「RunWithElevatedPrivileges」共享點

Question

「RunWithElevatedPrivileges」：以編程方式在C＃中，它不幫助我允許用戶沒有管理列表權限將文件上傳到共享點列表項目。我的代碼是：

SPSecurity.RunWithElevatedPrivileges(delegate 
{ 
    SPWeb web = SPContext.Current.Site; 

    // my logic to upload file and edit list item attachments. 
}); 

完整代碼

protected void btn_Upload_Click(object sender, EventArgs e) 
    { 
     StreamWriter sw = new StreamWriter(@"C:\Upload.txt", true); 
     try 
     { 
      if (this.FileUpload1.HasFile) 
      { 
       string siteURL = SPContext.Current.Web.Url.ToString(); 
       if (Request["Items"] != null && Request["ListId"] != null) 
       { 

        string SelectedItems = Convert.ToString(Request["Items"]); 
        string[] lstJobsIds = SelectedItems.Split(new string[] { "|" }, StringSplitOptions.None); 
        SPList list = null; 

        SPSecurity.RunWithElevatedPrivileges(delegate() 
        { 

         //SPSite site = SPContext.Current.Site; 
         using (SPSite site = new SPSite("http://sitrURL")) 
         { 
          using (SPWeb web = site.OpenWeb()) 
          { 
           // Fetch the List 
           //list = web.Lists["ListName"]; 
           sw.WriteLine("WEb is :" + web); 
           list = web.Lists["ListName"]; 

           if (lstJobsIds.Length > 0) 
           { 
            ////site.AllowUnsafeUpdates = true; 

            ////web.AllowUnsafeUpdates = true; 

            for (int i = 0; i < lstJobsIds.Length; i++) 
            { 
             // Get the List item 
             if (lstJobsIds[i] != null && lstJobsIds[i] != string.Empty) 
             { 
              sw.WriteLine(lstJobsIds[i]); 
              SPListItem listItem = list.GetItemById(int.Parse(lstJobsIds[i])); 

              // Get the Attachment collection 
              SPAttachmentCollection attachmentCollection = listItem.Attachments; 
              Stream attachmentStream; 
              Byte[] attachmentContent; 
              sw.WriteLine(this.FileUpload1.PostedFile); 
              sw.WriteLine(this.FileUpload1.FileName); 

              attachmentStream = this.FileUpload1.PostedFile.InputStream; 

              attachmentContent = new Byte[attachmentStream.Length]; 

              attachmentStream.Read(attachmentContent, 0, (int)attachmentStream.Length); 

              attachmentStream.Close(); 
              attachmentStream.Dispose(); 

              // Add the file to the attachment collection 
              attachmentCollection.Add(this.FileUpload1.FileName, attachmentContent); 
              // Update th list item 
              listItem.Update(); 

              web.AllowUnsafeUpdates = true; 

             } 
            } 
            //web.AllowUnsafeUpdates = false; 
            //site.AllowUnsafeUpdates = false; 
           } 


           sw.Close(); 

          } 
         } 
        }); 
       } 

      } 
     } 
     catch (Exception ex) 
     { 
      sw.WriteLine(ex); 
      sw.Close(); 
     } 
    } 

現在，當按鈕用戶通過點擊上傳文件，他得到HTTP Error 403 Forbidden。

那麼，如何讓用戶有限制權限來正常執行我的自定義函數呢？

Answer 1

您的代碼是錯誤的。始終創建並處置RunWithElevatedPrivileges委託內的對象。因此，您應該使用'new'關鍵字在RunWithElevatedPrivileges塊內創建SPweb的新實例。

例子：

private void yourFunction() 
 
{ 
 
     SPSite site = SPContext.Current.Site; 
 
     SPWeb web = SPContext.Current.Web; 
 

 
     SPSecurity.RunWithElevatedPrivileges(delegate() 
 
     { 
 
      using (SPSite ElevatedSite = new SPSite(site.ID)) 
 
      { 
 
        using (SPWeb ElevatedWeb = ElevatedSite.OpenWeb(web.ID)) 
 
        { 
 
         // Code Using the SPWeb Object Goes Here 
 
        } 
 
      } 
 
     }); 
 
}

Answer 2

有時在自定義SharePoint解決方案，我們需要使用比登錄用戶當前可能沒有足夠的權限來執行自定義代碼系統帳戶權限執行自定義代碼。在這些情況下，我們使用RunWithElevatedPrivileges（）方法將系統帳戶權限委託給當前登錄用戶。

如果當前用戶沒有適當的權限來執行自定義代碼，那麼他將得到「訪問被拒絕」錯誤。要繞過「訪問被拒絕」錯誤，我們使用RunWithElevatedPrivileges（）方法。

點擊下方鏈接瞭解更多詳細的解答

http://sharepointbag.com/latest/code-snippets/sharepoint/security/5/how-to-use-run-with-elevated-privileges-(rwep)-in-sharepoint/