Question 97
You have a list named Projects that contains a column named ClassificationMetadata.
You need to create a Web Part that updates the ClassificationMetadata value to NA for each item in the Projects list.
You write the following code segment. (Line numbers are included for reference only.)
01 foreach (SPListItem currentItem in SPContext.Current.Web.Lists["Projects"].Items)
02 {
03
04 }
Which code segment should you add at line 03?
A. currentItem["ClassificationMetadata"] = "NA";
B. currentItem.Fields["ClassificationMetadata"].DefaultFormula = "NA";
C. currentItem.Fields["ClassificationMetadata"].DefaultValue = "NA";
D. currentItem["Value"] = "ClassificationMetadata/NA";
解析:
本题想要达到的目的是通过代码去更新Projects列表中的ClassificationMetadata字段的值。采用的是遍历所有SPListItem的方法。对字段值的操作是基于获取的SPListItem对象进行的。
直接分析各选项:
A. currentItem["ClassificationMetadata"] = "NA";//本题答案。修改Item的” ClassificationMetadata”字段的值为”NA”
B. currentItem.Fields["ClassificationMetadata"].DefaultFormula = "NA";//获取名为"ClassificationMetadata"的字段,并设置此字段的默认公式,此用法只适用于计算字段。
C. currentItem.Fields["ClassificationMetadata"].DefaultValue = "NA"; //获取名为"ClassificationMetadata"的字段,并设置此字段的默认值为”NA”。也就是说在新添加一个Item时,如果不给此字段赋值,则默认值为”NA”。
D. currentItem["Value"] = "ClassificationMetadata/NA"; //设置Item的”Value”字段的值为” ClassificationMetadata/NA”
所以本题目正确选项应该是A
参考:
http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.splistitem.aspx
http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.spfield.aspx
Question 98
You create a Web Part that queries a list.
The Web Part contains the following code segment. (Line numbers are included for reference only.)
01 protected override void Render(HtmlTextWriter writer)
02 {
03 SPUserToken spInToken = GetTheContext(SPContext.Current.Site);
04 using (SPSite aSite = new SPSite(curSiteCtx.ID, spInToken))
05 {
06
07 }
08 }
09 private SPUserToken GetTheContext(SPSite nWeb)
10 {
11 nWeb.CatchAccessDeniedException = false;
12 SPUserToken spToken = null;
13 try
14 {
15 spToken = nWeb.SystemAccount.UserToken;
16 }
17 catch (UnauthorizedAccessException generatedExceptionName)
18 {
19
20 }
21 return spToken;
22 }
You need to ensure that users without permissions to the list can view the contents of the list from the Web Part.
Which code segment should you add at line 19?
A. SPSecurity.RunWithElevatedPrivileges(delegate()
{
using (SPSite eSite = new SPSite(nWeb.ID))
{
spToken = nWeb.SystemAccount.UserToken;
}
}
B. SPSecurity.RunWithElevatedPrivileges(delegate()
{
using (SPSite eSite = new SPSite(nWeb.ID))
{
spToken = SPContext.Current.Web.CurrentUser.UserToken;
}
}
C. spToken = nWeb.RootWeb.AllUsers[SPContext.Current.Web.Name].UserToken; D. spToken = nWeb.RootWeb.AllUsers[WindowsIdentity.GetCurrent().Name].UserToken;
解析:
本题想要实现在一个WebPart的后台代码中让没有访问权限的用户也能看到某列表的内容。
很显然属于提升权限的题目,也就自然关联到RunWithElevatedPrivileges。
选项A,B都使用了RunWithElevatedPrivileges方法,但是注意看
09 private SPUserToken GetTheContext(SPSite nWeb) 10 { 11 nWeb.CatchAccessDeniedException = false; 12 SPUserToken spToken = null; 13 try 14 { 15 spToken = nWeb.SystemAccount.UserToken; 16 } 17 catch (UnauthorizedAccessException generatedExceptionName) 18 { 19 20 } 21 return spToken; 22 }
此段代码是要返回SPUserToken,此SPUserToken决定了操作的权限。选项B返回的当前用户的SPUserToken,显然属于白忙一场。选项A获取了SystemAccount的SPUserToken真正达到了目的。所以选项A是本题的答案。
选项C. spToken = nWeb.RootWeb.AllUsers[SPContext.Current.Web.Name].UserToken; //取得的是用户名为当前Web的Name的用户的SPUserToken,逻辑有点离谱了。
选项D. spToken = nWeb.RootWeb.AllUsers[WindowsIdentity.GetCurrent().Name].UserToken;
//取得的是用户名为当前 Windows 用户的 WindowsIdentity 对象的Name的SPUserToken,显然也不正确。
所以本题目正确选项应该是A
参考:
http://msdn.microsoft.com/zh-cn/library/sfs49sw0.aspx
http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.spweb_members.aspx
http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.spsecurity.runwithelevatedprivileges.aspx
Question 99
You create a Web Part that programmatically updates the description of the current SharePoint site.
The Web Part contains the following code segment. (Line numbers are included for reference only.)
01 SPSecurity.RunWithElevatedPrivileges(delegate()
02 {
03 SPSite currSite = SPContext.Current.Site;
04 SPWeb currWeb = SPContext.Current.Web;
05 using (SPSite eSite = new SPSite(currSite.ID))
06 {
07 using (SPWeb eWeb = eSite.OpenWeb(currWeb.ID))
08 {
09 eWeb.AllowUnsafeUpdates = true;
10 currWeb.Description = "Test";
11 currWeb.Update();
12 eWeb.AllowUnsafeUpdates = false;
13 }
14 }
15 });
Users report that they receive an Access Denied error message when they use the Web Part. You need to ensure that all users can use the Web Part to update the description of the current site.
What should you do?
A. Remove lines 09 and 12.
B. Remove lines 10 and 11.
C. Change lines 10 and 11 to use the eWeb variable.
D. Change lines 09 and 12 to use the currWeb variable.
解析:
本题是想要在一段代码实现更新当前Sharepoint Site的描述信息,结果收到了”Access Denied”报错。
原因很简单,我们在如下代码
07 using (SPWeb eWeb = eSite.OpenWeb(currWeb.ID)) 08 { 09 eWeb.AllowUnsafeUpdates = true; 10 currWeb.Description = "Test"; 11 currWeb.Update(); 12 eWeb.AllowUnsafeUpdates = false; 13 }
中操作的都是eWeb对象,并在第09行打开了AllowUnsafeUpdates设置,以允许对eWeb对象的更新保存到数据库,但在第10,11行却跳回到了currWeb对象,所以选项C是正确的纠错方法。
有人会问,那么我直接使用currWeb来进行更新为什么不可呢?
我们知道RunWithElevatedPrivileges方法通过接受一个委托(delegate)参数, 来添加一个需权限提升后执行的方法的引用。 当我们通过调用RunWithElevatedPrivileges提升在SharePoint上下文中的权限后,我们必须接着创建一个SPSite和SPWeb类的实例。切记不能通过Microsoft.SharePoint.SPContext.Current属性来获取这些对象。因为这些对象都是通过当前用户的安全上下文创建的。本例题干部分的代码展示了一种很好的方法来在权限提升后得到这些对象。另外这样写还可以保证在Using语句外这些对象可以通过调用Dispose方法很好的被释放。
所以本题目正确选项应该是C
参考:
http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.spweb.allowunsafeupdates.aspx