locked
my code remove the crated by user permissions how can avoid that RRS feed

  • Question

  • sorry for that but i have this problem in sharepoint 2007

    i develop a code to remove all perimassion from list item and assign an perimassion for peopel who in the filed callod "To"

    but it is remove also the user who create this item .

    the code is:

     SPSite _site = new SPSite("http://moss02/FI");
    
                using (SPWeb _web = _site.OpenWeb())
                {
                    
                    SPList _list = _web.Lists["FI"];
                    SPListItem _listItem = properties.ListItem;
                    //remove permissions first                        
                    _web.AllowUnsafeUpdates = true;
                    _listItem.BreakRoleInheritance(false);
                    SPRoleAssignmentCollection raCollection = _listItem.RoleAssignments;
                    //remove exisiting permissions one by one                        
                    for (int a = raCollection.Count - 1; a >= 0; a--)
                    {
                        
                        raCollection.Remove(a);
                    }
                    
                }
    
    

    how can i make this code remove the permissions but not for who create the item?


    Thanks for any help :) my blog is: http://www.waelk.com
    Thursday, October 20, 2011 6:48 AM

Answers

  • it is working after i remove this line  raCollection.Remove(a);
    thanks for all
    Thanks for any help :) my blog is: http://www.waelk.com
    • Marked as answer by wael_e Saturday, October 22, 2011 6:33 AM
    Saturday, October 22, 2011 6:33 AM

All replies

  • Hi,

    You can first get the created by user from list then compare the user from user collections. Here is sample code:

    SPRoleAssignmentCollection raCollection = item.RoleAssignments;

     foreach (SPRoleAssignment Rolesname in raCollection)
     {
         SPPrincipal oPrincipal = Rolesname.Member;

         string users = oPrincipal.Name;
         string name = item["Created By"].ToString().Split('#')[1].ToString();
        if(users == name)

    {

    //dont remove

    }

    else

    {

    ///remove user

    }}

    Here is link for your information

    http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.sproleassignmentcollection%28v=office.12%29.aspx

    Hope it could help

     


    Cheers, Hemendra-MCTS "Yesterday is just a memory,Tomorrow we may never see"
    • Proposed as answer by Shubham Goyal Thursday, October 20, 2011 8:48 AM
    • Unproposed as answer by wael_e Thursday, October 20, 2011 10:27 AM
    Thursday, October 20, 2011 8:00 AM
  • ok i change the code with your code but :

    when i try to add new item using admin user it is working fine but when i try to do the same thing with normal user contributer user it is created the record and stop inherted perimesson and remove all users and not continue to add the users.


    Thanks for any help :) my blog is: http://www.waelk.com
    Thursday, October 20, 2011 10:29 AM
  • You want to remove permission for a particular Item or for whole list? Explain in detail.

     

    Thanks & Regards,

    R.G

    Thursday, October 20, 2011 11:16 AM
  • for particular Item only .

    like this: normall user open the list and click new then he fill up the data and in colum called "TO" he add users .

    this users will see the record only this users and the noraml user who create the record sour must see it also.

    in code i stop inherit perimassion and remove all exist perimssion and start adding the users in colum "TO".

     

    the code is working when i login as admin

    but if i login as normal user it work until remove all security and not contine to add users.

     


    Thanks for any help :) my blog is: http://www.waelk.com
    Thursday, October 20, 2011 11:24 AM
  • You can do it something like this.

    SPListItem myItem = properties.ListItem;
    myItem.BreakRoleInheritance(false); 
    myItem.Update();
    SPWeb myWeb = properties.OpenWeb();
    SPMember member = myWeb.SiteGroups["UserGroup"];

    // if u need permission for individual user then modify the code littlebit.


    SPPrincipal principal = (SPPrincipal)member;
    SPRoleDefinition roledefinition = 
    myWeb.RoleDefinitions.GetByType(SPRoleType.Contributor );
    SPRoleAssignment myRoleAssignment = new SPRoleAssignment(principal);
    myRoleAssignment.RoleDefinitionBindings.Add(roledefinition);
    myItem.RoleAssignments.Add(myRoleAssignment);
    myItem.Update();

     

    This ahould achive the Item level permission.

