GetUserEffectivePermissions returning 0 (“EmptyMask”)
-
04-10-2020 - |
Pergunta
I'm trying to retrieve the current user's permissions for a list but I keep getting an emptyMask
result, even when my current user account is a Site Collection Admin.
function getListUserEffectivePermissions (){
var account = 'domain\\myaccount';
var endpointUrl = _spPageContextInfo.webServerRelativeUrl + "/_api/web/lists/getbytitle('My Library')/getusereffectivepermissions(@u)?@u='"+account+"'";
return $.ajax({
url : endpointUrl,
dataType : 'json',
headers : { 'accept': 'application/json;odata=verbose' }
});
}
function parseBasePermissions (value){
var permissions = new SP.BasePermissions();
permissions.initPropertiesFromJson(value);
var permLevels = [];
for(var permLevelName in SP.PermissionKind.prototype) {
if (SP.PermissionKind.hasOwnProperty(permLevelName)) {
var permLevel = SP.PermissionKind.parse(permLevelName);
if(permissions.has(permLevel)){
permLevels.push(permLevelName);
}
}
}
return permLevels;
}
getListUserEffectivePermissions().done(function(data){
var roles = parseBasePermissions(data);
console.log(roles);
});
A quick explanation of the code:
- Retrieving information for library "My Library"
- Retrieving permissions for user: "account"
- When completed, it compares the results to the
SP.PermissionKind
object - prints results
I'm pretty sure that the values being passed in for "My Library" and account
are correct. If I change the account
to a user name not present in my SharePoint instance I get
{"error":{"code":"-2130575276, Microsoft.SharePoint.SPException","message":{"lang":"en-US","value":"The user does not exist or is not unique."}}}
When I use my own account name I just get:
["emptyMask"]
And the responseText
I get is:
{"d":{
"GetUserEffectivePermissions":{
"__metadata":{
"type":"SP.BasePermissions"
},
"High":"0",
"Low":"0"
}
}}
Can anyone tell me what I'm doing wrong?
Solução
Regarding REST approach:
Since you are getting the proper result from GetUserEffectivePermissions
endpoint, below is demonstrated how to parse SP.BasePermissions
value:
var data = {
"d": {
"GetUserEffectivePermissions": {
"__metadata": { "type": "SP.BasePermissions" },
"High": "432",
"Low": "1011028583"
}
}
};
where
function parseBasePermissions (value){
var permissions = new SP.BasePermissions();
permissions.initPropertiesFromJson(value);
var permLevels = [];
for(var permLevelName in SP.PermissionKind.prototype) {
if (SP.PermissionKind.hasOwnProperty(permLevelName)) {
var permLevel = SP.PermissionKind.parse(permLevelName);
if(permissions.has(permLevel)){
permLevels.push(permLevelName);
}
}
}
return permLevels;
}
Usage
var roles = parseBasePermissions(data.d.GetUserEffectivePermissions);
console.log(roles);
Result
["emptyMask", "viewListItems", "addListItems", "editListItems", "openItems", "viewVersions", "managePersonalViews", "viewFormPages", "open", "viewPages", "createSSCSite", "browseDirectories", "browseUserInfo", "addDelPrivateWebParts", "updatePersonalWebParts", "useClientIntegration", "useRemoteAPIs", "createAlerts", "editMyUserInfo"]
Outras dicas
I had two problems.
- The first was my username
- The second was trying to parse the result into a Permissions object
I was using my login name in the form of domain\user
but we're using claims authentication so my user name needed to be i:0#.w|domain\user
For example: i:0#.w|stackoverflow\jasonscript
Once I corrected the issue with my username, I started getting more relevant results
{"d":{"
GetUserEffectivePermissions":{
"__metadata":{"type":"SP.BasePermissions"},
"High":"432",
"Low":"1011028583"
}
}}
However, I still couldn't parse this into usable permissions.
I ended up scrapping the REST approach and reverting back to JSOM. This seemed to have the benefit of automatically parsing the results so that I could check which permissions were in place using the has
method:
checkListPermissions(myUserName).done(function(userPermissionResults){
console.log('has addListItems? : ' + userPermissionResults.has(SP.PermissionKind.addListItems));
console.log('has editListItems? : ' + userPermissionResults.has(SP.PermissionKind.editListItems));
console.log('has deleteListItems? : ' + userPermissionResults.has(SP.PermissionKind.deleteListItems));
});
function checkListPermissions(userAccount) {
var deferred = $.Deferred();
var clientContext = SP.ClientContext.get_current();
var spList = clientContext.get_web().get_lists().getByTitle('Draft Documents');
var userPermissions = spList.getUserEffectivePermissions(userAccount);
clientContext.executeQueryAsync(
Function.createDelegate(this, function (){ deferred.resolve(userPermissions); }),
Function.createDelegate(this, function (sender, args){ deferred.reject(sender, args); })
);
return deferred.promise();
}