A Practical Guide to SharePoint 2013

A Practical Guide to SharePoint 2013
A Practical Guide to SharePoint 2013 - Book by Saifullah Shafiq

Friday, October 7, 2005

Checking User Permissions in SharePoint Sites

Checking User Permissions in SharePoint Sites

Many people have been asking me this question as to how they can check user permissions in sites programmatically. This brief tutorial will tell you how you can do this. I have included the complete source code of the application for your convenience.
Let's take a look at the code:
MsgBox(CheckGroupRights(txtSiteURL.Text, txtSubSite.text, txtUserLogin.Text))
We have called the main function, CheckGroupRights in the msgbox function. CheckGroupRights() returns a string telling us whether the user has rights in the subsite or not. Please note that this tool will look for "Reader" privileges only. For example, if you provide a user named as "domainuser1" then this tool will check whether user1 has reader rights or not. You can modify the code to check for any type of rights.
If you look at the screen shot above, you will notice there are three fields where you would have to enter some text. For example, Site URL will contain the main URL of the site. User Login contains the user's login name, that is, complete login name including the domain, for example, domain1johndoe. Sub Site Name is the name of the site where you want to check the permissions. For example, you have a subsite named as subsite1 under the main site which has the following URL:
The application will form the following URL from the values provided by you:
Here is the code that checks the rights:
Function CheckGroupRights(ByVal FolderPath As String, ByVal SubSite As String, ByVal UserLogin As String) As String

'Notes:
'Folderpath: is the main url where you want to find the permissions. I know this is cumbersome to provide
'both the url of the main site and the name of the subsite but this is just a sample to show you how things
'work. I may make it more simpler in the next version provided i got enough time to make the modifications.
'Examples: Folderpath: http://mainportalsite/sites/site1
' http://mainportalsite
'SubSite: This should be the name of the subsite, it should not be a URL, e.g,
'abc, 123, site1, site2, site3, etc
'final url that will be formed if your folderpath contained http://mainsite/sites/site1 and subsite contained "abc", will be
'http://mainsite/sites/site1/abc
'userlogin: is the users domain login, e.g, domainusername
 
Try
Dim strStatus As String = "User " & UserLogin & " does not have Reader permissions in " & FolderPath & "/" & SubSite & "."

If Not FolderPath Is Nothing Or Not FolderPath = "" Then

Dim siteCollection As SPSite
siteCollection = New SPSite(FolderPath)
Dim site As SPWeb = siteCollection.OpenWeb(SubSite)

Dim allUsers As SPUserCollection = site.Users
Dim user As SPUser

For Each user In allUsers

If user.LoginName.ToUpper = UserLogin.ToUpper Then

    Dim allGroups As SPRoleCollection = user.Roles
    Dim group As SPRole

    For Each group In allGroups

    Dim right As Integer
    right = group.PermissionMask And SPRights.ViewListItems

         If right = SPRights.ViewListItems Then

           strStatus = "User " & UserLogin & " has Reader permissions in " & FolderPath & "/" & SubSite & "."
           Return strStatus
           Exit Function

         End If
    Next

End If
Next

Return strStatus

End If

Catch ex As Exception
          MsgBox(ex.Message)
End Try

End Function
 
Code is pretty simple. Nothing fancy! Please look at these lines again:
.....
right = group.PermissionMask And SPRights.ViewListItems
         If right = SPRights.ViewListItems Then
.....
SPRights.ViewListItems checks for the "Reader" privileges only. You can modify these lines to check other privileges. For example:
SPRights.ManageLists: Use "ManageLists" if you want to check whether the user has "Approver" rights in the subsite. User with these rights can add, edit, delete, approve content in the sites.

SPRights.EditListItems: User with these permissions can add, delete, modify site content but can not approve items in the site.
Similarly, you can check for many other types of privileges in the site. For complete list of rights, see SPS SDK.
I hope you will find this small tool useful. It is meant for learning purposes only. If you are a beginner, you can pick up hints from this code and can expand and make some other useful application out of this code. I will posting more small applications soon. Stay tuned!


-SSA