none
Issues in applying permissions for document in ItemUpdated event handler RRS feed

  • Question

  • What are the different settings   different properties i need to take care while writing a   itemupdated event receiver in a  document library and break the inheritance for a item and apply permissions for multiple groups.

    1) i have first enabled the major versions

    2) require check out for modifying the document - ---> NO [ off mode]

    3) used runwitheleevated privileges method in  itemupdated event receiver method.  

    the issue i am facing is, whenever the itemupdated event is called and after broken permissions , the  document is automatically checkout by the author and sicne i am appllying a different permissions level [ custom permissions - nodelete permission] and hence i am unable to check-in [ ie, author is NOT able to Check-in]

    public override void ItemUpdated(SPItemEventProperties properties)
            {
                PerformManageConfigListApplyPermissions(properties);
            }
     public bool PerformManageConfigListApplyPermissions(SPItemEventProperties paramAddedProperties)
            {
                SPUser currUser = paramAddedProperties.Web.CurrentUser;
    
                this.EventFiringEnabled = false;
                
                bool isblnPermiApplied= false;
    
                string strFolderNameinDocLib =string.Empty;
                string strDocLibNameinSite = string.Empty;
                bool isblnFolderNameinDocLib = false;
                bool isappliedpermisions= false;
    
                    SPSecurity.RunWithElevatedPrivileges(delegate()
                    {
    
                        SPSite CurrentSite = new SPSite(paramAddedProperties.SiteId);
                        SPWeb CurrentWeb = CurrentSite.OpenWeb(paramAddedProperties.RelativeWebUrl);
                        CurrentWeb.AllowUnsafeUpdates = true;
                        SPList CurrentList = CurrentWeb.Lists[paramAddedProperties.ListId];
    
                        SPListItem Current
     if (!pCurrentListItem.HasUniqueRoleAssignments)
                                       {
                                           pCurrentListItem.BreakRoleInheritance(false);
                                           CurrentWeb.AllowUnsafeUpdates = true;
    
                                           SPRoleAssignmentCollection SPRoleAssColn = pCurrentListItem.RoleAssignments;
                                           for (int i = SPRoleAssColn.Count - 1; i >= 0; i--)
                                           {
                                               SPRoleAssignment roleAssignmentSingle = SPRoleAssColn[i];
                                               System.Type t = roleAssignmentSingle.Member.GetType();
                                               //    continue;
    
                                               //if (roleAssignmentSingle.Member.LoginName == properties.UserLoginName)
                                               //   continue; SHAREPOINT\\system
                                               //if (roleAssignmentSingle.Member.LoginName != "SHAREPOINT\\system" ||  roleAssignmentSingle.Member.ID != npdadminSPGroup.ID || roleAssignmentSingle.Member.LoginName != paramProperties.UserLoginName)
    
                                               if (roleAssignmentSingle.Member.Name != "System Account" && roleAssignmentSingle.Member.Name != "NPD Admin" && roleAssignmentSingle.Member.LoginName != paramProperties.UserLoginName)
                                               {
                                                   if (t.Name == "SPGroup" || t.Name == "SPUser")
                                                       SPRoleAssColn.Remove(i);
                                               }
                                           }
                                       }

    ListItem;
                        CurrentListItem = CurrentWeb.Lists[paramAddedProperties.ListId].GetItemById(paramAddedProperties.ListItem.ID);
     
     now, my question is ,  in which permission level [ except contribute ] if i apply  against the document, i will be able to CHECK-IN the item and later update the document / edit the document. ? 


    • Edited by SaMolPP Monday, March 20, 2017 5:11 AM
    Monday, March 20, 2017 5:04 AM

All replies

  • Hi,

    Could you try to check-in the file if it’s checked out, here is my test code:

    public override void ItemUpdated(SPItemEventProperties properties)
            {
                base.ItemUpdated(properties);
                SPUser currUser = properties.Web.CurrentUser;            
                //bool isblnPermiApplied = false;
    
                //string strFolderNameinDocLib = string.Empty;
                //string strDocLibNameinSite = string.Empty;
                //bool isblnFolderNameinDocLib = false;
                //bool isappliedpermisions = false;
                SPSecurity.RunWithElevatedPrivileges(delegate()
                    {                    
                        SPWeb CurrentWeb = properties.List.ParentWeb;
                        CurrentWeb.AllowUnsafeUpdates = true;
                        SPList CurrentList = properties.List;
                        SPListItem pCurrentListItem = properties.ListItem;
                        if (!pCurrentListItem.HasUniqueRoleAssignments)
                        {
                            this.EventFiringEnabled = false;
                            pCurrentListItem.BreakRoleInheritance(false);                       
                            SPRoleAssignmentCollection SPRoleAssColn = pCurrentListItem.RoleAssignments;
                            for (int i = SPRoleAssColn.Count - 1; i >= 0; i--)
                            {
                                SPRoleAssignment roleAssignmentSingle = SPRoleAssColn[i];
                                System.Type t = roleAssignmentSingle.Member.GetType();
    
                                if (roleAssignmentSingle.Member.Name != "System Account" && roleAssignmentSingle.Member.LoginName != properties.UserLoginName)
                                {
                                    if (t.Name == "SPGroup" || t.Name == "SPUser")
                                        SPRoleAssColn.Remove(i);
                                }
                            }
                            if (properties.ListItem.File.CheckOutType != SPFile.SPCheckOutType.None)
                            {                           
                                properties.ListItem.File.CheckIn("Program checkIn");                                                        
                            }
                            this.EventFiringEnabled = true;
                        }
                    });
    
            }

    Best Regards,

    Lee


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Tuesday, March 21, 2017 4:04 AM
  • How to make the modifed by as the current loged in user?

    why am asking because, if i run the above code 

    properties.ListItem.File.CheckIn("Program checkIn");

    the file/item's modifed by column would be replaced by system account and end users will be confused and wont be able to find out who is the last user name, updated the document.

    is there any way, i can change it to current loged in user's actual display name?

    Wednesday, March 22, 2017 9:13 AM
  • Hi,

    Try to set the editor user, here is the sample code:

    if (properties.ListItem.File.CheckOutType != SPFile.SPCheckOutType.None)
                            {                           
                                properties.ListItem.File.CheckIn("Program checkIn");                                                        
                            }
                            pCurrentListItem["Editor"] = currUser;
                            pCurrentListItem.Update();
                            this.EventFiringEnabled = true;

    Best Regards,

    Lee


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Wednesday, March 22, 2017 10:06 AM
  • the problem with the above code is, it will throw anotehr error as teh update method will b called again:

    "An exception of type 'Microsoft.SharePoint.SPException' occurred in Microsoft.SharePoint.dll but was not handled in user code

    Additional information: The file Common/Others/8.docx has been modified by SHAREPOINT\system on 23 Mar 2017 19:09:43 +0530.

    "

    am getting the above error when i try to call .update() after updating the "Editor" .

    here Common is the doc lib name and Others is the folder name. 8.docx is the file i have uploaded. 
    • Edited by SaMolPP Thursday, March 23, 2017 2:07 PM
    Thursday, March 23, 2017 1:42 PM
  • Hi,

    Have you disable the EventFiringEnabled before updating?

    Best Regards,

    Lee


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com


    Friday, March 24, 2017 9:07 AM
  • yes, i have done that.  i did  that eventfiringenabled= false on the first line of itemadded() method.
    Saturday, March 25, 2017 9:15 AM
  • Hi,

    Is any other workflow/event receiver for this library? Or could you create a new library to validate the code?

    Best Regards,

    Lee


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, March 27, 2017 7:59 AM