Robert Picardo was Eddie Quist?????

Ok, so I’ve recorded a few classic horror movies during this month.   I’m not into gore, and try to stay away from that, but there are a few classics that I like to watch from time to time.   One of them is “The Howling”.  What I didn’t know, is that our favorite Emergency Medical Hologram from Star Trek Voyager (Robert Picardo) played the character of Eddie.   How crazy is that.

Categories Uncategorized

When SPWeb.DoesUserHavePermissions() (SPWeb.DoesNotWork == true)

In some code I’m working on, I need to check if the user who created the request has “ManageWeb” rights, but I need to ensure that any web underneath does not.

Since where I’m checking the users effective rights is some time after the user requested the action (In a different assembly not running under the webs context), I store the SPUserToken of the user along with the requesting zone so that I can open that same web back up, within that user’s context from the zone they made the request from (To check for Policy overrides, etc).

The SPSite object has a constructor where you can pass in the SPUserToken and the Zone and open up the Site and web from that users context when they visited the site.  I then call DoesUserHavePermissions() to validate that the user does in fact have a specific right. Very cool stuff!.

For example:


// Some code in a galaxy far, far away

int theSavedZone = (int)Microsoft.SharePoint.SPContext.Current.Site.Zone;

Guid theGuidOfTheSite = Microsoft.SharePoint.SPContext.Site.ID;

theSPUserToken = Microsoft.SharePoint.SPContext.Current.Web.CurrentUser.UserToken;

Guid theGuidOfTheWeb = Microsoft.SharePoint.SPContext.Web.ID

// Code in a different assembly somewhere outside of the WebApp.

SPSite site = new Microsoft.SharePoint.SPSite(theGuidOfTheSite, theSavedZone, theSPUserToken);

// Important call here!

site.CatchAccessDeniedException = false;

SPWeb web = site.OpenWeb(theGuidOfTheWeb);


  rockin = true;


So let’s pretend that the web in question DOES in fact allow the user to manage the web, thus rockin == true.

Now, a subweb from this web does not, so you would think you could do something like this:


foreach(subweb in web.Webs)



    rockin = true;



But I have found, that even though the subweb does in fact not allow the user to manage it, this call still evaluates true.

The workaround (which was painful and not very efficient) was to re-open yet another site object under that users context then call the sites OpenWeb() method with the guid of the subweb as we did on the parent, then DoesUserHavePermissions() worked reliably.


foreach(subweb in web.Webs)


  SPSite localsite = null;

  SPWeb localweb = null;



    Guid web_guid = subweb.ID

    Guid sc_guid = subweb.Site.ID;

    localsite = new Microsoft.SharePoint.SPSite(theGuidOfTheSite, theSavedZone, theSPUserToken);

    // Important call here!

    localsite.CatchAccessDeniedException = false;

    localweb = site.OpenWeb(theGuidOfTheWeb);

    if( localweb.DoesUserHavePermissions(Microsoft.SharePoint.SPBasePermissions.ManageWeb))

        rockin = true;


  catch(Exception e)


    // Handle the exception




    // Clean up those pesky dangling unmanged resources.

    if(localweb != null)


    if(localsite != null)





Not as efficient as just enumerating the subwebs and “Assuming” that DoesUserHavePermissiosn() is going to work reliably, but this worked.


 – Keith

Adding more than two site collection administrators programmatically.

The SiteAdministrators collection of the SPWeb object returns a SPUserCollection of all the Site Collection Administrators for the site in question.

Unfortunately, it doesn’t appear to actually allow you to “ADD” new users to the Site Collection Administrators via this collection like you can do with any other SPUserCollection for a user.

Whether it’s a bug, or not, a simple way around this is to do the following:

  1. Add the user to the site collection users list
  2. Retrieve the user you just added
  3. Set the IsSiteAdmin property for the user to true.
  4. Call SPUser.Update() for the user.

Sample code:

someSPWeb.AllUsers.Add(“domain\\user”,””,”The User”,null);

SPUser spUser = someSPWeb.AllUsers[“domain\\user”];

spUser.IsSiteAdmin = true;


Hope this helps

– Keith