I want to know if I'm missing something.
Here's how I would do it:
For SPFolder I would change the associtaed item's permissions (SPFolder.Item).
So I suppose managing SPFolder permissions boils down to managing SPListItem permissions.
For SPListItem I would frist break role inheritance with SPListItem.BreakRoleInheritance()
and then work with RoleAssignments
collections adding and removing roles there.
I wonder if RoleAssignments is the only way to manage SPListItem's permissions (besides inheritance) and is there a way to manage individual permissions without roles. There is also EffectiveBasePermissions property but I'm not sure.
So the question is is there other ways (besides inheritance) to manage SPListItem permissions apart from the RoleAssignments collection?
@Edit: there's also AllRolesForCurrentUser, but I guess you can get the same info from the RoleAssignments property, so this one is just for convenience.
@Edit: As Flo notes in his answer there is a problem with setting
folder.ParentWeb.AllowUnsafeUpdates = true;
And using BreakRoleInheritance
with argument of 'false' (i.e. without copying permissions of the parent object).
folder.Item.BreakRoleInheritance(false);
BreakRoleInheritance
simply won't work on GET request as you'd expect after allowing unsafe updates. Presumably the method resets AllowUnsafeUpdates
back to 'false'.
One workaround I know for this is to manually delete the inherited permissions after you BreakRoleInheritance(true), like this:
folder.Item.BreakRoleInheritance(false);
while(folder.Item.RoleAssignments.Count > 0) {
folder.Item.RoleAssignments.Remove(0);
}
Thanks!