public static void SetReadOnly(SPListItem item, int userId)
{
SPWeb web = item.Web;
bool allowUnsafeUpdates = web.AllowUnsafeUpdates;
web.AllowUnsafeUpdates = true;
if (!item.HasUniqueRoleAssignments)
{
item.BreakRoleInheritance(true);
}
web.AllowUnsafeUpdates = true;
SPRoleAssignmentCollection roleAssignments = item.RoleAssignments;
for (int i = roleAssignments.Count - 1; i > -1; i--)
{
SPRoleAssignment assignment = roleAssignments[i];
if (assignment.Member.ID == userId)
{
SPRoleDefinitionBindingCollection roleDefinitionBindings = assignment.RoleDefinitionBindings;
if ((roleDefinitionBindings.Count != 1) || (roleDefinitionBindings[0].Type != SPRoleType.Reader))
{
roleDefinitionBindings.RemoveAll();
SPRoleDefinition byType = web.RoleDefinitions.GetByType(SPRoleType.Reader);
roleDefinitionBindings.Add(byType);
assignment.Update();
}
break;
}
}
web.AllowUnsafeUpdates = allowUnsafeUpdates;
}
public static void ClearRights(SPListItem item)
{
SPWeb web = item.Web;
bool allowUnsafeUpdates = web.AllowUnsafeUpdates;
web.AllowUnsafeUpdates = true;
if (!item.HasUniqueRoleAssignments)
{
item.BreakRoleInheritance(false);
if (web.AssociatedOwnerGroup != null)
{
var roleAssignment = new SPRoleAssignment(web.AssociatedOwnerGroup);
SPRoleDefinition byType = web.RoleDefinitions.GetByType(SPRoleType.Administrator);
roleAssignment.RoleDefinitionBindings.Add(byType);
item.RoleAssignments.Add(roleAssignment);
}
}
else
{
const int num = 0x3fffffff;
int num2 = (web.AssociatedOwnerGroup != null) ? web.AssociatedOwnerGroup.ID : -1;
for (int i = item.RoleAssignments.Count - 1; i >= 0; i--)
{
int iD = item.RoleAssignments[i].Member.ID;
if ((iD != num) && (iD != num2))
{
item.RoleAssignments.Remove(i);
}
}
}
web.AllowUnsafeUpdates = allowUnsafeUpdates;
}
public static void SetPermissions(this SPList list, SPUser user, SPRoleDefinition roleDefinition)
{
if (list != null)
{
SetPermissions(list, (SPPrincipal)user, roleDefinition);
}
}
public override bool Perform()
{
LogMessage("Removing management of personal views from Contribute2 permission level", 2);
try
{
Web.AllowUnsafeUpdates = true;
SPRoleDefinition roleDef = Web.RoleDefinitions["Contribute2"];
if (roleDef.BasePermissions.ToString().Contains(SPBasePermissions.ManagePersonalViews.ToString()))
{
roleDef.BasePermissions &= ~SPBasePermissions.ManagePersonalViews;
roleDef.Update();
Web.Update();
LogMessage("Removed management of personal views from Contribute2 permission level", MessageKind.SUCCESS, 4);
}
else
{
LogMessage("Management of personal views already removed from Contribute2 permission level.", MessageKind.SKIPPED, 4);
}
Web.AllowUnsafeUpdates = false;
}
catch (Exception ex)
{
LogMessage(ex.Message, MessageKind.FAILURE, 4);
}
return(true);
}
protected void assign_roles(SPWeb web, SPListItem item, SPListItem project, string field_name, string field_guid, SPRoleDefinition definition)
{
try
{
string value = project[field_name].ToString();
SPFieldUserValueCollection field_user_value = (SPFieldUserValueCollection)project.Fields[new Guid(field_guid)].GetFieldValue(value);
foreach (SPFieldUserValue user_value in field_user_value)
{
if (user_value.User == null)
{
SPGroup group = web.SiteGroups.GetByID(user_value.LookupId);
bind_role(item, group, definition);
}
else
{
bind_role(item, user_value.User, definition);
}
}
}
catch (Exception ex)
{
log(web.Site, "为项目【" + project["Title"] + "】的【" + field_name + "】的文档授权时发生错误", "错误", ex.ToString());
}
}
/// <summary>
/// Adds a given permission to the root SPWeb of a given SPSite, if it doesn't exist.
/// An optional set of base permissions are added to the permission.
/// </summary>
///
/// <param name="spSiteGuid">The GUID of the SPSite to add permissions to the root SPWeb of.
/// </param>
///
/// <param name="permissionName">The name of the permission to create.</param>
///
/// <param name="permissionDescription">The description of the permission to create.</param>
///
/// <param name="basePermissionsToAdd">Base permissions to add to the permission. Use 0 if
/// no base permissions need to be added.</param>
///
static void CreatePermission(Guid spSiteGuid, string permissionName,
string permissionDescription, SPBasePermissions basePermissionsToAdd)
{
SPSecurity.RunWithElevatedPrivileges(delegate()
{
using (SPSite spSite = new SPSite(spSiteGuid))
{
using (SPWeb rootWeb = spSite.RootWeb)
{
SPRoleDefinitionCollection roleDefs = rootWeb.RoleDefinitions;
try
{
SPRoleDefinition roleDef = roleDefs[permissionName];
roleDef.BasePermissions |= basePermissionsToAdd;
roleDef.Update();
// permission already exists
}
catch (SPException)
{
// permission doesn't exist -- create it
SPRoleDefinition roleDef = new SPRoleDefinition();
roleDef.Name = permissionName;
roleDef.Description = permissionDescription;
roleDef.BasePermissions |= basePermissionsToAdd;
roleDefs.Add(roleDef);
}
}
}
});
}
/// <summary>
/// 给Item授权
/// </summary>
/// <param name="principal"></param>
/// <param name="web"></param>
/// <param name="ListItem"></param>
/// <param name="DelegateName"></param>
public static void DelegateForListItem(SPPrincipal principal, SPWeb web, SPListItem ListItem, string DelegateName)
{
SPSecurity.RunWithElevatedPrivileges(delegate()
{
try
{
using (SPSite site = new SPSite(web.Site.ID))
{
using (SPWeb _web = site.OpenWeb(web.ServerRelativeUrl))
{
SPListItem _listitem = _web.Lists[ListItem.ParentList.ID].GetItemById(ListItem.ID);
_web.AllowUnsafeUpdates = true;
SPRoleAssignment sra = new SPRoleAssignment(principal);
SPRoleDefinition srd = _web.RoleDefinitions[DelegateName];
sra.RoleDefinitionBindings.Add(srd);
_listitem.BreakRoleInheritance(true, false);
_listitem.RoleAssignments.Add(sra);
_listitem.Update();
}
}
}
catch (Exception ex)
{
}
});
}
/// <summary>
/// Adds a new permission level to the web.
