SharePoint 代码实现权限管理
//将某一项设置为只读,列名为显示名,而不是内部字段名
string[] innertField = { "LinkFilename", "CFReport", "CFImported", "CFPosted" };
for (int i = 0; i < innertField.Length; i++)
{
item.Fields[item.Fields.GetFieldByInternalName(innertField[i]).Title].ReadOnlyField = true;
}
SPListItem item = properties.ListItem;
SPWeb web = properties.OpenWeb();
SPUser user = web.EnsureUser((new SPFieldLookupValue(item["Mitarbeiter"].ToString())).LookupValue);
SPUser vorgesetzter = web.EnsureUser((new SPFieldLookupValue(item["Vorgesetzter"].ToString())).LookupValue);
SPUser personalAbteilung = web.EnsureUser((new SPFieldLookupValue(item["Personalabteilung"].ToString())).LookupValue);
SPRoleDefinition RoleDefReader = web.RoleDefinitions.GetByType(SPRoleType.Reader);
SPRoleDefinition RoleDefWriter = web.RoleDefinitions.GetByType(SPRoleType.Contributor);
SPRoleAssignment RoleAssReader = new SPRoleAssignment((SPPrincipal)user);
SPRoleAssignment RoleAssWriter = new SPRoleAssignment((SPPrincipal)vorgesetzter);
SPRoleAssignment RoleAssWriter2 = new SPRoleAssignment((SPPrincipal)personalAbteilung);
RoleAssReader.RoleDefinitionBindings.Add(RoleDefReader);
RoleAssWriter.RoleDefinitionBindings.Add(RoleDefWriter);
RoleAssWriter2.RoleDefinitionBindings.Add(RoleDefWriter);
if (!item.HasUniqueRoleAssignments)
item.BreakRoleInheritance(false);//将此条目取消权限继承,如果是“false”,则将去除所有权限,只保留系统账户,如果是“true”,则将上一级权限复制过来。
item.RoleAssignments.Add(RoleAssReader);
item.RoleAssignments.Add(RoleAssWriter);
item.RoleAssignments.Add(RoleAssWriter2);
item.Update();
最近正在研究MOSS列表的权限,基于一个任务列表,在新建一个任务的时候自动为被分配人员分配查看、编辑当前任务的权限。解决这个问题使用了 moos的EventHandler,一切都搞定后,使用管理员测试感觉还不错,结果换了用户以后发现代码不好使了,于是开始寻找原因(由于用户权限的问 题),从网上查了很多关于MOSS提升的文章,又学到了不少知识,哈哈。下面是我学习过程中的一些记录:
1、moss的权限提升是将需要具有管理员权限的代码部分放入到如下代码块中运行:
2、权限提升实际模拟的用户是SHAREPOINT\system这个用户,在站点中要确认SHAREPOINT\system这个用户要有足够的权限,否则模拟此用户的程序段执行也会出现没有权限的错误。
3、需要权限提升的代码一定不可以包含程序上下文的信息,否则执行的时候也会出现没有权限的错误
SPSecurity.RunWithElevatedPrivileges(delegate()
{
SPSite site = new SPSite(SPContext.Current.Web.Site.Url);//使用上下文对象得到SPSite的url,并new出一个SPSite对象,这样就脱离了上下文的信息。
SPWeb currentWeb = site.AllWebs[SPContext.Current.Web.Name];
currentWeb.BreakRoleInheritance(true);
}
这里总结一下关于使用ECMAscript对象模型来操作Goup与User的常用情况,因为内容较多,所以拆分为两个部分,这部分主要内容如下:
1、取得当前Sharepoint网站所有的Group
2、获取当前登录用户的Title与所属Group
3、获取指定Group下的所有Users
4、获取指定Group下的所有Users的特定信息
5、获取所有的Group的所有Users的特定信息
分别描述如下:
1、取得当前Sharepoint网站所有的Group
var groupCollection;
function getAllSiteGroups() {
var clientContext = new SP.ClientContext();
this.groupCollection = clientContext.get_web().get_siteGroups();
clientContext.load(groupCollection);
clientContext.executeQueryAsync(Function.createDelegate(this, this.onQuerySucceededgetAllSiteGroups),
Function.createDelegate(this, this.onQueryFailedgetAllSiteGroups));
}
function onQuerySucceededgetAllSiteGroups() {
var groupName = 'Site Groups: \n';
var groupsEnumerator = this.groupCollection.getEnumerator();
while (groupsEnumerator.moveNext()) {
var group = groupsEnumerator.get_current();
groupName += 'Title :' + group.get_title() + 'ID :' + group.get_id() + '\n';
}
alert(groupName);
}
function onQueryFailedgetAllSiteGroups(sender, args) {
alert('Request failed. ' + args.get_message() + '\n' + args.get_stackTrace());
}
2、获取当前登录用户的Title与所属Group
var user;
var visitorsGroup;
function retrieveCurrLgUserAndGrp() {
var clientContext = new SP.ClientContext();
var groupCollection = clientContext.get_web().get_siteGroups();
// Get the visitors group, assuming its ID is 4.
