Thursday, January 3, 2013

SharePoint implementing Application pages security using object model code

Scenario: Restricting Application page content to be viewed only by logged in user(s) who have full control
Solution:
SPWeb myWeb = SPContext.Current.Web;
//get logged in user permissions levels
SPRoleDefinitionBindingCollection UserPrmissions = myWeb.AllRolesForCurrentUser;
//get all the permissions level on the current web
SPRoleDefinitionCollection sitePermissionCollection = myWeb.RoleDefinitions;
SPRoleDefinition roleDef = sitePermissionCollection["Full Control"];
if(UserPrmissions.Contains(roleDef))
//show content only to users who have full control