/// </summary>
/// <param name = "web"></param>
/// <param name = "name"></param>
/// <param name = "description"></param>
/// <param name = "permissions"></param>
public static void CreatePermissionLevel(SPWeb web, string name, string description,
SPBasePermissions permissions)
{
if (!web.IsRootWeb && !web.HasUniqueRoleDefinitions)
{
throw new NotSupportedException("This web must be broken permission before adding new permission level.");
}
var roleDefinition = GetRoleDefinition(web, name);
if (roleDefinition != null)
{
if (roleDefinition.BasePermissions != permissions || roleDefinition.Description != description)
{
roleDefinition.BasePermissions = permissions;
roleDefinition.Description = description;
roleDefinition.Update();
}
}
else
{
roleDefinition = new SPRoleDefinition
{
Name = name,
Description = description,
BasePermissions = permissions
};
web.RoleDefinitions.Add(roleDefinition);
}
}
public static bool IsGroupInItemRole(this SPListItem item, SPPrincipal group, int roleId)
{
SPRoleAssignment AssignmentsOfGroup;
SPRoleDefinition roleDefinition = item.Web.RoleDefinitions.GetById(roleId);
try
{
AssignmentsOfGroup = item.RoleAssignments.GetAssignmentByPrincipal(group);
}
catch
{
return(false);
}
SPRoleDefinitionBindingCollection RoleBindingsOfGroup = AssignmentsOfGroup.RoleDefinitionBindings;
if (RoleBindingsOfGroup.Contains(roleDefinition))
{
return(true);
}
else
{
return(false);
}
}
public static void AssignPermissions(this SPSecurableObject securableObject, SPPrincipal principal, string roleDefinitionName, bool replaceAllDefinitions = false, bool copyRoleAssignments = false, bool clearSubscopes = true)
{
SPWeb web = principal.ParentWeb;
SPRoleDefinition roleDefinition = web.RoleDefinitions[roleDefinitionName];
AssignPermissions(securableObject, principal, roleDefinition, replaceAllDefinitions, copyRoleAssignments, clearSubscopes);
}
/// <summary>Finds all Slk members of a site.</summary>
/// <param name="web">The site to get the members for.</param>
/// <param name="store">The ISlkStore to use.</param>
/// <param name="instructorsOnly">Whether to only get instructors or not.</param>
public void FindAllSlkMembers(SPWeb web, ISlkStore store, bool instructorsOnly)
{
if (web == null)
{
throw new ArgumentNullException("web");
}
this.store = store;
// keep track of when this method started, for timeout purposes
startTime = DateTime.Now;
// Verify that the SPWeb is in the SPSite associated with this SlkStore, because if it
// isn't then the code below below may be using the wrong SLK instructor and learner
// permission names; for example, the SPSite of this SlkStore may name the instructor
// permission "SLK Instructor", but <web> may be in a different SPSite which might name
// the instructor permission "SLK Teacher"
if (web.Site.ID != store.SPSiteGuid)
{
throw new InvalidOperationException(culture.Resources.SPWebDoesNotMatchSlkSPSite);
}
// Security checks: Fails if the user isn't an instructor and a Reader (implemented by EnsureInstructor)
// since we use SPSecurity.RunWithElevatedPrivileges, we need to make sure the current user is an instructor
if (instructorsOnly == false)
{
store.EnsureInstructor(web);
}
SlkSPSiteMapping mapping = store.Mapping;
SPRoleDefinition instructorRole = FindRole(web, mapping.InstructorPermission);
SPRoleDefinition learnerRole = FindRole(web, mapping.LearnerPermission);
domainGroupEnumeratorType = store.Settings.DomainGroupEnumeratorType;
domainGroupEnumeratorAssembly = store.Settings.DomainGroupEnumeratorAssembly;
SPSecurity.RunWithElevatedPrivileges(delegate()
{
using (SPSite site2 = new SPSite(web.Url))
{
using (SPWeb elevatedWeb = site2.OpenWeb())
{
IterateWebRoles(elevatedWeb, instructorRole, learnerRole, instructorsOnly, store.Settings.HideDisabledUsers);
}
}
});
store.AssignUserItemIdentifier(users.Values);
// populate the Users property of each item in <learnerGroups>
foreach (SlkGroup learnerGroup in learnerGroups)
{
foreach (string userKey in learnerGroup.UserKeys)
{
learnerGroup.AddUser(users[userKey]);
}
}
learnerGroups.Sort();
}
/// <summary>
/// First attempts to locate an OOTB role definition from the SPRoleType enumeration. If no role matches the
/// provided name, it iterates over all roles in the SPWeb until it finds the matching definition.
