Prev: Portal not crawling wss sites
Next: Search Problems
From: RC on 15 Sep 2006 09:13
I was wondering if anyone could provide an explanation
for the seemingly strange behaviour I see in the
Sharepoint 2007 Object model when retrieving permissions
from a SPListItem.DoesUserHavePermission() call.


Scenario:
=========
Environment: WindowsServer2003/ MOSS2007v3,Beta2(no TR)

[List]CustomList1:
|----> [Folder]Finance: contains {item1, item 2}
| [Permissions]: "SiteOwners"(FullControl),
| "GroupFinance"(ViewList/EditList)
|
|----> [Folder]Assets: contains {item3, item 4}
[Permissions]: "SiteOwners"(FullControl),
"GroupAssets"(ViewList/EditList)

Behaviour Noticed:
==================

When I log to the Site as a "GroupFinance" user, I
notice the correct UI Trimming, ie: "Assets" folder
is not seen and only View/Edit on each folder item
is set. Same with logging in as "GroupAssets" user
(All this is very good and expected).

HOWEVER, when I try to access the Permissions through
the "Sharepoint Object Model", when I cycle through
the list to see the items and the associated permissions,
I see ONLY The Items I expect to see (ie:
Finance {item1, item2} when logged in as a finance type
user,

BUT the permissions are always coming as "FALSE" unless
I set the access to Full Control !

Code:[TestPerm.aspx]: located in _layouts folder
================================================

SPWeb web = SPControl.GetContextWeb(HttpContext.Current);
SPList list = web.Lists["CustomList1"];
SPUser user = web.CurrentUser;

foreach (SPListItem item in list.Items)
{
bool perm = item.DoesUserHavePermissions(user,
SPBasePermissions.ViewListItems);
bool perm1 = item.DoesUserHavePermissions(user,
SPBasePermissions.EditListItems);
bool perm2 = item.DoesUserHavePermissions(user,
SPBasePermissions.EditListItems);
bool perm3 = item.DoesUserHavePermissions(user,
SPBasePermissions.DeleteListItems);
}

Output:
=======
a) For a "Finance User": I see CORRECT ITEMS (item1, item 2)
b) perm = false, perm1 = false, perm2 = false, perm3 = false
(all perms true if I set permission to FULL CONTROL only,
else ALWAYS FALSE -- Which is incorrect and contrary to
what I see in the UI !!)



Could someone tell me what I am missing here?
The UI is surely using the SAME CALLS I am making and it seems
to work...Why is the code not getting the correct permission
levels set??

Any pointers greatly appreciated.
Thanks,
RC

 | 
Pages: 1
Prev: Portal not crawling wss sites
Next: Search Problems