    Thanks & Regards,

    R.G

    Thursday, October 20, 2011 11:30 AM
  • can you give me explain what this code do
    Thanks for any help :) my blog is: http://www.waelk.com
    Thursday, October 20, 2011 12:00 PM
  • >when i try to add new item using admin user it is working fine but when i try to do the same thing with normal user contributer user

    Yes, it will do because SPPrincipal requires the admin right so you can use the runwithelevated priviledge.

    SPSecurity.RunWithElevatedPrivileges(delegate()
      {

       // Put your whole code inside this.

      }

    hope it could help


    Cheers, Hemendra-MCTS "Yesterday is just a memory,Tomorrow we may never see"
    Thursday, October 20, 2011 12:11 PM
  • Hello!

    Try something like the following:

     

    SPSecurity.RunWithElevatedPrivileges(delegate()
      {
    
    	    SPSite _site = new SPSite("http://moss02/FI");
    
                using (SPWeb _web = _site.OpenWeb())
                {
                    
                    SPList _list = _web.Lists["FI"];
                    SPListItem _listItem = _list.GetItemById(properties.ListItemId); // you have to get elevated list item as well
                    
    		// reset permissions
                	if (_listItem.HasUniqueRoleAssignments)
                    	_listItem.ResetRoleInheritance();
    	        _listItem.BreakRoleInheritance(false);
    
                    // set required permissions to list item creator
                    SPFieldUserValue spFieldUserValue = _listItem[SPBuiltInFieldId.Author] as SPFieldUserValue;			
    		SPUser spUser = SafeEnsureUser(_web, spFieldUserValue.LookupValue)
    	        if(spUser != null)
    		{
    			var contributor = spWeb.RoleDefinitions.GetByType(SPRoleType.Contributor);
    			SPRoleAssignment roleAssignment = new SPRoleAssignment(spPrincipal);
    			roleAssignment.RoleDefinitionBindings.Add(contributor);
    			_listItem.RoleAssignments.Add(roleAssignment);
    		}
                    _listItem.Update();
                }
      }
    

    SafeEnsureUser is a function I usually use, it's described here - http://dotnetfollower.com/wordpress/2011/05/sharepoint-wrapper-over-ensureuser/. It doesn't throw an exception.

     


    .Net Follower (http://dotnetfollower.com)
    Thursday, October 20, 2011 2:13 PM
  • sorry for that i know you all working hard to help me but it is dos't work with me yit this examples code.

    this is my code it is 2 part first part i remove all security with this part of code:

     SPSite _site = new SPSite("http://moss02/FI");
                using (SPWeb _web = _site.OpenWeb())
                {
                    SPList _list = _web.Lists["FI"];
                    SPListItem _listItem = properties.ListItem;
                    //remove permissions first                        
                    _web.AllowUnsafeUpdates = true;
                    _listItem.BreakRoleInheritance(false);
                    SPRoleAssignmentCollection raCollection = _listItem.RoleAssignments;
                    //remove exisiting permissions one by one                        
                    for (int a = raCollection.Count - 1; a >= 0; a--)
                    {
                        raCollection.Remove(a);
                    }
                }
    

    after this part i use this part to read the filed value and give the security:

    //------start give preimssion------
    
                SPSecurity.RunWithElevatedPrivileges(delegate()
                {
                    using (SPSite site = new SPSite("http://moss02/FI"))
                    {
                        using (SPWeb web = site.OpenWeb())
                        {
                            #region
                            SPList oList = web.Lists["FI"];
                            site.AllowUnsafeUpdates = true;
                            web.AllowUnsafeUpdates = true;
                            SPListItemCollection oListItems = oList.Items;
                            SPListItem oListItem = properties.ListItem;
                            //foreach (SPListItem oListItem in oListItems)
                            //{
                            //Gets a collection of all the User and Group objects from the UserGroup Field
                            SPFieldUserValueCollection oFieldUserValueCollection = new SPFieldUserValueCollection(web, properties.ListItem["To"].ToString());
    
                            //Next, loop through the Values in the Collection
                            foreach (SPFieldUserValue oFieldUserValue in oFieldUserValueCollection)
                            {
    
