Friday, September 07, 2012

MS CRM 2011: How to check user rights on client side

Today I have got requirement to write function which will validate rights of user. In our specific case we had to show/hide buttons on custom web form. I decided to post results of my work here.
CheckUserPrivilege = function (privilegeName) {
    var context = (typeof GetGlobalContext != "undefined") ? GetGlobalContext() : Xrm.Page.context;

    var requestXml = "" +
    "  " +
    "    " +
    "      " +
    "        " +
    "          false" +
    "          " +
    "        " +
    "        " +
    "          " +
    "            " +
    "              name" +
    "              Equal" +
    "              " +
    "                " + privilegeName + "" +
    "              " +
    "            " +
    "          " +
    "          And" +
    "          " +
    "          false" +
    "        " +
    "        false" +
    "        privilege" +
    "        " +
    "          " +
    "            " +
    "              false" +
    "              " +
    "            " +
    "            " +
    "            Inner" +
    "            " +
    "              " +
    "              And" +
    "              " +
    "              false" +
    "            " +
    "            " +
    "              " +
    "                " +
    "                  false" +
    "                  " +
    "                " +
    "                " +
    "                Inner" +
    "                " +
    "                  " +
    "                  And" +
    "                  " +
    "                  false" +
    "                " +
    "                " +
    "                  " +
    "                    " +
    "                      false" +
    "                      " +
    "                    " +
    "                    " +
    "                    Inner" +
    "                    " +
    "                      " +
    "                        " +
    "                          systemuserid" +
    "                          EqualUserId" +
    "                          " +
    "                        " +
    "                      " +
    "                      And" +
    "                      " +
    "                      false" +
    "                    " +
    "                    " +
    "                    roleid" +
    "                    privilege" +
    "                    roleid" +
    "                    systemuserroles" +
    "                  " +
    "                " +
    "                roleid" +
    "                privilege" +
    "                parentrootroleid" +
    "                role" +
    "              " +
    "            " +
    "            privilegeid" +
    "            privilege" +
    "            privilegeid" +
    "            roleprivileges" +
    "          " +
    "        " +
    "        " +
    "        " +
    "          0" +
    "          0" +
    "          " +
    "          false" +
    "        " +
    "        false" +
    "      " +
    "    " +
    "  " +
    "";


    var xhr = new XMLHttpRequest();
    xhr.open("POST", context.prependOrgName("/XRMServices/2011/Organization.svc/web"), false)
    xhr.setRequestHeader("Accept", "application/xml, text/xml, */*");
    xhr.setRequestHeader("Content-Type", "text/xml; charset=utf-8");
    xhr.setRequestHeader("SOAPAction", "http://schemas.microsoft.com/xrm/2011/Contracts/Services/IOrganizationService/RetrieveMultiple");
    xhr.send(requestXml);

    if (xhr.responseXML.selectSingleNode('s:Envelope/s:Body/RetrieveMultipleResponse/RetrieveMultipleResult/a:Entities').childNodes.length != 0) {
        return true;
    }

    return false;
}


And here is sample of usage:

OnLoad = function () {
    if (CheckUserPrivilege("prvCreateIncident")) {
        alert("User has privileges to create icidents");
    }
    else {
        alert("User doesn't have privileges to create icidents");
    }
}