MOSS/SharePoint use code to set item-level Permissions

Title in English: Set item level permission for Sharepoint (MOSS/WSS) list/document library programmatically

Sometimes, we need to set special permissions for a file in the document library. This permission does not inherit from the list permission. Of course, it is easiest to create a list and store the relevant files, this is achieved, but it will bring about a lot of redundancy. Although the SharePoint user permission system is powerful, its minimum granularity is only at the list level. Therefore, it is necessary to study the permissions smaller than the list level.

In Sharepoint, the system's built-in permissions can be described. The blue line indicates that our listitem actually inherits the list permission system, so all its read and write permissions are the same.

The blue line indicates that our listitem actually inherits the list permission system, so all its read and write permissions are the same. This will cause a problem, that is, if we need to set specific permissions for a specific project in the List due to business logic, this built-in permission system cannot meet the requirements. In fact, this requirement is still quite extensive, not because I or someone imagined it out of thin air. The permissions we discuss here can be expressed by our red line, set an Independent Permission System for each listitem.

To implement the listitem Independent Permission System, we must first break down the inheritance. Fortunately, the related interfaces provided by Microsoft allow us to complete this work.

UseCodeSplistitem. breakroleinheritance (True); Then our permission logic diagram can be used to describe.

Well, the constraint has been broken. Next we will look for an entry point to implement our functions. loading our permission code as appropriate can achieve the correct effect, in order to find this correct, we must first understand the creation process of listitem and intuitively describe the events triggered when listitem is added.

Here we use the itemupdated event to complete our functions and bind a processing logic for this event. For simplicity, I only provide the logic section here. When the itemupdated event occurs, you can call the code to implement the listitem-level permission system.

Use the code to set item-level permissions for Sharepoint/Moss. The Code is as follows: Public   String Itempermission ( String Sitepath)
{
String Returnval =   "" ;
Try
{
Spsite webapp =   New Spsite (sitepath );
Spweb site = Webapp. openweb ();
Splist list = Site. Lists [ " Testdoclib " ];
Splistitem item = List. items [ 0 ];
Sproledefinition roledefinition = Site. roledefinitions. getbytype (sproletype. contributor );
Sproleassignment roleassignment =   New Sproleassignment ( " <Domain >\\ <user> " , " Email " , " Name " , " Notes " );
Roleassignment. roledefinitionbindings. Add (roledefinition );
If ( ! Item. hasuniqueroleassignments)
{
Item. breakroleinheritance ( True );
}
Item. roleassignments. Add (roleassignment );
Item. Update ();
}
Catch (Exception ex)
{
Returnval + =   " Permission not set, reason: "   + Ex. message;
}
Return Returnval;
}

Item. breakroleinheritance (True); This code is the essence.

Well, our requirements are fast and satisfying, but don't be so happy first. There is another very important problem that we haven't solved, that is, how to transfer permissions.

We have set the item-level permissions. You can imagine that in this permission system, if the only person with the modification permission leaves, all others will be read-only, god, how much is the loss of one person's departure in our company. As developers, we must solve such catastrophic problems at the beginning of system establishment. Below I provide a solution to batch transfer our Permissions

Using System;
Using System. Web;
Using System. Web. Services;
Using System. Web. Services. Protocols;
Using Microsoft. SharePoint;

[Web Service (namespace = " http://tempuri.org/ " )]
[webservicebinding (conformsto = wsiprofiles. basicprofile1_1)]
Public class service: system. web. services. webService
{< br> Public Service () {

// uncomment the following line if using designed components
// initializecomponent ();
}< br>

[webmethod]
Public string itempermission ( string sitepath, string libname, string olduser, string newuser, string email, string name)
{< br>

StringReturnval= "";
 

Try
{
Spsite webapp =   New Spsite (sitepath );
Spweb site = Webapp. openweb ();
Splist list = Site. Lists [libname];
Spquery newspquery =   New Spquery ();
Newspquery. Query =   " <Where> <EQ> <fieldref name = \ " Author \ " /> <Value type = \ " User \ " > "   + Olduser +   " </Value> </EQ> </where> " ;
Splistitemcollection listitemcol = List. getitems (newspquery );
If (Listitemcol. Count >   0 )
{
Foreach (Splistitem item In Listitemcol)
{
Sproledefinition roledefinition = Site. roledefinitions. getbytype (sproletype. contributor );
Sproleassignment roleassignment =   New Sproleassignment (newuser, email, name, " Notes " );
Roleassignment. roledefinitionbindings. Add (roledefinition );
If ( ! Item. hasuniqueroleassignments)
{
Item. breakroleinheritance ( True );
}
Item. roleassignments. Add (roleassignment );
Item. Update ();
}
}
}
Catch (Exception ex)
{
Returnval + =   " Permission not set, reason: "   + Ex. message;
}
Return Returnval;
}

}

 

How to use it?

The following is a consoleProgram, Describes how to use this WebService

 

Replace the following string

 

<Sitepath> with the full URL of the site

<Libname> with the list/Library name

<Domain> with the domain name

<Olduser> with the userid who left the company

<Newuser> with the userid to whom you want to give permission

<Email of new user> Self explaning

<Name of new user> Self explaning

 

If "<domain >\\ <olduser>" does not work try to use the old user's full name such as "John Smith ".

 

========================================================== ==================

 

UsingSystem;

UsingSystem. Collections. Generic;

UsingSystem. text;

 

NamespaceLeleapplication1

{

ClassProgram

{

// Localhost. Service newservice;

Static VoidMain (String[] ARGs)

{

Localhost. Service newservice =NewLocalhost. Service ();

Newservice. usedefacrecredentials =True; // I am assuming an administrator/power user is running this app or use a specific credential here

StringOutput = newservice. itempermission ("<Sitepath>","<Libname>","<Domain >\\ <olduser>","<Domain >\\ <newuser>","<Email of new user>","<Name of new user>");

Console. Writeline (output );

Console. Readline ();

}

}

}

Note:All the code described in this article is tightly coupled with the user. That is to say, the user is stuck in the Code. To meet the actual needs, you must remove this coupling,MOSS/SharePoint control view page access permission development issues (code method)This articleArticleThis is an example. You can create a list using the same method, so that user coupling is reduced and can be customized by the customer.

 

Reference: http://www.chakkaradeep.com/post/2008/11/26/SharePoint-ndash3b-Setting-Item-level-permission.aspx draws on the pictures of this blog

Overview of http://www.cnblogs.com/anotherdir/articles/1379373.html Permission System