Accessing Users and Roles ClientObjectModel Sharepoint

Working with users, groups, and roles, and dealing with their permissions for SharePoint elements, can be quite complex. In former SharePoint versions, the only way to affect the security was to use the provided security web services. With SharePoint 2010, the client object model dramatically simplifies working with security settings. For third-party applications, no matter if they are written as Windows or Silverlight applications, it’s very easy to access the SharePoint security model and to build extended functionality on it. This section contains examples of how the client object model can deal with security.
• How to add users to a SharePoint group
• How to retrieve members of a SharePoint group
• How to create a role
• How to add a user to a role
• How to create a new SharePoint group and assign the group to a role
• How to break the security inheritance
How to Add Users to a SharePoint Group
Adding a user to a SharePoint group is a common task, particularly in conjunction with creating a web site. The following example shows two ways to add a user to a group. The first one uses the Group.Users.AddUser method, which expects a User instance of an existing user. The second method adds a new user to a group by using the UserCreationInformation class. The new user is identified by its LoginName. If the user already exists in the site collection, the user is added to the group anyway. The examples in Listings  require a valid group within the property Web.AssociatedMemberGroup to exist; thus, the default group at the time of the web site creation has not been removed.
public void Example19()
{
ClientContext ctx = new ClientContext(“http://clserver%22%29;/
Group membersGroup = ctx.Web.AssociatedMemberGroup;
// Add existing user to membersGroup
User currentUser = membersGroup.Users.AddUser(ctx.Web.CurrentUser);
// Add new user to membersGroup
UserCreationInformation userCreationInfo = new UserCreationInformation();
userCreationInfo.Email = aa@bb.com;
userCreationInfo.LoginName = @”ws10582\john”;
userCreationInfo.Title = “John”;
User newUser = membersGroup.Users.Add(userCreationInfo);
ctx.Load(currentUser);
ctx.Load(newUser);
ctx.Load(membersGroup);
ctx.ExecuteQuery();
Console.WriteLine(“The users ” + currentUser.LoginName
+ ” and ” + newUser.LoginName
+ ” have been added to group ‘” + membersGroup.Title
+ “‘.”);
}
function example19() {
var ctx = new SP.ClientContext.get_current();
this.membersGroup = ctx.get_web().get_associatedMemberGroup();
// Add existing user to membersGroup
this.currentUser = this.membersGroup.get_users().
addUser(ctx.get_web().get_currentUser());
// Add new user to membersGroup
this.userCreationInfo = new SP.UserCreationInformation();
this.userCreationInfo.set_email(“aa@bb.com“);
this.userCreationInfo.set_loginName(“ws10582\john”);
this.userCreationInfo.set_title(“john”);
this.newUser = this.membersGroup.get_users().add(this.userCreationInfo);
ctx.load(this.currentUser);
ctx.load(this.newUser);
ctx.load(this.membersGroup);
ctx.executeQueryAsync(
Function.createDelegate(this, this.onSucceededCallback),
Function.createDelegate(this, this.onFailedCallback));
}
function onSucceededCallback(sender, args) {
alert(“The users ” + this.currentUser.get_loginName()
+ ” and ” + this.newUser.get_loginName()
+ ” have been added to group ‘” + this.membersGroup.get_title()
+ “‘.”);
}
How to Retrieve Members of a SharePoint Group
To get a list of all users that are members of a specified group, you can use the Group.Users collection

public void Example20()
{
ClientContext ctx = new ClientContext(“http://clserver%22%29;/
Group membersGroup = ctx.Web.AssociatedMemberGroup;
UserCollection allUsersOfGroup = membersGroup.Users;
ctx.Load(allUsersOfGroup);
ctx.ExecuteQuery();
foreach (User user in allUsersOfGroup)
{
Console.WriteLine(“ID: ” + user.Id + “, LoginName=” + user.LoginName);
}
}
function example20() {
var ctx = new SP.ClientContext.get_current();
var membersGroup = ctx.get_web().get_associatedMemberGroup();
this.allUsersOfGroup = membersGroup.get_users();
ctx.load(allUsersOfGroup);
ctx.executeQueryAsync(
Function.createDelegate(this, this.onSucceededCallback),
Function.createDelegate(this, this.onFailedCallback));
}
function onSucceededCallback(sender, args) {
var enumerator = this.allUsersOfGroup.getEnumerator();
while (enumerator.moveNext()) {
var user = enumerator.get_current();
alert(“ID: ” + user.get_id() + “, LoginName: ” + user.get_loginName());
}
}
How to Create a Role
Defining your own roles, also known as permission levels, is a common task when dealing with complex security requirements. With the client object model, you can easily define your own roles and assign them to SharePoint users or groups.
