Revoke Permissions from RoleDefinition

I had to revoke some of the permissions of a role definition but there’s no out of the box functionality to do so. After some searching on the web I couldn’t find any suitable methods either.
So I decided to create on myself and thought creating an extension method would be the best option.

/// <summary>
/// Revokes the given permission from the BasePermission set.
/// </summary>
/// <param name="roleDefinition">The role definition.</param>
/// <param name="revokePermission">The permission you want tor revoke.</param>
public static void RevokePermission(this SPRoleDefinition roleDefinition, SPBasePermissions revokePermission)
{
	// Remove space, because BasePermissions contains spaces between entries
	string originalPermissionsString = roleDefinition.BasePermissions.ToString().Replace(" ", "");
 
	// Split orignal permission entries
	string[] originalPermissions = originalPermissionsString.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries);
	roleDefinition.BasePermissions = new SPBasePermissions();
 
	foreach (string originalPermission in originalPermissions)
	{
		if (originalPermission == revokePermission.ToString())
			continue;
 
		SPBasePermissions newPermission = (SPBasePermissions)Enum.Parse(typeof(SPBasePermissions), originalPermission);
 
		roleDefinition.BasePermissions = roleDefinition.BasePermissions | newPermission;
	}
}

After implementing this extension into your project/solution/class you can now revoke permissions from your permission set like this.

SPRoleDefinition roleDefinition = web.RoleDefinitions["YourRoleDef"];
roleDefinition.RevokePermission(SPBasePermissions.BrowseUserInfo);
roleDefinition.Update();

Tags: , ,

categories Development, SharePoint | Dolf | datetime 30 July, 2010 10:21

No Comments

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a comment

WordPress Themes