Create group, permission and assign it programmatically

Introduction

In this article I will describe that how to create Sharepoint group, permission and assign permission to group programmatically using feature.

This will use below terms:-
1. SPGroup: We wll create sharepoint group.
2. RoleDefinition: We will create custom permission.
3. RoleAssignment: Assign custom permission to group.

Solution Structure

Permission_SolutionStructure

The Code

We will create below feature.xml file and featurereceiver.cs file. Then rest is usual WSP deployment on sharepoint.

For: How to create WSP project and create basic feature, please go to below url and read details:-
http://sharepoint.infoyen.com/2012/04/22/feature-receiver-in-sharepoint/
http://sharepoint.infoyen.com/2012/04/01/create-webpart-in-sharepoint-2/

Feature.xml
You use this XML file to define the metadata for the new feature. The following example code scopes the feature at the level of the site and defines a unique identifier for the new feature.

1
2
3
4
5
6
7
8
9
10
11
<Feature  Id="write feature id here"
          Title="Custom Permissions"
          Description="This Custom Permissions of site owner."
          Version="12.0.0.0"
          Hidden="FALSE"
          Scope="Web"
          DefaultResourceFile="core"
          xmlns="http://schemas.microsoft.com/sharepoint/" 
	ReceiverAssembly="Home.Project.Solution, Version=1.0.0.0, Culture=neutral, PublicKeyToken=05bbbd1c0f9a44ea" 
    ReceiverClass="Home.Project.Solution.CustomPermision.FeatureReceiver" >
</Feature>

Feature Receiver Class:-

In this class; on feature activation, 1st we will create SPGroup, then SPRoleDefinition and in last we assign this SPRoleDefinition to SPGroup using SPRoleAssignment. please see below full code to understand in detail:-

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
namespace Home.Project.Solution.CustomPermision
{
    public class FeatureReceiver : SPFeatureReceiver
    {
        private const string PERMISSION_NAME = "CustomAccesss Owner";
        string strPermName = string.Empty;
        public override void FeatureInstalled(SPFeatureReceiverProperties properties)
        {
        }
        public override void FeatureUninstalling(SPFeatureReceiverProperties properties)
        {
        }
        public override void FeatureActivated(SPFeatureReceiverProperties properties)
        {
            try
            {
                SPWeb web = null;
                web = (SPWeb)properties.Feature.Parent;
                strPermName = web.Title + " " + PERMISSION_NAME;
                bool IsRestrictedOwnerExist = false;
 
                SPRoleDefinitionCollection existingRoleDefinition = web.RoleDefinitions;
                foreach (SPRoleDefinition roleDef in existingRoleDefinition)
                {
                    if (roleDef.Name == PERMISSION_NAME)
                        IsRestrictedOwnerExist = true;
                }
				// If permission does not exist then create permission(SPRoleDefinition)
                if (!IsRestrictedOwnerExist)
                {
                    // create a new restricted Owner role definition and set base permissions
                    SPRoleDefinition restrictedOwnerRoleDefinition = new SPRoleDefinition()
                    {
                        Name = PERMISSION_NAME,
                        Description = "Same as full control except 'Manage Permissions' and 'Create Groups'",
                        BasePermissions =
                        SPBasePermissions.ManageLists
                        | SPBasePermissions.CancelCheckout | SPBasePermissions.AddListItems
                        | SPBasePermissions.EditListItems | SPBasePermissions.DeleteListItems
                        | SPBasePermissions.ViewListItems | SPBasePermissions.ApproveItems
                        | SPBasePermissions.OpenItems | SPBasePermissions.ViewVersions
                        | SPBasePermissions.DeleteVersions | SPBasePermissions.CreateAlerts
                        | SPBasePermissions.ViewFormPages
 
                        | SPBasePermissions.ViewUsageData | SPBasePermissions.ManageWeb
                        | SPBasePermissions.AddAndCustomizePages | SPBasePermissions.ApplyThemeAndBorder
                        | SPBasePermissions.ApplyStyleSheets | SPBasePermissions.BrowseDirectories
                        | SPBasePermissions.CreateSSCSite | SPBasePermissions.ViewPages
                        | SPBasePermissions.EnumeratePermissions | SPBasePermissions.BrowseUserInfo
                        | SPBasePermissions.ManageAlerts | SPBasePermissions.UseRemoteAPIs
                        | SPBasePermissions.UseClientIntegration | SPBasePermissions.Open
                        | SPBasePermissions.EditMyUserInfo
 
                        | SPBasePermissions.ManagePersonalViews | SPBasePermissions.AddDelPrivateWebParts
                        | SPBasePermissions.UpdatePersonalWebParts
                    };
                    web.RoleDefinitions.Add(restrictedOwnerRoleDefinition);
                    web.Update();
                }
 
                //use the web owner group as the owner for this new group
                SPMember siteOwner = web.Site.RootWeb.SiteAdministrators[0];
                web.SiteGroups.Add(strPermName, siteOwner, null, "Custom SharePoint Group for CustomAccess Owner");
 
                //retrieve the newly added group to set roles for it
                SPGroup wcmGroup = web.SiteGroups[strPermName];
                //get the designer role definition to assign to our custom group
                SPRoleDefinition customRoleDefinition = web.RoleDefinitions[PERMISSION_NAME];
                //assign CustomAccess Owner role to our custom group at the web level
                SPRoleAssignment roleAssignment = new SPRoleAssignment(wcmGroup);
                roleAssignment.RoleDefinitionBindings.Add(customRoleDefinition);
                web.RoleAssignments.Add(roleAssignment);
 
                wcmGroup.Update();
                web.Update();
            }
            catch (Exception)
            {
                throw new SPException(string.Format("Error adding custom access permissions."));
            }
        }
        public override void FeatureDeactivating(SPFeatureReceiverProperties properties)
        {
        }
    }
}

Thanks!
Avinash

calendarJune 24, 2012 · cardInfoyen · commentsNo Comments
tagTags: ,  · Posted in: MOSS, Security, SharePoint

Leave a Reply

Spam Protection: , required

myworldmaps infoyen