I need to add permission levels to a list like: Full Control, Contribute, Manage Hierarchy, view Only, etc.
I see here: "programatically add user permission to a list in sharepoint", that this can be done using the Object Model. How would I do the same using Web Services?
I tried using the permissions.asmx web services, it works for some of them giving the correct mask like 1011028991 for Approve, 138612833 for read, but it doesn't work for others like Manage Hierarchy, Restricted Read, and any other user created role (permission level). Instead of the correct name I get: Auto-generated Permission Level edda2384-2672-4e24-8f31-071d61a8c303
Any help will be appreciated.
OK, here is a code example, to obtain the mask I based this code on the one from this forum.
string sPermissionName = "Manage Hierarchy"; // if I use Read, Approve, Contribute, Full Control, it works!
string sListName = "testList";
string sGroupName = string.Format("{0}_ManageHierarchy", sListName);
// Create an aux group just to obtain the mask number later
using (SPUserGroup.UserGroup ug = new SPUserGroup.UserGroup())
{
ug.Credentials = new NetworkCredential("user", "pasword");
ug.Url = "http://testSite/_vti_bin/UserGroup.asmx";
ug.AddGroup(sGroupName, "testDomain\\user", "user", "testDomain\\user", "Manage Hierarchy test");
ug.AddGroupToRole(sPermissionName, sGroupName);
}
using (SPPermissions.Permissions per = new SPPermissions.Permissions())
{
per.Credentials = new NetworkCredential("user", "password");
per.Url = "http://testSite/_vti_bin/Permissions.asmx";
XmlNode perms = per.GetPermissionCollection(sListName, "list");
XmlNode n = perms.SelectSingleNode(string.Format("/*[local-name()='Permissions']/*[local-name()='Permission' " +
"and #MemberIsUser='False' and #GroupName='{0}']", sGroupName));
// Here we get the Mask for the role
int iMask = int.Parse(n.Attributes["Mask"].Value);
Console.WriteLine("The mask is:{0}", iMask); // Just to see the mask, I get 2129075183 for Manage Hierarchy
// Here I want to add some user to the list with the specified permission level
// But I get for example: Auto-generated Permission Level edda2384-2672-4e24-8f31-071d61a8c303
// Also, If later I execute the GetPermissionCollection, I see that the mask they got is: 2129075199 and not what I passed which was: 2129075183
per.AddPermission(sListName, "list", "testDomain\\user01", "user", iMask);
per.AddPermission(sListName, "list", "testDomain\\user02", "user", iMask);
}
Related
I'm trying to insert a word document into a Docusign template. The document inserts properly, but in addition to the two signers set up in the code, one of the signers that was on the template stays. Also, the second signature field is removed. Is there a setting that I'm missing? Here's my code:
List<TemplateRole> roleslist = new List<TemplateRole>();
TemplateRole InternalSignerRole = new TemplateRole(); // Set the Template Roles for the Internal Signer
InternalSignerRole.Email = _currentDocInfo.sInternalSignerEmail;
InternalSignerRole.Name = _currentDocInfo.sInternalSignerName;
InternalSignerRole.RoleName = "SignerInternal";
roleslist.Add(InternalSignerRole); // add to Template Roles list
TemplateRole ExternalSignerRole = new TemplateRole(); // Set the Template Roles for the External Signer
ExternalSignerRole.Email = _currentDocInfo.sExternalSignerEmail; //Create Template Roles for ExternalSigner
ExternalSignerRole.Name = _currentDocInfo.sExternalSignerEmail;
ExternalSignerRole.RoleName = "SignerExternal";
roleslist.Add(ExternalSignerRole);
var apiClient = new ApiClient(conn.Base_URL);
DocuSign.eSign.Client.Configuration.Default.ApiClient = apiClient;
DocuSign.eSign.Client.Configuration.Default.AddDefaultHeader("X-DocuSign-Authentication", authHeader);
string accountId = null;
// login call is available in the authentication api
var authApi = new AuthenticationApi();
var loginInfo = authApi.Login();
// parse the first account ID that is returned (user might belong to multiple accounts)
accountId = loginInfo.LoginAccounts[0].AccountId;
var baseUrl = loginInfo.LoginAccounts[0].BaseUrl;
var separator = new string[] { "/restapi" };
var basePath = baseUrl.Split(separator, StringSplitOptions.None)[0] + "/restapi";
apiClient = new ApiClient(basePath);
EnvelopeDefinition envDef = new EnvelopeDefinition();
envDef.EmailSubject = emailSubject;
envDef.EmailBlurb = emailBody;
//add custom fields you sent over with the document
envDef.CustomFields = letterCustomFields;
// Add a document to the envelope
envDef.Documents = letterDocs;
// Add a recipient to sign the document
envDef.TemplateRoles = roleslist;
envDef.TemplateId = "478d85c2-dc7c-4a89-a985-7d7a9101e36a";
First off, please don't use legacy authentication. That is old, not as secure and should not be used in new code that you're building.
Note that tabs (signature elements) are associated with both a recipient (a specific one) as well as a document (a specific one).
