Archive for the ‘Security’ Category
|
Apr
12
|
- When updating a value of a profile your changes won’t be applied until you make a commit, it can be so frustrating when you forget it…..
1: UserProfile u;
2: u[property].Value = "My string";
3: u.Commit();
- Maybe the user will not have the rights to edit profiles, the current user has to get the "Manage user profiles" right, you can set it up in the SSP.
- If the users cannot have the rights to edit profiles and can’t have it through SSP, because of security or business reason you can run your code with elevated privileges using the object SPSecurity. In that case the user that will run the code will have the same rights as "SYSTEM\Administrator", so be careful. I have to admit I’m not a big fan of it. More information on MSDN: SPSecurity.RunWithElevatedPrivileges Method .You can use the impersonation too: a good post about it: Impersonation in Event Handlers by Ishai Sagi
1: SPSecurity.RunWithElevatedPrivileges(delegate()
2: {
3: using (SPSite site = new SPSite(web.Site.ID))
4: {
5: // your code
6: }
7: });
- Like always use some safe code, like testing if your user exist if not you can raise an exception
1: try
2: {
3: if (profileManager.UserExists("MOSS\\andy"))
4: {
5: //Do something
6: }
7: }
8: catch (UserNotFoundException ex)
9: {
10: //Do something
11: }
|
Nov
01
|
The code below will show you how to get all the groups which a user belongs to, through webservices using JavaScript.
That functionality isn’t provided OOB in Sharepoint 2007, but can be really useful when you get a lot of security groups and some issues about them. It can be used for auditing, debugging …
Here is an example:
The user enter the account "MYDOMAIN\MyAccount" click on the link and get:
- Group Name: Group1
- Group Decription: Description of Group1
- Group Name:Group2
- Group Decription:Description of Group2
Implementation
For doing it, I will use a JavaScript library, which is in fact a proxy class, which means that our code will be easier to write, maintain and debug, all the boring stuff are already done for you 
Here is the link to the site of Darren which contain the library in the Download section. http://darrenjohnstone.net
Here is some examples http://darrenjohnstone.net/2008/07/22/examples-for-the-sharepoint-and-office-live-javascript-api/
To include the library in your Sharepoint site, please follow Darren’s advices:
If you have full control of your server:
1) Locate the
C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\TEMPLATE\LAYOUTSfolder.
2) In there create a new folder called JSAPI.
3) Place the extracted .js files in there.If you don’t have full access:
1) Open SharePoint Designer and connect to your site.
2) Create a new folder called JSAPI at the root of the site.
3) Copy the extracted .js files to the folder by dragging them from Windows Explorer to SP Designer.
Where to put code ?
- In a html file, and show it in a page viewer webpart or
- Insert it in a page layout, or even master page.
Coding
First of all, you will need to make some include to be able to use the web proxy class:
1: <script type="text/javascript" src="/_layouts/JSAPI/SPAPI_Core.js"></script>
2: <script type="text/javascript" src="/_layouts/JSAPI/SPAPI_Lists.js"></script>
3: <script type="text/javascript" src="/_layouts/JSAPI/SPAPI_UserGroup.js"></script>
We need to create a simple form, containing
- A textbox: the user will type the username(with domain) in it.
- A link: to start the job.
1: <form method="post" action="">
2: <input id="Text1" type="text" />
3: <a href='#' onclick="javascript:start()">Start the search</a>
4: </form>
5: <div id="username_div"></div>
And now the interesting part, I will shortly explain the JavaScript methods below:
- Start: We get the user name from a textbox and call the getGroupCollection and Formatresult methods.
- getGroupCollection: Receive the username by parameter. The method will use a SPAPI_UserGroup object and request the groups that the users belongs to, through the getGroupCollectionFromUser method. The result will be put in two arrays, the first containing the names of the groups, the second one containing the descriptions.
- FormatResult: The arrays containing the groups names and descriptions are parsed. The content is formatted in a more friendly way.
1: <script type="text/javascript" language="javascript">
2:
3: function getGroupCollection(userName)
4: {
5: var groupName = new Array();
6: var groupDescription = new Array();
7: var arrGroup = new Array(groupName,groupDescription);
8:
9: var userGroup = new SPAPI_UserGroup('');
10: var groupItems = userGroup.getGroupCollectionFromUser(userName)
11:
12: if (groupItems.status == 200)
13: {
14: var groupTags = groupItems.responseXML.getElementsByTagName('Group');
15:
16: for(var i=0;i<groupTags.length;i++)
17: {
18: groupName.push(groupTags[i].getAttribute("Name"));
19: groupDescription.push(groupTags[i].getAttribute("Description"));
20: }
21: }
22: return arrGroup;
23: }
24:
25: function formatResult(groups,username)
26: {
27: var result="";
28: result = "The user " + username + " belongs to: </br>";
29: for(var i=0;i<groups.length;i++)
30: {
31: result+= "<b>Group name: </b>" + groups[0][i] + "<br />";
32: result+= "<b>Group Description: </b>" + groups[1][i] + "<br /> <p> </p>";
33: }
34:
35: return result;
36: }
37:
38: function start()
39: {
40: var userName = document.getElementById('Text1').value;
41: var groups = getGroupCollection(userName);
42: document.getElementById('username_div').innerHTML = formatResult(groups,userName);
43:
44: }
45: </script>
If you have questions, please ask them!