Working with unique SharePoint 2010 list item security
For about some time I have been working on a SharePoint 2010 solution where I need to heavily customize SharePoint EditItem form. Not a big deal, I created a custom rendering template. I also have a custom Save button that has to perform some additional field setting. One thing that my SPList has to have is a WriteSecurity=2 . WriteSecurity is a new property in SharePoint 2010 allowing your users to create new items in a list but edit ONLY their own.
In my solution I had to respect that notion but I also had to allow administrative users to be able to overwrite this restriction.
So in efforts to do that I created my own custom Save button and overwrote it`s SaveItem() function and elevated permissions on base.SaveItem()
Well, SharePoint didn`t like that idea. The problem was with the fact that item context was transfered from the parent SPWeb which already was opened under the context of the existing user (non-admin) and my list item was convinced that there was no elevation done at the time of saving the item.
One solution that I found working is to create new SPSite, SPWeb objects and get a hold of the list. Once I have an item in question I would pass base.ItemContext.ListItem to it and all of the user entered data would get transfered the new SPListItem object that was now under my control. My save operation succeeded.
Here is how my code looked like:
protected override bool SaveItem()
{
bool saveResult = false;
SPSecurity.RunWithElevatedPrivileges(delegate
{
SPSite site = new SPSite(Constants.LocalSiteCollection);
SPWeb web = site.OpenWeb();
SPList list = web.Lists["MyList"];
web.AllowUnsafeUpdates = true;
SPListItem item = base.ItemContext.ListItem;
/// …. other updates to SPListItem …
item.SystemUpdate();
saveResult = true;
base.RedirectUrl = SPContext.Current.Web.Url;
web.Dispose();
site.Dispose();
});
return saveResult;
}
Enjoy!
