Site not shared message after visual web part click
https://sharepoint.stackexchange.com/questions/180111
-
09-10-2020 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have created a Visual Web Part. Inside, there is submit button that on click runs some code. It works fine with my Site Collection Administrator. but it doesn't work with my test user. This test user has read permissions only on the site.
When I click on the Visual Web Part button I get:
"Sorry this site is not shared with you”
are there any permission I need to set to enable a user to submit from a visual web part?
Edit: On click method:
protected void btninvia_Click(object sender, EventArgs e)
{
SPSecurity.RunWithElevatedPrivileges(delegate()
{
SPSite spsite = SPContext.Current.Site;
SPWeb spweb = spsite.RootWeb;
... code that works ....
SPListItem item = addMissione(user.User); // this method causes the authorization problem
... not executed code
});
}
addMission method:
private SPListItem addMissione(SPUser spuser)
{
SPListItem item =null;
SPSecurity.RunWithElevatedPrivileges(delegate()
{
Logger.WriteLog(Logger.Category.Information, "addMissione", "spuser" + spuser.LoginName);
SPSite spsite = SPContext.Current.Site;
SPWeb spweb = spsite.RootWeb;
SPList splist = spweb.Lists["Missions"];
item = splist.AddItem();
item["Field1"] = spuser;
item["Field2"] = Field2.Text;
item["Start Date"] = startdate.SelectedDate;
....
item.Update();
Logger.WriteLog(Logger.Category.Information, "addMission", "item update"); // this code is not run
...
Logger.WriteLog(Logger.Category.Information, "addMissione", "fine addMissione");
});
return item;
}
Solution
It all depends on the code you run on the button click. Can you please share it with us?
It's more than probably something done by your code, and your user does not have permissions to perform the action. e.g. you create a list item by code, while your "read-only" user obviously cannot create items...
If you really need to take some actions on behalf of read-only users, and if you can be sure from your code the operation is allowed as per the business rules, you can use an "elevation", i.e. run your code as the "system account". That way, all operations are allowed. Use this carrefully...
[EDIT]
Now that I've seen your code, the mistake is obvious. You need to open new SPSite and SPWeb objects inside the elevated section. See for instance my answer https://sharepoint.stackexchange.com/a/171392/35604 ("However, as a side note...").
i.e., try Something like this:
SPSecurity.RunWithElevatedPrivileges(delegate()
{
Logger.WriteLog(Logger.Category.Information, "addMissione", "spuser" + spuser.LoginName);
using(SPSite spsite = new SPSite(SPContext.Current.Site.ID))
{
using(SPWeb spweb = spsite.RootWeb))
{
spweb.AllowUnsafeUpdates = true;
SPList splist = spweb.Lists["Missions"];
SPListItem item = splist.AddItem();
item["Field1"] = spuser;
item["Field2"] = Field2.Text;
item["Start Date"] = startdate.SelectedDate;
....
item.Update();
....
}
}
}
Note the spweb.AllowUnsafeUpdates = true;: it is important here as we're dealing with an SPWeb not unlocked by the HTTP context (see https://sharepoint.stackexchange.com/a/149719/35604 on this matter).
OTHER TIPS
You are not elevating in a correct way, you need to create new objects for SPSite and SPWeb.
But since you use the root web, as you do, you do not need to explicitly create a new object for that, so you can do the below
SPSecurity.RunWithElevatedPrivileges(delegate()
{
using(SPSite spsite = new SPSite(SPContext.Current.Site.Url))
{
SPWeb spweb = spsite.RootWeb;
}
}
