public static bool IsGroupInItemRole(this SPListItem item, SPPrincipal group, int roleId)
{
SPRoleAssignment AssignmentsOfGroup;
SPRoleDefinition roleDefinition = item.Web.RoleDefinitions.GetById(roleId);
try
{
AssignmentsOfGroup = item.RoleAssignments.GetAssignmentByPrincipal(group);
}
catch
{
return(false);
}
SPRoleDefinitionBindingCollection RoleBindingsOfGroup = AssignmentsOfGroup.RoleDefinitionBindings;
if (RoleBindingsOfGroup.Contains(roleDefinition))
{
return(true);
}
else
{
return(false);
}
}
public static void AssignPermissions(this SPSecurableObject securableObject, SPPrincipal principal, string roleDefinitionName, bool replaceAllDefinitions = false, bool copyRoleAssignments = false, bool clearSubscopes = true)
{
SPWeb web = principal.ParentWeb;
SPRoleDefinition roleDefinition = web.RoleDefinitions[roleDefinitionName];
AssignPermissions(securableObject, principal, roleDefinition, replaceAllDefinitions, copyRoleAssignments, clearSubscopes);
}
private string GetRoleType(SPPrincipal principal)
{
if (principal is SPGroup)
{
return("SharePoint Group");
}
else if (principal is SPUser)
{
string loginName = (principal as SPUser).LoginName;
if (_adHelper.IsWindowsUser(loginName))
{
return("User");
}
if (_adHelper.IsUser(SquadronContext.DomainName, loginName))
{
return("User");
}
else if (_adHelper.IsGroup(SquadronContext.DomainName, loginName))
{
return("Domain Group");
}
}
return("System Account");
}
/// <summary>
/// 给Item授权
/// </summary>
/// <param name="principal"></param>
/// <param name="web"></param>
/// <param name="ListItem"></param>
/// <param name="DelegateName"></param>
public static void DelegateForListItem(SPPrincipal principal, SPWeb web, SPListItem ListItem, string DelegateName)
{
SPSecurity.RunWithElevatedPrivileges(delegate()
{
try
{
using (SPSite site = new SPSite(web.Site.ID))
{
using (SPWeb _web = site.OpenWeb(web.ServerRelativeUrl))
{
SPListItem _listitem = _web.Lists[ListItem.ParentList.ID].GetItemById(ListItem.ID);
_web.AllowUnsafeUpdates = true;
SPRoleAssignment sra = new SPRoleAssignment(principal);
SPRoleDefinition srd = _web.RoleDefinitions[DelegateName];
sra.RoleDefinitionBindings.Add(srd);
_listitem.BreakRoleInheritance(true, false);
_listitem.RoleAssignments.Add(sra);
_listitem.Update();
}
}
}
catch (Exception ex)
{
}
});
}
protected override void OnPreRender(EventArgs e)
{
try
{
if (allViews != null)
{
CurrentViewName = SPContext.Current.ViewContext.View.ToString();
SPPrincipal ObjCurrentUserPrincipal = SPContext.Current.Web.CurrentUser;
foreach (ViewSetting objView in allViews)
{
if (objView.SPVName == CurrentViewName)
{
if (objView.Permission == "hide" &&
DoesUserExist(objView.UserGroup, ObjCurrentUserPrincipal))
{
SPUtility.Redirect(
Constants.Resource.ViewAccessDeniedPage,
SPRedirectFlags.RelativeToLayoutsPage,
HttpContext.Current);
}
}
}
}
}
catch (Exception exp)
{
base.OnPreRender(e);
Logging.Log(exp);
}
base.OnPreRender(e);
}
public static int GetDelegateCount(SPPrincipal principal, SPWeb web, SPListItem ListItem)
{
int permissionCount = 0;
SPSecurity.RunWithElevatedPrivileges(delegate()
{
try
{
if (principal != null)
{
using (SPSite site = new SPSite(web.Site.ID))
{
using (SPWeb _web = site.OpenWeb(web.ServerRelativeUrl))
{
SPListItem _listitem = _web.Lists[ListItem.ParentList.ID].GetItemById(ListItem.ID);
_web.AllowUnsafeUpdates = true;
SPRoleAssignment role = _listitem.RoleAssignments.GetAssignmentByPrincipal(principal);
permissionCount = role.RoleDefinitionBindings.Count;
}
}
}
else
{
}
}
catch (Exception ex)
{
}
});
return(permissionCount);
}
private void AddPermissions(SPListItem item, SPPrincipal principal, SPRoleDefinition roleDefinition)
{
SPRoleAssignment ra = new SPRoleAssignment(principal);
ra.RoleDefinitionBindings.Add(roleDefinition);
item.RoleAssignments.Add(ra);
}
private bool DoesUserExist(string Username, SPPrincipal objPrincipal)
{
if (!String.IsNullOrEmpty(Username))
{
if (Username == "ALL")
{
return(true);
}
string[] objsplitUsers = Username.Split(',');
foreach (string user in objsplitUsers)
{
if (!String.IsNullOrEmpty(user) && !user.Equals(""))
{
if (user.Contains("\\"))
{