                                if (oFieldUserValue.User != null)
                                {
                                    oList.BreakRoleInheritance(false);
    
                                    SPRoleDefinition roledefinition = web.RoleDefinitions.GetByType(SPRoleType.Reader);
                                    SPRoleAssignment roleassignment = new SPRoleAssignment(oFieldUserValue.User.LoginName, oFieldUserValue.User.Email, oFieldUserValue.User.Name, oFieldUserValue.User.Notes);
    
                                    roleassignment.RoleDefinitionBindings.Add(roledefinition);
                                    oListItem.RoleAssignments.Add(roleassignment);
                                    oListItem.Update();
                                }
                            }
                            //}
                            web.AllowUnsafeUpdates = false;
                            site.AllowUnsafeUpdates = false;
                            #endregion
    
                        }
                    }
                });
                //---------End To
    

    becouse i have 3 fileds i repet this code 3 times (yes i know i can make funaction take th filed value and repet this funaction 3 times insted of repet the code but i didn't do that).

    so the full code is like this:

     public override void ItemAdded(SPItemEventProperties properties)
            { 
    
    
    SPSite _site = new SPSite("http://moss02/FI");
                using (SPWeb _web = _site.OpenWeb())
                {
                    SPList _list = _web.Lists["FI"];
                    SPListItem _listItem = properties.ListItem;
                    //remove permissions first                        
                    _web.AllowUnsafeUpdates = true;
                    _listItem.BreakRoleInheritance(false);
                    SPRoleAssignmentCollection raCollection = _listItem.RoleAssignments;
                    //remove exisiting permissions one by one                        
                    for (int a = raCollection.Count - 1; a >= 0; a--)
                    {
                        raCollection.Remove(a);
                    }
                }
               
            
    
    
                
    //------start give preimssion------
    
                SPSecurity.RunWithElevatedPrivileges(delegate()
                {
                    using (SPSite site = new SPSite("http://moss02/FI"))
                    {
                        using (SPWeb web = site.OpenWeb())
                        {
                            #region
                            SPList oList = web.Lists["RFI"];
                            site.AllowUnsafeUpdates = true;
                            web.AllowUnsafeUpdates = true;
                            SPListItemCollection oListItems = oList.Items;
                            SPListItem oListItem = properties.ListItem;
                            //foreach (SPListItem oListItem in oListItems)
                            //{
                            //Gets a collection of all the User and Group objects from the UserGroup Field
                            SPFieldUserValueCollection oFieldUserValueCollection = new SPFieldUserValueCollection(web, properties.ListItem["To"].ToString());
    
                            //Next, loop through the Values in the Collection
                            foreach (SPFieldUserValue oFieldUserValue in oFieldUserValueCollection)
                            {
    
                                if (oFieldUserValue.User != null)
                                {
                                    oList.BreakRoleInheritance(false);
    
                                    SPRoleDefinition roledefinition = web.RoleDefinitions.GetByType(SPRoleType.Reader);
                                    SPRoleAssignment roleassignment = new SPRoleAssignment(oFieldUserValue.User.LoginName, oFieldUserValue.User.Email, oFieldUserValue.User.Name, oFieldUserValue.User.Notes);
    
                                    roleassignment.RoleDefinitionBindings.Add(roledefinition);
                                    oListItem.RoleAssignments.Add(roleassignment);
                                    oListItem.Update();
                                }
                            }
                            //}
                            web.AllowUnsafeUpdates = false;
                            site.AllowUnsafeUpdates = false;
                            #endregion
    
                        }
                    }
                });
                //---------End To
    
                //---------Start Cc
                SPSecurity.RunWithElevatedPrivileges(delegate()
                {
                    using (SPSite site_CC = new SPSite("http://moss02/FI"))
                    {
                        using (SPWeb web_CC = site_CC.OpenWeb())
                        {
                            #region
                            SPList oList_CC = web_CC.Lists["FI"];
                            site_CC.AllowUnsafeUpdates = true;
                            web_CC.AllowUnsafeUpdates = true;
                            SPListItemCollection oListItems_CC = oList_CC.Items;
                            SPListItem oListItem_CC = properties.ListItem;
                            //foreach (SPListItem oListItem in oListItems)
                            //{
                            //Gets a collection of all the User and Group objects from the UserGroup Field
                            SPFieldUserValueCollection oFieldUserValueCollection_CC = new SPFieldUserValueCollection(web_CC, properties.ListItem["Cc"].ToString());
    
