I am creating the users programatically and trying to assign the site role programatically. I need to assign the "Site Administration" role for a user. So I tried as follows,
Role role = RoleLocalServiceUtil.getRole(companyId, "Site Administrator");
System.out.println("Role Id is !! " + role.getRoleId());
UserLocalServiceUtil.addRoleUser(role.getRoleId(), newUser.getUserId());
UserLocalServiceUtil.updateUser(newUser);
From the above code, The "Site Administration" role is assigned as a "Regular Role". I need the "Site Administration" role is assigned as a "Site Role".
Any suggestion how can I assign the role as a Site Role?
You have to use UserGroupRoleLocalServiceUtil.java's API method as below.
public static void addUserGroupRoles(long userId, long groupId,
long[] roleIds)
Related
I am creating the user programatically by calling the UserLocalServiceUtil.addUser(....) and able to assign the site for the created user by calling UserLocalServiceUtil.addRoleUser(userSiteId, userId) It is working fine. I am able to assign the site membership for the user. But how can I assign the Site Administration permission for creates user. (So for I am able to assign user as site member but I need to assign user as a site administrator)
Any suggestions please..
Use UserGroupRoleLocalServiceUtil to assign "Site Administration" role under the Site roles.
Role role = RoleLocalServiceUtil.getRole(companyId, "Site Administrator");
long[] SiteroleIds = {role.getRoleId()};
UserGroupRoleLocalServiceUtil.addUserGroupRoles(userId, siteId, SiteroleIds);
You can use RoleLocalServiceUtil to get object of any role.
Role role = RoleLocalServiceUtil.getRole(roleId);
UserLocalServiceUtil.addRoleUser(role.getRoleId(), user.getUserId());
UserLocalServiceUtil.updateUser(user);
I'm using the SPSecurity.RunWithElevatedPrivileges.... allow to "impersonate" the super user "sharepoint\system" account.
Is the "sharepoint\system" account is an alias of the app pool identity of the current web application?
So if my app pool identity is a custom user (with email and other information), how can i retrieve its information? (the information i'm trying to get is the email address...the custom app pool user email has a value, the "sharepoint\system" account email has no value!!!)
I also tried to retrieve the appPool identity by using the WindowsIdentity.Impersonate(IntPtr.Zero) method but...nothing!
So any ideas????
Points to note:
The code that runs in the SPSecurity.RunWithElevatedPrivileges delegate method runs under the SharePoint\System account
SharePoint\System account has super user privileges. However it is recognized within the SharePoint run time environment but not by the windows security system, i.e. it doesn't represent the account under which the AppPool is running
When tried to access the resources outside the SP Environment such as Server File system/ DB then only the AppPool Identity comes into picture
If you want to access the e-mail address of the user account under which the AppPool is running, you may try...
SPSecurity.RunWithElevatedPrivileges(delegate {
using (SPSite siteCollection = new SPSite("Url"))
{
using (SPWeb site = siteCollection.OpenWeb())
{
Console.WriteLine(string.Format("Current Logged in User is {0}. And Email Id: {1} ", site.CurrentUser.LoginName ,site.CurrentUser.Email));
appPoolAccount = siteCollection.WebApplication.ApplicationPool.Username;
SPUser appPoolUser = site.Users[appPoolAccount] as SPUser;
Console.WriteLine(string.Format("AppPool User is {0}. And Email Id: {1} ", appPoolUser.LoginName, appPoolUser.Email));
Console.ReadKey();
}
}
});
The output will look like...
So If you really want to get the EmailId of the AppPool account, pick the user explicitly and access the Email property of the SPUser object as I did above..
In Liferay when a site page is added, it is assigned VIEW permission automatically for Owner role, Guest role and Site Member role.
Is it possible to assign VIEW permissions dynamically to custom role when page is created instead of manually assigning VIEW permission from Manage-permission tab of the site-page?
One of the possible way is Using LayoutListener via hook
For this you need to create hook (portal properties) and override following property:
value.object.listener.com.liferay.portal.model.Layout
See the following example:
value.object.listener.com.liferay.portal.model.Layout=com.smb.mypermissions.hook.listeners.LayoutListener
Here LayoutListener is the custom class created under package com.smb.mypermissions.hook.listeners to override default LayoutListener.
Signature for this class: public class LayoutListener extends BaseModelListener<Layout>
Now override the method
public void onAfterCreate(Layout model)throws ModelListenerException
to assign permission to the role, use following one liner:
ResourcePermissionLocalServiceUtil.setResourcePermissions(
companyId, Layout.class.getName(),
ResourceConstants.SCOPE_INDIVIDUAL,
String.valueOf(primKey), role.getRoleId(),
new String[] {
ActionKeys.VIEW
});
where role can be obtained from RoleLocalServiceUtil and primkey is the page unique id i.e plid
long primKey = model.getPlid();
long companyId = model.getGroup().getCompanyId();
Role role = RoleLocalServiceUtil.fetchRole(companyId, "<Your Role name here>");
I have a scenario in my custom visual web part where I need to check for logged in User is a member of sharepoint group(sharepoint groups or users are stored in a sharepoint list). Actually if logged in users exists in the list, he will be given Edit access in my custom web part.
Since I have created a group name "SharePoint_Owners" with group settings as 'Who can View Membership of this group' to 'Group Members', Site is throwing error as 'Access denied' as logged in user doesn't have permission to view. I get error when my code executes this,
SPGroup oGroup = oWebsite.SiteGroups[strgroup];///strgroup is a group name
foreach (SPUser oUser in oGroup.Users) { }
Site throws this error when I try to open page which consists my webpart.
Can any one suggest me how do i proceed? is there a way to resolve this programmatically without actually giving View permission to "Everyone" for each group??
I thought RunWithElevatedPrivileges does my work but have no luck!
please help
Try this:
SPSecurity.RunWithElevatedPrivileges(delegate()
{
string siteURL = SPContext.Current.Site.Url;
using (SPSite safeSite = new SPSite(siteURL))
{
using (SPWeb safeWeb = safeSite.OpenWeb())
{
SPGroup group = safeWeb.Groups["SharePoint_Owners"];
bool isMember = safeWeb.IsCurrentUserMemberOfGroup(group.ID);
}
}
});
I am using the SharePoint Object Model to create new sites programmatically (with a custom web part). It works fine but I am wondering if it is possible to grant permission for groups as well?
When I create the site I have set it to not inherit permission
newWeb = SPContext.GetContext(HttpContext.Current).Web.Webs.Add(siteUrl, siteName, siteDescription, (uint)1033, siteTemplate, true, false);
In the GUI I can then go to Site Actions (on the newly created site) -> Grant Permission -> search for groups in the parent site and then grant permission for this group. So, in the parent site myGroup can have Full Access permissions but in this site I can set it to Contribution or whatever. Is it possible to do this when I create the site or just after (programmatically)?
Thanks in advance.
You must assign a role definition to your group.
Here's a code snippet I wrote to assign a group one of the predefined sharepoint role definitions.
public bool AssignExistingGroupToWeb(SPWeb siteWeb, string GroupName, SPRoleDefinition roleDefinition)
{
//retrieve a group
SPGroup siteGroup = siteWeb.SiteGroups.FindGroupByName(GroupName);
//create a role assignment for the group using the specified SPRoleDefinition
//examples of roles as "Full Control", "Design", etc...
SPRoleAssignment roleAssignment = new SPRoleAssignment(siteGroup);
roleAssignment.RoleDefinitionBindings.Add(roleDefinition);
siteWeb.RoleAssignments.Add(roleAssignment);
siteWeb.Update();
}
You can retrieve a SPRoleDefinition by accessing the RoleDefinitions collection, like so...
siteWeb.RoleDefinitions["Contribute"]