/// <summary>
/// 设置人员权限。
/// </summary>
/// <param name="loginName">登录名。</param>
/// <param name="right">权限名称。</param>
private void SetPermission(string loginName,string right)
{
SPWeb Rootweb = workflowProperties.Web;
SPListItem item = workflowProperties.Item;
//item.BreakRoleInheritance(false);
item.Update();
SPUser user = Rootweb.EnsureUser(loginName);
SPRoleDefinitionCollection roleDefinitions = Rootweb.RoleDefinitions;
SPRoleAssignment RoleAssignment = new SPRoleAssignment(user as SPPrincipal);
RoleAssignment.RoleDefinitionBindings.Add(roleDefinitions[right]);
item.RoleAssignments.Remove(user);
item.RoleAssignments.Add(RoleAssignment);
item.Update();
}
{
string ReturnVal = "" ;
try
{
SPSite WebApp = new SPSite(SitePath);
SPWeb Site = WebApp.OpenWeb();
SPList list = Site.Lists[ " TestDocLib " ];
SPListItem item = list.Items[ 0 ];
SPRoleDefinition RoleDefinition = Site.RoleDefinitions.GetByType(SPRoleType.Contributor);
SPRoleAssignment RoleAssignment = new SPRoleAssignment( " <domain>\\<user> " , " email " , " name " , " notes " );
RoleAssignment.RoleDefinitionBindings.Add(RoleDefinition);
if ( ! item.HasUniqueRoleAssignments)
{
item.BreakRoleInheritance( true );
}
item.RoleAssignments.Add(RoleAssignment);
item.Update();
}
catch (Exception ex)
{
ReturnVal += " Permission not set, reason: " + ex.Message;
}
return ReturnVal;
}
item.BreakRoleInheritance(true);这句代码是精髓。
好了,我们的需求很快的并且很好的得到了满足,不过先不要那么高兴,还有一个很重要的问题我们没有解决,那就是怎么转移权限。
我们设置了item级别的权限,大家可以设想一下,要是在这个权限系统中,唯一的一个拥有修改权限的人离职了,其他人全部都是只读权限,天啦,我们公司因为一个人的离开损失多大啊。作为开发人员,我们必须在系统设立之初就解决掉这样的灾难性的问题。下面我提供了一个解决方案,来批量的转移我们的权限
using System.Web;
using System.Web.Services;
using System.Web.Services.Protocols;
using Microsoft.SharePoint;
[WebService(Namespace = " http://tempuri.org/ " )]
[WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
public class Service : System.Web.Services.WebService
{
public Service () {
// Uncomment the following line if using designed components
// InitializeComponent();
}
[WebMethod]
public string ItemPermission( string SitePath, string LibName, string OldUser, string NewUser, string email, string name)
{
string ReturnVal = "" ;
try
{
SPSite WebApp = new SPSite(SitePath);
SPWeb Site = WebApp.OpenWeb();
SPList list = Site.Lists[LibName];
SPQuery newSPQuery = new SPQuery();
newSPQuery.Query = " <Where><Eq><FieldRef Name=\ " Author\ " /><Value Type=\ " User\ " > " + OldUser + " </Value></Eq></Where> " ;
SPListItemCollection listItemCol = list.GetItems(newSPQuery);
if (listItemCol.Count > 0 )
{
foreach (SPListItem item in listItemCol)
{
SPRoleDefinition RoleDefinition = Site.RoleDefinitions.GetByType(SPRoleType.Contributor);
SPRoleAssignment RoleAssignment = new SPRoleAssignment(NewUser, email, name, " notes " );
RoleAssignment.RoleDefinitionBindings.Add(RoleDefinition);
if ( ! item.HasUniqueRoleAssignments)
{
item.BreakRoleInheritance( true );
}
item.RoleAssignments.Add(RoleAssignment);
item.Update();
}
}
}
catch (Exception ex)
{
ReturnVal += " Permission not set, reason: " + ex.Message;
}
return ReturnVal;
}
}
如何使用?
下面展示一个控制台程序,讲述如何使用这个webservice
替换下面的字符串
<sitepath> with the Full URL of the site
<libname> with the list/library name
<domain> with the domain name
<olduser> with the userid who left the company
<newuser> with the userid to whom you want to give permission
<email of new user> self explaning
<name of new user> self explaning
If "<domain>\\<olduser>" does not work try to use the old user’s full name such as “John Smith”.
=====================================================
using System;
using System.Collections.Generic;
using System.Text;
namespace ConsoleApplication1
{
class Program
{
//localhost.Service newService;
static void Main(string[] args)
{
localhost.Service newService =new localhost.Service();
newService.UseDefaultCredentials =true; //I am assuming an administrator/power user is running this app or use a specific credential here
string output = newService.ItemPermission("<sitepath>","<libname>", "<domain>\\<olduser>","<domain>\\<newuser>", "<email of new user>", "<name of new user>");
Console.WriteLine(output);
Console.ReadLine();
}
}
}
注意:本文介绍的所有代码都与用户是紧耦合的,也就是说用户是死定在代码里面的,如果真的要满足现实需求,必须解除这个耦合,MOSS/Sharepoint 控制视图页面访问权限开发的问题(代码法) 这篇文章是一个例子,你可以使用相同的方法,建立一个列表,这样用户的耦合性就被降低了,可以由客户自己定制。