How to programmatically get list of users and groups that have access to a file or folder in SharePoint -


i trying find way list of ad users , ad groups have access folder or file has broken inheritance. don't need know how find inheritance broken, have gotten part having issues finding each user or group has access. not want see users within ad group, want see name of group accessing folder. use case behind not want secured folders shared single users. of must controlled ad groups (site owners not have access add users secure folder). need find out if there files within folder not inherit folder , shared individual users instead of ad groups (hope makes sense). here have far , works point, reason returning users have access site elsewhere , users have limited access have clean later.

here's code have written far sort of works. takes in item object of file or folder , reference string. scans access , builds list of users separated semicolon , returns true if 1 of spuser objects user , not group:

/// <summary>     /// provides list of users\groups have access list item.     /// </summary>     /// <param name="splistitem">item check access of</param>     /// <returns>semi colon delimited list of users\groups access in referenced list , boolean value indicating if direct user exists</returns>     public bool getlistitemuseraccess(splistitem splistitem, ref string accountswithaccess)     {         //string accountswithaccess = string.empty;         bool isfirstiteration = true;         bool domainuserexits = false;         sproleassignmentcollection spitemroles = splistitem.roleassignments;             sproledefinitioncollection rolesinweb = splistitem.web.roledefinitions;          foreach(sproleassignment sprole in spitemroles)         {              spprincipal spprincipal = sprole.member;              //cast spgroup or spuser determine if spgroup or user             if((spprincipal spgroup) != null)             {                 spgroup spgroup = spprincipal spgroup;                 spusercollection usersingroup = spgroup.users;                  //report on each user in group                 foreach(spuser spuser in usersingroup)                 {                     //check see if user group                     if(!spuser.isdomaingroup)                     {                         domainuserexits = true;                     }                      //add list report.                     if(isfirstiteration)                     {                         isfirstiteration = false;                                                 }                     else                     {                         accountswithaccess += ";";                                                 }                      //depending on account type login name has credentials , has                      //a uid                     if (spuser.loginname.tolower().contains("<company name>"))                     {                         accountswithaccess += this.parseuseridfromclaim(spuser.loginname);                     }                     else                     {                         accountswithaccess += this.parseuseridfromclaim(spuser.name);                     }                 }             }             else if((spprincipal spuser) != null)             {                 //check see if user has limited access (we don't report on this occurs when user has access in site)                   if(!splistitem.doesuserhavepermissions(spprincipal spuser, spbasepermissions.viewlistitems))                 {                     continue;                 }                  //check see if user group                 if (!(spprincipal spuser).isdomaingroup)                 {                     domainuserexits = true;                 }                  //add list report.                 if(isfirstiteration)                 {                     isfirstiteration = false;                 }                 else                 {                     accountswithaccess += ";";                 }                  //depending on account type login name has credentials , has                  //a uid                 if (spprincipal.loginname.tolower().contains("<company name>"))                 {                     accountswithaccess += this.parseuseridfromclaim(spprincipal.loginname);                 }                 else                 {                     accountswithaccess += this.parseuseridfromclaim(spprincipal.name);                 }             }         }         return domainuserexits;     } 

so problem code returning both users or groups have access folder, returning other users have limited access item because have access elsewhere within site.

i corrected issue inserting following code:

if (sprole.roledefinitionbindings.count > 1 || !sprole.roledefinitionbindings.xml.tostring().contains("limited access"))  {   //process accounts } 

what doing if user has more 1 roles bound them list item or 1 have not limited access, process account. otherwise, 1 of these "phantom accesses" don't have direct access granted list item


Comments

Popular posts from this blog

qt - Using float or double for own QML classes -

Create Outlook appointment via C# .Net -

ios - Swift Array Resetting Itself -