AddUserToGroups\Remove with owner credentials

Dec 20, 2012 at 4:06 AM

Hi Marc,

Strange situation here- silly me built  something where the user has the  ability to add\remove hinmself from user groups.
While testing it is worked (duh! i am the site collection admin) but..it would never work for a normal user,because he is not the owner of the group{Requirement says :It has to be like this}
[everything has to be via jQuery]

 


here is what i thought are possible without jQuery\SP,though most of them are out of question:

1. fire a workflow ->impersonate ME-> add\remove user's
2. have a WCF and not use SPSErvices at all but call the wcf from my jquery [but that means drifting into VS\object model and that' out of question]

Coordinator
Dec 27, 2012 at 9:39 PM

Can you explain more about what you are trying to accomplish?

M.

Dec 28, 2012 at 5:15 AM

Thanks for your reply Marc.

1. via spservice i am getting list of all user groups available on the portal ( they are meaningfull names, so user understands)

2. via "addusertogroups" i am trying to add an user to  the user group's he wants to join

basically the list's item level permission's are based on user groups, and we are allowing the user to control what he wants to see.The problem occurs when the operaion is being done by someone other than me (who is not the owner of the user groups\sitecollectionadmin)

For obvious reasons the adduser can be done only by owner's or people who are in the group,but i an looking for a workarround.

what i thought i can do are:

1. on "save" i'll fire a SPD workflow , try and impersonate "ME" and do the "add\remove" there [could not find a operation called "add\remove user's from groups"]

2. instead of spservice , use a custom wcf ,writecode there and pass my credentials [basically write stuff in c# and deploy, but this wont work as IT does not allow any kindof deployment]

hope i could give a clear picture .

 

Thanks again Marc for the help.

#bigFan

Dec 28, 2012 at 11:42 AM
Edited Dec 28, 2012 at 11:45 AM

Something that I thought should work for this, would be to set the group to allow users to request access and also set it to auto accept incoming requests.

groupscreen

Coordinator
Jan 3, 2013 at 3:38 PM

You're not going to be able to get around the permissions by using the Web Services; they always respect the permissions settings. In other words, the user is always themself, and there is no elevating permissions client-side.

As Dan suggests, you'll need to rethink yout permission settings.

M.