" RunWithElevatedPrivileges":在C#中以编程方式,它不会帮助我允许用户而不用管理List权限将文件上传到sharepoint列表项。我的代码是:
SPSecurity.RunWithElevatedPrivileges(delegate
{
SPWeb web = SPContext.Current.Site;
// my logic to upload file and edit list item attachments.
});
完整代码
protected void btn_Upload_Click(object sender, EventArgs e)
{
StreamWriter sw = new StreamWriter(@"C:\Upload.txt", true);
try
{
if (this.FileUpload1.HasFile)
{
string siteURL = SPContext.Current.Web.Url.ToString();
if (Request["Items"] != null && Request["ListId"] != null)
{
string SelectedItems = Convert.ToString(Request["Items"]);
string[] lstJobsIds = SelectedItems.Split(new string[] { "|" }, StringSplitOptions.None);
SPList list = null;
SPSecurity.RunWithElevatedPrivileges(delegate()
{
//SPSite site = SPContext.Current.Site;
using (SPSite site = new SPSite("http://sitrURL"))
{
using (SPWeb web = site.OpenWeb())
{
// Fetch the List
//list = web.Lists["ListName"];
sw.WriteLine("WEb is :" + web);
list = web.Lists["ListName"];
if (lstJobsIds.Length > 0)
{
////site.AllowUnsafeUpdates = true;
////web.AllowUnsafeUpdates = true;
for (int i = 0; i < lstJobsIds.Length; i++)
{
// Get the List item
if (lstJobsIds[i] != null && lstJobsIds[i] != string.Empty)
{
sw.WriteLine(lstJobsIds[i]);
SPListItem listItem = list.GetItemById(int.Parse(lstJobsIds[i]));
// Get the Attachment collection
SPAttachmentCollection attachmentCollection = listItem.Attachments;
Stream attachmentStream;
Byte[] attachmentContent;
sw.WriteLine(this.FileUpload1.PostedFile);
sw.WriteLine(this.FileUpload1.FileName);
attachmentStream = this.FileUpload1.PostedFile.InputStream;
attachmentContent = new Byte[attachmentStream.Length];
attachmentStream.Read(attachmentContent, 0, (int)attachmentStream.Length);
attachmentStream.Close();
attachmentStream.Dispose();
// Add the file to the attachment collection
attachmentCollection.Add(this.FileUpload1.FileName, attachmentContent);
// Update th list item
listItem.Update();
web.AllowUnsafeUpdates = true;
}
}
//web.AllowUnsafeUpdates = false;
//site.AllowUnsafeUpdates = false;
}
sw.Close();
}
}
});
}
}
}
catch (Exception ex)
{
sw.WriteLine(ex);
sw.Close();
}
}
现在,当用户点击按钮上传文件时,他会获得HTTP Error 403 Forbidden。
那么,如何允许具有限制权限的用户正常执行我的自定义功能?
答案 0 :(得分:4)
你的代码错了。始终在RunWithElevatedPrivileges委托中创建和处置对象。因此,您应该使用“new”关键字在RunWithElevatedPrivileges块中创建新的SPweb实例。
示例:
private void yourFunction()
{
SPSite site = SPContext.Current.Site;
SPWeb web = SPContext.Current.Web;
SPSecurity.RunWithElevatedPrivileges(delegate()
{
using (SPSite ElevatedSite = new SPSite(site.ID))
{
using (SPWeb ElevatedWeb = ElevatedSite.OpenWeb(web.ID))
{
// Code Using the SPWeb Object Goes Here
}
}
});
}
答案 1 :(得分:1)
有时在自定义SharePoint解决方案中,我们需要使用系统帐户权限执行自定义代码,而不是当前登录用户可能没有足够权限执行自定义代码。在这些情况下,我们使用RunWithElevatedPrivileges()方法将系统帐户权限委派给当前登录的用户。
如果当前用户没有执行自定义代码的适当权限,那么他将收到“拒绝访问”错误。要绕过“拒绝访问”错误,我们使用RunWithElevatedPrivileges()方法。
点击以下链接获取更详细的答案