/// <summary>
/// Adds the specified user to the specified role for the specified list. Breaks Role Inheritance on the List Item if it hasn't already been broken.
/// </summary>
/// <param name="sourceWeb"></param>
/// <param name="list"></param>
/// <param name="principal"></param>
/// <param name="roleTypeValue"></param>
public static void AddListPermissionsForPrincipal(SPWeb sourceWeb, SPList list, SPPrincipal principal, SPRoleType roleTypeValue)
{
if (principal == null)
{
throw new ArgumentNullException("principal");
}
SPRoleAssignment roleAssignment = new SPRoleAssignment(principal);
SPRoleDefinition roleDefinition = sourceWeb.RoleDefinitions.GetByType(roleTypeValue);
roleAssignment.RoleDefinitionBindings.Add(roleDefinition);
sourceWeb.AllowUnsafeUpdates = true;
try
{
if (!list.HasUniqueRoleAssignments)
{
list.BreakRoleInheritance(true);
}
sourceWeb.AllowUnsafeUpdates = true;
list.RoleAssignments.Add(roleAssignment);
list.Update();
}
finally
{
sourceWeb.AllowUnsafeUpdates = false;
}
}
private void CreateConfigurationList(SPWeb web)
{
SPList configurationList = web.Lists.TryGetList(Resource.ConfigurationList);
if (configurationList == null)
{
Guid configurationListGuid = web.Lists.Add(Resource.ConfigurationList, Resource.ConfigurationListDesc, SPListTemplateType.GenericList);
configurationList = web.Lists[configurationListGuid];
configurationList.Fields.Add("Property", SPFieldType.Text, true);
configurationList.Fields.Add("Setting", SPFieldType.Text, true);
configurationList.EnableVersioning = true;
// Only system admins should be able to edit this, but everybody needs to view it
configurationList.BreakRoleInheritance(false);
SPPrincipal group = web.SiteGroups["Guidewire Owners"];
if (group != null)
{
SPRoleAssignment roleAssignment = new SPRoleAssignment(group);
SPRoleDefinition roleDefinition = web.RoleDefinitions.GetByType(SPRoleType.Administrator);
roleAssignment.RoleDefinitionBindings.Add(roleDefinition);
configurationList.RoleAssignments.Add(roleAssignment);
}
configurationList.Update();
Configuration.AddDefaultConfigurationValue(web, Resource.ConfigGWWsUserName, "GWSharePointIntegration");
Configuration.AddDefaultConfigurationValue(web, Resource.ConfigGWWsPassword, "gw");
Configuration.AddDefaultConfigurationValue(web, Resource.ConfigGWWsEndpoint, "http://manclredev02:8080/cc/ws/riverstone/webservice/document/trg_UpdateMetadataAPI");
}
}
private void BreakInheritance()
{
//ClientScript.RegisterClientScriptBlock(this.GetType(), "alert", "alert('breaking PermMask64 Inheritance');", true);
try
{
string itemID = (Request.QueryString["LibraryName"]);
Guid ListGUID = new Guid(itemID);
SPWeb web = this.Site.OpenWeb();
SPList list = web.Lists[ListGUID];
if (list != null)
//ClientScript.RegisterClientScriptBlock(this.GetType(), "alert", "alert('result');", true);
{
//LogInfo("found list " + list.Title);
//LogInfo("setting new AnonymousPermMask64 for list " + list.ParentWebUrl + "/" + list.Title + " with the following permissions: OpenItems, ViewPages, ViewVersions, Open, UseClientIntegration, ViewListItems, ViewFormPages");
list.BreakRoleInheritance(true, false);
list.AllowEveryoneViewItems = true;
list.AnonymousPermMask64 = SPBasePermissions.ViewPages |
SPBasePermissions.OpenItems | SPBasePermissions.ViewVersions |
SPBasePermissions.Open | SPBasePermissions.UseClientIntegration |
SPBasePermissions.ViewFormPages | SPBasePermissions.ViewListItems;
list.Update();
ClientScript.RegisterClientScriptBlock(this.GetType(), "alert", "alert('Setzen der AnonymousPermMask64 für anonymen Zugriff auf Liste " + list.Title + " erfolgreich.\\r\\n\\r\\nDie Berechtigungsvererbung wurde aufgehoben.');", true);
//return list.Title;
}
}
catch (Exception)
{
//return "list not found";
}
}
}//SetListPermissions()
static void BreakInheritanceAndDeletePermissions(SPWeb web, SPList ccpList, SPList library, SPListItem eventLogItem)
{
try
{
//Ensure library permissions are broken
library.BreakRoleInheritance(true);
//Delete list permissions
SPRoleAssignmentCollection roleAssignments = library.RoleAssignments;
for (int i = roleAssignments.Count - 1; i >= 0; i--)
{
library.RoleAssignments.Remove(0);
}
}
catch (Exception e)
{
//Log
if (library.Title == "Contracts")
{
eventLogItem["Contracts"] = e.Message + " at " + web.Title + " : " + web.Url;
eventLogItem.Update();
}
else if (library.Title == "Proposals")
{
eventLogItem["Proposals"] = e.Message + " at " + web.Title + " : " + web.Url;
eventLogItem.Update();
}
}
}//BreakInheritanceAndDeletePermissions()
/// <summary>
/// This method should be used instead of BreakRoleInheritance(true).
///
/// The OOTB method replicates all permissions from the parent, including the "Limited Access" permissions.
/// In environments with many users, there can be many of these meaningless permissions, which bloats the
/// SharePoint permission tables in SQL. This method reviews all RoleDefinitions in each principal's
/// RoleAssignments, stripping "Limited Access", before adding them to the item.
