Checking permissions in SharePoint from the client object model

SharePoint 2010 brought us this great little addition called the client object model, which gave us an effective way to talk to SharePoint without having to deal with the at times rather average set of web services. This is been great for me at the moment as I have been working on an addin for Outlook 2010 that talks back to SharePoint, and in this post I wanted to share how I use the client object model to check a users permissions to a specific site.

The goal for this piece of code was to find out if the user had permissions to view items in a specific site, and I used that information to trim some of the functionality in the Outlook addin. First lets have a look at the code

bool hasPermissions;
using (var context = new ClientContext("http://MySharePointUrl"))
{
    var web = context.Web;
    context.Load(web);

    var permissions = new BasePermissions();
    permissions.Set(PermissionKind.OpenItems);
    var result = web.DoesUserHavePermissions(permissions);

    context.ExecuteQuery();
    hasPermissions = result.Value;
}
return hasPermissions;

Now let's break it down. Getting started we have the ClientContext object, this is the key to retrieving data from SharePoint on the client side. We pass the URL of our site into the constructor and from there we can use this object to execute queries. The first thing we do with this object is to retrieve the Web object (not called an SPWeb at the client side, just a Web, so don't get confused here!). This is done via the next 2 lines of code, the first creates our local variable but at this point it is essentially just a stub. Until we call the context.Load() method, which will essentially return the properties of the object from the server, we can't do much with this object. When we do call that load method only a small set of properties will actually be returned by default - you can throw some overloads into that method to specify which properties you specifically need but I wont go in to that here, I'll keep this simple. The theory is though that by specifying just the properties you need you can reduce the traffic between the client and the server.

Moving on to the important part of the code, the permission check. Here we create ourselves a BasePermissions object which will contain the permission we are checking for. In this case I'm just looking for the OpenItems permission, so I use the Set method to set the value and then I call the DoesUserHavePermissions method. Again, the result object here will throw an exception if I try to call it immediately after this as it is just a stub. What is happening here is that the appropriate query commands are queued up with the ClientContext object, and until we call the ExecuteQuery method (which we do on the next line) those queries will not be executed. This gives us control over when we go back to the server, which can allow us to do things in batches to optimise the communication between client and server once more. After the ExecuteQuery method returns I can simply check the result object for its Value property and that's it - I now know if the user has permissions to the site in question. Pretty simple stuff in the end, you just need to adjust to the client side way of thinking when dealing with transferring data to your client side app but a lot of the properties and methods on the objects are going to be familiar to you anyway, so feel free to have a crack at the client side object model when you get a chance!