Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Web Part Permissions?

Posted on 2010-08-12
8
Medium Priority
?
653 Views
Last Modified: 2012-05-10
Greetings!

I have a question that I have tried to search for an answer to, but so far haven't found anything to help yet.

I have two web parts, to which I'll post the code below in their own posts (to keep things clean).

One web part queries the web application that the page being viewed is currently in, and displays all of the groups that the current user is a member of, as well as the URL to the site that the group exists on.  I'll call it "Query User" web part.

The other web part, is a basic "hello world" web part that allows you to change the text (from "hello world" to whatever you want), as well as the color of the text.  Very simple, but I used a webcast from Microsoft to do it because I didn't understand the get/set methods and what they were supposed to do.

Anyway, the problem is this:
I have the three default groups on my test site: Owners, Members, Readers, as well as Site Collection Administrators for my site collection.  So, I add myself to the Owners group (but I am not a Site Collection Administrator).

I can browse to my site, and add the "hello world" web part to the page, change the text, and change the color.  Everything works fine there.  I tried it on Owners, Members, and Readers, and the site displays (although Readers cannot change the web part attributes since they cannot edit the page).

So now my current membership is only "Owners", and I go to add my "Query User" web part to the page...it starts thinking...and then I get "Access Denied".  So, I remote desktop into my VM, and log in with the "SP Admin" account that I created, and browse to my site.  Voila!  There it is, my web part, displaying exactly what it should be showing.

I then added myself as a Site Collection Administrator (by using the service account on the remote-desktop), went back to my normal pc, and tried browsing to the site...and it worked.

So what it comes down to, is that I have two web parts:
Hello World Web Part - can be put on the page, and the page can be seen by ALL users regardless of permission.
Query User Web Part - requires Site Collection Administrator permissions to even view the site, once this web part is added to a page.


Does anyone know why it does this, and what I have to do to fix it?  I'd like other people to be able to use this web part (once I'm done with it, I have more ideas for it but first i want to get this sorted), however I don't want to add everyone to the site collection administrators group, as that's very insecure.
0
Comment
Question by:ThatSharepointGuy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 2
8 Comments
 
LVL 6

Author Comment

by:ThatSharepointGuy
ID: 33422226
Here is the code for the "Query User" web part.

using System;
using System.Web;
using Microsoft.SharePoint;
using Microsoft.SharePoint.Administration;
using Microsoft.SharePoint.Portal;

namespace My.SharePoint.WebParts
{
    // Inherit from Microsoft.SharePoint's WebPart, not System.Web.UI.WebControls'
    public class GetCurrentUser : Microsoft.SharePoint.WebPartPages.WebPart
    {
        protected override void Render(System.Web.UI.HtmlTextWriter writer)
        {
            // Get contextual reference to the current SPWeb
            SPWeb currentWeb = SPContext.Current.Web;

            // Create HTML table to display information returned
            writer.Write("<table width='100%' cellpadding=5 cellspacing=1 bgcolor='silver'>");
                    writer.Write("<tr align='center'  bgcolor='white'>");
                        writer.Write("<th align='center' bgcolor='white'>Group Name</th>");
                        writer.Write("<th align='center' bgcolor='white'>URL</th>");
                    writer.Write("</tr>");


            // Set current web applicatoin.
            SPWebApplication webApp = SPContext.Current.Site.WebApplication;


            // SPSiteCollection siteCollections = webApp.Sites;
                foreach (SPSite siteCollection in webApp.Sites)
                {
                    int skip = 0;
                    if (System.Text.RegularExpressions.Regex.IsMatch(siteCollection.Url, "/personal/")) { skip = 1; }
                    if (System.Text.RegularExpressions.Regex.IsMatch(siteCollection.Url, "8001")) { skip = 1; }
                    if (System.Text.RegularExpressions.Regex.IsMatch(siteCollection.Url, "/ssp/")) { skip = 1; }
                    if (skip == 1)
                    {
                        // Do nothing, Do not display personal sites, MySite, or SSPs
                    }
                    else
                    {
                        // Process current site collectoin
                        foreach (SPWeb oWeb in siteCollection.AllWebs)
                        {
                            SPUser user = oWeb.CurrentUser;
                            SPGroupCollection groupCollection = user.Groups;
                            foreach (SPGroup group in groupCollection)
                            {
                                // display a new row for each group
                                writer.Write("<tr align='center' bgcolor='white'>");
                                    writer.Write("<td align='center' bgcolor='white'>" + group.Name + "</td>");
                                    writer.Write("<td align='center' bgcolor='white'>" + oWeb.Url + "</td>");
                                writer.Write("</tr>");
                            }
                        }
                    }
                }
                writer.Write("</table><br/>");
//            }
        }
    }
}

Open in new window

0
 
LVL 6

Author Comment

by:ThatSharepointGuy
ID: 33422232
Here is the code for the Hello World web part.

