Class SharePointPermission

Class SerializableCollection > SerializableCollection

Methods:

/// <summary>
/// Convert the Permission from RoleDefinitionBindings to SerializableCollection
/// </summary>
/// <param name="obj">SPWeb / SPListItem / SPList</param>
/// <returns>SerializableCollection</returns>

public static SerializableCollection ConvertPermissions(this SPSecurableObject obj)

 

/// <summary>
/// Alternative method of ResetRoleInheritance
/// </summary>
/// <param name="obj">SPListItem / SPList</param>

public static void UnLock(this SPSecurableObject obj)

 

/// <summary>
/// Replicate the permission from SPSecurableObject to other SPSecurableObject
/// </summary>
/// <param name="obj">SPWeb / SPList / SPListItem</param>
/// <param name="oldAssignment">SerializableCollection</param>

public static void UnLock(this SPSecurableObject obj, PSPermission oldAssignment, bool limitedaccess = true)

/// <summary>
/// Remove All User / Group Permission from provided role definition.
/// </summary>
/// <param name="item">The permission need to remove from</param>
/// <param name="role">the permission need to remove</param>
/// <param name="user">the permission assigned to user</param>
/// <param name="suppressException">suppress exception when no permission provided found.</param>

public static void removePermissionFromAll(this SPSecurableObject obj, SPRoleDefinition role, bool limitedAccess)

Overloading methods:

  • public static void removePermissionFromAll(this SPSecurableObject obj, SPRoleDefinition[] role, bool limitedAccess)

 

/// <summary>
/// Remove Permission from provided role definition.
/// </summary>
/// <param name="item">The permission need to remove from</param>
/// <param name="role">the permission need to remove</param>
/// <param name="user">the permission assigned to user</param>
/// <param name="suppressException">suppress exception when no permission provided found.</param>

public static void removePermissionFrom(this SPSecurableObject obj, SPRoleDefinition role, SPPrincipal principal, bool limitedAccess)

Overloading methods:

  • public static void removePermissionFrom(this SPSecurableObject obj, SPRoleDefinition[] role, SPPrincipal[] principal, bool limitedAccess)
  • public static void removePermissionFrom(this SPSecurableObject obj, SPRoleDefinition[] role, SPPrincipal principal, bool limitedAccess)
  • public static void removePermissionFrom(this SPSecurableObject obj, SPRoleDefinition[] role, SPPrincipal[] principal, bool limitedAccess)

 

/// <summary>
/// Grant particular user / group as certain right
/// </summary>
/// <param name="obj">SPWeb / SPList / SPListItem </param>
/// <param name="roles">SPRoleDefinition object of your desired rights, it can be multiple roles</param>
/// <param name="principal">SPUser / SPGroup</param>
/// <param name="suppressException">throw exception back to you or not</param>
/// <returns>SerializableCollection before the permission changes applied</returns>

public static PSPermission LockAs(this SPSecurableObject obj, SPRoleDefinition[] roles, SPPrincipal principal, bool suppressException = true)

Overloading methods:

  • public static SerializableCollection LockAs(this SPSecurableObject obj, SPRoleDefinition role, SPPrincipal principal, bool suppressException = true)
  • public static SerializableCollection LockAs(this SPSecurableObject obj, SPRoleDefinition[] roles)
  • public static SerializableCollection LockAs(this SPSecurableObject obj, SPRoleDefinition role )

 

/// <summary>
/// Clear all permission in the SPSecurableObject, reamin Limited Access permission or not.
/// </summary>
/// <param name="obj">SPWeb / SPList / SPListItem</param>
/// <param name="limitedaccess">remain Limited Access Permission or not</param>

public static void clearPermission(this SPSecurableObject obj, bool limitedaccess = true)

 

Example (Cmdlets):

# Add Reference to cmdlet
[Reflection.Assembly]::LoadWithPartialName("PSEdition") | Out-Null

# Getting configuration under SharePoint Management Shell
$w=get-spweb "http://yoursitecollection"
$e=$w.Lists["Events"]
$read=$w.RoleDefinitions["Read"]
$cont=$w.RoleDefinitions"Contribute"

$dr=$w.Groups["Document Reader"]
$m=$w.SiteGroups["Manager Group"]

# Event Permission Trimming
Write-Host "`n---Event Permission Trimming`n"
[PSEdition.SharePointPermission]::clearPermission($e)
[PSEdition.SharePointPermission]::LockAs($e,$read, $dr,$false)
[PSEdition.SharePointPermission]::LockAs($e,$cont, $m,$false)

# The clonedPermission collection is manageable and is serialized
$clonedPermission = [PSEdition.SharePointPermission]::ConvertPermissions(SPWeb / SPList / SPListItem)
$clonedPermission.Add(SPUser / SPGroup, SPRoleDefinition);
$clonedPermission.Remove(string user)
$clonedPermission.Remove(string user, string role)
[PSEdition.SharePointPermission]::Unlock($clonedPermission)

Example (C#):

SPList t; // Some list get from SPWeb, it can be SPWeb / SPList / SPListItem that inherited from SPSecurableObject 
SPRoleDefinition role; // Some role get from SPWeb
t.LockAs(role) // All existing SPUser / SPGroup in the SPSecurableObject change to certain right 
t.clearPermission(); // clear all permissions in the SPSecurableObject 
t.LockAs(role, SPUser / SPGroup) // Grant particular user / group as certain right

// Example: Manipulating SPList permission
SerializableCollection custom = t.ConvertPermission(); // Convert SP object to a editable permission objects.
custom.Add(SPPrincpials user, SPRoleDefiniton role);
custom.Remove("string of the user / group");

t.UnLock(custom, true / false); // Remain limited access to the SPSecurableObject or not, true is yes, false is no, default is yes)

Last edited Oct 6, 2016 at 8:49 AM by z9ekaMen1, version 7