/// </summary>
/// <param name="list"></param>
public static void BreakCopyRoleInheritance(this SPList list)
{
SPRoleAssignmentCollection roleAssignments = list.RoleAssignments;
var activeAssignments = from SPRoleAssignment p in roleAssignments
where p.RoleDefinitionBindings.Count >= 1
select p;
list.BreakRoleInheritance(false);
foreach (SPRoleAssignment p in activeAssignments)
{
SPRoleAssignment assignment = new SPRoleAssignment(p.Member);
SPRoleDefinitionBindingCollection bindings = new SPRoleDefinitionBindingCollection();
foreach (SPRoleDefinition roleDef in p.RoleDefinitionBindings)
{
if (roleDef.Name != "Limited Access")
{
bindings.Add(roleDef);
}
}
if (bindings.Count > 0)
{
assignment.ImportRoleDefinitionBindings(bindings);
list.RoleAssignments.Add(assignment);
}
}
}
private void UpdateListSettings()
{
SPSecurity.RunWithElevatedPrivileges(delegate()
{
SPSite site = SPContext.Current.Site;
foreach (DesignDataSource source in sources)
{
SPWeb web = site.OpenWeb(new Guid(source.WebId));
SPList list = web.Lists[new Guid(source.ListId)];
if (!list.HasUniqueRoleAssignments)
{
list.BreakRoleInheritance(true);
source.ListInheritanceChange = true;
}
SPBasePermissions anon = list.AnonymousPermMask64;
list.AnonymousPermMask64 = anon | SPBasePermissions.AddListItems;
list.Update();
source.ListRoleChange = true;
}
SourceValue = Utilities.SerializeObject(sources);
});
}
/// <summary>
/// Breaks the role assignment inheritance for the list and gives the current list its own copy of the role assignments.
/// </summary>
/// <param name = "list"></param>
public static void BreakRoleInheritance(SPList list)
{
if (!list.HasUniqueRoleAssignments)
{
list.BreakRoleInheritance(false);
list.Update();
}
}
/// <summary>
/// Breaks the role assignment inheritance for the list and gives the current list its own copy of the role assignments.
/// </summary>
/// <param name = "list"></param>
/// <param name = "copyRoleAssigements"></param>
public static void BreakRoleInheritance(SPList list, bool copyRoleAssigements)
{
if (!list.HasUniqueRoleAssignments)
{
list.BreakRoleInheritance(copyRoleAssigements);
list.Update();
}
}
/// <summary>
/// Breaks the role assignment inheritance for the list and gives the current list its own copy of the role assignments.
/// </summary>
/// <param name = "list"></param>
public static void BreakRoleInheritance(SPList list)
{
if (!list.HasUniqueRoleAssignments)
{
list.BreakRoleInheritance(false);
list.Update();
}
}
/// <summary>
/// Breaks the role assignment inheritance for the list and gives the current list its own copy of the role assignments.
/// </summary>
/// <param name = "list"></param>
/// <param name = "copyRoleAssigements"></param>
public static void BreakRoleInheritance(SPList list, bool copyRoleAssigements)
{
if (!list.HasUniqueRoleAssignments)
{
list.BreakRoleInheritance(copyRoleAssigements);
list.Update();
}
}
private void CheckLists(XmlNode siteNode, string url)
{
bool containsIgnoreInheritance = ContainsAttribute("ignoreinheritance", siteNode);
bool containsImportOptions = ContainsAttribute("import", siteNode);
bool ignoreInheritance = containsIgnoreInheritance ?
Boolean.Parse(siteNode.Attributes["ignoreinheritance"].Value) :
true;
ImportOptions importOptions = containsImportOptions ?
(ImportOptions)Enum.Parse(typeof(ImportOptions), siteNode.Attributes["import"].Value) :
ImportOptions.All;
if (importOptions == ImportOptions.Files)
{
return;
}
using (SPWeb web = new SPSite(url).OpenWeb())
{
XmlNodeList listNodes = siteNode.SelectNodes("folder[@list='true']");
foreach (XmlNode listNode in listNodes)
{
string listTitle = listNode.Attributes["folder"].Value;
try
{
SPList list = web.Lists[listTitle];
output.Append(string.Format("checking list: {0}" + Environment.NewLine, listTitle));
bool breakInheritance = !list.HasUniqueRoleAssignments && !ignoreInheritance;
bool applyPermissions = list.HasUniqueRoleAssignments || breakInheritance;
if (applyPermissions)
{
if (breakInheritance)
{
output.Append(string.Format("Breaking Inheritance!" + Environment.NewLine));
list.BreakRoleInheritance(false, false);
}
XmlNodeList principalGroupNodes = listNode.SelectNodes("principal[@Group='true']");
CheckGroups(web, list, principalGroupNodes);
XmlNodeList principalUserNodes = listNode.SelectNodes("principal[@Group='false']");
CheckUsers(web, list, principalUserNodes);
}
else
{
output.Append(string.Format("target list: {0,20}, is inheriting permissions" + Environment.NewLine, listTitle));
}
}
catch { output.Append(string.Format("list missing: {0,20}" + Environment.NewLine, listTitle)); }
}
}
}
private void ApplyPermissionForList(PermissionEntity pentity, SPList list)
{
try
{
SPSecurity.RunWithElevatedPrivileges(delegate()
{
SPUtility.ValidateFormDigest();
using (SPSite elevatedSite = new SPSite(list.ParentWeb.Site.ID))
{
using (SPWeb elevatedWeb = elevatedSite.OpenWeb(list.ParentWeb.ID))
{
elevatedWeb.AllowUnsafeUpdates = true;
SPList elevatedList = elevatedWeb.Lists[list.Title];
if (pentity.PermissionType == "Inherit")
{
elevatedList.ResetRoleInheritance();
}
else if (pentity.PermissionType == "Unique")
{
elevatedList.BreakRoleInheritance(false);
ClearPermissions(elevatedList);
foreach (RoleEntity rentity in pentity.Roles)
{
if (rentity.Type == RoleTypeEnum.SharePointGroup)
{
CreateGroup(elevatedList.ParentWeb, rentity.AssignmentName, rentity.Owner);
AddUsersToGroup(elevatedList.ParentWeb, rentity.AssignmentName, rentity.Users);
AssignPermissionLevels(elevatedList, rentity.AssignmentName, rentity.PermissionLevels);
}
else if ((rentity.Type == RoleTypeEnum.DomainGroup) ||
(rentity.Type == RoleTypeEnum.User))
{
AssignPermissionLevelsToNonSharePointGroup(elevatedList, rentity.AssignmentName, rentity.PermissionLevels);
}
}
}
}
}
});
}
catch (Exception ex)
{
SquadronContext.HandleException(ex);
}
}
public static void ApplyGroupRoleAssignments(SPWeb web, SPList list)
{
list.BreakRoleInheritance(true);
SPGroup grp = web.SiteGroups[Language.SMUGroupName];
SPRoleAssignment ass = new SPRoleAssignment(grp);
SPRoleDefinition def = web.RoleDefinitions[Language.SMUPermissionName];
ass.RoleDefinitionBindings.Add(def);
list.RoleAssignments.Add(ass);
list.RoleAssignments.Remove(web.AssociatedMemberGroup);
list.Update();
}
public static void ClearPermission(this SPList list)
{
if (!list.HasUniqueRoleAssignments)
{
list.BreakRoleInheritance(true);
}
int countListRole = list.RoleAssignments.Count;
for (int i = 0; i < countListRole; i++)
{
list.RoleAssignments.Remove(0);
}
}
public void ClearListGroups(SPWeb web, SPList list)
{
list.BreakRoleInheritance(true);
// remove all existing roles
int listCounter = list.RoleAssignments.Count;
for (int i = 0; i < listCounter; i++)
{
SPRoleAssignment roleAssignment = list.RoleAssignments[0];
list.RoleAssignments.RemoveById(roleAssignment.Member.ID);
}
}
//private string _ListDesc = "Contains list of users requesting a site account.";
#endregion
/// <summary>
/// Activate the membership review event receiver here, as the declarative definition will link
/// the event receiver to all lists within the site, if the feature is scoped to site
/// </summary>
/// <param name="properties"></param>
public void ActivateMembershipReviewList(SPFeatureReceiverProperties properties)
{
SPSite site = null;
SPWeb web = null;
SPList list = null;
try
{
site = properties.Feature.Parent as SPSite;
web = site.RootWeb;
if (web != null)
{
//guidList = web.Lists.Add(_ListName, _ListDesc, _ListName, new Guid("{69CE2076-9A2F-4c71-AEDF-F4252C01DE4E}").ToString(), (int)SPListTemplateType.GenericList, "100");
//web.Update();
list = web.Lists[_ListName];
list.EventReceivers.Add(SPEventReceiverType.ItemUpdated, Assembly.GetExecutingAssembly().FullName, "Visigo.Sharepoint.FormsBasedAuthentication.MembershipReviewHandler");
//list.EventReceivers.Add(SPEventReceiverType.ItemAdded, Assembly.GetExecutingAssembly().FullName, "Visigo.Sharepoint.FormsBasedAuthentication.MembershipReviewHandler");
//list.ContentTypesEnabled = false;
//list.EnableAttachments = false;
//list.EnableFolderCreation = false;
//list.EnableVersioning = false;
//list.NoCrawl = true;
//Remove permissions from the list - only site collection admins should have permission
list.BreakRoleInheritance(false, true);
list.Update();
}
}
catch (Exception ex)
{
Utils.LogError(ex);
}
finally
{
if (web != null)
{
web.Dispose();
}
if (site != null)
{
site.Dispose();
}
}
}
private void ResetListInheritance(SPList list, bool makeInherit)
{
SPWeb elevatedWeb = null;
SPList elevatedList = null;
try
{
SPSecurity.RunWithElevatedPrivileges(delegate()
{
SPUtility.ValidateFormDigest();
using (SPSite elevatedSite = new SPSite(list.ParentWeb.Site.ID))
{
using (elevatedWeb = elevatedSite.OpenWeb(list.ParentWeb.ID))
{
elevatedWeb.AllowUnsafeUpdates = true;
elevatedList = elevatedWeb.Lists[list.Title];
if (makeInherit)
{
elevatedList.ResetRoleInheritance();
}
else
{
elevatedList.BreakRoleInheritance(false);
}
elevatedList.Update();
elevatedWeb.AllowUnsafeUpdates = false;
}
}
});
}
catch (Exception ex)
{
SquadronContext.HandleException(ex);
}
finally
{
if (elevatedWeb != null)
{
elevatedWeb.Dispose();
}
}
}
public override void FeatureActivated(SPFeatureReceiverProperties properties)
{
var web = (properties.Feature.Parent as SPSite).RootWeb;
string groupName = "WOFHonorGroup";
string listName = "WallOfHonorList";
try
{
if (!GroupExistsInSiteCollection(web, groupName))
{
web.SiteGroups.Add(groupName, web.CurrentUser, web.CurrentUser, "Группа для редактирования доски почета");
web.AssociatedGroups.Add(web.SiteGroups[groupName]);
web.Update();
}
SPUser allUsers = web.AllUsers[@"c:0(.s|true"];
SPRoleAssignment roleAssignmentEdit = new SPRoleAssignment(web.SiteGroups[groupName]);
SPRoleAssignment roleAssignmentRead = new SPRoleAssignment((SPPrincipal)allUsers);
SPRoleDefinition roleDefinitionEdit = web.RoleDefinitions.GetByType(SPRoleType.Contributor);
SPRoleDefinition roleDefinitionRead = web.RoleDefinitions.GetByType(SPRoleType.Reader);
roleAssignmentEdit.RoleDefinitionBindings.Add(roleDefinitionEdit);
roleAssignmentRead.RoleDefinitionBindings.Add(roleDefinitionRead);
if (web.Lists.TryGetList(listName) == null)
{
web.AllowUnsafeUpdates = true;
SPListTemplate template = web.ListTemplates["WallOfHonorList"];
web.Lists.Add("Доска почета", "Доска почета", template);
}
SPList list = web.Lists["Доска почета"];
if (!list.HasUniqueRoleAssignments)
{
list.BreakRoleInheritance(false);
list.RoleAssignments.Add(roleAssignmentEdit);
list.RoleAssignments.Add(roleAssignmentRead);
list.Update();
}
}
catch
{
//Лог
}
}
// Uncomment the method below to handle the event raised after a feature has been activated.
