问题描述
我想知道我是否遗漏了什么.这是我将如何做到的:对于 SPFolder,我会更改关联项目的权限 (SPFolder.Item).所以我想管理 SPFolder 权限归结为管理 SPListItem 权限.对于 SPListItem,我首先会使用 SPListItem.BreakRoleInheritance() 中断角色继承,然后使用 RoleAssignments 集合在那里添加和删除角色.
I want to know if I'm missing something.Here's how I would do it:For SPFolder I would change the associtaed item's permissions (SPFolder.Item).So I suppose managing SPFolder permissions boils down to managing SPListItem permissions.For SPListItem I would frist break role inheritance with SPListItem.BreakRoleInheritance() and then work with RoleAssignments collections adding and removing roles there.
我想知道 RoleAssignments 是否是管理 SPListItem 权限(除了继承)的唯一方法,是否有一种方法可以在没有角色的情况下管理单个权限.还有 EffectiveBasePermissions 属性,但我不确定.
I wonder if RoleAssignments is the only way to manage SPListItem's permissions (besides inheritance) and is there a way to manage individual permissions without roles.There is also EffectiveBasePermissions property but I'm not sure.
所以问题是除了 RoleAssignments 集合之外,还有其他方法(除了继承)来管理 SPListItem 权限吗?
So the question isis there other ways (besides inheritance) to manage SPListItem permissions apart from the RoleAssignments collection?
@Edit:还有 AllRolesForCurrentUser,但我想您可以从 RoleAssignments 属性获得相同的信息,所以这个只是为了方便.
@ there's also AllRolesForCurrentUser, but I guess you can get the same info from the RoleAssignments property, so this one is just for convenience.
@Edit:正如 Flo 在他的回答中指出的那样,设置存在问题
@ As Flo notes in his answer there is a problem with setting
folder.ParentWeb.AllowUnsafeUpdates = true;
并使用带有false"参数的 BreakRoleInheritance(即不复制父对象的权限).
And using BreakRoleInheritance with argument of 'false' (i.e. without copying permissions of the parent object).
folder.Item.BreakRoleInheritance(false);
BreakRoleInheritance 在允许不安全更新后根本无法像您期望的那样处理 GET 请求.据推测,该方法将 AllowUnsafeUpdates 重置为false".
BreakRoleInheritance simply won't work on GET request as you'd expect after allowing unsafe updates. Presumably the method resets AllowUnsafeUpdates back to 'false'.
我知道的一种解决方法是在 BreakRoleInheritance(true) 之后手动删除继承的权限,如下所示:
One workaround I know for this is to manually delete the inherited permissions after you BreakRoleInheritance(true), like this:
folder.Item.BreakRoleInheritance(false);
while(folder.Item.RoleAssignments.Count > 0) {
folder.Item.RoleAssignments.Remove(0);
}
谢谢!
推荐答案
你说得非常对.我相信 RoleAssignments 确实是直接管理权限的唯一机制.这是一个 post 显示了如何执行此操作的快速示例.我也用过这些 两个 posts 当我做了一些更复杂的事情时.
You have it pretty much right. I believe that RoleAssignments are indeed the only mechanism for managing permissions directly. Here's a post that shows a quick example of how to do it. I also used these two posts when I did some more complicated things.
这篇关于Sharepoint:如何以编程方式管理 SPFolder 和 SPListItem 权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!