So, DoesUserHavePermissions() or Not?
It's been one of those weeks, this week, and I haven't gotten around to posting any new information in a few days. A fair snapshot of how things have been going: over the weekend, I applied a healthy dose of a “weed and feed“ product to my lawn -- specially formulated, the bag told me, to crush the dandelions that were starting to sprout. The result? The dandelions have never looked better...seems the fertilizer did them a world of good.
So it goes, sometimes. Anyhow, I've decided to dig into my previous writings on Sharepoint-related topics, and essentially just recycle something in order to get some content out this week. Today's topic: an annoying problem with the DoesUserHavePermissions() method, and a workaround to it. Maybe I'll actually write something useful yet this week to make up for posting this bland, highly-specific little blurb -- but the dandelions are mocking me, and I'm almost certain there's some magical chemical out there that'll turn 'em to dust. ;)
Sharepoint Products and Technologies SDK documentation for Microsoft.Sharepoint.SPPermissionCollection.DoesUserHavePermissions() Method indicates that the method "returns a Boolean value that indicates whether the current user has the specified permissions." The documentation additionally indicates the following possible return values: "true if the current user has the specified permissions; otherwise, false."
In practice, if the user has permissions, the method returns TRUE as expected.
However, when using the DoesUserHavePermissions() method in code, a boolean FALSE value is never returned. Instead, if the end-user does not have the specified permission, the end-user is -- by default -- prompted for credentials.
There is no current resolution, only a workaround.
The SPSite class (Microsoft.Sharepoint.SPSite) -- from which the SPPermissionCollection class is typically derived -- includes a property named "CatchAccessDeniedException." According to the Sharepoint Products and Technologies SDK documentation, this property "gets or sets a Boolean value that specifies whether to handle access denied exceptions and require user authentication." The possible values are, "true to handle access denied exceptions and require user authentication; otherwise, false."
The default value is true; when set to true, Windows Sharepoint Services (WSS) will catch access denied exceptions and prompt the end-user for authentication credentials. However, when set to false, a trappable exception will be returned to code.
The workaround for the DoesUserHavePermissions() method is to set the SPSite.CatchAccessDeniedException property to FALSE, and either receive a TRUE return value if the user has the specified permissions, or use structured error handling to capture the access denied exception that will be returned if the user does not have permissions. A sample is included below:
SPSite oSite = new SPSite("http://<server>"); //TODO: change to reflect your environment
SPWeb oWeb = oSite.OpenWeb();
oSite.CatchAccessDeniedException = false;
SPListCollection oList = oWeb.Lists;
oList.ListsForCurrentUser = true;
int iCount = oList.Count;
Response.Write("<br>" + oList[i].Title.ToString() + " : ");