Checking User Permissions in SharePoint

Following is the code to check the rights of the users. Following code will show only those sites for which user has read privileges.

    Function CheckRights(ByVal sitePath As String, Byval strUser as string) As Boolean

    //sitePath contains the site that you retrieved in the code shown above

    // strUser contains the user for whom you want to check the rights and retrieve sites

        Try
            Dim blnStatus As Boolean = False
            If Not sitePath Is Nothing Or Not sitePath = "" Then

                Dim rtn As String() = parseURL(sitePath)

                    Dim siteCollection As SPSite
                    siteCollection = New SPSite(sitePath)
                    Dim site As SPWeb = siteCollection.OpenWeb(rtn(0))

                    Dim allUsers As SPUserCollection = site.Users
                    Dim user As SPUser

                    For Each user In allUsers
                        If user.LoginName.ToUpper = strUser Then

                            Dim allGroups As SPRoleCollection = user.Roles
                            Dim group As SPRole

                            For Each group In allGroups

                                Dim right As Integer
                                right = group.PermissionMask And SPRights.ViewListItems

                                If right = SPRights.ViewListItems Then

                                    blnStatus = True
                                    Return blnStatus
                                    Exit Function

                                End If
                            Next

                        End If
                    Next

                Return blnStatus

            End If

        Catch ex As Exception
            //Exception handling code here!
        End Try

    End Function

The function shown above (CheckRights) uses another function called as parseURL(). Following is the code for the parseURL() function:

Public Function parseURL(ByVal _fullPath As String) As String()

_fullPath = System.Web.HttpUtility.UrlDecode(_fullPath)

Dim site As SPSite = New SPSite(_fullPath)

Dim web As SPWeb = site.RootWeb

Dim webPath As String = _fullPath.Replace(web.Url & "/", "")

Dim rtnObject As String() = {"", "", ""}

Dim w As SPWeb

Dim folderPath As String = ""

Dim docLibPath As String = ""

Dim i, j As Integer

While CType(w, Object) Is Nothing

Try

w = site.OpenWeb(webPath)

Dim s As String = w.ID.ToString

'//above will raise the exception too

Catch ex As Exception

w = Nothing

i = webPath.LastIndexOf("/")

If i = -1 Then

Exit While '//means the end of subsite lookup

End If

j = webPath.Length

webPath = webPath.Remove(i, j - i)

End Try

End While

'//if there was some sub-site object then

If Not CType(w, Object) Is Nothing Then

folderPath = _fullPath.Substring(_fullPath.IndexOf(webPath) + webPath.Length + 1)

If folderPath.IndexOf("/") > 0 Then

docLibPath = folderPath.Substring(0, folderPath.IndexOf("/"))

folderPath = folderPath.Remove(0, folderPath.IndexOf("/") + 1)

End If

If docLibPath = webPath Then webPath = "" '_fullPath

rtnObject(0) = webPath

rtnObject(1) = docLibPath

rtnObject(2) = folderPath

Else '//there was no sub-site obect was found

folderPath = _fullPath.Substring(_fullPath.IndexOf(webPath))

If folderPath.IndexOf("/") > 0 Then

docLibPath = folderPath.Substring(0, folderPath.IndexOf("/"))

folderPath = folderPath.Remove(0, folderPath.IndexOf("/") + 1)

End If

If docLibPath = webPath Then webPath = "" '_fullPath

rtnObject(0) = webPath

rtnObject(1) = docLibPath

rtnObject(2) = folderPath

End If

Return rtnObject

End Function

Note: I know this will seem a bit complicated to you if you are a beginner but believe me it is not that complicated. It's pretty straight forward.

1. You retrieve sites from the portal.

2. You plug in CheckRights() function that checks whether the site has a user you passed in as a parameter and whether that user has reader rights.

3. parseURL() function is used by the CheckRights() function.

Just copy and paste the above functions, you may need to do minor tweaking and it should work fine.

-SSA

Checking User Permissions in SharePoint Sites

Download application and source code


Many people have been asking me this question as to how they can check user permissions in sites programmatically. This brief tutorial will tell you how you can do this. I have included the complete source code of the application for your convenience.

