SharePoint 2103 Check user permission on list

一、需求: check user 对SharePoint list 的permission

代码如下:

 1    private static string GetListPermission(SPList list, string loginName)
 2         {
 3             string perStr = string.Empty;
 4             SPSecurity.RunWithElevatedPrivileges(() =>
 5             {
 6                 try
 7                 {
 8                     SPUser user = list.ParentWeb.Users[loginName];
 9                     SPRoleAssignment roleAssignment = list.RoleAssignments.GetAssignmentByPrincipal(user);
10                     SPRoleDefinitionBindingCollection defColl = roleAssignment.RoleDefinitionBindings;
11                     foreach (SPRoleDefinition roleDef in defColl)
12                     {
13                         perStr += roleDef.Name + ";";
14                     }
15                 }
16                 catch (Exception)
17                 {
18                     logger.Debug("Get user permission by list.GetUserEffectivePermissionInfo method, list title: {0}, loginName: {1}.", list.Title, loginName);
19                     try
20                     {
21                         SPPermissionInfo permissionInfo = list.GetUserEffectivePermissionInfo(loginName);
22                         var roleAssignments = permissionInfo.RoleAssignments;
23                         foreach (SPRoleAssignment roleAssignment in roleAssignments)
24                         {
25                             SPRoleDefinitionBindingCollection roleDefColl = roleAssignment.RoleDefinitionBindings;
26                             foreach (SPRoleDefinition roleDef in roleDefColl)
27                             {
28                                 perStr += roleDef.Name + ";";
29                             }
30                         }
31                     }
32                     catch (Exception ex)
33                     {
34                         logger.Error("An error occurred while getting permission by list.GetUserEffectivePermissionInfo method, list title: {0}, loginName: {1}, exception; {2}.",
35                             list.Title, loginName, ex.ToString());
36                     }
37                 }
38             });
39             return perStr;
40         }
View Code

注意: catch中的代码作用是check,当user是AD group中的member,但却不单独存在于web userInformation list中,此时如果直接获取user  SPRoleAssignment,则抛‘Index is out of range’, 所以这样的user可以通过

list.GetUserEffectivePermissionInfo(loginName); 来获取SPPermissionInfo,然后再获取user的SPRoleDefinition,有的读者会问,为什么不直接通过catch中的方法获取,这样无论这个user是否只存在于AD group中都不会抛异常

可以正确的获取到SPRoleDefinition,其实是可以的,之所以这样做,原因在于效率问题。

二、需求: set permission to list

代码如下:

 1 private static void SetLibPermission(SPList list,  bool isRead)
 2         {
 3             try
 4             {
 5                 SPSecurity.RunWithElevatedPrivileges(() =>
 6                 {
 7                     bool hasUnique = list.HasUniqueRoleAssignments;
 8                     list.ParentWeb.AllowUnsafeUpdates = true;
 9                     if (!hasUnique)
10                     {
11                         list.BreakRoleInheritance(false);
12                         list.Update();
13                     }
14                        try
15                         {
16                             SPUser user = list.ParentWeb.EnsureUser(userInfo.Key);
17                             SPRoleDefinitionCollection objDefiColl = list.ParentWeb.RoleDefinitions;
18                             SPRoleAssignment objRoleAssign = new SPRoleAssignment(user);
19                             SPRoleDefinition roleDefination = null;
20                             if (isRead)
21                             {
22                                 roleDefination = objDefiColl.GetByType(SPRoleType.Reader);
23                             }
24                             else
25                             {
26                                 roleDefination = objDefiColl.GetByType(SPRoleType.Contributor);
27                             }
28                             objRoleAssign.RoleDefinitionBindings.Add(roleDefination);
29                             list.RoleAssignments.Add(objRoleAssign);
30                         }
31                         catch (Exception ex)
32                         {
33                            
34                         }
35                     list.Update();
36                     list.ParentWeb.AllowUnsafeUpdates = false;
37                 });
38 
39             }
40             catch (Exception ex)
41             {
42                
43             }
44         }
View Code


注意:给list赋权限,需要打破继承,具体可以根据实际需求

       代码中的userInfo.Key即为loginName

       list.ParentWeb.EnsureUser(userInfo.Key);即把user保存到user information list中

posted @ 2016-12-28 14:33  云霄宇霁  阅读(195)  评论(0编辑  收藏  举报