Sharepoint: How to programmatically manage SPFolde

2019-03-28 02:40发布

问题:

I want to know if I'm missing something. Here's how I would do it: For SPFolder I would change the associtaed item's permissions (SPFolder.Item). So I suppose managing SPFolder permissions boils down to managing SPListItem permissions. For SPListItem I would frist break role inheritance with SPListItem.BreakRoleInheritance() and then work with RoleAssignments collections adding and removing roles there.

I wonder if RoleAssignments is the only way to manage SPListItem's permissions (besides inheritance) and is there a way to manage individual permissions without roles. There is also EffectiveBasePermissions property but I'm not sure.

So the question is is there other ways (besides inheritance) to manage SPListItem permissions apart from the RoleAssignments collection?

@Edit: there's also AllRolesForCurrentUser, but I guess you can get the same info from the RoleAssignments property, so this one is just for convenience.

@Edit: As Flo notes in his answer there is a problem with setting

folder.ParentWeb.AllowUnsafeUpdates = true;

And using BreakRoleInheritance with argument of 'false' (i.e. without copying permissions of the parent object).

folder.Item.BreakRoleInheritance(false);

BreakRoleInheritance simply won't work on GET request as you'd expect after allowing unsafe updates. Presumably the method resets AllowUnsafeUpdates back to 'false'.

One workaround I know for this is to manually delete the inherited permissions after you BreakRoleInheritance(true), like this:

folder.Item.BreakRoleInheritance(false);
while(folder.Item.RoleAssignments.Count > 0) {
    folder.Item.RoleAssignments.Remove(0);
}

Thanks!

回答1:

You have it pretty much right. I believe that RoleAssignments are indeed the only mechanism for managing permissions directly. Here's a post that shows a quick example of how to do it. I also used these two posts when I did some more complicated things.



回答2:

This post will be interessting, too, when working with the BreakRoleInheritance() method. It's about a problem you might run into when using BreakRoleInheritance(false).