return(user.ToLower() == objPrincipal.LoginName.ToLower());
}
else
{
SPGroup grp = SPContext.Current.Web.Groups[user];
return(grp.ContainsCurrentUser);
}
}
}
}
return(false);
}
private bool DoesUserExist(string Username, SPPrincipal objPrincipal)
{
if (!String.IsNullOrEmpty(Username))
{
if (Username == "ALL")
{
return true;
}
string[] objsplitUsers = Username.Split(',');
foreach (string user in objsplitUsers)
{
if (!String.IsNullOrEmpty(user) && !user.Equals(""))
{
if (user.Contains("\\"))
{
return user.ToLower() == objPrincipal.LoginName.ToLower();
}
else
{
SPGroup grp = SPContext.Current.Web.Groups[user];
return grp.ContainsCurrentUser;
}
}
}
}
return false;
}
private void CreateConfigurationList(SPWeb web)
{
SPList configurationList = web.Lists.TryGetList(Resource.ConfigurationList);
if (configurationList == null)
{
Guid configurationListGuid = web.Lists.Add(Resource.ConfigurationList, Resource.ConfigurationListDesc, SPListTemplateType.GenericList);
configurationList = web.Lists[configurationListGuid];
configurationList.Fields.Add("Property", SPFieldType.Text, true);
configurationList.Fields.Add("Setting", SPFieldType.Text, true);
configurationList.EnableVersioning = true;
// Only system admins should be able to edit this, but everybody needs to view it
configurationList.BreakRoleInheritance(false);
SPPrincipal group = web.SiteGroups["Guidewire Owners"];
if (group != null)
{
SPRoleAssignment roleAssignment = new SPRoleAssignment(group);
SPRoleDefinition roleDefinition = web.RoleDefinitions.GetByType(SPRoleType.Administrator);
roleAssignment.RoleDefinitionBindings.Add(roleDefinition);
configurationList.RoleAssignments.Add(roleAssignment);
}
configurationList.Update();
Configuration.AddDefaultConfigurationValue(web, Resource.ConfigGWWsUserName, "GWSharePointIntegration");
Configuration.AddDefaultConfigurationValue(web, Resource.ConfigGWWsPassword, "gw");
Configuration.AddDefaultConfigurationValue(web, Resource.ConfigGWWsEndpoint, "http://manclredev02:8080/cc/ws/riverstone/webservice/document/trg_UpdateMetadataAPI");
}
}
public SPGroup CreateAndReturn()
{
var existing = web.SiteGroups.Cast <SPGroup>().SingleOrDefault(g => g.Name.Equals(name));
if (existing != null)
{
return(existing);
}
SPPrincipal author = null;
if (!string.IsNullOrEmpty(ownerPrincipalName))
{
author = web.SiteGroups.Cast <SPGroup>().SingleOrDefault(g => g.Name.Equals(ownerPrincipalName));
}
if (author == null)
{
author = web.Users.Cast <SPUser>().SingleOrDefault(u => u.LoginName.Equals(ownerPrincipalName));
}
web.SiteGroups.Add(name, author ?? web.Author, null, description);
var newGroup = web.SiteGroups.Cast <SPGroup>().Single(u => u.Name.Equals(name));
if (allowUsersEditMembership)
{
newGroup.AllowMembersEditMembership = true;
newGroup.Update();
}
return(newGroup);
}
private bool UpdateUserPermissions(SPWeb web, SPRoleAssignmentCollection roleAssignments, XmlNodeList principalUserNodes)
{
bool dirty = false;
foreach (XmlNode principalUserNode in principalUserNodes)
{
string loginName = principalUserNode.Attributes["login"].Value;
string userName = principalUserNode.Attributes["name"].Value;
try
{
SPClaimProviderManager cpm = SPClaimProviderManager.Local;
SPClaim userClaim = cpm.ConvertIdentifierToClaim(loginName, SPIdentifierTypes.WindowsSamAccountName);
SPUser user = web.EnsureUser(userClaim.ToEncodedString());
if (user == null)
{
throw new Exception();
}
SPPrincipal userPrincipal = (SPPrincipal)user;
try
{
SPRoleAssignment roleAssignment = roleAssignments.GetAssignmentByPrincipal(userPrincipal);
if (roleAssignment == null)
{
throw new Exception();
}
UpdatePrincipal(web, principalUserNode,
string.Format("{0,20}, '{1,15}'", userName, loginName),
roleAssignment);
}
catch
{
output.Append(string.Format("permissins missing for user: {0,20} with login: {1,15}, adding new..." + Environment.NewLine, userName, loginName));
SPRoleAssignment roleAssignmentNew = new SPRoleAssignment(userPrincipal);
XmlNodeList roleNodes = principalUserNode.SelectNodes("role");
foreach (XmlNode roleNode in roleNodes)
{
string roleName = roleNode.Attributes["name"].Value;
if (roleName.ToLower().Equals("limited access"))
{