using System;
using System.Runtime.InteropServices;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Serialization;

using Microsoft.SharePoint;
using Microsoft.SharePoint.WebControls;
using Microsoft.SharePoint.WebPartPages;

using System.ComponentModel;
using System.Drawing;

namespace HelloWorldWebPart
{
    [Guid("b59c21d9-7738-4fbb-8da7-beefaa3dce20")]

    public class HelloWorld : System.Web.UI.WebControls.WebParts.WebPart
    {
        public HelloWorld()
        {
        }

        private KnownColor _textColor = KnownColor.Black;

        [WebBrowsable(true),
        Personalizable(PersonalizationScope.User),
        WebDescription("Hello World Text Color"),
        Category("Hello World"),
        WebDisplayName("Text Color")]
        public KnownColor TextColor
        {
            get { return _textColor; }
            set { _textColor = value; }
        }

        private string _helloWorldText = "Hello SharePoint!";

        [WebBrowsable(true),
        Personalizable(PersonalizationScope.User),
        WebDescription("Hello World Text"),
        Category("Hello World"),
        WebDisplayName("Text")]
        public string HelloWorldText
        {
            get { return _helloWorldText; }
            set { _helloWorldText = value; }
        }

        protected override void CreateChildControls()
        {
            base.CreateChildControls();

            if (string.IsNullOrEmpty(HelloWorldText))
            {
                HelloWorldText = "Hello SharePoint!";
            }

            //TODO: add custom rendering code here.
            Label label = new Label();
            label.Text = HelloWorldText;
            label.ForeColor = Color.FromKnownColor(TextColor);
            this.Controls.Add(label);
        }
    }
}

Open in new window

0
 
LVL 6

Author Comment

by:ThatSharepointGuy
ID: 33422245
I'm hoping that someone will have an idea of why this happens, and how to fix it, as Google, MSDN, and the SDK haven't shown me anything of use yet.

When I go to the Web Part Gallery and look at permissions, they are the same.  
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 51

Expert Comment

by:Ted Bouskill
ID: 33433374
A web part cannot bypass built in security restrictions.  The ability to 'Query' Sharepoint is restricted to people with the highest level permissions within the API even it it's only about themselves.

Sharepoint's permission model isn't always perfect however they are trying to prevent users from creating web parts that could see far more than they should.

Have you downloaded the WSS and Sharepoint SDK's.  They both have different types of documentation to thoroughly cover the API.  I'm sure there is another mechanism to query Sharepoint without using the low level Site Collection access you are attempting.

Have you considered using Search?  The search API is actually an excellent way to gather data like this behind the scenes in Sharepoint because it manages the permissions for you.  I've seen an entire Sharepoint site that uses search to dynamically build all it's content even for navigation.
0
 
LVL 6

Author Comment

by:ThatSharepointGuy
ID: 33456054
Thank you for replying, tedbilly!

If you are talking about using Search (programmatically), what would be the difference between that, and this (what I posted above).  For instance, one of the main things i wanted to do to "get my feet wet" with SharePoint's development side, was to create a web part to show a list of site collection administrators on each site.  However, not everyone that will view this list will BE a site collection administrator.  I might restrict it to just display for the current site, so people know who they are, etc, and can contact them...but normal users will have Contribute permissions at most, so they won't be able to access their page if I throw my web part on there.
0
 
LVL 51

Accepted Solution

by:
Ted Bouskill earned 2000 total points
ID: 33458278
Hi

The biggest difference is a custom search web part is actually a very powerful and useful skill and it will solve the security trimming for you.

The technique you are using to scan for user information is brute force, if you want to learn the API then please review the SDK's.  There are valid methods to execute permissions that don't require iterating through the web sites.

Plus, Sharepoint has security issues (by design and bugs) so that a child site cannot ask for information about a parent site.  So your web part would only work with child sites.

Focus on the basics, like how to deploy a web part and understand the features already available.  That will lead to understanding what the API can do.
0
 
LVL 6

Author Comment

by:ThatSharepointGuy
ID: 33458734
Greetings Tedbilly!

Thank you very much for the explanation.  It turns out that my brain was misplaced, and that I haven't actually seen the SDK...I thought the SDK = MSDN.  I'll have to download that and take a look at it.  Hopefully, it has a well thought out "plan" (learn this, then learn this, etc, etc).  

Thanks again, Tedbilly!
0
 
LVL 6

Author Closing Comment

by:ThatSharepointGuy
ID: 33649800
Thank you for the very encouraging information to help my journey as an expert in SharePoint!  You're great, TedBilly!  
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Exception Handling is in the core of any application that is able to dignify its name. In this article, I'll guide you through the process of writing a DRY (Don't Repeat Yourself) Exception Handling mechanism, using Aspect Oriented Programming.
A while back, I ran into a situation where I was trying to use the calculated columns feature in SharePoint 2013 to do some simple math using values in two lists. Between certain data types not being accessible, and also with trying to make a one to…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question