My sceanrio was, that I wanted to implement a solution for running to set item permissions on a sharepoint list item. You need elevated privileges to do that if you are not an admin. Usually, in the ItemAdded event reciever you do it like so:
var item = properties.ListItem;
var web = properties.web;
SPSecurity.RunWithElevatedPrivileges(delegate()
{
using (SPSite oSite = new SPSite(web.Site.Url))
{
using (SPWeb oWeb = oSite.OpenWeb())
{
SPList oList = oWeb.Lists.GetList(item.ParentList.ID, false);
SPListItem oItem = oList.Items.GetItemById(item.ID);
oItem.BreakInheritedRights();
SetRights(oWeb, oItem);
oItem.Update();
}
}
});
You get the item and the web from the event properties. But in the delegate you must get a new instance of the web, the list and the item because the outside references are running in the low privileges context. The Method BreakInheritedRights is an extender that calls BreakRoleInhreitance on the item and removes all current RoleAssignments. The not shown method SetRights sets the actual rights to the item. I needed to do this for several lists and the above code was to obscure and hard to understand. So I decided to implement it something like that:
var item = properties.ListItem;
var web = properties.web;
SecurityHelper.RunWithElevatedPrivileges()
.OnSite(web.Site.Url)
.OnListItem(item.ParentList.ID, item.ID)
.Execute(setItemPermissions);
This seemed to be more readable to me. So I was in the lucky situation that this functionality was enterly new. So I have choosen the easiest way to do it: by creating a set of classes to build up your langauage. So I came up with the following set of classes:
public class SecurityHelper
{
public static SecurityHelper RunWithElevatedPrivileges() { ... }
public RunWithElevatedPrivilegesSiteContext OnSite(string url) { ... }
}
public class RunWithElevatedPrivilegesSiteContext
{
public void Execute(Action<SPWeb> actionToRunElevated) { ... }
public RunWithElevatedPrivilegesListItemContext OnListItem(Guid listId, int itemId) { ... }
}
public class RunWithElevatedPrivilegesListItemContext
{
public void Execute(Action<SPWeb, SPListItem> executeOnListItem) { ... }
}
The static RunWithElevatedPrivileges method is the entry point. It allows us by calling the OnSite-Method to create a site context to execute elevated code, modeled throug the class RunWithElevatedPrivilegesSiteContext which gets passed in the site url. Using its Execute-Method we can run elevated code that only needs the web. If you want a list item to be in context, you have to call the OnListItem-Method to get a RunWithElevatedPrivilegesListItemContext instance. This allows you to pass in a callback expecting web and list item. This will be obtained by the Execute-Method in the following way:
public void Execute(Action<SPWeb, SPListItem> executeOnListItem)
{
SPSecurity.RunWithElevatedPrivileges(delegate()
{
using (SPSite site = new SPSite(_siteUrl))
{
using (SPWeb web = site.OpenWeb())
{
SPList list = web.Lists.GetList(_listId, false);
SPListItem item = list.Items.GetItemById(_itemId);
executeOnListItem(web, item);
}
}
});
}
If things get more complex, you shoud prefer to define interfaces that define your language an implement them on your classes or you can use extensions methods like in LINQ.
Have a fluid coding!