2

I have a problem with user permission of users which are programmatically added to Sharepoint 2013 group using Client Object Model. The web application allows anonymous, but I also have a document library "Teacher Documents" with contribute permission only to a certain group (let's say "Teachers"), and I have added the user to the site's default member too (let's say "School Members"). The code works fine and the user was successfully added to both groups.

While it did look OK and the username was listed as the member of the groups, they still cannot contribute. When I checked, they do have the anonymous access on the document library but not the Contribute permission. Here's my code:

public static string AddUserToGroup(string siteURL, string groupName, string userName, string name, string email, NetworkCredential impersonateCredential)
{
    try
    {
        ClientContext context = new ClientContext(siteURL);
        context.Credentials = impersonateCredential;

        Group oGroup = null;

        oGroup = context.Web.SiteGroups.GetByName(groupName);

        context.Load(oGroup);
        bool groupExists = false;

        try
        {
            context.ExecuteQuery();
            groupExists = true;
        }
        catch { }

        if (groupExists)
        {
            UserCreationInformation userCreationInfo = new UserCreationInformation();
            userCreationInfo.Email = email;
            userCreationInfo.LoginName = userName;
            userCreationInfo.Title = name;

            bool userExists = false;

            try
            {
                User checkUser = oGroup.Users.GetByLoginName(userName);
                context.Load(checkUser);
                context.ExecuteQuery();
                userExists = true;
            }
            catch { }

            if (!userExists)
            {
                User oUser = oGroup.Users.Add(userCreationInfo);
                context.ExecuteQuery();
            }
        }
        else
        {
            return "No associated group assigned";
        }

        return "Member " + userName + " has been added to group.";
    }
    catch (Exception ex)
    {
        return ex.Message.ToString();
    }
}

And here's how I call it:

string siteURL = "http://spfe01.gilang.com/";
string username = "spfe01\\budi.utomo";
string name = "Budi Utomo";
string email = "budi.utomo@spfe01.gilang.com";

NetworkCredential impersonateCredential = new NetworkCredential("username", "password", "spfe01");

AddUserToGroup(siteURL, "Teachers", username, name, email, impersonateCredential));

(You can test it on a console application)

It worked, the user was added to "Teachers", but no permission on "Teacher Documents" document library. Adding the user to the admin group "School Owners" with full control on the site did not work either.

EDIT: In my case, I have added the group manually to the document library, and users that are added manually to the group are granted permissions and allowed to contribute. By manually I mean using the standard "Permissions" function of the Sharepoint on the web browser.

ekad
  • 14,436
  • 26
  • 44
  • 46
Gilang Bhagaskara
  • 65
  • 1
  • 8

1 Answers1

0

Actually, did you break the inheritance?

Most probably, the folder and file inherit the permission of the main folder

Here is my code:

caml = new Microsoft.SharePoint.Client.CamlQuery();

caml.ViewXml = @"Caml to get the file";

items = objList.GetItems(caml);

clientContext.Load(items);

clientContext.Credentials = new NetworkCredential("LoginID", "LoginPW", "LoginDomain");

clientContext.ExecuteQuery();

item = items[0];

item.BreakRoleInheritance(true, true);

clientContext.ExecuteQuery();
Tony Wu
  • 1,040
  • 18
  • 28