Thursday, 28 April 2016

Add or Remove Item Level Permission in SharePoint using CSOM

In this article I am going to write C# code sample to Add or Remove Item Level Permissions using CSOM (Client Object Model). Sometimes we might have a business requirement to give read permission for some users on certain document item and give write permission to other users on the same list item. To achieve this need, we need to add explicit permission for the particular list item. To add unique permission, first we need to stop inheriting permissions (break the inheritance) of the particular document item.

Set Item Level Permission in SharePoint Online:

The following CSOM based c# code first removes the inheritance of a list item and grant unique permission.
public static void AddItemLevelPermissions()
{
    string sitrUrl = "https://sptenant.sharepoint.com/sites/contosobeta";
    using (var ctx = new ClientContext(sitrUrl))
    {
        var web = ctx.Web;
        ctx.Load(ctx.Web, a => a.Lists);
        ctx.ExecuteQuery();

        List list = ctx.Web.Lists.GetByTitle("TestDocLibrary");
        string itemName = "TestFile.txt";
        CamlQuery camlQuery = new CamlQuery();
        camlQuery.ViewXml = "" +itemName +
            "";
        var listItems = list.GetItems(camlQuery);
        ctx.Load(listItems, a => a.Include(i => i.HasUniqueRoleAssignments));
        ctx.ExecuteQuery();

        foreach (var listItem in listItems)
        {
            if (!listItem.HasUniqueRoleAssignments)
            {
                listItem.BreakRoleInheritance(false, false);
                ctx.ExecuteQuery();
            }
            var roleAssignments = listItem.RoleAssignments;            
            //var user_group = web.SiteGroups.GetByName("Site Members");
            var user_group = web.SiteUsers.GetByLoginName("i:0#.f|membership|admin@sptenant.onmicrosoft.com");
            var roleDefCol = new RoleDefinitionBindingCollection(ctx);
            // Add Role Definition i.e Full Controls, Contribute or Read rights etc..
            roleDefCol.Add(web.RoleDefinitions.GetByType(RoleType.Contributor));
            roleAssignments.Add(user_group, roleDefCol);
            ctx.Load(roleAssignments);
            listItem.Update();                    
            ctx.ExecuteQuery();
        }
    }
}

Remove/Delete Item Level Permission:

You can use the following c# code to remove permission if you no longer need an unique permission on particular list item.
public static void RemoveItemLevelPermission()
{
    string sitrUrl = "https://sptenant.sharepoint.com/sites/contosobeta";
    using (var ctx = new ClientContext(sitrUrl))
    {
        var web = ctx.Web;
        ctx.Load(ctx.Web, a => a.Lists);
        ctx.ExecuteQuery();

        List list = ctx.Web.Lists.GetByTitle("TestDocLibrary");
        string document = "TestFile.txt";
        CamlQuery camlQuery = new CamlQuery();
        camlQuery.ViewXml = "" + document + "";

        var items = list.GetItems(camlQuery);
        ctx.Load(items);
        ctx.ExecuteQuery();
        foreach (var item in items)
        {
            //var user_group = web.SiteGroups.GetByName("Site Members");
            var user_group = web.SiteUsers.GetByLoginName("i:0#.f|membership|admin@sptenant.onmicrosoft.com");
            item.RoleAssignments.GetByPrincipal(user_group).DeleteObject();
            ctx.ExecuteQuery();
        }
    }
}

Delete All Unique Permissions:

Sometimes you may want to remove all the explicit permissions from a list item and reset broken inheritance (recover inheritance). In this case, you can use the following csom code to delete all unique permissions and reset broken inheritance.
public static void ResetRoleInheritanceInListItem()
{
    string sitrUrl = "https://sptenant.sharepoint.com/sites/contosobeta";
    using (var ctx = new ClientContext(sitrUrl))
    {
        var web = ctx.Web;
        ctx.Load(ctx.Web, a => a.Lists);
        ctx.ExecuteQuery();                

        List list = ctx.Web.Lists.GetByTitle("TestDocLibrary");
        string document = "TestFile.txt";
        CamlQuery camlQuery = new CamlQuery();
        camlQuery.ViewXml = "" + document + "";

        var items = list.GetItems(camlQuery);
        ctx.Load(items);
        ctx.ExecuteQuery();
        foreach (var item in items)
        {
            item.ResetRoleInheritance();
            ctx.ExecuteQuery();
        }
    }
}

Advertisements
Advertisements

No comments:

Post a Comment