SharePoint 2010: Adding a User to a Group from code - sharepoint

I am trying to add a user to an existing group from a custom login page. Right now, I have no problem getting the current user from SPWeb.CurrentUser. I can view all of this current users groups, but now I am having a problem adding this user to an existing group. I think I need to use SPRoleDefinition and SPRoleAssignment, but all I can find is how to change the permissions on a group using these classes. Does anyone know how I can add this user to a group by the groupname?
Thanks!

You can utilize this function to add user to the current site. You need to pass Group name and UserName.
public void AddUsers(string groupname, string username)
{
try
{
SPSecurity.RunWithElevatedPrivileges(delegate()
{
// Gets a new security context using SHAREPOINT\system
using (SPSite site = new SPSite(SPContext.Current.Site.Url))
{
using (SPWeb thisWeb = site.OpenWeb())
{
thisWeb.AllowUnsafeUpdates = true;
SPUser Name = thisWeb.EnsureUser(username);
thisWeb.Groups[groupname].AddUser(Name);
thisWeb.AllowUnsafeUpdates = false;
}
}
});
}
catch (Exception ex)
{
//Log error here.
}
}

Have you tried any of this?

If you're trying to add a user to a group, this should work:
SPUser currentUser = SPContext.Current.Web.CurrentUser;
SPGroup group = SPContext.Current.Web.SiteGroups["My Group Name"];
group.AddUser(currentUser);
http://msdn.microsoft.com/en-us/library/ms454048.aspx

Related

Check current user's permission if the user has no enumerate permission in SharePoint

As we know, we can check user's permission by doing this:
using (SPWeb web = site.OpenWeb(path))
{
SPUser user = SPContext.Current.Web.CurrentUser;
string loginName = user.LoginName;
if (web.DoesUserHavePermissions(SPBasePermissions.EnumeratePermissions))
{
if (web.DoesUserHavePermissions(user.LoginName, SPBasePermissions.Open))
{
//do something
}
}
}
Here is my question, if current user doesn't have enumerate permission, how to get permissions on SharePoint object? Thanks in advance.
You can do it by opening an "admin" web instance (creating a SPSite object and passing System account's user token to it). This way you do not have to worry about whether current user has or has not got enough permission.
SPUserToken adminToken = SPContext.Current.Web.AllUsers["SHAREPOINT\\System"].UserToken;
using (SPSite adminSite= new SPSite(SPContext.Current.Site.ID, adminToken) ) {
using (SPWeb adminWeb = adminSite.OpenWeb(SPContext.Current.Web.ID)){
if (adminWeb.DoesUserHavePermissions(SPContext.Current.Web.CurrentUser.LoginName, SPBasePermissions.Open)) {
//do something
}
}
}
Of course, you better not do this on every page load as creation and disposing of SPSite/SPWeb objects is relatively expensive.
Here I have defined a function that takes a SharePoint list object, a Role type and a User.
portal : The sharepoint list or document library object.
role : RoleType provided by sharepoint like Read, Design etc.
user : user to whom you want to grant role on portal.
Hope it will help you.
public static void AssignPermissionToPortal(string portal, SPRoleType role, SPUser user)
{
try
{
// Run with elevated privileges
SPSecurity.RunWithElevatedPrivileges(delegate()
{
using (SPSite site = new SPSite(SPContext.Current.Web.Site.ID))
{
using (SPWeb web = site.OpenWeb(SPContext.Current.Web.ID))
{
web.AllowUnsafeUpdates = true;
SPList portalList = SPListHelper.GetSPList(portal, web);
portalList.BreakRoleInheritance(false);
//Add Readers on portal
SPRoleDefinition permission = web.RoleDefinitions["Read"];
if (role == SPRoleType.Administrator)
permission = web.RoleDefinitions["Full control"];
else if (role == SPRoleType.Contributor)
permission = web.RoleDefinitions["Contribute"];
else if (role == SPRoleType.WebDesigner)
permission = web.RoleDefinitions["Design"];
else
permission = web.RoleDefinitions["Read"];
// Check the user Role on site level.
SPUser roleUser = uHelper.GetUserById(user.ID);
if (roleUser != null)
{
SPRoleAssignment assignment = new SPRoleAssignment(roleUser);
assignment.RoleDefinitionBindings.Add(permission);
portalList.RoleAssignments.Add(assignment);
portalList.Update();
}
web.AllowUnsafeUpdates = false;
}
}
});
}
catch (Exception ex)
{
Log.WriteException(ex);
}
}