roleName = "Limited User";
}
SPRoleDefinition role = web.RoleDefinitions[roleName];
roleAssignmentNew.RoleDefinitionBindings.Add(role);
}
roleAssignments.Add(roleAssignmentNew);
output.Append("completed" + Environment.NewLine);
dirty = true;
}
}
catch { output.Append(string.Format("user not found: {0,20} with login: {1,15}" + Environment.NewLine, userName, loginName)); }
}
return(dirty);
}
public IEnumerable <PrincipalInfo> Resolve(SPUser user, IDisposable implicitContext)
{
try {
CommonHelper.ConfirmNotNull(user, "user");
if (!resolvedIdentities.Contains(user.ID))
{
resolvedIdentities.Add(user.ID);
parentPrincipal = user;
if (SPClaimProviderManager.IsEncodedClaim(user.LoginName))
{
SPClaim claim = SPClaimProviderManager.Local.DecodeClaim(user.LoginName);
if (claim.OriginalIssuer == "Windows")
{
if (claim.ClaimType == SPClaimTypes.UserLogonName)
{
PrincipalInfo userInfo = ResolveActiveDirectoryUser(IdentityType.SamAccountName, claim.Value);
if (userInfo != null)
{
return(new[] { userInfo });
}
return(new PrincipalInfo[0]);
}
if (claim.ClaimType == ClaimTypes_GroupSid)
{
return(EnumerateActiveDirectoryGroup(IdentityType.SamAccountName, user.Name));
}
}
if (claim.OriginalIssuer.StartsWith("Forms:"))
{
string providerName = claim.OriginalIssuer.Substring(6);
if (claim.ClaimType == SPClaimTypes.UserLogonName)
{
PrincipalInfo userInfo = ResolveMembershipUser(providerName, claim.Value);
if (userInfo != null)
{
return(new[] { userInfo });
}
return(new PrincipalInfo[0]);
}
if (claim.ClaimType == ClaimTypes_Role)
{
return(EnumerateMembershipUsersInRole(providerName, claim.Value));
}
}
}
if (user.IsDomainGroup)
{
return(EnumerateActiveDirectoryGroup(IdentityType.SamAccountName, user.LoginName));
}
return(EnumerateBySamAccountName(user.LoginName));
}
return(new PrincipalInfo[0]);
} finally {
if (implicitContext != null)
{
implicitContext.Dispose();
}
}
}
/// <summary>
/// Sets the value of a User-Field to an SPPrincipal
/// (SPGroup or SPUser).
/// </summary>
public static void SetFieldValueUser(this SPListItem item,
string fieldName, SPPrincipal principal)
{
if (item != null)
{
item[fieldName] = principal;
}
}
public static void ChangePermissions(this SPListItem item, SPPrincipal principal, SPRoleType roleType)
{
if (item != null)
{
SPRoleDefinition roleDefinition = item.Web.RoleDefinitions.GetByType(roleType);
ChangePermissions(item, principal, roleDefinition);
}
}
public IEnumerable <PrincipalInfo> Resolve(SPPrincipal member, IDisposable implicitContext)
{
if (member is SPGroup)
{
return(Resolve((SPGroup)member, implicitContext));
}
return(Resolve((SPUser)member, implicitContext));
}
public void For(SPPrincipal principal)
{
var assignment = new SPRoleAssignment(principal);
assignment.RoleDefinitionBindings.Add(web.RoleDefinitions[roleDefinitionName]);
roleAssignments.Add(assignment);
}
public void RemoveAllRoles(SPSecurableObject target, SPPrincipal principal)
{
// Break the Role Inheritance if it's necessary
EnsureBrokenRoleInheritance(target);
// remove the roleAssignment from the item
target.RoleAssignments.Remove(principal);
}
public static void ChangePermissions(this SPList list, SPPrincipal principal, SPRoleType roleType)
{
if (list != null)
{
SPRoleDefinition roleDefinition = list.ParentWeb.RoleDefinitions.GetByType(roleType);
ChangePermissions(list, principal, roleDefinition);
}
}
public static SPRoleAssignment GetRoleAssignment(SPWeb web, SPPrincipal principal, SPRoleType roleType)
{
SPRoleAssignment roleAssign = new SPRoleAssignment(principal);
SPRoleDefinition roleDef = web.RoleDefinitions.GetByType(roleType);
roleAssign.RoleDefinitionBindings.Add(roleDef);
return roleAssign;
}
internal PrincipalInfo(MembershipUser principal, SPPrincipal parentPrincipal)
: this(principal, CommonHelper.ConfirmNotNull(principal, "principal").ProviderUserKey, parentPrincipal)
{
this.DisplayName = principal.UserName;
this.EmailAddress = principal.Email;
this.ProviderType = SPIdentityProviderTypes.Forms;
this.EncodedClaim = SPClaimProviderManager.Local.ConvertIdentifierToClaim(principal.UserName, SPIdentifierTypes.FormsUser).ToEncodedString();
}
private void UpdateItemPermissions(SPWeb web, SPListItem item, SPPrincipal spPrincipal)
{
if (!isUserAdded)
{
result += "AddPermissions" + spPrincipal.LoginName;
AddPermissions(item, spPrincipal, web.RoleDefinitions.GetByType(SPRoleType.Contributor));
}
}
public static string grantPermit(string siteUrl, string folderUrl, string userEmail)
{
try
{
//SPSite s = new SPSite(siteUrl);
//SPWeb w = s.OpenWeb();
int fileCount = 0;
SPSecurity.RunWithElevatedPrivileges(delegate()
{
using (SPSite site = new SPSite(siteUrl))
{
using (SPWeb web = site.OpenWeb())
{
//get folder
SPFolder folder = web.GetFolder(@"RSAs Library/" + folderUrl);
//get list of items in folder to grant permission to
SPFileCollection folderFiles = folder.Files;
//SPFolderCollection subFolders = folder.SubFolders;
//select User
SPPrincipal user = web.SiteUsers.GetByEmail(userEmail);
//define read role
SPRoleDefinition readRole = web.RoleDefinitions.GetById(1073741826);
web.AllowUnsafeUpdates = true;
//remove permissions on files
folder.Item.BreakRoleInheritance(true);
//create Role Assignment Ref
SPRoleAssignment roleAssignment = new SPRoleAssignment((SPPrincipal)user);
//grant user permission to the folder
roleAssignment.RoleDefinitionBindings.Add(readRole);
folder.Item.RoleAssignments.Add(roleAssignment);
//grant user permission to all files in folder
foreach (SPFile file in folderFiles)
{
file.Item.BreakRoleInheritance(true);
file.Item.RoleAssignments.Add(roleAssignment);
fileCount++;
}
web.AllowUnsafeUpdates = false;
}
}
});
return(String.Format("User {1} has been granted access to View {2} files in {0} Folder", fileCount, userEmail, folderUrl));
}
catch (Exception ex)
{
return(ex.Message);
}
}
private void UpdateItemPermissions(SPWeb web, SPListItem item, SPPrincipal spPrincipal)
{
if (!isUserAdded)
{
//res += "AddPermissions";
//debug += "AddPermissions";
AddPermissions(item, spPrincipal, web.RoleDefinitions.GetByType(SPRoleType.Contributor));
}
}
/// <summary>Fixes the SP field type user.</summary>
/// <param name="contextSPWeb">The context sp web.</param>
/// <param name="fileSPListItem">The file sp list item.</param>
/// <param name="sourceValue">The source value.</param>
/// <returns>The fix sp field type user.</returns>
private string FixSPFieldTypeUser(SPWeb contextSPWeb, SPListItem fileSPListItem, string sourceValue)
{
string s = "\t\tUser(" + contextSPWeb.Url + "," + sourceValue + "\n";
s += "\t\twas:" + fileSPListItem[this.FileSPField.Id] + "\n";
// transform non-user values into user type
string[] userNames = sourceValue.Split(";".ToCharArray(), StringSplitOptions.RemoveEmptyEntries);
s += "\t\tuserNamescount:\t" + userNames.Length + "\n";
// create list of user names parsing array of names
SPFieldUserValueCollection spFieldUserValues = new SPFieldUserValueCollection();
// update SPPrincipal using user info
foreach (string userName in userNames)
{
string user = userName.Trim();
s += "\t\tuser:\t" + user + "\n";
SPPrincipal spPrincipal = null;
// checking if this string is the name of a SharePoint group, add to user collection if (spPrincipal != null)
if (this.IsUserSPGroupName(contextSPWeb, user))
{
spPrincipal = this.GetUserSPPrincipal(contextSPWeb, user);
spFieldUserValues.Add(new SPFieldUserValue(contextSPWeb, spPrincipal.ID, spPrincipal.Name));
}
// the value is not a group; try to set it as a user then.
// if (spPrincipal == null)
else
{
try
{
spPrincipal = contextSPWeb.EnsureUser(user);
}
catch
{
}
}
s += "\t\tspPrncipal:\t" + spPrincipal.Name + "\n";
}
// set multi-user fields to new user collection
if (this.SPFieldUserIsMultiValue)
{
fileSPListItem[this.FileSPField.Id] = spFieldUserValues;
}
// set single-user fields to just one user value
else
{
fileSPListItem[this.FileSPField.Id] = spFieldUserValues[0];
}
s += "\t\tis_:" + fileSPListItem[this.FileSPField.Id] + "\n";
return(s);
}
/// <summary>
/// 删除指定角色的权限
/// </summary>
/// <param name="principal">角色</param>
/// <param name="web"></param>
/// <param name="ListItem">item对象</param>
/// <param name="DelegateName">权限名称</param>
public static void DeleteDelegateFromListItem(SPPrincipal principal, SPWeb web, SPListItem ListItem, string DelegateName)