/// </summary>
/// <param name="web">the web containing role definitions</param>
/// <param name="roleName">the name of the role desired</param>
/// <param name="roleDef"></param>
/// <returns>returns True if a match is found, otherwise false</returns>
public static bool TryGetRoleDefinition(this SPWeb web, string roleName, out SPRoleDefinition roleDef)
{
bool retVal = false;
SPRoleDefinitionCollection roles = web.RoleDefinitions;
try
{
// Try to get the definition based on the OOTB RoleTypes (Reader, Contributor, etc), ignoring case
roleDef = roles.GetByType((SPRoleType)Enum.Parse(typeof(SPRoleType), roleName, true));
}
catch (Exception x)
{
Logger.Instance.Info("Error in TryGetRoleDefinition", x, DiagnosticsCategories.eCaseExtensions);
roleDef = null;
}
if (roleDef == null)
{
foreach (SPRoleDefinition role in roles)
{
// Case insensitive comparison
if (string.Compare(role.Name, roleName, true) == 0)
{
roleDef = role;
break;
}
}
}
return(retVal);
}
public static void CreateSubSiteGroup(SPWeb web, string groupName, string PermissionLevel, string groupDescription)
{
try
{
web.AllowUnsafeUpdates = true;
SPUserCollection users = web.AllUsers;
SPUser owner = web.SiteAdministrators[0];
SPMember member = web.SiteAdministrators[0];
SPGroupCollection groups = web.SiteGroups;
groups.Add(groupName, member, owner, groupDescription);
SPGroup newSPGroup = groups[groupName];
newSPGroup.OnlyAllowMembersViewMembership = false;
newSPGroup.Update();
SPRoleDefinition role = web.RoleDefinitions[PermissionLevel];
SPRoleAssignment roleAssignment = new SPRoleAssignment(newSPGroup);
roleAssignment.RoleDefinitionBindings.Add(role);
web.RoleAssignments.Add(roleAssignment);
web.Update();
web.AllowUnsafeUpdates = false;
}
catch (Exception ex)
{
ULSLogger.LogErrorInULS(ex.Message, TraceSeverity.Unexpected);
}
}
public override void FeatureActivated(SPFeatureReceiverProperties properties)
{
SPWeb web = (SPWeb)properties.Feature.Parent;
SPMember owner = web.SiteAdministrators[0];
SPUser user = (SPUser)owner;
if (!GroupExistsInSite(web, "Riverstone TFS Default Members"))
{
web.SiteGroups.Add("Riverstone TFS Default Members", owner, user, "This group contains the Riverstone Active Directory groups that have access to TFS portal sites by default.");
}
SPGroup defaultGroup = web.SiteGroups["Riverstone TFS Default Members"];
defaultGroup.OnlyAllowMembersViewMembership = false;
defaultGroup.Update();
SPRoleAssignment roleAssignment = new SPRoleAssignment(defaultGroup);
SPRoleDefinition contributeDefinition = web.RoleDefinitions["Contribute"];
roleAssignment.RoleDefinitionBindings.Add(contributeDefinition);
if (!GroupExistsInWeb(web, "Riverstone TFS Default Members"))
{
web.RoleAssignments.Add(roleAssignment);
}
AddUserToGroup(defaultGroup, "trg\\biudatasmes");
AddUserToGroup(defaultGroup, "trg\\biuoperations");
AddUserToGroup(defaultGroup, "trg\\biureporting");
AddUserToGroup(defaultGroup, "trg\\dataarchitect");
AddUserToGroup(defaultGroup, "trg\\developer");
AddUserToGroup(defaultGroup, "trg\\enterprisearchitect");
AddUserToGroup(defaultGroup, "trg\\pmuba");
AddUserToGroup(defaultGroup, "trg\\pmupm");
AddUserToGroup(defaultGroup, "trg\\tfsadministrator");
AddUserToGroup(defaultGroup, "trg\\OpsManagement");
}
internal static SPRoleDefinition AddRoleDefinition(SPRoleDefinitionCollection roles, string name, string description, SPBasePermissions permissions, int order)
{
SPRoleDefinition role = null;
try
{
role = roles[name];
role.BasePermissions = permissions;
role.Description = description;
role.Order = order;
}
catch (SPException exception)
{
if (-2146232832 != exception.ErrorCode)
{
throw;
}
role = new SPRoleDefinition();
role.Name = name;
role.Description = description;
role.BasePermissions = permissions;
role.Order = order;
roles.Add(role);
role = roles[name];
}
return(role);
}
private void AddPermissionsProd(SPListItem item, SPPrincipal principal, SPRoleDefinition roleDefinition)
{
SPRoleAssignment ra = new SPRoleAssignment(principal);
ra.RoleDefinitionBindings.Add(roleDefinition);
item.RoleAssignments.Add(ra);
}
private void EnableFormsLockDown(SPFeatureReceiverProperties properties)
{
if (properties.Feature.Parent is SPSite)
{
SPSite site = (SPSite)properties.Feature.Parent;
foreach (SPWeb web in site.AllWebs)
{
try
{
//SPWeb rootWeb = site.RootWeb;
SPRoleDefinition guestRole = web.RoleDefinitions.GetByType(SPRoleType.Guest);
guestRole.BasePermissions &= ~(SPBasePermissions.EmptyMask | SPBasePermissions.ViewFormPages);
guestRole.BasePermissions &= ~SPBasePermissions.UseRemoteAPIs;
guestRole.BasePermissions |= SPBasePermissions.ViewVersions;
guestRole.Update();
SPBasePermissions guest = guestRole.BasePermissions;
web.AnonymousPermMask64 &= ~(SPBasePermissions.UseRemoteAPIs | SPBasePermissions.ViewFormPages);
web.Update();
web.AnonymousPermMask64 |= SPBasePermissions.ViewVersions;
web.Update();
SPBasePermissions permissions = web.AnonymousPermMask64;
}
catch (Exception ex)
{
SPDiagnosticsService.Local.WriteTrace(0, new SPDiagnosticsCategory(ex.Source, TraceSeverity.High, EventSeverity.Error), TraceSeverity.High, ex.Message, ex.Data);
}
}
}
}
public static void CreateGroup(SPWeb web)
{
DeleteGroup(web);
try
{
web.SiteGroups.Add(Language.SMUGroupName, web.AssociatedOwnerGroup, null, Language.SMUGroupDescription);
SPGroup grp = web.SiteGroups.Cast <SPGroup>().FirstOrDefault(p => p.Name == Language.SMUGroupName);
if (grp == null)
{
throw new Exception(Language.GroupCreateError);
}
if (!web.HasUniqueRoleAssignments)
{
throw new Exception(Language.WebInheritsAssignments);
}
SPRoleAssignment ass = new SPRoleAssignment(grp);
SPRoleDefinition def = web.RoleDefinitions[Language.SMUPermissionName];
ass.RoleDefinitionBindings.Add(def);
web.RoleAssignments.Add(ass);
web.Update();
}
catch (Exception ex)
{
DeleteGroup(web);
WriteException(ex);
throw ex;
}
}
/// <summary>
/// Adds the specified user to the specified role for the specified list. Breaks Role Inheritance on the List Item if it hasn't already been broken.
