SPBasePermissions Usage With (Programmatic) and Without Code - SharePoint Development & Administration + InfoPath

Tuesday, October 18, 2011

SPBasePermissions Usage With (Programmatic) and Without Code

In this post, I list some of the properties and methods that return a SPBasePermissions enum, and some methods that take SPBasePermissions as a parameter when checking if a user has certain rights on an object in SharePoint.  Later in the post I also explain how the permission masks with SPBasePermissions can be used to customise (show / hide ) content and custom UI actions / links without using code.

Programmatic uses of SPBasePermissions to check for or set permissions on various objects in SharePoint


The following are some of the more common components in SharePoint that can be used to get or set permissions, or check if certain permissions are effective for a user on the object.

Get or set the Base Permissions for a Role Definition in a Web
SPWeb.RoleDefinitions.BasePermissions

Get the current or specified user’s effective SPBasePermissions on an object (SPWeb, SPList, SPListItem, etc.) Username passed as String to GetUserEffectivePermissions():
SPSite
SPSite.EffectiveBasePermissions
SPSite.GetEffectiveRightsForAcl(SPReusableAcl)

SPWeb
SPWeb.EffectiveBasePermissions
SPWeb.GetUserEffectivePermissions(String)

SPList
SPList.EffectiveBasePermissions
SPList.EffectiveFolderPermissions
SPList.GetUserEffectivePermissions(String)

SPFolder
SPFolder.EffectiveRawPermissions

SPFile
SPFile.EffectiveRawPermissions

SPListItem
SPListItem.EffectiveBasePermissions
SPListItem.GetUserEffectivePermissions(String)


Check if the current or specified user has the specified permissions and throws UnauthorizedAccessException if not:
SPSite.CheckForPermissions(SPReusableAcl, SPBasePermissions)
SPWeb.CheckPermissions(SPBasePermissions)
SPList.CheckPermissions(SPBasePermissions)
SPListItem.CheckPermissions(SPBasePermissions)

Returns true/false indicating if the user has the specified permission(s)
SPSite
SPSite.DoesUserHavePermissions(SPReusableAcl, SPBasePermissions)
SPSite.DoesUserHavePermissions(SPReusableAcl, SPBasePermissions, SPWeb)

SPWeb
SPWeb.DoesUserHavePermissions(SPBasePermissions)
SPWeb.DoesUserHavePermissions(String, SPBasePermissions)

SPList
SPList.DoesUserHavePermissions(SPBasePermissions)
SPList.DoesUserHavePermissions(SPUser, SPBasePermissions)

SPListItem
SPListItem.DoesUserHavePermissions(SPBasePermissions)
SPListItem.DoesUserHavePermissions(SPUser, SPBasePermissions)

Layout Page Base - Permissions required to access a LayoutPageBase
LayoutsPageBase.RightsRequired
LayoutsPageBase.DefaultLayoutsRights

Trimmed Content on a Page (Get or set permissions)
SPSecurityTrimmedControl.Permissions

Base permissions associated with a SPPermission object
SPPermission.BasePermissions

Get base permissions required to use a ConsoleAction object or ConsoleNode
ConsoleAction.UserRights
ConsoleNode.UserRights

Get permissions required to see the developer dashboard
SPDeveloperDashboardSettings.RequiredPermissions

Get or set the permissions for a web application
SPWebApplication.RightsMask
SPSite.ApplicationRightsMask

Permissions required to access a Mobile Page
SPMobilePage.RightsRequired

Toolbar Menu Button
ToolBarMenuButton.CallbackVisibilityPermission

Others:
SPSecurableObject.GetUserEffectivePermissions(String UserName)
SPRibbon.Permissions
MenuItemTemplate.Permissions
SPUserCustomAction.Rights


Show / Hide content in SharePoint based on the built-in permissions in SharePoint without code.


The SPBasePermissions Enum contains a number of built-in permissions that can be used in a number of ways, including showing or hiding content for a user based on their access level to a site, list or item, restricting custom links and actions added to the UI, securing application pages and much more.  When creating a .aspx page or Master Page in SharePoint SPSecurityTrimmedControl class has a PermissionsString parameter that accepts a comma separated list of SPBasePermissions which a user must have for the child content or controls to be displayed to the user.

SharePoint: Show or Hide Content based on Permissions provides an example usage of the SPSecurityTrimmedControl class with various permissions from the SPBasePermissions enum to include content on a Master Page that is visible to users with full access to a site, or a user with access to manage lists on the site.  The example includes a “View All Site Content: link as content near the top of the page, which is visible only to users with the matching permissions.  References to the relevant documentation

For additional examples for a number of specific scenarios, the article Permission Based Content in SharePoint (With Examples) provides configuration of the SPSecurityTrimmedControl class and various SPBasePermissions to achieve each.  Some of the examples include displaying content or controls only to users with full access to a site, showing content for users with access to manage permissions on a site and displaying content to uses with add, edit and modify permissions on list items in a list.  The article also demonstrates usage of the SPSecurityTrimmedControl class and the AuthenticationRestrictions attribute to show or hide content to users who are authenticated or anonymous.

SPBasePermissions are also used when adding custom links and actions to the User Interface in SharePoint such as the Site or List Settings page, the Actions or Settings menu on lists and libraries and the list item dropdown (ECB Edit Control Block) menu.  Associating one or more of the built-in permissions with these custom actions will mean that a user much have each of the permissions on the item, list or site for the Custom action to be displayed.
Share this article:
Stumble This Delicious
Delicious
submit to reddit
Facebook
MySpace
MySpace

No comments:

Post a Comment