1

As part of a Workflow Association Form code-behind we need to access information on different sites (in the same site collection). It is possible that the user trying to configure a workflow does not have access to one of the referenced sites.

Is there a way to check that a given SPUser (current user) has access to a particular SPWeb object? I am aware of the SPSite.DoesUserHavePermissions() method, but the documentation does not reveal how to test for access (especially the acl parameter is poorly documented).

Improve this question

1 Answer 1

Reset to default
1

You can try:

The out-of-the-box method DoesUserHavePermissions() on an SPWeb object does not take indirect membership into account (i.e. the current user is a member of a domain group that has access the the SPWeb being checked). To get around this, I use the following method

DoesUserHavePermssionsToWeb(SPUser, SPWeb)):

private bool DoesUserHavePermssionsToWeb(ref SPUser user, ref SPWeb web)
{    
   bool hasPermission = false;     
   SPBasePermissions perms = this.GetPermissionsForUser(ref user, ref web);    
   if (perms.ToString().Contains(SPBasePermissions.Open.ToString()) || perms.ToString().Contains(SPBasePermissions.FullMask.ToString()))        
      hasPermission = true;    

   if (!hasPermission)    
   {        

      // Check the users groups - this is for indirect membership;        
      foreach (string groupLoginName in this.GetCurrentUserADGroups()) 
      {            
         try            
         {                
              SPUser groupUser = web.SiteUsers[groupLoginName];                 
              perms = this.GetPermissionsForUser(ref groupUser, ref web);                
              if (perms.ToString().Contains(SPBasePermissions.Open.ToString()) || perms.ToString().Contains(SPBasePermissions.FullMask.ToString()))                
              {                    
                   hasPermission = true;                    
                   break;                
              }            
          }            
          catch { }        
      }    
  }     
  return hasPermission;
} 

private SPBasePermissions GetPermissionsForUser(ref SPUser user, ref SPWeb web)
{    
     SPBasePermissions perms = SPBasePermissions.EmptyMask;     
     try    
     {        
         SPUserToken userToken = user.UserToken;        
         System.Reflection.MethodInfo getPermissions = typeof(Microsoft.SharePoint.Utilities.SPUtility).GetMethod("GetPermissions",            
         System.Reflection.BindingFlags.NonPublic |            
         System.Reflection.BindingFlags.Public |            
         System.Reflection.BindingFlags.Instance |            
         System.Reflection.BindingFlags.InvokeMethod |            
         System.Reflection.BindingFlags.Static);         
         perms = (SPBasePermissions)getPermissions.Invoke(null, new object[] { userToken, web });    
}    
catch { }     
return perms;
} 

private System.Collections.ArrayList GetCurrentUserADGroups()
{    
       // Get the current groups for the logged in user;    
       System.Collections.ArrayList groups = new System.Collections.ArrayList();    
       foreach (System.Security.Principal.IdentityReference group in System.Web.HttpContext.Current.Request.LogonUserIdentity.Groups)    
       {        
            groups.Add(group.Translate(typeof (System.Security.Principal.NTAccount)).ToString());    
       }    
       return groups;
}

taken from here:

http://www.mylifeinaminute.com/2008/11/21/custom-method-for-checking-permissions-on-a-spweb-object/

hope it helps :)

Improve this answer

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.