/// </summary>
/// <param name="sourceWeb"></param>
/// <param name="list"></param>
/// <param name="principal"></param>
/// <param name="roleTypeValue"></param>
public static void AddListPermissionsForPrincipal(SPWeb sourceWeb, SPList list, SPPrincipal principal, SPRoleType roleTypeValue)
{
if (principal == null)
{
throw new ArgumentNullException("principal");
}
SPRoleAssignment roleAssignment = new SPRoleAssignment(principal);
SPRoleDefinition roleDefinition = sourceWeb.RoleDefinitions.GetByType(roleTypeValue);
roleAssignment.RoleDefinitionBindings.Add(roleDefinition);
sourceWeb.AllowUnsafeUpdates = true;
try
{
if (!list.HasUniqueRoleAssignments)
{
list.BreakRoleInheritance(true);
}
sourceWeb.AllowUnsafeUpdates = true;
list.RoleAssignments.Add(roleAssignment);
list.Update();
}
finally
{
sourceWeb.AllowUnsafeUpdates = false;
}
}
private void CreateSubSiteGroup(SPWeb web, string groupName, SPRoleType roleType, string groupDescription)
{
var groupInSite = GroupExistsInSiteCollection(web, groupName);
if (!groupInSite)
{
web.AllowUnsafeUpdates = true;
web.Update();
web.BreakRoleInheritance(false);
SPGroupCollection groups = web.SiteGroups;
//for (int i = 0; i < web.SiteAdministrators.Count; i++)
//{
// SPUser owner = web.SiteAdministrators[i];
// SPMember member = web.SiteAdministrators[i];
//}
SPUser owner = web.SiteAdministrators[0];
SPMember member = web.SiteAdministrators[0];
groups.Add(groupName, member, owner, groupDescription);
SPGroup newSPGroup = groups[groupName];
SPRoleDefinition role = web.RoleDefinitions.GetByType(roleType);
SPRoleAssignment roleAssignment = new SPRoleAssignment(newSPGroup);
roleAssignment.RoleDefinitionBindings.Add(role);
web.RoleAssignments.Add(roleAssignment);
web.Update();
}
}
private void setupWebUserGroup(SPWeb web, string groupName, SPRoleType role, string groupDescription = null)
{
SPGroup group = null;
try
{
group = web.SiteGroups[groupName];
log.addInformation("Existing Group '" + group.Name + "' found. Will attach to site " + web.ServerRelativeUrl.ToString());
}
catch
{
log.addWarning("'" + groupName + "' Group wasn't found. Will be created.");
web.SiteGroups.Add(groupName, web.CurrentUser, web.CurrentUser, groupDescription);
group = web.SiteGroups[groupName];
group.RemoveUser(web.CurrentUser);
}
finally
{
SPRoleDefinition roleDefinition = web.RoleDefinitions.GetByType(role);
SPRoleAssignment roleAssignment = new SPRoleAssignment(group);
roleAssignment.RoleDefinitionBindings.Add(roleDefinition);
web.RoleAssignments.Add(roleAssignment);
web.Update();
}
}
public override void FeatureActivated(SPFeatureReceiverProperties properties)
{
if (properties.Feature.Parent is SPWeb)
{
try
{
SPWeb subWeb = (SPWeb)properties.Feature.Parent;
if (!subWeb.IsRootWeb && !subWeb.HasUniqueRoleDefinitions)
{
subWeb.RoleDefinitions.BreakInheritance(true, false);
}
//subWeb.BreakRoleInheritance(true);
SPRoleDefinition guestRole = subWeb.RoleDefinitions.GetByType(SPRoleType.Guest);
guestRole.BasePermissions |= SPBasePermissions.EmptyMask | Microsoft.SharePoint.SPBasePermissions.ViewFormPages;// | Microsoft.SharePoint.SPBasePermissions.Open | Microsoft.SharePoint.SPBasePermissions.BrowseUserInfo | Microsoft.SharePoint.SPBasePermissions.UseClientIntegration | Microsoft.SharePoint.SPBasePermissions.UseRemoteAPIs;
guestRole.BasePermissions |= SPBasePermissions.UseRemoteAPIs;
//guestRole.BasePermissions = Microsoft.SharePoint.SPBasePermissions.ViewFormPages | Microsoft.SharePoint.SPBasePermissions.Open | Microsoft.SharePoint.SPBasePermissions.BrowseUserInfo | Microsoft.SharePoint.SPBasePermissions.UseClientIntegration | Microsoft.SharePoint.SPBasePermissions.UseRemoteAPIs ;
guestRole.Update();
//subWeb.AnonymousPermMask64 = Microsoft.SharePoint.SPBasePermissions.ViewListItems | Microsoft.SharePoint.SPBasePermissions.ViewFormPages | Microsoft.SharePoint.SPBasePermissions.Open | Microsoft.SharePoint.SPBasePermissions.ViewPages | Microsoft.SharePoint.SPBasePermissions.UseClientIntegration;
subWeb.Update();
}
catch (Exception ex)
{
SPDiagnosticsService.Local.WriteTrace(0, new SPDiagnosticsCategory(ex.Source, TraceSeverity.High, EventSeverity.Error), TraceSeverity.High, ex.Message, ex.Data);
//throw;
}
}
}
private void AssignRoles(SPWeb web, SPListItem item, SPRoleDefinition roleDef)
{
foreach (string principalName in Principals)
{
SPPrincipalInfo principalInfo = SPUtility.ResolvePrincipal(web.Site.WebApplication, null, principalName,
SPPrincipalType.All, SPPrincipalSource.All, false);
if (principalInfo != null)
{
SPRoleAssignment roleAssign = new SPRoleAssignment(principalInfo.LoginName, principalInfo.Email,
principalInfo.DisplayName, "");
roleAssign.RoleDefinitionBindings.Add(roleDef);
item.RoleAssignments.Add(roleAssign);
}
else
{
try
{
SPPrincipal group = web.SiteGroups[principalName];
SPRoleAssignment roleAssign = new SPRoleAssignment(group);
roleAssign.RoleDefinitionBindings.Add(roleDef);
item.RoleAssignments.Add(roleAssign);
}
catch (Exception ex)
{
SPRoleAssignment roleAssign = new SPRoleAssignment(principalName, "", "", "");
roleAssign.RoleDefinitionBindings.Add(roleDef);
item.RoleAssignments.Add(roleAssign);
}
}
}
}
private void SetGroupPermissions(SPWeb web, SPGroup group)
{
SetBaseLinePermissions(web, group);
string roleName = "";
switch (Role)
{
case "owner":
roleName = "Full Control";
break;
case "member":
roleName = "Contribute";
break;
default:
roleName = "Read";
break;
}
SPRoleAssignment assignment = new SPRoleAssignment(group);
SPRoleDefinition role = web.RoleDefinitions[roleName];
assignment.RoleDefinitionBindings.Add(role);
web.RoleAssignments.Add(assignment);
}
protected override ActivityExecutionStatus Execute(ActivityExecutionContext executionContext)
{
SPSecurity.RunWithElevatedPrivileges(delegate()
{
using (SPSite site = new SPSite(__Context.Site.ID))
{
using (SPWeb web = site.AllWebs[__Context.Web.ID])
{
SPList list = web.Lists[Helper.GetListGuid(__Context, ListId)];
SPListItem item = list.Items.GetItemById(__ListItem);
SPRoleDefinition roleDef = web.RoleDefinitions[RoleName];
if (item.HasUniqueRoleAssignments == false)
{
item.BreakRoleInheritance(true);
}
AssignRoles(web, item, roleDef);
}
}
});
return(ActivityExecutionStatus.Closed);
}
public static void SetReadOnly(SPListItem item)
{
SPWeb web = item.Web;
bool allowUnsafeUpdates = web.AllowUnsafeUpdates;
web.AllowUnsafeUpdates = true;
if (!item.HasUniqueRoleAssignments)
{
item.BreakRoleInheritance(true);
}
web.AllowUnsafeUpdates = true;
SPRoleAssignmentCollection roleAssignments = item.RoleAssignments;
int iD = web.Site.SystemAccount.ID;
