AllowUnsafeUpdates VS RunWithElevatedPrivileges


AllowUnsafeUpdates: If your code modifies Windows SharePoint Services data in some way, you may need to allow unsafe updates on the Web site, without requiring a security validation. You can do by setting the AllowUnsafeUpdates property.

PList list= web.Lists["MyList"];
SPListItemCollection items= list.GetItems();
web.AllowUnsafeUpdates = true;
foreach (SPListItem item in items)
{
     item["Title"] = "New Title";
     item.Update();
}
web.AllowUnsafeUpdates = false;

RunWithElevatedPrivileges : There are certain object model calls model that require site-administration privileges. To bypass access-denied error, we use RunWithElevatedPrivileges property when request is initiated by a nonprivileged user. We can successfully make calls into the object model by calling the RunWithElevatedPrivileges method provided by the SPSecurity class.



SPSecurity.RunWithElevatedPrivileges(delegate()
{
    using (SPSite site = new SPSite(web.Site.ID))
    {
    // implementation details omitted
    }
});

Comments

Post a Comment

Popular posts from this blog

Clearing the Configuration Cache for SharePoint

Clearing the Configuration Cache for SharePoint Perform the below steps on all the servers in the farm. 1. Stop the Timer service Start  ->  services.msc  ->   SharePoint Timer Service  (SPTimerV4) ->  Stop 2. Browse to  %SystemDrive%\ProgramData\Microsoft\SharePoint\Config\GUID Note: The  Program Data  folder is a hidden file There could be more than 2 folders in this location. 3. Open the folder named as GUID’s with ‘-’ (dashed filename for the folder). Example -  1f8c67d2-2cd9-4196-ab1a-d1a2daed2aa7 4. Arrange the files by Type. You would find few xml files and a file named  cache.ini . 5. Delete all files except cache.ini (DO NOT DELETE THIS FILE - cache.ini) 6. Reset cache.ini (If you open this file, you will find a number like this – 3400261. Change the value in cache.ini to 1) 7. Start the Timer service Start  ->  services.msc  ->   SharePoint Timer Service  (SPTimerV4) ->  Start. 8. Note: The file system cache
Read more

SharePoint 2013 REST API CRUD Operations

Image
Introduction  SharePoint   2013 has greatly expanded the REST services available to developers. With this, we have much more SharePoint functionality exposed via JSOM and Web Services .  The goal of this article is to provide how to perform basic create, read, update, and delete (CRUD) operations on lists and list items with the REST services. SharePoint REST endpoint Overview: The following table contains typical REST endpoint URL examples to get you started working with SharePoint data. Prepend http://server/site/_api/ to the URL fragments shown in the table to construct a fully qualified REST URL. Below is a list of the basic commands used to get List Items from a SharePoint List through the SharePoint 2013 REST Services. URL endpoint Description Supported HTTP Method /_api/Web/Lists/ getbytitle('listname') Getting a list details by its title and updating it as well. Ifanyone changes your list title, your code will break. G
Read more

Add List Item Attachments to Task Form using Nintex Workflow and Forms

Image
DECEMBER 19, 2017  ~  NICOLE PRESTBY I had a requirement from a client recently to show all list item attachments on the various task forms in an approval process – which, if you think about it, makes total sense. With any project, we always have a common goal of making the user experience as seamless as possible for our users and approvers. So, why wouldn’t we provide all pertinent information needed (including related documents) to complete the requested review and approval, right there on the task form? I found  a post  on Nintex Connect which walks through meeting this requirement by leveraging  a custom action  created by Nintex Technical Evangelist,  Vadim Tabakman . But, what if you don’t have access to deploy a custom action to your SharePoint environment? In this case, I actually didn’t have access to the client’s server. So, I decided to come up with a solution that would produce a similar outcome, without the need for any custom actions. The Workflow Get Att
Read more