/// <summary> /// This method should be used instead of BreakRoleInheritance(true). /// /// The OOTB method replicates all permissions from the parent, including the "Limited Access" permissions. /// In environments with many users, there can be many of these meaningless permissions, which bloats the /// SharePoint permission tables in SQL. This method reviews all RoleDefinitions in each principal's /// RoleAssignments, stripping "Limited Access", before adding them to the item. /// </summary> /// <param name="item"></param> public static void BreakCopyRoleInheritance(this SPListItem item) { SPRoleAssignmentCollection roleAssignments = item.RoleAssignments; var activeAssignments = from SPRoleAssignment p in roleAssignments where p.RoleDefinitionBindings.Count >= 1 select p; item.BreakRoleInheritance(false); foreach (SPRoleAssignment p in activeAssignments) { SPRoleAssignment assignment = new SPRoleAssignment(p.Member); SPRoleDefinitionBindingCollection bindings = new SPRoleDefinitionBindingCollection(); foreach (SPRoleDefinition roleDef in p.RoleDefinitionBindings) { if (roleDef.Name != "Limited Access") { bindings.Add(roleDef); } } if (bindings.Count > 0) { assignment.ImportRoleDefinitionBindings(bindings); item.RoleAssignments.Add(assignment); } } }
public void ImportRoleDefinitionBindings(SPRoleDefinitionBindingCollectionInstance roleDefinitionBindings) { if (roleDefinitionBindings == null) { return; } m_roleAssignment.ImportRoleDefinitionBindings(roleDefinitionBindings.SPRoleDefinitionBindingCollection); }
/// <summary> /// Runs the specified command. /// </summary> /// <param name="command">The command.</param> /// <param name="keyValues">The key values.</param> /// <param name="output">The output.</param> /// <returns></returns> public override int Execute(string command, StringDictionary keyValues, out string output) { output = string.Empty; if (Params["role"].UserTypedIn && Params["group"].UserTypedIn) throw new SPException(SPResource.GetString("ExclusiveArgs", new object[] { "role, group" })); string url = Params["url"].Value.TrimEnd('/'); string login = Params["userlogin"].Value; string email = Params["useremail"].Value; string username = Params["username"].Value; using (SPSite site = new SPSite(url)) using (SPWeb web = site.AllWebs[Utilities.GetServerRelUrlFromFullUrl(url)]) { login = Utilities.TryGetNT4StyleAccountName(login, web.Site.WebApplication); // First lets see if our user already exists. SPUser user = null; try { user = web.AllUsers[login]; } catch (SPException) { } if (user == null) { web.SiteUsers.Add(login, email, username, string.Empty); user = web.AllUsers[login]; } if (Params["role"].UserTypedIn) { SPRoleDefinition roleDefinition = null; try { roleDefinition = web.RoleDefinitions[Params["role"].Value]; } catch (ArgumentException) {} if (roleDefinition == null) throw new SPException("The specified role does not exist."); SPRoleDefinitionBindingCollection roleDefinitionBindings = new SPRoleDefinitionBindingCollection(); roleDefinitionBindings.Add(roleDefinition); SPRoleAssignment roleAssignment = new SPRoleAssignment(user); roleAssignment.ImportRoleDefinitionBindings(roleDefinitionBindings); web.RoleAssignments.Add(roleAssignment); } else if (Params["group"].UserTypedIn) { SPGroup group = null; try { group = web.SiteGroups[Params["group"].Value]; } catch (ArgumentException) {} if (group == null) throw new SPException("The specified group does not exist."); group.AddUser(user); } } return (int)ErrorCodes.NoError; }
/// <summary> /// Runs the specified command. /// </summary> /// <param name="command">The command.</param> /// <param name="keyValues">The key values.</param> /// <param name="output">The output.</param> /// <returns></returns> public override int Execute(string command, StringDictionary keyValues, out string output) { output = string.Empty; if (Params["role"].UserTypedIn && Params["group"].UserTypedIn) { throw new SPException(SPResource.GetString("ExclusiveArgs", new object[] { "role, group" })); } string url = Params["url"].Value.TrimEnd('/'); string login = Params["userlogin"].Value; string email = Params["useremail"].Value; string username = Params["username"].Value; using (SPSite site = new SPSite(url)) using (SPWeb web = site.AllWebs[Utilities.GetServerRelUrlFromFullUrl(url)]) { login = Utilities.TryGetNT4StyleAccountName(login, web.Site.WebApplication); // First lets see if our user already exists. SPUser user = null; try { user = web.AllUsers[login]; } catch (SPException) { } if (user == null) { web.SiteUsers.Add(login, email, username, string.Empty); user = web.AllUsers[login]; } if (Params["role"].UserTypedIn) { SPRoleDefinition roleDefinition = null; try { roleDefinition = web.RoleDefinitions[Params["role"].Value]; } catch (ArgumentException) {} if (roleDefinition == null) { throw new SPException("The specified role does not exist."); } SPRoleDefinitionBindingCollection roleDefinitionBindings = new SPRoleDefinitionBindingCollection(); roleDefinitionBindings.Add(roleDefinition); SPRoleAssignment roleAssignment = new SPRoleAssignment(user); roleAssignment.ImportRoleDefinitionBindings(roleDefinitionBindings); web.RoleAssignments.Add(roleAssignment); } else if (Params["group"].UserTypedIn) { SPGroup group = null; try { group = web.SiteGroups[Params["group"].Value]; } catch (ArgumentException) {} if (group == null) { throw new SPException("The specified group does not exist."); } group.AddUser(user); } } return((int)ErrorCodes.NoError); }