SPContext.Current.Web.CurrentUser returns wrong user (Broken user database?)
-
03-10-2020 - |
Question
This code snippet is used to Break Role Inheritance on a Document Library and set the current user as the only user who has "Read" priviliges on that Library:
SPUser oUser = SPContext.Current.Web.CurrentUser;
SPSecurity.RunWithElevatedPrivileges(delegate()
{
using (SPSite site = new SPSite("http://<<server>>/websites/gwp/"))
{
using (SPWeb web = site.OpenWeb())
{
web.AllowUnsafeUpdates = true;
SPList list = web.Lists["test_GWP"];
if (!list.HasUniqueRoleAssignments)
{
list.BreakRoleInheritance(false);
}
SPRoleDefinition roleDef = web.RoleDefinitions.GetByType(SPRoleType.Reader);
SPRoleAssignment spRoleAssignment = new SPRoleAssignment(oUser);
web.AllowUnsafeUpdates = true;
spRoleAssignment.RoleDefinitionBindings.Add(roleDef);
list.RoleAssignments.Add(spRoleAssignment);
list.Update();
web.Update();
web.AllowUnsafeUpdates = false;
}
}
});
After running this code, the Document Library gets assigned to a completely different user (not pool account)!
Tested on different users, browsers and workstations.
Do you know why SharePoint behaves as described?
FYI: A while ago i added a bunch of users to the website, namingly an AD-Group which itself contained an AD-Group. Did this break my SharePoint user database by any chance?
La solution
The problem is probably that SPRoleAssignment
is using the ID of the passed in oUser
, but the user with that ID in http://<<server>>/websites/gwp/
is very unlikely to be the same user as the one with that ID in SPContext.Current.Web
unless SPContext.Current.Web
is http://<<server>>/websites/gwp/
.
So you need to change
SPRoleAssignment spRoleAssignment = new SPRoleAssignment(oUser);
to
SPUser oUser2 = web.EnsureUser(oUser.LoginName);
SPRoleAssignment spRoleAssignment = new SPRoleAssignment(oUser2);