Assign permissions to folder in document library from person lookup - SharePoint 2010

sharepoint.stackexchange https://sharepoint.stackexchange.com/questions/180104

Question

Let me first preface by saying that I am new to programming with the SharePoint Object Model...

I have a requirement where after a list item is created, which indicates 2 individuals in a person lookup, I need to create a new folder in a document library and grant permission to folder to the users in the person lookup fields. I have created an event receiver to create the new folder and edit some of the list item fields accordingly. My problem is that I am unsure as how grant permission to the users indicated in the person lookup field after creating the folder. We need to grant permission only to the individual users and not any groups they may be a part of. These permissions should be added to the current permissions on the document library. Here is the code I have so far.

public override void ItemAdded(SPItemEventProperties properties)
{
        base.ItemAdded(properties);

        const string SOURCE_DIRECTORY = @"http://sitecoll/Forms/SourceLibrary/";
        const string DESTINATION_DIRECTORY = @"http://sitecoll/site/subsite/DestLibrary/";

        try
        {
            // Get inserted item and update its fields
            SPListItem insertedItem = properties.ListItem;
            string destFolderName = insertedItem.UniqueId.ToString() + @"/";
            insertedItem["Title"] = properties.UserDisplayName;
            insertedItem["URL"] = DESTINATION_DIRECTORY + destFolderName;
            insertedItem.Update();

            Uri srcUrl = new Uri(SOURCE_DIRECTORY);
            Uri dstFolderUrl = new Uri(DESTINATION_DIRECTORY);
            Uri dstNewFolderUrl = new Uri(dstFolderUrl + destFolderName);
            Uri srcFileUrl = new Uri(SOURCE_DIRECTORY + "filename.pdf");

            using (SPSite siteSrc = new SPSite(srcUrl.AbsoluteUri))
            using (SPSite siteDst = new SPSite(dstFolderUrl.AbsoluteUri))
            using (SPWeb webSrc = siteSrc.OpenWeb())
            using (SPWeb webDst = siteDst.OpenWeb())
            {
                // Create New Folder in QM/Exposure/ Library
                SPFolder dstFolder = webDst.GetFolder(dstFolderUrl.AbsolutePath);
                SPFolder newFolder = dstFolder.SubFolders.Add(dstNewFolderUrl.AbsolutePath);

                // Add File to new folder (do for each file)
                SPFile srcFile = webSrc.GetFile(srcFileUrl.AbsolutePath);
                newFolder.Files.Add(dstNewFolderUrl.AbsolutePath + srcFile.Name, srcFile.OpenBinary());

                // TODO Add Permissions to newFolder using 'Employee' and 'Manager' person lookup fields

            }
        }
        catch (Exception exc)
        {
            properties.ErrorMessage = exc.Message;
            properties.Status = SPEventReceiverStatus.CancelWithError;
        }
}

Any help on this would be greatly appreciated. Thanks!

Was it helpful?

Solution

SOLVED: After lengthy research I was able to come up with a working solution.

               // Break Inheritance from Parent library
               newFolder.Item.BreakRoleInheritance(true);

               // Remove 'Visitor' group from permissions
               SPPrincipal principal = (SPPrincipal)webDst.SiteGroups["Visitor"];
               newFolder.Item.RoleAssignments.Remove(principal);

               // Get SPUSer for employee
               SPFieldUser employeeField = (SPFieldUser)insertedItem.Fields.GetField("Employee");
               SPFieldUserValue employeeFieldValue = (SPFieldUserValue)employeeField.GetFieldValue(insertedItem["Employee"].ToString());
               SPUser employee = employeeFieldValue.User;

               // Get SPUser for manager
               SPFieldUser managerField = (SPFieldUser)insertedItem.Fields.GetField("Manager");
               SPFieldUserValue managerFieldValue = (SPFieldUserValue)managerField.GetFieldValue(insertedItem["Manager"].ToString());
               SPUser manager = managerFieldValue.User;

               // Get Visitor roles
               SPRoleDefinition visitor = webDst.RoleDefinitions["Visitor"];
               SPRoleDefinition visitorSpc = webDst.RoleDefinitions["VisitorSpc"];
               SPRoleDefinition visitorExt = webDst.RoleDefinitions["VisitorExt"];

               // Grant employee all Visitor permissions
               SPRoleAssignment employeeRole = new SPRoleAssignment(employee);
               employeeRole.RoleDefinitionBindings.Add(visitor);
               employeeRole.RoleDefinitionBindings.Add(visitorSpc);
               employeeRole.RoleDefinitionBindings.Add(visitorExt);
               newFolder.Item.RoleAssignments.Add(employeeRole);

               // Grant manager all Visitor permissions
               SPRoleAssignment managerRole = new SPRoleAssignment(manager);
               managerRole.RoleDefinitionBindings.Add(visitor);
               managerRole.RoleDefinitionBindings.Add(visitorSpc);
               managerRole.RoleDefinitionBindings.Add(visitorExt);
               newFolder.Item.RoleAssignments.Add(managerRole);

               // Update folder
               newFolder.Item.Update();

               // Update Library
               webDst.Update();

Hope this helps others.

Licensed under: CC-BY-SA with attribution
Not affiliated with sharepoint.stackexchange
scroll top