Saturday, December 25, 2010

How to set Item Level Permission for SharePoint 2007 (MOSS/WSS) List/Document Library Programmatically


Here is a piece of code (a function) to set Item Level Permission. You can use it as a Web Method in a custom Web Service. This method can be used from Applications outside of SharePoint, provided the user using this application has sufficient privilege to update lists/libraries etc.

    public string ItemPermission(string SitePath)
    {
        string ReturnVal = "";
        try
        {
            SPSite WebApp = new SPSite(SitePath);
            SPWeb Site = WebApp.OpenWeb();
            SPList list = Site.Lists["TestDocLib"];
            SPListItem item = list.Items[0];
            SPRoleDefinition RoleDefinition = Site.RoleDefinitions.GetByType(SPRoleType.Contributor);
            SPRoleAssignment RoleAssignment = new SPRoleAssignment("<domain>\\<user>", "email", "name", "notes");
            RoleAssignment.RoleDefinitionBindings.Add(RoleDefinition);
            if(!item.HasUniqueRoleAssignments)
            {
                item.BreakRoleInheritance(true);               
            }
            item.RoleAssignments.Add(RoleAssignment);
            item.Update();
        }
        catch (Exception ex)
        {
            ReturnVal += "Permission not set, reason: " + ex.Message;
        }
        return ReturnVal;
    }




Requirement:

I have a list and have made settings wherein the user can edit only the items created by them and read others data. Now if a person leaves the company all the data created by he/she will become read only to others. There is no apparent OOB way to give permission to any other user to those items at one go. But we can use custom coding and special ability of SharePoint 2007 to set Item level permission for this requirement.

I have created a Custom Web Service to do the trick (From here you will get information about how to implement this web service in SharePoint). And there is a console application to pass the parameters to the Web Service’s web method. You can replace this console app with Windows/Web Form, Web Part etc. Or you can create a custom workflow which will get activated when any user is removed and will call the web service.

Here is the code for the web service:

===================================================  
using System;
using System.Web;
using System.Web.Services;
using System.Web.Services.Protocols;
using Microsoft.SharePoint;

[WebService(Namespace = "http://tempuri.org/")]
[WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
public class Service : System.Web.Services.WebService
{
    public Service () {

        //Uncomment the following line if using designed components
        //InitializeComponent();
    }

    [WebMethod]
    public string ItemPermission(string SitePath, string LibName, string OldUser, string NewUser,string email, string name)
    {

        string ReturnVal = "";

        try
        {
            SPSite WebApp = new SPSite(SitePath);
            SPWeb Site = WebApp.OpenWeb();
            SPList list = Site.Lists[LibName];
            SPQuery newSPQuery = new SPQuery();
            newSPQuery.Query = "<Where><Eq><FieldRef Name=\"Author\"/><Value Type=\"User\">" + OldUser + "</Value></Eq></Where>";
            SPListItemCollection listItemCol = list.GetItems(newSPQuery);
            if (listItemCol.Count > 0)
            {
                foreach (SPListItem item in listItemCol)
                {
                    SPRoleDefinition RoleDefinition = Site.RoleDefinitions.GetByType(SPRoleType.Contributor);
                    SPRoleAssignment RoleAssignment = new SPRoleAssignment(NewUser, email, name, "notes");
                    RoleAssignment.RoleDefinitionBindings.Add(RoleDefinition);
                    if (!item.HasUniqueRoleAssignments)
                    {
                        item.BreakRoleInheritance(true);
                    }
                    item.RoleAssignments.Add(RoleAssignment);
                    item.Update();
                }
            }
        }
        catch (Exception ex)
        {
            ReturnVal += "Permission not set, reason: " + ex.Message;
        }
        return ReturnVal;
    }
   
}
===================================================

Here is the code for console application:

Replace the following things:

<sitepath> with the Full URL of the site
<libname> with the list/library name
<domain> with the domain name
<olduser> with the userid who left the company
<newuser> with the userid to whom you want to give permission
<email of new user> self explaning
<name of new user> self explaning

If "<domain>\\<olduser>" does not work try to use the old user’s full name such as “John Smith”.

=====================================================

using System;
using System.Collections.Generic;
using System.Text;

namespace ConsoleApplication1
{
    class Program
    {
        //localhost.Service newService;
        static void Main(string[] args)
        {
            localhost.Service newService = new localhost.Service();
            newService.UseDefaultCredentials = true; //I am assuming an administrator/power user is running this app or use a specific credential here
            string output = newService.ItemPermission("<sitepath>""<libname>""<domain>\\<olduser>""<domain>\\<newuser>""<email of new user>""<name of new user>");
            Console.WriteLine(output);
            Console.ReadLine();
        }
    }
}



Source:msdn

No comments:

Post a Comment