How to Check if a Sharepoint user is in a security group no matter if this is in a AD group CSOM

Question

I have a SharePoint hosted app and I need to check if the current user is in a SharePoint security group no matter if this is in an AD inside the group. The following code checks if the user is in the security group but only if they are explicitly in the security group. The code does not look inside sub-groups that are in the security group.

    function getItems() {

    // only execute this function if the script has been loaded
    if (ready) {

        // the url to use for the REST call.
        var url = SPAppWebUrl + "/_api/SP.AppContextSite(@target)" +
            "/web/lists/getbytitle('" + TituloListaEventos + "')/items?$select=Title,Category,StartDate,EndDate,EncodedAbsUrl,ID,LinkSolicitud&$filter=Category eq '" + Categoria + "'" +
            "&@target='" + SPHostUrl + "'";

        // create  new executor passing it the url created previously
        var executor = new SP.RequestExecutor(SPAppWebUrl);

        // execute the request, this is similar although not the same as a standard AJAX request
        executor.executeAsync(
            {
                url: encodeURI(url),
                method: "GET",
                headers: { "Accept": "application/json; odata=verbose" },
                success: function (data) {
                    IsCurrentUserMemberOfGroup("Solicitantes", function (isSolicitante) {
                    ...
                },
                error: function (data) {
                    ...
                }
            });

    }
}

function IsCurrentUserMemberOfGroup(groupName, OnComplete) {

    var currentContext = new SP.ClientContext.get_current();
    var currentWeb = currentContext.get_web();

    var currentUser = currentContext.get_web().get_currentUser();
    currentContext.load(currentUser);

    var allGroups = currentWeb.get_siteGroups();
    currentContext.load(allGroups);

    var group = allGroups.getByName(groupName);
    currentContext.load(group);

    var groupUsers = group.get_users();
    currentContext.load(groupUsers);

    currentContext.executeQueryAsync(OnSuccess, OnFailure);

    function OnSuccess(sender, args) {
        var userInGroup = false;
        var groupUserEnumerator = groupUsers.getEnumerator();
        while (groupUserEnumerator.moveNext()) {
            var groupUser = groupUserEnumerator.get_current();
            if (groupUser.get_id() == currentUser.get_id()) {
                userInGroup = true;
                break;
            }
        }
        OnComplete(userInGroup);
    }

    function OnFailure(sender, args) {
        OnComplete(false);
    }
}

I've tried to do this before, but if I remember correctly, this isn't possible. — Daniel B, Aug 06 '15 at 09:12

Eric · Answer 1 · 2015-08-12T20:15:10.220

1

SharePoint client object model doesn't support reading active directory groups. You may have to create a custom web service. IF you have the option to use .NET, I would highly recommend that because it works nicely when accessing SharePoint data and cross referencing with Active Directory data.

edited Aug 12 '15 at 20:15

answered Aug 12 '15 at 19:33

Eric

505
5
22

How to Check if a Sharepoint user is in a security group no matter if this is in a AD group CSOM

1 Answers1