visitorsGroup = groupCollection.getById(4);
user = clientContext.get_web().get_currentUser();
var userCollection = visitorsGroup.get_users();
userCollection.addUser(user);
clientContext.load(user);
clientContext.load(visitorsGroup);
clientContext.executeQueryAsync(Function.createDelegate(this, this.onQuerySucceededretrieveCurrLgUserAndGrp),
Function.createDelegate(this, this.onQueryFailedretrieveCurrLgUserAndGrp));
}
function onQuerySucceededretrieveCurrLgUserAndGrp() {
alert(user.get_title() + " added to group " + visitorsGroup.get_title());
}
function onQueryFailedretrieveCurrLgUserAndGrp(sender, args) {
alert('Request failed. ' + args.get_message() + '\n' + args.get_stackTrace());
}
3、获取指定Group下的所有Users
function retrieveAllUsersInGroup(groupID) {
// debugger;
var clientContext = new SP.ClientContext.get_current();
//var clientContext = new SP.ClientContext(siteUrlretrieveAllUsersInGroup);
var collGroup = clientContext.get_web().get_siteGroups();
var oGroup = collGroup.getById(groupID); //Specify which group you want to retrieve
// var oGroup = collGroup.getByTitle('DevpTest Visitor');
this.collUser = oGroup.get_users();
clientContext.load(collUser);
clientContext.executeQueryAsync(Function.createDelegate(this, this.onQuerySucceededretrieveAllUsersInGroup),
Function.createDelegate(this, this.onQueryFailedretrieveAllUsersInGroup));
}
function onQuerySucceededretrieveAllUsersInGroup() {
// debugger;
var userInfo = '';
var userEnumerator = collUser.getEnumerator();
while (userEnumerator.moveNext()) {
var oUser = userEnumerator.get_current();
userInfo = userInfo + '\nUser Title: ' + oUser.get_title() +
'\nID: ' + oUser.get_id() +
'\nEmail: ' + oUser.get_email() +
'\nLogin Name: ' + oUser.get_loginName();
}
alert(userInfo);
}
function onQueryFailedretrieveAllUsersInGroup(sender, args) {
alert('Request failed. ' + args.get_message() + '\n' + args.get_stackTrace());
}
4、获取指定Group下的所有Users的特定信息
var siteUrlSpecificUserProperties = '/';
function retrieveSpecificUserProperties(groupID) {
//var clientContext = new SP.ClientContext(siteUrlSpecificUserProperties);
var clientContext = new SP.ClientContext.get_current();
var collGroup = clientContext.get_web().get_siteGroups();
var oGroup = collGroup.getById(groupID);
this.collUser = oGroup.get_users();
clientContext.load(collUser, 'Include(Title, LoginName, Email)');
clientContext.executeQueryAsync(Function.createDelegate(this, this.onQuerySucceededretrieveSpecificUserProperties),
Function.createDelegate(this, this.onQueryFailedretrieveSpecificUserProperties));
}
function onQuerySucceededretrieveSpecificUserProperties() {
var userInfo = '';
var userEnumerator = collUser.getEnumerator();
while (userEnumerator.moveNext()) {
var oUser = userEnumerator.get_current();
userInfo += '\nUser: ' + oUser.get_title() +
'\nEmail: ' + oUser.get_email() +
'\nLogin Name: ' + oUser.get_loginName();
}
alert(userInfo);
}
function onQueryFailedretrieveSpecificUserProperties(sender, args) {
alert('Request failed. ' + args.get_message() + '\n' + args.get_stackTrace());
}
5、获取所有的Group的所有Users的特定信息
var siteUrlAllUsersAllGroupsSpecificProperties = '/';
function retrieveAllUsersAllGroupsSpecificProperties() {
//var clientContext = new SP.ClientContext(siteUrlAllUsersAllGroupsSpecificProperties);
