Sharepoint: Check if a user is member of a group

Question

how can I check if a user (not the one currently logged in) is member of a certain group? Trying to retrieve a user from a group of which he's not a member leads to an SPException, so checking for null is not possible.

So how would you solve this problem. At the moment I think about searching in the SPGroup.Users.XML string for the user's name or iterating over all the group members and checking the login names.

Update: I forgot to mention that I want to avoid the usage of exception handling to check the user's membership.

Answer 1

I have implemented a simple way to check if specific user exists in a specific SharePoint group. A simple statement with linq on SPUser object.

bool userExsists = spUser.Groups.Cast<SPGroup>().Any(g => g.Name.ToLower() == spGroup.Name.ToLower());

Find the detailed post on SharePoint Core Solutions.

Answer 2

Create an Extension class for SPUser and static method:

public static class SPUserExtension {
   public static bool InGroup(this SPUser user, SPGroup group)
      {
        return user.Groups.Cast<SPGroup>()
          .Any(g => g.ID == group.ID);
      }
   }
}

Then invoke this method on your SPUser object:

SPUser user;
SPGroup group;
//...
bool isMember = user.InGroup(group);

Answer 3

I have done this by writing an extension method using LINQ. SPGroup inherits from SPPrincipal so you should be able to pass it through to the principal parameter:

public static bool Contains(this SPRoleAssignmentCollection rac, SPPrincipal principal)
{
    XElement racXml = XElement.Parse(rac.Xml);
    return racXml.Elements("permission").Any(vw => (int)vw.Attribute("memberid") == principal.ID);
}

Answer 4

Couple of ways. SharePoint group has an Option that can allow only the Group Owner to see the membership details or allow everyone to view the membership details. If every one is allowed you will not get the Security restriction, else you need to RunWithElevatedPrivileges, and be sure to get a New Instance of the SPSite & SPWeb to be used inside that.

Being said that below are the options:

private Boolean isUserInGroup(SPGroup oGroupToTestFor,String sUserLoginName)
    {   
        Boolean bUserIsInGroup = false;
        try
        {
            SPUser x = oGroupToTestFor.Users[sUserLoginName];
            bUserIsInGroup = true;
        }
        catch (SPException)
        {
            bUserIsInGroup = false;
        }
        return bUserIsInGroup;

    }

Another way is to

private Boolean isUserInGroup(SPGroup oGroupToTestFor, String sUserLoginName)
    {   
        Boolean bUserIsInGroup = false;

            SPUser oUser =null;
            try{
                oUser = SPContext.Current.Web.AllUsers[sUserLoginName];
                }
            catch{}
            if(oUser!=null){
            foreach (SPUser item in oGroupToTestFor.Users)
            {
                if (item.UserToken == oUser.UserToken)
                {
                    bUserIsInGroup = true;
                    break;
                }                    
            }
            }

        return bUserIsInGroup;

    }

Answer 5

In order to make the SPSecurity.RunWith.. work, you need to have a new instance of the SPSite and/or SPWeb object and not use the context otherwise it won't work.

Do you have the SPUser object to use? If so, you can just use the SPUser.Groups collection.

Answer 6

Have you tried using RunWithElevatedPrivileges?

SPSecurity.RunWithElevatedPrivileges(delegate()
        {
             //put your code here to get the group and test for the user
        });