SharePoint Code Analysis Framework (SPCAF)

Code Quality

Managed CSOM

Best Practices

SPC059001: Consider implementing a pattern to avoid throttling with ClientContext.ExecuteQuery()

SPC059005: Consider verifying that the user has sufficient permissions when calling Web.Update().

SPC059006: Consider verifying that the user has sufficient permissions when calling Web.DeleteObject()

SPC059007: Consider verifying that the user has sufficient permissions when calling List.Update()

SPC059008: Consider verifying that the user has sufficient permissions when calling List.DeleteObject()

SPC059009: Consider verifying that the user has sufficient permissions when calling ListItem.Update()

SPC059010: Consider verifying that the user has sufficient permissions when calling ListItem.DeleteObject()

SPC059011: Consider verifying that the user has sufficient permissions when calling List.AddItem()

SPC059012: Consider verifying that the user has sufficient permissions when calling ListCollection.Add()

SPC059013: Consider verifying that the user has sufficient permissions when calling WebCollection.Add()

Before adding a new Web object, consider making sure that the user has permissions to perform that action.

CheckId	SPC059013
TypeName	CheckHasWebPermissionsBeforeAdding
Severity	Warning
Type	Assembly

Resolution

Bad Practice

    using (ClientContext context = new ClientContext("http://yoursite"))
    {
        Web web = context.Web;
        WebCreationInformation creation = new WebCreationInformation
        {
            Url = "MySubsiteUrl",
            Title = "My Subsite Title"
        };
        context.Web.Webs.Add(creation);
        context.ExecuteQuery();
    }

Good Practice

    using (ClientContext context = new ClientContext("http://yoursite"))
    {
        Web web = context.Web;

        BasePermissions permissions = new BasePermissions();
        permissions.Set(PermissionKind.ManageSubwebs);

        var permissionResults = web.DoesUserHavePermissions(permissions);
        context.ExecuteQuery();

        if (permissionResults.Value)
        {
            WebCreationInformation creation = new WebCreationInformation
            {
                Url = "My New Subsite",
                Title = "My Subsite Title"
            };
            context.Web.Webs.Add(creation);
            context.ExecuteQuery();
        }
    }

Message Suppression

To suppress this violation in managed code add the following attribute to the method which contains the instruction (available since SPCAF version v5.2). Learn more about SuppressMessage here.

// Important: Ensure to have #define CODE_ANALYSIS at the beginning of your .cs file
[SuppressMessage("SPCAF.Rules.ManagedCSOM.CSOMBestPracticesGroup", "SPC059013:CheckHasWebPermissionsBeforeAdding", Justification = "Provide reason for suppression here")]

SharePoint Code Analysis Framework, v6.9.1.2001

Disclaimer: The views and opinions expressed in this documentation and in SPCAF do not necessarily reflect the opinions and recommendations of Microsoft or any member of Microsoft. SPCAF and RENCORE are registered trademarks of Rencore. All other trademarks, service marks, collective marks, copyrights, registered names, and marks used or cited by this documentation are the property of their respective owners.