Determining User's role in a SharePoint site/w

2019-05-26 08:14发布

站内问答 / C#
756 3 3

How do I figure out the role(s) of a user in a site using the webservices API? All I have to go on is the username and domain.

I've found that the PermissionsService.Permissions.GetPermissionCollection(url,"Web") will return a collection of permitted users and groups with their permissions masks but I still need to figure out if the user is in any of the groups and then convert the permissions masks into a roles collection.

I feel like there's a better way to do this and I'm just missing it.

3条回答
孤傲高冷的网名
2楼-- · 2019-05-26 09:01

In this blog post I use the UserGroup web service to list the SharePoint groups a user belongs to: http://www.theblackknightsings.com/ListAllSharePointGroupsAUserBelongsTo.aspx

查看更多
0人赞 添加讨论(0) 举报
叼着烟拽天下
3楼-- · 2019-05-26 09:07

Try using the GetRoleCollectionFromUser method from the UserGroup web service, It'll give you the list of the roles to which the user belongs in your site.
Just call it passing as a parameter your domain\userName.

Find its definition here: http://msdn.microsoft.com/en-us/library/ms772680.aspx
The returned xml will be something like the following, then you just get the info you need.

<GetRoleCollectionFromUser xmlns="http://schemas.microsoft.com/sharepoint/soap/directory/">
<Roles>
<Role ID="1073741829" Name="Full Control" Description="Has full control." Order="1" Hidden="False" Type="Administrator" BasePermissions="FullMask" />
<Role ID="1073741825" Name="Limited Access" Description="Can view specific lists, document libraries, list items, folders, or documents when given permissions." Order="8" Hidden="True" Type="Guest" BasePermissions="ViewFormPages, Open, BrowseUserInfo, UseClientIntegration, UseRemoteAPIs" />
</Roles>
</GetRoleCollectionFromUser>
查看更多
0人赞 添加讨论(0) 举报
甜甜的少女心
4楼-- · 2019-05-26 09:15

I've solved something similar - my method checks if user is assigned a specific role. Here's the algorithm first:

  1. Check if user is directly assigned a role at a site
  2. If yes - cool, if not - get all the groups the user is a member of and get all the groups that have that role assigned to them.
  3. Compare the two. If there is a matching - cool, if not - user is not assigned a role at that site level.

And the code: 

public bool IsAssignedAPermission(string premissionName, string userLoginName)
    {
        XmlNode nodes;
        bool isAssignedAPermission;

        isAssignedAPermission = false;

        //Check if user is directly assigned a Full Control role
        try
        {
            nodes = userGroupService.GetRoleCollectionFromUser(userLoginName);
            using (XmlNodeReader reader = new XmlNodeReader(nodes))
            {
                DataSet ds = new DataSet();
                ds.ReadXml(reader);
                DataTable dt = ds.Tables[1];
                foreach (DataRow row in dt.Rows)
                {
                    string permission = row[1].ToString();
                    if (permission == premissionName)
                    {
                        isAssignedAPermission = true;
                        break;
                    }
                }
            }
        }
        catch
        {
            List<string> groupMemberships;
            List<string> fullControlGroups;

            //Check if user is a member of a Full Control group
            //This is done in three steps:

            //1. Get the list of groups the user is member of
            groupMemberships = new List<string>();
            nodes = userGroupService.GetGroupCollectionFromUser(userLoginName);
            using (XmlNodeReader reader = new XmlNodeReader(nodes))
            {
                DataSet ds = new DataSet();
                ds.ReadXml(reader);
                DataTable dt = ds.Tables[1];
                foreach (DataRow row in dt.Rows)
                {
                    string groupName = row[1].ToString();
                    groupMemberships.Add(groupName);
                }
            }

            //2. Get the list of groups that have Full Control permissions
            fullControlGroups = new List<string>();
            nodes = userGroupService.GetGroupCollectionFromRole(premissionName);
            using (XmlNodeReader reader = new XmlNodeReader(nodes))
            {
                DataSet ds = new DataSet();
                ds.ReadXml(reader);
                DataTable dt = ds.Tables[1];
                foreach (DataRow row in dt.Rows)
                {
                    string groupName = row[1].ToString();
                    fullControlGroups.Add(groupName);
                }
            }

            //3. Check if user belongs to any of the Full Control groups
            foreach (string membership in groupMemberships)
            {
                if (fullControlGroups.Contains(membership))
                {
                    isAssignedAPermission = true;
                    break;
                }
            }
        }

        return isAssignedAPermission;
    }

Method parameter userLoginName should be in a form domain\username, e.g. SHAREPOINT\Boris. I hope I helped. Cheers

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(3)