Is User A Member Of A (Nested) Group ?
April 27, 2008 – 10:34 amWorking with nested groups, it can be hard to determine if a user is member of the “base” group. The following class contains a method to do the job.
IsGroupMember ( GroupName, UserName ) calls method ExplodeGroup, which fills an array with all members of the group. It also resolves nested groups.
IsGroupMember now checks if the username is a member of this array using Lotusscript function ArrayGetIndex.
Class NotesDominoDirectory Private strServer As String Public Sub new (server As String ) strServer = server End Sub Public Function ExplodeGroup (GroupName As String) As Variant Dim s As New Notessession Dim db As New NotesDatabase ( Me.strServer, "names.nsf" ) Dim doc As NotesDocument Dim view As NotesView Dim i As Integer, j As Integer, k As Integer Dim arrGrp1, arrGrp2 As Variant Set view=Db.GetView ("($VIMGroups)") Set doc=View.GetDocumentByKey (GroupName) Redim arrMembers (1) As Variant j = 0 If Not (doc Is Nothing) Then arrGrp1= Doc.GetItemValue ("Members") For i= 0 To Ubound (arrGrp1) arrGrp2= Me.ExplodeGroup (arrGrp1 (i)) Redim Preserve arrMembers (Ubound (arrGrp2) + j) As Variant For k= 0 To Ubound (arrGrp2) arrMembers (j) = arrGrp2 (k) j = j + 1 Next Next Else Redim arrMembers (0) As Variant arrMembers (0) = GroupName End If ExplodeGroup= Arrayunique (arrMembers) End Function Public Function IsGroupMember ( strGroup As String, strUser As String ) As Boolean IsGroupMember = False If (Arraygetindex (Me.ExplodeGroup (strGroup), strUser , 5)) Then IsGroupMember = True End If End Function Public Function IsGroupMemberExt ( strGroup As String, strUser As String ) As Boolean ' uses undocumented function Dim arrMembers As Variant IsGroupMemberExt = False arrMembers = Evaluate(|@ExpandNameList("|& strServer & |":"names.nsf";"|& strGroup &|")| ) If (Arraygetindex ( arrMembers, strUser, 5)) Then IsGroupMemberExt = True End If End Function End Class
Here is a sample of how to check if Ulrich Krause is member of group “Everybody”
Sub Click(Source As Button) Dim res As Variant Dim dd As New NotesDominoDirectory ("serv01/singultus") Msgbox dd.IsGroupMember ( "Everybody" , "CN=Ulrich Krause/O=singultus") End Sub
There is also an undocumented @formula @ExpandNameList to expand a group and all nested groups to all the names.
Function IsGroupMemberExt ( strGroup As String, strUser As String ) As Boolean ' uses undocumented function Dim arrMembers As Variant IsGroupMemberExt = False arrMembers = Evaluate(|@ExpandNameList("|& strServer &|":"names.nsf";"|& strGroup &|")| ) If (Arraygetindex ( arrMembers, strUser, 5)) Then IsGroupMemberExt = True End If End Function
4 Responses to “Is User A Member Of A (Nested) Group ?”
There is an issue with this approach, when Directory Assistance is used. Since you “only” use names.nsf, you may miss group memberships in other configured directories.
Thomas
By Thomas Bahn on May 5, 2008
Be carefull when using @expandnamelist it doesnt work on groups starting with an underscore. i have no idea which other limitation there are but one is enough for me.
By Kai on May 6, 2008
Pedantic but…
In line 15 of the first code block it dims:
Dim i, j, k As Integer
This results in variables i & j as variants and k as an integer. To correct this, dim like this:
Dim i As Integer, j As Integer, k As Integer
By Peter Herrmann on Aug 16, 2008