SPC059011: Consider verifying that the user has sufficient permissions when calling List.AddItem() |
Before adding a ListItem in a List, consider verifying that the user has permission to perform that action.
| CheckId | SPC059011 |
|---|---|
| TypeName | CheckHasListItemPermissionsBeforeAdding |
| Severity | Warning |
| Type | Assembly |
Bad Practice
using (ClientContext context = new ClientContext("http://yoursite"))
{
List list = context.Web.Lists.GetByTitle("MyCustomerList");
ListItemCreationInformation itemCreateInfo = new ListItemCreationInformation();
ListItem newItem = list.AddItem(itemCreateInfo);
newItem["Title"] = "My New List Item";
newItem.Update();
context.ExecuteQuery();
}
{
List list = context.Web.Lists.GetByTitle("MyCustomerList");
ListItemCreationInformation itemCreateInfo = new ListItemCreationInformation();
ListItem newItem = list.AddItem(itemCreateInfo);
newItem["Title"] = "My New List Item";
newItem.Update();
context.ExecuteQuery();
}
Good Practice
using (ClientContext context = new ClientContext("http://yoursite"))
{
List list = context.Web.Lists.GetByTitle("MyCustomerList");
context.Load(list, l => l.EffectiveBasePermissions);
context.ExecuteQuery();
if (list.EffectiveBasePermissions.Has(PermissionKind.AddListItems))
{
ListItemCreationInformation itemCreateInfo = new ListItemCreationInformation();
ListItem newItem = list.AddItem(itemCreateInfo);
newItem["Title"] = "My New List Item";
newItem.Update();
context.ExecuteQuery();
}
}
{
List list = context.Web.Lists.GetByTitle("MyCustomerList");
context.Load(list, l => l.EffectiveBasePermissions);
context.ExecuteQuery();
if (list.EffectiveBasePermissions.Has(PermissionKind.AddListItems))
{
ListItemCreationInformation itemCreateInfo = new ListItemCreationInformation();
ListItem newItem = list.AddItem(itemCreateInfo);
newItem["Title"] = "My New List Item";
newItem.Update();
context.ExecuteQuery();
}
}
To suppress this violation in managed code add the following attribute to the method which contains the instruction (available since SPCAF version v5.2). Learn more about SuppressMessage here.
// Important: Ensure to have #define CODE_ANALYSIS at the beginning of your .cs file
[SuppressMessage("SPCAF.Rules.ManagedCSOM.CSOMBestPracticesGroup", "SPC059011:CheckHasListItemPermissionsBeforeAdding", Justification = "Provide reason for suppression here")]
[SuppressMessage("SPCAF.Rules.ManagedCSOM.CSOMBestPracticesGroup", "SPC059011:CheckHasListItemPermissionsBeforeAdding", Justification = "Provide reason for suppression here")]
Disclaimer: The views and opinions expressed in this documentation and in SPCAF do not necessarily reflect the opinions and recommendations of Microsoft or any member of Microsoft. SPCAF and RENCORE are registered trademarks of Rencore. All other trademarks, service marks, collective marks, copyrights, registered names, and marks used or cited by this documentation are the property of their respective owners.