Figure 1: Application screenshot



Let's take a look at the code:

MsgBox(CheckGroupRights(txtSiteURL.Text, txtSubSite.text, txtUserLogin.Text))

We have called the main function, CheckGroupRights in the msgbox function. CheckGroupRights() returns a string telling us whether the user has rights in the subsite or not. Please note that this tool will look for "Reader" privileges only. For example, if you provide a user named as "domainuser1" then this tool will check whether user1 has reader rights or not. You can modify the code to check for any type of rights.


If you look at the screen shot above, you will notice there are three fields where you would have to enter some text. For example, Site URL will contain the main URL of the site. User Login contains the user's login name, that is, complete login name including the domain, for example, domain1johndoe. Sub Site Name is the name of the site where you want to check the permissions. For example, you have a subsite named as subsite1 under the main site which has the following URL:

http://mainsite/sites/site1

The application will form the following URL from the values provided by you:

http://mainsite/sites/site1/subsite1

Here is the code that checks the rights:

Function CheckGroupRights(ByVal FolderPath As String, ByVal SubSite As String, ByVal UserLogin As String) As String
'Notes:
'Folderpath: is the main url where you want to find the permissions. I know this is cumbersome to provide
'both the url of the main site and the name of the subsite but this is just a sample to show you how things
'work. I may make it more simpler in the next version provided i got enough time to make the modifications.
'Examples: Folderpath: http://mainportalsite/sites/site1
' http://mainportalsite
'SubSite: This should be the name of the subsite, it should not be a URL, e.g,
'abc, 123, site1, site2, site3, etc
'final url that will be formed if your folderpath contained http://mainsite/sites/site1 and subsite contained "abc", will be
'http://mainsite/sites/site1/abc
'userlogin: is the users domain login, e.g, domainusername




Try
Dim strStatus As String = "User " & UserLogin & " does not have Reader permissions in " & FolderPath & "/" & SubSite & "."

If Not FolderPath Is Nothing Or Not FolderPath = "" Then


Dim siteCollection As SPSite
siteCollection = New SPSite(FolderPath)
Dim site As SPWeb = siteCollection.OpenWeb(SubSite)


Dim allUsers As SPUserCollection = site.Users
Dim user As SPUser


For Each user In allUsers


If user.LoginName.ToUpper = UserLogin.ToUpper Then


Dim allGroups As SPRoleCollection = user.Roles
Dim group As SPRole


For Each group In allGroups


Dim right As Integer
right = group.PermissionMask And SPRights.ViewListItems


If right = SPRights.ViewListItems Then


strStatus = "User " & UserLogin & " has Reader permissions in " & FolderPath & "/" & SubSite & "."
Return strStatus
Exit Function


End If
Next


End If
Next


Return strStatus


End If


Catch ex As Exception
MsgBox(ex.Message)
End Try


End Function


Code is pretty simple. Nothing fancy! Please look at these lines again:
…..
right = group.PermissionMask And SPRights.ViewListItems
If right = SPRights.ViewListItems Then
…..

SPRights.ViewListItems checks for the "Reader" privileges only. You can modify these lines to check other privileges. For example:


SPRights.ManageLists: Use "ManageLists" if you want to check whether the user has "Approver" rights in the subsite. User with these rights can add, edit, delete, approve content in the sites.


SPRights.EditListItems: User with these permissions can add, delete, modify site content but can not approve items in the site.


Similarly, you can check for many other types of privileges in the site. For complete list of rights, see SPS SDK.


I hope you will find this small tool useful. It is meant for learning purposes only. If you are a beginner, you can pick up hints from this code and can expand and make some other useful application out of this code. I will posting more small applications soon. Stay tuned!


-SSA

Checking User Permissions in SharePoint Sites

Download application and source code

Many people have been asking me this question as to how they can check user permissions in sites programmatically. This brief tutorial will tell you how you can do this. I have included the complete source code of the application for your convenience.

Let's take a look at the code:

MsgBox(CheckGroupRights(txtSiteURL.Text, txtSubSite.text, txtUserLogin.Text))

We have called the main function, CheckGroupRights in the msgbox function. CheckGroupRights() returns a string telling us whether the user has rights in the subsite or not. Please note that this tool will look for "Reader" privileges only. For example, if you provide a user named as "domainuser1" then this tool will check whether user1 has reader rights or not. You can modify the code to check for any type of rights.

