tags:

views:

225

answers:

1
Q: 

Check User Permission to Site or Workspace given a URL

Given a list of Workspaces:

http://server/managed_path/sitecoll/basic
http://server/managed_path/sitecoll/blank
http://server/managed_path/sitecoll/decision
http://server/managed_path/sitecoll/multipage
http://server/managed_path/sitecoll/social

How can I call DoesUserHavePermissions() - or something similar - to find out if the currently logged in user can access the web site?

I am writing a user control to output a list of workspaces they have access to, but when I try to check, I get a variety of errors I can't seem to work around with this code:

foreach (String s in workspaces)
{
    using (SPSite site = new SPSite(s))
    {
        using (SPWeb web = site.OpenWeb(s))
        {
    // web.DoesUserHavePermissions(...)
        }
    }
}
+1  A: 

1) The list of URLs in your example are all in the same site collection, just different webs involved, this means you don't have to re-open the SPSite every time, just SPWebs

2) When opening the spsite, use "SystemAccount.Token" as in this example: http://blackninjasoftware.com/2009/04/09/how-to-programmatically-impersonate-users-in-sharepoint/

SPSite tempSite = new SPSite(siteStr); 
SPUserToken systoken = tempSite.SystemAccount.UserToken;
using (SPSite site = new SPSite(siteStr, systoken)) {
   //here goes the foreach loop and you iterate through the workspaces
}

This way you will be able to call "DoesuserHavePermissions" method.

3) This bear in mind that opening and closing SPWebs at runtime will hit performance. Try to cache the results of your code, if possible.

naivists  2010-01-20 20:07:20
Good answer, except I don't think you will be able to open a web if the user does not have access to it. At best, it will throw a FileNotFound exception and at worst it will open the SPSite's web without an exception. Be careful with OpenWeb and make sure it gets you the web you are looking for.
Kit Menke  2010-01-21 17:15:58
@Kit Menke, when you open a SPSite object using SystemAccount's user token, you *are* the system account. Hence, you can do whatever the system account can do.
naivists  2010-01-21 19:39:10
Sorry, I apparently didn't read it very closely. :) As the system account, you would have access to everything. I don't understand how being the system account would allow you to determine if the current user can open the URL or not...
Kit Menke  2010-01-21 21:36:43
@Kit, 'SPWeb' has a method "DoesUserHavePermissions" where you can pass a login to that method (http://msdn.microsoft.com/en-us/library/ms441848.aspx) You take the login from SPContext.Current.Web.CurrentUser, but do the tests using System account.
naivists  2010-01-21 21:40:16
Ah now it all makes sense! Thanks for the explanation.
Kit Menke  2010-01-21 22:07:34

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?