A Practical Guide to SharePoint 2013

A Practical Guide to SharePoint 2013
A Practical Guide to SharePoint 2013 - Book by Saifullah Shafiq

Friday, October 7, 2005

Checking User Permissions in SharePoint Sites

Download application and source code


Many people have been asking me this question as to how they can check user permissions in sites programmatically. This brief tutorial will tell you how you can do this. I have included the complete source code of the application for your convenience.

Figure 1: Application screenshot

Let's take a look at the code:

MsgBox(CheckGroupRights(txtSiteURL.Text, txtSubSite.text, txtUserLogin.Text))

We have called the main function, CheckGroupRights in the msgbox function. CheckGroupRights() returns a string telling us whether the user has rights in the subsite or not. Please note that this tool will look for "Reader" privileges only. For example, if you provide a user named as "domainuser1" then this tool will check whether user1 has reader rights or not. You can modify the code to check for any type of rights.


If you look at the screen shot above, you will notice there are three fields where you would have to enter some text. For example, Site URL will contain the main URL of the site. User Login contains the user's login name, that is, complete login name including the domain, for example, domain1johndoe. Sub Site Name is the name of the site where you want to check the permissions. For example, you have a subsite named as subsite1 under the main site which has the following URL:

http://mainsite/sites/site1

The application will form the following URL from the values provided by you:

http://mainsite/sites/site1/subsite1

Here is the code that checks the rights:

Function CheckGroupRights(ByVal FolderPath As String, ByVal SubSite As String, ByVal UserLogin As String) As String
'Notes:
'Folderpath: is the main url where you want to find the permissions. I know this is cumbersome to provide
'both the url of the main site and the name of the subsite but this is just a sample to show you how things
'work. I may make it more simpler in the next version provided i got enough time to make the modifications.
'Examples: Folderpath: http://mainportalsite/sites/site1
' http://mainportalsite
'SubSite: This should be the name of the subsite, it should not be a URL, e.g,
'abc, 123, site1, site2, site3, etc
'final url that will be formed if your folderpath contained http://mainsite/sites/site1 and subsite contained "abc", will be
'http://mainsite/sites/site1/abc
'userlogin: is the users domain login, e.g, domainusername




Try
Dim strStatus As String = "User " & UserLogin & " does not have Reader permissions in " & FolderPath & "/" & SubSite & "."

If Not FolderPath Is Nothing Or Not FolderPath = "" Then


Dim siteCollection As SPSite
siteCollection = New SPSite(FolderPath)
Dim site As SPWeb = siteCollection.OpenWeb(SubSite)


Dim allUsers As SPUserCollection = site.Users
Dim user As SPUser


For Each user In allUsers


If user.LoginName.ToUpper = UserLogin.ToUpper Then


Dim allGroups As SPRoleCollection = user.Roles
Dim group As SPRole


For Each group In allGroups


Dim right As Integer
right = group.PermissionMask And SPRights.ViewListItems


If right = SPRights.ViewListItems Then


strStatus = "User " & UserLogin & " has Reader permissions in " & FolderPath & "/" & SubSite & "."
Return strStatus
Exit Function


End If
Next


End If
Next


Return strStatus


End If


Catch ex As Exception
MsgBox(ex.Message)
End Try


End Function


Code is pretty simple. Nothing fancy! Please look at these lines again:
…..
right = group.PermissionMask And SPRights.ViewListItems
If right = SPRights.ViewListItems Then
…..

SPRights.ViewListItems checks for the "Reader" privileges only. You can modify these lines to check other privileges. For example:


SPRights.ManageLists: Use "ManageLists" if you want to check whether the user has "Approver" rights in the subsite. User with these rights can add, edit, delete, approve content in the sites.


SPRights.EditListItems: User with these permissions can add, delete, modify site content but can not approve items in the site.


Similarly, you can check for many other types of privileges in the site. For complete list of rights, see SPS SDK.


I hope you will find this small tool useful. It is meant for learning purposes only. If you are a beginner, you can pick up hints from this code and can expand and make some other useful application out of this code. I will posting more small applications soon. Stay tuned!


-SSA