Geek Answers Handbook

The user is part of an AD group nested in a SharePoint group, how to associate an ad user with a SharePoint group

We have added the AD group to the SharePoint user group. Now that we are logged in with the user, we want to check the permission for the registered AD user.

  • I added ad group managers (example) to SharePoint.
  • Now I want to show some URLs only for the group (managers).
  • When the user is logged in, how can I check if the user is a manager or not? (Using CSOM or JSOM)
+7
sharepoint csom
source share
1 answer

Unfortunately, the SPGroup.ContainsCurrentUser property that you would use for this in the server code is not available through the JavaScript client object model (at least not in SP2010 and 2013).

Option 1: Using Group Membership Visibility as a Workaround

One potential work is to use a combination of two properties that you can get in groups through the JavaScript client object model: OnlyAllowMembersViewMemberhip and CanCurrentUserViewMembership .

If the current user can view group membership for a group that is configured only to allow group members to do this, we can assume that the user is a member of the group.

 var clientContext = new SP.ClientContext(); var groupId = 5; // the group membership ID for the group you want to check var group = clientContext.get_web().get_siteGroups().getById(groupId); clientContext.load(group,"CanCurrentUserViewMembership"); clientContext.load(group,"OnlyAllowMembersViewMembership"); clientContext.executeQueryAsync( function(sender,args){ var isMemberOfGroup = group.get_canCurrentUserViewMembership() && group.get_onlyAllowMembersViewMembership(); if(isMemberOfGroup){ doSomething(); } }, function(sender,args){"Whoops! "+alert(args.get_message());} );

This approach will only work if you have configured groups only visible to members and will always return false positive values ​​if you have increased access, for example, if you are a site collection administrator or group owner.

Edit: how to get through all site groups

If you want to apply the same logic as above to check the current user membership in all groups on the site (instead of specifying the group by its identifier), you can use the modified JavaScript code below.

 var clientContext = new SP.ClientContext(); var groups = clientContext.get_web().get_siteGroups() clientContext.load(groups,"Include(CanCurrentUserViewMembership,OnlyAllowMembersViewMembership,Title)"); clientContext.executeQueryAsync( function(sender,args){ var groupIterator = groups.getEnumerator(); var myGroups = []; while(groupIterator.moveNext()){ var current = groupIterator.get_current(); var isMemberOfGroup = current.get_canCurrentUserViewMembership() && current.get_onlyAllowMembersViewMembership(); if(isMemberOfGroup){ myGroups.push(current.get_title()); // this example adds group titles to an array } } alert(myGroups); // show the array },function(sender,args){"Whoops! "+alert(args.get_message());});

Option 2: Using audience targeting as a workaround

Of course, as I mentioned in the commentary, for your requirements you may not even need programmatic access to group membership. You could simply target your audience to web parts that you only want to see for specific groups; Audience authentication must consider AD membership.

+7
source share

More articles:


All Articles