I have been tasked with some SharePoint work that involves the following scenario.
The users are in an active directory group with permissions directly binded to the AD group in some cases and in some cases the AD group is assigned to a SharePoint group.
My question is hat how can I check the SPUser's permissions if the user is not directly assigned to a group/permission but is actually in the Active Directory group? I need to check the user's permission level.
For instance:
User: UserX Belongs to AD Group "SHAREPOINT_POWER_USERS" and this group has "Contribute" permissions and belongs to a SharePoint group "IT Support Group".
Would there be a way to programatically retrieve this as the user does not exist in advaned permissions or a sharepoint group? Can I access this by doing something like:
//Pseudocode to access groups
SPUser user = SPContext.Current.Web.CurrentUser;
SPGroupCollection collection = user.Groups;
Please let me know how this works.
Thanks.
Easy. Use SPUtility.GetPrincipalsInGroup.
There is a good example in an older post here: Getting members of an AD domain group using Sharepoint API