RSS Feed Partner Program
English flagChinese (Simplified) flagGerman flagFrench flagSpanish flagRussian flagHindi flagPolish flagHebrew flagIndonesian flag                                
By N2H
About      |       Articles      |      Services      |      Software      |      Contact

Progressive Security Designs Using Integrated Microsoft Technology

Industrial SharePoint Architecture With A Focus On Security And Governance

Secure SharePoint Code Design And Corporate Code Security Reviews

Pioneering SharePoint / Microsoft Security Articles And Research

Articles & Research

Latest Free SharePoint Software

ARB Security Solutions regularly releases free SharePoint software, including WebParts, Client Applications, Framework Extensions, and other Miscellaneous Components.
The most recent freeware is:

Title: Simple SharePoint Rollup WebPart
Date Published: 10/22/2009
Previous Two Free WebPart Releases:

SecureCenter For SharePoint

By SharePoint security integrators, for SharePoint security integrators.

SharePoint Security Assurance Program™

For externally facing SharePoint deployments, security is an acutely important deployment concern. Learn how through daily security scanning, you can ensure external business users and partners that they can collaborate in confidence!

Security Assurance WebPart:



Start Audit Process With The SharePoint Security Assurance Program™

Free Online SharePoint Security Tools

SharePoint Security Helper Class

In order to circumvent recoding SharePoint security operations several times over, you might find the below class effective.

Some things to note. There are a lot of literal calls in the code, and it’s on purpose. For instance, instead of passing a specific SPWeb object as a parameter, a string value to represent the URL is instead used to hydrate the primary SPWeb.

This code can easily be adjusted, you could create a global SPWeb object (which would aid in trimming the method), you could switch the entire class so that it was tailored towards context, etc. Keeping it in this manner just keeps better medium independence since it makes it easier for client development.

PLAIN TEXT
C#:
  1. #region Imports
  2. using System.Collections.Generic;
  3. using Microsoft.SharePoint;
  4. #endregion
  5. namespace Example
  6. {
  7. public class SharePointSecurityHelpers
  8. {
  9. #region Helper Methods
  10. public static SPWeb ReturnSPWeb(string url)
  11. {
  12. using (var site = new SPSite(url))
  13. {
  14. using (SPWeb web = site.OpenWeb())
  15. {
  16. return web;
  17. }
  18. }
  19. }
  20. public static SPList GetList(string url, string list)
  21. {
  22. try
  23. {
  24. return ReturnSPWeb(url).Lists[list];
  25. }
  26. catch
  27. {
  28. // Exception Handling Goes Here
  29. return null;
  30. }
  31. }
  32. #endregion
  33. #region Groups And Roles
  34. public static void AddSharePointGroup(string url, string groupName, string groupDescription, string roleName)
  35. {
  36. SPWeb web = ReturnSPWeb(url);
  37.  
  38. web.SiteGroups.Add(groupName, web.AssociatedOwnerGroup, null, groupDescription);
  39. web.AssociatedGroups.Add(web.SiteGroups[groupName]);
  40. web.Update();
  41. SPRoleAssignment assignment = new SPRoleAssignment(web.SiteGroups[groupName]);
  42. SPRoleDefinition roleApp = web.RoleDefinitions[roleName];
  43.  
  44. assignment.RoleDefinitionBindings.Add(roleApp);
  45. }
  46.  
  47. public static List GetAllSharePointGroups(SPWeb web)
  48. {
  49. var tempCollection = new List();
  50. foreach (SPGroup group in web.SiteGroups)
  51. {
  52. tempCollection.Add(group);
  53. }
  54. return tempCollection;
  55. }
  56. public static List GetAllRoleDefinitions(SPWeb web)
  57. {
  58. var tempCollection = new List();
  59. foreach (SPRoleDefinition definition in web.RoleDefinitions)
  60. {
  61. tempCollection.Add(definition);
  62. }
  63. return tempCollection;
  64. }
  65. #endregion
  66. #region Anonymous Methods
  67. public static void SetAnonPermissionsOnSite(string url)
  68. {
  69. SPWeb web = ReturnSPWeb(url);
  70.  
  71. bool ura = web.HasUniqueRoleAssignments;
  72. if (!ura)
  73. {
  74. web.BreakRoleInheritance(true);
  75. }
  76. web.AnonymousPermMask64 = SPBasePermissions.FullMask;
  77. web.BreakRoleInheritance(ura);
  78. }
  79.  
  80. public static void SetAnonPermissionsOnList(string url, string listName)
  81. {
  82. SPList list = GetList(url, listName);
  83. bool ura = list.HasUniqueRoleAssignments;
  84. if (!ura)
  85. {
  86. list.BreakRoleInheritance(true);
  87. }
  88. list.AnonymousPermMask64 = SPBasePermissions.ViewListItems;
  89. list.BreakRoleInheritance(ura);
  90. }
  91. #endregion
  92. #region Inheritance Methods
  93. public static void BreakListInheritance(string url, string listName)
  94. {
  95. SPList list = GetList(url, listName);
  96. list.BreakRoleInheritance(true);
  97. list.Update();
  98. }
  99.  
  100. public static void ResetListInheritance(string url, string listName)
  101. {
  102. SPList list = GetList(url, listName);
  103. list.ResetRoleInheritance();
  104. list.Update();
  105. }
  106.  
  107. public static void BreakSiteInheritance(string url)
  108. {
  109. SPWeb web = ReturnSPWeb(url);
  110. web.BreakRoleInheritance(true);
  111. web.Update();
  112. }
  113.  
  114. public static void ResetSiteInheritance(string url)
  115. {
  116. SPWeb web = ReturnSPWeb(url);
  117. web.ResetRoleInheritance();
  118. web.Update();
  119. }
  120.  
  121. public static string CheckIfUniqueAssign(ISecurableObject testableObject)
  122. {
  123. if (testableObject.HasUniqueRoleAssignments)
  124. {
  125. return "This Object Is Unique From Parent!";
  126. }
  127. return "This Object Inherits Permission From Parent!";
  128. }
  129. #endregion
  130. #region User Methods
  131. public static void AddUserToSharePointGroup(string url, string userName, string groupName)
  132. {
  133. SPWeb web = ReturnSPWeb(url);
  134. SPUser user = web.EnsureUser(userName);
  135. SPGroup group = web.SiteGroups[groupName];
  136. group.AddUser(user.LoginName, user.Email, user.Name, user.Notes);
  137. group.Update();
  138. }
  139.  
  140. public static void AddUserToSharePoint(string url, string userName, string role)
  141. {
  142. SPWeb web = ReturnSPWeb(url)
  143. web.AllowUnsafeUpdates = true;
  144. SPUser user = web.EnsureUser(userName);
  145. SPRoleDefinitionCollection roleDef = web.RoleDefinitions;
  146. SPRoleAssignmentCollection roleAssignments = web.RoleAssignments;
  147. var roleAssignment = new SPRoleAssignment(user);
  148. SPRoleDefinitionBindingCollection roleDefBindings = roleAssignment.RoleDefinitionBindings;
  149. roleDefBindings.Add(roleDef[role]);
  150. roleAssignments.Add(roleAssignment);
  151. web.AllowUnsafeUpdates = false;
  152. }
  153. #endregion
  154. }
  155. }