                            //Next, loop through the Values in the Collection
                            foreach (SPFieldUserValue oFieldUserValue_CC in oFieldUserValueCollection_CC)
                            {
    
                                if (oFieldUserValue_CC.User != null)
                                {
                                    oList_CC.BreakRoleInheritance(false);
    
                                    SPRoleDefinition roledefinition_CC = web_CC.RoleDefinitions.GetByType(SPRoleType.Reader);
                                    SPRoleAssignment roleassignment_CC = new SPRoleAssignment(oFieldUserValue_CC.User.LoginName, oFieldUserValue_CC.User.Email, oFieldUserValue_CC.User.Name, oFieldUserValue_CC.User.Notes);
    
                                    roleassignment_CC.RoleDefinitionBindings.Add(roledefinition_CC);
                                    oListItem_CC.RoleAssignments.Add(roleassignment_CC);
                                    oListItem_CC.Update();
                                }
                            }
                            //}
    
                            web_CC.AllowUnsafeUpdates = false;
                            site_CC.AllowUnsafeUpdates = false;
                            #endregion
                        }
                    }
                });
                //-----------End Cc--------------
    
                //----------secartry-------------
    
    
                SPSecurity.RunWithElevatedPrivileges(delegate()
                {
    
                    using (SPSite site_Secretary = new SPSite("http://moss02/FI"))
                    {
                        using (SPWeb web_Secretary = site_Secretary.OpenWeb())
                        {
                            #region
                            SPList oList_Secretary = web_Secretary.Lists["FI"];
                            site_Secretary.AllowUnsafeUpdates = true;
                            web_Secretary.AllowUnsafeUpdates = true;
                            SPListItemCollection oListItems_Secretary = oList_Secretary.Items;
                            SPListItem oListItem_Secretary = properties.ListItem;
                            //foreach (SPListItem oListItem in oListItems)
                            //{
                            //Gets a collection of all the User and Group objects from the UserGroup Field
                            SPFieldUserValueCollection oFieldUserValueCollection_Secretary = new SPFieldUserValueCollection(web_Secretary, properties.ListItem["To Secretary"].ToString());
    
                            //Next, loop through the Values in the Collection
                            foreach (SPFieldUserValue oFieldUserValue_Secretary in oFieldUserValueCollection_Secretary)
                            {
    
                                if (oFieldUserValue_Secretary.User != null)
                                {
                                    oList_Secretary.BreakRoleInheritance(false);
    
                                    SPRoleDefinition roledefinition_Secretary = web_Secretary.RoleDefinitions.GetByType(SPRoleType.Reader);
                                    SPRoleAssignment roleassignment_Secretary = new SPRoleAssignment(oFieldUserValue_Secretary.User.LoginName, oFieldUserValue_Secretary.User.Email, oFieldUserValue_Secretary.User.Name, oFieldUserValue_Secretary.User.Notes);
    
                                    roleassignment_Secretary.RoleDefinitionBindings.Add(roledefinition_Secretary);
                                    oListItem_Secretary.RoleAssignments.Add(roleassignment_Secretary);
                                    oListItem_Secretary.Update();
                                }
                            }
                            //}
    
                            web_Secretary.AllowUnsafeUpdates = false;
                            site_Secretary.AllowUnsafeUpdates = false;
    
                            #endregion
    
                        }
                    }
                });
                //-----------End secartary--------------
    }
    

    what i need to change to do it work by user also not only for admin?


    Thanks for any help :) my blog is: http://www.waelk.com
    Friday, October 21, 2011 8:06 AM
  • it is working after i remove this line  raCollection.Remove(a);
    thanks for all
    Thanks for any help :) my blog is: http://www.waelk.com
    • Marked as answer by wael_e Saturday, October 22, 2011 6:33 AM
    Saturday, October 22, 2011 6:33 AM