@@ -1019,93 +1019,119 @@ private static bool IsCurrentUserTenantAdminViaGraph(ClientContext clientContext
10191019
10201020 private static bool IsCurrentUserTenantAdminViaSPO ( ClientContext clientContext )
10211021 {
1022- // Get the URL of the current site collection
1023- var site = clientContext . Site ;
1024- site . EnsureProperty ( s => s . Url ) ; // PAOLO: We can't do that ... if we're not admins ...
1025-
1026- // If we are already with a context for the Admin Site, all good, the user is an admin
1027- if ( PnP . Framework . AuthenticationManager . IsTenantAdministrationUrl ( site . Url ) )
1028- {
1029- return ( true ) ;
1030- }
1031- else
1022+ try
10321023 {
1033- // Otherwise, we need to target the Admin Site
1034- var adminSiteUrl = clientContext . Web . GetTenantAdministrationUrl ( ) ;
1035- try
1024+ // Get the URL of the current site collection
1025+ var site = clientContext . Site ;
1026+ site . EnsureProperty ( s => s . Url ) ;
1027+
1028+ // If we are already with a context for the Admin Site, all good, the user is an admin
1029+ if ( PnP . Framework . AuthenticationManager . IsTenantAdministrationUrl ( site . Url ) )
1030+ {
1031+ return ( true ) ;
1032+ }
1033+ else
10361034 {
1037- // Connect to the Admin Site
1038- using ( var adminContext = clientContext . Clone ( adminSiteUrl ) )
1035+ // Otherwise, we need to target the Admin Site
1036+ var adminSiteUrl = clientContext . Web . GetTenantAdministrationUrl ( ) ;
1037+ try
10391038 {
1040- // Do something with the Tenant Admin Context
1041- Tenant tenant = new Tenant ( adminContext ) ;
1042- tenant . EnsureProperty ( t => t . RootSiteUrl ) ;
1039+ // Connect to the Admin Site
1040+ using ( var adminContext = clientContext . Clone ( adminSiteUrl ) )
1041+ {
1042+ // Do something with the Tenant Admin Context
1043+ Tenant tenant = new Tenant ( adminContext ) ;
1044+ tenant . EnsureProperty ( t => t . RootSiteUrl ) ;
10431045
1044- // If we've got access to the tenant admin context,
1045- // it means that the currently connecte user is an admin
1046- return ( true ) ;
1046+ // If we've got access to the tenant admin context,
1047+ // it means that the currently connected user is an admin
1048+ return ( true ) ;
1049+ }
1050+ }
1051+ catch
1052+ {
1053+ // In case of any connection exception, the user is not an admin
1054+ return ( false ) ;
10471055 }
10481056 }
1049- catch
1050- {
1051- // In case of any connection exception, the user is not an admin
1052- return ( false ) ;
1053- }
1057+ }
1058+ catch ( ServerUnauthorizedAccessException )
1059+ {
1060+ // User doesn't have permissions to access site properties
1061+ return ( false ) ;
1062+ }
1063+ catch
1064+ {
1065+ // In case of any other exception, the user is not an admin
1066+ return ( false ) ;
10541067 }
10551068 }
10561069
10571070 public static bool IsCurrentUserTenantAdmin ( ClientContext clientContext , string tenantAdminSiteUrl )
10581071 {
10591072 bool result = false ;
1060- // Get the URL of the current site collection
1061- var web = clientContext . Web ;
1062- var site = clientContext . Site ;
1063- site . EnsureProperty ( s => s . Url ) ;
1064- var baseTemplateId = web . GetBaseTemplateId ( ) ;
1065-
1066- if ( string . Equals ( baseTemplateId , "TENANTADMIN#0" , StringComparison . InvariantCultureIgnoreCase ) )
