1

We are currently working on a project that involves sharepoint. We have created a template web and that contains specific content that we would like to have duplicated each time we create a new web. We have setup a create web user control running in a webpart. This creates the web from the template, sets up the necessary permissions and adds some features.

The problem:

We would like to have an alert setup for an email-enabled security group DOMAIN\sharepoint. We are using this VB.Net code:

Dim user As SPUser = w.EnsureUser("DOMAIN\sharepoint")
Dim alert As SPAlert = w.Alerts.Add()
alert.User = user
alert.AlertType = SPAlertType.List
alert.List = w.Lists("Information")
alert.Title = w.Title & " - " & alert.Title
alert.Properties("eventtypeindex") = "2"
alert.AlertFrequency = SPAlertFrequency.Daily
alert.Update(False)

This works for users who are domain administrators but does not work for people who only have full control at this site's level. They can however go in and manually add the alert once the site is created. I do not have any problems when creating this with my own login but I am a member of domain admins and thus an administrator of all sharepoint sites. The error the users who have Full Control of this site only gets is an Access Denied error.

Edit: I never really stated what I wanted out of this. I would like to know if there is a way to circumvent this or if I can create an eventReceiver of some sort that for when the web itself is created to add the alert.

EDIT 2:

I have changed the code to the following and now I am getting an error

Dim authorizedCode As SPSecurity.CodeToRunElevated = New SPSecurity.CodeToRunElevated(AddressOf AddAlert)
SPSecurity.RunWithElevatedPrivileges(authorizedCode)

Dim new_site As New SPSite(SPContext.Current.Site.ID, sysToken)
Dim web As SPWeb = new_site.AllWebs(w.ID)
Dim user As SPUser = web.EnsureUser("DOMAIN\sharepoint")
Dim alert As SPAlert = web.Alerts.Add()
alert.User = user
alert.AlertType = SPAlertType.List
alert.List = web.Lists("Information")
alert.Title = web.Title & " - " & alert.Title
alert.Properties("eventtypeindex") = "2"
alert.AlertFrequency = SPAlertFrequency.Daily
alert.Update(False)

Where sysToken is obtained in 

Public Sub AddAlert()
    Dim lolcatKiller As SPSite = New SPSite(SPContext.Current.Site.ID)
    sysToken = lolcatKiller.SystemAccount.UserToken
End Sub

But I am getting the exception

System.Runtime.InteropServices.COMException: The security validation for this page is invalid.

As far as I can tell I am still within the context of the systemuser

Bill Best
  • 165
  • 2
  • 8

3 Answers3

1

There is a circumvention indeed. Wrap the code with RunWithElevatedPrivileges.

Nat
  • 345
  • 1
  • 9
  • 1
    There's also Keith Dahlby's patterns for elevating privileges: http://solutionizing.net/2009/01/06/elegant-spsite-elevation/ – Alex Angas Oct 01 '09 at 09:59
0

for that exception use: web.AllowUnsafeUpdates = true;

0

For SP2010 I was able to fix it by making sure that the placeholder "PlaceholderFormDigest" wasn't inside the hidden placeholders section

These need to be in the page and working:

  <asp:ContentPlaceHolder id="PlaceHolderFormDigest" runat="server">    <SharePoint:FormDigest runat="server" />    </asp:ContentPlaceHolder>    <input type="text" name="__spText1" title="text" style="display:none;" />  <input type="text" name="__spText2" title="text" style="display:none;" />