public override void FeatureActivated(SPFeatureReceiverProperties properties)
{
SPSite currentSite = properties.Feature.Parent as SPSite;
SPWeb rootWeb = currentSite.RootWeb;
SPUser currentUser = rootWeb.CurrentUser;
SPGroupCollection groups = rootWeb.SiteGroups;
groups.Add("Training Administrators", currentUser, currentUser, "All Globomantics Training Administrators are in this group");
SPGroup trainingAdmins = groups["Training Administrators"];
groups.Add("Trainers", trainingAdmins, currentUser, "All Globomantics Trainers are in this group");
groups.Add("Students", trainingAdmins, currentUser, "All Globomantics students are in this group");
SPRoleDefinition fullControl = rootWeb.RoleDefinitions["Full Control"];
SPRoleDefinition contribute = rootWeb.RoleDefinitions["Contribute"];
SPRoleDefinition read = rootWeb.RoleDefinitions["Read"];
SPRoleAssignment trainersRoleAssignment = new SPRoleAssignment(groups["Trainers"]);
trainersRoleAssignment.RoleDefinitionBindings.Add(contribute);
rootWeb.RoleAssignments.Add(trainersRoleAssignment);
SPRoleAssignment studentsRoleAssignment = new SPRoleAssignment(groups["Students"]);
studentsRoleAssignment.RoleDefinitionBindings.Add(read);
rootWeb.RoleAssignments.Add(studentsRoleAssignment);
SPList registrationsList = rootWeb.Lists["Registrations"];
registrationsList.BreakRoleInheritance(true);
SPRoleAssignment registrationsRoleAssignment = new SPRoleAssignment(groups["Students"]);
registrationsRoleAssignment.RoleDefinitionBindings.Add(contribute);
registrationsList.RoleAssignments.Add(registrationsRoleAssignment);
SPRoleAssignment trainingAdminsRoleAssignment = new SPRoleAssignment(trainingAdmins);
trainingAdminsRoleAssignment.RoleDefinitionBindings.Add(fullControl);
rootWeb.RoleAssignments.Add(trainingAdminsRoleAssignment);
}
/// <summary>
/// Set a SharePoint as a product catalog without navigation term associated
/// Note: For more information, see PublishingCatalogUtility in Microsoft.SharePoint.Publishing
/// </summary>
/// <param name="list">The SharePoint list.</param>
/// <param name="availableFields">List of internal field names that are available through the catalog.</param>
/// <param name="activateAnonymousAccess">if set to <c>true</c> [activate anonymous access].</param>
/// <returns>
/// The SharePoint list configured as a catalog.
/// </returns>
private SPList SetListAsCatalog(SPList list, IEnumerable <string> availableFields, bool activateAnonymousAccess)
{
// TODO: Validate "availableFields" param name. Should it be availableManagedProperties? The comment says internal name. What does FurlFields really expect as format?
this.logger.Info("Start method 'SetListAsCatalog' for list: '{0}'", list.RootFolder.Url);
// Add properties for catalog publishing on the root folder
list.IndexedRootFolderPropertyKeys.Add("PublishingCatalogSettings");
list.IndexedRootFolderPropertyKeys.Add("IsPublishingCatalog");
if (activateAnonymousAccess)
{
// Allow anonymous access on the parentWeb
list.ParentWeb.FirstUniqueAncestorWeb.AnonymousPermMask64 |= SPBasePermissions.AnonymousSearchAccessWebLists;
// Break list inheritance for anonymous access
list.BreakRoleInheritance(true, false);
// Allow anonymous access on the list
list.AnonymousPermMask64 |= SPBasePermissions.AnonymousSearchAccessList;
}
var fieldList = new Collection <string>();
// For fields name, you need to pass the internal name of the column directly followed by "OWSTEXT"
foreach (var availableField in availableFields)
{
fieldList.Add("\"" + availableField + "\"");
}
var friendlyUrlFieldsProperty = string.Join(",", fieldList.ToArray());
var rootFolder = list.RootFolder;
rootFolder.Properties["IsPublishingCatalog"] = "True";
rootFolder.Properties["PublishingCatalogSettings"] = "{\"FurlFields\":[" + friendlyUrlFieldsProperty + "],\"TaxonomyFieldMap\":[]}";
rootFolder.Properties["vti_indexedpropertykeys"] = "UAB1AGIAbABpAHMAaABpAG4AZwBDAGEAdABhAGwAbwBnAFMAZQB0AHQAaQBuAGcAcwA=|SQBzAFAAdQBiAGwAaQBzAGgAaQBuAGcAQwBhAHQAYQBsAG8AZwA=|";
rootFolder.Update();
list.Update();
return(list);
}
public static bool RemoveListPermissionsForPrincipal(SPWeb sourceWeb, SPList list, SPPrincipal principal, SPRoleType roleTypeValue)
{
if (principal == null)
{
throw new ArgumentNullException("principal");
}
sourceWeb.AllowUnsafeUpdates = true;
bool result = false;
try
{
if (!list.HasUniqueRoleAssignments)
{
list.BreakRoleInheritance(true);
}
sourceWeb.AllowUnsafeUpdates = true;
var roleAssignment = list.RoleAssignments.GetAssignmentByPrincipal(principal);
var roleDefinition = sourceWeb.RoleDefinitions.GetByType(roleTypeValue);
if (roleAssignment.RoleDefinitionBindings.Contains(roleDefinition))
{
roleAssignment.RoleDefinitionBindings.Remove(roleDefinition);
roleAssignment.Update();
if (roleAssignment.RoleDefinitionBindings.OfType <SPRoleDefinition>().All(rd => rd.Name == "Limited Access"))
{
list.RoleAssignments.Remove(principal);
}
list.Update();
result = true;
}
}
finally
{
sourceWeb.AllowUnsafeUpdates = false;
}
return(result);
}
private static void SetSecurityOnRessouces(SPWeb Web, SPList List)
{
// list permission levels
foreach (SPRoleDefinition PermLevel in Web.RoleDefinitions)
{
Console.WriteLine(string.Format("Role: {0}, ID: {1}", PermLevel.Name, PermLevel.Id));
}
// list groups
foreach (SPGroup gp in Web.SiteGroups)
{
Console.WriteLine(string.Format("Group: {0}", gp.Name));
}
// break rights inheritance - boolean: copy permissions
List.BreakRoleInheritance(false);
// assign permissions to class\katja
Web.SiteUsers.Add(@"class\katja", "*****@*****.**", "Katja", "a test user");
SPUser usrKatja = Web.SiteUsers[@"class\katja"]; //login name
if (usrKatja != null)
{
usrKatja.Name = "Katja";
usrKatja.Email = "*****@*****.**";
usrKatja.Update();
// create a new permission level
SPRoleDefinition PermLevelFull = Web.RoleDefinitions["Full Control"];
SPRoleAssignment KatjaAssign =
new SPRoleAssignment(usrKatja.LoginName, usrKatja.Email, usrKatja.Name, usrKatja.Notes);
// Bind Assignment to definition
KatjaAssign.RoleDefinitionBindings.Add(PermLevelFull);
List.RoleAssignments.Add(KatjaAssign);
List.Update();
}
}
private void CreateCategoryList(SPWeb web)
{
SPList categoryList = web.Lists.TryGetList(Resource.CategoryList);
if (categoryList == null)
{
Guid categoryListGuid = web.Lists.Add(Resource.CategoryList, Resource.CategoryListDesc, SPListTemplateType.GenericList);
categoryList = web.Lists[categoryListGuid];
categoryList.Fields.Add(Resource.FieldCategory, SPFieldType.Text, true);
categoryList.Fields.Add(Resource.FieldSubCategory, SPFieldType.Text, true);
categoryList.EnableVersioning = true;
// Only system admins should be able to edit this, but everybody needs to view it
categoryList.BreakRoleInheritance(false);
SPPrincipal visitor = web.SiteGroups["Guidewire Visitors"];
if (visitor != null)
{
SPRoleAssignment roleAssignment = new SPRoleAssignment(visitor);
SPRoleDefinition roleDefinition = web.RoleDefinitions.GetByType(SPRoleType.Reader);
roleAssignment.RoleDefinitionBindings.Add(roleDefinition);
categoryList.RoleAssignments.Add(roleAssignment);
}
SPPrincipal member = web.SiteGroups["Guidewire Members"];
if (member != null)
{
SPRoleAssignment roleAssignment = new SPRoleAssignment(member);
SPRoleDefinition roleDefinition = web.RoleDefinitions.GetByType(SPRoleType.Reader);
roleAssignment.RoleDefinitionBindings.Add(roleDefinition);
categoryList.RoleAssignments.Add(roleAssignment);
}
SPPrincipal owner = web.SiteGroups["Guidewire Owners"];
if (member != null)
{
SPRoleAssignment roleAssignment = new SPRoleAssignment(owner);
SPRoleDefinition roleDefinition = web.RoleDefinitions.GetByType(SPRoleType.Administrator);
roleAssignment.RoleDefinitionBindings.Add(roleDefinition);
categoryList.RoleAssignments.Add(roleAssignment);
}
categoryList.Update();
}
}
public override void FeatureActivated(SPFeatureReceiverProperties properties)
{
SPSite featureSite = (SPSite)properties.Feature.Parent;
SPSecurity.RunWithElevatedPrivileges(() =>
{
using (SPSite site = new SPSite(featureSite.Url))
{
using (SPWeb web = site.RootWeb)
{
SPList wfExternalDataList =
Helper.GetExternalEventList(web);
wfExternalDataList.BreakRoleInheritance(false, true);
}
}
});
base.FeatureActivated(properties);
}
private static void EnsureRoleAssignment(SPWeb web, string listName, SPGroup spGroup, SPRoleDefinition role)
{
SPList list = web.Lists[listName];
list.BreakRoleInheritance(false);
list.ParentWeb.Dispose();
for (int i = 0; i < list.RoleAssignments.Count; i++)
{
if (list.RoleAssignments[i].Member.Name == spGroup.Name)
{
list.RoleAssignments.Remove(i);
}
}
SPRoleAssignment roleAssignment = new SPRoleAssignment(spGroup);
roleAssignment.RoleDefinitionBindings.Add(role);
list.RoleAssignments.Add(roleAssignment);
list.Update();
}
public static void AddPermission(this SPList list, SPGroup group, SPRoleDefinition role)
{
try
{
if (!list.HasUniqueRoleAssignments)
{
list.BreakRoleInheritance(true);
}
SPRoleAssignment groupRoleAssignment = new SPRoleAssignment(group);
groupRoleAssignment.RoleDefinitionBindings.RemoveAll();
groupRoleAssignment.RoleDefinitionBindings.Add(role);
list.RoleAssignments.Add(groupRoleAssignment);
list.Update();
}
catch (Exception ex)
{
Utility.LogError("SetPermissionForList " + ex.ToString(), "AIA.Intranet.Common.Extensions");
throw;
}
}
public override void BreakRoleInheritance(bool copyRoleAssignments)
{
_spList.BreakRoleInheritance(copyRoleAssignments);
}
static void Main(string[] args)
{
// create site, list, set security
SPSite col = new SPSite("http://sp2016");
SPWeb root = col.RootWeb;
foreach (SPWebTemplate t in root.GetAvailableWebTemplates(1033))
{
Console.WriteLine(t.Name + " " + t.Title);
}
SPWeb web = root.Webs.Add("CodedWeb", "CodedWeb", "Demo Description", 1033, "STS#1", true, false);
// add navigation
SPNavigation navRoot = root.Navigation;
SPNavigationNodeCollection navQL = navRoot.QuickLaunch;
var newNav = new SPNavigationNode(web.Title, web.ServerRelativeUrl);
var ms = new SPNavigationNode("Microsoft", "http://www.microsoft.com");
navQL.Add(newNav, newNav);
// alternative
// web.QuickLaunchEnabled = true;
Guid listid = web.Lists.Add("My Pictures", "PersonalPictures", SPListTemplateType.PictureLibrary);
SPList list = web.Lists[listid];
list.OnQuickLaunch = true;
// list permission levels
foreach (SPRoleDefinition PermLevel in list.ParentWeb.RoleDefinitions)
{
Console.WriteLine(string.Format("Role: {0}, ID: {1}", PermLevel.Name, PermLevel.Id));
}
// list groups
foreach (SPGroup gp in list.ParentWeb.SiteGroups)
{
Console.WriteLine(string.Format("Group: {0}", gp.Name));
}
// break rights inheritance - boolean: copy permissions
list.BreakRoleInheritance(false);
// assign permissions
list.ParentWeb.SiteUsers.Add(@"spdom\hsimpson", "*****@*****.**", "Homer Simpson", "A yellow comic guy");
SPUser usrHomer = list.ParentWeb.SiteUsers[@"spdom\hsimpson"]; //login name
if (usrHomer != null)
{
// lookup permission level full control
SPRoleDefinition PermLevelFull = list.ParentWeb.RoleDefinitions["Full Control"];
SPRoleAssignment assignment = new SPRoleAssignment(usrHomer);
// Bind Assignment to definition
assignment.RoleDefinitionBindings.Add(PermLevelFull);
list.RoleAssignments.Add(assignment);
list.Update();
// Auslesen von Permissions
foreach (SPRoleAssignment rs in list.RoleAssignments)
{
//List Security Principals
Console.WriteLine(rs.Member.Name);
foreach (SPRoleDefinition rd in rs.RoleDefinitionBindings)
{
//Rechte
Console.WriteLine(rd.Name);
}
}
//Same Pattern for Groups
SPGroup mgr = list.ParentWeb.Groups["Manager"];
if (mgr != null)
{
SPRoleAssignment ass = new SPRoleAssignment(mgr);
// ....
}
}
}
/// <summary>
/// An item has been added.
/// </summary>
public override void ItemAdded(SPItemEventProperties properties)
{
this.EventFiringEnabled = false; // FINALLY CLAUSE AT END WILL ENSURE IT IS IN PROPER STATE
try
{
SPSecurity.RunWithElevatedPrivileges(delegate()
{
using (SPSite site = new SPSite(properties.SiteId))
{
using (SPWeb web = site.OpenWeb())
{
string uniqueUrl = string.Empty;
try
{
SPList casesList = web.Lists[properties.ListId];
SPListItem item = casesList.GetItemById(properties.ListItemId);
#region Get LockCase Value
bool lockCase;
SPListItem caseStatusItem = item.GetFieldLookupAsSPListItem("CaseStatusLookup");
bool.TryParse(caseStatusItem[eCaseConstants.FieldGuids.ECASE_STATUSES_LOCK_SITE].ToString(), out lockCase);
#endregion
#region Get Users
SPUser assignedTo, supervisor;
GetAssignedToAndSupervisor(item, out assignedTo, out supervisor);
#endregion
#region Get Other Properties
string title = item[eCaseConstants.FieldGuids.OOTB_TITLE].ToString();
string description = (string)item[eCaseConstants.FieldGuids.ECASES_LIST_DESCRIPTION] ?? string.Empty;
string uniqueCaseId = item[eCaseConstants.FieldGuids.ECASES_LIST_UNIQUECASEID].ToString();
#endregion
// Get a unique URL that doesn't currently exist
uniqueUrl = web.GetValidNewWebUrl(uniqueCaseId);
SPWeb caseWeb;
string caseWebUrl = string.Empty;
try
{
using (caseWeb = CreateCaseWeb(web, uniqueUrl, title, description))
{
#region Configure Proxy Group Lists Permissions
SPGroup ownersGroup = eCaseGroups.GetOwners(caseWeb);
SPGroup participantsGroup = eCaseGroups.GetParticipants(caseWeb);
SPGroup externalSharingGroup = eCaseGroups.GetExternalUsers(caseWeb);
SPRoleDefinition fullControl;
caseWeb.TryGetRoleDefinition("Full Control", out fullControl);
SPRoleDefinition reader;
caseWeb.TryGetRoleDefinition("Read", out reader);
SPRoleDefinition contributor;
caseWeb.TryGetRoleDefinition("Contribute", out contributor);
SPList ownersList = caseWeb.GetListByInternalName("Bureau");
ownersList.BreakRoleInheritance(false);
ownersList.TryGrantPermission(ownersGroup, fullControl);
ownersList.TryGrantPermission(participantsGroup, reader);
SPList participantsList = caseWeb.GetListByInternalName("Investigator");
participantsList.BreakRoleInheritance(false);
participantsList.TryGrantPermission(ownersGroup, fullControl);
participantsList.TryGrantPermission(participantsGroup, reader);
#endregion
#region Configure Group Memberships via Proxy
this.EventFiringEnabled = true; // TURN ON EVENT FIRING SO THAT PROXY GROUP EVENT RECEIVER FIRES
UpdateProxyGroups(caseWeb, assignedTo, supervisor, null, null);
if (assignedTo.LoginName != properties.UserLoginName && (supervisor == null || supervisor.LoginName != properties.UserLoginName))
{
SPList ownersProxyList = eCaseGroups.OwnersList(caseWeb);
eCaseGroups.AddGroupProxyItem(ownersProxyList, web.EnsureUserProperly(properties.UserLoginName));
}
this.EventFiringEnabled = false; // FINALLY CLAUSE AT END WILL ENSURE IT IS IN PROPER STATE
#endregion
#region Configure Sharing With External Party
SPList shareWithExternalUsersList = caseWeb.GetListByInternalName("ShareWithExternalUsers");
shareWithExternalUsersList.BreakRoleInheritance(false);
shareWithExternalUsersList.TryGrantPermission(ownersGroup, fullControl);
shareWithExternalUsersList.TryGrantPermission(participantsGroup, contributor);
shareWithExternalUsersList.TryGrantPermission(externalSharingGroup, reader);
#endregion
ConfigureItemPermissions(item, caseWeb, assignedTo, supervisor);
#region Configure Group Permissions on Root Web
//bool allowunsafeupdate = web.AllowUnsafeUpdates;
//web.AllowUnsafeUpdates = true;
//SPRoleDefinition topreader;
//web.TryGetRoleDefinition("Read", out topreader);
//web.TryGrantPermission(ownersGroup, topreader);
//web.TryGrantPermission(participantsGroup, topreader);
//web.TryGrantPermission(reviewersGroup, topreader);
//web.Update();
//web.AllowUnsafeUpdates = allowunsafeupdate;
#endregion
#region Configure eCase Statuses List Permissions
//SPList statusList = web.GetListByInternalName("eCaseStatuses");
//if (!statusList.HasUniqueRoleAssignments)
//{
// statusList.BreakRoleInheritance(true);
// statusList.Update();
//}
//statusList.TryGrantPermission(ownersGroup, topreader);
//statusList.TryGrantPermission(participantsGroup, topreader);
//statusList.TryGrantPermission(reviewersGroup, topreader);
//statusList.Update();
#endregion
UpdateDefaultAspx(item, caseWeb);
// Record item guid in caseweb's property bag so methods can find the parent item easily
caseWeb.AddProperty(eCaseConstants.PropertyBagKeys.ECASE_CASE_LIST_ITEM_GUID, item.UniqueId.ToString());
caseWeb.Update();
try
{
_connectionString = web.Properties[eCaseConstants.PropertyBagKeys.ECASE_DB_CONNECTION_STRING];
using (DbAdapter dbAdapter = new DbAdapter())
{
dbAdapter.Connect(_connectionString);
try
{
#region Add Case Site Info to eCaseManagement Database
Guid siteGuid = caseWeb.Site.ID;
