In Sharepoint - Programmicatically Figuring out where all users and groups have been given explicit rights in C# code behind

I need to figure out where all users and groups have been given explicit rights.
I would like to do this programmactically in C# code.
This explicit rights checker/displayer needs to produce detail results.

My issue is, I am seeing where some users and groups have limited access, but I don't know where.

I would like to create a webpart that creates a list that contains this information.
I  would like to write this code into a webpart in C#.

I am using Visual Studio 2008 3.5. The Sharepoint that is being used is Sharepoint 2007 MOSS.

My thoughts are to create some sort of for each loop or linq or lamda expressions that loops through every site, web, site collection, document libraries, lists etc, which gets a the persmission level for all users and all groups.

This could have a search all function, or have an input for a group name or and input for a user name.

Than gets and adds this information to a list, if the list exists than it deletes the current list and creates a new one, if it doesn't exist, than it creates it.
Than this list will be displayed on screen in a listview format.
How I display this list doesn't matter for now, really what I need to know is how to create the list.

The list will contain many columns, the first column could be the user name or group name.

Than each column after that could be a site and the permissons level for the site that pertains to the user or group, than the next column for that site could be the permissions level for a list that pertains to that user or group in that site.
I would like to do the same thing for webs and site collections, document libraries etc.

I would liket to do this on All users and groups.

This will be a big list I know, it will only be used by developers who need to check permissions level for deployment purposes from one environment to another. It will not be run durning business operations hours.

How can I do this?

Thank you in advance for your help.
iDOTNETCoderAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

raybiesCommented:
Here's one I made: http://blog.ray1.net/2009/04/item-level-permission-checking-web-part.html

I've even included the source... modify it to suit your needs.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
iDOTNETCoderAuthor Commented:
Hi, Raybies,

Thank you.

Quick question:
Can I do this for just groups as well?

I have tested the code out, I should have it tested out by the end of this week.

Thank you again.
0
raybiesCommented:
U shouldn't need to do it for groups, as there is already a buitin function page to view group permissions: select group > settings > view group permissions
0
Cloud Class® Course: CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

iDOTNETCoderAuthor Commented:
Hi, Raybies,

I used your code, it looks good. I would just like to implement the following:

I would like to a foreach on all webs.groups from all sites.Allwebs and then get all Groups.Users. I would also like to get all sites and webs lists and all items permissions at a granular level for each Group then broken down for each user. I would like to implement this into your code and have the tree view show me all this information.

How can I implement this?

Thank you in advance for your help!
0
raybiesCommented:
Yes it is possible... but it'll take time and it's way beyond the scope of this question...


1.- Modify my BuildGroupTree to bring back the site groups.
2.- Change the link to ViewGroupPermissions.aspx?ID=
3.- Build the 1st tree node using all users
0
iDOTNETCoderAuthor Commented:
Hi, Rabies,

I understand your comment 1 and 3, but on 2. '
What do you mean by Change the link to ViewGroupPermissions.asp?ID=, I am not following that.

As for the scope of my orignial question, I did state the following:
"I would liket to do this on All users and groups."

Thanks for you help in advance.
0
raybiesCommented:
2: You'll note there's a link to the group
"{0}people.aspx?MembershipGroupId={1}"
make it
"{0}ViewGroupPermissions.asp?ID={1}"

Or implement that pages logic in the tree... It will be really slow cos TreeView's are slow.


Scope: I was referring to implementing your desired login in to my web part :)

0
iDOTNETCoderAuthor Commented:
Hi, Raybies,

Thank you.

Okay, I will try this out tomorrow and let you know how it goes.
0
iDOTNETCoderAuthor Commented:
Hi, Raybies,

How about if we incorporated the following code into your webpart:

What's your thoughts?
string htmlOutput = "";     protected string WriteIsRootWeb(SPWeb aWeb)    {        if (aWeb.IsRootWeb)        {            return " (This is the Site Collection Root Web)";        }        else        {            return "";        }    }      [SharePointPermission(SecurityAction.Demand, ObjectModel = true)]    protected override void OnPreRender(EventArgs e)    {        base.OnPreRender(e);        using (SPSite mySite = SPContext.Current.Site)        {            string siteUrl = mySite.Url;            this.Page.ClientScript.RegisterClientScriptBlock(base.GetType(), "GroupPermissionCallback", "\r\nfunction WebForm_DoCallback(controlId,url,GroupPermissionCallback,ctx,unknownNullValue,unknownBooleanvalue)\r\n{\r\n    var strUrl ='" + siteUrl + "/'+ url;\r\n    open(strUrl, '_blank');\r\n}\r\n\r\n", true);        }    }     public override void VerifyRenderingInServerForm(Control aControl){}     protected override void Render(HtmlTextWriter writer)    {        bool isAgroup = true;        SPGroup aGroup = null;         foreach (SPWeb aWeb in SPContext.Current.Site.AllWebs)        {            htmlOutput += "\n<br>******************************************";            htmlOutput += "\n<br><span style='color:blue'>Roles Assignments Report on web site " + aWeb.Title + WriteIsRootWeb(aWeb) + "</span>";            htmlOutput += "\n<br>******************************************<br>";             htmlOutput += "\n<br><div style='padding-left:40px'>List of " + aWeb.Title + " Groups";             foreach (SPGroup Group in aWeb.Groups)            {                htmlOutput += "\n<br>" + Group.Name + " ID: " + Group.ID;            }             htmlOutput += "\n</div>";            htmlOutput += "\n<div style='padding-left:20px'>";            foreach (SPRoleAssignment aRole in aWeb.RoleAssignments)            {                isAgroup = true;                htmlOutput += "\n<br>*************<br>";                try                {                    aGroup = aWeb.Groups.GetByID(aRole.Member.ID);                }                catch                {                    isAgroup = false;                }                 if (isAgroup)                {                    htmlOutput += "\n<br><span style='color:#357EC7'>Group Id : " + aRole.Member.ID.ToString() + " | " + " Principal Name : " + aRole.Member.Name + "</span>";                     int numberOfusers = aWeb.Groups.GetByID(aRole.Member.ID).Users.Count;                    htmlOutput += "\n<br><br>Number of users:" + numberOfusers;                    aGroup = aWeb.Groups.GetByID(aRole.Member.ID);                    htmlOutput += "\n<br>";                    if (numberOfusers > 0)                    {                        htmlOutput += "\n<br>List of " + aGroup.Name + " users";                         foreach (SPUser aUser in aGroup.Users)                        {                            htmlOutput += "\n<br> - " + aUser.Name;                        }                    }                     GroupPermissions myGroupPerm = new GroupPermissions();                    myGroupPerm.GroupId = aRole.Member.ID;                     System.IO.StringWriter myStrWriter = new System.IO.StringWriter();                    HtmlTextWriter myWriter = new HtmlTextWriter(myStrWriter);                     pnlHidden.Controls.Add(myGroupPerm);                     myGroupPerm.GroupId = aRole.Member.ID;                    myGroupPerm.RenderControl(myWriter);                     htmlOutput += "<br><br><a onClick='Toggle(this)'><IMG style='text-decoration:none;border:0px' SRC='/_layouts/IMAGES/collapseplus.gif' /><span style='cursor:hand'>All (cross-sites) Permissions for " + aRole.Member.Name + "</span></a><div style='width:98%;display:none;'>" + myStrWriter.ToString() + "</div>";                    htmlOutput += "\n";                }                else                {                    htmlOutput += "\n<br><span style='color:#3BB9FF'>User Id : " + aRole.Member.ID.ToString() + " | " + " Principal Name : " + aRole.Member.Name + "</span>";                }                htmlOutput += "\n<br><br>role(s) for " + aRole.Member.Name + " in " + aWeb.Title + ": <br>";                foreach (SPRoleDefinition aRoleDefBinding in aRole.RoleDefinitionBindings)                {                    htmlOutput += "\n<br> - " + aRoleDefBinding.Name + "   (" + aRoleDefBinding.Description + ")";                    htmlOutput += "\n<div style='padding-left:10px;'>List of permissions for " + aRoleDefBinding.Name + ":";                    htmlOutput += "\n<br>" + aRoleDefBinding.BasePermissions.ToString();                    //htmlOutput += "\n\n" + aRole.RoleDefinitionBindings.Xml + "\n\n";//to see the xml from View Source of the page                    htmlOutput += "\n</div>";                }                 htmlOutput += "\n<br>";            }            htmlOutput += "\n</div><br>";        }         htmlOutput += "\n<br>*************<br>";         lblOutPut.Text = htmlOutput;         base.Render(writer);    }

Open in new window

0
raybiesCommented:
Can you format it?
0
iDOTNETCoderAuthor Commented:
Sorry about the format issue.

I am going to close this question.


Thanks for you help.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
.NET Programming

From novice to tech pro — start learning today.