SPContext.Current.Web.CurrentUser returns wrong user (Broken user database?)
https://sharepoint.stackexchange.com/questions/144257
-
03-10-2020 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian문제
This code snippet is used to Break Role Inheritance on a Document Library and set the current user as the only user who has "Read" priviliges on that Library:
SPUser oUser = SPContext.Current.Web.CurrentUser;
SPSecurity.RunWithElevatedPrivileges(delegate()
{
using (SPSite site = new SPSite("http://<<server>>/websites/gwp/"))
{
using (SPWeb web = site.OpenWeb())
{
web.AllowUnsafeUpdates = true;
SPList list = web.Lists["test_GWP"];
if (!list.HasUniqueRoleAssignments)
{
list.BreakRoleInheritance(false);
}
SPRoleDefinition roleDef = web.RoleDefinitions.GetByType(SPRoleType.Reader);
SPRoleAssignment spRoleAssignment = new SPRoleAssignment(oUser);
web.AllowUnsafeUpdates = true;
spRoleAssignment.RoleDefinitionBindings.Add(roleDef);
list.RoleAssignments.Add(spRoleAssignment);
list.Update();
web.Update();
web.AllowUnsafeUpdates = false;
}
}
});
After running this code, the Document Library gets assigned to a completely different user (not pool account)!
Tested on different users, browsers and workstations.
Do you know why SharePoint behaves as described?
FYI: A while ago i added a bunch of users to the website, namingly an AD-Group which itself contained an AD-Group. Did this break my SharePoint user database by any chance?
해결책
The problem is probably that SPRoleAssignment is using the ID of the passed in oUser, but the user with that ID in http://<<server>>/websites/gwp/ is very unlikely to be the same user as the one with that ID in SPContext.Current.Web unless SPContext.Current.Web is http://<<server>>/websites/gwp/.
So you need to change
SPRoleAssignment spRoleAssignment = new SPRoleAssignment(oUser);
to
SPUser oUser2 = web.EnsureUser(oUser.LoginName);
SPRoleAssignment spRoleAssignment = new SPRoleAssignment(oUser2);