int num2 = (web.AssociatedOwnerGroup != null) ? web.AssociatedOwnerGroup.ID : -1;
for (int i = roleAssignments.Count - 1; i > -1; i--)
{
SPRoleAssignment assignment = roleAssignments[i];
int num4 = assignment.Member.ID;
if ((num4 != iD) && (num4 != num2))
{
SPRoleDefinitionBindingCollection roleDefinitionBindings = assignment.RoleDefinitionBindings;
if ((roleDefinitionBindings.Count != 1) || (roleDefinitionBindings[0].Type != SPRoleType.Reader))
{
roleDefinitionBindings.RemoveAll();
SPRoleDefinition byType = web.RoleDefinitions.GetByType(SPRoleType.Reader);
roleDefinitionBindings.Add(byType);
assignment.Update();
}
}
}
web.AllowUnsafeUpdates = allowUnsafeUpdates;
}
/// <summary>
/// Adds a user to specified roles on the website
/// </summary>
/// <param name="SiteWeb">site to which the user will be assigned</param>
/// <param name="SiteUser">user to be added. Make sure its Roles collection contains some roles otherwise the user will not be added.</param>
private void AddSiteUser(CS4User siteUser)
{
string siteUrl = System.String.Empty;
SPSite site = null;
SPWeb siteWeb = null;
SPUser spUser = null;
foreach (CS4User.UserPermission userPermission in siteUser.UserRoles)
{
if (siteUrl != userPermission.WebUrl)
{
siteUrl = userPermission.WebUrl;
site = new SPSite(siteUrl);
siteWeb = site.OpenWeb();
try
{
spUser = siteWeb.SiteUsers[siteUser.UserLoginWithDomain];
}
catch
{
//user has not been added to this site yet
siteWeb.Users.Add(siteUser.UserLoginWithDomain, siteUser.Email, siteUser.UserName, "");
spUser = siteWeb.SiteUsers[siteUser.UserLoginWithDomain];
}
}
//siteWeb.Roles[userPermission.Role].AddUser(siteUser.UserLoginWithDomain, siteUser.Email, siteUser.UserName, "");
SPRoleAssignment roleAssignment = new SPRoleAssignment(spUser);
SPRoleDefinition roleDefinition = siteWeb.RoleDefinitions[userPermission.Role];
roleAssignment.RoleDefinitionBindings.Add(roleDefinition);
siteWeb.RoleAssignments.Add(roleAssignment);
}
}
public static void AssignRights(SPWeb web, SPFolder folder, object user, string role)
{
if (user == null)
{
return;
}
bool allowUnsafeUpdates = web.AllowUnsafeUpdates;
web.AllowUnsafeUpdates = true;
SPRoleDefinition roleDefinition = GetRoleDefinition(web, role);
if (user is string)
{
var value2 = new SPFieldUserValue(web, (string)user);
AssignRights(web, value2, roleDefinition, folder);
}
else if (user is SPFieldUserValueCollection)
{
AssignRights(web, (SPFieldUserValueCollection)user, roleDefinition, folder);
}
else if (user is SPFieldUserValue)
{
AssignRights(web, (SPFieldUserValue)user, roleDefinition, folder);
}
else if (user is SPPrincipal)
{
AssignRights(web, (SPPrincipal)user, roleDefinition, folder);
}
else if (user is List <SPPrincipal> )
{
AssignRights(web, (List <SPPrincipal>)user, roleDefinition, folder);
}
web.AllowUnsafeUpdates = allowUnsafeUpdates;
}
public static void AddPermissionsToItem(SPWeb web, SPListItem item, Dictionary <SPPrincipal, string[]> assignments)
{
if (!item.HasUniqueRoleAssignments)
{
item.BreakRoleInheritance(false);
}
while (item.RoleAssignments.Count > 0)
{
item.RoleAssignments.Remove(0);
}
foreach (SPPrincipal principal in assignments.Keys)
{
foreach (string itemAssignment in assignments[principal])
{
SPRoleDefinition roleDef = GetPermissionLevel(web, itemAssignment);
if (roleDef == null)
{
continue;
}
SPRoleAssignment roleAssignment = new SPRoleAssignment(principal);
roleAssignment.RoleDefinitionBindings.Add(roleDef);
item.RoleAssignments.Add(roleAssignment);
}
}
//item.Update();
}
private void AddCustomPermissions(SPListItem myItem, SPWeb web)
{
// Give Contribute to the author
SPRoleDefinition roledefinition = web.RoleDefinitions.GetByType(SPRoleType.Contributor);
SPRoleAssignment roleAssignment = new SPRoleAssignment(GetSPUser(myItem, "Author"));
roleAssignment.RoleDefinitionBindings.Add(roledefinition);
myItem.RoleAssignments.Add(roleAssignment);
// Give Read to anyone that the item has been shared with
if (myItem["SharedWith"] != null)
{
SPFieldUserValueCollection values = (SPFieldUserValueCollection)myItem["SharedWith"];
foreach (SPFieldUserValue value in values)
{
// Get a user from the key
var sharedUser = value.User;
// Change our role definition to Read
roledefinition = web.RoleDefinitions.GetByType(SPRoleType.Reader);
// Change our role assignment to the new user
roleAssignment = new SPRoleAssignment(sharedUser);
// Bind the new role
roleAssignment.RoleDefinitionBindings.Add(roledefinition);
myItem.RoleAssignments.Add(roleAssignment);
}
}
}
private void UpdatePrincipal(SPWeb web, XmlNode principalGroupNode, string principalName, SPRoleAssignment roleAssignment)
{
XmlNodeList roleNodes = principalGroupNode.SelectNodes("role");
foreach (XmlNode roleNode in roleNodes)
{
string roleName = roleNode.Attributes["name"].Value;
if (roleName.ToLower().Equals("limited access"))
{
roleName = "Limited User";
}
bool found = false;
foreach (SPRoleDefinition roleDefinition in roleAssignment.RoleDefinitionBindings)
{
if (roleDefinition.Name.ToLower().Equals(roleName.ToLower()))
{
found = true;
}
}
if (!found)
{
output.Append(string.Format("role: {0,15} missing for principal: {1,20}, adding new...",
roleName,
principalName));
SPRoleDefinition role = web.RoleDefinitions[roleName];
roleAssignment.RoleDefinitionBindings.Add(role);
roleAssignment.Update();
output.Append("completed" + Environment.NewLine);
}
}
}
public RoleDefinitionNode(SPRoleDefinition roleDef)
{
this.Tag = roleDef;
this.SPParent = roleDef.ParentWeb;
this.Setup();
this.Nodes.Add(new ExplorerNodeBase("Dummy"));
}
public static void AssignPermissions(this SPSecurableObject securableObject, SPPrincipal principal, SPRoleDefinition roleDefinition, bool replaceAllDefinitions = false, bool copyRoleAssignments = false, bool clearSubscopes = true)
{
if (securableObject is SPWeb)
{
if (!securableObject.HasUniqueRoleAssignments)
{
securableObject.BreakRoleInheritance(copyRoleAssignments, clearSubscopes);
}
}
else
{
securableObject.BreakRoleInheritance(copyRoleAssignments, clearSubscopes);
}
SPRoleAssignment roleAssignment = GetAssignment(securableObject, principal);
if (roleAssignment != null)
{
if (replaceAllDefinitions)
{
roleAssignment.RoleDefinitionBindings.RemoveAll();
roleAssignment.RoleDefinitionBindings.Add(roleDefinition);
}
else
{
if (!roleAssignment.RoleDefinitionBindings.Contains(roleDefinition))
{
roleAssignment.RoleDefinitionBindings.Add(roleDefinition);
}
}
try
{
roleAssignment.Update();
}
catch (ArgumentException)
{
//Note: fix for 'Cannot update a permission level assignment that is not part of a permission level assignment collection.'