var clientContext = new SP.ClientContext.get_current();
this.collGroup = clientContext.get_web().get_siteGroups();
clientContext.load(collGroup, 'Include(Title,Id,Users.Include(Title,LoginName))');
clientContext.executeQueryAsync(Function.createDelegate(this, this.onQuerySucceededretrieveAllUsersAllGroupsSpecificProperties),
Function.createDelegate(this, this.onQueryFailedretrieveAllUsersAllGroupsSpecificProperties));
}
function onQuerySucceededretrieveAllUsersAllGroupsSpecificProperties() {
var userInfo = '';
var groupEnumerator = collGroup.getEnumerator();
while (groupEnumerator.moveNext()) {
var oGroup = groupEnumerator.get_current();
var collUser = oGroup.get_users();
var userEnumerator = collUser.getEnumerator();
while (userEnumerator.moveNext()) {
var oUser = userEnumerator.get_current();
userInfo += '\nGroup ID: ' + oGroup.get_id() +
'\nGroup Title: ' + oGroup.get_title() +
'\nUser: ' + oUser.get_title() +
'\nLogin Name: ' + oUser.get_loginName();
}
}
alert(userInfo);
}
function onQueryFailedretrieveAllUsersAllGroupsSpecificProperties(sender, args) {
alert('Request failed. ' + args.get_message() + '\n' + args.get_stackTrace());
}
6、 向指定Group中添加指定User
7、 获取指定Group的Owner
8、 把当前登录用户添加到指定Group中
9、 判断当前登录用户是否有EditPermission权限
10、判断当前登录用户是否在某特定的Group中
分别描述如下:
6、 向指定Group中添加指定User
function addUserToSharePointGroup(groupID) {
//var clientContext = new SP.ClientContext(siteUrl);
var clientContext = new SP.ClientContext.get_current();
var collGroup = clientContext.get_web().get_siteGroups();
var oGroup = collGroup.getById(groupID);
var userCreationInfo = new SP.UserCreationInformation();
userCreationInfo.set_email('helpdesk@GLSTAR.COM.AU);
userCreationInfo.set_loginName('GLSTAR\\helpdesk');
userCreationInfo.set_title('helpdesk');
this.oUser = oGroup.get_users().add(userCreationInfo); //add user into group
// var userInfo = '\nUser: ' + oUser.get_title() +
// '\nEmail: ' + oUser.get_email() +
// '\nLogin Name: ' + oUser.get_loginName();
// alert(userInfo);
clientContext.load(oUser);
clientContext.executeQueryAsync(Function.createDelegate(this, this.onQuerySucceededaddUserToSharePointGroup),
Function.createDelegate(this, this.onQueryFailedaddUserToSharePointGroup));
}
function onQuerySucceededaddUserToSharePointGroup() {
alert(this.oUser.get_title() + " added.");
}
function onQueryFailedaddUserToSharePointGroup(sender, args) {
alert('Request failed. ' + args.get_message() + '\n' + args.get_stackTrace());
}
7、 获取指定Group的Owner
var group;
function getGroupOwnerName(groupID) {
var clientContext = new SP.ClientContext();
var groupCollection = clientContext.get_web().get_siteGroups();
group = groupCollection.getById(groupID);
clientContext.load(group);
clientContext.executeQueryAsync(Function.createDelegate(this, this.onQuerySucceededgetGroupOwnerName),
Function.createDelegate(this, this.onQueryFailedgetGroupOwnerName));
}
function onQuerySucceededgetGroupOwnerName() {
alert("GroupTitle: " + group.get_title() + "\nGroupOwnerTitle : " + group.get_ownerTitle());
}
function onQueryFailedgetGroupOwnerName(sender, args) {
alert('Request failed. ' + args.get_message() + '\n' + args.get_stackTrace());
}
8、 把当前登录用户添加到指定Group中
var currentUser;
var visitorsGroup;
