一、需求: check user 对SharePoint list 的permission
代码如下:
private static string GetListPermission(SPList list, string loginName)
{
string perStr = string.Empty;
SPSecurity.RunWithElevatedPrivileges(() =>
{
try
{
SPUser user = list.ParentWeb.Users[loginName];
SPRoleAssignment roleAssignment = list.RoleAssignments.GetAssignmentByPrincipal(user);
SPRoleDefinitionBindingCollection defColl = roleAssignment.RoleDefinitionBindings;
foreach (SPRoleDefinition roleDef in defColl)
{
perStr += roleDef.Name + ";";
}
}
catch (Exception)
{
logger.Debug("Get user permission by list.GetUserEffectivePermissionInfo method, list title: {0}, loginName: {1}.", list.Title, loginName);
try
{
SPPermissionInfo permissionInfo = list.GetUserEffectivePermissionInfo(loginName);
var roleAssignments = permissionInfo.RoleAssignments;
foreach (SPRoleAssignment roleAssignment in roleAssignments)
{
SPRoleDefinitionBindingCollection roleDefColl = roleAssignment.RoleDefinitionBindings;
foreach (SPRoleDefinition roleDef in roleDefColl)
{
perStr += roleDef.Name + ";";
}
}
}
catch (Exception ex)
{
logger.Error("An error occurred while getting permission by list.GetUserEffectivePermissionInfo method, list title: {0}, loginName: {1}, exception; {2}.",
list.Title, loginName, ex.ToString());
}
}
});
return perStr;
}
注意: catch中的代码作用是check,当user是AD group中的member,但却不单独存在于web userInformation list中,此时如果直接获取user SPRoleAssignment,则抛‘Index is out of range’, 所以这样的user可以通过
list.GetUserEffectivePermissionInfo(loginName); 来获取SPPermissionInfo,然后再获取user的SPRoleDefinition,有的读者会问,为什么不直接通过catch中的方法获取,这样无论这个user是否只存在于AD group中都不会抛异常
可以正确的获取到SPRoleDefinition,其实是可以的,之所以这样做,原因在于效率问题。
二、需求: set permission to list
代码如下:
private static void SetLibPermission(SPList list, bool isRead)
{
try
{
SPSecurity.RunWithElevatedPrivileges(() =>
{
bool hasUnique = list.HasUniqueRoleAssignments;
list.ParentWeb.AllowUnsafeUpdates = true;
if (!hasUnique)
{
list.BreakRoleInheritance(false);
list.Update();
}
try
{
SPUser user = list.ParentWeb.EnsureUser(userInfo.Key);
SPRoleDefinitionCollection objDefiColl = list.ParentWeb.RoleDefinitions;
SPRoleAssignment objRoleAssign = new SPRoleAssignment(user);
SPRoleDefinition roleDefination = null;
if (isRead)
{
roleDefination = objDefiColl.GetByType(SPRoleType.Reader);
}
else
{
roleDefination = objDefiColl.GetByType(SPRoleType.Contributor);
}
objRoleAssign.RoleDefinitionBindings.Add(roleDefination);
list.RoleAssignments.Add(objRoleAssign);
}
catch (Exception ex)
{ }
list.Update();
list.ParentWeb.AllowUnsafeUpdates = false;
}); }
catch (Exception ex)
{ }
}
注意:给list赋权限,需要打破继承,具体可以根据实际需求
代码中的userInfo.Key即为loginName
list.ParentWeb.EnsureUser(userInfo.Key);即把user保存到user information list中