securableObject.RoleAssignments.Add(roleAssignment);
}
}
else
{
roleAssignment = new SPRoleAssignment(principal);
if (!roleAssignment.RoleDefinitionBindings.Contains(roleDefinition))
{
roleAssignment.RoleDefinitionBindings.Add(roleDefinition);
}
securableObject.RoleAssignments.Add(roleAssignment);
}
}
protected void assign_role(SPSite site, SPListItem item, SPListItem project, string field_name, string field_guid, SPRoleDefinition definition)
{
try
{
string value = project[field_name].ToString();
SPFieldUserValue field_user_value = (SPFieldUserValue)project.Fields[new Guid(field_guid)].GetFieldValue(value);
bind_role(item, field_user_value.User, definition);
}
catch (Exception ex)
{
log(site, "为项目【" + project["Title"] + "】的【" + field_name + "】的文档授权时发生错误", "错误", ex.ToString());
}
}
protected void bind_role(SPListItem item, SPPrincipal principal, SPRoleDefinition definition)
{
try
{
SPRoleAssignment assignment = new SPRoleAssignment(principal);
assignment.RoleDefinitionBindings.Add(definition);
item.RoleAssignments.Add(assignment);
}
catch (Exception ex)
{
throw ex;
}
}
/// <summary>
/// 为某个SPPrincipal赋于针对某个SPListItem的权限. 权限由rd来决定.
/// </summary>
/// <param name="item">某个需要赋于权限的SPListItem</param>
/// <param name="spPrincipalName">用户登录名称或者是MOSS User Group, 如果是EMail地址, 则略过</param>
/// <param name="rd">需要赋于的权限级别名称</param>
public static void AddRoleAssignmentToListItem(SPListItem item, string spPrincipalName, SPRoleDefinition rd)
{
// 表明这个LoginName是电子邮件地址类型:SmtpAddress
if (spPrincipalName.IndexOf("@") >= 0)
return;
SPRoleAssignment ra = null;
// 如果spPrincipalName里面包含\, 则表示是一个AccountId, 否则是一个SPGroup
if (spPrincipalName.IndexOf("\\") >= 0)
ra = new SPRoleAssignment(spPrincipalName, string.Empty, string.Empty, string.Empty);
else
{
try
{
SPGroup group = item.Web.Groups[spPrincipalName];
if (group != null)
{
ra = new SPRoleAssignment(group);
}
}
catch { }
}
if (ra == null)
return;
SPRoleDefinition rd_temp = null;
// 特别处理的地方:rd在创建并添加到Web.RoleDefinitions之后, 还不能直接使用rd这个变量,可能是复制了一个副本,然后再添加到Collection中去的,所以这里需要从Collection中查找副本, 然后再对其进行引用
// 不可以直接写为: ra.RoleDefinitionBindings.Add(rd) ; 会报错称不能使用Web中未定义的RD
// 这个问题的本质原因在于创建类RoleDefinition之后, 前面拿到的SPWeb不会同步更新, 重新打开SPWeb就可以解决问题
for (int index = 0; index < item.Web.RoleDefinitions.Count; index++)
if (item.Web.RoleDefinitions[index].Name.ToLower() == rd.Name.ToLower())
rd_temp = item.Web.Site.RootWeb.RoleDefinitions[index];
ra.RoleDefinitionBindings.Add(rd_temp);
item.BreakRoleInheritance(false);
item.RoleAssignments.Add(ra);
}
static void CreateANewRoleDefinition()
{
//Show whats out there already for Permissions...
Dictionary<int, string> PermissionsDictionary = new Dictionary<int, string>();
Console.WriteLine("Possible permissions from the SPBasePermissions set.");
int counter = 0;
foreach (SPBasePermissions kind in Enum.GetValues(typeof(SPBasePermissions)))
{
counter++;
PermissionsDictionary.Add(counter, Enum.GetName(typeof(SPBasePermissions), kind));
}
foreach (KeyValuePair<int, string> entry in PermissionsDictionary)
{
Console.WriteLine("{0,-5}: {1,-30}", entry.Key, entry.Value);
}
Console.WriteLine("** END of current permissions**");
SPSecurity.RunWithElevatedPrivileges(delegate () {
//Lets's create the new RoleDefinition with 5 Permissions...
SPSite mySite = new SPSite("http://abcuniversity/_layouts/15/start.aspx");
SPWeb myWeb = mySite.OpenWeb();
Console.WriteLine("Lets create a new role definition from 5 existing permissions!");
SPRoleDefinition newRoleDefinition = new SPRoleDefinition();
for (int i = 0; i < 5; i++)
{
Console.Write("New permission #{0}: Choose a number -> ", i + 1);
int newPermissionNumberFromCollection = int.Parse(Console.ReadLine());
string newPermissionString = PermissionsDictionary[newPermissionNumberFromCollection].ToString();
SPBasePermissions actualPermission = (SPBasePermissions)Enum.Parse(typeof(SPBasePermissions), newPermissionString);
newRoleDefinition.BasePermissions |= actualPermission;
}
//The loop is the same as doing "newRoleDefinition.BasePermissions = SPBasePermissions.FirstNewOne |
// SPBasePermissions.SecondNewOne | SPBasePermissions.ThirdNewOne | etc...
Console.Write("Name your new role ->");
string roleName = Console.ReadLine();
newRoleDefinition.Name = roleName;
newRoleDefinition.Description = string.Format("A new role created from Visual Studio");
try
{
mySite.RootWeb.RoleDefinitions.Add(newRoleDefinition);
Console.WriteLine("New role added: {0}", newRoleDefinition);
}
catch (Exception ex)
{
Console.WriteLine("Role not added: {0}", ex.Message);
}
//Clean up your mess
myWeb.Dispose();
});
}
/// <summary>
/// Adds the role definitions.
/// </summary>
/// <param name="web">The web.</param>
/// <param name="roleAssignment">The role assignment.</param>
/// <param name="roleAssignmentElement">The role assignment element.</param>
/// <returns></returns>
private static bool AddRoleDefinitions(SPWeb web, SPRoleAssignment roleAssignment, XmlElement roleAssignmentElement)
{
bool modified = false;
foreach (XmlElement roleDefinitionElement in roleAssignmentElement.SelectNodes("RoleDefinitionBindings/RoleDefinition"))
{
string name = roleDefinitionElement.GetAttribute("Name");
if (name == "Limited Access")
continue;
SPRoleDefinition existingRoleDef = null;
try
{
existingRoleDef = web.RoleDefinitions[name];
}
catch (Exception) { }
if (existingRoleDef == null)
{
Logger.Write("Progress: Adding new Role Definition \"{0}\".", name);
SPBasePermissions perms = SPBasePermissions.EmptyMask;
foreach (string perm in roleDefinitionElement.GetAttribute("BasePermissions").Split(','))
{
perms = perms | (SPBasePermissions)Enum.Parse(typeof(SPBasePermissions), perm, true);
}
existingRoleDef = new SPRoleDefinition();
existingRoleDef.Name = name;
existingRoleDef.BasePermissions = perms;
existingRoleDef.Description = roleDefinitionElement.GetAttribute("Description");
existingRoleDef.Order = int.Parse(roleDefinitionElement.GetAttribute("Order"));
existingRoleDef.Update();
SPWeb tempWeb = web;
while (!tempWeb.HasUniqueRoleDefinitions)
tempWeb = tempWeb.ParentWeb;
tempWeb.RoleDefinitions.Add(existingRoleDef);
}
if (!roleAssignment.RoleDefinitionBindings.Contains(existingRoleDef))
{
roleAssignment.RoleDefinitionBindings.Add(existingRoleDef);
modified = true;
}
}
List<SPRoleDefinition> roleDefsToRemove = new List<SPRoleDefinition>();
foreach (SPRoleDefinition roleDef in roleAssignment.RoleDefinitionBindings)
{
if (roleDef.Name == "Limited Access")
continue;
bool found = false;
foreach (XmlElement roleDefinitionElement in roleAssignmentElement.SelectNodes("RoleDefinitionBindings/RoleDefinition"))
{
if (roleDef.Name == roleDefinitionElement.GetAttribute("Name"))
{
found = true;
break;
}
}
if (!found)
{
roleDefsToRemove.Add(roleDef);
modified = true;
}
}
foreach (SPRoleDefinition roleDef in roleDefsToRemove)
{
Logger.Write("Progress: Removing '{0}' from '{1}'", roleDef.Name, roleAssignment.Member.Name);
roleAssignment.RoleDefinitionBindings.Remove(roleDef);
}
return modified;
}
static void CopyAndCustomizeARoleDefinition()
{
SPSecurity.RunWithElevatedPrivileges(delegate () {
//Get an existing roledefinition
SPSite mySite = new SPSite("http://abcuniversity/_layouts/15/start.aspx");
SPWeb myWeb = mySite.OpenWeb();
//Get existingroledefinitions
Console.WriteLine("Here's the role definitions we have so far.");
foreach(SPRoleDefinition role in mySite.RootWeb.RoleDefinitions)
{
Console.WriteLine("{0}'\n'{1}'\n", role.Name, role.Description);
}
Console.Write("Hit any key to continue..."); Console.Read();
//create role definition
SPRoleDefinition definitionToCopy = mySite.RootWeb.RoleDefinitions["Read"];
definitionToCopy.Name = "Designer Reader";
definitionToCopy.Description = "Owns all Read permissions, plus the ability to configure CSS," +
"Themes, and Borders";
//Copy the exisitng definition...with the constructor!
SPRoleDefinition newDefinition = new SPRoleDefinition(definitionToCopy);
Console.WriteLine("Current permissions NOT configured for {0} level:", definitionToCopy.Name);
foreach (SPBasePermissions permission in Enum.GetValues(typeof(SPBasePermissions)))
{
if(!definitionToCopy.BasePermissions.HasFlag(permission))
{
Console.WriteLine(permission.ToString());
}
Console.WriteLine("Hit any key to continue and add two new permissions...");Console.Read();
//So lets add a couple of those to our new definition
newDefinition.BasePermissions |= SPBasePermissions.ApplyStyleSheets;
newDefinition.BasePermissions |= SPBasePermissions.ApplyThemeAndBorder;
try
{
mySite.RootWeb.RoleDefinitions.Add(newDefinition);
Console.WriteLine("New role added: {0}", newDefinition.Name);
}
catch (Exception ex)
{
Console.WriteLine("Role not added: {0}", ex.Message);
}
//Clean up your mess
myWeb.Dispose();
}
});
}
public void AddRoleDefinitions()
{
bool hasProjectManagerRole = false;
bool hasMapManagerRole = false;
bool hasAuthorRole = false;
bool hasReaderRole = false;
foreach (SPRoleDefinition definition in Site.RoleDefinitions)
{
if (definition.Name == GlymaProjectManagerRoleName)
{
hasProjectManagerRole = true;
}
if (definition.Name == GlymaMapManagerRoleName)
{
hasMapManagerRole = true;
}
if (definition.Name == GlymaAuthorRoleName)
{
hasAuthorRole = true;
}
if (definition.Name == GlymaReaderRoleName)
{
hasReaderRole = true;
}
if (hasProjectManagerRole && hasMapManagerRole && hasReaderRole && hasAuthorRole)
{
break;
}
}
if (!hasProjectManagerRole)
{
SPRoleDefinition glymaProjectManagerRole = new SPRoleDefinition();
glymaProjectManagerRole.Name = GlymaProjectManagerRoleName;
glymaProjectManagerRole.Description = "Users have access to create and modify projects in a Glyma map database.";
glymaProjectManagerRole.BasePermissions = SPBasePermissions.EmptyMask;
Site.RoleDefinitions.Add(glymaProjectManagerRole);
}
if (!hasMapManagerRole)
{
SPRoleDefinition glymaMapManagerRole = new SPRoleDefinition();
