Saturday, January 9, 2016

AD-Group in SP-Group: Workaround for verifying membership

This is a workaround for verifying membership in a SharePoint group when the user is added to the group as a member in an AD-group, and not as an individual user. This code example will work in SP 2013 only.

Disclaimer: I have NOT been able to test this as I don’t have any AD groups to add in my SP 2013 Office 365 test site.

Based on this post by Eric Alexander

How to set up a trigger in DFFS

In DFFS backend – add this code to the Custom JS:

function spjs_isCurrentUserInGroup(groupIdOrName){
 var endpoint;
 if(typeof groupIdOrName === "string"){
 endpoint = _spPageContextInfo.webAbsoluteUrl+"/_api/web/sitegroups/getbyname('"+groupIdOrName+"')/CanCurrentUserViewMembership" 
 }else{
 endpoint = _spPageContextInfo.webAbsoluteUrl+"/_api/web/sitegroups("+groupIdOrName+")/CanCurrentUserViewMembership" 
 }
 return jQuery.ajax({ 
 "url":endpoint,
 "type":"GET", 
 "contentType":"application/json;odata=verbose",
 "headers":{ 
 "Accept": "application/json;odata=verbose"
 }, 
 "success": function(data){
 return data.d.CanCurrentUserViewMembership;
 },
 "error": function(data){
 //console.log(data);
 }
 });
}

function checkADGroupMembership(){
 spjs_isCurrentUserInGroup(18).success(
 function(data){
 if(data.d.CanCurrentUserViewMembership){
 setTimeout(function(){
 spjs.dffs.triggerRule(["isInADGroup"]);
 },10);
 }
 }
 );
}

The number 18 in the function “checkADGroupMembership” is the group id, but you can also use the display name of the group – change it to match your group.

Add a rule to DFFS with the “Rule friendly name”:

isInADGroup

This rule is set up with the trigger “No trigger (must be triggered manually), and with all the actions you want to apply if the rule is triggered.

As this is a “manual trigger rule”,  you must add another rule to trigger this one when the form has loaded. This is necessary because the REST call cannot be used with the trigger “Custom JavaScript functions” directly.

To trigger the REST call, and the following trigger of the DFFS rule if the user is member of the group is done by another DFFS rule triggering on “The form is ready”.

Set this one up with the function name “checkADGroupMembership” in the “Run these functions / trigger these rules” field.

If the logged in user is member of the SharePoint group as a member in an AD-group, the rule “isInADGroup” will be triggered.

I hope this makes sense, and if not – post a comment below or in the forum.

Alexander

 


by Alexander Bautz via SharePoint JavaScripts
By at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)