Role-based security model in WSS 3.0 - Part2
Title: Subsites with unique Role Assignments
This is the second article in a series about Role-based security model in WSS 3.0. In part1 , I described the basics about this model and in this part , I am going to explain how to create subsites with unique Role Assignments.
1) First, let's create a subsite:
SPWeb web = SPContext.Current.Web;
SPWebCollection spwc = web.Webs;
SPWeb newweb = spwc.Add(this._txtBoxSiteName.Text.Trim(), this._txtBoxSiteName.Text.Trim(),"This site is created programatically", web.Language, templateCreateWeb,true, false);
newweb.AllowUnsafeUpdates = true;
2) Now we need to break the role assignments for the newly created site :
newweb.BreakRoleInheritance(false);
3) This step is to create 3 custom site groups for Visitors, Members and Owners:
//Setup Custom Owner Site Group
grpOwnersName = newweb.Name + " Owners Group";
newweb.SiteGroups.Add(grpOwnersName, web.AssociatedOwnerGroup, null, string.Format("This group is automatically created from the parent class site:{1}", newweb.Url, newweb.Name));
SPGroup grpOwners = GetSiteGroup(newweb, grpOwnersName);
//Setup Custom Members Site Group
grpMembersName = newweb.Name + " Members Group";
newweb.SiteGroups.Add(grpMembersName, web.AssociatedOwnerGroup, null, string.Format("This group is automatically created from the parent class site:{1}",newweb.Url,newweb.Name));
SPGroup grpMembers = GetSiteGroup(newweb, grpMembersName);
//Setup Custom Visitors Site Group
grpVisitorsName = newweb.Name + " Vistors Group";
newweb.SiteGroups.Add(grpVisitorsName, web.AssociatedOwnerGroup, null, string.Format("This group is automatically created from the parent class site:{1}", newweb.Url, newweb.Name));
SPGroup grpVistors = GetSiteGroup(newweb, grpVisitorsName);
4) In order for SharePoint to recognize our custom groups as the site's associated vistors,members and owners group , you need to update the following properties in your new web bucket:
//Assign Custom Groups To Counterpart Associate Groups
newweb.Properties["vti_associateownergroup"] = grpOwners.ID.ToString();
newweb.Properties["vti_associatemembergroup"] = grpMembers.ID.ToString();
newweb.Properties["vti_associatevisitorgroup"] = grpVistors.ID.ToString();
newweb.Properties["vti_associategroups"] = string.Format("{0};{1};{2}", grpOwners.ID.ToString(), grpMembers.ID.ToString(), grpVistors.ID.ToString()); //show custom groups in the quick launch when users navigate to "People and Groups"
newweb.Properties.Update();
newweb.Update();
5) Now that our custom site groups are properly set up , we need to populate them with the appropriate users. In this example I am getting users from their counterpart group in the parent site:
//Add Users To The Owners Custom Site Group
foreach (SPUser spu in web.AssociatedOwnerGroup.Users)
{
newweb.SiteGroups[grpOwnersName].AddUser(spu);
}
//Add Users To The Members Custom Site Group
foreach (SPUser spu in web.AssociatedMemberGroup.Users)
{
newweb.SiteGroups[grpMembersName].AddUser(spu);
}
6) This is the most important step in which we actually assign the permissions to the groups and as described in part1, we create Role Assignments for doing so:
// Set Permissions For Owners Custom Site Group
groupID = int.Parse(newweb.Properties["vti_associateownergroup"]);
group = newweb.SiteGroups.GetByID(groupID);
if (group != null)
{
assignment = new SPRoleAssignment(group);
role = newweb.RoleDefinitions["Full Control"];
assignment.RoleDefinitionBindings.Add(role);
newweb.RoleAssignments.Add(assignment);
}
// Set Permissions For Owners Custom Site Group
groupID = int.Parse(newweb.Properties["vti_associatemembergroup"]);
group = newweb.SiteGroups.GetByID(groupID);
if (group != null)
{
assignment = new SPRoleAssignment(group);
role = web.RoleDefinitions["Contribute"];
assignment.RoleDefinitionBindings.Add(role);
newweb.RoleAssignments.Add(assignment);
}
After all these steps, result is a sub site that is NOT inheriting its membership from its parent. This site has three sharepoint site groups in it to which you can add more users and manage them independently from its parent site.