If you are trying to replace a document in a template, when creating an envelope from it (which is what you're doing, you're not replacing the document in the template, but rather in the envelope you create), you need to ensure the tabs refer to the same document and same recipient (based on the role).
Also, another recommendation is to use composite templates, which provide more flexibility for such scenarios. See excellent blog post by Gil Vincent for more information.
I created a custom property in the user profile.
I want to search through all the user profiles and output those profiles in which the custom property contains a certain string
For example:
User1- Custom Property value is 1,2,3
User2- Custom Property value in 2,4,5
User3- Custom Property value is 4,6,8
I want to output all the profiles in which Custom Property contains 2
(using c# code)
So the output should have User1 and User2
Can someone suggest the best way to implement this?
I did find some links in the internet for searching user profiles use KeyWord search but and not sure if those methods could be used to search through Custom Properties.
Example: https://www.collaboris.com/how-to-use-search-keywordquery-to-query-user-profiles-in-sharepoint/
I am using SharePoint 2013
We ended up promoting the Custom Property that we added to the User profile to a Managed property.
Also it seems like we can do wildcard searches on managed properties so we do People searches like "CustomProperty:*,2,*" so that it would return all the user profiles which have the number 2 in the custom property of their user profile
Interestingly the wildcard works only on the end for OOTB properties like FirstName so we cant do things like FirstName:oh and expect it would return John Doe's profile
But we can certainly do this - FirstName:joh* and that would return all the people whose first name starts with Joh (which would include John Doe)
But it seems like the wildcard works both at the beginning and the end for the custom managed properties (which helped a great deal for us)
On how to return the results of the search using c# we used this-
private DataTable GetPeople(SPSite spSite, string queryText)
{
var keywordQuery = new KeywordQuery(spSite)
{
QueryText = queryText,
KeywordInclusion = KeywordInclusion.AllKeywords,
SourceId = System.Guid.Parse("b09a7990-05ea-4af9-81ef-edfab16c4e31")
};
keywordQuery.RowLimit = this.MaxProfilesToDisplay;
keywordQuery.SelectProperties.Add("AccountName");
keywordQuery.SelectProperties.Add("PictureURL");
SearchExecutor e = new SearchExecutor();
ResultTableCollection rt = e.ExecuteQuery(keywordQuery);
var tab = rt.Filter("TableType", KnownTableTypes.RelevantResults);
var result = tab.FirstOrDefault();
DataTable DT = result.Table;
return DT;
}
and we would invoke this like
DataTable dt = GetPeople(SPContext.Current.Site, "CustomProperty:*,2,*" );
I am trying to create a new record using BS server script.
Since the process is taking place inside the BS, the context of Parent is not present, hence I am unable to get Parent Row_Id which I need to explicitly stamp against the child record being created for visibility.
Initially I tried to pass the Parent Row_Id from applet as a profile, but this fails when there are no records in the child applet, ie this.BusComp().ParentBusComp().GetFieldValue returns "This operation is invalid when there are no records present" as the "this" context is unavailable.
Any suggestions?
I was able to achieve the desired with the below code
sId = TheApplication().ActiveBusObject().GetBusComp("Q").ParentBusComp().GetFieldValue("Id");
if(this.BusComp().CountRecords() > 0)
{
sA = TheApplication().ActiveBusObject().GetBusComp("Q").GetFieldValue("A");
sB = TheApplication().ActiveBusObject().GetBusComp("Q").GetFieldValue("B");
}
sEntity = TheApplication().ActiveBusObject().GetBusComp("Q").Name();
It is for these reasons that Siebel provides Pre-Default settings at the Business Component Field level. If you wish to do this entirely through scripting, you will have to find the Active context, you have to know which BC is the parent.
Lets say you know that the Parent BC has to be Account. So
ActiveBusObject().GetBusComp("Account").GetFieldValue("Id") will give you the row id of the currently selected Account BC record. But do make sure that this script fires only in this context. So check the ActiveViewName to check this.
if(TheApplication().GetProfileAttr("ActiveViewName")=="Custom View")
{
//put the scripting here.
}
Provisioning API provided "directOnly" parameter to control range of groups when retrieving gropus that user belongs to. I supposed to migrate Admin SDK from Provisioning API, but I didn't find way to retrive groups for user with directOnly=false. How do I do it using Directory API?
I implemented following(pseudo language) because I couldn't find way to do.
But I think this is not efficient way.
I want to know is there any plan for "directOnly=false".
