I have a little code bit that allows you, once you have a permission level defined in your SharePoint site, to change a site/list/item permissions using C#.
As you may or may not know, WSS 3 and MOSS 2007 handles security in 3 levels:
1 - Permission - which cannot be used directly to give access to a user
2 - Permission Level - which can be used to give access to a user or to control a SharePoint group access
3 - SharePoint Group - which is much like a cross site group that handles permission levels and user assignments to a group that can be used in several sites in the same site collection that does not inherit permissions, but share the same contributors/readers etc.
This code allows you to break the permissions inheritance of a site / list / item and assign a user to a permission level on that object only.
So, without further ado, here it is:
public static void CreatePermissions(SPWeb theWeb, string loginName, string roleName, string permissionLevel)
{
try
{
theWeb = new SPSite(theWeb.Site.ID).OpenWeb(theWeb.ID);
theWeb.AllowUnsafeUpdates = true;
SPRoleAssignment roleAssignment = new SPRoleAssignment(loginName, "", roleName, "");
SPRoleDefinition RoleDefinition = theWeb.RoleDefinitions[permissionLevel];
if (!roleAssignment.RoleDefinitionBindings.Contains(RoleDefinition))
roleAssignment.RoleDefinitionBindings.Add(RoleDefinition);
//Check inheritance
if (!theWeb.HasUniqueRoleAssignments)
{
theWeb.BreakRoleInheritance(false);
}
theWeb.RoleAssignments.Add(roleAssignment);
//If user already exists - update its display name
try
{
SPUser user = null;
user = theWeb.Users[loginName];
user.Name = roleName;
user.Update();
}
catch { }
theWeb.Update();
}
catch (Exception exc)
{
}
}
public static void CreatePermissions(SPWeb theWeb, SPListItem ListItem, string loginName, string roleName, string permissionLevel)
{
try
{
theWeb = new SPSite(theWeb.Site.ID).OpenWeb(theWeb.ID);
theWeb.AllowUnsafeUpdates = true;
ListItem = theWeb.Lists[ListItem.ParentList.ID].GetItemById(ListItem.ID);
SPRoleAssignment roleAssignment = new SPRoleAssignment(loginName, "", roleName, "");
SPRoleDefinition RoleDefinition = theWeb.RoleDefinitions[permissionLevel];
if (!roleAssignment.RoleDefinitionBindings.Contains(RoleDefinition))
roleAssignment.RoleDefinitionBindings.Add(RoleDefinition);
//Check inheritance
if (!ListItem.HasUniqueRoleAssignments)
{
ListItem.BreakRoleInheritance(false);
}
ListItem.RoleAssignments.Add(roleAssignment);
ListItem.Update();
}
catch (Exception exc)
{
}
}
public static void CreatePermissions(SPWeb theWeb, SPList list, string loginName, string roleName, string permissionLevel)
{
try
{
theWeb = Utilities.Refresh(theWeb);
SPRoleAssignment roleAssignment = new SPRoleAssignment(loginName, "", roleName, "");
SPRoleDefinition RoleDefinition = theWeb.RoleDefinitions[permissionLevel];
if (!roleAssignment.RoleDefinitionBindings.Contains(RoleDefinition))
roleAssignment.RoleDefinitionBindings.Add(RoleDefinition);
//Check inheritance
if (!list.HasUniqueRoleAssignments)
{
list.BreakRoleInheritance(false);
}
list.RoleAssignments.Add(roleAssignment);
list.Update();
}
catch (Exception ex)
{
}
}