/// <summary> /// Gets the highest permission (role) name that the current user has if they have access to the object /// </summary> /// <param name="webUrl">The URL for the SP site</param> /// <param name="securableObject">An object that contains the Parent and Object ID's /// SecurableParentUid: The ID of the securable parent (Guid.Empty for projects), /// SecurableObjectUid: The ID of the securable object (root map UID or project UID if securing a project)</param> /// <returns>The Glyma permission level name if the user has access or null if the user doens't have access</returns> public GetPermissionLevelResponse GetPermissionLevelForObject(string webUrl, GlymaSecurableObject securableObject) { GetPermissionLevelResponse result = new GetPermissionLevelResponse() { HasError = false }; SecurityContextManager securityContext = new SecurityContextManager(webUrl); if (securityContext.CurrentUser.IsUserMapReader()) { GlymaPermissionLevel highestPermissionLevel = GlymaPermissionLevel.None; try { GetCurrentUserAccessToObjectResponse response = securityContext.CurrentUser.GetCurrentUserAccessToObject(securableObject, false); if (!response.HasError) { if (response.HasAccess) { //if the user has access to the object (project or root map) get there highest permission level highestPermissionLevel = response.HighestPermissionLevel; } else { //The user has no access result.Result = GlymaPermissionLevel.None; } } else { result.HasError = true; result.ErrorMessage = response.ErrorMessage; } } catch (Exception ex) { result.HasError = true; result.ErrorMessage = ex.Message; } if (!result.HasError) { result.Result = highestPermissionLevel; } } else { result.HasError = true; result.ErrorMessage = "Access Denied. User does not have permissions to access this web service method."; } return(result); }
/// </summary> /// <param name="webUrl">The URL for the SP site</param> /// <param name="securableObject">An object that contains the Parent and Object ID's /// SecurableParentUid: The ID of the securable parent (Guid.Empty for projects), /// SecurableObjectUid: The ID of the securable object (root map UID or project UID if securing a project)</param> /// <param name="checkProjectsChildren">If this is true when checking the access to a Project if there are any root maps under that project the user /// has access to it returns true for the project as well (only true for when working out the filtered lists)</param> /// <returns>True if the user belongs to a group that has access to the securable object</returns> internal GetCurrentUserAccessToObjectResponse GetCurrentUserAccessToObject(GlymaSecurableObject securableObject, bool checkProjectsChildren = false) { GetCurrentUserAccessToObjectResponse result = new GetCurrentUserAccessToObjectResponse() { HasError = false, HasAccess = false, HighestPermissionLevel = GlymaPermissionLevel.None }; try { using (SPSite site = new SPSite(Context.WebUrl)) { using (SPWeb currentWeb = site.OpenWeb()) { IGlymaPermission highestPermissionLevel = this.GetHighestPermissionLevel(); if (highestPermissionLevel.PermissionLevel == GlymaPermissionLevel.None) { result.HasAccess = false; result.HighestPermissionLevel = GlymaPermissionLevel.None; return(result); //an error occured so assume there is no access to the object } else { if (highestPermissionLevel.PermissionLevel == GlymaPermissionLevel.GlymaSecurityManager) { //The Glyma Security Manager permission exists for this user, they can access anything result.HasAccess = true; result.HighestPermissionLevel = GlymaPermissionLevel.GlymaSecurityManager; return(result); } } GetAllSecurityGroupsResponse allSPSecurityGroups = Context.GetAllGlymaSecurityGroups(); if (!allSPSecurityGroups.HasError) { //GlymaGroupCollection groups = new GlymaGroupCollection(allSPSecurityGroups.Result); GlymaSecurityGroupCollection groups = new GlymaSecurityGroupCollection(Context, allSPSecurityGroups.Result); //gets a sorted list of groups highest to lowest permission level IList <GlymaSecurityGroup> usersGlymaGroups = groups.GetUsersGroups(currentWeb, CurrentSPUser); SecurableContext securableContext = Context.GetSecurableContext(); //check each glyma group the person has associated with them for access to the maps foreach (GlymaSecurityGroup glymaGroup in usersGlymaGroups) { GlymaSecurityAssociationContext securityAssociation = new GlymaSecurityAssociationContext(Context, glymaGroup, securableObject); bool response = securityAssociation.HasAssociation(checkProjectsChildren); if (response) { result.HasAccess = response; result.HighestPermissionLevel = groups.GetGroupsPermissionLevel(glymaGroup); return(result); } } } } } } catch (Exception e) { result.HasError = true; result.ErrorMessage = "Failed to read the users current access to the object. " + e.Message; } return(result); //if it gets all the way to here it's the default no access response }