向SharePoint 2010中添加Permission Level，Group，以及相应的User

在SharePoint Server 2010中权限管理涉及到的几个概念可以描述如下：

1：SharePoint Server 2010 Permission： SharePoint2010 Server中总共包含 33 种基本的permission（当然是通过二进制的每一位进行控制基本的permission），这些基本的permission分别控制着对各个基本对象的view，create，edit，delete 的基本操作。而且这些permission基本分为三大类：list permissions（包含item permissions）, site permissions, 和 personal permissions。 例如：site permissions 可以应用到制定的site上，list permissions可以应用到lists以及相应的items上， 而personal permissions可以应用到personal views 或者 private Web Parts 等。

2：Permission Level：每个 permission level 都是不同 permission 的一个集合，并且在代码程序中permission level将作为Role的一个属性值，通过Role Assignment的方式添加给对应的Group中，在SharePoint Server 2010中有5种默认的permission level，分别为：Full Control, Design, Contribute, Read, Limited Access. 在这5种permission level中除了Full Control和Limited Access 其他3中都是可以修改的，与此同时我们可以自定义我们自己的permission level。

3：Group：每个Group可以包含不同的permission level，也就是在这个Group里面的User可以操作具有操作权限的那些对象，与此同时，每个User可以在不同的Group中，那么这里会有一个permission叠加的逻辑，也就是计算User所具有的所有权限（将所有的所属Group的所有Permission Level中所有的Permission叠加在一起）。

更多关于SharePoint Permission 的概念 请看： http://technet.microsoft.com/en-us/library/cc721640(v=office.14).aspx 

接下来我们要用代码的方式实现：创建permission level， 然后创建具有permission level的group，之后将user添加到我们创建的group中。

在SharePoint Project中添加一个Feature 取名：CustomUserGroupFeature

在此Feature中添加一个EventHandler并完成功能代码

CustomUserGroupFeature.EventReceiver.cs

using System;
using System.Runtime.InteropServices;
using System.Security.Permissions;
using Microsoft.SharePoint;
using System.Linq;

namespace EricSunSharePointProject.Features.CustomUserGroupFeature
{
    /// <summary>
    /// This class handles events raised during feature activation, deactivation, installation, uninstallation, and upgrade.
    /// </summary>
    /// <remarks>
    /// The GUID attached to this class may be used during packaging and should not be modified.
    /// </remarks>

    [Guid("7ae2e739-1863-4b34-b3cb-a7fd6fd04fa4")]
    public class CustomUserGroupFeatureEventReceiver : SPFeatureReceiver
    {
        // Uncomment the method below to handle the event raised after a feature has been activated.

        //public override void FeatureActivated(SPFeatureReceiverProperties properties)
        //{
        //}


        // Uncomment the method below to handle the event raised before a feature is deactivated.

        //public override void FeatureDeactivating(SPFeatureReceiverProperties properties)
        //{
        //}


        // Uncomment the method below to handle the event raised after a feature has been installed.

        //public override void FeatureInstalled(SPFeatureReceiverProperties properties)
        //{
        //}


        // Uncomment the method below to handle the event raised before a feature is uninstalled.

        //public override void FeatureUninstalling(SPFeatureReceiverProperties properties)
        //{
        //}

        // Uncomment the method below to handle the event raised when a feature is upgrading.

        //public override void FeatureUpgrading(SPFeatureReceiverProperties properties, string upgradeActionName, System.Collections.Generic.IDictionary<string, string> parameters)
        //{
        //}

        const string Administrators = "EricSun Content Administrators";
        const string Approvers = "EricSun Content Approvers";

        public override void FeatureActivated(SPFeatureReceiverProperties properties)
        {
            string groupDescription = "EricSun Content";
            try
            {
                using (SPWeb web = properties.Feature.Parent as SPWeb)
                {
                    CreateSubSiteGroup(web, Administrators, GetAdministratorPermission(), groupDescription + " Administrators Group", Administrators, "Can view, add, update, delete, and customize list items and documents.");
                    CreateSubSiteGroup(web, Approvers, GetApproverPermission(), groupDescription + " Approvers Group", Approvers, "Can view, and approve list items and documents.");
                }
            }
            catch (SPException ex)
            {
            }
        }


        // Uncomment the method below to handle the event raised before a feature is deactivated.

        public override void FeatureDeactivating(SPFeatureReceiverProperties properties)
        {
            try
            {
                using (SPWeb web = properties.Feature.Parent as SPWeb)
                {
                    DeleteSubSiteGroup(web, Administrators);
                    DeleteSubSiteGroup(web, Approvers);
                }
            }
            catch (SPException ex)
            {
            }
        }


        /// <SUMMARY>
        /// Create group 
        /// </SUMMARY>
        private void CreateSubSiteGroup(SPWeb web, string groupName, SPBasePermissions PermissionLevel, string groupDescription, string roleName, string description)
        {
            try
            {
                SPUserCollection users = web.AllUsers;
                SPUser owner = web.SiteAdministrators[0];
                SPMember member = web.SiteAdministrators[0];
                SPGroupCollection groups = web.SiteGroups;
                if (!groups.Cast<SPGroup>().Any(g => g.Name.Equals(groupName, StringComparison.Ordinal)))
                {
                    //add new group if not found
                    groups.Add(groupName, member, owner, groupDescription);
                }
                SPGroup newSPGroup = groups[groupName];
                SPRoleDefinition role = new SPRoleDefinition();
                role.Name = roleName;
                role.Description = description;
                role.BasePermissions = PermissionLevel;
                if (!web.RoleDefinitions.Cast<SPRoleDefinition>().Any(r => r.Name.Equals(roleName, StringComparison.Ordinal)))
                {
                    //add role definition if not found
                    web.RoleDefinitions.Add(role);
                }
                role = web.RoleDefinitions[roleName];
                SPRoleAssignment roleAssignment = new SPRoleAssignment(newSPGroup);
                roleAssignment.RoleDefinitionBindings.Add(role);
                web.RoleAssignments.Add(roleAssignment);
                web.Update();
            }
            catch (SPException ex)
            {
            }
        }
        /// <SUMMARY>
        /// Delete group for subsite
        /// </SUMMARY>
        private void DeleteSubSiteGroup(SPWeb web, string groupName)
        {
            try
            {
                SPGroupCollection groups = web.SiteGroups;
                groups.Remove(groupName);
                web.Update();
            }
            catch (SPException ex)
            {
            }
        }
        /// <summary>
        /// 
        /// </summary>
        /// <returns></returns>
        private SPBasePermissions GetAdministratorPermission()
        {
            return SPBasePermissions.EditListItems | SPBasePermissions.ViewListItems | SPBasePermissions.DeleteListItems
                | SPBasePermissions.AddListItems | SPBasePermissions.OpenItems;
        }

        private SPBasePermissions GetApproverPermission()
        {
            return SPBasePermissions.ApproveItems;
        }
    }
}

。。。