Second Life of a Hungarian SharePoint Geek

March 16, 2014

How to Push Down Permissions to the Content of a SharePoint Site / List

Filed under: Security, SP 2010 — Tags: , — Peter Holpar @ 21:32

Assume you find out (for example, using the methods I provided you earlier) that you have a SharePoint site or a list that contains content (subweb, folders, documents or items) and would like to reset the permissions explicitly set of any content, and let the permissions set on your site / list to be inherited down. In this post I would like to share a code that make it easy.

First, you need the extension methods we defined earlier. However, we saw that the methods utilized by the SharePoint UI to check if a web site has any content do not provide you the right information (see the notes in the previous post). So next we introduce a new extension method:

  1. internal static bool HasSubItemWithUniquePermissionsEx(this SPWeb web)
  2. {
  3.     bool result = false;
  4.  
  5.     if (web != null)
  6.     {
  7.         if (web is SPWeb)
  8.         {
  9.             result = web.GetWebsAndListsWithUniquePermissions().Any(p => p.HasUniqueRoleAssignments);
  10.         }                
  11.     }
  12.  
  13.     return result;
  14. }

Assuming we have a Windows console application, I’ve added these instance methods to the class Program:

  1. private void InheritPermissionsDown(SPSecurableObject securable)
  2. {
  3.     if (securable is SPWeb)
  4.     {
  5.         this.InheritPermissionsDown((SPWeb)securable);
  6.     }
  7.     else if (securable is SPList)
  8.     {
  9.         this.InheritPermissionsDown((SPList)securable);
  10.     }
  11. }
  12.  
  13. private void InheritPermissionsDown(SPWeb web)
  14. {
  15.     try
  16.     {
  17.         SPWeb rootAsWeb = this.Securable as SPWeb;
  18.         // if it is not the root of the current inheritance,
  19.         // then we should reset the permissions here as well
  20.         if ((rootAsWeb != null) && (rootAsWeb.ID != web.ID))
  21.         {
  22.             if (web.HasUniqueRoleAssignments)
  23.             {
  24.                 // to avoid error 'There are uncommitted changes on the SPWeb object, call SPWeb.Update() to commit the changes before calling this method.'
  25.                 web.Update();
  26.                 web.ResetRoleInheritance();
  27.             }
  28.         }
  29.  
  30.         foreach (SPList list in web.Lists)
  31.         {
  32.             InheritPermissionsDown(list);
  33.         }
  34.     }
  35.     catch (Exception ex)
  36.     {
  37.         // TODO: Add error handling here
  38.     }
  39.     finally
  40.     {
  41.         foreach (SPWeb subWeb in web.Webs)
  42.         {
  43.             // we use the HasSubItemWithUniquePermissionsEx method here, to hadle
  44.             // the shortage of the GetWebsAndListsWithUniquePermissions method
  45.             // for further info see Note 2 in https://pholpar.wordpress.com/2014/03/01/how-to-check-from-code-if-a-sharepoint-site-list-has-content-with-unique-permissions/
  46.             if (subWeb.HasSubItemWithUniquePermissionsEx())
  47.             {
  48.                 InheritPermissionsDown(subWeb);
  49.             }
  50.         }
  51.     }
  52. }
  53.  
  54. private void InheritPermissionsDown(SPList list)
  55. {
  56.     if ((!list.Hidden) && (list.AllowDeletion))
  57.     {
  58.         SPList rootAsList = this.Securable as SPList;
  59.         // if it is not the root of the current inheritance,
  60.         // then we should reset the permissions here as well
  61.         if ((rootAsList != null) && (rootAsList.ID != list.ID))
  62.         {
  63.             if (list.HasUniqueRoleAssignments)
  64.             {
  65.                 list.ResetRoleInheritance();
  66.             }
  67.         }
  68.  
  69.         if (list.HasUniqueRoleAssignments)
  70.         {
  71.             list.ResetRoleInheritance();
  72.         }
  73.  
  74.         if (list.HasSubItemWithUniquePermissions())
  75.         {
  76.             foreach (SPListItem folder in list.Folders)
  77.             {
  78.                 if (folder.HasUniqueRoleAssignments)
  79.                 {
  80.                     folder.ResetRoleInheritance();
  81.                 }
  82.             }
  83.             foreach (SPListItem item in list.Items)
  84.             {
  85.                 if (item.HasUniqueRoleAssignments)
  86.                 {
  87.                     item.ResetRoleInheritance();
  88.                 }
  89.             }
  90.         }
  91.     }
  92. }

And added the property Securable of type SPSecurableObject as well:

private SPSecurableObject Securable { get; set; }

Finally, we can set the value of this property to the site (SPWeb) or list (SPList) whose content we would like to reset with the permissions on the specified site / list, for example, based on a URL value passed through a command line argument, and call the InheritPermissionsDown method as shown below:

  1. static void Main(string[] args)
  2. {
  3.     Program prog = new Program();
  4.     prog.Securable = // set the value to your site / list, for example, based on a parameter from args that contains the URL
  5.     prog.InheritPermissionsDown(prog.Securable);
  6. }

Note: The methods introduced now are no way thread-safe! That means in practice: you should not set the Securable property or invoke the InheritPermissionsDown method on the same object instance as long as the former call has not yet been finished.

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.

%d bloggers like this: