I'm writing some custom web parts for a Portal site of one of our customers. At some point i was testing the code with a user from a different site group. In this case it was the "reader" site group. It seems that some functionality i was using was not available anymore due to CAS (code Access Security) in the SharePoint assemblies.
Impersonating a user like "Administrator" will not work in this case so i found a very good article written by Maurice Prather at the blog of SharePoint Thoughts which uses a new created AppDomain to find out the information you want.
In my case i was trying to get the SPRoles of an SPUser. Even using the code from the article i had no success. After reading a lot in newsgroups i found out that a lot of other people were struggling with the same problem and also tried the code from the article. It seems that this code does work for all function calls except the function call to retrieve the SPRoles.
After investigating it seems that using SPWeb.Roles gives yuo an access denied due to a bug reported by Microsoft.
Impersonation does not work when you use some elements of the SharePoint Portal Server object model or the Windows SharePoint Services object model to impersonate an authenticated user
But i found another solution which access the rights of the current user. the following code works and does not need any impersonation what so ever :)
protected virtual bool IsEditable
{
get
{
SPWeb web = SPControl.GetContextWeb(Context);
if (web == null)
{
return false;
}
SPUser user = web.CurrentUser;
bool hasRight = web.Permissions.DoesUserHavePermissions(SPRights.ManageWeb);
return hasRight;
}
}
This piece of code checks if the current user hasd the right to manage the current web.