// 1. List all groups in domain
allGroupsInDomain = ... // "List all groups in domain"
// 2. List all members for each groups
allMembersForGroup = {}
for (group in allGroupsInDomain) {
allMembersForGroup[group] = ... // "List all members for group"
}
// 3. List all users in domain
allUsersInDomain = "List all users in domain"
// 4. List all groups for user(direct only)
allGroupsForUser = {} // I want to get this for all users
for (user in allUsersInDomain) {
directGroupsForUser = ... // "List all groups for user(direct only)"
for (group in directGroupsForUser) {
allGroupsForUser[user].add(group);
allGroupsForUser[user].add(searchAncestorsOf(group));
}
}
// 5. Calculate all groups for user contains not directly group using results of (1,2,3,4)
function searchAncestorsOf(group) {
ancestors = []
for (group_ in allGroupsInDomain) {
if (group_.hasMember(group)) {
ancestors.add(group_);
ancestors.add(searchAncestorsOf(group_));
}
}
return ancestors;
}
https://developers.google.com/google-apps/provisioning/#retrieving_all_groups_for_a_member
https://developers.google.com/admin-sdk/directory/v1/reference/groups/list
There is no single API call method to get a user's direct and indirect group memberships currently available with Admin SDK. The quickest method I can think of for a few users would be:
Get all direct membership groups for a user with members.list and the userKey parameter.
For each group the user is a direct member of, determine if that group is a member of other groups again by using members.list with the userKey being each group this time instead of the user. If the group is a member of another group, then the user would be an indirect member of the given group.
I am trying to create an EventReceiver for a blog site (for the Posts list) and am having some trouble getting it working. I want to change the Created By column to Anonymous. Basically I have this whole thing working in a console application, however, that will only change the Created By column names when the console application is executed.
I need it to change the Created By whenever a new item is added to the list. My code is below....how do I modify this to use in an EventReceiver project??? Since I already tell the EventReceiver project the URL I want the EventReceiver attached to, I'm not sure what I can remove from this code, right now it just doesn't do anything, no error and no changing of the Created By column when I debug.
using (SPSite site = new SPSite("http://test-sharepoint/subsite/"))
{
using (SPWeb web = site.OpenWeb())
{
SPList list = web.Lists["Posts"];
SPListItemCollection listItemCollection = list.Items;
foreach (SPListItem listItem in listItemCollection)
{
SPFieldUserValue userName = new SPFieldUserValue(web, 22, "Anonymous");
listItem["Author"] = userName;
listItem["Editor"] = userName;
listItem.Update();
}
web.Update();
}
}
EDIT: Code is in ItemAdded method
EDIT #2: This is trying the same code except without the loop and using properties.ListItem, this was my attempt in a Event Recevier project but no luck. It just doesn't change the Created By field, or any field for that matter (I tried the Title as well)
SPSite site = new SPSite("http://test-sharepoint/subsite/");
SPWeb web = site.OpenWeb();
SPFieldUserValue userName = new SPFieldUserValue(web, 22, "Anonymous");
properties.ListItem["Author"] = userName;
properties.ListItem["Editor"] = userName;
properties.ListItem.Update();
*Also from my understanding the SPFieldUserValue will grab either a User or a SharePoint User Group (Permissions) so in my code, the 22 grabs the SharePoint User Group that I want and "Anonymous" is the user from that group...
EDIT #3: More progress, this code works without issues for a list, however, not for the Posts or Comments lists, for those it does not change the Created By field. Could it be because of the approve/reject for all items??? Whether approved orpending it still does not show annonymous, BUT like I mentioned, it works fine in a different list.
public override void ItemAdded(SPItemEventProperties properties)
{
base.ItemAdded(properties);
SPSite site = new SPSite("http://test-sharepoint/hr/blog/"); //SPContext.Current.Site;
SPWeb web = site.OpenWeb();
SPFieldUserValue userName = new SPFieldUserValue(web,22,"Anonymous");
SPListItem currentItem = properties.ListItem;
//currentItem["Title"] = userName; //DateTime.Now.ToString();
currentItem["Author"] = userName;
currentItem["Editor"] = userName;
currentItem.SystemUpdate();
}
**EDIT #4: Alright I found my issue, when creating the project I chose Custom List as my list to attach to but I needed to choose Posts or Comments and now the above code works!!!
But now I have another problem, all posts on the blog are first submitted for approval...and due to this the event receiver doesn't seem to work for users other than the admin. It works fine for the admin account where I can just directly publish a post or comment but for a user with Contribute permissions whose posts are submitted for approval still shows their name on the Manage Posts page...what could I do about this? Any ideas?**
The code that works:
public override void ItemAdded(SPItemEventProperties properties)
{
base.ItemAdded(properties);
SPSite site = new SPSite("http://test-sharepoint/hr/blog/"); //SPContext.Current.Site;
SPWeb web = site.OpenWeb();
SPFieldUserValue userName = new SPFieldUserValue(web, 23, "Anonymous");
SPListItem currentItem = properties.ListItem;
currentItem["Author"] = userName;
currentItem["Editor"] = userName;
currentItem.SystemUpdate();
}
In response to edit #4, when working with SharePoint, if code works when executed by the administrator account, but does not work when executed by a "normal" account, permissions are likely to blame.
See the answer to the question SharePoint/WSS: Modify “created by” field? for an example of an SPItemEventReceiver that modifies the Author field.
Note: Many SharePoint developers recommend against the use of RunWithElevatedPrivileges and suggest using impersonation instead. See my answer to the question In which situation use SPSecurity.RunWithElevatedPrivileges with superusertoken? for more details.