{
SPSecurity.RunWithElevatedPrivileges(delegate()
{
try
{
if (principal != null)
{
using (SPSite site = new SPSite(web.Site.ID))
{
using (SPWeb _web = site.OpenWeb(web.ServerRelativeUrl))
{
SPListItem _listitem = _web.Lists[ListItem.ParentList.ID].GetItemById(ListItem.ID);
_web.AllowUnsafeUpdates = true;
//断开原来列表项所继承的权限,使其可以设置独立权限
if (!_listitem.HasUniqueRoleAssignments)
{
_listitem.BreakRoleInheritance(true);
}
SPRoleAssignment role = _listitem.RoleAssignments.GetAssignmentByPrincipal(principal);
if (!string.IsNullOrWhiteSpace(DelegateName))
{
SPRoleDefinition def = _web.RoleDefinitions[DelegateName];
if (role != null)
{
if (role.RoleDefinitionBindings.Contains(def))
{
role.RoleDefinitionBindings.Remove(def);
role.Update();
_listitem.SystemUpdate(false);
}
}
}
else
{
if (role != null)
{
role.RoleDefinitionBindings.RemoveAll();
role.Update();
_listitem.SystemUpdate(false);
}
}
}
}
}
else
{
//throw new Exception("没有可以删除权限的员工或组织!");
}
}
catch (Exception ex)
{
}
});
}
private string GetOwner(SPPrincipal p)
{
if (p is SPGroup)
{
return((p as SPGroup).Owner.ToString());
}
return(string.Empty);
}
void IterateWebRoles(SPWeb web, SPRoleDefinition instructorRole, SPRoleDefinition learnerRole, bool instructorsOnly, bool hideDisabledUsers)
{
web.AllowUnsafeUpdates = true; // enable web.AllUsers.AddCollection()
foreach (SPRoleAssignment roleAssignment in web.RoleAssignments)
{
// determine if this role assignment refers to an instructor or a learner; skip it if it's neither
bool isInstructor = false;
if (instructorRole != null)
{
isInstructor = roleAssignment.RoleDefinitionBindings.Contains(instructorRole);
}
bool isLearner = false;
if (instructorsOnly == false && learnerRole != null)
{
isLearner = roleAssignment.RoleDefinitionBindings.Contains(learnerRole);
}
if (isInstructor == false && isLearner == false)
{
continue;
}
// process the role assignment
SPPrincipal member = roleAssignment.Member;
SPUser spUser = member as SPUser;
SPGroup spGroup = member as SPGroup;
if (spUser != null)
{
AddSPUserAsMember(web, spUser, isInstructor, isLearner, startTime, null, hideDisabledUsers);
}
else if (spGroup != null)
{
// role assignment member is a SharePoint group...
SlkGroup learnerGroup = null;
if (isLearner)
{
learnerGroup = new SlkGroup(spGroup, null);
learnerGroup.UserKeys = new List <string>();
}
// add users from the domain group to the collections of instructors, learners, and/or this learner group, as appropriate
foreach (SPUser spUserInGroup in spGroup.Users)
{
AddSPUserAsMember(web, spUserInGroup, isInstructor, isLearner, startTime, learnerGroup, hideDisabledUsers);
}
if (isLearner)
{
if (learnerGroup.UserKeys.Count > 0)
{
learnerGroups.Add(learnerGroup);
}
}
}
}
}
internal PrincipalInfo(object userObject, object providerUserId, SPPrincipal parentPrincipal)
{
CommonHelper.ConfirmNotNull(userObject, "userObject");
CommonHelper.ConfirmNotNull(providerUserId, "providerUserId");
CommonHelper.ConfirmNotNull(parentPrincipal, "parentPrincipal");
this.ObjectType = userObject.GetType();
this.ProviderUserId = providerUserId;
this.IsResolved = true;
this.ParentPrincipal = parentPrincipal;
}
public static void SetPermissions(this SPList list, SPPrincipal principal, SPRoleDefinition roleDefinition)
{
if (list != null)
{
SPRoleAssignment roleAssignment = new SPRoleAssignment(principal);
roleAssignment.RoleDefinitionBindings.Add(roleDefinition);
list.RoleAssignments.Add(roleAssignment);
}
}
private void MatchSPFieldTypeUser(SPWeb contextSPWeb, SPListItem targetSPListItem, SPField targetSPField,
string sourceValue)
{
// transform non-user values into user type
string[] nameArr = sourceValue.Split(new[] { ';' }, StringSplitOptions.RemoveEmptyEntries);
// create list of user names
SPFieldUserValueCollection spFieldUserValueCollection = new SPFieldUserValueCollection();
foreach (string name in nameArr)
{
SPPrincipal spPrincipal = null;
// checking if this string is the name of a SharePoint group
foreach (SPGroup spGroup in contextSPWeb.SiteGroups)
{
if (spGroup.Name == name.Trim())
{
spPrincipal = spGroup;
break;
}
}
// the value is not a group; try to set it as a user then.
if (spPrincipal == null)
{
try
{
spPrincipal = contextSPWeb.EnsureUser(name.Trim());
}
catch
{
}
}
// add to user collection
if (spPrincipal != null)
{
spFieldUserValueCollection.Add(
new SPFieldUserValue(contextSPWeb, spPrincipal.ID, spPrincipal.Name));
}
}
// set multi-user fields to new user collection
if ((targetSPField as SPFieldUser).AllowMultipleValues)
{
targetSPListItem[targetSPField.Id] = spFieldUserValueCollection;
}
// set single-user fields to just one user value
else
{
targetSPListItem[targetSPField.Id] = spFieldUserValueCollection[0];
}
}
public static void AssignPermissions(this SPSecurableObject securableObject, SPPrincipal principal, SPRoleDefinition roleDefinition, bool replaceAllDefinitions = false, bool copyRoleAssignments = false, bool clearSubscopes = true)
{
if (securableObject is SPWeb)
{
if (!securableObject.HasUniqueRoleAssignments)
{
securableObject.BreakRoleInheritance(copyRoleAssignments, clearSubscopes);
}
}
else
{
securableObject.BreakRoleInheritance(copyRoleAssignments, clearSubscopes);
}
SPRoleAssignment roleAssignment = GetAssignment(securableObject, principal);
if (roleAssignment != null)
{
if (replaceAllDefinitions)
{
roleAssignment.RoleDefinitionBindings.RemoveAll();
roleAssignment.RoleDefinitionBindings.Add(roleDefinition);
}
else
{
if (!roleAssignment.RoleDefinitionBindings.Contains(roleDefinition))
{
roleAssignment.RoleDefinitionBindings.Add(roleDefinition);
}
}
try
{
roleAssignment.Update();
}
catch (ArgumentException)
{
//Note: fix for 'Cannot update a permission level assignment that is not part of a permission level assignment collection.'
securableObject.RoleAssignments.Add(roleAssignment);
}
}
else
{
roleAssignment = new SPRoleAssignment(principal);
if (!roleAssignment.RoleDefinitionBindings.Contains(roleDefinition))
{
roleAssignment.RoleDefinitionBindings.Add(roleDefinition);
}
securableObject.RoleAssignments.Add(roleAssignment);
}
}
/// <summary>
/// Initializes a new instance of the <see cref="PrincipalValue"/> class.
/// </summary>
/// <param name="principal">The principal.</param>
internal PrincipalValue(SPPrincipal principal)
{
if (principal == null)
{
throw new ArgumentNullException("principal");
}
this.Id = principal.ID;
this.DisplayName = principal.Name;
this.LoginName = principal.LoginName;
}
/// <summary>
/// Initializes a new instance of the <see cref="PrincipalValue"/> class.
/// </summary>
/// <param name="principal">The principal.</param>
internal PrincipalValue(SPPrincipal principal)
{
if (principal == null)
{
throw new ArgumentNullException("principal");
}
this.Id = principal.ID;
this.DisplayName = principal.Name;
this.LoginName = principal.LoginName;
}
/// <summary>
/// Add role assignment for the principal into web
/// </summary>
/// <param name="web"></param>
/// <param name="principal"></param>
/// <param name="permissionLevel"></param>
public static void AddRoleAssignment(SPWeb web, SPPrincipal principal, string permissionLevel)
{
var roleDefinition = GetRoleDefinition(web, permissionLevel);
if (roleDefinition == null)
{
throw new ArgumentNullException(permissionLevel);
}
var roleAssignment = new SPRoleAssignment(principal);
roleAssignment.RoleDefinitionBindings.Add(roleDefinition);
web.RoleAssignments.Add(roleAssignment);
}
protected void bind_role(SPListItem item, SPPrincipal principal, SPRoleDefinition definition)
{
try
{
SPRoleAssignment assignment = new SPRoleAssignment(principal);
assignment.RoleDefinitionBindings.Add(definition);
item.RoleAssignments.Add(assignment);
}
catch (Exception ex)
{
throw ex;
}
}
public void RemoveRole(SPSecurableObject target, SPPrincipal principal, SPRoleType roleType)
{
if (roleType == SPRoleType.None)
{
throw new ArgumentException("Removing custom RoleDefinitions is not supported.");
}
var assignment = target.RoleAssignments.Cast<SPRoleAssignment>().FirstOrDefault(x => x.Member.ID == principal.ID && x.RoleDefinitionBindings.Cast<SPRoleDefinition>().Any(r => r.Type == roleType));
if (assignment != null)
{
EnsureBrokenRoleInheritance(target);
assignment = target.RoleAssignments.Cast<SPRoleAssignment>().FirstOrDefault(x => x.Member.ID == principal.ID);
foreach (var role in assignment.RoleDefinitionBindings.Cast<SPRoleDefinition>().Where(x => x.Type == roleType).ToArray())
{
assignment.RoleDefinitionBindings.Remove(role);
}
assignment.Update();
}
}
public void RemoveAllRoles(SPSecurableObject target, SPPrincipal principal)
{
// Break the Role Inheritance if it's necessary
EnsureBrokenRoleInheritance(target);
// remove the roleAssignment from the item
target.RoleAssignments.Remove(principal);
}
public void AddRole(SPListItem listItem, SPPrincipal principal, SPRoleType roleType)
{
AddRole(listItem.Web, listItem, principal, roleType);
}
/// <summary>
/// Clear role assignment of principal from web
/// </summary>
/// <param name="web"></param>
/// <param name="principal"></param>
public static void ClearRoleAssignment(SPWeb web, SPPrincipal principal)
{
var roleAssignment = web.RoleAssignments.GetAssignmentByPrincipal(principal);
