在SharePoint Server 2010中权限管理涉及到的几个概念可以描述如下:
1:SharePoint Server 2010 Permission: SharePoint2010 Server中总共包含 33 种基本的permission(当然是通过二进制的每一位进行控制基本的permission),这些基本的permission分别控制着对各个基本对象的view,create,edit,delete 的基本操作。而且这些permission基本分为三大类:list permissions(包含item permissions), site permissions, 和 personal permissions。 例如:site permissions 可以应用到制定的site上,list permissions可以应用到lists以及相应的items上, 而personal permissions可以应用到personal views 或者 private Web Parts 等。
2:Permission Level:每个 permission level 都是不同 permission 的一个集合,并且在代码程序中permission level将作为Role的一个属性值,通过Role Assignment的方式添加给对应的Group中,在SharePoint Server 2010中有5种默认的permission level,分别为:Full Control, Design, Contribute, Read, Limited Access. 在这5种permission level中除了Full Control和Limited Access 其他3中都是可以修改的,与此同时我们可以自定义我们自己的permission level。
3:Group:每个Group可以包含不同的permission level,也就是在这个Group里面的User可以操作具有操作权限的那些对象,与此同时,每个User可以在不同的Group中,那么这里会有一个permission叠加的逻辑,也就是计算User所具有的所有权限(将所有的所属Group的所有Permission Level中所有的Permission叠加在一起)。
更多关于SharePoint Permission 的概念 请看: http://technet.microsoft.com/en-us/library/cc721640(v=office.14).aspx
接下来我们要用代码的方式实现:创建permission level, 然后创建具有permission level的group,之后将user添加到我们创建的group中。
在SharePoint Project中添加一个Feature 取名:CustomUserGroupFeature
在此Feature中添加一个EventHandler并完成功能代码
CustomUserGroupFeature.EventReceiver.cs
using System; using System.Runtime.InteropServices; using System.Security.Permissions; using Microsoft.SharePoint; using System.Linq; namespace EricSunSharePointProject.Features.CustomUserGroupFeature { /// <summary> /// This class handles events raised during feature activation, deactivation, installation, uninstallation, and upgrade. /// </summary> /// <remarks> /// The GUID attached to this class may be used during packaging and should not be modified. /// </remarks> [Guid("7ae2e739-1863-4b34-b3cb-a7fd6fd04fa4")] public class CustomUserGroupFeatureEventReceiver : SPFeatureReceiver { // Uncomment the method below to handle the event raised after a feature has been activated. //public override void FeatureActivated(SPFeatureReceiverProperties properties) //{ //} // Uncomment the method below to handle the event raised before a feature is deactivated. //public override void FeatureDeactivating(SPFeatureReceiverProperties properties) //{ //} // Uncomment the method below to handle the event raised after a feature has been installed. //public override void FeatureInstalled(SPFeatureReceiverProperties properties) //{ //} // Uncomment the method below to handle the event raised before a feature is uninstalled. //public override void FeatureUninstalling(SPFeatureReceiverProperties properties) //{ //} // Uncomment the method below to handle the event raised when a feature is upgrading. //public override void FeatureUpgrading(SPFeatureReceiverProperties properties, string upgradeActionName, System.Collections.Generic.IDictionary<string, string> parameters) //{ //} const string Administrators = "EricSun Content Administrators"; const string Approvers = "EricSun Content Approvers"; public override void FeatureActivated(SPFeatureReceiverProperties properties) { string groupDescription = "EricSun Content"; try { using (SPWeb web = properties.Feature.Parent as SPWeb) { CreateSubSiteGroup(web, Administrators, GetAdministratorPermission(), groupDescription + " Administrators Group", Administrators, "Can view, add, update, delete, and customize list items and documents."); CreateSubSiteGroup(web, Approvers, GetApproverPermission(), groupDescription + " Approvers Group", Approvers, "Can view, and approve list items and documents."); } } catch (SPException ex) { } } // Uncomment the method below to handle the event raised before a feature is deactivated. public override void FeatureDeactivating(SPFeatureReceiverProperties properties) { try { using (SPWeb web = properties.Feature.Parent as SPWeb) { DeleteSubSiteGroup(web, Administrators); DeleteSubSiteGroup(web, Approvers); } } catch (SPException ex) { } } /// <SUMMARY> /// Create group /// </SUMMARY> private void CreateSubSiteGroup(SPWeb web, string groupName, SPBasePermissions PermissionLevel, string groupDescription, string roleName, string description) { try { SPUserCollection users = web.AllUsers; SPUser owner = web.SiteAdministrators[0]; SPMember member = web.SiteAdministrators[0]; SPGroupCollection groups = web.SiteGroups; if (!groups.Cast<SPGroup>().Any(g => g.Name.Equals(groupName, StringComparison.Ordinal))) { //add new group if not found groups.Add(groupName, member, owner, groupDescription); } SPGroup newSPGroup = groups[groupName]; SPRoleDefinition role = new SPRoleDefinition(); role.Name = roleName; role.Description = description; role.BasePermissions = PermissionLevel; if (!web.RoleDefinitions.Cast<SPRoleDefinition>().Any(r => r.Name.Equals(roleName, StringComparison.Ordinal))) { //add role definition if not found web.RoleDefinitions.Add(role); } role = web.RoleDefinitions[roleName]; SPRoleAssignment roleAssignment = new SPRoleAssignment(newSPGroup); roleAssignment.RoleDefinitionBindings.Add(role); web.RoleAssignments.Add(roleAssignment); web.Update(); } catch (SPException ex) { } } /// <SUMMARY> /// Delete group for subsite /// </SUMMARY> private void DeleteSubSiteGroup(SPWeb web, string groupName) { try { SPGroupCollection groups = web.SiteGroups; groups.Remove(groupName); web.Update(); } catch (SPException ex) { } } /// <summary> /// /// </summary> /// <returns></returns> private SPBasePermissions GetAdministratorPermission() { return SPBasePermissions.EditListItems | SPBasePermissions.ViewListItems | SPBasePermissions.DeleteListItems | SPBasePermissions.AddListItems | SPBasePermissions.OpenItems; } private SPBasePermissions GetApproverPermission() { return SPBasePermissions.ApproveItems; } } }
。。。