I have written a piece of code to create a custom security group in a SharePoint app. the code runs on feature activation at Site level and is as follows:
public override void FeatureActivated(SPFeatureReceiverProperties properties)
{
SPSite site = (SPSite)properties.Feature.Parent;
using (SPWeb web = site.OpenWeb())
{
if (!GroupExists(web.SiteGroups, "Test Column Administrators"))
{
web.SiteGroups.Add("Test Administrators", web.AssociatedOwnerGroup, null, "Contains users and groups who can administer Test Column articles.");
web.AssociatedGroups.Add(web.SiteGroups["Tets Column Administrators"]);
web.Update();
}
}
}
The code does create that group and adds it to the SharePoint site however when I go to Site Actions->Site Permissions (_layouts/user.aspx page), that group is missing. But when I manually go to the groups.aspx page (_layouts/groups.aspx) it is there.
How can I get my code to create that group in such a way that it appears in the user/aspx page as well?
Thanks in advance
That is completely OK. The Groups page displays the list of groups that actually exist in the Site. And the page Users.aspx displays what Permissions the principals have within this Site. Your code is OK but you have to add more code that grants permissions to your group if it needs permissions. When your group has permissions within the site it will appear on the Users.aspx page. See a sample how to add permissions to and item, same is for Site level and web level.
Related
I have a scenario in my custom visual web part where I need to check for logged in User is a member of sharepoint group(sharepoint groups or users are stored in a sharepoint list). Actually if logged in users exists in the list, he will be given Edit access in my custom web part.
Since I have created a group name "SharePoint_Owners" with group settings as 'Who can View Membership of this group' to 'Group Members', Site is throwing error as 'Access denied' as logged in user doesn't have permission to view. I get error when my code executes this,
SPGroup oGroup = oWebsite.SiteGroups[strgroup];///strgroup is a group name
foreach (SPUser oUser in oGroup.Users) { }
Site throws this error when I try to open page which consists my webpart.
Can any one suggest me how do i proceed? is there a way to resolve this programmatically without actually giving View permission to "Everyone" for each group??
I thought RunWithElevatedPrivileges does my work but have no luck!
please help
Try this:
SPSecurity.RunWithElevatedPrivileges(delegate()
{
string siteURL = SPContext.Current.Site.Url;
using (SPSite safeSite = new SPSite(siteURL))
{
using (SPWeb safeWeb = safeSite.OpenWeb())
{
SPGroup group = safeWeb.Groups["SharePoint_Owners"];
bool isMember = safeWeb.IsCurrentUserMemberOfGroup(group.ID);
}
}
});
I want to list all site collections under my web application; the purpose is to list all mysites created by users.
Like that:
/members/sites/sqladmin
/members/sites/sqluser
/members/sites/sqluser1
/members/sites/sqluser2
/members/sites/user1
For the purpose of accessing all site collections within a given web application there's, quite naturally, the SPWebApplication.Sites property. To get access to a particular web application you can use a code like this:
SPWebApplication webApp = SPWebApplication.Lookup(new Uri("http://my-web-app-url:80/"));
(see MSDN here as well).
Use SPWebApplication.Sites property for that.
On the Central Administration home page, click Application Management.
On the Application Management page, in the Site Collections section, click View all site collections.
The Site Collection List page lists all the site collections in the Web application.
Use below code to programmatically get the all site collections of the web application.
url parametter = web application url.
public DataTable GetAllSiteCollections(string url)
{
DataTable dt = new DataTable();
dt.Columns.Add("URL");
dt.Columns.Add("Name");
SPSecurity.RunWithElevatedPrivileges(delegate()
{
SPWebApplication webApplication = SPWebApplication.Lookup(new Uri(url));
foreach (SPSite site in webApplication.Sites)
{
dt.Rows.Add(new object[] { site.Url, site.Url });
}
});
return dt;
}
I am using the SharePoint Object Model to create new sites programmatically (with a custom web part). It works fine but I am wondering if it is possible to grant permission for groups as well?
When I create the site I have set it to not inherit permission
newWeb = SPContext.GetContext(HttpContext.Current).Web.Webs.Add(siteUrl, siteName, siteDescription, (uint)1033, siteTemplate, true, false);
In the GUI I can then go to Site Actions (on the newly created site) -> Grant Permission -> search for groups in the parent site and then grant permission for this group. So, in the parent site myGroup can have Full Access permissions but in this site I can set it to Contribution or whatever. Is it possible to do this when I create the site or just after (programmatically)?
Thanks in advance.
You must assign a role definition to your group.
Here's a code snippet I wrote to assign a group one of the predefined sharepoint role definitions.
public bool AssignExistingGroupToWeb(SPWeb siteWeb, string GroupName, SPRoleDefinition roleDefinition)
{
//retrieve a group
SPGroup siteGroup = siteWeb.SiteGroups.FindGroupByName(GroupName);
//create a role assignment for the group using the specified SPRoleDefinition
//examples of roles as "Full Control", "Design", etc...
SPRoleAssignment roleAssignment = new SPRoleAssignment(siteGroup);
roleAssignment.RoleDefinitionBindings.Add(roleDefinition);
siteWeb.RoleAssignments.Add(roleAssignment);
siteWeb.Update();
}
You can retrieve a SPRoleDefinition by accessing the RoleDefinitions collection, like so...
siteWeb.RoleDefinitions["Contribute"]
I've got a sharepoint site and a custom aspx portal, both under Windows Authentication.
With the same machine, it happens that my sharepoint site returning me my current login, while my custom aspx returning me my domain admin account instead.
Is there anyway that I could ensure both logins are the same? Otherwise, is there anyway to consume SPUserProfileService from a custom aspx portal?
Mainly, I need to have the custom aspx portal to get sharepoint logon id. Nevertheless, i could still trigger AccessDenied.aspx in sharepoint to prompt for logins.
When you say "Custom ASPX Portal", is it still hosted on the SharePoint Site?
In that case, how do you get the user? You can use SPContext.Current.Web.CurrentUser to get the user.
It seems that you are connecting from your custom aspx to SharePoint using your Domain Admin Account.
Could you please describe more about your custom aspx portal and the way you are reading the username?
However, you can check my article (Even though it is for FBA users, you may find the code snippet useful):
Possible ways to get logged in User Name & Handling Changes in FBA Users' Names if Membership Provider Name Changed
public string GetFlatUserName()
{
//First, be sure that the user is not anonymous user:
if (SPContext.Current == null || SPContext.Current.Web.CurrentUser == null)
return "Anonymous";
//Second, parse it:
else
{
string flatUserName = this.Page.User.Identity.Name;
if (flatUserName.Contains("\\"))
{
flatUserName = flatUserName.Substring(flatUserName.IndexOf("\\") + 1);
}
else if (flatUserName.Contains("|"))
{
flatUserName = flatUserName.Substring(flatUserName.IndexOf("|") + 1);
}
return flatUserName;
}
}
I have a custom form that lists the site groups and the users in each group.
the form has twi drop down lists: one to display the site's group and the other to display the users in that group.
when I log to the form with the administrator user it works fine.
But if I log in with a user with manage hierarchy permission level, it omly displays the info of the domain groups and if I try to access a sharepoint group I get an access denied error.
I use run with elevated permissions in my code
I really don't know what to do in this
thanks.
Two common mistakes when using RunWithElevatedPrivileges is:
Using the SPContext.Current.Web (or Site etc) won't change the identity of the web object, it is already in memory.
Declaring the SPWeb outside the delegate, with similar results of mistake 1
That said, try something like:
Guid siteId = SPContext.Current.Site.Id;
SPSecurity.RunWithElevatedPrivileges(() =>
using (SPSite elevatedSite = new SPSite(siteId))
using (SPWeb elevatedWeb = elevatedSite.RootWeb)
{
//impl
});