Geek Answers Handbook

Why are RunWithElevatedPrivileges not running?

I'm trying to create a web part that will post user comments and save them in a user list, I wrote this code to add a list to the site after adding the web part to the page,

[Guid("c314a0e8-0210-4064-b79e-bfd3594c6083")] public class CommentWriteSpace : System.Web.UI.WebControls.WebParts.WebPart { SPSite site = null; SPWeb web = null; public CommentWriteSpace() { SPSecurity.CodeToRunElevated foo = new SPSecurity.CodeToRunElevated(doit); SPSecurity.RunWithElevatedPrivileges(foo); SPListCollection listCollection = web.Lists; Guid listGuid = listCollection.Add("Comments List", "A list of user comments", SPListTemplateType.GenericList); listCollection[listGuid].Fields.Add("User", SPFieldType.User, true); listCollection[listGuid].Fields.Add("Comment", SPFieldType.Text, true); listCollection[listGuid].OnQuickLaunch = true; listCollection[listGuid].Update(); //this.Page.Request.Url.ToString() } public void doit() { site = SPContext.Current.Site; web = site.OpenWeb(); } }

But the RunWithElevatedPrivileges method RunWithElevatedPrivileges an exception, I assume that this is a permission problem, the exception is the same as when the site.OpenWeb(); method is site.OpenWeb(); without privilege escalation.

What could be the problem?

+3
sharepoint web-parts
source share
4 answers

You see a number of problems:

  • SPSite permissions of objects are determined when they are created, so SPContext.Current.Site will already have the permissions of the current user, even if you get the link in RWEP .
  • Transferring SP objects from an RWEP block RWEP not supported and generally dangerous. If you need to use RWEP, all SPSite and SPWeb objects (and their children) created in this context must be used and located in CodeToRunElevated .
  • Each call to listCollection[listGuid] will create a new SPList that may cause unexpected behavior.

As Dan suggests, RWEP is not the preferred way to do what you are trying to accomplish. Using the extension from the link , it refers, I would rewrite it to look something like this:

 [Guid("c314a0e8-0210-4064-b79e-bfd3594c6083")] public class CommentWriteSpace : System.Web.UI.WebControls.WebParts.WebPart { public CommentWriteSpace() { SPContext.Current.Site.RunAsSystem(UpdateSite); //this.Page.Request.Url.ToString() } public void UpdateSite(SPSite site) { SPWeb web = site.RootWeb; SPListCollection listCollection = web.Lists; Guid listGuid = listCollection.Add("Comments List", "A list of user comments", SPListTemplateType.GenericList); SPList list = listCollection[listGuid]; list.Fields.Add("User", SPFieldType.User, true); list.Fields.Add("Comment", SPFieldType.Text, true); list.OnQuickLaunch = true; list.Update(); } }
+4
source share

You do not need to run SPContext.Current.Site with elevated privileges. Actually, I think that’s why you get the exception. Alternatively, you can also use SPContext.Current.Web instead of site.OpenWeb (). The latter creates a new SPWeb object for which you will be responsible again. SPSite and SPWeb objects from SPContext are automatically deleted when the HTTP request is completed.

+2
source share

I would suggest avoiding using RunWithElevatedPrivileges when interacting with SharePoint objects (where possible, as in your example). You should limit its use when you need to access resources that are outside of SharePoint (for example, a database, file share, etc.).

Here's a great article that offers a very elegant approach to getting elevated privileges in a SharePoint context: http://solutionizing.net/2009/01/06/elegant-spsite-elevation/

+1
source share

Hm. Maybe it will be easier to just run the bulk of your code in anonymous deletion?

 SPSecurity.RunWithElevatedPrivileges(delegate() { // Your code here }

It is probably also better to create an SPList object rather than accessing the collection again. Some of these collections behave a little strange - I think that SPViewCollection creates a new object every time you access it through guid / index!

All this, I agree with Lars - use SPContext.Current.Web

0
source share

More articles:


All Articles