If you look at the screen shot above, you will notice there are three fields where you would have to enter some text. For example, Site URL will contain the main URL of the site. User Login contains the user's login name, that is, complete login name including the domain, for example, domain1johndoe. Sub Site Name is the name of the site where you want to check the permissions. For example, you have a subsite named as subsite1 under the main site which has the following URL:

http://mainsite/sites/site1

The application will form the following URL from the values provided by you:

http://mainsite/sites/site1/subsite1

Here is the code that checks the rights:

Function CheckGroupRights(ByVal FolderPath As String, ByVal SubSite As String, ByVal UserLogin As String) As String 'Notes: 'Folderpath: is the main url where you want to find the permissions. I know this is cumbersome to provide 'both the url of the main site and the name of the subsite but this is just a sample to show you how things 'work. I may make it more simpler in the next version provided i got enough time to make the modifications. 'Examples: Folderpath: http://mainportalsite/sites/site1 ' http://mainportalsite 'SubSite: This should be the name of the subsite, it should not be a URL, e.g, 'abc, 123, site1, site2, site3, etc 'final url that will be formed if your folderpath contained http://mainsite/sites/site1 and subsite contained "abc", will be 'http://mainsite/sites/site1/abc 'userlogin: is the users domain login, e.g, domainusername   Try Dim strStatus As String = "User " & UserLogin & " does not have Reader permissions in " & FolderPath & "/" & SubSite & "." If Not FolderPath Is Nothing Or Not FolderPath = "" Then Dim siteCollection As SPSite siteCollection = New SPSite(FolderPath) Dim site As SPWeb = siteCollection.OpenWeb(SubSite) Dim allUsers As SPUserCollection = site.Users Dim user As SPUser For Each user In allUsers If user.LoginName.ToUpper = UserLogin.ToUpper Then     Dim allGroups As SPRoleCollection = user.Roles     Dim group As SPRole     For Each group In allGroups     Dim right As Integer     right = group.PermissionMask And SPRights.ViewListItems          If right = SPRights.ViewListItems Then            strStatus = "User " & UserLogin & " has Reader permissions in " & FolderPath & "/" & SubSite & "."            Return strStatus            Exit Function          End If     Next End If Next Return strStatus End If Catch ex As Exception           MsgBox(ex.Message) End Try End Function

Code is pretty simple. Nothing fancy! Please look at these lines again:

.....
right = group.PermissionMask And SPRights.ViewListItems
         If right = SPRights.ViewListItems Then

.....

SPRights.ViewListItems checks for the "Reader" privileges only. You can modify these lines to check other privileges. For example:

SPRights.ManageLists: Use "ManageLists" if you want to check whether the user has "Approver" rights in the subsite. User with these rights can add, edit, delete, approve content in the sites.

SPRights.EditListItems: User with these permissions can add, delete, modify site content but can not approve items in the site.

Similarly, you can check for many other types of privileges in the site. For complete list of rights, see SPS SDK.

I hope you will find this small tool useful. It is meant for learning purposes only. If you are a beginner, you can pick up hints from this code and can expand and make some other useful application out of this code. I will posting more small applications soon. Stay tuned!

-SSA

How can I hide "Issues" List Template from users?

Q: I want to hide "Issues" List Template from users. Is it possible? When you click "Create" link in the navigation bar at the top you are shown templates for different lists including document and form libraries, contact, issues, tasks, events lists. Yes, you can hide a template by modifying the ONET.XML file. To hide the "Issues" list, follow these steps: 1. Go to this location: C:Program FilesCommon FilesMicrosoft Sharedweb server extensions60TEMPLATE1033STSXML 2. Open ONET.xml file for editing and please back up the original file before making any changes. 3. You will find list definitions for different lists inside tag. Simply comment out the list definition that you don't want to appear in the CREATE page. Use tags to comment out the line. For example, the following line will hide the "Issues" list template on the CREATE page: --> 4. Save the file and Restart IIS. 5. Remove tags to uncomment the line and make the list visible again. Caution: If you remove a list template from the ONET file, your existing lists based on that template will also cease to work. -SSA