通过查找字段项的权限继承列表项权限 [英] Inheriting list item permissions via permissions on lookup field item

问题描述

假设您在 Sharepoint 中有两个列表，我们称它们为房屋"和区域".

Say you have two lists in Sharepoint, let's call them "house" and "region".

通过查找字段将每个房屋分配到一个区域.

Each house is assigned to a region via a lookup field.

列表项权限是针对区域设置的.

List item permissions are set on regions.

现在我希望用户只能看到属于他们具有读取权限的区域的房屋.我认为它应该相对简单，我认为没有简单的方法可以做到这一点.我是不是在看什么东西.

Now I want the users only to only see the houses which belong to the regions they have read access to. I reckon it should be relatively simple I see no easy way of doing this. Am I over looking something.

推荐答案

如果您想要在添加新房子时自动执行流程，那么使用 EventReceivers 有一个足够简单的方法.如果您没有使用 EventReceivers 的经验，请查看这篇文章对于基础知识.您需要创建具有几乎相同内容的 ItemAdded 和 ItemUpdated 事件 - 一个用于第一次建造房屋时，一个用于房屋的区域是否曾经改变过.首先，如果房子没有唯一的分配，它必须打破角色继承.现在，如果区域在更新中没有改变，则无需继续.否则，您需要清除当前权限集，然后通过查找列表和项目 ID 来检索查找值中的区域.为至少具有读取权限的任何人遍历该区域中的权限，并将这些用户添加到房屋中.完成后，更新，现在唯一能看到那个房子的人是那些可以阅读那个特定区域的人.以下是事件接收器中代码外观的一般要点.

If you want an automated process that occurs when a new house is added, then there's a simple enough method for this using EventReceivers. If you don't have experience with EventReceivers, check out this article for the basics. You'll need to create ItemAdded and ItemUpdated events with pretty much identical contents - one for when the house is first made, and one for if the region for a house is ever changed. First, the house must break role inheritence if it doesn't already have unique assignments. Now, if the region hasn't changed in an update, there is no need to proceed. Otherwise, you need clear the current permission set, then retrieve the region in the lookup value by looking up the list and then the item ID. Iterate across the permissions in the region for anyone who has at least Read permissions, and add those users to the house. When it's done, update, and now the only people who will see that house are those who can read that particular region. Below is a general gist of what the code might look like in your event receiver.

using (SPSite site = new SPSite(properties.WebUrl))
{ 
    using (SPWeb web = site.OpenWeb())
    {
        SPListItem houseItem = properties.ListItem;
        SPList regionList = web.Lists["Region"];
        if (houseItem.HasUniqueRoleAssignments)
        {
            houseItem.BreakRoleInheritance(false); //Clears all
        }

        //After confirming that the region has changed and is not empty/null...
        SPFieldLookupValue regionLookup = houseItem["RegionLookup"] as SPFieldLookupValue;
        SPListItem regionItem = regionList.GetItemById(regionLookup.LookupId);
        SPRoleDefinition readAccess = web.RoleDefinitions["Read"];
        foreach (SPRoleAssignment userRole in regionItem.RoleAssignments)
        {
            //READ CHECK
            if (userRole.RoleDefinitionBindings.Contains(readAccess))
            {
                houseItem.RoleAssignments.Add(userRole);
            }
        }
        this.DisableEventFiring();
        houseItem.SystemUpdate(false);
        this.EnableEventFiring();
    }
}

请注意，对于标记为 //READ CHECK 的点，此代码片段所做的只是检查读取"角色定义是否已分配给该区域的该用户.如果您想专门检查ViewItem"权限，则必须遍历该 RoleAssignment 中的所有 RoleDefinitionBindings 并检查 BasePermissions 以查看它是否包含ViewItem".

Note that for the point marked //READ CHECK, all this code snippet does is check if the "Read" role definition is assigned to that user for the region. If you want to check for the "ViewItem" permission specifically, you would have to iterate across all RoleDefinitionBindings in that RoleAssignment and check the BasePermissions to see if it contains "ViewItem".

这篇关于通过查找字段项的权限继承列表项权限的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！