Hi,
on the project i'm working we have a site (the front office) which is accessible by anonymous users, and a subsite (the back office) which access is restricted. In the back office, i want to restrict the access of one specific page (e.g, /Pages/specificpage.aspx) to only users who are members of a certain group.
How can i do that programmatically?
Thanks.
First you create a group for this permission type. You do that from the "People and Groups" page.
Then you go to your Pages list by browsing to the http:/Pages.
Click on the drop down menu on the page/item in question and select "manage permissions".
On the Actions menu, select "Edit permissions" and click Ok to break inheritance.
Remove the default (inherited) permissions (user/groups) by put a check mark in them and select Action-s>Remove User Permissions.
On the New menu, select "Add users", enter the name of your group , select the desired permissions and click Ok.
And here's how to do it programmatically:
using (SPSite site = new SPSite("<YOUR URL>"))
{
using (SPWeb web = site.OpenWeb())
{
// Get the group you want to assign to the item
SPGroup group = web.Groups["<YOUR GROUP NAME>"];
SPPrincipal principal = group as SPPrincipal;
// Define the role definitions
SPRoleDefinitionCollection roleDefinitions = web.RoleDefinitions;
SPRoleDefinition[] rolesToApply = new SPRoleDefinition[1] { roleDefinitions["Contribute"] };
// Or whatever role definition you want to assign
SPRoleAssignment newRoleAssignmentToAdd = new SPRoleAssignment(principal);
foreach (SPRoleDefinition roleDefinition in rolesToApply)
{
if (roleDefinition != null)
{
newRoleAssignmentToAdd.RoleDefinitionBindings.Add(roleDefinition);
}
}
// Choose your list
SPList list = web.Lists["Pages"];
// Query for the item/file/page
SPQuery query = new SPQuery();
query.RowLimit = 2000;
query.ViewFields = "<FieldRef Name='Title' />";
query.Query = string.Format(@"<OrderBy><FieldRef Name='ID'/></OrderBy>
<Where>
<Eq>
<FieldRef Name='FileLeafRef'/>
<Value Type='Text'>{0}</Value>
</Eq>
</Where>", "<YOUR PAGE NAME>");
// Get the list item
SPListItemCollection items = list.GetItems(query);
if (items.Count > 0)
{
SPListItem item = items[0];
// If the item doesn't have unique permissions, set it to have that
if (!item.HasUniqueRoleAssignments)
{
item.BreakRoleInheritance(false);
}
// Add your role definition
item.RoleAssignments.Add(newRoleAssignmentToAdd);
}
}
}
To set the permissions pragmatically you need to do the following.
1) Break Role Inheritance of the item 2) Add the new role assignment
To break the Break Role Inheritance of an item you call the BreakRoleInheritance method on the item, passing true will copy the current permissions for the list to the item.
item.BreakRoleInheritance(false);
You then need to get the items Role Assignments collection and add a new role assignment to it. The role assignment is created for a SPPrincipal and has a SPRoleDefinition bound to it.
SPRoleAssignmentCollection rolesAssignments = item.RoleAssignments;
SPRoleAssignment userRoleAssignment = new SPRoleAssignment(principal);
userRoleAssignment.RoleDefinitionBindings.Add(roleDefinition);
rolesAssignments.Add(userRoleAssignment);
To fetch a Role Definition you can go to the current SPWeb’s FirstUniqueRoleDefinitionWeb property so you keep any customisations that have been made to your sites permissions and then use the SPWeb’s Role Definitions Collection. (I am not too sure of the disposal pattern for the FirstUniqueRoleDefinitionWeb property, if you are using SPContext Dont dispose it)
if (web.FirstUniqueRoleDefinitionWeb != null)
{
using (SPWeb firstUniqueRoleDefinitionWeb = web.FirstUniqueRoleDefinitionWeb)
{
return firstUniqueRoleDefinitionWeb.RoleDefinitions[roleName];
}
}
return web.RoleDefinitions[roleName];
Hope this helps you in the right direction