Search This Blog

Wednesday, November 30, 2011

Create and Assign Custom Permission Levels programmatically in SharePoint

Sometimes, we come across a business requirement, where in:
-     We need to create SharePoint sites on the fly (maybe using a site definition), which have their own unique permission and groups.
-     We might need to create a custom permission level for the contributors for this site, say which does not have the delete rights but all other Contributor rights as is.
-     Then we need to assign this custom permission level to Contributor group and remove the default ‘Contribute’ permission level from the site.

        /// *************************************************************************
        /// <summary>
        /// Creating & Assigning custom permission
        /// level to Contributor group of root site
        /// </summary>
        /// <param name="spWeb">SpWeb object</param>
        /// <param name="myGroup">Group on which the custom permission
        /// has to be applied</param>
        /// ************************************************************************
        private void CreateAssignCustomPermissionLevel(SPWeb spWeb, SPGroup myGroup)
        {          
            spWeb.AllowUnsafeUpdates = true;
            //Get the role definition collection for this SPWeb
            SPRoleDefinitionCollection sprdcoll = spWeb.RoleDefinitions;
           
            //Define the new custom RoleDefinition
            SPRoleDefinition roleDefinition = new SPRoleDefinition();
            roleDefinition.Name = "MyCustomRoleDefinition";
           
            //And then start giving all permisions that you want to give.
            roleDefinition.BasePermissions =
            SPBasePermissions.AddListItems
            | SPBasePermissions.EditListItems
            //| SPBasePermissions.DeleteListItems //Delete permission removed from this definition.
            | SPBasePermissions.ViewListItems
            | SPBasePermissions.OpenItems
            | SPBasePermissions.ViewVersions
            | SPBasePermissions.DeleteVersions
            | SPBasePermissions.CreateAlerts
            | SPBasePermissions.ViewFormPages
            | SPBasePermissions.BrowseDirectories
            | SPBasePermissions.ViewPages
            | SPBasePermissions.BrowseUserInfo
            | SPBasePermissions.UseRemoteAPIs
            | SPBasePermissions.UseClientIntegration
            | SPBasePermissions.Open
            | SPBasePermissions.EditMyUserInfo; 

            //Add role definition to spweb
            if (!spWeb.RoleDefinitions.Xml.ToString().Contains("MyCustomRoleDefinition"))
            {
                spWeb.RoleDefinitions.Add(roleDefinition);
                spWeb.Update();
            }          

            //Assign custom role definition to the contributor group
            SPRoleAssignment assignment = new SPRoleAssignment(myGroup);
            //Add custom role definition to the SPRoleAssignment
            assignment.RoleDefinitionBindings.Add(roleDefinition);
            //Add the custom RoleAssignment to the SPWeb.
            spWeb.RoleAssignments.Add(assignment);          

            //Once we have the custom permission level assigned to contributors group,
            //we need to remove the default 'Contribute' permission level from this web
            spWeb.RoleDefinitions.Delete("Contribute");
            spWeb.Update();
            spWeb.AllowUnsafeUpdates = false;
        }

This method can be placed in feature receiver, where this feature is activated when the site is created on the fly.

No comments:

Post a Comment