0

I am working on supporting code in a custom event receiver developed about 6 years ago... There was no source code, so we had to reflect the production assembly, and are working on cleaning it up before working.

In the code, I came across this, and I can't tell why it would be done, and I don't know enough about SharePoint to be able to know if there is a reason it has to be done this way, or if the original coder was an idiot (both are possible...)

public override void ItemAdded(SPItemEventProperties properties)
{
    Trace.WriteLine("ItemAdded() invoked.");
    base.DisableEventFiring();
    base.ItemAdded(properties);

    try
    {
        SPContext context = SPContext.GetContext(properties.OpenWeb());
        SPUserToken userToken = context.Site.SystemAccount.UserToken;

        using (SPSite site = new SPSite(context.Site.ID, userToken))
        using (SPWeb web = site.OpenWeb(context.Web.ID))
        {
            SPListItem listItem = null;
            try
            {
                listItem = web.GetListItem(properties.ListItem.Url);
                web.AllowUnsafeUpdates = true;
            }
            catch
            {
                Trace.WriteLine("No Url properties, we must be running in CLI mode. Exiting...");
            }
            if (listItem != null)
            {
                SPList parentList = listItem.ParentList;
                listItem = parentList.GetItemById(properties.ListItemId);
            }
            ...
        }
    }
    catch (Exception ex)
    {
        Trace.WriteLine(ex.ToString());
    }
    finally
    {
        base.EnableEventFiring();
    }
}

It just seems like this is getting the SPListItem by multiple ways, when it is passed in in the properties object... Same for the Website.. So, I guess my question is since they end up just getting the List item by the properties anyways through the list, is there really any reason to go through all the other checks/methods to just throw the value away in the end?

4

1 回答 1

1

不同之处在于它没有使用当前用户的凭据获取列表项;它使用系统帐户的凭据来获取它。

系统帐户可能对当前用户没有的列表项具有权限。

也就是说,肯定有更简单的方法来获取列表项,没有理由像这样多次获取它,即使获取一次可能是合适的。

于 2013-09-13T14:13:24.417 回答