DotNet Development, SharePoint Customizing, Silverlight, MS Infrastructure and other tips and tricks

Retreive recursive all SP Subwebs with current User Permission

Posted by PANVEGA on November 20, 2008

As an alternative to programming against the SharePoint web services you can use the SharePoint object model. The object model can be used when the application will run on the server where SharePoint is installed (such as a console or WinForm application) or in assemblies that are run within a site (such as a Web Part or Webservices).

One of the great things about the object model is that it is security trimmed, so you can usually just ask for items that the user has permissions for. However, there may be items that the user can access but the user still doesn’t have access to perform a specific task– which is a great reason to check for permissions before attempting an operation


I need a way to retreive a existing Subwebs Sites from SharePoint how the current User has the rights to access the site. This information should be used to store the items in a XMLDocument and returns the content to a custom SharrePoint WebService method.

How to develope a custom SharePoint WebService I am going to explain in one of my next posts.


In my previous post I explained how to retreive SharePoint SubSites using the GetSubwebsForCurrentUser method with the Object model.


However  the method only returns the subwebs directly under the given root . So I will need to make recursive calls, in order to traverse the entire tree of subwebs for any given user.

In this example I found a good way to retreive recursive the SP SubSites and check the access permission of the current user.

Code snippet:

First part:

Catches the root Websites and the current SP user. The recursive method FillSubWeb(SPWeb) gets the rootweb parameter startpoint.
using (SPSite site = new SPSite(domain))
using (SPWeb rootWeb = site.AllWebs[0])
SPUser currentUser = web.CurrentUser;

Second part:

I tryed some ways to check the current user permission on a Subside. The best and most comfortable solution is using the DoesUserHavePermissions() method. This could be used for any business really. This method takes one or more SPBasePermissions and will tell you if the current SPUser (or another one if you’re checking SPList/Item/Web/Site) has the given permissions.

There’s a ton of permissions that are available, and they’re analogous to what you would set in the permission screen in the SharePoint UI. You can find a list of them here.

The DoesUserHavePermissions method of the SPPermissionCollection class returns a value that indicates whether the current user has the specified permissions. A Microsoft.SharePoint.SPRights value that specifies the permissions.

You can choose every BasePermission you want (e.g. full control etc.). However I only wanna check if the user has the lowest Site access permission (“ViewPages”) View Only – Members. I tried it several times and it works great.


It’s important to note that the SPBasePermission enum uses the [Flags] attribute which means you can check many at the same time by using the bit wise OR (|) operator.

private void FillSubWeb(SPWeb webSite)
foreach (SPWeb web in webSite.Webs)
//minimum View Only – Members
if (web.DoesUserHavePermissions(CurrentUser.LoginName, Microsoft.SharePoint.SPBasePermissions.ViewPages))
//do something

However if you wann be 100% sure if the user in member of a SP Group you can try the code below. This looks not very good with all the foreach, but it works also fine. Here I checked if the users group ID is the same ID than the SiteGroup Permissions.

SPGroupCollection groupsCollection = currentUser.Groups;

private void FillSubWeb(SPWeb webSite)
foreach (SPWeb web in webSite.Webs)

SPPermissionCollection permission = web.Permissions;
foreach (SPPermission oPermission in permission)
foreach(SPGroup group in groupsCollection)
if (group.ID.Equals(oPermission.Member.ID))
//do something
FillSubWeb(webs, web);


More information:


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: