sharepoint文档库权限控制
在某一项目中,用户有如下需求:用户上传到文档库的文件或是在文档库中新建的文件夹,他们能够自己设置权限,并且新上传的文件或是新建的文件夹对于自己来说拥有“完全控制权限”,对其他用户只拥有读取权限,该用户有权让其他用户拥有“参与讨论”或是“权限设置”的权限。
public class NewDocumentControlPermission : SPItemEventReceiver { public override void ItemAdded(SPItemEventProperties properties) { //base.ItemAdded(properties); try { SPSecurity.RunWithElevatedPrivileges(delegate() { using (SPSite site = new SPSite(properties.SiteId)) { using (SPWeb web = site.OpenWeb(properties.OpenWeb().ID)) { web.AllowUnsafeUpdates = true; SPUser user = web.Users.GetByID(properties.CurrentUserId); SPListItem item = properties.ListItem; //获得触发此事件的用户的登录名 SPRoleAssignment ra1 = new SPRoleAssignment(web.EnsureUser(user.LoginName)); ra1.RoleDefinitionBindings.Add(web.RoleDefinitions["完全控制"]); item.BreakRoleInheritance(true); item.RoleAssignments.Add(ra1); for (int count = 0; count < item.RoleAssignments.Count; count++) { SPRoleAssignment spra = item.RoleAssignments[count]; for (int i = 0; i < spra.RoleDefinitionBindings.Count; i++) { //if (spra.RoleDefinitionBindings[i].Name == "受限访问") //{ // item.BreakRoleInheritance(true); // item.RoleAssignments.Remove(spra.Member); //} if (spra.RoleDefinitionBindings[i].Name == "参与讨论") { if (!spra.RoleDefinitionBindings.Contains(web.RoleDefinitions["读取"])) { spra.RoleDefinitionBindings.Add(web.RoleDefinitions["读取"]); } spra.RoleDefinitionBindings.Remove(web.RoleDefinitions["参与讨论"]); //item.RoleAssignments[count].RoleDefinitionBindings[i].Update(); spra.Update(); item.SystemUpdate(false); } else if (spra.RoleDefinitionBindings[i].Name == "用户权限") { if (!spra.RoleDefinitionBindings.Contains(web.RoleDefinitions["读取"])) { spra.RoleDefinitionBindings.Add(web.RoleDefinitions["读取"]); } spra.RoleDefinitionBindings.Remove(web.RoleDefinitions["用户权限"]); //spra.RoleDefinitionBindings[i].Update(); spra.Update(); item.SystemUpdate(false); } } } web.AllowUnsafeUpdates = false; } } }); } catch { } } }另一个是针对于上传新文件的EventHandler,此EventHandler的写法与列表的EventHandler写法大不相同,废话少说,代码如下:
public class ControlPermission : IListEventSink { void IListEventSink.OnEvent(Microsoft.SharePoint.SPListEvent listEvent) { try { if (listEvent.Type == SPListEventType.Insert)//增加{} { SPSecurity.RunWithElevatedPrivileges(delegate() { SPWeb web = listEvent.Site.OpenWeb(); SPFile file = web.GetFile(listEvent.UrlAfter); SPListItem item = file.Item; //添加个人完全权限 SPUser user = file.Author; SPRoleAssignment sa = new SPRoleAssignment((SPPrincipal)user); SPRoleDefinition role = web.RoleDefinitions["完全控制"]; sa.RoleDefinitionBindings.Add(role); item.BreakRoleInheritance(true); item.RoleAssignments.Add(sa); //修改部门全体为读取权限 for (int count = 0; count < item.RoleAssignments.Count; count++) { SPRoleAssignment spra = item.RoleAssignments[count]; for (int i = 0; i < spra.RoleDefinitionBindings.Count; i++) { //if (spra.RoleDefinitionBindings[i].Name == "受限访问") //{ // item.BreakRoleInheritance(true); // item.RoleAssignments.Remove(spra.Member); //} if (spra.RoleDefinitionBindings[i].Name == "参与讨论") { if (!spra.RoleDefinitionBindings.Contains(web.RoleDefinitions["读取"])) { spra.RoleDefinitionBindings.Add(web.RoleDefinitions["读取"]); } spra.RoleDefinitionBindings.Remove(web.RoleDefinitions["参与讨论"]); //item.RoleAssignments[count].RoleDefinitionBindings[i].Update(); spra.Update(); item.SystemUpdate(false); } else if (spra.RoleDefinitionBindings[i].Name == "用户权限") { if (!spra.RoleDefinitionBindings.Contains(web.RoleDefinitions["读取"])) { spra.RoleDefinitionBindings.Add(web.RoleDefinitions["读取"]); } spra.RoleDefinitionBindings.Remove(web.RoleDefinitions["用户权限"]); //spra.RoleDefinitionBindings[i].Update(); spra.Update(); item.SystemUpdate(false); } } } }); } } catch { } } }
