tags:

views:

1500

answers:

4
+2  Q: 

Why does RunWithElevatedPrivileges fail to execute?

I'm trying to make a web part that greps user comments and stores it in custom list, I wrote this code to add a list to the site once the web part added to the page,

[Guid("c314a0e8-0210-4064-b79e-bfd3594c6083")]
public class CommentWriteSpace : System.Web.UI.WebControls.WebParts.WebPart
{
    SPSite site = null;
    SPWeb web = null;

    public CommentWriteSpace()
    {
        SPSecurity.CodeToRunElevated foo = new SPSecurity.CodeToRunElevated(doit);

        SPSecurity.RunWithElevatedPrivileges(foo);
        SPListCollection listCollection = web.Lists;

        Guid listGuid = listCollection.Add("Comments List", "A list of user comments", SPListTemplateType.GenericList);
        listCollection[listGuid].Fields.Add("User", SPFieldType.User, true);
        listCollection[listGuid].Fields.Add("Comment", SPFieldType.Text, true);
        listCollection[listGuid].OnQuickLaunch = true;
        listCollection[listGuid].Update();
        //this.Page.Request.Url.ToString()
    }

    public void doit()
    {
        site = SPContext.Current.Site;
        web = site.OpenWeb();
    }
}

But the RunWithElevatedPrivileges method throw an exception, I guess it's a permission issue, the exception is the same as one appears when executing site.OpenWeb(); method without elevating privileges.

What could be the problem?

+2  A: 

There is no need for you to run SPContext.Current.Site with elevated privileges. In fact, I think this is why you get the exception. Furthermore, you could also use SPContext.Current.Web instead of site.OpenWeb(). The latter creates a new SPWeb object that you will be responsible of disposing again. SPSite and SPWeb objects from SPContext are automatically disposed when the HTTP request has completed.

Lars Fastrup  2009-03-12 17:38:53
"SPSite and SPWeb objects from SPContext are automatically disposed when the HTTP request has completed."Best bit of information on this entire question! Thanks Lars
Dan Revell  2009-10-03 09:38:39
A: 

Hmm. Would it maybe be easier to just run the bulk of your code in an anonymous delegate?

SPSecurity.RunWithElevatedPrivileges(delegate()
{
  // Your code here
}

It's probably also better to create an SPList object, rather than accessing the collection repeatedly. Some those collections behave a little strangely - I think it's the SPViewCollection create a new object each time you access it via a guid/index!

All of that askice, I agree with Lars - use SPContext.Current.Web

Andy Burns  2009-03-12 17:49:41
-1: you can't use SPContext.Current.Web, it doesn't have elevated privileges.
vitule  2010-02-03 22:37:49
+1  A: 

I would suggest avoiding using RunWithElevatedPrivileges when interacting with SharePoint objects (wherever possible, like in your example). You should restrict its use to when you need to access resources that are outside SharePoint (for example a database, file share, etc.)

Here is an excellent article that provides a very elegant approach to getting elevated privileges within a SharePoint context: http://solutionizing.net/2009/01/06/elegant-spsite-elevation/

Daniel McPherson  2009-03-12 18:20:55
+4  A: 

You're seeing a number of problems:

  1. SPSite object permissions are determined when they are created, so SPContext.Current.Site will already have the permissions of the current user even if you get the reference within RWEP.
  2. Passing SP objects out of a RWEP block is unsupported and generally dangerous. If you do need to use RWEP, all SPSite and SPWeb objects (and their children) created within that context should be used and disposed in the CodeToRunElevated.
  3. Each call to listCollection[listGuid] will create a new SPList object, which may cause unexpected behavior.

As Dan suggests, RWEP is not the preferred method to do what you're trying to accomplish. Using an extension from the link he references, I would rewrite to look something like this:

[Guid("c314a0e8-0210-4064-b79e-bfd3594c6083")]
public class CommentWriteSpace : System.Web.UI.WebControls.WebParts.WebPart
{
    public CommentWriteSpace()
    {
        SPContext.Current.Site.RunAsSystem(UpdateSite);
        //this.Page.Request.Url.ToString()
    }

    public void UpdateSite(SPSite site)
    {
        SPWeb web = site.RootWeb;

        SPListCollection listCollection = web.Lists;
        Guid listGuid = listCollection.Add("Comments List", "A list of user comments", SPListTemplateType.GenericList);
        SPList list = listCollection[listGuid];

        list.Fields.Add("User", SPFieldType.User, true);
        list.Fields.Add("Comment", SPFieldType.Text, true);
        list.OnQuickLaunch = true;
        list.Update();
    }
}
dahlbyk  2009-03-12 22:45:17
Hey mate, nice to see you here!
Daniel McPherson  2009-03-13 13:53:28

related questions

Upgrading Sharepoint 3.0 to SQL 2005 Backend?
Webpart registration error in event log
Sharepoint COMException 0x81020037
Transactional Design Pattern
Deploying InfoPath forms to different SharePoint servers
Profiling/Optimizing (Sharepoint 2007) Web Parts
Retreiving the PC Name of a Client? (Windows Auth)
What's the best way to report errors from a SharePoint workflow?
How to get out parameters working in SharePoint workflows
Editing User Profile w/ Forms Authentication
WSS/MOSS Book
Creating a development environment for SharePoint.
Sharepoint Wikis
Have you used a wiki in your project or group?
Can I copy files to a Network Place from a script or the command line?
How do you deploy your SharePoint solutions?
SharePoint WSS 3.0 Integration with Mac OSX (either Safari or Firefox)
SharePoint - Connection String dialog box during FeatureActivated event
How can I improve the edit-compile-test loop when developing a SharePoint workflow?
Best ajax library for Sharepoint
Alternative Hostname for an IIS web site for internal access only
How to reference to multiple version assembly
MOSS SSP problem - Failed database logons from deleted SSP
Sharepoint: executing stsadm from a timer job + SHAREPOINT\System rights
Can ASP.NET AJAX partial rendering work inside a SharePoint 2007 application page?