Wednesday, September 10, 2008

User roles and permissions in SharePoint

Development in C# with User roles and permissions in SharePoint Object Model:
I'll create a SharePoint group using the Object Model, add few users in that group - which will be single users as well as the whole AD groups, create a folder inside the existing SharePoint Document library, break it's permissions inheritance to the parent Document Library, and create new permissions model adding to a single user full rights and to newly created SharePoint group read only rights. On the end, I'll check permissions for any given user if (s)he has rights to do the ceratain operations on the folder items (read, add, edit...).

string groupName1 = "TestGroup1";
SPUser ownerUser = m_SharePointWeb.SiteUsers["mis\\sendil"];

//Add the group to the SPWeb webm_SharePointWeb.SiteGroups.Add(groupName1, ownerUser, ownerUser, "Test group");

//Associate the group to the SPWebm_SharePointWeb.AssociatedGroups.Add(m_SharePointWeb.SiteGroups[groupName1]);


//add some more users and AD groups to this SP Group
m_SharePointWeb.SiteGroups[groupName1].AddUser("mis\\user1", user1@mis.com, "User 1", "User 1 from Management");
m_SharePointWeb.SiteGroups[groupName1].AddUser("mis\\user2", user2@mis.com, "User 2", "User 2 from Sales");
m_SharePointWeb.SiteGroups[groupName1].AddUser("mis\\user3", user3@mis.com,, "User 3", "User 3 from backoffice");

m_SharePointWeb.SiteGroups[groupName1].AddUser("mis\\development", "devgroup@mis.de", "Development", "The whole development AD Group");
//update groupsm_SharePointWeb.SiteGroups[groupName1].Update();

//update webm_SharePointWeb.Update();


To delete the group:

m_SharePointWeb.SiteGroups.Remove(groupName1);m_SharePointWeb.Update();


Give permissions for groups and users to a SharePoint entity (SPWeb, SPList, SPListItem...)

In this example, I'll create a folder inside the existing SharePoint library, break permissions inheritance on the folder level and give rights to one user and one SPGroup to this folder:

//get the existing document librarySPListCollection docLibs = m_SharePointWeb.GetListsOfType(SPBaseType.DocumentLibrary);SPDocumentLibrary DocLib = (SPDocumentLibrary)(docLibs["DocLibraryName"]);
//create folderSPFolder folderTest2 = createDocumentLibraryFolder(DocLib.RootFolder, "TestFolder");
//break role inheritancefolderTest2.Item.BreakRoleInheritance(false);
//folder updatefolderTest2.Update();
//now, give FULL PERMISSIONS permissions to User1SPRoleDefinition role = m_SharePointWeb.RoleDefinitions["Full Control"];SPRoleAssignment roleAssignment;SPUser oneUser = m_SharePointWeb.SiteUsers[@"mis\user1"];roleAssignment = new SPRoleAssignment(oneUser);roleAssignment.RoleDefinitionBindings.Add(role);folderTest2.Item.RoleAssignments.Add(roleAssignment);
//and the readonly rights to the existibg SP GroupSPGroup group2 = m_SharePointWeb.SiteGroups["Test group"];SPRoleAssignment group2RoleAssigment = new SPRoleAssignment(group2);SPRoleDefinition groupRoleDefinition = m_SharePointWeb.RoleDefinitions["Read"];group2RoleAssigment.RoleDefinitionBindings.Add(groupRoleDefinition);folderTest2.Item.RoleAssignments.Add(group2RoleAssigment);
//folder updatefolderTest2.Update();
//web updatem_SharePointWeb.Update();
Check if a specific user has a certain permissions on SPItem, SPList or SPWeb objects
//check if the user has permissions to add new item in the folderSPUser userToCheck = m_SharePointWeb.SiteUsers[@"mis\user1"]if (folderItem.DoesUserHavePermissions(userToCheck, SPBasePermissions.AddListItems)){ Trace.WriteLine("User has permissions to add list items!!!");}else{ Trace.WriteLine("User DOES NOT HAVE permissions to add list items!!!");}

No comments: