Access is denied Exception when updating List items using SPUserToken - sharepoint

I try to do some actions on Sharepoint 2010 list using an unlowed user( having only read right) and i got Access denied exception.
Is it possible to do it whithout changing the user rights.
please find below my code:
public void StartWorkFlow(int itemID, int wfTemplateID, String entityName, String userShortname)
{
SPSecurity.RunWithElevatedPrivileges(delegate()
{
SPUser spUser;
using (site = new SPSite(siteUrl))
{
using (web = site.RootWeb)
{
spUser = web.EnsureUser(userShortname);
}
}
using (site = new SPSite(siteUrl, spUser.UserToken))
{
using (web = site.AllWebs["WPrs"])
{
list = web.Lists["Workflow Template"];
SPListItem item = list.Items.GetItemById(wfTemplateID);
SPList processList = web.Lists["List Process " + item["Template_x0020_Name"]];
SPListItem newInstance = processList.Items.Add();
newInstance["Template_x0020_Name"] = item["Template_x0020_Name"];
newInstance["Template_x0020_Description"] = item["Template_x0020_Description"];
newInstance["Date_x0020_De_x0020_Publication"] = item["Date_x0020_De_x0020_Publication"];
newInstance["Item_x0020_Id"] = itemID;
newInstance["Item_x0020_Extradata"] = entityName.ToLower() + "||Parameter||" + "";
newInstance["CTName"] = Utility.GetInstance().GetSuperItemNameBySubItemName(entityName);
web.AllowUnsafeUpdates = true;
newInstance.Update();
web.AllowUnsafeUpdates = false;
}
}
});
}
Thank you in advance.

To be able to use site.AllWebs the user must have Full Control to the site. Instead of using AllWebs try to get the sub sites using the following code -
SPWebCollection subwebs = CurrentSite.OpenWeb().GetSubwebsForCurrentUser();
http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.spweb.getsubwebsforcurrentuser%28v=office.12%29.aspx
http://social.msdn.microsoft.com/Forums/sharepoint/en-US/e7ff284f-fe4b-42fb-8b21-a475e331a18c/access-denied-for-user-with-contribute-rights?forum=sharepointdevelopmentlegacy
Also you would not be able to update a listitem with read only rights.

If the only requirement is to set up the Created By/Modified By field - you should be able to overwrite default value by using SystemUpdate instead of Update. But still you need to run this RunWithElevatedPrivileges mode instead of UserToken
Although I'm not sure what will happen if have any other dependent actions after this update (event receivers or workflows) i'm not sure what context it will use (i.e. if SharePoint internally will use current SPWeb.CurrentUser object.

