser(user.Login, string.Empty, user.Login, string.Empty); // logger.Debug(string.Format("Done. Adding user: {0} to group {1}", user.Login, group.Name)); } // logger.Debug(string.Format("Done. Adding users to group: {0}", group.Name)); // logger.Debug(string.Format("Done. Creating group: {0}", group.Name)); } // logger.Debug("Done. Creation of groups"); foreach (var site in configuration.Sites) { // logger.Debug(string.Format("creating site: {0}", site.Name)); if (SiteCollectionExists(sites, site.Name)) { // logger.Debug(string.Format("Site {0} already exists. Attempting to delete it.", site.Name)); sites.Delete(site.Name); // logger.Debug(string.Format("Done. Site {0} deletion.", site.Name)); } // logger.Debug(string.Format("Creating new empty site: {0}", site.Name)); var newSite = AddSite(sites, site, configuration); // logger.Debug(string.Format("Done. Empty site {0} creation.", site.Name)); /*logger.Debug(string.Format("Granting permissions for site {0}", site.Name));*/ foreach (var permission in site.Permissions) { /*logger.Debug(string.Format( "Granting permissionLevel: {0} to group: {1} on site {2}", permission.PermissionLevelId, permission.GroupName, site.Name));*/ var roleAssignment = new SPRoleAssignment(rootWeb.SiteGroups[permission.GroupName]); roleAssignment.RoleDefinitionBindings.Add(rootWeb.RoleDefinitions.GetById(permission.PermissionLevelId)); GetRootWeb(newSite).RoleAssignments.Add(roleAssignment); /*logger.Debug(string.Format( "Done. Granting permissionLevel: {0} to group: {1} on site {2}", permission.PermissionLevelId, permission.GroupName, site.Name));*/ } /*logger.Debug(string.Format("Done. Granting permissions for site {0}", site.Name));*/ } /*logger.Debug(string.Format("Done. Feature {0} activation.", properties.Feature.Definition.DisplayName));*/ }