• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 625
  • Last Modified:

In Sharepoint - Programmicatically Figuring out where all users and groups have been given explicit rights in C# code behind

I need to figure out where all users and groups have been given explicit rights.
I would like to do this programmactically in C# code.
This explicit rights checker/displayer needs to produce detail results.

My issue is, I am seeing where some users and groups have limited access, but I don't know where.

I would like to create a webpart that creates a list that contains this information.
I  would like to write this code into a webpart in C#.

I am using Visual Studio 2008 3.5. The Sharepoint that is being used is Sharepoint 2007 MOSS.

My thoughts are to create some sort of for each loop or linq or lamda expressions that loops through every site, web, site collection, document libraries, lists etc, which gets a the persmission level for all users and all groups.

This could have a search all function, or have an input for a group name or and input for a user name.

Than gets and adds this information to a list, if the list exists than it deletes the current list and creates a new one, if it doesn't exist, than it creates it.
Than this list will be displayed on screen in a listview format.
How I display this list doesn't matter for now, really what I need to know is how to create the list.

The list will contain many columns, the first column could be the user name or group name.

Than each column after that could be a site and the permissons level for the site that pertains to the user or group, than the next column for that site could be the permissions level for a list that pertains to that user or group in that site.
I would like to do the same thing for webs and site collections, document libraries etc.

I would liket to do this on All users and groups.

This will be a big list I know, it will only be used by developers who need to check permissions level for deployment purposes from one environment to another. It will not be run durning business operations hours.

How can I do this?

Thank you in advance for your help.
0
iDOTNETCoder
Asked:
iDOTNETCoder
  • 6
  • 5
1 Solution
 
raybiesCommented:
Here's one I made: http://blog.ray1.net/2009/04/item-level-permission-checking-web-part.html

I've even included the source... modify it to suit your needs.
0
 
iDOTNETCoderAuthor Commented:
Hi, Raybies,

Thank you.

Quick question:
Can I do this for just groups as well?

I have tested the code out, I should have it tested out by the end of this week.

Thank you again.
0
 
raybiesCommented:
U shouldn't need to do it for groups, as there is already a buitin function page to view group permissions: select group > settings > view group permissions
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
iDOTNETCoderAuthor Commented:
Hi, Raybies,

I used your code, it looks good. I would just like to implement the following:

I would like to a foreach on all webs.groups from all sites.Allwebs and then get all Groups.Users. I would also like to get all sites and webs lists and all items permissions at a granular level for each Group then broken down for each user. I would like to implement this into your code and have the tree view show me all this information.

How can I implement this?

Thank you in advance for your help!
0
 
raybiesCommented:
Yes it is possible... but it'll take time and it's way beyond the scope of this question...


1.- Modify my BuildGroupTree to bring back the site groups.
2.- Change the link to ViewGroupPermissions.aspx?ID=
3.- Build the 1st tree node using all users
0
 
iDOTNETCoderAuthor Commented:
Hi, Rabies,

I understand your comment 1 and 3, but on 2. '
What do you mean by Change the link to ViewGroupPermissions.asp?ID=, I am not following that.

As for the scope of my orignial question, I did state the following:
"I would liket to do this on All users and groups."

Thanks for you help in advance.
0
 
raybiesCommented:
2: You'll note there's a link to the group
"{0}people.aspx?MembershipGroupId={1}"
make it
"{0}ViewGroupPermissions.asp?ID={1}"

Or implement that pages logic in the tree... It will be really slow cos TreeView's are slow.


Scope: I was referring to implementing your desired login in to my web part :)

0
 
iDOTNETCoderAuthor Commented:
Hi, Raybies,

Thank you.

Okay, I will try this out tomorrow and let you know how it goes.
0
 
iDOTNETCoderAuthor Commented:
Hi, Raybies,

How about if we incorporated the following code into your webpart:

