currently I'm trying to retrieve all the groups that is in my sharepoint site. After which, I need to know which users are in the group and the level of site permission for each user. I'm using WSS 3.0 , developing in C# (visual studio 2008).
Help really needed as I'm still new in this area. Thanks in advance!
Groups can be found like:
SPSite siteCollection = new SPSite("site url");
SPWeb site = siteCollection.OpenWeb();
foreach(SPGroup group in site.Groups){
Console.WriteLine(group.Name);
foreach(SPUser u in group.Users){
//will give you users in group, you can then grab the roles of the user
}
}
To find what permissions a role has:
SPSite oSiteCollection = SPContext.Current.Site;
using(SPWeb oWebsite = oSiteCollection.AllWebs["Site_Name"])
{
SPMember oMember = oWebsite.Roles["Role_Name"];
oWebsite.Permissions[oMember].PermissionMask =
SPRights.ManageLists | SPRights.ManageListPermissions;
}
The permissions matrix can be found here
If you are looking for code to work for using client object model, you may review the following links.
For getting the groups.
http://social.technet.microsoft.com/wiki/contents/articles/24075.how-to-get-sharepoint-user-group-names-in-a-netc-client-application-using-sharepoint-client-object-model.aspx
For getting the permission levels associated with groups.
http://social.technet.microsoft.com/wiki/contents/articles/24087.how-to-get-the-permission-levels-associated-with-sharepoint-user-groups-using-client-object-model-in-netc.aspx
Related
i have a sharepoint 2013 project and i need to create a list of all employees created on active diretory in last 30 days.
What is the best way to do that?
I think that i can do a c# query to active directory using the system.DirectoryServices but because i'm implementing this on a sharepoint farm i dont know if is the best way to do that.
On sharepoint i have the User Profile Service running, so my question is if i can do this with the User Profile Service or use the "old c# way"
Thanks
Flávio
If you run "user profile service synchronization" service, your "user information list" will be uptade. Then you can filter the list by created date. Also you can synch. any AD field with "user information list"
(simple : http://yasingokhanyuksel.blogspot.com.tr/2015/11/sharepoint-survey-add-active-directory.html)
"user information list" is hidden, so type http://yourSiteUrl/_catalogs/users/simple.aspx
more information
http://zimmergren.net/technical/sharepoints-hidden-user-list-user-information-list
ygy59 is right about the hidden "user information list" being the only source of a date for a user in SharePoint. To access it programmatically you would do something like this:
using (ClientContext context = new ClientContext(projURL))
{
CamlQuery query = new CamlQuery();
query.ViewXml = "";
ListItemCollection items = context.Web.SiteUserInfoList.GetItems(query);
context.Load(items);
context.ExecuteQuery();
foreach (ListItem item in items)
{
DateTime hireDate = (DateTime)item["Created"];
if(hireDate > DateTime.Today.AddDays(-30))
{
Console.WriteLine(item["Name"]);
}
}
Console.ReadLine();
}
It's important to note that this is the date the item was added to SharePoint and not the day the account was created. That is something you can control via your server settings though.
Flávio,
When I have created these sorts of solutions for SharePoint environments in the past I have often had to edit them once live to take account of "new requirements" which weren't specified at the beginning.
I would suggest that you architect your solution so that it is simple for the user and or yourself to add extra fields to display, and select by other time periods e.g. new users in past 7 days, new users in past 90 days. OR display firstname, logon, lastname, department, manager, email, phone etc
We did this for one project by allowing specific URL parameters to be used e.g. myreport.aspx?numdays=60&display=firstname,manager,email
Good luck
Dorje
SharePoint's user profile service is useful for a lot of things, but I'm not sure it's warranted here (you're not creating audiences, aggregating user information from multiple sources, exposing editable properties, etc.).
Assuming this is an on-premises SharePoint farm coupled with an on-premises Active Directory, I would just hit up Active Directory directly for this information.
As you mentioned, you'll need to add a reference to System.DirectoryServices in your C# code.
string subpath = "CN=something, CN=com"; // CNs appropriate to your environment here
string filter = ""; // append additional LDAP filter parameters as necessary
// build LDAP filter query
DateTime date = DateTime.UtcNow;
date.AddDays(-30);
string LDAPQuery = "(&(whenCreated>="+date.ToString("YYYYMMdd")+"000000.0Z)" + filter + ")";
// get DNS host name
DirectoryEntry entry = new DirectoryEntry("LDAP://RootDSE");
Object value = entry.NativeObject;
string dnsHostName = entry.Properties["dnsHostName"].value.ToString();
// search Active Directory
DirectorySearcher searcher = new DirectorySearcher();
searcher.Filter = LDAPQuery;
searcher.SearchRoot = new DirectoryEntry("LDAP://"+dnsHostName+"/"+subpath);
SearchResultCollection results = searcher.FindAll();
// then iterate through results and
// either display them on a page or create items in a list
As Dorje McKinnon mentioned, it's a good idea to make the code flexible enough to accommodate new requirements. I'd parameterize the LDAP query and subpath strings and put them in a SharePoint list somewhere, then have your C# code retrieve them from the SharePoint list before it executes the query.
If this code is going to be run frequently, and if it's only really being used for reporting purposes, you might want to avoid creating SharePoint list items for each of the AD profiles discovered, and instead just show the results on a page, such as in a grid view.
Am trying to find the current logged user in sharepoint site workflow 2010 while creating a project. Based on the user, I would like to retrieve the current user's project manager. Every time am trying to retrieve current user name, it's giving System Account.
