protected void
RemovePermission(string siteUrl)
{
try
{
string userToBeRemoved = txtResourceID.Text.Trim();
if (string.IsNullOrEmpty(userToBeRemoved))
{
lblMessage.Text = "Enter the enterprise
id of the rolled off resource (without '@companyname.com').";
}
else
{
if (userToBeRemoved.Contains("@"))
{
userToBeRemoved =
userToBeRemoved.Split('@')[0];
}
using (SPSite site = new SPSite(siteUrl))
{
using (SPWeb web = site.OpenWeb())
{
web.AllowUnsafeUpdates = true;
SPPrincipal user = web.EnsureUser("Domain_name\\" + userToBeRemoved);
try
{
if
(web.HasUniqueRoleAssignments)
{
SPRoleAssignmentCollection webRollColl =
web.RoleAssignments;
webRollColl.Remove(user);
web.Update();
}
}
catch { }
SPListCollection lists = web.Lists;
foreach (SPList list in lists)
{
try
{
if
(list.HasUniqueRoleAssignments)
{
if (list.BaseTemplate == SPListTemplateType.GenericList || list.BaseTemplate == SPListTemplateType.DocumentLibrary)
{
if (list.Hidden == false || list.IsSiteAssetsLibrary
== false || list.IsApplicationList ==
false)
{
SPRoleAssignmentCollection listRollColl =
list.RoleAssignments;
listRollColl.Remove(user);
list.Update();
}
}
}
}
catch { }
}
SPGroupCollection groupColl = web.Groups;
foreach (SPGroup group in groupColl)
{
try
{
group.Users.Remove("i:0#.w|Domain_name\\" + userToBeRemoved);
group.Update();
}
catch { }
}
}
}
}
}
catch { throw; }
}
Note: webRollColl.Remove(user); will also delete the role assignment for the same user in all lists/items that have unique role assignments. This can be useful to remove permissions for outgoing employees. But, may not be required in all the cases. This cascading effect will slow down a site with too many items.
So, to remove permission only from the site/targeted level use:
foreach (SPRoleAssignment roleAssignment in
web.RoleAssignments)
{
roleAssignment.RoleDefinitionBindings.Remove(roleDef);
roleAssignment.Update();
}
No comments:
Post a Comment