How do I figure out the role(s) of a user in a site using the webservices API? All I have to go on is the username and domain.
I've found that the PermissionsService.Permissions.GetPermissionCollection(url,"Web") will return a collection of permitted users and groups with their permissions masks but I still need to figure out if the user is in any of the groups and then convert the permissions masks into a roles collection.
I feel like there's a better way to do this and I'm just missing it.
Hi
In this blog post I use the UserGroup web service to list the SharePoint groups a user belongs to: http://www.theblackknightsings.com/ListAllSharePointGroupsAUserBelongsTo.aspx
Try using the GetRoleCollectionFromUser method from the UserGroup web service, It'll give you the list of the roles to which the user belongs in your site.
Just call it passing as a parameter your domain\userName.
Find its definition here: http://msdn.microsoft.com/en-us/library/ms772680.aspx
The returned xml will be something like the following, then you just get the info you need.
<GetRoleCollectionFromUser xmlns="http://schemas.microsoft.com/sharepoint/soap/directory/">
<Roles>
<Role ID="1073741829" Name="Full Control" Description="Has full control." Order="1" Hidden="False" Type="Administrator" BasePermissions="FullMask" />
<Role ID="1073741825" Name="Limited Access" Description="Can view specific lists, document libraries, list items, folders, or documents when given permissions." Order="8" Hidden="True" Type="Guest" BasePermissions="ViewFormPages, Open, BrowseUserInfo, UseClientIntegration, UseRemoteAPIs" />
</Roles>
</GetRoleCollectionFromUser>
I've solved something similar - my method checks if user is assigned a specific role. Here's the algorithm first:
And the code:
public bool IsAssignedAPermission(string premissionName, string userLoginName)
{
XmlNode nodes;
bool isAssignedAPermission;
isAssignedAPermission = false;
//Check if user is directly assigned a Full Control role
try
{
nodes = userGroupService.GetRoleCollectionFromUser(userLoginName);
using (XmlNodeReader reader = new XmlNodeReader(nodes))
{
DataSet ds = new DataSet();
ds.ReadXml(reader);
DataTable dt = ds.Tables[1];
foreach (DataRow row in dt.Rows)
{
string permission = row[1].ToString();
if (permission == premissionName)
{
isAssignedAPermission = true;
break;
}
}
}
}
catch
{
List<string> groupMemberships;
List<string> fullControlGroups;
//Check if user is a member of a Full Control group
//This is done in three steps:
//1. Get the list of groups the user is member of
groupMemberships = new List<string>();
nodes = userGroupService.GetGroupCollectionFromUser(userLoginName);
using (XmlNodeReader reader = new XmlNodeReader(nodes))
{
DataSet ds = new DataSet();
ds.ReadXml(reader);
DataTable dt = ds.Tables[1];
foreach (DataRow row in dt.Rows)
{
string groupName = row[1].ToString();
groupMemberships.Add(groupName);
}
}
//2. Get the list of groups that have Full Control permissions
fullControlGroups = new List<string>();
nodes = userGroupService.GetGroupCollectionFromRole(premissionName);
using (XmlNodeReader reader = new XmlNodeReader(nodes))
{
DataSet ds = new DataSet();
ds.ReadXml(reader);
DataTable dt = ds.Tables[1];
foreach (DataRow row in dt.Rows)
{
string groupName = row[1].ToString();
fullControlGroups.Add(groupName);
}
}
//3. Check if user belongs to any of the Full Control groups
foreach (string membership in groupMemberships)
{
if (fullControlGroups.Contains(membership))
{
isAssignedAPermission = true;
break;
}
}
}
return isAssignedAPermission;
}
Method parameter userLoginName should be in a form domain\username, e.g. SHAREPOINT\Boris. I hope I helped. Cheers