I even tried logging in as different user but still displaying System Account as the current user.
I tried following options :
SPUser user = workflowProperties.OriginatorUser;
SPUser user = SPContext.Current.Web.CurrentUser;
SPWeb web = SPContext.Current.Web;
SPUser user = web.CurrentUser;
SPContext.Current.Web.CurrentUser.LoginName;
But everything failed. Am sure that am doing something wrong. I don't know the correct procedure. Some procedures give me null or Object reference not set to an instance of the object or System Account details. I have even tried using elevated permission and its giving me null value.
SPSecurity.CodeToRunElevated elevatedSubmit = new SPSecurity.CodeToRunElevated(delegate
{
//SPUser user = SPContext.Current.Web.CurrentUser;
//string strAssignedTo = user.Name;
string sspURL = "http://localhost/PWA/default.aspx";
SPSite site = new SPSite(sspURL);
SPWeb web = site.OpenWeb();
SPUser theUser = web.CurrentUser;
string strUserName = theUser.Name;
});
SPSecurity.RunWithElevatedPrivileges(elevatedSubmit);
Am I supposed to add users explicitly as SPUser or any other changes before trying to retrieve current user via workflow ?
SharePoint 2010 Get Current Username / Logged in User
check this StackExchange answer as well
Get the current user interacting with a site workflow
if you are wanting to get the current user when you log in you can try something like this
SPWeb webSite = SPControl.GetContextWeb(SPContext);
SPUser spUser = webSite.CurrentUser;
string strUserName = spUser.LoginName;
using this line below will return the OriginatorUser however if you are not logged in as Admin you will get the System Account UserName
//This give the Login name e.g <domain>\<name>
workflowProperties.OriginatorUser.LoginName;
** Note ** I noticed that in your code you are trying to get / assign user twice
you should only need this line if you decide to use your code
SPUser user = SPContext.Current.Web.CurrentUser;
its seem to work :
SPUser user = this.workflowProperties.OriginatorUser;
RunWithElevatedPrivileges gives you system account privileges in addition to the privileges you would get with a reverto call.
is that code executed on SPSecurity.RunWithElevatedPrivileges method ??
Here is a another trick that i found :
string ModifiedbyUserName = Convert.ToString(workflowProperties.Item.GetFormattedValue("Modified By"));
see this : logged-in user in workflow
Helps it helps!!
I'm trying to get one user group in SP 2010. I currently have five groups but SPGroupCollection only contains two when i read the groups with oSPWeb.Groups. Anyone know if there is any security or other reason for this?
Code:
using (SPSite oSPsite = new SPSite(_serverUrl))
{
using (SPWeb oSPWeb = oSPsite.OpenWeb())
{
SPGroup spGroup = oSPWeb.Groups["AIT Owners"];
}
}
Yes, there is a security reason. The Groups property will only return groups that have assigned permissions within the website, while the SiteGroups property returns all groups within the site collection.
For more information, there are a number of blog articles that cover the difference.
I have a document library which is not inherting the site permission (Custom permission is set).Now i want to find out who has administator permission to this library using C#.
I need to list out user id which i have admin rights.
Thanks,
There is no such thing as a List Administrator. But you can get the users and groups with manage lists permissions though:
SPList list = // get your list
IEnumerable<SPPrincipal> admins = list.RoleAssignments.Cast<SPRoleAssignment>()
.Where(ra =>
ra.RoleDefinitionBindings.Cast<SPRoleDefinition>()
.Any(r => (r.BasePermissions & SPBasePermissions.ManageLists) == SPBasePermissions.ManageLists))
.Select(ra => ra.Member);
Update:
Permissions on a SPFolder can be checked via the corresponding SPListItem. This can be retrieved via the SPFolder.Item property. Since both, the SPListItem and the SPList, inherit from the SPSecurableObject the check for the SPListItem is the same as described above.
To distinguish SPUser from SPGroup simply check the type of SPRoleAssigment.Member:
IEnumerable<SPUser> adminUsers = admins.OfType<SPUser>();
Be aware that a SPUser object can represent an AD security group. This can be checked via the SPUser.IsDomainGroup property.
I want regular user can access the "User Information List" in Mysite root site. I am using "RunWithElevatedPrivileges" method. Still throwing access denied error. per example my root site collection for mysite is "http://network.test.com". the user want assess userinformation list this site collection. How can he access that?
SPSecurity.RunWithElevatedPrivileges(delegate
{
using (SPSite site = new SPSite(SPContext.Current.Web.Site.ID))
{
ServerContext sc = ServerContext.Current;
UserProfileManager upm = new UserProfileManager(sc);
UserProfile up = null;
//get current user's profile (visitor)
if (upm.UserExists(SPContext.Current.Web.CurrentUser.LoginName))
{
up =upm.GetUserProfile(SPContext.Current.Web.CurrentUser.LoginName);
SPWeb web = SPContext.Current.Web;
SPList userInformationList = web.Lists["User Information List"];
SPContext.Current runs outside the RunWithelevatedPrivileges elevated context. For more info see this blog post.
You're setting your SPWeb to SPContext.Current.Web, this doesn't have elevated privileges. Only SPWebs created from SPSites created inside the delegate are elevated.
So you need to replace
SPWeb web = SPContext.Current.Web;
with
SPWeb web = site.OpenWeb(SPContext.Current.Web.ID);
You're setting your SPWeb to SPContext.Current.Web this doesn't have elevated privileges.
Refer this post: