SharePoint 2103 Check user permission on list
一、需求: check user 对SharePoint list 的permission
代码如下:
1 private static string GetListPermission(SPList list, string loginName) 2 { 3 string perStr = string.Empty; 4 SPSecurity.RunWithElevatedPrivileges(() => 5 { 6 try 7 { 8 SPUser user = list.ParentWeb.Users[loginName]; 9 SPRoleAssignment roleAssignment = list.RoleAssignments.GetAssignmentByPrincipal(user); 10 SPRoleDefinitionBindingCollection defColl = roleAssignment.RoleDefinitionBindings; 11 foreach (SPRoleDefinition roleDef in defColl) 12 { 13 perStr += roleDef.Name + ";"; 14 } 15 } 16 catch (Exception) 17 { 18 logger.Debug("Get user permission by list.GetUserEffectivePermissionInfo method, list title: {0}, loginName: {1}.", list.Title, loginName); 19 try 20 { 21 SPPermissionInfo permissionInfo = list.GetUserEffectivePermissionInfo(loginName); 22 var roleAssignments = permissionInfo.RoleAssignments; 23 foreach (SPRoleAssignment roleAssignment in roleAssignments) 24 { 25 SPRoleDefinitionBindingCollection roleDefColl = roleAssignment.RoleDefinitionBindings; 26 foreach (SPRoleDefinition roleDef in roleDefColl) 27 { 28 perStr += roleDef.Name + ";"; 29 } 30 } 31 } 32 catch (Exception ex) 33 { 34 logger.Error("An error occurred while getting permission by list.GetUserEffectivePermissionInfo method, list title: {0}, loginName: {1}, exception; {2}.", 35 list.Title, loginName, ex.ToString()); 36 } 37 } 38 }); 39 return perStr; 40 }
注意: catch中的代码作用是check,当user是AD group中的member,但却不单独存在于web userInformation list中,此时如果直接获取user SPRoleAssignment,则抛‘Index is out of range’, 所以这样的user可以通过
list.GetUserEffectivePermissionInfo(loginName); 来获取SPPermissionInfo,然后再获取user的SPRoleDefinition,有的读者会问,为什么不直接通过catch中的方法获取,这样无论这个user是否只存在于AD group中都不会抛异常
可以正确的获取到SPRoleDefinition,其实是可以的,之所以这样做,原因在于效率问题。
二、需求: set permission to list
代码如下:
1 private static void SetLibPermission(SPList list, bool isRead) 2 { 3 try 4 { 5 SPSecurity.RunWithElevatedPrivileges(() => 6 { 7 bool hasUnique = list.HasUniqueRoleAssignments; 8 list.ParentWeb.AllowUnsafeUpdates = true; 9 if (!hasUnique) 10 { 11 list.BreakRoleInheritance(false); 12 list.Update(); 13 } 14 try 15 { 16 SPUser user = list.ParentWeb.EnsureUser(userInfo.Key); 17 SPRoleDefinitionCollection objDefiColl = list.ParentWeb.RoleDefinitions; 18 SPRoleAssignment objRoleAssign = new SPRoleAssignment(user); 19 SPRoleDefinition roleDefination = null; 20 if (isRead) 21 { 22 roleDefination = objDefiColl.GetByType(SPRoleType.Reader); 23 } 24 else 25 { 26 roleDefination = objDefiColl.GetByType(SPRoleType.Contributor); 27 } 28 objRoleAssign.RoleDefinitionBindings.Add(roleDefination); 29 list.RoleAssignments.Add(objRoleAssign); 30 } 31 catch (Exception ex) 32 { 33 34 } 35 list.Update(); 36 list.ParentWeb.AllowUnsafeUpdates = false; 37 }); 38 39 } 40 catch (Exception ex) 41 { 42 43 } 44 }
注意:给list赋权限,需要打破继承,具体可以根据实际需求
代码中的userInfo.Key即为loginName
list.ParentWeb.EnsureUser(userInfo.Key);即把user保存到user information list中