Guid caseWebGuid = caseWeb.ID;
Guid activitiesTasksGuid = caseWeb.GetListByInternalName(eCaseConstants.ListInternalNames.ACTIVITIES_AND_TASKS).ID;
Guid caseRelatedDatesGuid = caseWeb.GetListByInternalName(eCaseConstants.ListInternalNames.CASE_RELATED_DATES).ID;
CreateCaseWebSProc sProc = new CreateCaseWebSProc(siteGuid, item.UniqueId, caseWebGuid, activitiesTasksGuid, caseRelatedDatesGuid);
dbAdapter.ExecuteNonQueryStoredProcedure(sProc);
#endregion
}
catch (Exception x)
{ Logger.Instance.Error(string.Format("Failed while recording new CaseWeb at {0} in database", caseWeb.Url), x, DiagnosticsCategories.eCaseSite); }
if (lockCase)
{
LockCaseSite(item, caseWeb, dbAdapter);
}
}
}
catch (Exception x)
{ Logger.Instance.Error(string.Format("Failed while accessing database at {0} with connection string {1}", caseWeb.Url, _connectionString), x, DiagnosticsCategories.eCaseSite); }
caseWebUrl = string.Format("{0}, {1}", caseWeb.Url, "View Case");
}
}
catch (Exception x)
{
caseWebUrl = string.Format("{0}/_layouts/1033/error.htm, {1}", web.Url, "ERROR!");
Logger.Instance.Error(string.Format("Failed to create Case Web for {0}", uniqueCaseId), x, DiagnosticsCategories.eCaseSite);
if (web.Webs[uniqueUrl].Exists)
{
RemoveCaseWeb(properties, uniqueUrl);
}
throw x;
}
finally
{
item[eCaseConstants.FieldGuids.ECASES_LIST_CASEURL] = caseWebUrl;
item.SystemUpdate(); // Update the change in the DB using the system account
}
}
catch (Exception x)
{
Logger.Instance.Error(string.Format("Failed to create Case Web for {0}", uniqueUrl), x, DiagnosticsCategories.eCaseSite);
throw x;
}
}
}
});
}
catch (Exception x)
{ throw x; }
finally
{ this.EventFiringEnabled = true; }
}
/// <summary>
/// Set a SharePoint as a product catalog without navigation term associated
/// Note: For more information, see PublishingCatalogUtility in Microsoft.SharePoint.Publishing
/// </summary>
/// <param name="list">The SharePoint list.</param>
/// <param name="availableFields">List of internal field names that are available through the catalog.</param>
/// <param name="activateAnonymousAccess">if set to <c>true</c> [activate anonymous access].</param>
/// <returns>
/// The SharePoint list configured as a catalog.
/// </returns>
private SPList SetListAsCatalog(SPList list, IEnumerable<string> availableFields, bool activateAnonymousAccess)
{
// TODO: Validate "availableFields" param name. Should it be availableManagedProperties? The comment says internal name. What does FurlFields really expect as format?
this.logger.Info("Start method 'SetListAsCatalog' for list: '{0}'", list.RootFolder.Url);
// Add properties for catalog publishing on the root folder
list.IndexedRootFolderPropertyKeys.Add("PublishingCatalogSettings");
list.IndexedRootFolderPropertyKeys.Add("IsPublishingCatalog");
if (activateAnonymousAccess)
{
// Allow anonymous access on the parentWeb
list.ParentWeb.FirstUniqueAncestorWeb.AnonymousPermMask64 |= SPBasePermissions.AnonymousSearchAccessWebLists;
// Break list inheritance for anonymous access
list.BreakRoleInheritance(true, false);
// Allow anonymous access on the list
list.AnonymousPermMask64 |= SPBasePermissions.AnonymousSearchAccessList;
}
var fieldList = new Collection<string>();
// For fields name, you need to pass the internal name of the column directly followed by "OWSTEXT"
foreach (var availableField in availableFields)
{
fieldList.Add("\"" + availableField + "\"");
}
var friendlyUrlFieldsProperty = string.Join(",", fieldList.ToArray());
var rootFolder = list.RootFolder;
rootFolder.Properties["IsPublishingCatalog"] = "True";
rootFolder.Properties["PublishingCatalogSettings"] = "{\"FurlFields\":[" + friendlyUrlFieldsProperty + "],\"TaxonomyFieldMap\":[]}";
rootFolder.Properties["vti_indexedpropertykeys"] = "UAB1AGIAbABpAHMAaABpAG4AZwBDAGEAdABhAGwAbwBnAFMAZQB0AHQAaQBuAGcAcwA=|SQBzAFAAdQBiAGwAaQBzAGgAaQBuAGcAQwBhAHQAYQBsAG8AZwA=|";
rootFolder.Update();
list.Update();
return list;
}
private void ModifyListPermissions(SPList list)
{
// Modifying the permissions for the list to restrict the students for direct list items operations
try
{
if (!list.HasUniqueRoleAssignments)
{
var web = list.ParentWeb;
list.BreakRoleInheritance(false, false);
var group = web.SiteGroups[Utilities.StudentsGroupName];
var roleAssignment = new SPRoleAssignment(group);
SPRoleDefinition spRole = web.RoleDefinitions["Read"];
roleAssignment.RoleDefinitionBindings.Add(spRole);
list.RoleAssignments.Add(roleAssignment);
group = web.SiteGroups[Utilities.FacultyGroupName];
roleAssignment = new SPRoleAssignment(group);
spRole = web.RoleDefinitions["Full Control"];
roleAssignment.RoleDefinitionBindings.Add(spRole);
list.RoleAssignments.Add(roleAssignment);
list.Update();
}
}
catch (Exception ex)
{
SPDiagnosticsService.Local.WriteTrace(0, new SPDiagnosticsCategory("BethesdaSkillLab", TraceSeverity.Monitorable, EventSeverity.Error), TraceSeverity.Monitorable, ex.Message, new object[] { ex.StackTrace });
