Nous allons voir dans cet article comment créer manuellement des groupes SharePoint
et attribuer des droits à ceux-ci.
Nous partirons depuis un événement de type feature activated dans lequel on
souhaite ajouter des groupes SharePoint avec des permissions à une liste.
Enfin, en annexe la définition des rôles SharePoint (avec leur identifiant)
disponibles afin de pouvoir facilement les retrouver en cas de besoins
{
SPSecurity.RunWithElevatedPrivileges(delegate() {
//Definition des roles
et attribuer des droits à ceux-ci.
Nous partirons depuis un événement de type feature activated dans lequel on
souhaite ajouter des groupes SharePoint avec des permissions à une liste.
Enfin, en annexe la définition des rôles SharePoint (avec leur identifiant)
disponibles afin de pouvoir facilement les retrouver en cas de besoins
public override void
FeatureActivated(SPFeatureReceiverProperties
properties)
FeatureActivated(SPFeatureReceiverProperties
properties)
{
SPWeb web = (SPWeb)properties.Feature.Parent;
try{
SPSecurity.RunWithElevatedPrivileges(delegate() {
//Ajout des groupes de sécurité
//Definition des roles
SPRoleDefinition GroupeRoleDefinition_Read = web.RoleDefinitions["Read"];
//Nom des groupes
string AdminLegalTeamGroupName = "TEST GROUPE";
//Ajout des groupes
web.SiteGroups.Add(AdminLegalTeamGroupName, web.AssociatedOwnerGroup, null, AdminLegalTeamGroupName);
//Récupération des groupes
SPGroup AdminLegalTeamGroup = web.SiteGroups[AdminLegalTeamGroupName];
//Association des groupes avec le spweb
web.AssociatedGroups.Add(AdminLegalTeamGroup);
//Assignation des rôles
SPRoleAssignment Group2RoleAssigment_AdminLegalTeam = new SPRoleAssignment(AdminLegalTeamGroup);
Group2RoleAssigment_AdminLegalTeam.RoleDefinitionBindings.Add(GroupeRoleDefinition_Read);
//Assignation au spweb
web.RoleAssignments.Add(Group2RoleAssigment_AdminLegalTeam);
//Mise à jour
web.Update();
//Ajout des sous répertoires avec les droits adaptés
SPList docLib = web.Lists["My library"];
foreach (SPFolder fold in docLib.RootFolder.SubFolders) {
if (fold.Name == "My root folder")
{
newFolder = fold.SubFolders.Add("My sub Folder ...");
newFolder.Item.BreakRoleInheritance(false);
newFolder.Item.RoleAssignments.Add(Group2RoleAssigment_AdminLegalTeam);
newFolder.Item.BreakRoleInheritance(false);
newFolder.Item.RoleAssignments.Add(Group2RoleAssigment_AdminLegalTeam);
newFolder.Item.Update();
}
}
//Mise à jour
web.Update();
}}}
Enfin le
code xml des rôles disponibles
code xml des rôles disponibles
<Roles>
<Role ID="1073741829" Name="Full
Control" Description="Has full control." Order="1"
Hidden="False" Type="Administrator" BasePermissions="FullMask"
/>
Control" Description="Has full control." Order="1"
Hidden="False" Type="Administrator" BasePermissions="FullMask"
/>
<Role ID="1073741828"
Name="Design" Description="Can view, add, update, delete,
approve, and customize." Order="2" Hidden="False"
Type="WebDesigner" BasePermissions="ViewListItems, AddListItems,
EditListItems, DeleteListItems, ApproveItems, OpenItems, ViewVersions,
DeleteVersions, CancelCheckout, ManagePersonalViews, ManageLists,
ViewFormPages, Open, ViewPages, AddAndCustomizePages, ApplyThemeAndBorder,
ApplyStyleSheets, CreateSSCSite, BrowseDirectories, BrowseUserInfo, AddDelPrivateWebParts,
UpdatePersonalWebParts, UseClientIntegration, UseRemoteAPIs, CreateAlerts,
EditMyUserInfo" />
Name="Design" Description="Can view, add, update, delete,
approve, and customize." Order="2" Hidden="False"
Type="WebDesigner" BasePermissions="ViewListItems, AddListItems,
EditListItems, DeleteListItems, ApproveItems, OpenItems, ViewVersions,
DeleteVersions, CancelCheckout, ManagePersonalViews, ManageLists,
ViewFormPages, Open, ViewPages, AddAndCustomizePages, ApplyThemeAndBorder,
ApplyStyleSheets, CreateSSCSite, BrowseDirectories, BrowseUserInfo, AddDelPrivateWebParts,
UpdatePersonalWebParts, UseClientIntegration, UseRemoteAPIs, CreateAlerts,
EditMyUserInfo" />
<Role ID="1073741925" Name="Manage
Hierarchy" Description="Can create sites and edit pages, list items,
and documents." Order="3" Hidden="False" Type="None"
BasePermissions="ViewListItems, AddListItems, EditListItems,
DeleteListItems, OpenItems, ViewVersions, DeleteVersions, CancelCheckout,
ManagePersonalViews, ManageLists, ViewFormPages, Open, ViewPages,
AddAndCustomizePages, ViewUsageData, CreateSSCSite, ManageSubwebs,
ManagePermissions, BrowseDirectories, BrowseUserInfo, AddDelPrivateWebParts,
UpdatePersonalWebParts, ManageWeb, UseClientIntegration, UseRemoteAPIs,
ManageAlerts, CreateAlerts, EditMyUserInfo, EnumeratePermissions" />
Hierarchy" Description="Can create sites and edit pages, list items,
and documents." Order="3" Hidden="False" Type="None"
BasePermissions="ViewListItems, AddListItems, EditListItems,
