Skip to main content
Nintex Community Menu Bar

Hi Everyone,

I have a K2 form with controls that should be visible/hidden based on if current logged in user is part of a sharepoint group.

 

For ex: if the current user is part of "Members" group, he should be able to see "Edit" button a the form.

If the current user is just a visitor(Only read permissions) and not part of "Members" group, the "Edit" button should not be visible.

For this i tried the following rules: Execute "Get Group" method in "Group" smartobject to get the "GroupID" of "Memebers" group. Then Executed "Is User In Any One Group" method in "Group" smartobject and passing the GroupID from above rule as input mapping and i get "true" or "false".

 

The above works if the logged in user is an admin (Has access to manage permission on sharepoint site).

But it doesnt work if the current user is just a visitor as he doesnt have access to verify or access the Sharepoint groups. Form gives an error "Access denied".

 

Can you suggest a workaround for this. (To execute some rules with admin permissions / elevated previlages and to run some rules with current logged user) ?

 

Thanks in advance

Hi GovindSurnidi,


 


I see the same error as you on the "Is User in any one Group" - Probably because the SmartObject is being executed as the logged in user, which in this scenario does not have rights to read Permissions.


 


You can set your Form to execute as the App Pool Account, the steps are loosely based on the Anonymous form article, found here: http://help.k2.com/onlinehelp/k2five/icg/5.2/default.htm#configure/AnonSites.htm


 


But this again will execute the whole form as the App Pool User, if your business case does not allow it, i think the next best thing would be to use the UMGroup SmartObject?


 


-Jean


I got it resolved by creating a c# method and created an endpoint assembly. That method is executed with service account and it has full control on site.

This way, though the user is just a visitor, the method can verify the groups of the logged in user.


It sounds like the error you received when trying to access as a visitor is something that I have run into that is easily resolved (after taking a long time to figure out what was happening). We were able to fix it without any custom code. In SharePoint, if you go to the SP group you want to check and select Settings then Group Settings, you will have the option for "Who can view the membership of the group?". By default, ours was set to "Group Members" but after changing this to "Everyone", we were able to successfully use the Is User in Any One Group method no matter who was access the form. 



Reply