0

如何通过 C# 代码更新 Sharepoint 2007 用户信息列表 (UIL)?我的代码在以管理员身份登录时工作正常,但是当以简单用户身份登录时,代码会抛出“拒绝访问”错误,因为简单用户无法访问 UIL。我需要一些方法让简单的用户在 UIL 中编辑他自己的信息(比如 EMAIL)。请帮忙。这很重要。我的代码是这样的:

string var_UserName = myUsername;
string var_newemail = mynewemail@abc.com;
SPSecurity.RunWithElevatedPrivileges(delegate()
                {
                    using (SPSite site = SPContext.Current.Site)
                   {
                        SPWeb curWeb = site.OpenWeb();

                        SPList userList = SPContext.Current.Web.SiteUserInfoList;
                        StringBuilder queryBuilder = new StringBuilder();
                        queryBuilder.Append(@"<Query>");
                        queryBuilder.Append(@"<OrderBy>");
                        queryBuilder.Append(@"<FieldRef Name='Title' />");
                        queryBuilder.Append(@"</OrderBy>");
                        queryBuilder.Append(@"<Where>");
                        queryBuilder.Append(@"<Eq>");
                        queryBuilder.Append(@"<FieldRef Name='Title' />");
                        queryBuilder.Append(@"<Value Type='Text'>" + var_UserName + "</Value>");
                        queryBuilder.Append(@"</Eq>");
                        queryBuilder.Append(@"</Where>");
                        queryBuilder.Append(@"</Query>");
                        SPQuery query = new SPQuery();
                        query.Query = queryBuilder.ToString();
                        SPListItemCollection oSPListItemCollection = userList.GetItems(query);
                        SPField field = userList.Fields.GetField("E-Mail");

                        foreach (SPItem item in oSPListItemCollection)
                        {
                            if (item["Title"].ToString().ToLower() == Login1.UserName.ToLower())
                            {
                             item[field.InternalName] = var_newemail;
                             curWeb.AllowUnsafeUpdates = true;
                             item.Update(); //throws error when not logged in as administrator
                             curWeb.AllowUnsafeUpdates = false;
                             break; 
                            }
                        }

                    }
                });
4

2 回答 2

0

问题是:不要使用“上下文”来创建 spSite 对象,因为它不会创建具有提升权限但具有执行此代码的用户权限的对象,这可能会导致异常/错误。所以我刚刚删除了 Context 对象,它适用于任何用户。宾果游戏 :) 像这样:

string var_UserName = myUsername;
string var_newemail = mynewemail@abc.com;
SPSecurity.RunWithElevatedPrivileges(delegate()
            {
               using (SPSite site = new SPSite(Page.Request.Url.ToString())) //Change 1
               {
                    SPWeb curWeb = site.OpenWeb();

                    SPList userList = curWeb.Lists["User Information List"]; //Change 2
                    StringBuilder queryBuilder = new StringBuilder();
                    queryBuilder.Append(@"<Query>");
                    queryBuilder.Append(@"<OrderBy>");
                    queryBuilder.Append(@"<FieldRef Name='Title' />");
                    queryBuilder.Append(@"</OrderBy>");
                    queryBuilder.Append(@"<Where>");
                    queryBuilder.Append(@"<Eq>");
                    queryBuilder.Append(@"<FieldRef Name='Title' />");
                    queryBuilder.Append(@"<Value Type='Text'>" + var_UserName + "</Value>");
                    queryBuilder.Append(@"</Eq>");
                    queryBuilder.Append(@"</Where>");
                    queryBuilder.Append(@"</Query>");
                    SPQuery query = new SPQuery();
                    query.Query = queryBuilder.ToString();
                    SPListItemCollection oSPListItemCollection = userList.GetItems(query);
                    SPField field = userList.Fields.GetField("E-Mail");

                    foreach (SPItem item in oSPListItemCollection)
                    {
                        if (item["Title"].ToString().ToLower() == Login1.UserName.ToLower())
                        {
                         item[field.InternalName] = var_newemail;
                         curWeb.AllowUnsafeUpdates = true;
                         item.Update(); //throws error when not logged in as administrator
                         curWeb.AllowUnsafeUpdates = false;
                         break; 
                        }
                    }

                }
            });
于 2012-09-06T13:01:33.950 回答
0

可能想尝试在您的代码中添加类似这样的内容:

    string usName = null;
            SPClaimProviderManager mgr = SPClaimProviderManager.Local;
            if (mgr != null)
            {
                var claim = new SPClaim(SPClaimTypes.UserLogonName,
                                        SPContext.Current.Web.CurrentUser.LoginName,
                                        "http://www.w3.org/2001/XMLSchema#string",
                                        SPOriginalIssuers.Format(SPOriginalIssuerType.Windows));
                usName = mgr.EncodeClaim(claim);



so in your code just try adding:

SPSecurity.RunWithElevatedPrivileges(delegate()
                {
                    using (SPSite site = SPContext.Current.Site)
                   {

 **if (site.DoesUserHavePermissions(usName,SPBasePermissions.ViewPages))
{**


                        SPWeb curWeb = site.OpenWeb();

                        SPList userList = SPContext.Current.Web.SiteUserInfoList;
                        StringBuilder queryBuilder = new StringBuilder();
                        queryBuilder.Append(@"<Query>");
                        queryBuilder.Append(@"<OrderBy>");
                        queryBuilder.Append(@"<FieldRef Name='Title' />");
                        queryBuilder.Append(@"</OrderBy>");
                        queryBuilder.Append(@"<Where>");
                        queryBuilder.Append(@"<Eq>");
                        queryBuilder.Append(@"<FieldRef Name='Title' />");
                        queryBuilder.Append(@"<Value Type='Text'>" + var_UserName + "</Value>");
                        queryBuilder.Append(@"</Eq>");
                        queryBuilder.Append(@"</Where>");
                        queryBuilder.Append(@"</Query>");
                        SPQuery query = new SPQuery();
                        query.Query = queryBuilder.ToString();
                        SPListItemCollection oSPListItemCollection = userList.GetItems(query);
                        SPField field = userList.Fields.GetField("E-Mail");

                        foreach (SPItem item in oSPListItemCollection)
                        {
                            if (item["Title"].ToString().ToLower() == Login1.UserName.ToLower())
                            {
                             item[field.InternalName] = var_newemail;
                             curWeb.AllowUnsafeUpdates = true;
                             item.Update(); //throws error when not logged in as administrator
                             curWeb.AllowUnsafeUpdates = false;
                             break; 
                            }
                        }
}

                    }
                });
于 2012-09-04T14:23:06.803 回答