What's your thoughts?
string htmlOutput = "";     protected string WriteIsRootWeb(SPWeb aWeb)    {        if (aWeb.IsRootWeb)        {            return " (This is the Site Collection Root Web)";        }        else        {            return "";        }    }      [SharePointPermission(SecurityAction.Demand, ObjectModel = true)]    protected override void OnPreRender(EventArgs e)    {        base.OnPreRender(e);        using (SPSite mySite = SPContext.Current.Site)        {            string siteUrl = mySite.Url;            this.Page.ClientScript.RegisterClientScriptBlock(base.GetType(), "GroupPermissionCallback", "\r\nfunction WebForm_DoCallback(controlId,url,GroupPermissionCallback,ctx,unknownNullValue,unknownBooleanvalue)\r\n{\r\n    var strUrl ='" + siteUrl + "/'+ url;\r\n    open(strUrl, '_blank');\r\n}\r\n\r\n", true);        }    }     public override void VerifyRenderingInServerForm(Control aControl){}     protected override void Render(HtmlTextWriter writer)    {        bool isAgroup = true;        SPGroup aGroup = null;         foreach (SPWeb aWeb in SPContext.Current.Site.AllWebs)        {            htmlOutput += "\n<br>******************************************";            htmlOutput += "\n<br><span style='color:blue'>Roles Assignments Report on web site " + aWeb.Title + WriteIsRootWeb(aWeb) + "</span>";            htmlOutput += "\n<br>******************************************<br>";             htmlOutput += "\n<br><div style='padding-left:40px'>List of " + aWeb.Title + " Groups";             foreach (SPGroup Group in aWeb.Groups)            {                htmlOutput += "\n<br>" + Group.Name + " ID: " + Group.ID;            }             htmlOutput += "\n</div>";            htmlOutput += "\n<div style='padding-left:20px'>";            foreach (SPRoleAssignment aRole in aWeb.RoleAssignments)            {                isAgroup = true;                htmlOutput += "\n<br>*************<br>";                try                {                    aGroup = aWeb.Groups.GetByID(aRole.Member.ID);                }                catch                {                    isAgroup = false;                }                 if (isAgroup)                {                    htmlOutput += "\n<br><span style='color:#357EC7'>Group Id : " + aRole.Member.ID.ToString() + " | " + " Principal Name : " + aRole.Member.Name + "</span>";                     int numberOfusers = aWeb.Groups.GetByID(aRole.Member.ID).Users.Count;                    htmlOutput += "\n<br><br>Number of users:" + numberOfusers;                    aGroup = aWeb.Groups.GetByID(aRole.Member.ID);                    htmlOutput += "\n<br>";                    if (numberOfusers > 0)                    {                        htmlOutput += "\n<br>List of " + aGroup.Name + " users";                         foreach (SPUser aUser in aGroup.Users)                        {                            htmlOutput += "\n<br> - " + aUser.Name;                        }                    }                     GroupPermissions myGroupPerm = new GroupPermissions();                    myGroupPerm.GroupId = aRole.Member.ID;                     System.IO.StringWriter myStrWriter = new System.IO.StringWriter();                    HtmlTextWriter myWriter = new HtmlTextWriter(myStrWriter);                     pnlHidden.Controls.Add(myGroupPerm);                     myGroupPerm.GroupId = aRole.Member.ID;                    myGroupPerm.RenderControl(myWriter);                     htmlOutput += "<br><br><a onClick='Toggle(this)'><IMG style='text-decoration:none;border:0px' SRC='/_layouts/IMAGES/collapseplus.gif' /><span style='cursor:hand'>All (cross-sites) Permissions for " + aRole.Member.Name + "</span></a><div style='width:98%;display:none;'>" + myStrWriter.ToString() + "</div>";                    htmlOutput += "\n";                }                else                {                    htmlOutput += "\n<br><span style='color:#3BB9FF'>User Id : " + aRole.Member.ID.ToString() + " | " + " Principal Name : " + aRole.Member.Name + "</span>";                }                htmlOutput += "\n<br><br>role(s) for " + aRole.Member.Name + " in " + aWeb.Title + ": <br>";                foreach (SPRoleDefinition aRoleDefBinding in aRole.RoleDefinitionBindings)                {                    htmlOutput += "\n<br> - " + aRoleDefBinding.Name + "   (" + aRoleDefBinding.Description + ")";                    htmlOutput += "\n<div style='padding-left:10px;'>List of permissions for " + aRoleDefBinding.Name + ":";                    htmlOutput += "\n<br>" + aRoleDefBinding.BasePermissions.ToString();                    //htmlOutput += "\n\n" + aRole.RoleDefinitionBindings.Xml + "\n\n";//to see the xml from View Source of the page                    htmlOutput += "\n</div>";                }                 htmlOutput += "\n<br>";            }            htmlOutput += "\n</div><br>";        }         htmlOutput += "\n<br>*************<br>";         lblOutPut.Text = htmlOutput;         base.Render(writer);    }

Open in new window

0
 
raybiesCommented:
Can you format it?
0
 
iDOTNETCoderAuthor Commented:
Sorry about the format issue.

I am going to close this question.


Thanks for you help.
0

Featured Post

The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

  • 6
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now