Sivarajan's Blog

SharePoint | Office 365 | Azure | JavaScript

How to enable page level permission in SharePoint 2013

Overview

Currently I am working a internet facing site using SharePoint 2013 with the mixed contents (secured and unsecured). In my earlier post, I have explained on how to enable the mixed authentications (Windows and Custom FBA). In this post, we will see that how to enable the permissions at item level / page level.

In Site Pages list, all the pages will be available to every user groups. Instead of that, we will see here on how to show or hide the pages based on user groups.

1. Create two groups “Parents” and “Students” and added few users in that groups for testing purpose.

05-05-2013-01

 

 

 

 

2. Create the new Wiki library “AuthPages” and create the few pages. For example, I have created the pages like “StudentPage1.aspx”, “ParentPage1.aspx” and “CommonPage.apsx”.

3. Create a SharePoint 2013 Empty solution

4. Add the new feature called “PageLevelPermission” and also add the event receiver for your feature.

5. Add the below method to remove all the item level permissions from the “AuthPages” list.

private static void RemoveAllPermissions(SPListItem CurrentlistItem)
        {
            CurrentlistItem.BreakRoleInheritance(true);

            SPRoleAssignmentCollection SPRoleAssColn = CurrentlistItem.RoleAssignments;
            for (int i = SPRoleAssColn.Count - 1; i >= 0; i--)
            {
                SPRoleAssColn.Remove(i);
            }
        }

 

7. Like that use the below method to enable the item level permission to your list.

private static void GrantPermission(SPListItem CurrentListItem, SPWeb oSPWeb, SPRoleType SPRoleType, SPPrincipal SPPrincipal)
        {
            SPRoleDefinition oSPRoleDefinition = oSPWeb.RoleDefinitions.GetByType(SPRoleType);

            SPRoleAssignment oSPRoleAssignment = new SPRoleAssignment(SPPrincipal);
            
            oSPRoleAssignment.RoleDefinitionBindings.Add(oSPRoleDefinition);
            
            CurrentListItem.RoleAssignments.Add(oSPRoleAssignment);
            
            CurrentListItem.Update();            
        }

6. Then Remove the access for “Anonymous User” group. This is will applicable if you enabled anonymous access for your site.

 

  1. list.BreakRoleInheritance(true);
  2.                     list.AnonymousPermMask64 = SPBasePermissions.EmptyMask;

7. Final code for apply the permission

public override void FeatureActivated(SPFeatureReceiverProperties properties)
        {
            if (properties.Feature.Definition.Scope == SPFeatureScope.Site)
            {
                SPWeb currentWeb = ((SPSite)properties.Feature.Parent).OpenWeb();

                if (currentWeb != null)
                {
                    string[] studentPages = new string[]{"CommonPage.aspx","StudentPage1.aspx"};
                    string[] parentPages = new string[] { "CommonPage.aspx", "ParentPage1.aspx" };

                    SPList list = currentWeb.Lists["AuthPages"];

                    //Remove the existing permissions
                    foreach (SPListItem item in list.Items)
                    {
                        RemoveAllPermissions(item);
                    }

                    //Break the permission to hide the list for Anonymous users.
                    //The AuthPages will be available for authenticated users.
                    list.BreakRoleInheritance(true);
                    list.AnonymousPermMask64 = SPBasePermissions.EmptyMask;

                    if (currentWeb.SiteGroups["Students"] != null && currentWeb.SiteGroups["Parents"] != null)
                    {
                        //Add the new permissions
                        foreach (SPListItem item in list.Items)
                        {
                            if (studentPages != null && studentPages.Contains(item.Name))
                                GrantPermission(item, currentWeb, SPRoleType.Reader, currentWeb.SiteGroups["Students"]);

                            if (parentPages != null && parentPages.Contains(item.Name))
                                GrantPermission(item, currentWeb, SPRoleType.Reader, currentWeb.SiteGroups["Parents"]);
                        }
                    }
                }
            }

 

8. Login the system using credentials for “Students” or “Parents” and just try to access the pages. If you are login as "Students”, you can not access the “ParentPage1.aspx”.

Conclusion

In my previous post, we saw that how to create the site with mixed mode authentication and here we saw that how to provide the page level (item level) permission to list. Even though, some one can able to access the “Site Contents”, “Lists and Libraries”. In the next post, we will see that how to control this based on Groups.

Add comment

Loading