By: =8)-DX

=8)-DX — Wed, 06 Aug 2008 11:07:14 +0000

The same thing goes for folders – deleting the SPRoleAssignment for a folders SPListItem object (also ISecurable) will also remove all of a user’s roles for the subfolders.

This is how to identify the “Limited Access” SPRoleDefinition (and leave it there).
(role_def.Type == SPRoleType.Guest && (role_def.BasePermissions != SPBasePermissions.FullMask))

I’m not sure the code you have there will work for folders -> I kept getting and error saying “You cannot add a role assignment with an empty SPRoleDefinitionBinding collection to the object” or something like that.

My workaround was to:

A if there is already an SPRoleAssignment for the user then I
1.Go through the RoleDefinitionBindings collection and remove all except limited access
2.If I have some new role to add, add it now.
3.If I added some roles or there was limited access do Update. otherwise remove the role assignment

B if there is no SPRoleAssignment – create a new one for the user.

SPUser current_user; //assuming you have a user object
SPListItem folder_item; // assuming you have the SPListItem object for the given folder
SPRoleDefinitionBindingCollection nove_role_def = new SPRoleDefinitionBindingCollection(); // add some roles to this.. or add specific roles later.

SPRoleAssignmentCollection roles = folder_item.RoleAssignments;

SPRoleAssignment role_for_current_user = null;
bool is_previous_role = false;
for (int i = 0; i < roles.Count; i++)
{
SPRoleAssignment role = roles[i] as SPRoleAssignment;

if (role.Member.ID == ((SPMember)current_user).ID)
{
if (!is_previous_role)
{
is_previous_role = true;
bool role_is_not_empty = false;
bool is_limited = false;
//role.RoleDefinitionBindings.RemoveAll();
for (int j = 0; j < role.RoleDefinitionBindings.Count; j++)
{
SPRoleDefinition role_def = role.RoleDefinitionBindings[j];
if (role_def.Type == SPRoleType.Guest && (role_def.BasePermissions != SPBasePermissions.FullMask))
is_limited = true;
else
{
role.RoleDefinitionBindings.Remove(j);
j–;
}
}

foreach (SPRoleDefinition role_def in new_role_defs)
{
role_is_not_empty = true;
role.RoleDefinitionBindings.Add(role_def);
}

if (role_is_not_empty || is_limited)
role.Update();
else
{
roles.Remove(i);
i–;
}

}
else
{
roles.Remove(i);
i–;
}
}
}

if (!is_previous_role)
{
bool role_is_not_empty = false;
role_for_current_user = new SPRoleAssignment(
current_user.LoginName,
current_user.Email,
current_user.Name,
current_user.Notes);
role_for_current_user.RoleDefinitionBindings.RemoveAll();
foreach (SPRoleDefinition role_def in new_role_defs)
{
role_is_not_empty = true;
role_for_current_user.RoleDefinitionBindings.Add(role_def);
}
if (role_is_not_empty)
roles.Add(role_for_current_user);
}
}

By: Links (7/10/2008) « Steve Pietrek - Everything SharePoint

Links (7/10/2008) « Steve Pietrek - Everything SharePoint — Fri, 11 Jul 2008 00:30:50 +0000

[...] Be careful when manipulating your SPWeb’s RoleAssignments [...]

By: FuzzLinks.com » Be careful when manipulating your SPWeb’s RoleAssignments « SharePoint Internals - Hristo Pavlov’s Blog

Thu, 10 Jul 2008 14:36:41 +0000

[...] http://hristopavlov.wordpress.com/2008/07/10/be-careful-when-manipulating-your-spwebs-roleassignment... [...]

Comments on: Be careful when manipulating your SPWeb’s RoleAssignments

By: =8)-DX

By: Links (7/10/2008) « Steve Pietrek - Everything SharePoint

By: FuzzLinks.com » Be careful when manipulating your SPWeb’s RoleAssignments « SharePoint Internals - Hristo Pavlov’s Blog