Lately I’ve been working on a re-direct web part for a client. The web part should redirect the users immediately (preferably without them noticing it), and therefore a 5 second countdown is not an ideal way to go (also one of the reasons we’re not just using a redirect page layout). One of the issues I came across was, if the web part redirects immediately, how do you ever go in and change the settings easily?
My first thought was to only redirect users who weren’t in either of the Owner, Contributor or Web Designer groups. Of course since I’m somewhat of a rookie C# and Sharepoint developer it wasn’t obviously apparent to me how to go about checking for such memberships.
The first solution I came up with was the following:
if (currentWeb.UserIsSiteAdmin)
{
// some admin message here
}
else
{
// redirect
}
currentWeb.Dispose()
Of course this code only checks if the user is a site collection admin, so that was no good at all. After some (fruitless) googling and a lot of digging around in MSDN articles, I came up with an idea to use something like this:
SPWeb currentWeb = SPContext.Current.Web;
SPUser user = currentWeb.CurrentUser;
foreach (SPGroup roles in user.Groups)
{
if (roles == "Group Name 1" || roles == "Group Name 2" ||roles == "Group Name 3")
accessGranted = true; // If they do, set flag and grant them access
}
if (accessGranted)
{
// Show users with AddAndCustomizePages a message
this.Controls.Add(new LiteralControl("Use modify web part to change settings"));
}
else
{
// Re-direct other users
SPUtility.Redirect(redirectUrl, SPRedirectFlags.Default, this.Context);
}
currentWeb.Dispose();
Now this solution worked better then the first one, but it is not very flexible. If any of the groups changes names, or if additional groups are created, the web part has to be modified, rebuilt, and redeployed. After some more digging I came across RoleDefinitions and BasePermissions. With the help of these, I could write code that would redirect all users that didn’t have permissions to customize web parts, regardless of their group memberships.
oSPSite.CatchAccessDeniedException = false;
using (oSPWeb = oSPSite.OpenWeb(SPContext.Current.Web.ServerRelativeUrl.ToString()))
{
try
{
if (_enableRedirect && _redirectUrl != "#" && _redirectUrl != this.Page.Request.Url.ToString())
{
this.Controls.Add(new LiteralControl("<a href=\"" + _redirectUrl + "\">Click here if you are not redirected.</a><br>"));
if (oSPWeb.EffectiveBasePermissions.ToString().Contains(SPBasePermissions.AddAndCustomizePages.ToString()) || oSPWeb.EffectiveBasePermissions.ToString().Contains(SPBasePermissions.FullMask.ToString()))
this.Controls.Add(new LiteralControl("Modify web part to change re-direction settings."));
else
this.Page.Response.Redirect(_redirectUrl);
}
else
this.Controls.Add(new LiteralControl("Redirection is disabled.<br>"));
}
catch (Exception ex)
{
Label lblError = new Label();
lblError.Text = "An unhandled exception occurred: " + ex.Source + " : " + ex.TargetSite + " : " + ex.InnerException + " : " + ex.Message + " : " + ex.StackTrace;
lblError.Style["color"] = "red";
this.Controls.Add(lblError);
}
}
oSPSite.CatchAccessDeniedException = true;
oSPSite.Dispose();
ChildControlsCreated = true;
Obviously this is just a code snippet, but if you’re looking for something to help filter output or actions based on a users permissions it should give you a nudge in the right direction. Below is a list of the different Role Definitions and their respective Base Permissions.
Full Control
FullMask
Design
ViewListItems, AddListItems, EditListItems, DeleteListItems, ApproveItems, OpenItems, ViewVersions, DeleteVersions, CancelCheckout, ManagePersonalViews, ManageLists, ViewFormPages, Open, ViewPages, AddAndCustomizePages, ApplyThemeAndBorder, ApplyStyleSheets, CreateSSCSite, BrowseDirectories, BrowseUserInfo, AddDelPrivateWebParts, UpdatePersonalWebParts, UseClientIntegration, UseRemoteAPIs, CreateAlerts, EditMyUserInfo
Manage Hierarchy
ViewListItems, AddListItems, EditListItems, DeleteListItems, OpenItems, ViewVersions, DeleteVersions, CancelCheckout, ManagePersonalViews, ManageLists, ViewFormPages, Open, ViewPages, AddAndCustomizePages, ViewUsageData, CreateSSCSite, ManageSubwebs, ManagePermissions, BrowseDirectories, BrowseUserInfo, AddDelPrivateWebParts, UpdatePersonalWebParts, ManageWeb, UseClientIntegration, UseRemoteAPIs, ManageAlerts, CreateAlerts, EditMyUserInfo, EnumeratePermissions
Approve
ViewListItems, AddListItems, EditListItems, DeleteListItems, ApproveItems, OpenItems, ViewVersions, DeleteVersions, CancelCheckout, ManagePersonalViews, ViewFormPages, Open, ViewPages, CreateSSCSite, BrowseDirectories, BrowseUserInfo, AddDelPrivateWebParts, UpdatePersonalWebParts, UseClientIntegration, UseRemoteAPIs, CreateAlerts, EditMyUserInfo
Contribute
ViewListItems, AddListItems, EditListItems, DeleteListItems, OpenItems, ViewVersions, DeleteVersions, ManagePersonalViews, ViewFormPages, Open, ViewPages, CreateSSCSite, BrowseDirectories, BrowseUserInfo, AddDelPrivateWebParts, UpdatePersonalWebParts, UseClientIntegration, UseRemoteAPIs, CreateAlerts, EditMyUserInfo
Read
ViewListItems, OpenItems, ViewVersions, ViewFormPages, Open, ViewPages, CreateSSCSite, BrowseUserInfo, UseClientIntegration, UseRemoteAPIs, CreateAlerts
Restricted Read
ViewListItems, OpenItems, Open, ViewPages
Limited Access
Open, BrowseUserInfo, UseClientIntegration
For a full (alphabetically sorted) list of Base Permissions and their effects, have a look at this MSDN article.
Leave a Reply