Using the SharePoint Security Object Model

SharePoint enables you to do everything that you can do in security through the user interface also through the SharePoint object model. Table 17.1 lists the various classes and objects related to security.

Table 17.1. Class and Objects for SharePoint Security Object Model

Image

The following code illustrates creation of a new permission level:

// create a new permission level
SPRoleDefinition roleDefinition = new SPRoleDefinition();

// assign some permissions to the new permission level
roleDefinition.BasePermissions =
SPBasePermissions.AddListItems |
SPBasePermissions.BrowseDirectories |
SPBasePermissions.DeleteListItems |
SPBasePermissions.EditListItems |
SPBasePermissions.ManageLists |
SPBasePermissions.OpenItems |
SPBasePermissions.ViewListItems |
SPBasePermissions.ViewVersions;

roleDefinition.Name = "Test Role";
web.RoleDefinitions.Add(roleDefinition);

You can see the newly created permission level in Figure 17.16.

Image

Figure 17.16. The Test Role permission level

To add a new SharePoint security group you need to use the SPWeb.SiteGroups.Add method. The following code adds a new SharePoint group:

// create a new SharePoint group
web.SiteGroups.Add("Test Group",
 web.SiteAdministrators[0],
web.SiteAdministrators[0],
"a test group");

The new SharePoint group can be seen in your SharePoint site as shown in Figure 17.17.

Image

Figure 17.17. The Test Group SharePoint group

Finally to assign permission levels to the SharePoint group you can use the following lines of code:

// retrieve back the newly created role. We could have used the
SPRoleDefinition testRoleDefinition = web.RoleDefinitions["Test Role"];

//retrieve the sharepoint group
SPGroup group = web.SiteGroups["Test Group"];

SPRoleAssignment roleAssignment = new SPRoleAssignment(group);
roleAssignment.RoleDefinitionBindings.Add(testRoleDefinition);

Before ending you should know about the SPSecurity.RunWithElevatedPrivileges delegate. Many times your web part performs an action that requires elevated permissions. The code runs fine when the web part is accessed through an account that has sufficient privileges. However, the web part crashes when the page is accessed by a user having limited privileges. In case you want this code to execute successfully regardless of the user access, you need to run that code within SPSecurity.RunWithElevatedPrivileges. The following code shows a sample illustration:

SPSecurity.RunWithElevatedPrivileges(delegate()
{
using (SPSite elevatedSite = new SPSite("http://splearn"))
{
using (SPWeb elevatedWeb = site.OpenWeb())
{
// create a new SharePoint group
elevatedWeb.SiteGroups.Add("Test Group",
elevatedWeb.SiteAdministrators[0],
elevatedWeb.SiteAdministrators[0],
"a test group");
}
}
});

The final complete code is as follows:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using Microsoft.SharePoint;

namespace SecurityObjectModelDemo
{
    public class Program
    {
        static void Main(string[] args)
        {
            try
            {
                using (SPSite site =
new SPSite("http://splearn"))
                {
                    using (SPWeb web = site.OpenWeb())
                    {
                        // create a new permission level
                        SPRoleDefinition roleDefinition = new SPRoleDefinition();

                        // assign some permissions to the new permission level
                        roleDefinition.BasePermissions =
SPBasePermissions.AddListItems |
SPBasePermissions.BrowseDirectories |
SPBasePermissions.DeleteListItems |
SPBasePermissions.EditListItems |
SPBasePermissions.ManageLists |
SPBasePermissions.OpenItems |
SPBasePermissions.ViewListItems |
SPBasePermissions.ViewVersions;

                        roleDefinition.Name = "Test Role";
                        web.RoleDefinitions.Add(roleDefinition);


                        // create a new SharePoint group
                        web.SiteGroups.Add("Test Group",
web.SiteAdministrators[0],
web.SiteAdministrators[0],
"a test group");

                        // retrieve back the newly created role. We could have used the
                        SPRoleDefinition testRoleDefinition =
web.RoleDefinitions["Test Role"];

                        //retrieve the sharepoint group
                        SPGroup group = web.SiteGroups["Test Group"];

                        SPRoleAssignment roleAssignment = new SPRoleAssignment (group);
                        roleAssignment.RoleDefinitionBindings.Add (testRoleDefinition);

                        SPSecurity.RunWithElevatedPrivileges(delegate()
                        {
                            using (SPSite elevatedSite =
new SPSite("http://splearn"))
                            {
                                using (SPWeb elevatedWeb = site.OpenWeb())
                                {
                                    // create a new SharePoint group
                                    elevatedWeb.SiteGroups.Add(
"Test Group",
elevatedWeb.SiteAdministrators[0],
elevatedWeb.SiteAdministrators[0],
"a test group");
                                }
                            }
                        });

                    }
                }
            }
            catch (Exception ex)
            {
                Console.WriteLine("Error in app " + ex.Message);
            }
        }
    }

Watch Out!

Objects created outside the SPSecurity.RunWithElevatedPrivileges delegate will not run with elevated privileges inside the delegate. This is especially true of objects accessed through the SPContext. In such cases even child objects will not run under elevated privileges. So accessing a secured list through the code SPContext.Current.Web.List["Some List"] will fail if the list is even within the SPSecurity.RunWithElevatedPrivileges delegate. In such cases re-create the objects within the delegate.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset