如何通过C#代码更新Sharepoint 2007用户信息列表(UIL)?当以管理员身份登录时,我的代码运行良好,但当以简单用户身份登录时代码会抛出"拒绝访问"错误,因为简单用户无法访问UIL。我需要一些方法让简单的用户在UIL中编辑自己的信息(比如电子邮件)。请帮忙。这很重要。我的代码是这样的:
string var_UserName = myUsername;
string var_newemail = mynewemail@abc.com;
SPSecurity.RunWithElevatedPrivileges(delegate()
{
using (SPSite site = SPContext.Current.Site)
{
SPWeb curWeb = site.OpenWeb();
SPList userList = SPContext.Current.Web.SiteUserInfoList;
StringBuilder queryBuilder = new StringBuilder();
queryBuilder.Append(@"<Query>");
queryBuilder.Append(@"<OrderBy>");
queryBuilder.Append(@"<FieldRef Name='Title' />");
queryBuilder.Append(@"</OrderBy>");
queryBuilder.Append(@"<Where>");
queryBuilder.Append(@"<Eq>");
queryBuilder.Append(@"<FieldRef Name='Title' />");
queryBuilder.Append(@"<Value Type='Text'>" + var_UserName + "</Value>");
queryBuilder.Append(@"</Eq>");
queryBuilder.Append(@"</Where>");
queryBuilder.Append(@"</Query>");
SPQuery query = new SPQuery();
query.Query = queryBuilder.ToString();
SPListItemCollection oSPListItemCollection = userList.GetItems(query);
SPField field = userList.Fields.GetField("E-Mail");
foreach (SPItem item in oSPListItemCollection)
{
if (item["Title"].ToString().ToLower() == Login1.UserName.ToLower())
{
item[field.InternalName] = var_newemail;
curWeb.AllowUnsafeUpdates = true;
item.Update(); //throws error when not logged in as administrator
curWeb.AllowUnsafeUpdates = false;
break;
}
}
}
});
可能想尝试在代码中添加这样的内容:
string usName = null;
SPClaimProviderManager mgr = SPClaimProviderManager.Local;
if (mgr != null)
{
var claim = new SPClaim(SPClaimTypes.UserLogonName,
SPContext.Current.Web.CurrentUser.LoginName,
"http://www.w3.org/2001/XMLSchema#string",
SPOriginalIssuers.Format(SPOriginalIssuerType.Windows));
usName = mgr.EncodeClaim(claim);
so in your code just try adding:
SPSecurity.RunWithElevatedPrivileges(delegate()
{
using (SPSite site = SPContext.Current.Site)
{
**if (site.DoesUserHavePermissions(usName,SPBasePermissions.ViewPages))
{**
SPWeb curWeb = site.OpenWeb();
SPList userList = SPContext.Current.Web.SiteUserInfoList;
StringBuilder queryBuilder = new StringBuilder();
queryBuilder.Append(@"<Query>");
queryBuilder.Append(@"<OrderBy>");
queryBuilder.Append(@"<FieldRef Name='Title' />");
queryBuilder.Append(@"</OrderBy>");
queryBuilder.Append(@"<Where>");
queryBuilder.Append(@"<Eq>");
queryBuilder.Append(@"<FieldRef Name='Title' />");
queryBuilder.Append(@"<Value Type='Text'>" + var_UserName + "</Value>");
queryBuilder.Append(@"</Eq>");
queryBuilder.Append(@"</Where>");
queryBuilder.Append(@"</Query>");
SPQuery query = new SPQuery();
query.Query = queryBuilder.ToString();
SPListItemCollection oSPListItemCollection = userList.GetItems(query);
SPField field = userList.Fields.GetField("E-Mail");
foreach (SPItem item in oSPListItemCollection)
{
if (item["Title"].ToString().ToLower() == Login1.UserName.ToLower())
{
item[field.InternalName] = var_newemail;
curWeb.AllowUnsafeUpdates = true;
item.Update(); //throws error when not logged in as administrator
curWeb.AllowUnsafeUpdates = false;
break;
}
}
}
}
});
问题是:不要使用"context"创建spSite对象,因为它不会使用提升的权限创建对象,而是使用执行此代码的用户的权限创建,这可能会导致异常/错误。所以我只是删除了Context对象,它适用于任何用户。像这样:
string var_UserName = myUsername;
string var_newemail = mynewemail@abc.com;
SPSecurity.RunWithElevatedPrivileges(delegate()
{
using (SPSite site = new SPSite(Page.Request.Url.ToString())) //Change 1
{
SPWeb curWeb = site.OpenWeb();
SPList userList = curWeb.Lists["User Information List"]; //Change 2
StringBuilder queryBuilder = new StringBuilder();
queryBuilder.Append(@"<Query>");
queryBuilder.Append(@"<OrderBy>");
queryBuilder.Append(@"<FieldRef Name='Title' />");
queryBuilder.Append(@"</OrderBy>");
queryBuilder.Append(@"<Where>");
queryBuilder.Append(@"<Eq>");
queryBuilder.Append(@"<FieldRef Name='Title' />");
queryBuilder.Append(@"<Value Type='Text'>" + var_UserName + "</Value>");
queryBuilder.Append(@"</Eq>");
queryBuilder.Append(@"</Where>");
queryBuilder.Append(@"</Query>");
SPQuery query = new SPQuery();
query.Query = queryBuilder.ToString();
SPListItemCollection oSPListItemCollection = userList.GetItems(query);
SPField field = userList.Fields.GetField("E-Mail");
foreach (SPItem item in oSPListItemCollection)
{
if (item["Title"].ToString().ToLower() == Login1.UserName.ToLower())
{
item[field.InternalName] = var_newemail;
curWeb.AllowUnsafeUpdates = true;
item.Update(); //throws error when not logged in as administrator
curWeb.AllowUnsafeUpdates = false;
break;
}
}
}
});