向SharePoint 2010中添加Permission Level,Group,以及相应的User
在SharePoint Server 2010中权限管理涉及到的几个概念可以描述如下:1:SharePoint Server 2010 Permission: SharePoint2010 Server中总共包含 33 种基本的permission(当然是通过二进制的每一位进行控制基本的permission),这些基本的permission分别控制着对各个基本对象的view,create,edit,delete 的基本操作。而且这些permission基本分为三大类:list permissions(包含item permissions), site permissions, 和 personal permissions。 例如:site permissions 可以应用到制定的site上,list permissions可以应用到lists以及相应的items上, 而personal permissions可以应用到personal views 或者 private Web Parts 等。
2:Permission Level:每个 permission level 都是不同 permission 的一个集合,并且在代码程序中permission level将作为Role的一个属性值,通过Role Assignment的方式添加给对应的Group中,在SharePoint Server 2010中有5种默认的permission level,分别为:Full Control, Design, Contribute, Read, Limited Access. 在这5种permission level中除了Full Control和Limited Access 其他3中都是可以修改的,与此同时我们可以自定义我们自己的permission level。
3:Group:每个Group可以包含不同的permission level,也就是在这个Group里面的User可以操作具有操作权限的那些对象,与此同时,每个User可以在不同的Group中,那么这里会有一个permission叠加的逻辑,也就是计算User所具有的所有权限(将所有的所属Group的所有Permission Level中所有的Permission叠加在一起)。
更多关于SharePoint Permission 的概念 请看: http://technet.microsoft.com/en-us/library/cc721640(v=office.14).aspx
接下来我们要用代码的方式实现:创建permission level, 然后创建具有permission level的group,之后将user添加到我们创建的group中。
在SharePoint Project中添加一个Feature 取名:CustomUserGroupFeature
在此Feature中添加一个EventHandler并完成功能代码
CustomUserGroupFeature.EventReceiver.cs
using System;
using System.Runtime.InteropServices;
using System.Security.Permissions;
using Microsoft.SharePoint;
using System.Linq;
namespace EricSunSharePointProject.Features.CustomUserGroupFeature
{
/// <summary>
/// This class handles events raised during feature activation, deactivation, installation, uninstallation, and upgrade.
/// </summary>
/// <remarks>
/// The GUID attached to this class may be used during packaging and should not be modified.
/// </remarks>
public class CustomUserGroupFeatureEventReceiver : SPFeatureReceiver
{
// Uncomment the method below to handle the event raised after a feature has been activated.
//public override void FeatureActivated(SPFeatureReceiverProperties properties)
//{
//}
// Uncomment the method below to handle the event raised before a feature is deactivated.
//public override void FeatureDeactivating(SPFeatureReceiverProperties properties)
//{
//}
// Uncomment the method below to handle the event raised after a feature has been installed.
//public override void FeatureInstalled(SPFeatureReceiverProperties properties)
//{
//}
// Uncomment the method below to handle the event raised before a feature is uninstalled.
//public override void FeatureUninstalling(SPFeatureReceiverProperties properties)
//{
//}
// Uncomment the method below to handle the event raised when a feature is upgrading.
//public override void FeatureUpgrading(SPFeatureReceiverProperties properties, string upgradeActionName, System.Collections.Generic.IDictionary<string, string> parameters)
//{
//}
const string Administrators = "EricSun Content Administrators";
const string Approvers = "EricSun Content Approvers";
public override void FeatureActivated(SPFeatureReceiverProperties properties)
{
string groupDescription = "EricSun Content";
try
{
using (SPWeb web = properties.Feature.Parent as SPWeb)
{
CreateSubSiteGroup(web, Administrators, GetAdministratorPermission(), groupDescription + " Administrators Group", Administrators, "Can view, add, update, delete, and customize list items and documents.");
CreateSubSiteGroup(web, Approvers, GetApproverPermission(), groupDescription + " Approvers Group", Approvers, "Can view, and approve list items and documents.");
}
}
catch (SPException ex)
{
}
}
// Uncomment the method below to handle the event raised before a feature is deactivated.
public override void FeatureDeactivating(SPFeatureReceiverProperties properties)
{
try
{
using (SPWeb web = properties.Feature.Parent as SPWeb)
{
DeleteSubSiteGroup(web, Administrators);
DeleteSubSiteGroup(web, Approvers);
}
}
catch (SPException ex)
{
}
}
/// <SUMMARY>
/// Create group
/// </SUMMARY>
private void CreateSubSiteGroup(SPWeb web, string groupName, SPBasePermissions PermissionLevel, string groupDescription, string roleName, string description)
{
try
{
SPUserCollection users = web.AllUsers;
SPUser owner = web.SiteAdministrators;
SPMember member = web.SiteAdministrators;
SPGroupCollection groups = web.SiteGroups;
if (!groups.Cast<SPGroup>().Any(g => g.Name.Equals(groupName, StringComparison.Ordinal)))
{
//add new group if not found
groups.Add(groupName, member, owner, groupDescription);
}
SPGroup newSPGroup = groups;
SPRoleDefinition role = new SPRoleDefinition();
role.Name = roleName;
role.Description = description;
role.BasePermissions = PermissionLevel;
if (!web.RoleDefinitions.Cast<SPRoleDefinition>().Any(r => r.Name.Equals(roleName, StringComparison.Ordinal)))
{
//add role definition if not found
web.RoleDefinitions.Add(role);
}
role = web.RoleDefinitions;
SPRoleAssignment roleAssignment = new SPRoleAssignment(newSPGroup);
roleAssignment.RoleDefinitionBindings.Add(role);
web.RoleAssignments.Add(roleAssignment);
web.Update();
}
catch (SPException ex)
{
}
}
/// <SUMMARY>
/// Delete group for subsite
/// </SUMMARY>
private void DeleteSubSiteGroup(SPWeb web, string groupName)
{
try
{
SPGroupCollection groups = web.SiteGroups;
groups.Remove(groupName);
web.Update();
}
catch (SPException ex)
{
}
}
/// <summary>
///
/// </summary>
/// <returns></returns>
private SPBasePermissions GetAdministratorPermission()
{
return SPBasePermissions.EditListItems | SPBasePermissions.ViewListItems | SPBasePermissions.DeleteListItems
| SPBasePermissions.AddListItems | SPBasePermissions.OpenItems;
}
private SPBasePermissions GetApproverPermission()
{
return SPBasePermissions.ApproveItems;
}
}
}
。。。
页:
[1]