Related

Multi-Select fields on a Sharepoint list using OWSSVR.dll

I am in the process of creating a massive SSIS project to move the data from a series of Sharepoint Lists to a new Dynamics CRM Implementation (On-line). The SSIS package uses an OData Source to pull the data from the lists.
There are two columns on my list that do not show up on the OData call. These two columns have Multi-Select or Multi-Lookup values. REST services do not support multi-select choice fields. (Found on another thread: The methods you are attempting only work with choice columns that are NOT multi-select. Unfortunately, multi-select choice columns are not supported by the REST interface. Same holds true for SharePoint 2013 apparently.)
Therefore, I need to try to access the data in these columns on the SharePoint List using the OWSSVR.dll. The list I am having issues with gives me a "This page can’t be displayed" or a "This site can’t be reached" depending on the browser I use.
I verified the List ID by grabbing It from the list settings. Since it didn't work, I went to another SharePoint List I already migrated to verify the URL format. The other list works and brings back the data in XML format.
I am wondering if the OWSSVR.dll has the same restriction on Multi-select values. Any ideas or suggestions?
Psuedo URLS (restricted access site):
Works: http://dummy.sharepointSite.Com/cases/_vti_bin/owssvr.dll?Cmd=Display&List={b703d405-48c8-4211-9137-e1b50bdb0330}&XMLDATA=TRUE
Broken: http://dummy.sharepointSite.Com/cases/_vti_bin/owssvr.dll?Cmd=Display&List={8e148584-b5be-48f5-9343-85d23a7731cc}&XMLDATA=TRUE
I figured out a way to do this without using OWSSVR. I have to set up the User Context to the SharePoint site then retrieve the list of items.
Methods:
public static ClientContext SetupSPContext(string documentLibrarySiteURL,
string userName, string password, string domain = "")
{
ClientContext clientContext = new ClientContext(documentLibrarySiteURL);
SecureString pwString = new SecureString();
foreach (char c in password.ToCharArray()) { pwString.AppendChar(c); }
if (!String.IsNullOrWhiteSpace(domain))
clientContext.Credentials = new NetworkCredential(userName, pwString, domain);
else
clientContext.Credentials = new SharePointOnlineCredentials(userName, pwString);
Web web = clientContext.Web;
clientContext.Load(web);
clientContext.ExecuteQuery();
return clientContext;
}
public static ListItemCollection GetListItems(ClientContext context, string listName)
{
ListCollection listCollection = context.Web.Lists;
List targetList = context.Web.Lists.GetByTitle(listName);
CamlQuery query = new CamlQuery();
query.ViewXml = "<Query><OrderBy><FieldRef Name='fieldName' /></OrderBy></Query>";
ListItemCollection collListItem = targetList.GetItems(query);
context.Load(collListItem);
context.ExecuteQuery();
if (collListItem.Count == 0)
{
return null;
}
else
{
return collListItem;
}
}
Code in SSIS Script Component:
//In the PreExecute method:
// Variables were defined for the class and not in the preExecute Method
ClientContext spContext = SetupSPContext(Variables.spLocation, Variables.spUserName,
Variables.spPassword, Variables.spDomain);
ListItemCollection listItems = GetListItems(spContext, "List Name");
//Inside the Individual loop inside SSIS (Input0_ProcessInputRow):
ListItem listItem = GetListItem(listItems, fieldValue);
//Multiple Lookup Code
var values = (FieldLookupValue[])listItem["fieldName"];
var finalValue = "FieldName values: ";
if (values.Length > 0)
{
foreach (var value in values)
{
finalValue = value.LookupValue + "; ";
}
}
//Multiple Select
if (listItem["fieldName2"] != null)
{
var valuesTwo = (string[])listItem["fieldName2"];
string combinedValues = "fieldName2 Values: ";
foreach (var value in valuesTwo)
{
combinedValues += value + "; ";
}
}

Update Modified field in Office 365

Is there any way to update the Modified field in Office 365? I have checked both CSOM and Batch update methods. But it's failed. Could anybody help me to update this field.
Before attempting to set Modified, Created, Editor, and Author fields for a list item you need to disable a couple of properties on the List, specifically EnableVersioning and for good measure ForceCheckout.
SharePoint Online prerequisite is the SharePointOnline CSOM:
.NET client API reference for SharePoint Online
Nuget - Microsoft.SharePointOnline.CSOM
using (var context = new ClientContext(webUrl))
{
context.Credentials = new SharePointOnlineCredentials(userName,password);
var list = context.Web.Lists.GetByTitle(listTitle);
var item = list.GetItemById(itemID);
var user = context.Web.EnsureUser(accountName);
context.Load(user);
context.Load(list);
context.Load(item);
context.ExecuteQuery();
// If the properties are enabled on the list then disable them
bool updateList = list.ForceCheckout || list.EnableVersioning;
if (list.ForceCheckout) list.ForceCheckout = false;
if (list.EnableVersioning) list.EnableVersioning = false;
if (updateList)
{
list.Update();
context.ExecuteQuery();
}
// Now set the fields that are normally locked
item["Modified"] = DateTime.Now;
item["Created"] = DateTime.Now.AddDays(-3);
item["Author"] = user.Id;
item["Editor"] = user.Id;
item.Update();
context.ExecuteQuery();
}
SharePoint CSOM API does not support system update (SystemUpdate method counterpart from SSOM API) but you could manipulate system fields like Modified By and Modified fields directly as demonstrated below.
Prerequisites: SharePoint Server 2013 Client Components SDK
using (var ctx = GetContext(webUri, userName, password))
{
//get List Item
var list = ctx.Web.Lists.GetByTitle(listTitle);
var item = list.GetItemById(itemId);
//Retrieve User
var user = ctx.Web.EnsureUser(accountName);
ctx.Load(user);
ctx.ExecuteQuery();
//Update system fields
item["Modified"] = DateTime.Now.AddMonths(-6);
item["Created"] = DateTime.Now.AddYears(-1);
item["Editor"] = user.Id;
item["Author"] = user.Id;
item.Update();
ctx.ExecuteQuery();
}
where
public static ClientContext GetContext(Uri webUri, string userName, string password)
{
var securePassword = new SecureString();
foreach (var ch in password) securePassword.AppendChar(ch);
return new ClientContext(webUri) { Credentials = new SharePointOnlineCredentials(userName, securePassword) };
}
SharePoint CSOM API now support system update using UpdateOverwriteVersion method. This way you can modify Modified, Created, Author and Editor properties without changing the item Version. For example:
$file = Get-PnPFile -Url $FileUrl -AsListItem
##update file properties
$item["Modified"] = $FileModifiedDate
$item["Created"] = $FileCreatedDate
$item["Author"] = $FileCreatedByDest.ID
$item["Editor"] = $FileModifiedByDest.ID
$fileTest2.UpdateOverwriteVersion()
Invoke-PnPQuery
That should do the trick.