function addUserToSpecificGroupInCurrWeb(groupID) {
var clientContext = new SP.ClientContext();
var groupCollection = clientContext.get_web().get_siteGroups();
visitorsGroup = groupCollection.getById(groupID);
currentUser = clientContext.get_web().get_currentUser();
var userCollection = visitorsGroup.get_users();
userCollection.addUser(currentUser);
clientContext.load(currentUser);
clientContext.load(visitorsGroup);
clientContext.executeQueryAsync(Function.createDelegate(this, this.onQuerySucceededaddUserToSpecificGroup),
Function.createDelegate(this, this.onQueryFailedaddUserToSpecificGroup));
}
function onQuerySucceededaddUserToSpecificGroup() {
alert(currentUser.get_title() + " added to group " + visitorsGroup.get_title());
}
function onQueryFailedaddUserToSpecificGroup(sender, args) {
alert('Request failed. ' + args.get_message() + '\n' + args.get_stackTrace());
}
9、 判断当前登录用户是否有EditPermission权限
var theCurrentUser;
var theWeb;
function checkifUserHasEditPermissions() {
// debugger;
var context = new SP.ClientContext.get_current();
theWeb = context.get_web();
theCurrentUser = theWeb.get_currentUser();
context.load(theCurrentUser);
context.load(theWeb, 'EffectiveBasePermissions');
context.executeQueryAsync(Function.createDelegate(this, this.onSuccessMethodcheckEditPermissions),
Function.createDelegate(this, this.onFailureMethodcheckEditPermissions));
}
function onSuccessMethodcheckEditPermissions() {
//debugger;
if (theWeb.get_effectiveBasePermissions().has(SP.PermissionKind.editListItems)) {
//User Has Edit Permissions
alert(theCurrentUser.get_loginName()+"Has Edit Permission on current website");
}
else {
alert("No Edit Permission");
}
}
function onFailureMethodcheckEditPermissions() {
alert("Failed to check permission");
}
10、判断当前登录用户是否在某特定的Group中
// The below checks if the user exists in the group
function checkIfCurrentUserIsInGroup(groupID) {
var context = SP.ClientContext.get_current();
//I go to parent site if I'm in a subsite!
var siteColl = context.get_site();
var web = siteColl.get_rootWeb();
var groupCollection = web.get_siteGroups();
// Get the Our Group's ID
var _group = groupCollection.getById(groupID); // ID of the Group that we are checking
var users = _group.get_users(); // Get all Users of the group
context.load(_group);
context.load(users);
this._users = users;
this._currentUser = web.get_currentUser(); // Get current user
context.load(this._currentUser);
context.executeQueryAsync(Function.createDelegate(this, this.CheckUserSucceededUserIsInGroup),
Function.createDelegate(this, this.CheckUserfailedUserIsInGroup));
}
//The below Checks if User is the member of the specified group
function CheckUserSucceededUserIsInGroup() {
//debugger;
IsInThisGroupFlag = false;
if (this._users.get_count() > 0) {
var _usersEnum = this._users.getEnumerator();
while (_usersEnum.moveNext()) {
var user = _usersEnum.get_current();
if (user.get_loginName() == this._currentUser.get_loginName()) {
//debugger;
IsInThisGroupFlag = true;
}
if (IsInThisGroupFlag) {
alert(user.get_loginName() + " exist in the checked group " + IsInThisGroupFlag.toString());
}
else {
alert(user.get_loginName() + " not exist in the checked group ");
}
}
}
}
function CheckUserfailedUserIsInGroup() {
alert('failed');
}
浙公网安备 33010602011771号