public void Example21()
{
ClientContext ctx = new ClientContext(“http://clserver%22%29;/
Web oWeb = ctx.Web;
BasePermissions basePerms = new BasePermissions();
basePerms.Set(PermissionKind.ViewListItems);
basePerms.Set(PermissionKind.ViewPages);
RoleDefinitionCreationInformation roleCreationInfo =
new RoleDefinitionCreationInformation();
roleCreationInfo.BasePermissions = basePerms;
roleCreationInfo.Description = “Role for viewing pages and list items”;
roleCreationInfo.Name = “Restricted read-only access”;
RoleDefinition roleDef = oWeb.RoleDefinitions.Add(roleCreationInfo);
Ctx.Load(roleDef);
ctx.ExecuteQuery();
Console.WriteLine(“New role ‘” + roleDef.Name +
“‘ has been successfully created.”);
}
function example21() {
var ctx = new SP.ClientContext.get_current();
this.oWeb = ctx.get_web();
var basePerms = new SP.BasePermissions();
basePerms.set(SP.PermissionKind.viewListItems);
basePerms.set(SP.PermissionKind.viewPages);
var roleCreationInfo = new SP.RoleDefinitionCreationInformation();
roleCreationInfo.set_basePermissions(basePerms);
roleCreationInfo.set_description(“Role for viewing pages and list items”);
roleCreationInfo.set_name(“Restricted read-only access”);
roleCreationInfo.set_order(1);
this.roleDef = this.oWeb.get_roleDefinitions().add(roleCreationInfo);
ctx.load(this.roleDef);
ctx.executeQueryAsync(
Function.createDelegate(this, this.onSucceededCallback),
Function.createDelegate(this, this.onFailedCallback));
}
function onSucceededCallback(sender, args) {
alert(“New role ‘” + this.roleDef.get_name() +
“‘ has been successfully created.”);
}
image
How to Add Users or Groups to Roles
Assigning SharePoint users or groups to roles is shown in Listings
public void Example22()
{
ClientContext ctx = new ClientContext(“http://clserver%22%29;/
Web oWeb = ctx.Web;
Principal oUser = oWeb.CurrentUser;
RoleDefinition oRoleDef =
oWeb.RoleDefinitions.GetByName(“Restricted read-only access”);
RoleDefinitionBindingCollection roleDefinitionBindingColl =
new RoleDefinitionBindingCollection(ctx);
roleDefinitionBindingColl.Add(oRoleDef);
RoleAssignment oRoleAssignment =
oWeb.RoleAssignments.Add(oUser, roleDefinitionBindingColl);
ctx.Load(oUser, user => user.Title);
ctx.Load(oRoleDef, role => role.Name);
ctx.ExecuteQuery();
Console.WriteLine(“User ‘” + oUser.Title +
“‘ assigned to role ‘” + oRoleDef.Name + “‘.”);
}
function example22() {
var ctx = new SP.ClientContext.get_current();
this.oWeb = ctx.get_web();
this.oUser = oWeb.get_currentUser();
this.oRoleDef =
this.oWeb.get_roleDefinitions().getByName(“Restricted read-only access”);
var roleDefinitionBindingColl =
SP.RoleDefinitionBindingCollection.newObject(ctx);
roleDefinitionBindingColl.add(this.oRoleDef);
var oRoleAssignment = this.oWeb.get_roleAssignments().add(
this.oUser, roleDefinitionBindingColl);
ctx.load(this.oUser, “Title”);
ctx.load(this.oRoleDef, “Name”);
ctx.executeQueryAsync(
Function.createDelegate(this, this.onSucceededCallback),
Function.createDelegate(this, this.onFailedCallback));
}
function onSucceededCallback(sender, args) {
alert(“User ‘” + this.oUser.get_title() + “‘ assigned to role ‘” +
this.oRoleDef.get_name() + “‘.”);
}
As you can see, the RoleAssignments.Add (in JavaScript, RoleAssignments.add) method takes a Principal object as a parameter. The Principal class serves as the base class for both users (User) and groups (Group). So, you can assign either a user or a group to a role.
■ Caution When using JavaScript, the instantiation for the class SP.RoleDefinitionBindingCollection is done through the static function SP.RoleDefinitionBindingCollection.newObject(ClientContext), which takes the current client context as a parameter.
How to Create a New SharePoint Group and Assign the Group to a Role
The examples in this section demonstrate the creation of a new SharePoint group, using the
GroupCreationInformation class. The Contributors role is then assigned to this new group
public void Example23()
{
ClientContext ctx = new ClientContext(“http://clserver%22%29;/
Web oWeb = ctx.Web;
GroupCreationInformation groupCreationInfo = new GroupCreationInformation();
groupCreationInfo.Title = “My Custom Contributor Group”;
groupCreationInfo.Description = “This group has contributor rights.”;
Group oGroup = oWeb.SiteGroups.Add(groupCreationInfo);
RoleDefinitionBindingCollection roleDefinitionBindingColl =
new RoleDefinitionBindingCollection(ctx);
RoleDefinition oRoleDefinition =
oWeb.RoleDefinitions.GetByType(RoleType.Contributor);
roleDefinitionBindingColl.Add(oRoleDefinition);
oWeb.RoleAssignments.Add(oGroup, roleDefinitionBindingColl);
ctx.Load(oGroup, group => group.Title);
ctx.Load(oRoleDefinition, role => role.Name);
ctx.ExecuteQuery();
Console.WriteLine(“Group ” + oGroup.Title + ” created and assigned to role “
+ oRoleDefinition.Name);
}
function example23() {
var ctx = new SP.ClientContext.get_current();
this.oWeb = ctx.get_web();
var groupCreationInfo = new SP.GroupCreationInformation();
groupCreationInfo.set_title(“My Custom Contributor Group”);
groupCreationInfo.set_description(“This group has contributor rights.”);
this.oGroup = oWeb.get_siteGroups().add(groupCreationInfo);
var roleDefinitionBindingColl =
SP.RoleDefinitionBindingCollection.newObject(ctx);
this.oRoleDefinition =
oWeb.get_roleDefinitions().getByType(SP.RoleType.contributor);
roleDefinitionBindingColl.add(this.oRoleDefinition);
this.oWeb.get_roleAssignments().add(this.oGroup, roleDefinitionBindingColl);
ctx.load(this.oGroup, “Title”);
ctx.load(this.oRoleDefinition, “Name”);
ctx.executeQueryAsync(
Function.createDelegate(this, this.onSucceededCallback),
Function.createDelegate(this, this.onFailedCallback));
}
function onSucceededCallback(sender, args) {
alert(“Group ‘” + this.oGroup.get_title() + “‘ created and assigned to role ‘”
+ this.oRoleDefinition.get_name() + “‘.”);
}
image
How to Break the Role Inheritance
In SharePoint, by default all elements (such as Web, List, and ListItem) rely on role inheritance. That means that permissions are inherited from top to bottom. A user has the same permissions on a list item as on a list, because the list item inherits its permissions from the list. There are scenarios, though, in which this default role inheritance is not desirable and has to be broken—for example, if you want a list item to be accessed only by special users or groups. The example in this section shows how to break the role inheritance of a list item and assign special permissions to it. Figures show the list item permissions before and after breaking the role inheritance.

More Here


Courtesy:http://kolliparachandra.wordpress.com/2010/11/01/accessing-users-and-roles-clientobjectmodel/