lunes, 30 de enero de 2012

Método SPSecurity.RunWithElevatedPrivileges

Executes the specified method with Full Control rights even if the user does not otherwise have Full Control. A delegate method that is to run with elevated rights. This method runs under the Application Pool identity, which has site collection administrator privileges on all site collections hosted by that application pool.

If secureCode includes any write operations, then the call to RunWithElevatedPrivileges should be preceded by a call of either SPUtility.ValidateFormDigest orSPWeb.ValidateFormDigest

Guid siteId = SPContext.Current.Site.ID;
Guid webId = SPContext.Current.Web.ID;

    using (SPSite site = new SPSite(siteId))
        using (SPWeb web = site.OpenWeb(webId))
            // Your code here

You use SPSecurity.RunWithElevatedPrivileges when you have a piece of code which requires higher privileges than currently logged in user. For example, your code wants to check if current user belongs to "Approvers" group and Approvers group is configured such that only members of Approvers group can see the membership. You will need SPSecurity.RunWithElevatedPrivileges so that code would run even if the code is hit by a person in Visitors group. Another example, list.Update() probably requires more permissions (because it changes the list schema) than item.update() so you may need to use it while calling list.Update() AND you anticipate that your code may run by people other than site owners with full permissions.



No hay comentarios:

Publicar un comentario