1067- {
1068- result = true ;
1069- }
1070- else
1073+ try
10711074 {
1072- // Otherwise, we need to target the Admin Site
1073- // No easy way to detect tenant admin site in on-premises, so users have to specify it
1074- string adminSiteUrl = tenantAdminSiteUrl ;
1075- if ( ! string . IsNullOrEmpty ( adminSiteUrl ) )
1075+ // Get the URL of the current site collection
1076+ var web = clientContext . Web ;
1077+ var site = clientContext . Site ;
1078+ site . EnsureProperty ( s => s . Url ) ;
1079+ var baseTemplateId = web . GetBaseTemplateId ( ) ;
1080+
1081+ if ( string . Equals ( baseTemplateId , "TENANTADMIN#0" , StringComparison . InvariantCultureIgnoreCase ) )
10761082 {
1077- result = CanConnectTenantAdminSite ( clientContext , adminSiteUrl ) ;
1083+ result = true ;
10781084 }
10791085 else
10801086 {
1081- //TODO: try to find a way to get the real tenant admin site url
1082- var foundAdminSiteUrl = GetTenantAdminSite ( clientContext ) ;
1083- if ( ! string . IsNullOrEmpty ( foundAdminSiteUrl . AbsoluteUri ) )
1087+ // Otherwise, we need to target the Admin Site
1088+ // No easy way to detect tenant admin site in on-premises, so users have to specify it
1089+ string adminSiteUrl = tenantAdminSiteUrl ;
1090+ if ( ! string . IsNullOrEmpty ( adminSiteUrl ) )
10841091 {
1085- result = CanConnectTenantAdminSite ( clientContext , foundAdminSiteUrl . AbsoluteUri ) ;
1092+ result = CanConnectTenantAdminSite ( clientContext , adminSiteUrl ) ;
10861093 }
10871094 else
10881095 {
1089- Uri uri = new Uri ( clientContext . Url . TrimEnd ( new [ ] { '/' } ) ) ;
1090- var rootSiteUrl = $ "{ uri . Scheme } ://{ uri . DnsSafeHost } ";
1091-
1092- var urlsToTry = new System . Collections . Generic . List < string > ( )
1096+ //TODO: try to find a way to get the real tenant admin site url
1097+ var foundAdminSiteUrl = GetTenantAdminSite ( clientContext ) ;
1098+ if ( ! string . IsNullOrEmpty ( foundAdminSiteUrl . AbsoluteUri ) )
10931099 {
1094- rootSiteUrl + "/sites/admin" ,
1095- rootSiteUrl + "/sites/tenantadmin"
1096- } ;
1097-
1098- foreach ( var url in urlsToTry )
1100+ result = CanConnectTenantAdminSite ( clientContext , foundAdminSiteUrl . AbsoluteUri ) ;
1101+ }
1102+ else
10991103 {
1100- result = CanConnectTenantAdminSite ( clientContext , url ) ;
1101- if ( result )
1104+ Uri uri = new Uri ( clientContext . Url . TrimEnd ( new [ ] { '/' } ) ) ;
1105+ var rootSiteUrl = $ "{ uri . Scheme } ://{ uri . DnsSafeHost } ";
1106+
1107+ var urlsToTry = new System . Collections . Generic . List < string > ( )
11021108 {
1103- break ;
1109+ rootSiteUrl + "/sites/admin" ,
1110+ rootSiteUrl + "/sites/tenantadmin"
1111+ } ;
1112+
1113+ foreach ( var url in urlsToTry )
1114+ {
1115+ result = CanConnectTenantAdminSite ( clientContext , url ) ;
1116+ if ( result )
1117+ {
1118+ break ;
1119+ }
11041120 }
11051121 }
11061122 }
11071123 }
11081124 }
1125+ catch ( ServerUnauthorizedAccessException )
1126+ {
1127+ // User doesn't have permissions to access site properties
1128+ result = false ;
1129+ }
1130+ catch
1131+ {
1132+ // In case of any other exception, the user is not an admin
1133+ result = false ;
1134+ }
11091135
11101136 return result ;
11111137 }
0 commit comments