glymaMapManagerRole.Name = GlymaMapManagerRoleName;
glymaMapManagerRole.Description = "Users have access to create and modify root maps in a Glyma Project.";
glymaMapManagerRole.BasePermissions = SPBasePermissions.EmptyMask;
Site.RoleDefinitions.Add(glymaMapManagerRole);
}
if (!hasAuthorRole)
{
SPRoleDefinition glymaAuthorRole = new SPRoleDefinition();
glymaAuthorRole.Name = GlymaAuthorRoleName;
glymaAuthorRole.Description = "Users have access to create and modify Glyma maps.";
glymaAuthorRole.BasePermissions = SPBasePermissions.EmptyMask;
Site.RoleDefinitions.Add(glymaAuthorRole);
}
if (!hasReaderRole)
{
SPRoleDefinition glymaReaderRole = new SPRoleDefinition();
glymaReaderRole.Name = GlymaReaderRoleName;
glymaReaderRole.Description = "Users have access to read Glyma maps.";
glymaReaderRole.BasePermissions = SPBasePermissions.EmptyMask;
Site.RoleDefinitions.Add(glymaReaderRole);
}
SPPropertyBag propertyBag = Site.Properties;
propertyBag["Glyma.RolesDefined"] = "true";
propertyBag.Update();
if (!hasReaderRole || !hasAuthorRole)
{
Site.Update();
}
}
private static SPRoleDefinition CreateModifyFileRoleDefinition(SPWeb web)
{
SPRoleDefinition result = new SPRoleDefinition();
result.Name = SPRoleDefinationName_ModifyFile;
result.BasePermissions =
SPBasePermissions.EditListItems |
SPBasePermissions.OpenItems |
SPBasePermissions.ViewListItems |
SPBasePermissions.ManagePermissions |
SPBasePermissions.AddListItems |
SPBasePermissions.DeleteListItems |
SPBasePermissions.ViewPages |
SPBasePermissions.Open;
//SPBasePermissions
web.Site.RootWeb.RoleDefinitions.Add(result);
return result;
}
/// <summary> 在SPWeb上创建只包括查看权限的权限级别定义</summary>
/// <param name="web">站点对应的SPWeb</param>
/// <returns></returns>
private static SPRoleDefinition CreateViewListItemsRoleDefinition(SPWeb web)
{
SPRoleDefinition result = new SPRoleDefinition();
result.Name = SPRoleDefinationName_ViewListItem;
result.BasePermissions =
// Edit By Leo @ 23:02 2007-11-26. OpenItems权限使得User可以将文档下载到本地进行编辑, 应该禁用掉.
//SPBasePermissions.OpenItems |
SPBasePermissions.ViewListItems;
web.Site.RootWeb.RoleDefinitions.Add(result);
return result;
}
/// <summary>
/// Adds a new permission level to the web.
/// </summary>
/// <param name = "web"></param>
/// <param name = "name"></param>
/// <param name = "description"></param>
/// <param name = "permissions"></param>
public static void CreatePermissionLevel(SPWeb web, string name, string description,
SPBasePermissions permissions)
{
if (!web.IsRootWeb && !web.HasUniqueRoleDefinitions)
{
throw new NotSupportedException("This web must be broken permission before adding new permission level.");
}
var roleDefinition = GetRoleDefinition(web, name);
if (roleDefinition != null)
{
if (roleDefinition.BasePermissions != permissions || roleDefinition.Description != description)
{
roleDefinition.BasePermissions = permissions;
roleDefinition.Description = description;
roleDefinition.Update();
}
}
else
{
roleDefinition = new SPRoleDefinition
{
Name = name,
Description = description,
BasePermissions = permissions
};
web.RoleDefinitions.Add(roleDefinition);
}
}
protected override void ProcessRecord()
{
base.ProcessRecord();
SPWeb webToConfigure = GetRootWebFromIdentity(Identity);
if (webToConfigure == null)
{
WriteWarning("No valid 'Identity' specified. Identity must be a SPSite, SPWeb, site/web URL, or site colleciton ID.");
}
bool hasProjectManagerRole = false;
bool hasMapManagerRole = false;
bool hasAuthorRole = false;
bool hasReaderRole = false;
foreach (SPRoleDefinition definition in webToConfigure.RoleDefinitions)
{
if (definition.Name == GlymaProjectManagerRoleName)
{
hasProjectManagerRole = true;
}
if (definition.Name == GlymaMapManagerRoleName)
{
hasMapManagerRole = true;
}
if (definition.Name == GlymaAuthorRoleName)
{
hasAuthorRole = true;
}
if (definition.Name == GlymaReaderRoleName)
{
hasReaderRole = true;
}
if (hasProjectManagerRole && hasMapManagerRole && hasReaderRole && hasAuthorRole)
{
break;
}
}
if (!hasProjectManagerRole)
{
SPRoleDefinition glymaProjectManagerRole = new SPRoleDefinition();
glymaProjectManagerRole.Name = GlymaProjectManagerRoleName;
glymaProjectManagerRole.Description = "Users have access to create and modify projects in a Glyma map database.";
glymaProjectManagerRole.BasePermissions = SPBasePermissions.EmptyMask;
webToConfigure.RoleDefinitions.Add(glymaProjectManagerRole);
}
if (!hasMapManagerRole)
{
SPRoleDefinition glymaMapManagerRole = new SPRoleDefinition();
glymaMapManagerRole.Name = GlymaMapManagerRoleName;
glymaMapManagerRole.Description = "Users have access to create and modify root maps in a Glyma Project.";
glymaMapManagerRole.BasePermissions = SPBasePermissions.EmptyMask;
webToConfigure.RoleDefinitions.Add(glymaMapManagerRole);
}
if (!hasAuthorRole)
{
SPRoleDefinition glymaAuthorRole = new SPRoleDefinition();
glymaAuthorRole.Name = GlymaAuthorRoleName;
glymaAuthorRole.Description = "Users have access to create and modify Glyma maps.";
glymaAuthorRole.BasePermissions = SPBasePermissions.EmptyMask;
webToConfigure.RoleDefinitions.Add(glymaAuthorRole);
}
if (!hasReaderRole)
{
SPRoleDefinition glymaReaderRole = new SPRoleDefinition();
glymaReaderRole.Name = GlymaReaderRoleName;
glymaReaderRole.Description = "Users have access to read Glyma maps.";
glymaReaderRole.BasePermissions = SPBasePermissions.EmptyMask;
webToConfigure.RoleDefinitions.Add(glymaReaderRole);
}
SPPropertyBag propertyBag = webToConfigure.Properties;
propertyBag["Glyma.RolesDefined"] = "true";
propertyBag.Update();
if (!hasReaderRole || !hasAuthorRole)
{
webToConfigure.Update();
}
}
public SPDGServerRoleDefinition(SPRoleDefinition spRoleDefinition)
{
_spRoleDefinition = spRoleDefinition;
}