}
}
public static void UpdatePermissions(this SPList list, List <Assignement> assigments, bool brokenInheritance, SPWeb web)
{
if (list == null)
{
return;
}
foreach (var item in assigments)
{
string levelName = "Custom Permission for list " + list.Title;
var principalNames = item.Name.Split(new char[] { ';' }, StringSplitOptions.RemoveEmptyEntries);
foreach (var name in principalNames)
{
try
{
if (!list.HasUniqueRoleAssignments)
{
list.BreakRoleInheritance(brokenInheritance); // Ensure we don't inherit permissions from parent
}
var principal = web.GetPrinciple(name);
if (principal == null)
{
continue;
}
// Assuming you already have SPWeb and SPList objects
SPRoleAssignment roleAssignment = new SPRoleAssignment(principal);
SPRoleDefinition roleDefinition = web.RoleDefinitions
.Cast <SPRoleDefinition>()
.Where(p => p.Name == levelName)
.FirstOrDefault();;
bool isRoleExisted = true;
if (roleDefinition == null)
{
isRoleExisted = false;
roleDefinition = new SPRoleDefinition();
}
if (item.Permissions != null)
{
foreach (var permission in item.Permissions)
{
roleDefinition.BasePermissions |= permission;
if (!roleDefinition.Description.Contains(permission.ToString()))
{
roleDefinition.Description += permission.ToString() + ", ";
}
}
}
roleDefinition.Description = roleDefinition.Description.TrimBy(500);
foreach (var rd in item.RoleDefinitions)
{
SPRoleDefinition def = web.RoleDefinitions.GetByType(rd);
roleAssignment.RoleDefinitionBindings.Add(def);
}
roleDefinition.Name = levelName;
if (roleDefinition.BasePermissions != SPBasePermissions.EmptyMask)
{
if (!isRoleExisted)
{
web.RoleDefinitions.Add(roleDefinition);
}
else
{
roleDefinition.Update();
}
web.Update();
roleAssignment.RoleDefinitionBindings.Add(web.RoleDefinitions[roleDefinition.Name]);
}
//web.Update();
//roleAssignment.RoleDefinitionBindings.Add(web.RoleDefinitions[roleDefinition.Name]);
list.RoleAssignments.Add(roleAssignment);
list.Update();
}
catch (Exception ex)
{
Utility.LogError(ex.Message + ex.StackTrace, AIAPortalFeatures.Infrastructure);
}
}
}
}
public static void CopyListRoleAssignments(SPList sourceList, SPList destinationList)
{
//First check if the Source List has Unique permissions
if (sourceList.HasUniqueRoleAssignments) {
//Break List permission inheritance first
destinationList.BreakRoleInheritance(true);
//Remove current role assignemnts
while (destinationList.RoleAssignments.Count > 0) {
destinationList.RoleAssignments.Remove(0);
}
//Copy Role Assignments from source to destination list.
foreach (SPRoleAssignment sourceRoleAsg in sourceList.RoleAssignments) {
SPRoleAssignment destinationRoleAsg = null;
//Get the source member object
SPPrincipal member = sourceRoleAsg.Member;
//Check if the member is a user
try {
SPUser sourceUser = (SPUser)member;
SPUser destinationUser = destinationList.ParentWeb.Users.GetByEmail(sourceUser.Email);
destinationRoleAsg = new SPRoleAssignment(destinationUser);
}
catch { }
if (destinationRoleAsg == null) {
//Check if the member is a group
try {
SPGroup sourceGroup = (SPGroup)member;
SPGroup destinationGroup = destinationList.ParentWeb.SiteGroups[sourceGroup.Name];
destinationRoleAsg = new SPRoleAssignment(destinationGroup);
}
catch { }
}
//At this state we should have the role assignment established either by user or group
if (destinationRoleAsg != null) {
foreach (SPRoleDefinition sourceRoleDefinition in sourceRoleAsg.RoleDefinitionBindings) {
try { destinationRoleAsg.RoleDefinitionBindings.Add(destinationList.ParentWeb.RoleDefinitions[sourceRoleDefinition.Name]); }
catch { }
}
if (destinationRoleAsg.RoleDefinitionBindings.Count > 0) {
//handle additon of an existing permission assignment error
try { destinationList.RoleAssignments.Add(destinationRoleAsg); }
catch (ArgumentException) { }
}
}
}
//Does not require list update
//destinationList.Update();
}
else
//No need to assign permissions
return;
}
/// <summary>
/// Grants list level permissions to a target sharepoint on the HTS site.
/// </summary>
/// <param name="spTargetGroup">Represents an instance of a HTS security group.</param>
/// <param name="spAssignRoleType">Represents an instance of a target HTS role type.</param>
/// <param name="spTargetList">Represents an instance of the target list where we grant the security group permission to.</param>
private static void GrantGroupListLevelPermisisons(SPGroup spTargetGroup, SPRoleType spAssignRoleType, SPList spTargetList)
{
if (spTargetList.HasUniqueRoleAssignments == false)
{
spTargetList.BreakRoleInheritance(true);
}
/* Remove the user from the role assignment. */
spTargetList.RoleAssignments.Remove(spTargetGroup);
SPRoleAssignment roleAssign = new SPRoleAssignment(spTargetGroup);
SPRoleDefinition roleDef = spTargetList.ParentWeb.RoleDefinitions.GetByType(spAssignRoleType);
roleAssign.RoleDefinitionBindings.Add(roleDef);
spTargetList.RoleAssignments.Add(roleAssign);
}
