kawa/SharepointToolbox-Web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Wire auto-elevate ownership across all SharePoint operations

Browse Source 
The "Auto-elevate ownership when permission scan is denied" setting was
dead code: the toggle was persisted but never read, the audit flow never
passed its onAccessDenied callback, and EnrichException wrapped every CSOM
error (including ServerUnauthorizedAccessException) into a generic
InvalidOperationException so the access-denied catch could never match.

Centralize elevation instead of per-call-site callbacks:

- Throw typed SharePointAccessDeniedException from EnrichException on
  access-denied, preserving the failing site URL and enriched diagnostic.
- Add scoped IElevationCoordinator that catches it, and when AutoTakeOwnership
  is enabled takes site-collection admin via the tenant admin endpoint and
  retries the operation once. Per-site dedupe prevents loops; admin-host
  denials are not treated as ownership issues. Retry is safe because each
  wrapped operation closure re-issues its own CSOM loads.
- Wrap all site-scoped operations (Storage, Permissions, Duplicates, Search,
  VersionCleanup, FolderStructure, BulkMembers, FileTransfer, Templates) and
  the UserAccessAudit per-site scan in the coordinator.
- Drop the unused onAccessDenied parameter from IUserAccessAuditService.

Elevation still requires SharePoint tenant admin rights on the signed-in
account; the coordinator surfaces a clear message when that is missing.

Also keeps the prior StorageService change that avoids admin-gated
folder.StorageMetrics (403 for delegated non-admin tokens).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
Sébastien QUEROL
2026-06-02 14:16:12 +02:00
parent b7061867f1
commit 57f5239cfc
17 changed files with 306 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Components/Pages/BulkMembers.razor
+6 -2
View File
@@ -3,6 +3,7 @@
@inject IUserSessionService Session
@inject IUserContextAccessor UserContext
@inject ISessionManager SessionMgr
@inject IElevationCoordinator Elevation
@inject IBulkMemberService BulkSvc
@inject ICsvValidationService CsvValidation
@inject BulkResultCsvExportService ExportSvc
@@ -97,8 +98,11 @@
var progress = new Progress<OperationProgress>(p => { _status = p.Message; _current = p.Current; _total = p.Total; InvokeAsync(StateHasChanged); });
try
{
var ctx = await SessionMgr.GetOrCreateContextAsync(siteUrl, Session.CurrentProfile!, _cts.Token);
_summary = await BulkSvc.AddMembersAsync(ctx, Session.CurrentProfile!, validRows, progress, _cts.Token);
_summary = await Elevation.RunAsync(async c =>
{
var ctx = await SessionMgr.GetOrCreateContextAsync(siteUrl, Session.CurrentProfile!, c);
return await BulkSvc.AddMembersAsync(ctx, Session.CurrentProfile!, validRows, progress, c);
}, _cts.Token);
_status = $"Complete: {_summary.SuccessCount} added, {_summary.FailedCount} failed.";
}
catch (OperationCanceledException) { _status = "Cancelled."; }
Components/Pages/Duplicates.razor
+6 -2
View File
@@ -2,6 +2,7 @@
@attribute [Authorize]
@inject IUserSessionService Session
@inject ISessionManager SessionMgr
@inject IElevationCoordinator Elevation
@inject IDuplicatesService DupSvc
@inject DuplicatesCsvExportService CsvExport
@inject DuplicatesHtmlExportService HtmlExport
@@ -95,9 +96,12 @@
var progress = new Progress<OperationProgress>(p => { _status = p.Message; _current = p.Current; _total = p.Total; InvokeAsync(StateHasChanged); });
