• SharePoint 2103 Check user permission on list

    一、需求: check user 对SharePoint list 的permission

    代码如下:

     1    private static string GetListPermission(SPList list, string loginName)
 2         {
 3             string perStr = string.Empty;
 4             SPSecurity.RunWithElevatedPrivileges(() =>
 5             {
 6                 try
 7                 {
 8                     SPUser user = list.ParentWeb.Users[loginName];
 9                     SPRoleAssignment roleAssignment = list.RoleAssignments.GetAssignmentByPrincipal(user);
10                     SPRoleDefinitionBindingCollection defColl = roleAssignment.RoleDefinitionBindings;
11                     foreach (SPRoleDefinition roleDef in defColl)
12                     {
13                         perStr += roleDef.Name + ";";
14                     }
15                 }
16                 catch (Exception)
17                 {
18                     logger.Debug("Get user permission by list.GetUserEffectivePermissionInfo method, list title: {0}, loginName: {1}.", list.Title, loginName);
19                     try
20                     {
21                         SPPermissionInfo permissionInfo = list.GetUserEffectivePermissionInfo(loginName);
22                         var roleAssignments = permissionInfo.RoleAssignments;
23                         foreach (SPRoleAssignment roleAssignment in roleAssignments)
24                         {
25                             SPRoleDefinitionBindingCollection roleDefColl = roleAssignment.RoleDefinitionBindings;
26                             foreach (SPRoleDefinition roleDef in roleDefColl)
27                             {
28                                 perStr += roleDef.Name + ";";
29                             }
30                         }
31                     }
32                     catch (Exception ex)
33                     {
34                         logger.Error("An error occurred while getting permission by list.GetUserEffectivePermissionInfo method, list title: {0}, loginName: {1}, exception; {2}.",
35                             list.Title, loginName, ex.ToString());
36                     }
37                 }
38             });
39             return perStr;
40         }
    View Code

    注意: catch中的代码作用是check,当user是AD group中的member,但却不单独存在于web userInformation list中,此时如果直接获取user  SPRoleAssignment,则抛‘Index is out of range’, 所以这样的user可以通过

    list.GetUserEffectivePermissionInfo(loginName); 来获取SPPermissionInfo,然后再获取user的SPRoleDefinition,有的读者会问,为什么不直接通过catch中的方法获取,这样无论这个user是否只存在于AD group中都不会抛异常

    可以正确的获取到SPRoleDefinition,其实是可以的,之所以这样做,原因在于效率问题。

    二、需求: set permission to list

    代码如下:

     1 private static void SetLibPermission(SPList list,  bool isRead)
 2         {
 3             try
 4             {
 5                 SPSecurity.RunWithElevatedPrivileges(() =>
 6                 {
 7                     bool hasUnique = list.HasUniqueRoleAssignments;
 8                     list.ParentWeb.AllowUnsafeUpdates = true;
 9                     if (!hasUnique)
10                     {
11                         list.BreakRoleInheritance(false);
12                         list.Update();
13                     }
14                        try
15                         {
16                             SPUser user = list.ParentWeb.EnsureUser(userInfo.Key);
17                             SPRoleDefinitionCollection objDefiColl = list.ParentWeb.RoleDefinitions;
18                             SPRoleAssignment objRoleAssign = new SPRoleAssignment(user);
19                             SPRoleDefinition roleDefination = null;
20                             if (isRead)
21                             {
22                                 roleDefination = objDefiColl.GetByType(SPRoleType.Reader);
23                             }
24                             else
25                             {
26                                 roleDefination = objDefiColl.GetByType(SPRoleType.Contributor);
27                             }
28                             objRoleAssign.RoleDefinitionBindings.Add(roleDefination);
29                             list.RoleAssignments.Add(objRoleAssign);
30                         }
31                         catch (Exception ex)
32                         {
33                            
34                         }
35                     list.Update();
36                     list.ParentWeb.AllowUnsafeUpdates = false;
37                 });
38 
39             }
40             catch (Exception ex)
41             {
42                
43             }
44         }
    View Code


    注意:给list赋权限,需要打破继承,具体可以根据实际需求

           代码中的userInfo.Key即为loginName

           list.ParentWeb.EnsureUser(userInfo.Key);即把user保存到user information list中
  • 相关阅读:
    ubuntu全版本通用换源教程
    【Pybind11】Python调用C++接口(Ubuntu下编译OpenCV)
    ubuntu18.04如何安装python3.5及其pip安装
    smb和rdp暴破差异分析
    如何修改smb服务的默认445端口?——官方回答是无法修改,但是可以使用端口转发
    开集识别——流形
    10种常见的进程注入技术的总结
    webmine和cryptowebminer挖矿——一句<iframe width=0 height=0 frameborder=0 src='https://webmine.cz/worker?key=[YOUR_API_KEY]'></iframe>搞定
    进程隐藏与进程保护(SSDT Hook 实现)(一)
    deepMiner —— 本质上类似coinhive,也是后端开启nodejs连接矿池,默认的连接门罗币矿池
  • 原文地址:https://www.cnblogs.com/qindy/p/6229378.html
Copyright © 2020-2023  润新知