none
check permission of a user using javascript RRS feed

  • Question

  • Hi,

    I have a scenario, wherein the logged in user will check the access of other users using their login name. (similar to check permissions).

    Need to develop an app, by which the logged in user will enter the 'username' of the required user whose access is to be checked.

    Thanks

    Senthil

    Monday, December 23, 2013 1:15 PM

All replies

  • I'm not much of a coder but I think these snippets from CodeProject might be of some use for you?

    http://www.codeproject.com/Articles/678653/How-to-check-user-permission-for-the-web-list-or-S


    Steven Andrews
    SharePoint Business Analyst: LiveNation Entertainment
    Blog: baron72.wordpress.com
    Twitter: Follow @backpackerd00d
    My Wiki Articles: CodePlex Corner Series
    Please remember to mark your question as "answered" if this solves (or helps) your problem.

    Monday, December 23, 2013 1:20 PM
    Answerer
  • Hi Steven,

    Thanks for your time,

    The requirement here is with the 'username' (string), we should be able to get his/her permission within the site.

    The snippets from CodeProject deals with the current user.

    Thanks

    Senthil

    Monday, December 23, 2013 1:24 PM
  • Do you only need to know the specified user's permission on the site itself, or do you need to know if they have access to any subsites, lists, folders or items with broken permission inheritance?
    Monday, December 23, 2013 6:17 PM
  • Can you post the code, if you have already developed one.

    You can use SP.Web.ensureUser(logonName) to see whether the user exists in the current site.

    http://msdn.microsoft.com/en-us/library/office/jj245233.aspx

    The only problem with EnsureUser is it will add the user to the site if not already exist.

    or use something like this to get all the users and check for permission (code from http://msdn.microsoft.com/en-us/library/office/fp179912.aspx) -

    ClientContext context = new ClientContext("http://SiteUrl"); 
    
    GroupCollection siteGroups = context.Web.SiteGroups; 
    
    // Assume that there is a "Members" group, and the ID=5. 
    Group membersGroup = siteGroups.GetById(5); 
    context.Load(membersGroup.Users); 
    context.ExecuteQuery(); 
    
    foreach (User member in membersGroup.Users) 
    { 
        // We have all the user info. For example, Title. 
        label1.Text = label1.Text + ", " + member.Title; 
    }  
    

    Hope this helps!



    MCITP: SharePoint 2010 Administrator
    MCTS - MOSS 2007 Configuring, .NET 2.0
    | SharePoint Architect | Evangelist |
    http://www.sharepointdeveloper.in/
    http://ramakrishnaraja.blogspot.com/

    Monday, December 23, 2013 7:08 PM
  • Hi,

    Ideally, i want to check whether the user (username) has access to the site or not. The user may be added even via AD group, means AD group will be added into SharePoint Group.

    Thanks

    Senthil

    Tuesday, December 24, 2013 8:55 AM
  • Looping the group will satisfy the requirement, if the user is directly added to the SP Group, but if the user is given permission via AD group, this technique will not work.

    Pls correct me if am wrong.

    Tuesday, December 24, 2013 8:57 AM
  • The other way of getting the users effective permission is to use SPWeb.GetUserEffectivePermissionInfo (http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.spsecurableobject.getusereffectivepermissioninfo.aspx)

    or some thing like

    set SP.PermissionKind (http://msdn.microsoft.com/en-us/library/office/ff409343(v=office.14).aspx) for permissions that you would like to check for, and pass this value to doesUserHavePermissions

    var userPermission = web.doesUserHavePermissions(spbasepermission)

    Hope this helps!




    MCITP: SharePoint 2010 Administrator
    MCTS - MOSS 2007 Configuring, .NET 2.0
    | SharePoint Architect | Evangelist |
    http://www.sharepointdeveloper.in/
    http://ramakrishnaraja.blogspot.com/


    Tuesday, December 24, 2013 5:56 PM
  • Hi,

    I wanted this requirement in a SharePoint app, also doesUserHavePermissions() works only for the current user.

    I wanted to check the permission of other users as well, by making use of their 'username'.

    Thanks

    Senthil

    Thursday, December 26, 2013 10:24 AM
  • Hi Senthil,

    Assuming the person clicking the button has access to view group membership, the following JavaScript will allow them to specify a user and see what permissions have been assigned to that user on the current site. This is only looking at the site-level permissions, and does not include permissions assigned on any lists or libraries that have broken permission inheritance.

    <div><input type="text" id="input_userlogin"></input>
    <input type="button" onclick="GetPermissions()" value="Check Permissions"/>
    </div>
    <div id="permission_results"></div>
    <div id="group_results"></div>
    <script>
    function GetPermissions(){
     var username = document.getElementById("input_userlogin").value;
     document.getElementById("group_results").innerHTML = "";
     if(username.length == 0){
      document.getElementById("permission_results").innerHTML = "Specify a login name to check permissions";
      return;
     }
     var clientContext = new SP.ClientContext();
     var web = clientContext.get_web();
     var collGroup = clientContext.get_web().get_siteGroups();
     var defaultPerms = web.get_roleAssignments();
     clientContext.load(web);
     clientContext.load(collGroup);
     clientContext.load(defaultPerms, 'Include(Member, RoleDefinitionBindings)');
     clientContext.executeQueryAsync(Function.createDelegate(this, function(){
      /* Success */
       var userLogin = "";
       var userDisplay = "";
       var roles = [];
       var groupIds = [];
       var groupNames = [];
       var groupRoleBindings = [];
       var groupUsers = [];
       var assignmentEnumerator = defaultPerms.getEnumerator();
       while(assignmentEnumerator.moveNext()){
        var roleAssignment = assignmentEnumerator.get_current();
        var member = roleAssignment.get_member();
        if(member.get_principalType() == 1) /* it's a user */ {
         if(member.get_title().toLowerCase().indexOf(username.toLowerCase()) > -1 || member.get_loginName().toLowerCase().indexOf(username.toLowerCase()) > -1){
          var roleEnumerator = roleAssignment.get_roleDefinitionBindings().getEnumerator();
          while(roleEnumerator.moveNext()){
           roles.push("<li><b>"+roleEnumerator.get_current().get_name()+"</b> granted directly to <b>"+member.get_title()+"</b> ("+member.get_loginName()+")</li>");
          }
         }
        }else if(member.get_principalType() == 8) /* it's a sharepoint group */ {
         groupIds.push(member.get_id());
         groupNames.push(member.get_title());
         groupRoleBindings.push(roleAssignment.get_roleDefinitionBindings());
        }
       
       }
       if(roles.length == 0){
        document.getElementById("permission_results").innerHTML = "No direct role assignments detected for specified user login";
       }else{
        document.getElementById("permission_results").innerHTML = "<ul>"+roles+"</ul>";
       }
       if(groupIds.length > 0){
        var groupList = document.createElement("<ul>");
        groupList.id = "group_list";
        document.getElementById("group_results").appendChild(groupList);
        for(var i = 0; i < groupIds.length; i++){
         groupUsers.push(collGroup.getById(groupIds[i]).get_users());
         clientContext.load(groupUsers[i]);
         GetGroupMembership(username,clientContext,groupUsers[i],groupNames[i],groupRoleBindings[i],groupList);
        }
       }
      }),Function.createDelegate(this, function(){
      /* Failure */
       
      }));
    }
    function GetGroupMembership(username,clientContext,users,groupName,roleBindings,targetElement){
     clientContext.executeQueryAsync(Function.createDelegate(this,function(){
      /* success */
      var userEnum = users.getEnumerator(); 
      while(userEnum.moveNext()){
       var user = userEnum.get_current();
       if(user.get_title().toLowerCase().indexOf(username.toLowerCase()) > -1 || user.get_loginName().toLowerCase().indexOf(username.toLowerCase()) > -1){
        var roleEnumerator = roleBindings.getEnumerator();
        while(roleEnumerator.moveNext()){ 
         targetElement.innerHTML += "<li><b>"+roleEnumerator.get_current().get_name()+"</b> granted to <b>"+user.get_title()+"</b> ("+user.get_loginName()+") via <b>"+groupName+"</b> group</li>";
        }
       }
      }
     }),Function.createDelegate(this, function(){
      /* failure */
     }));
    }
    </script>

    You can add the above code to a content editor web part and it should function on the page.

    It also doesn't dig into Active Directory at all, but it does detect AD groups. You would have to add a third step if you wanted to run an LDAP query against your local AD to verify whether the specified user has access via the detected AD groups. I'm not sure how you could accomplish that through JavaScript, though it would be relatively simple from C#/.NET assuming you had the proper credentials to pass along.

    Hope that helps!



    • Edited by thriggle Friday, December 27, 2013 10:09 PM
    Friday, December 27, 2013 9:52 PM
  • You are simply awesome man....give exactly what I need.
    Wednesday, June 8, 2016 10:45 AM