I have a MOSS workflow where on the first form, the user can choose a colleague to evaluate him. Say user A selects user B.
After the form is submitted, a new task is created for user B to evaluate user's A.
My problem is that I need to make sure the task is only accessible to user A, and not to user B, nor any other user in the system.
I tried setting the SpecialPermissions property, but the property can be binded when the workflow is instantiated, so I still don't know what user will be choosen by user A (in this case user B), and then can't set the permissions.
I also tried changing the SpecialPermissions property on the MethodInvoking method, but MOSS won't pay attention to the new permissions.
What is the proper way to set permissions on a workflow task?
Here's how I do it... this is a smattering of code that I have dispersed in multiple functions.
spListItem.BreakRoleInheritance(false);
foreach (SPRoleAssignment spRoleAssignment in spListItem.RoleAssignments)
{
if (!spRoleAssignment.RoleDefinitionBindings.Contains(this.workflowProperties.Web.RoleDefinitions.GetByType(SPRoleType.Administrator)))
{ // don't remove administrators
spRoleAssignment.RoleDefinitionBindings.RemoveAll();
spRoleAssignment.Update();
}
}
SPRoleDefinition roledefinition = web.RoleDefinitions.GetByType(SPRoleType.Contribute);
SPRoleAssignment myRoleAssignment = new SPRoleAssignment(accountName, "", "", "");
myRoleAssignment.RoleDefinitionBindings.Add(roledefinition);
spListItem.RoleAssignments.Add(myRoleAssignment);