Just throw your namespace at the top, and you should be ready to go!

  • Share/Bookmark

Article Or Research Filed Under SharePoint Development| SharePoint Security.

5 Comments »

  1. Great job, Adam! Wouldn’t it be even more helpful to turn these methods into Extension Methods? We could use them in a more intuitive way.

    Comment by Waldek Mastykarz — September 24, 2008 @ 7:33 am

  2. There’s a big problem with this code, you are returning a disposed SPWeb instance from the helper method ReturnSPWeb(string url).

    Then you are disposing it again :
    using (SPWeb web = ReturnSPWeb(url))

    If you return a SPWeb from a metod it’s the caller who owns it and has to dispose of it.

    IMHO a nicer approach is to use delegates:

    WithWeb( string url, Action action )
    {
    using( SPSite site = new SPSite(url))
    {
    using( SPWeb web = site.OpenWeb() )
    {
    action(web);
    }
    }
    }

    Usage:

    public static void ResetSiteInheritance(string url)
    {
    WithWeb(url, delegate( SPWeb web )
    {
    web.ResetRoleInheritance();
    web.Update();
    });
    }

    Thanks
    /Jonas

    Comment by Jonas — September 24, 2008 @ 7:56 am

  3. Whoops, didn’t see that other using statement slipped in there. It’s been repaired. Thanks Jonas!

    I am considering using both the extension method as well as the delegate approach, both would probably be nicer!

    Comment by Adam Buenz — September 24, 2008 @ 8:00 am

  4. Adam,

    I see that you have removed the second dispose. You should keep that one and remove the dispose in the helper (ReturnSPWeb).

    I know that most of the time you get away with working on a disposed SPWeb without getting any exceptions but it’s not correct. Once you dispose of an object it can’t be used safely anymore. I don’t know why MS doesn’t throw ObjectDisposedExceptions when doing this???

    Modified code:

    public static SPWeb ReturnSPWeb(string url)
    {
    using (var site = new SPSite(url))
    {
    return site.OpenWeb();
    }
    }

    This requires some redundant housekeeping code and that’s why I think the delegate approach is a bit nicer.

    Thanks
    /Jonas

    Comment by Jonas — September 26, 2008 @ 12:33 pm

  5. checkout http://spcore.codeplex.com ( Security class ) .. let me know if you want to contribute to the project..

    thanks
    sandeep

    Comment by Sandeep — September 28, 2009 @ 7:46 pm

RSS feed for comments on this post. TrackBack URL

Leave a comment


  
w3c complaint W3C Compliant | Legal Notices | Privacy | Contact
© 2009 ARB Security Solutions, LLC. | Providing SharePoint Security Integration Since 2003 | Minneapolis, MN
ARB Security Solutions is not affiliated with or endorsed by Microsoft Corporation. SharePoint is a trademark of Microsoft Corporation.
Site Maintained By Adam Buenz - Microsoft MVP - SharePoint