DeleteListItems, OpenItems, ViewVersions, DeleteVersions, CancelCheckout,
ManagePersonalViews, ManageLists, ViewFormPages, Open, ViewPages,
AddAndCustomizePages, ViewUsageData, CreateSSCSite, ManageSubwebs,
ManagePermissions, BrowseDirectories, BrowseUserInfo, AddDelPrivateWebParts,
UpdatePersonalWebParts, ManageWeb, UseClientIntegration, UseRemoteAPIs,
ManageAlerts, CreateAlerts, EditMyUserInfo, EnumeratePermissions" />
<Role ID="1073741924"
Name="Approve" Description="Can edit and approve pages, list
items, and documents." Order="4" Hidden="False"
Type="None" BasePermissions="ViewListItems, AddListItems,
EditListItems, DeleteListItems, ApproveItems, OpenItems, ViewVersions,
DeleteVersions, CancelCheckout, ManagePersonalViews, ViewFormPages, Open,
ViewPages, CreateSSCSite, BrowseDirectories, BrowseUserInfo,
AddDelPrivateWebParts, UpdatePersonalWebParts, UseClientIntegration,
UseRemoteAPIs, CreateAlerts, EditMyUserInfo" />
Name="Approve" Description="Can edit and approve pages, list
items, and documents." Order="4" Hidden="False"
Type="None" BasePermissions="ViewListItems, AddListItems,
EditListItems, DeleteListItems, ApproveItems, OpenItems, ViewVersions,
DeleteVersions, CancelCheckout, ManagePersonalViews, ViewFormPages, Open,
ViewPages, CreateSSCSite, BrowseDirectories, BrowseUserInfo,
AddDelPrivateWebParts, UpdatePersonalWebParts, UseClientIntegration,
UseRemoteAPIs, CreateAlerts, EditMyUserInfo" />
<Role ID="1073741827"
Name="Contribute" Description="Can view, add, update, and
delete." Order="5" Hidden="False"
Type="Contributor" BasePermissions="ViewListItems, AddListItems,
EditListItems, DeleteListItems, OpenItems, ViewVersions, DeleteVersions,
ManagePersonalViews, ViewFormPages, Open, ViewPages, CreateSSCSite,
BrowseDirectories, BrowseUserInfo, AddDelPrivateWebParts,
UpdatePersonalWebParts, UseClientIntegration, UseRemoteAPIs, CreateAlerts,
EditMyUserInfo" />
Name="Contribute" Description="Can view, add, update, and
delete." Order="5" Hidden="False"
Type="Contributor" BasePermissions="ViewListItems, AddListItems,
EditListItems, DeleteListItems, OpenItems, ViewVersions, DeleteVersions,
ManagePersonalViews, ViewFormPages, Open, ViewPages, CreateSSCSite,
BrowseDirectories, BrowseUserInfo, AddDelPrivateWebParts,
UpdatePersonalWebParts, UseClientIntegration, UseRemoteAPIs, CreateAlerts,
EditMyUserInfo" />
<Role ID="1073741826"
Name="Read" Description="Can view only."
Order="6" Hidden="False" Type="Reader"
BasePermissions="ViewListItems, OpenItems, ViewVersions, ViewFormPages,
Open, ViewPages, CreateSSCSite, BrowseUserInfo, UseClientIntegration,
UseRemoteAPIs, CreateAlerts" />
Name="Read" Description="Can view only."
Order="6" Hidden="False" Type="Reader"
BasePermissions="ViewListItems, OpenItems, ViewVersions, ViewFormPages,
Open, ViewPages, CreateSSCSite, BrowseUserInfo, UseClientIntegration,
UseRemoteAPIs, CreateAlerts" />
<Role ID="1073741926" Name="Restricted
Read" Description="Can view pages and documents, but cannot view
historical versions or review user rights information."
Order="7" Hidden="False" Type="None"
BasePermissions="ViewListItems, OpenItems, Open, ViewPages" />
Read" Description="Can view pages and documents, but cannot view
historical versions or review user rights information."
Order="7" Hidden="False" Type="None"
BasePermissions="ViewListItems, OpenItems, Open, ViewPages" />
<Role ID="1073741825" Name="Limited
Access" Description="Can view specific lists, document libraries,
list items, folders, or documents when given permissions."
Order="8" Hidden="True" Type="Guest"
BasePermissions="Open, BrowseUserInfo, UseClientIntegration" />
Access" Description="Can view specific lists, document libraries,
list items, folders, or documents when given permissions."
Order="8" Hidden="True" Type="Guest"
BasePermissions="Open, BrowseUserInfo, UseClientIntegration" />
<Role ID="1073741927" Name="View
Only" Description="Members of this group can view pages, list items,
and documents. If the document has a server-side file handler available, they
can only view the document using the server-side file handler." Order="2147483647"
Hidden="False" Type="None"
BasePermissions="ViewListItems, ViewVersions, ViewFormPages, Open,
ViewPages, CreateSSCSite, BrowseUserInfo, UseClientIntegration, UseRemoteAPIs,
CreateAlerts" />
Only" Description="Members of this group can view pages, list items,
and documents. If the document has a server-side file handler available, they
can only view the document using the server-side file handler." Order="2147483647"
Hidden="False" Type="None"
BasePermissions="ViewListItems, ViewVersions, ViewFormPages, Open,
ViewPages, CreateSSCSite, BrowseUserInfo, UseClientIntegration, UseRemoteAPIs,
CreateAlerts" />
</Roles>
Source :
Aucun commentaire:
Enregistrer un commentaire