Replacement for DoesUserHavePermissions for List object in SP2013

I'm working on an app that reuses some code from a previous solution.
The idea is to show a user all of the lists of a certain type in all the webs in a site collection so that the user can aggregate some data.
static public List<SPListMeta> AllSiteAnnouncementsLists(ClientContext clientContext)
{
var returnList = new List<SPListMeta>();
var per = new BasePermissions();
per.Set(PermissionKind.Open);
if (clientContext.Site.RootWeb.DoesUserHavePermissions(per).Value)
{
var rootWebLists = clientContext.Site.RootWeb.Lists;
returnList.AddRange(from List oList in rootWebLists
where oList.DoesUserHavePermissions(SPBasePermissions.ViewListItems) &&
where oList.BaseTemplate == (int)ListTemplateType.Announcements
select new SPListMeta(oList));
var collWebs =
clientContext.Site.OpenWebById(clientContext.Site.RootWeb.Id).GetSubwebsForCurrentUser(null);
foreach(Web oWeb in collWebs)
{
}
}
return returnList;
}
The critical line that does not work and does not seem to have a replacement is
oList.DoesUserHavePermissions(SPBasePermissions.ViewListItems)
as this has been removed from the CSOM List object
What's the new way to do this?
The new way to check for permissions is:
List.EffectiveBasePermissions.Has(PermissionKind.Open)

Access denied error while creating SPAlert programatically

We are using sharepoint 2007
We have created custom page for programatically creating alert.
The issue which we are facing is, If logged in user is Site Collection Administrators then only email is getting triggered.
The users other than Site Collection Administrators who has Full control or contribute access to the site they are getting Access Denied error.
We tried using SPSecurity.RunWithElevatedPrivileges but in that case also Access Denied error is getting.
For below code we are not getting Access Denied error but in this case email is not getting triggered,
SPSecurity.RunWithElevatedPrivileges(delegate()
{
Guid siteId = SPContext.Current.Site.ID;
Guid webId = SPContext.Current.Web.ID;
using (SPSite oSite = new SPSite(siteId))
{
using (SPWeb oWeb = oSite.OpenWeb(webId))
{
oWeb.AllowUnsafeUpdates = true;
SPUser oUser = oWeb.CurrentUser;
SPUser user = oWeb.EnsureUser(oUser.ToString());
SPList oList = oWeb.Lists[strLibraryName];
SPAlert oAlert = user.Alerts.Add();
oAlert.Filter ="<Eq><FieldRef Name="+strCol+"><Value type='Text'>" + strColValue + "</Value></Eq>";
oAlert.Title = "test alert";
oAlert.AlertType = SPAlertType.List;
oAlert.EventType = SPEventType.All;
oAlert.List = oList;
oAlert.AlertFrequency = SPAlertFrequency.Immediate;
oAlert.AlwaysNotify = true;
oAlert.Update(true);
}
}
});
Please let me know what is solution for this or how we can add/remove user to Site Collection Administrators programatically at run time
Move the declaration and assignment up above the using statements. I think an alert was being created successfully, but it was for the wrong account and therefore you didn't receive an email. If all this is inside an event receiver, you can use this line to get the actual user:
SPUser user = oWeb.Users.GetByID(properties.CurrentUserId);
The problem was with EnsureUser() method hence removing it and posting the working code below..
SPSecurity.RunWithElevatedPrivileges(delegate()
{
Guid siteId = SPContext.Current.Site.ID;
Guid webId = SPContext.Current.Web.ID;
using (SPSite oSite = new SPSite(siteId))
{
using (SPWeb oWeb = oSite.OpenWeb(webId))
{
oWeb.AllowUnsafeUpdates = true;
SPUser oUser = oWeb.CurrentUser;
SPList oList = oWeb.Lists[strLibraryName];
SPAlert oAlert = oUser.Alerts.Add();
oAlert.Filter ="<Eq><FieldRef Name="+strCol+"><Value type='Text'>" + strColValue + "</Value></Eq>";
oAlert.Title = "test alert";
oAlert.AlertType = SPAlertType.List;
oAlert.EventType = SPEventType.All;
oAlert.List = oList;
oAlert.AlertFrequency = SPAlertFrequency.Immediate;
oAlert.AlwaysNotify = true;
oAlert.Update(true);
}
}
});