try
{
var ctx = await SessionMgr.GetOrCreateContextAsync(siteUrl, Session.CurrentProfile!, _cts.Token);
var opts = new DuplicateScanOptions(_mode, _matchSize, _matchCreated, _matchModified, _matchFolderCount, _matchFileCount, Library: _library.TrimOrNull());
_results = (await DupSvc.ScanDuplicatesAsync(ctx, opts, progress, _cts.Token)).ToList();
_results = (await Elevation.RunAsync(async c =>
{
var ctx = await SessionMgr.GetOrCreateContextAsync(siteUrl, Session.CurrentProfile!, c);
return await DupSvc.ScanDuplicatesAsync(ctx, opts, progress, c);
}, _cts.Token)).ToList();
_status = $"Found {_results.Count} duplicate groups.";
}
catch (OperationCanceledException) { _status = "Cancelled."; }
Components/Pages/FileTransfer.razor
+8 -3
View File
@@ -3,6 +3,7 @@
@inject IUserSessionService Session
@inject IUserContextAccessor UserContext
@inject ISessionManager SessionMgr
@inject IElevationCoordinator Elevation
@inject IFileTransferService TransferSvc
@rendermode InteractiveServer
@@ -119,8 +120,6 @@
{
var srcUrl = string.IsNullOrWhiteSpace(_srcSiteUrl) ? Session.CurrentProfile!.TenantUrl : _srcSiteUrl.Trim();
var dstUrl = string.IsNullOrWhiteSpace(_dstSiteUrl) ? Session.CurrentProfile!.TenantUrl : _dstSiteUrl.Trim();
var srcCtx = await SessionMgr.GetOrCreateContextAsync(srcUrl, Session.CurrentProfile!, _cts.Token);
var dstCtx = await SessionMgr.GetOrCreateContextAsync(dstUrl, Session.CurrentProfile!, _cts.Token);
var job = new TransferJob
{
SourceSiteUrl = srcUrl, SourceLibrary = _srcLibrary, SourceFolderPath = _srcFolder,
@@ -129,7 +128,13 @@
ConflictPolicy = _conflict == "Overwrite" ? ConflictPolicy.Overwrite : _conflict == "Rename" ? ConflictPolicy.Rename : ConflictPolicy.Skip,
IncludeSourceFolder = _includeSourceFolder
};
_summary = await TransferSvc.TransferAsync(srcCtx, dstCtx, job, progress, _cts.Token);
_summary = await Elevation.RunAsync(async c =>
{
// Closure rebuilds both contexts each attempt so an elevated retry re-issues cleanly.
var srcCtx = await SessionMgr.GetOrCreateContextAsync(srcUrl, Session.CurrentProfile!, c);
var dstCtx = await SessionMgr.GetOrCreateContextAsync(dstUrl, Session.CurrentProfile!, c);
return await TransferSvc.TransferAsync(srcCtx, dstCtx, job, progress, c);
}, _cts.Token);
_status = $"Complete: {_summary.SuccessCount} transferred.";
}
catch (OperationCanceledException) { _status = "Cancelled."; }
Components/Pages/FolderStructure.razor
+6 -2
View File
@@ -3,6 +3,7 @@
@inject IUserSessionService Session
@inject IUserContextAccessor UserContext
@inject ISessionManager SessionMgr
@inject IElevationCoordinator Elevation
@inject IFolderStructureService FolderSvc
@inject ICsvValidationService CsvValidation
@rendermode InteractiveServer
@@ -78,8 +79,11 @@
var progress = new Progress<OperationProgress>(p => { _status = p.Message; _current = p.Current; _total = p.Total; InvokeAsync(StateHasChanged); });
try
{
var ctx = await SessionMgr.GetOrCreateContextAsync(siteUrl, Session.CurrentProfile!, _cts.Token);
_summary = await FolderSvc.CreateFoldersAsync(ctx, _libraryTitle, validRows, progress, _cts.Token);
_summary = await Elevation.RunAsync(async c =>
{
var ctx = await SessionMgr.GetOrCreateContextAsync(siteUrl, Session.CurrentProfile!, c);
return await FolderSvc.CreateFoldersAsync(ctx, _libraryTitle, validRows, progress, c);
}, _cts.Token);
_status = $"Complete: {_summary.SuccessCount} folders created.";
}
catch (OperationCanceledException) { _status = "Cancelled."; }
Components/Pages/Permissions.razor
+6 -2
View File
@@ -2,6 +2,7 @@
@attribute [Authorize]
@inject IUserSessionService Session
@inject ISessionManager SessionMgr
@inject IElevationCoordinator Elevation
@inject IPermissionsService PermSvc
@inject CsvExportService CsvExport
@inject HtmlExportService HtmlExport
@@ -109,9 +110,12 @@
var progress = new Progress<OperationProgress>(p => { _status = p.Message; _current = p.Current; _total = p.Total; InvokeAsync(StateHasChanged); });
try
{
var ctx = await SessionMgr.GetOrCreateContextAsync(siteUrl, Session.CurrentProfile!, _cts.Token);
var opts = new ScanOptions(_includeInherited, _scanFolders, _folderDepth, _includeSubsites);
_results = (await PermSvc.ScanSiteAsync(ctx, opts, progress, _cts.Token)).ToList();
_results = (await Elevation.RunAsync(async c =>
{
var ctx = await SessionMgr.GetOrCreateContextAsync(siteUrl, Session.CurrentProfile!, c);
return await PermSvc.ScanSiteAsync(ctx, opts, progress, c);
}, _cts.Token)).ToList();
_status = $"Scan complete: {_results.Count} entries found.";
}
catch (OperationCanceledException) { _status = "Cancelled."; }
Components/Pages/Search.razor
+6 -2
View File
@@ -2,6 +2,7 @@
@attribute [Authorize]
@inject IUserSessionService Session
@inject ISessionManager SessionMgr
@inject IElevationCoordinator Elevation
@inject ISearchService SearchSvc
@inject SearchCsvExportService CsvExport
@inject SearchHtmlExportService HtmlExport
@@ -107,10 +108,13 @@
var progress = new Progress<OperationProgress>(p => { _status = p.Message; _current = p.Current; _total = p.Total; InvokeAsync(StateHasChanged); });
try
{
var ctx = await SessionMgr.GetOrCreateContextAsync(siteUrl, Session.CurrentProfile!, _cts.Token);
var exts = _extensions.Split(',', StringSplitOptions.RemoveEmptyEntries | StringSplitOptions.TrimEntries);
var opts = new SearchOptions(exts, _regex, null, null, null, null, _createdBy.TrimOrNull(), _modifiedBy.TrimOrNull(), _library.TrimOrNull(), _maxResults, siteUrl);
_results = (await SearchSvc.SearchFilesAsync(ctx, opts, progress, _cts.Token)).ToList();
_results = (await Elevation.RunAsync(async c =>
{
var ctx = await SessionMgr.GetOrCreateContextAsync(siteUrl, Session.CurrentProfile!, c);
return await SearchSvc.SearchFilesAsync(ctx, opts, progress, c);
}, _cts.Token)).ToList();
_status = $"Found {_results.Count} files.";
}
catch (OperationCanceledException) { _status = "Cancelled."; }
Components/Pages/Storage.razor
+6 -2
View File
@@ -2,6 +2,7 @@
@attribute [Authorize]
@inject IUserSessionService Session
@inject ISessionManager SessionMgr
@inject IElevationCoordinator Elevation
@inject IStorageService StorageSvc
@inject StorageCsvExportService CsvExport
@inject StorageHtmlExportService HtmlExport
@@ -93,9 +94,12 @@
var progress = new Progress<OperationProgress>(p => { _status = p.Message; _current = p.Current; _total = p.Total; InvokeAsync(StateHasChanged); });
try
{
var ctx = await SessionMgr.GetOrCreateContextAsync(siteUrl, Session.CurrentProfile!, _cts.Token);
var opts = new StorageScanOptions(IncludeSubsites: _includeSubsites, IncludeHiddenLibraries: _includeHidden, IncludeRecycleBin: _includeRecycleBin);
_results = (await StorageSvc.CollectStorageAsync(ctx, opts, progress, _cts.Token)).ToList();
_results = (await Elevation.RunAsync(async c =>
{