Access denied error while using People picker on custom page

We have custom upload page for document library.
On upload page we have one people picker field,
(user can enter multiple users id)
Design for People picker
<SharePoint:PeopleEditor ID="pplApprovers" runat="server" Width="250px" Height="25px" MultiSelect="true"/>
to get emp id from people picker we use below code
public ArrayList approversArray;
public SPFieldUserValueCollection approversCollection;
try
{
SPSecurity.RunWithElevatedPrivileges(delegate()
{
ArrayList aAccount1 = new ArrayList();
approversArray= pplApprovers.Entities;
approversCollection = new SPFieldUserValueCollection();
SPUser user;
SPGroup group;
SPUser currentUser;
SPWeb web=SPControl.GetContextWeb(Context);
currentUser=web.CurrentUser;
ArrayList aAccount = new ArrayList();
aAccount = pplApprovers.Accounts;
ArrayList peEntities = pplApprovers.Entities;
approversArray = pplApprovers.ResolvedEntities;
foreach (PickerEntity entity in approversArray)
{
if (entity.EntityData["PrincipalType"].ToString() == "SharePointGroup")
{
group = web.SiteGroups[entity.Key];
approversCollection.Add(new SPFieldUserValue(web,group.ID, group.Name));
}
else
{
//handles SecurityGroup, Distribution List and User
user = web.EnsureUser(entity.Key);
approversCollection.Add(new SPFieldUserValue(web,user.ID, user.Name));
}
}
});
catch (Exception ex)
{
// Manage error event
}
and after getting this value we are inserting it in document library.
item.Item["Account Partner"]="approversCollection";
but after clicking upload button the only user who have site admin access can successfully upload the file but other user's who don't have admin access gets redirected to the
https://web/_layouts/AccessDenied.aspx
page
We tried using SPSecurity.RunWithElevatedPrivileges but got no success...
Anyone please let me know how to resolve this issue or alternate way to use people picker
Instead of using the SPContext of the web object you need to create a new site and web object under the elevated privileges.
SPWeb web=SPControl.GetContextWeb(Context)
You need to use this under your elevated permissions:
using (SPSite site = new SPSite(SPContext.Current.Web.Url))
{
using(SPWeb web = site.OpenWeb())
{
....
}
}

membership requests e-mail address for SPGroup sharepoint

While creating Group in sharepoint we have an option
"Send membership requests to the following e-mail address"
It is used to send membership request to the SPGroup.
But how can we set the e-mail address programmatically
I'm trying to accomplish the same thing in a feature activated event. I have found how to create the group and how to access these settings in the object model. You can use my example below. The problem is, my changes to these boolean properties of the SPGroup don't take, despite calling SPGroup.Update(). The SPGroup created still uses the default settings (membership requests are turned off).
public override void FeatureActivated(SPFeatureReceiverProperties properties)
{
SPSite site = (SPSite)properties.Feature.Parent;
{
using (SPWeb web = site.RootWeb)
{
SPGroupCollection collGroups = web.SiteGroups;
SPUser user = web.EnsureUser("DOMAIN\\username");
collGroups.Add("MySPGroupName", user, user, "MySPGroupDescription");
if (!web.AssociatedGroups.Contains(collGroups["MySPGroupName"]))
{
web.AssociatedGroups.Add(collGroups["MySPGroupName"]);
}
SPRoleAssignment assignment = new SPRoleAssignment(collGroups["MySPGroupName"]);
SPRoleDefinition def = web.RoleDefinitions.GetByType(SPRoleType.Contributor);
assignment.RoleDefinitionBindings.Add(def);
web.RoleAssignments.Add(assignment);
web.Update();
collGroups["MySPGroupName"].AllowMembersEditMembership = true;
collGroups["MySPGroupName"].AllowRequestToJoinLeave = true;
collGroups["MySPGroupName"].OnlyAllowMembersViewMembership = false;
string emailForRequests = "username#domain.com";
if (!String.IsNullOrEmpty(user.Email))
emailForRequests = user.Email;
collGroups["MySPGroupName"].RequestToJoinLeaveEmailSetting = emailForRequests;
collGroups["MySPGroupName"].Update();
}
}
}
If using SP 2013, using PowerShell you can use the following code:
$membersGroup = $siteCollection.SiteGroups["$groupName"]
$membersGroup.RequestToJoinLeaveEmailSetting = "someone#mail.com"
$membersGroup.Update()

