I have a project where I have a username (but not the password) and need to check if the user can access an item. This must be on the item-level and not the web level since rights may not be inherited.
I am aware of the SPWeb.CheckPermissions but figured it will only test if the user can access the actual spweb.
Thanks
== EDIT ==
I was able to achieve this by doing this
var item = properties.ListItem;
SPUser user = SPContext.Current.Web.EnsureUser(#"domain\logonname");
item.DoesUserHavePermissions(user, SPBasePermissions.OpenItems);
My question remains a bit however. Is this possible to do via the web service api?
With SharePoint 2013 you can use the REST API to query static methods. An interesting method would be the SPUtility.GetPrincipalsInGroup. Of course you can't ask for "has open permission", but you can ask for a specific group. To query a static method refer to: Programming using the SharePoint 2013 REST service, look for the section Specifying static methods and properties as REST service URIs. Of course you would have to call the Web Service with an authenticated user and the group needs to be enabled to be enumerable by all users.
Related
I have a public facing SP site ( SP online 2013 with Office 365 ). There are certain app parts added to it which read data from a custom list created on that site. By default anonymous users do not have read permissions list. I want users to see the list data without login in . I tried modifying the settings for anonymous users , however I am unable to do it as the "anonymous user" permissions cannot be checked by me.
How do I provide read permissions to anonymous users?
Thanks in advance
If i remember rightly enabled anonymous access on the list simply allows users who aren't authenticated to view the list. However they won't be able to access the list directly on the interface as you would need to be authenticated for that. If the list is accessed directly from a web part or user control then you simply need to ensure the page which contains the control is published and your site available as anonymous access.
I have crated a custom site that would provide registration for new user who wold like to access my sharepoint site with asp.net membership account. When new user clicks register, i would like to send email notification about new user to all members of a particular sharepoint group. The problem is, the registration site allows anonymous access (well it has to :)) but the code (second line) that gets all the users in group redirects me to a login page:
var web = SPContext.Current.Web;
return web.Groups[groupName].Users;
I have created a new user group and set 'Who can view the membership of the group?' to everyone, but still, I can't get the groups without being logged in. Is is possible at all?
SharePoint has the ability to run code blocks using RunWithElevatedPrivileges, which runs under the identity of the SharePoint system account. If you wrap your code block above, you should be able to get the group you are referencing.
It is really important to make sure you are properly calling Dispose on your code so you are not leaving around reference to the spSite object etc. As a result, almost all RunWithElevatedPrivileges examples utilize the using construct.
More info at
http://msdn.microsoft.com/en-us/library/bb466220.aspx
When I did this before, I created a list that allowed anonymous users to create new items and then placed an alert on the list that sent notifications to the appropriate people/group. I don't remember there being any security problems sending notifications this way.
Here's the scenario:
We have an external SharePoint instance with anonymous access turned on. We want the document libraries open to the public. We do not want custom lists open. That was simple enough to configure.
Now we want to use those lists to create an attractive external ASP.Net web application. This web site will need anonymous enabled as well.
The problem is we need to access those lists from the web application without opening them to anonymous access.
We want to use the API (not web services) since this will be hosted on the same boxes.
So far we have been unable to create an SPUser with the appropriate access to open the lists.
SPContext is empty.
Doing this fails as well:
SPSite temp = new SPSite(URL);
SPUserToken token = temp.SystemAccount.UserToken;
SPSite site = new SPSite(URL, token); ...do stuff as the user.
RunWithElevatedPrivileges also fails.
Please help!
Any chance you are using SharePoint 2010? They have more options available to access from other applications. If not 2010, you are going to have to use a web service of some kind, either the OTB ones or your own Web Service that encapsulates your logic since the SP OM will not run on a non SharePoint box.
Independent of that, you could try getting the SPToken from the Application pool. Essentially
SPUserToken sysToken = SPContext.Current.Site.SystemAccount.UserToken;
using(var systemSite = new SPSite(SPContext.Current.Site.ID, sysToken))
Daniel Larson is a big proponent of this approach over using RunWithElevatedPriveleges. Check out his blog post on the matter.
I have a site setup using Claims Based (Forms) authentication with Anonymous access enabled.
When a user logs into the site they may exist in the Forms Database, but not in the SharePoint Site collection. In this case SPContext.Current.Web.SPUser returns NULL - even though they are logged in.
Is there another object similar to SPUser that I can use?
Is HttpContext.Current.User.Identity.IsAuthenticated == true? If so, try putting a call to SPContext.Current.Web.EnsureUser(HttpContext.Current.User.Identity.Name) before digging into Web.CurrentUser (which is what I presume you meant, not Web.SPUser)
-Oisin
I need to determine the sites and webs that a specified user can access in a SharePoint web application via the SharePoint API. Note the specified user is different from the current user that is calling the code. I initially was thinking of making use of the PortalSiteMapProvider, but it does not offer an option to change the user context in which it is built up. Can anyone offer any alternatives to this?
Thanks, MagicAndi
You could use the Webservices API:
Determining User's role in a SharePoint site/workspace using the webservices API
Not the most efficient solution to this problem, but you can iterate through all the site collections / webs in the web application and then call:
web.DoesUserHavePermissions(userID, SPBasePermissions.Open)
where "web" is a SPWeb object and userID is "DOMAIN\user.name" of the user you are checking access permissions for. Do it within a RWEP and make sure you dispose of your SPSite/SPWeb objects correctly.
One possible approach is to make use of impersonation to determine the sites and webs that a specific user (other than the current user) can access via the PortalSiteMapProvider. A method for impersonating another user in a SharePoint context is described here:
http://blackninjasoftware.com/2009/04/09/how-to-programmatically-impersonate-users-in-sharepoint/