roleAssignment.RoleDefinitionBindings.RemoveAll();
}
public void AddRole(SPList list, SPPrincipal principal, string roleDefinitionName)
{
AddRole(list.ParentWeb, list, principal, roleDefinitionName);
}
public void AddRole(SPWeb web, SPPrincipal principal, SPRoleType roleType)
{
AddRole(web, web, principal, roleType);
}
public static void AssignPermissions(this SPSecurableObject securableObject, SPPrincipal principal, string roleDefinitionName, bool replaceAllDefinitions = false, bool copyRoleAssignments = false, bool clearSubscopes = true)
{
SPWeb web = principal.ParentWeb;
SPRoleDefinition roleDefinition = web.RoleDefinitions[roleDefinitionName];
AssignPermissions(securableObject, principal, roleDefinition, replaceAllDefinitions, copyRoleAssignments, clearSubscopes);
}
public static SPRoleAssignment GetAssignment(this SPSecurableObject securableObject, SPPrincipal principal)
{
var roleAssignments = securableObject.RoleAssignments;
if (securableObject.RoleAssignments == null)
return null;
try
{
return roleAssignments.GetAssignmentByPrincipal(principal);
}
catch (ArgumentException)
{
return null;
}
}
internal static void AddRole(SPWeb web, SPSecurableObject target, SPPrincipal principal, string roleDefinitionName)
{
var roleToAdd = web.RoleDefinitions.Cast<SPRoleDefinition>().FirstOrDefault(x => x.Name == roleDefinitionName);
if (roleToAdd != null)
{
EnsureBrokenRoleInheritance(target);
var assignments = target.RoleAssignments.Cast<SPRoleAssignment>().FirstOrDefault(x => x.Member.ID == principal.ID);
if (assignments == null)
{
assignments = new SPRoleAssignment(principal);
assignments.RoleDefinitionBindings.Add(roleToAdd);
target.RoleAssignments.Add(assignments);
}
else
{
assignments.RoleDefinitionBindings.Add(roleToAdd);
assignments.Update();
}
}
else
{
throw new ArgumentException("No RoleDefinition found for the name " + roleDefinitionName);
}
}
public static SPControlMode Handle(string spInternalName,
SPControlMode formMode, Tabs tabs, FieldPermissions fPerms,
SPPrincipal princ, out bool isHidden)
{
SPControlMode result = SPControlMode.Invalid;
isHidden = false;
if (tabs != null)
{
foreach (Tab tab in tabs)
{
foreach (TabPermission tp in tab.Permissions)
{
if (ConditionEvaluator.EvaluateFromListItem(tp.Conditions)
&& PrincipalEvaluator.Check(tp.ForSPPrinciples,
tp.BySPPrinciplesOperator))
{
if (tab.Fields.Any<Field>
(f => f.SPName.Equals(spInternalName,
StringComparison.InvariantCultureIgnoreCase)))
{
if (tp.OnForms.Contains(Enums.SPForms.New)
&& formMode == SPControlMode.New
|| tp.OnForms.Contains(Enums.SPForms.View)
&& formMode == SPControlMode.Display
|| tp.OnForms.Contains(Enums.SPForms.Edit)
&& formMode == SPControlMode.Edit)
{
switch (tp.Level)
{
case Enums.PermissionLevel.Read:
result = SPControlMode.Display; isHidden = false;
break;
case Enums.PermissionLevel.Write:
if (formMode == SPControlMode.Edit)
result = SPControlMode.Edit;
else
result = SPControlMode.New;
isHidden = false;
break;
case Enums.PermissionLevel.Deny:
isHidden = true;
result = SPControlMode.Invalid;
break;
}
}
}
}
}
}
}
//FieldPermissionCheck:
if (fPerms != null)
{
foreach (FieldPermission fp in fPerms)
{
if (ConditionEvaluator.EvaluateFromListItem(fp.Conditions)
&& PrincipalEvaluator.Check(fp.ForSPPrinciples,
fp.BySPPrinciplesOperator))
{
if (fp.OnField.SPName.Equals(spInternalName,
StringComparison.InvariantCultureIgnoreCase))
{
if (fp.OnForms.Contains(Enums.SPForms.New)
&& formMode == SPControlMode.New
|| fp.OnForms.Contains(Enums.SPForms.View)
&& formMode == SPControlMode.Display
|| fp.OnForms.Contains(Enums.SPForms.Edit)
&& formMode == SPControlMode.Edit)
{
switch (fp.Level)
{
case Enums.PermissionLevel.Read:
result = SPControlMode.Display; isHidden = false;
goto FinishPermissionCheck;
case Enums.PermissionLevel.Write:
if (formMode == SPControlMode.Edit)
result = SPControlMode.Edit;
else
result = SPControlMode.New;
isHidden = false;
goto FinishPermissionCheck;
case Enums.PermissionLevel.Deny:
isHidden = true;
result = SPControlMode.Invalid;
break;
}
}
}
}
}
}
FinishPermissionCheck:
return result;
}
public void AddRole(SPList list, SPPrincipal principal, SPRoleType roleType)
{
AddRole(list.ParentWeb, list, principal, roleType);
}
private static bool DoesPrincipalHasPermissions(ISecurableObject item, SPPrincipal principal, SPBasePermissions permissions)
{
SPRoleAssignment roleAssignment = null;
try
{
roleAssignment = item.RoleAssignments.GetAssignmentByPrincipal(principal);
}
catch
{
//if the user has no permission on the item (SPPrincipal is not in permissionlist -> item.RoleAssignments is empty), an exception is thrown.
return false;
}
foreach (SPRoleDefinition definition in roleAssignment.RoleDefinitionBindings)
{
if ((definition.BasePermissions & permissions) == permissions)
{
return true;
}
}
return false;
}
public void AddRole(SPListItem listItem, SPPrincipal principal, string roleDefinitionName)
{
AddRole(listItem.Web, listItem, principal, roleDefinitionName);
}
/// <summary>
/// Gets the users of the SharePoint principal.