Checking permissions of a user with a site collection

I want to check whether a user has permissions to a site collection. But i dono how to use SPSite.DoesUserHavePermissions().
What is SPReusableAcl? How can i get it for checking the permissions of the user?
Doesn't the MSDN article (SPWeb.DoesUserHavePermissions Method (String, SPBasePermissions)) help you? The example code can be used to check whether the user has access to a site collection:
using System;
using Microsoft.SharePoint;
namespace Test
{
class Program
{
static void Main(string[] args)
{
using (SPSite site = new SPSite("http://localhost"))
{
using (SPWeb web = site.OpenWeb())
{
// Make sure the current user can enumerate permissions.
if (web.DoesUserHavePermissions(SPBasePermissions.EnumeratePermissions))
{
// Specify the permission to check.
SPBasePermissions permissionToCheck = SPBasePermissions.ManageLists;
Console.WriteLine("The following users have {0} permission:", permissionToCheck);
// Check the permissions of users who are explicitly assigned permissions.
SPUserCollection users = web.Users;
foreach (SPUser user in users)
{
string login = user.LoginName;
if (web.DoesUserHavePermissions(login, permissionToCheck))
{
Console.WriteLine(login);
}
}
}
}
}
Console.ReadLine();
}
}
}
In the sample code above you would just have to change your Site URL and the Variable permissionToCheck. SPBasePermissions has a lot of possible permissions to check against, you can see the enumeration here (SPBasePermissions Enumeration).
Actually there are a lot of tutorials on how to check some user's permissions and you are not limited to DoesUserHavePermissions, see the following Google Search.
As usual, the MSDN examples provide nice textbook examples that do not always apply to real-life scenarios.
In the context of an application page running on SharePoint 2010, from what i understand this code needs to be wrapped in a call to RunWithElevatedPrivileges and even then, as my comment implies, it seems there is an implied catch-22 in the requirements. This works for me (the LoginName is just the FBA username or "domain\user" for AD user for the site - in our case an e-mail address is used):
SPSecurity.RunWithElevatedPrivileges(delegate()
{
using (SPSite elevatedSite = new SPSite(siteCollectionUrl))
{
foreach (SPSite siteCollection in elevatedSite.WebApplication.Sites)
{
using (SPWeb elevatedWeb = siteCollection.OpenWeb())
{
bool allowUnsafeUpdates = elevatedWeb.AllowUnsafeUpdates;
bool originalCatchValue = SPSecurity.CatchAccessDeniedException;
SPSecurity.CatchAccessDeniedException = false;
try
{
elevatedWeb.AllowUnsafeUpdates = true;
// You can't verify permissions if the user does not exist and you
// can't ensure the user if the user does not have access so we
// are stuck with a try-catch
SPUser innerUser = elevatedWeb.EnsureUser(loginName);
if (null != innerUser)
{
string splogin = innerUser.LoginName;
if (!string.IsNullOrEmpty(splogin) && elevatedWeb.DoesUserHavePermissions(splogin, SPBasePermissions.ViewPages))
{
// this user has permissions; any other login - particularly one that
// results in an UnauthorizedAccessException - does not
}
}
}
catch (UnauthorizedAccessException)
{
// handle exception
}
catch (Exception)
{
// do nothing
}
finally
{
elevatedWeb.AllowUnsafeUpdates = allowUnsafeUpdates;
// reset the flag
SPSecurity.CatchAccessDeniedException = originalCatchValue;
}
}
}
}
});
SPSite.DoesUserHavePermissions(SPReusableAcl, SPBasePermissions);

Fba roles with SharePoint user groups

I have built custom Membership and Role providers. Users are some clients that belong to the company and I am using Company as a Role.
I would like to create SharePoint Group and add more companies to it (for example type of industry) and then do redirecting and security by the SPGroup.
How do I retrieve SPGroup for the current logged in user ?
I would like to this in my custom Login page so another problem is how do I retrieve SPUser or SPGroup knowing login name ?
This is what I have now:
private List GetGroupsForUser(List roleAccounts)
{
List groups = new List();
SPSecurity.RunWithElevatedPrivileges(
delegate()
{
using (SPSite site = new SPSite(SPContext.Current.Web.Site.ID))
{
SPUserCollection users = site.RootWeb.SiteUsers;
foreach (string account in roleAccounts)
{
SPGroupCollection accGroups = users[account].Groups;
foreach (SPGroup spg in groups)
{
groups.Add(spg);
}
}
}
}
);
return groups;
}
private string GetRoleManagerName()
{
foreach (KeyValuePair setting in SPContext.Current.Site.WebApplication.IisSettings)
{
if (string.IsNullOrEmpty(setting.Value.RoleManager) == false)
return setting.Value.RoleManager.ToLower();
}
return null;
}
private List GetSpAccounts()
{
List roleAccounts = new List();
string roleProviderName = GetRoleManagerName();
foreach (string role in Roles.GetRolesForUser(login.UserName))
{
roleAccounts.Add(roleProviderName + ":" + role.ToLower());
}
return roleAccounts;
}
// and now I can use it
List roleAccounts = GetSpAccounts();
List groups = GetGroupsForUser(roleAccounts);
But I have a felling that I should not have to do this manually like this. How will Target Audience work if only role is added to the group ?
Use the OwnedGroups property of the SPUser class to return the collection of groups owned by a user.
Update misunderstood the question:
Get the currently logged in user: SPContext.Current.Web.CurrentUser
Add that use to a group: SPGroup.Users.Add([username],[email],[name],[notes]);
Update, third times the charm. So you want to find out what group the user is in based on the roles they have?
It's a bit of a combination of the above two attempts at answering it:
var matched = from r in SPContext.Current.Web.CurrentUser.Roles
where r.Name = [Role]
select r.Groups;
Important note that the Roles property won't work in the next version of SharePoint!
Personally I think SPContext.Current.Web.CurrentUser.Groups would be an easier way to figure out what groups the user is in, but it ignores your role requirementment.

Resources