El Blanco's Office 2007 Blog

Friday, July 13, 2007

Determining Whether a User is a Member of a SharePoint Group or Not . . .


By using the SPUser.Groups property you can easily enumerate the groups that a user has been assigned to. However one problem with this approach is that if the user is a member of a domain group that has been allocated to a SharePoint group, then this group does not appear in SPUser.Groups. e.g. say that a user account is assigned to SharePoint groups SP1, SP2 and SP3 and that the user is a member of an AD group, ADGroup1, which in turn is assigned to SharePoint group SP4. When enumerating SPUser.Groups only SP1, SP2, and SP3 will be listed even though the user is a member of SP4 indirectly via his membership of the ADGroup1 group.


So, how can we ascertain whether a particular user is a member of the SharePoint group or not, taking into account AD group membership ? The short answer is use the SPGroup.ContainsCurrentUser property as shown below:


string siteUrl = "http://localhost"
string userName = "DOMAIN\\username";
string groupName = "SharePoint Test Group";


SPSite siteCollection = new SPSite(siteUrl);
SPWeb site = siteCollection.OpenWeb();


SPGroup testGroup = site.Groups[groupName];
if (testGroup != null)
{
Console.WriteLine(
String.Format("Is current user in group={0}",
testGroup.ContainsCurrentUser.ToString()));
}

Obviously this only tells you whether the user account running the current context is a member of the group or not. In order to ascertain whether a different user is in the group you'll need to create an SPSite object using the appropriate SPUserToken to give you the appropriate context to use. An example can be seen below:


string siteUrl = " http://localhost ";
string userName = "DOMAIN\\anotheruser";
string groupName = "SharePoint Test Group";

SPSite siteCollection = new SPSite(siteUrl);
SPWeb
site = siteCollection.OpenWeb();
SPUserToken userToken = site.AllUsers[userName].UserToken;

// Use an SPSite and SPWeb that have the context of the appropriate user
using (SPSite contextSiteColl = new
SPSite(siteUrl, userToken))
{
using (SPWeb contextSite = contextSiteColl.OpenWeb())
{
SPGroup testGroup = contextSite.Groups[groupName];
Console.WriteLine(String.Format("Username = {0}, got group {1}.",
userName, groupName));
if (testGroup != null)
{
Console.WriteLine(String.Format("Is current user in group={0}",
testGroup.ContainsCurrentUser.ToString()));
}
}
}

8 Comments:

  • Thanks, this code sample was just what I needed for my web part.

    By Anonymous Anonymous, at 9:24 pm  

  • Thanks, I was having problems when using AsyncTaskDelegates as I needed to determine current user's group memberships in another thread.

    By Blogger Jussi Palo, at 11:42 am  

  • Great post! Although if the target user that you are trying to query doesn't have explicit membership in the sharepoint group, you will get a "user not found" exception when you attempt to get the token for the user. In other words, if the user has membership in sharepoint by an active directory group.
    If you are attempting to get the membership of the current user, you could change:

    SPUserToken userToken = site.AllUsers[userName].UserToken;

    to

    SPUserToken userToken = site.CurrentUser.UserToken;

    Still an excellent post though!

    By Blogger Derek Himes, at 9:33 pm  

  • Excellent post! Exactly what I needed.

    Further to derek's comment, you could just do a SPContext.Current.Web to get the current, and then you wouldn't need to dispose of the SPWeb and SPSite object.

    By Anonymous Anonymous, at 12:13 am  

  • Thank you so very much for this post. Since my SPGroup contained only AD group, it could not find the SPUser (SPUser is not the current user) inside it. Because it only allows spgroup.containsCurrenUser property, not a specific SPUser. So, only solution was this article. Changing the currentuser. Anyways, I changed the current user in this way:

    using (SPSite newContextSiteForUser = new SPSite(properties.SiteId, fieldValue.User.UserToken))
    {
    // part executes with different currentuser
    }

    By Blogger cosmicice, at 4:27 am  

  • Thank you very much! I searched few days to find a solution for this and I was becaming fery frustrated.
    Excelent post!

    By Anonymous Anonymous, at 7:23 pm  

  • This is just what I was looking for. Great find!

    By Anonymous Anonymous, at 3:02 am  

  • Thanks very much for this. It was exactly the problem I had, and it was exactly the fix that I needed.

    By Blogger Patrick, at 11:58 am  

Post a Comment

<< Home