/// This method will also check users in the active directory groups.
/// </summary>
/// <param name="principal">The SharePoint principal.</param>
/// <returns>A list of the SPUsers in the SharePoint principal</returns>
/// <exception cref="System.ArgumentNullException">
/// Principal is null
/// </exception>
public IList<SPUser> GetUsersInPrincipal(SPPrincipal principal)
{
if (principal == null)
{
throw new ArgumentNullException("principal");
}
List<SPUser> allUsers = new List<SPUser>();
principal.ParentWeb.RunAsSystem(elevatedWeb =>
{
try
{
elevatedWeb.AllowUnsafeUpdates = true;
SPUser user = principal as SPUser;
if (user != null)
{
if (user.IsDomainGroup)
{
bool reachedMaxCount;
// Be careful, this method return AD groups too regardless to their permissions in the current SharePoint site
SPPrincipalInfo[] groupMembers = SPUtility.GetPrincipalsInGroup(elevatedWeb, principal.LoginName, 9999, out reachedMaxCount);
if (groupMembers != null)
{
foreach (SPPrincipalInfo member in groupMembers)
{
switch (member.PrincipalType)
{
case SPPrincipalType.SecurityGroup:
case SPPrincipalType.DistributionList:
{
var usersInPrincipal = GetUsersInPrincipal(elevatedWeb.EnsureUser(member.LoginName));
// Only add users to the all users list if they are not already there.
allUsers.AddRange(usersInPrincipal.Where(u => !HasUserInList(allUsers, u)));
break;
}
case SPPrincipalType.User:
{
var memberUser = elevatedWeb.EnsureUser(member.LoginName);
if (!HasUserInList(allUsers, memberUser))
{
allUsers.Add(memberUser);
}
break;
}
}
}
}
}
else
{
// Only add the user to the all users list if they are not already there.
if (!HasUserInList(allUsers, user))
{
allUsers.Add(user);
}
}
}
else
{
SPGroup group = principal as SPGroup;
foreach (SPUser groupUser in group.Users)
{
var usersInPrincipal = GetUsersInPrincipal(groupUser);
// Only add users to the all users list if they are not already there.
allUsers.AddRange(usersInPrincipal.Where(u => !HasUserInList(allUsers, u)));
}
}
}
finally
{
elevatedWeb.AllowUnsafeUpdates = false;
}
});
return allUsers;
}
public void AddRole(SPWeb web, SPPrincipal principal, string roleDefinitionName)
{
AddRole(web, web, principal, roleDefinitionName);
}
public static bool AssignmentExists(this SPSecurableObject securableObject, SPPrincipal principal)
{
return (GetAssignment(securableObject, principal) != null);
}
/// <summary>
/// Gets the role assignement.
/// </summary>
/// <param name="securableObject">The securable object.</param>
/// <param name="principal">The principal.</param>
/// <returns></returns>
private static SPRoleAssignment GetRoleAssignement(SPSecurableObject securableObject, SPPrincipal principal)
{
SPRoleAssignment ra = null;
try
{
ra = securableObject.RoleAssignments.GetAssignmentByPrincipal(principal);
}
catch (ArgumentException)
{ }
return ra;
}
/// <summary>
/// Verifies if the target SharePoint group was granted permissions at the site level.
/// </summary>
/// <param name="spWeb">Represents an instance of the Homework Tracking Site as a SPWeb object.</param>
/// <param name="spRoleType">Represents the permission to check </param>
/// <param name="spTargetGroup">Represents an instance of the target SharePoint group.</param>
/// <returns>True/Fase if group was granted permissions or not.</returns>
private static bool CheckSiteLevelPermissions(SPWeb spWeb, SPRoleType spRoleType, SPPrincipal spTargetGroup)
{
bool SiteLevelUser = false;
foreach (SPRoleAssignment roleAssignment in spWeb.RoleAssignments)
{
if (roleAssignment.Member.Name == spTargetGroup.Name)
{
SiteLevelUser = true;
//SPRoleDefinition currentRoleDef = spWeb.RoleDefinitions.GetByType(spRoleType);
//SPRoleDefinitionBindingCollection spRoleDefs = roleAssignment.RoleDefinitionBindings;
//foreach (SPRoleDefinition spRoleDef in spRoleDefs)
//{
// if (spRoleDef == currentRoleDef)
// {
// SiteLevelUser = true;
// }
//}
}
}
return SiteLevelUser;
}
