Access denied error while creating SPAlert programatically

1
votes

We are using sharepoint 2007

We have created custom page for programatically creating alert.

The issue which we are facing is, If logged in user is Site Collection Administrators then only email is getting triggered.

The users other than Site Collection Administrators who has Full control or contribute access to the site they are getting Access Denied error.

We tried using SPSecurity.RunWithElevatedPrivileges but in that case also Access Denied error is getting.

For below code we are not getting Access Denied error but in this case email is not getting triggered,

SPSecurity.RunWithElevatedPrivileges(delegate()
{
Guid siteId = SPContext.Current.Site.ID;
Guid webId = SPContext.Current.Web.ID;
using (SPSite oSite = new SPSite(siteId))
{
using (SPWeb oWeb = oSite.OpenWeb(webId))
{
oWeb.AllowUnsafeUpdates = true; 
SPUser oUser = oWeb.CurrentUser;
SPUser user = oWeb.EnsureUser(oUser.ToString());
SPList oList = oWeb.Lists[strLibraryName];
SPAlert oAlert = user.Alerts.Add();
oAlert.Filter ="<Eq><FieldRef Name="+strCol+"><Value type='Text'>" + strColValue + "</Value></Eq>";
oAlert.Title = "test alert";
oAlert.AlertType = SPAlertType.List; 
oAlert.EventType = SPEventType.All; 
oAlert.List = oList;
oAlert.AlertFrequency = SPAlertFrequency.Immediate;
oAlert.AlwaysNotify = true;
oAlert.Update(true);
}
}
});

Please let me know what is solution for this or how we can add/remove user to Site Collection Administrators programatically at run time

2
sharepointsharepoint-2007
You might see if oWeb.AllowUnsafeUpdates is required. It depends on what you have in //code to create alert.buck
Hi buck,I have updated the question with create alert code Thanks for taking time to understand the questionRushikesh
One of the problems is with your oUser variable. Since you're inside of the elevated permissions block when you set it, oUser is your app pool account, not the currently logged in user. Maybe try moving the declaration and assignment up above the using statements. That might be the only problem - an alert was being created successfully, but it was for the wrong account and therefore that account didn't receive an email. If all this is inside an event receiver, you can use this line to get the actual user: SPUser user = oWeb.Users.GetByID(properties.CurrentUserId);buck

2 Answers

0
votes

Move the declaration and assignment up above the using statements. I think an alert was being created successfully, but it was for the wrong account and therefore you didn't receive an email. If all this is inside an event receiver, you can use this line to get the actual user:

SPUser user = oWeb.Users.GetByID(properties.CurrentUserId);
0
votes

The problem was with EnsureUser() method hence removing it and posting the working code below.. 

SPSecurity.RunWithElevatedPrivileges(delegate()
{
Guid siteId = SPContext.Current.Site.ID;
Guid webId = SPContext.Current.Web.ID;
using (SPSite oSite = new SPSite(siteId))
{
using (SPWeb oWeb = oSite.OpenWeb(webId))
{
oWeb.AllowUnsafeUpdates = true; 
SPUser oUser = oWeb.CurrentUser;
SPList oList = oWeb.Lists[strLibraryName];
SPAlert oAlert = oUser.Alerts.Add();
oAlert.Filter ="<Eq><FieldRef Name="+strCol+"><Value type='Text'>" + strColValue + "</Value></Eq>";
oAlert.Title = "test alert";
oAlert.AlertType = SPAlertType.List; 
oAlert.EventType = SPEventType.All; 
oAlert.List = oList;
oAlert.AlertFrequency = SPAlertFrequency.Immediate;
oAlert.AlwaysNotify = true;
oAlert.Update(true);
}
}
});