Step by Step: How to Assign Unique Item Permissions in a Task List Using Custom Code

Written by Denis Stadler on . Posted in Custom Development

The business requirements are quite clear in this case:

  • There is a task list that should be used for work assignments management
  • Only the site administrators can modify the task list items
  • The person(s) in the Assigned To field must have the security rights to edit only that item

The solution: a custom event receiver that modifies the item permissions.

Let’s create a new Event Receiver SharePoint project in Visual Studio with the following coordinates: List Item Events as type, Tasks as event source and item added and updated as events to handle.
item-added-item-updated

The second step would be to create a method that sets the permissions as follows: if, for an item, there is at least a name in the Assigned To field, it will break the permissions inheritance chain and give that user contributor rights. Otherwise it will inherit the list permissions.

protected void UpdatePermissions(SPListItem itemCurrent, SPWeb webCurrent)
{
    string strAssignedTo = string.Empty;

    try
    {
	strAssignedTo = itemCurrent["AssignedTo"].ToString();
    }
    catch
    {
	if (itemCurrent.HasUniqueRoleAssignments)
	{
	    itemCurrent.ResetRoleInheritance();

	}

	return;
    }

    //get assigned to
    SPFieldLookupValueCollection colLookUp = new SPFieldLookupValueCollection(strAssignedTo);

    //break permissions and copy roles
    if (itemCurrent.HasUniqueRoleAssignments)
    {
	itemCurrent.ResetRoleInheritance();
    }

    itemCurrent.BreakRoleInheritance(true);

    //add assigned to to roles
    SPRoleDefinition roleDefinition = webCurrent.RoleDefinitions.GetByType(SPRoleType.Contributor);

    foreach (SPFieldLookupValue lv in colLookUp)
    {
	SPUser user = webCurrent.SiteUsers.GetByID(lv.LookupId);

	SPRoleAssignment roleAssigment = new SPRoleAssignment(user);
	roleAssigment.RoleDefinitionBindings.Add(roleDefinition);
	itemCurrent.RoleAssignments.Add(roleAssigment);
    }
}

As a last step, we need to call this procedure from our event class, inside the ItemAdded and ItemUpdated methods.

public override void ItemAdded(SPItemEventProperties properties)
{
	UpdatePermissions(properties.ListItem, properties.Web);
	base.ItemAdded(properties);
}

public override void ItemUpdated(SPItemEventProperties properties)
{
	UpdatePermissions(properties.ListItem, properties.Web);
	base.ItemUpdated(properties);
}

Tags: , , ,

Trackback from your site.

Denis Stadler

I'm a technology enthusiast, with more than 10 years of experience in SharePoint and Dynamics CRM projects. To find more details about, please visit the about me page.

Comments (6)

  • Bjoern H Rapp

    |

    Hi

    Nice sample, but is the if (itemCurrent.HasUniqueRoleAssignments) block really necessary ?

    Reply

    • Denis Stadler

      |

      Just consider an update of the Assigned To field (both cases: changing the value or removing the value).

      Reply

  • Igor Feldman

    |

    Please change the print screen, the Event Receiver needs to be An item was added, not Item being added.

    Thanks :)

    Reply

    • Denis Stadler

      |

      Thanks a lot for the observation. The text of the article was pointing to the right event receiver type.

      Reply

  • Davy

    |

    Does this foreach to add the roles not require an itemCurrent.Update() at the end? Or am I missing something?

    Reply

    • Denis Stadler

      |

      The itemCurrent.Update() is not needed. Just test the code without it.

      Reply

Leave a comment

*