var ctx = await SessionMgr.GetOrCreateContextAsync(siteUrl, Session.CurrentProfile!, c);
return await StorageSvc.CollectStorageAsync(ctx, opts, progress, c);
}, _cts.Token)).ToList();
_status = $"Complete: {_results.Count} nodes.";
}
catch (OperationCanceledException) { _status = "Cancelled."; }
Components/Pages/Templates.razor
+6 -2
View File
@@ -3,6 +3,7 @@
@inject IUserSessionService Session
@inject IUserContextAccessor UserContext
@inject ISessionManager SessionMgr
@inject IElevationCoordinator Elevation
@inject ITemplateService TemplateSvc
@inject SharepointToolbox.Web.Infrastructure.Persistence.TemplateRepository TemplateRepo
@rendermode InteractiveServer
@@ -108,9 +109,12 @@
var progress = new Progress<OperationProgress>(p => { _status = p.Message; InvokeAsync(StateHasChanged); });
try
{
var ctx = await SessionMgr.GetOrCreateContextAsync(siteUrl, Session.CurrentProfile!, _cts.Token);
var opts = new SiteTemplateOptions { CaptureLibraries = _capLibraries, CaptureFolders = _capFolders, CapturePermissionGroups = _capGroups };
var template = await TemplateSvc.CaptureTemplateAsync(ctx, opts, progress, _cts.Token);
var template = await Elevation.RunAsync(async c =>
{
var ctx = await SessionMgr.GetOrCreateContextAsync(siteUrl, Session.CurrentProfile!, c);
return await TemplateSvc.CaptureTemplateAsync(ctx, opts, progress, c);
}, _cts.Token);
template.Name = string.IsNullOrWhiteSpace(_captureName) ? $"Template-{DateTime.Now:yyyyMMdd}" : _captureName;
await TemplateRepo.SaveAsync(template);
_templates = (await TemplateRepo.GetAllAsync()).ToList();
Components/Pages/VersionCleanup.razor
+11 -4
View File
@@ -3,6 +3,7 @@
@inject IUserSessionService Session
@inject IUserContextAccessor UserContext
@inject ISessionManager SessionMgr
@inject IElevationCoordinator Elevation
@inject IVersionCleanupService VersionSvc
@inject VersionCleanupHtmlExportService HtmlExport
@inject WebExportService WebExport
@@ -109,8 +110,11 @@
try
{
var siteUrl = string.IsNullOrWhiteSpace(_siteUrl) ? Session.CurrentProfile!.TenantUrl : _siteUrl.Trim();
var ctx = await SessionMgr.GetOrCreateContextAsync(siteUrl, Session.CurrentProfile!, CancellationToken.None);
_libraries = (await VersionSvc.ListLibraryTitlesAsync(ctx, CancellationToken.None)).ToList();
_libraries = (await Elevation.RunAsync(async c =>
{
var ctx = await SessionMgr.GetOrCreateContextAsync(siteUrl, Session.CurrentProfile!, c);
return await VersionSvc.ListLibraryTitlesAsync(ctx, c);
}, CancellationToken.None)).ToList();
}
catch (Exception ex) { _error = ex.Message; }
finally { _loading = false; }
@@ -126,9 +130,12 @@
var progress = new Progress<OperationProgress>(p => { _status = p.Message; _current = p.Current; _total = p.Total; InvokeAsync(StateHasChanged); });
try
{
var ctx = await SessionMgr.GetOrCreateContextAsync(siteUrl, Session.CurrentProfile!, _cts.Token);
var opts = new VersionCleanupOptions(_selectedLibs, _keepLast, _keepFirst);
_results = (await VersionSvc.DeleteOldVersionsAsync(ctx, opts, progress, _cts.Token)).ToList();
_results = (await Elevation.RunAsync(async c =>
{
var ctx = await SessionMgr.GetOrCreateContextAsync(siteUrl, Session.CurrentProfile!, c);
return await VersionSvc.DeleteOldVersionsAsync(ctx, opts, progress, c);
}, _cts.Token)).ToList();
_status = $"Complete: {_results.Sum(r => r.VersionsDeleted)} versions deleted.";
}
catch (OperationCanceledException) { _status = "Cancelled."; }