Change permission level for groups programmatically in SharePoint 2010?

I want to loop through all the sites in a site collection and change the permission for a certain site.
My code is:
SPSite oSiteCollection = SPContext.Current.Site;
SPWebCollection collWebsite = oSiteCollection.AllWebs;
foreach (SPWeb web in collWebsite)
{
web.AllowUnsafeUpdates = true;
if (web.Name == "SiteName")
{
web.BreakRoleInheritance(true);
string[] groups = new string[2] { "Group1", "Group2" };
foreach (string item in groups)
{
SPGroup removeGroup = web.SiteGroups[item];
web.RoleAssignments.Remove(removeGroup);
SPGroup addGroup = web.SiteGroups[item];
SPRoleDefinition roleDefinition = web.RoleDefinitions["Read"];
SPRoleAssignment roleAssignment = new SPRoleAssignment(addGroup);
roleAssignment.RoleDefinitionBindings.Add(roleDefinition);
web.RoleAssignments.Add(roleAssignment);
}
}
}
but it gives me an error
Error changing permissions, details: There are uncommitted changes on the SPWeb object, call SPWeb.Update() to commit the changes before calling this method.
The code works just fine if I want to do the same but for lists instead
SPListCollection collList = web.Lists;
foreach (SPList oList in collList)
{
//and so on
I have tried to put web.Update() in various places but without success. Any ideas?
Thanks in advance.
Edit:
I commented out most of the stuff and only left
if (web.Name == "SiteName")
{
web.BreakRoleInheritance(true);
web.Update();
}
but it still throws the same error.
I would try to do an SPWeb.Update and then
using(var newWeb = site.OpenWeb(web.ID))
{
web.BreakRoleInheritance(true);
web.Update();
}
Also, don't forget to do a SPWeb.Dispose on all the AllWebs opened in the foreach-loop.
If you are using this code in a Feature, then make sure that you use a Web level feature. Don't loop through AllWebs in a Site level feature.
Change the feature scope to Web and try the below code
using (SPWeb oWeb = SPContext.Current.Web)
{
web.AllowUnsafeUpdates = true;
web.BreakRoleInheritance(true);
string[] groups = new string[2] { "Group1", "Group2" };
foreach (string item in groups)
{
SPGroup removeGroup = web.SiteGroups[item];
web.RoleAssignments.Remove(removeGroup);
SPGroup addGroup = web.SiteGroups[item];
SPRoleDefinition roleDefinition = web.RoleDefinitions["Read"];
SPRoleAssignment roleAssignment = new SPRoleAssignment(addGroup);
roleAssignment.RoleDefinitionBindings.Add(roleDefinition);
web.RoleAssignments.Add(roleAssignment);
}
web.AllowUnsafeUpdates = false;
}
Activate this feature in the required website to apply the permissions.
I'm not sure what the problem is.
But it could happen that the DLL is not being updated. It happened to me several times.
Try to delete the DLL from x:/windows/assembly and then redeploy the solution to see if there is any change on the behaviour.
Also try to commit the changes before this (I'm sure you already tried it out)
Regards,
Pedro

Resources