SharePoint 2010: programmatically add delete modify item permissions

programmatically add delete modify item permissions

07 October 2010 5:18 PM Posted by Mano Mangaldas

How to programmatically add delete modify item permissions in SharePoint

Note: SPPrincipal can be either an SPUser or SPGroup Object

Breaking Inheritance

//specifies whether the item has unique security 
//or inherits its role assignments from a parent object.
item.HasUniqueRoleAssignments

//Stops inheriting permissions from parent object
// if true, it will keep all existing users
// false, to remove all users
item.BreakRoleInheritance(true);

//Removes the local role assignments 
//and reverts to role assignments from the parent object.
item.ResetRoleInheritance();

Adding Permissions to an item

//SPGroup group = web.Groups[0];
//SPUser user = web.Users[0];
//SPUser user2 = web.EnsureUser("mangaldas.mano");
//SPUser user3 = web.EnsureUser("Domain Users"); ;
//SPPrincipal[] principals = { group, user, user2, user3 };
public static void SetPermissions(this SPListItem item, IEnumerable principals, SPRoleType roleType)
{
 if (item != null)
 {

  foreach (SPPrincipal principal in principals)
  {
   SPRoleDefinition roleDefinition = item.Web.RoleDefinitions.GetByType(roleType);
   SetPermissions(item, principal, roleDefinition);
  }
 }
}


public static void SetPermissions(this SPListItem item, SPUser user, SPRoleType roleType)
{
 if (item != null)
 {
  SPRoleDefinition roleDefinition = item.Web.RoleDefinitions.GetByType(roleType);
  SetPermissions(item, (SPPrincipal)user, roleDefinition);
 }
}

public static void SetPermissions(this SPListItem item, SPPrincipal principal, SPRoleType roleType)
{
 if (item != null)
 {
  SPRoleDefinition roleDefinition = item.Web.RoleDefinitions.GetByType(roleType);
  SetPermissions(item, principal, roleDefinition);
 }
}

public static void SetPermissions(this SPListItem item, SPUser user, SPRoleDefinition roleDefinition)
{
 if (item != null)
 {
  SetPermissions(item, (SPPrincipal)user, roleDefinition);
 }
}

public static void SetPermissions(this SPListItem item, SPPrincipal principal, SPRoleDefinition roleDefinition)
{
 if (item != null)
 {
  SPRoleAssignment roleAssignment = new SPRoleAssignment(principal);

  roleAssignment.RoleDefinitionBindings.Add(roleDefinition);
  item.RoleAssignments.Add(roleAssignment);
 }
}

Deleting all user Permissions from an item

public static void RemovePermissions(this SPListItem item, SPUser user)
{
 if (item != null)
 {
  RemovePermissions(item, user as SPPrincipal);
 }
}

public static void RemovePermissions(this SPListItem item, SPPrincipal principal)
{
 if (item != null)
 {
  item.RoleAssignments.Remove(principal);
  item.SystemUpdate();
 }
}

Removing specific roles from an item

public static void RemovePermissionsSpecificRole(this SPListItem item, SPPrincipal principal, SPRoleDefinition roleDefinition)
{
 if (item != null)
 {
  SPRoleAssignment roleAssignment = item.RoleAssignments.GetAssignmentByPrincipal(principal);
  if (roleAssignment != null)
  {
   if (roleAssignment.RoleDefinitionBindings.Contains(roleDefinition))
   {
    roleAssignment.RoleDefinitionBindings.Remove(roleDefinition);
    roleAssignment.Update();
   }
  }
 }
}

public static void RemovePermissionsSpecificRole(this SPListItem item, SPPrincipal principal, SPRoleType roleType)
{
 if (item != null)
 {
  SPRoleDefinition roleDefinition = item.Web.RoleDefinitions.GetByType(roleType);
  RemovePermissionsSpecificRole(item, principal, roleDefinition);
 }
}

Updating or Modifying Permissions on an item

public static void ChangePermissions(this SPListItem item, SPPrincipal principal, SPRoleType roleType)
{
 if (item != null)
 {
  SPRoleDefinition roleDefinition = item.Web.RoleDefinitions.GetByType(roleType);
  ChangePermissions(item, principal, roleDefinition);
 }
}

public static void ChangePermissions(this SPListItem item, SPPrincipal principal, SPRoleDefinition roleDefinition)
{
 SPRoleAssignment roleAssignment = item.RoleAssignments.GetAssignmentByPrincipal(principal);
 if (roleAssignment != null)
 {
  roleAssignment.RoleDefinitionBindings.RemoveAll();
  roleAssignment.RoleDefinitionBindings.Add(roleDefinition);
  roleAssignment.Update();
 }
}

Links to this post

Comments (10)

Anonymous said on February 22, 2011 12:31 AM
	respect

Jeanne said on May 5, 2011 6:52 AM
	How does this work with versioning, checkin/out and approval turned on? Any changes? Thanks

Anonymous said on June 23, 2011 3:41 AM
	Many thanks to you, man!

Anonymous said on June 29, 2011 2:42 AM
	Very helpful to me. Thanx a lot

Anonymous said on July 29, 2011 9:10 AM
	Thanks, man!

Anonymous said on October 21, 2011 5:46 AM
	Isn't it kind of dangerous to have those methods static doing operations like this? What if two (or more) users hit a method at the same time?

Alexandre said on October 24, 2011 3:20 PM
	hello, i'm not a developer but i want to add a permission on folder for a user, can you explain to me how can i do that ? thanks

Mano Mangaldas said on November 27, 2011 7:01 AM
	@Alexandre, folder is also an item. You can use folder.Item to get the item where you can use the above to set permissions.

Anonymous said on January 29, 2012 5:58 AM
	excellent, Thanks

JaiTeK JaiTeK said on February 16, 2012 8:14 AM
	It is what I was looking for, thanks!

programmatically add delete modify item permissions

07 October 2010 5:18 PM Posted by Mano Mangaldas

How to programmatically add delete modify item permissions in SharePoint

Breaking Inheritance

Adding Permissions to an item

Deleting all user Permissions from an item

Removing specific roles from an item

Updating or Modifying Permissions on an item

Comments (10)

Post a Comment

Labels

Blog Archive