sharepoint文档库权限控制
在某一项目中,用户有如下需求:用户上传到文档库的文件或是在文档库中新建的文件夹,他们能够自己设置权限,并且新上传的文件或是新建的文件夹对于自己来说拥有“完全控制权限”,对其他用户只拥有读取权限,该用户有权让其他用户拥有“参与讨论”或是“权限设置”的权限。
public
class
NewDocumentControlPermission : SPItemEventReceiver
{
public
override
void
ItemAdded(SPItemEventProperties properties)
{
//base.ItemAdded(properties);
try
{
SPSecurity.RunWithElevatedPrivileges(
delegate
()
{
using
(SPSite site =
new
SPSite(properties.SiteId))
{
using
(SPWeb web = site.OpenWeb(properties.OpenWeb().ID))
{
web.AllowUnsafeUpdates =
true
;
SPUser user = web.Users.GetByID(properties.CurrentUserId);
SPListItem item = properties.ListItem;
//获得触发此事件的用户的登录名
SPRoleAssignment ra1 =
new
SPRoleAssignment(web.EnsureUser(user.LoginName));
ra1.RoleDefinitionBindings.Add(web.RoleDefinitions[
"完全控制"
]);
item.BreakRoleInheritance(
true
);
item.RoleAssignments.Add(ra1);
for
(
int
count = 0; count < item.RoleAssignments.Count; count++)
{
SPRoleAssignment spra = item.RoleAssignments[count];
for
(
int
i = 0; i < spra.RoleDefinitionBindings.Count; i++)
{
//if (spra.RoleDefinitionBindings[i].Name == "受限访问")
//{
// item.BreakRoleInheritance(true);
// item.RoleAssignments.Remove(spra.Member);
//}
if
(spra.RoleDefinitionBindings[i].Name ==
"参与讨论"
)
{
if
(!spra.RoleDefinitionBindings.Contains(web.RoleDefinitions[
"读取"
]))
{
spra.RoleDefinitionBindings.Add(web.RoleDefinitions[
"读取"
]);
}
spra.RoleDefinitionBindings.Remove(web.RoleDefinitions[
"参与讨论"
]);
//item.RoleAssignments[count].RoleDefinitionBindings[i].Update();
spra.Update();
item.SystemUpdate(
false
);
}
else
if
(spra.RoleDefinitionBindings[i].Name ==
"用户权限"
)
{
if
(!spra.RoleDefinitionBindings.Contains(web.RoleDefinitions[
"读取"
]))
{
spra.RoleDefinitionBindings.Add(web.RoleDefinitions[
"读取"
]);
}
spra.RoleDefinitionBindings.Remove(web.RoleDefinitions[
"用户权限"
]);
//spra.RoleDefinitionBindings[i].Update();
spra.Update();
item.SystemUpdate(
false
);
}
}
}
web.AllowUnsafeUpdates =
false
;
}
}
});
}
catch
{ }
}
}
另一个是针对于上传新文件的EventHandler,此EventHandler的写法与列表的EventHandler写法大不相同,废话少说,代码如下:
public
class
ControlPermission : IListEventSink
{
void
IListEventSink.OnEvent(Microsoft.SharePoint.SPListEvent listEvent)
{
try
{
if
(listEvent.Type == SPListEventType.Insert)
//增加{}
{
SPSecurity.RunWithElevatedPrivileges(
delegate
()
{
SPWeb web = listEvent.Site.OpenWeb();
SPFile file = web.GetFile(listEvent.UrlAfter);
SPListItem item = file.Item;
//添加个人完全权限
SPUser user = file.Author;
SPRoleAssignment sa =
new
SPRoleAssignment((SPPrincipal)user);
SPRoleDefinition role = web.RoleDefinitions[
"完全控制"
];
sa.RoleDefinitionBindings.Add(role);
item.BreakRoleInheritance(
true
);
item.RoleAssignments.Add(sa);
//修改部门全体为读取权限
for
(
int
count = 0; count < item.RoleAssignments.Count; count++)
{
SPRoleAssignment spra = item.RoleAssignments[count];
for
(
int
i = 0; i < spra.RoleDefinitionBindings.Count; i++)
{
//if (spra.RoleDefinitionBindings[i].Name == "受限访问")
//{
// item.BreakRoleInheritance(true);
// item.RoleAssignments.Remove(spra.Member);
//}
if
(spra.RoleDefinitionBindings[i].Name ==
"参与讨论"
)
{
if
(!spra.RoleDefinitionBindings.Contains(web.RoleDefinitions[
"读取"
]))
{
spra.RoleDefinitionBindings.Add(web.RoleDefinitions[
"读取"
]);
}
spra.RoleDefinitionBindings.Remove(web.RoleDefinitions[
"参与讨论"
]);
//item.RoleAssignments[count].RoleDefinitionBindings[i].Update();
spra.Update();
item.SystemUpdate(
false
);
}
else
if
(spra.RoleDefinitionBindings[i].Name ==
"用户权限"
)
{
if
(!spra.RoleDefinitionBindings.Contains(web.RoleDefinitions[
"读取"
]))
{
spra.RoleDefinitionBindings.Add(web.RoleDefinitions[
"读取"
]);
}
spra.RoleDefinitionBindings.Remove(web.RoleDefinitions[
"用户权限"
]);
//spra.RoleDefinitionBindings[i].Update();
spra.Update();
item.SystemUpdate(
false
);
}
}
}
});
}
}
catch
{ }
}
}