Fixed a bug with using “getByTitle” and not the correct “getByName” in the SP 2010 code example.
This is a workaround for verifying membership in a SharePoint group when the user is added to the group as a member in an AD-group, and not as an individual user.
For this to work, the SharePoint group must be set up to only allow members to view membership in the group:
You find two code examples below. The first one will work in SP 2013 only, but the last will work in both SP 2010 and SP 2013 (not SP 2007).
Disclaimer: I have NOT been able to test this as I don’t have any AD groups to add in my SP 2013 Office 365 test site.
Based on this post by Eric Alexander
How to set up a trigger in DFFS
In DFFS backend – add this code to the Custom JS:
SharePoint 2013:
function spjs_isCurrentUserInGroup(groupIdOrName){
var endpoint;
if(typeof groupIdOrName === "string"){
endpoint = _spPageContextInfo.webAbsoluteUrl+"/_api/web/sitegroups/getbyname('"+groupIdOrName+"')/CanCurrentUserViewMembership"
}else{
endpoint = _spPageContextInfo.webAbsoluteUrl+"/_api/web/sitegroups("+groupIdOrName+")/CanCurrentUserViewMembership"
}
return jQuery.ajax({
"url":endpoint,
"type":"GET",
"contentType":"application/json;odata=verbose",
"headers":{
"Accept": "application/json;odata=verbose"
}
});
}
function checkADGroupMembership(){
// 18 is the ID of the SharePoint group
spjs_isCurrentUserInGroup(18).success(
function(data){
if(data.d.CanCurrentUserViewMembership){
setTimeout(function(){
spjs.dffs.triggerRule(["isInADGroup"]);
},10);
}
}
);
}
SharePoint 2010:
function spjs_isCurrentUserInGroup(groupIdOrName){
var cc, gc, g, u;
cc = new SP.ClientContext.get_current();
gc = cc.get_web().get_siteGroups();
if(typeof groupIdOrName === "string"){
g = gc.getByName(groupIdOrName);
}else{
g = gc.getById(groupIdOrName);
}
u = g.get_users();
cc.load(u);
cc.executeQueryAsync(
function(sender, args){
setTimeout(function(){
spjs.dffs.triggerRule(["isInADGroup"]);
},10);
},
function(sender, args){
// No access
}
);
}
function checkADGroupMembership(){
// 18 is the ID of the SharePoint group
spjs_isCurrentUserInGroup(18);
}
The number 18 in the function “checkADGroupMembership” is the SharePoint group id, but you can also use the display name of the group – change it to match your group.
Add a rule to DFFS with the “Rule friendly name”:
isInADGroup
This rule is set up with the trigger “No trigger (must be triggered manually), and with all the actions you want to apply if the rule is triggered.
As this is a “manual trigger rule”, you must add another rule to trigger this one when the form has loaded. This is necessary because the REST call cannot be used with the trigger “Custom JavaScript functions” directly.
To trigger the REST call / JSOM query, and the following trigger of the DFFS rule if the user is member of the group is done by another DFFS rule triggering on “The form is ready”.
Set this one up with the function name “checkADGroupMembership” in the “Run these functions / trigger these rules” field.
If the logged in user is member of the SharePoint group as a member in an AD-group, the rule “isInADGroup” will be triggered.
I hope this makes sense, and if not – post a comment below or in the forum.
Alexander
I have updated this post with a code example that will work with SharePoint 2010.
Alexander
I actually got this to work 😀
How would I modify your code to do the inverse of this?
ie “If logged in user is NOT in group with ID or name”
btw, you should specify in the documentation the number 18 is the id of the SharePoint group and not the AD group.
Hi,
To do something if the user is NOT in the group, look at the code for:
The first function is for “success = is in group”, the last function is for “fail = not in group”.
Hope this helps,
Alexander
Hi Alex,
I’m using 2013, that cc.executeQueryAsync function does not exist in the code for 2013.
In the SP 2013 code you have this “if”:
if(data.d.CanCurrentUserViewMembership){...Just add an “else” here, and you should have the “not in group”.
Alexander
How do I trigger a different rule if the user gets an access denied error in response, i.e. the ajax calls ends in an error/fail condition instead of success?
Just add an else on the first if and call another rule from there – something like this:
if (data.d.CanCurrentUserViewMembership) { setTimeout(function () { spjs.dffs.triggerRule(["isInADGroup"]); }, 10); }else{ setTimeout(function () { spjs.dffs.triggerRule(["isNOTInADGroup"]); }, 10); }Alexander
Maybe I am just not understanding the functionality behind the ajax call but this code is inside the ‘success’ function. I was asking how you would handle the ‘failure’ function of the ajax call. Thanks!
The function will not trigger the error function if the user is not member of this group – it will still end up in the success function but the variable data.d.CanCurrentUserViewMembership will be false and not true.
If it ends up in the error function it is not because the user doesn’t belong to the group, but because he or she does not have the necessary rights so perform the query.
If you need to use the error function you can try it like this:
function checkADGroupMembership() { // 18 is the ID of the SharePoint group spjs_isCurrentUserInGroup(18) .success( function (data) { if (data.d.CanCurrentUserViewMembership) { setTimeout(function () { spjs.dffs.triggerRule(["isInADGroup"]); }, 10); } } ) .error( function(err){ console.log(err); } ); }Alexander