SharePoint REST API - 使用REST介面對列表設定自定義許可權
部落格地址:http://blog.csdn.net/FoxDave
SharePoint網站、列表和列表項都屬於SecurableObject型別。預設情況下,一個安全物件繼承父級的許可權。對一個物件設定自定義許可權,你需要打破它從父級的繼承,通過增刪role assignments來自定義許可權。
本篇同樣會以程式碼示例來說明如何在列表上設定自定義許可權,然後再更改一個組的許可權。該示例使用REST服務來:
>獲取目標組的ID。該示例通過目標組的ID來獲取當前列表上的組所具有的角色繫結,並向列表新增新的角色。
>獲取為組定義的新的許可權的角色定義的ID,該ID用來向列表新增新的角色。該示例使用已存在的角色定義來定義新的角色,當然你也可以選擇建立一個新的角色定義。
>使用BreakRoleInheritance方法打破列表上的許可權繼承。該示例打破了列表的許可權繼承並保留當前的許可權設定。(在打破許可權繼承的時候,也可以選擇不保留當前的設定而只把當前使用者新增到管理許可權級別。)
>通過傳送DELETE方法請求到role assignment端點來移除列表上的組當前的role assignment。(如果你在打破許可權繼承的時候沒有保留現有設定,可以忽略此步。)
>使用AddRoleAssignment方法向組新增一個role assignment到目標列表,該操作會將組繫結到一個角色定義並將該角色新增到列表上。
前置條件
>SharePoint開發環境
>帶有Office Developer Tools的Visual Studio 2013或更高版本
此外還需要設定Add-in在網站範圍內的完全控制許可權,只有具有足夠許可權來更改列表許可權的使用者(如網站所有者)可以執行這個add-in。
示例:使用REST介面在列表上自定義許可權
下面的示例展示了一個SharePoint承載的Add-in中的App.js檔案的內容。第一個示例使用JavaScript跨域庫來構建和傳送HTTP請求,第二個示例使用jQuery AJAX請求。在你執行程式碼之前,需要把佔位符的值替換成真實的值。
示例一:跨域庫請求
'use strict';
// Change placeholder values before you run this code.
var listTitle = 'List 1';
var groupName = 'Group A';
var targetRoleDefinitionName = 'Contribute';
var appweburl;
var hostweburl;
var executor;
var groupId;
var targetRoleDefinitionId;
$(document).ready( function() {
//Get the URI decoded URLs.
hostweburl = decodeURIComponent(getQueryStringParameter("SPHostUrl"));
appweburl = decodeURIComponent(getQueryStringParameter("SPAppWebUrl"));
// Load the cross-domain library file and continue to the custom code.
var scriptbase = hostweburl + "/_layouts/15/";
$.getScript(scriptbase + "SP.RequestExecutor.js", getTargetGroupId);
});
// Get the ID of the target group.
function getTargetGroupId() {
executor = new SP.RequestExecutor(appweburl);
var endpointUri = appweburl + "/_api/SP.AppContextSite(@target)/web/sitegroups/getbyname('";
endpointUri += groupName + "')/id" + "?@target='" + hostweburl + "'";
executor.executeAsync({
url: endpointUri,
method: 'GET',
headers: { 'accept':'application/json;odata=verbose' },
success: function(responseData) {
var jsonObject = JSON.parse(responseData.body);
groupId = jsonObject.d.Id;
getTargetRoleDefinitionId();
},
error: errorHandler
});
}
// Get the ID of the role definition that defines the permissions
// you want to assign to the group.
function getTargetRoleDefinitionId() {
var endpointUri = appweburl + "/_api/SP.AppContextSite(@target)/web/roledefinitions/getbyname('";
endpointUri += targetRoleDefinitionName + "')/id" + "?@target='" + hostweburl + "'";
executor.executeAsync({
url: endpointUri,
method: 'GET',
headers: { 'accept':'application/json;odata=verbose' },
success: function(responseData) {
var jsonObject = JSON.parse(responseData.body)
targetRoleDefinitionId = jsonObject.d.Id;
breakRoleInheritanceOfList();
},
error: errorHandler
});
}
// Break role inheritance on the list.
function breakRoleInheritanceOfList() {
var endpointUri = appweburl + "/_api/SP.AppContextSite(@target)/web/lists/getbytitle('";
endpointUri += listTitle + "')/breakroleinheritance(true)?@target='" + hostweburl + "'";
executor.executeAsync({
url: endpointUri,
method: 'POST',
headers: { 'X-RequestDigest':$('#__REQUESTDIGEST').val() },
success: deleteCurrentRoleForGroup,
error: errorHandler
});
}
// Remove the current role assignment for the group on the list.
function deleteCurrentRoleForGroup() {
var endpointUri = appweburl + "/_api/SP.AppContextSite(@target)/web/lists/getbytitle('";
endpointUri += listTitle + "')/roleassignments/getbyprincipalid('" + groupId + "')?@target='" + hostweburl + "'";
executor.executeAsync({
url: endpointUri,
method: 'POST',
headers: {
'X-RequestDigest':$('#__REQUESTDIGEST').val(),
'X-HTTP-Method':'DELETE'
},
success: setNewPermissionsForGroup,
error: errorHandler
});
}
// Add the new role assignment for the group on the list.
function setNewPermissionsForGroup() {
var endpointUri = appweburl + "/_api/SP.AppContextSite(@target)/web/lists/getbytitle('";
endpointUri += listTitle + "')/roleassignments/addroleassignment(principalid=" + groupId;
endpointUri += ",roledefid=" + targetRoleDefinitionId + ")?@target='" + hostweburl + "'";
executor.executeAsync({
url: endpointUri,
method: 'POST',
headers: { 'X-RequestDigest':$('#__REQUESTDIGEST').val() },
success: successHandler,
error: errorHandler
});
}
// Get parameters from the query string.
// For production purposes you may want to use a library to handle the query string.
function getQueryStringParameter(paramToRetrieve) {
var params = document.URL.split("?")[1].split("&");
for (var i = 0; i < params.length; i = i + 1) {
var singleParam = params[i].split("=");
if (singleParam[0] == paramToRetrieve) return singleParam[1];
}
}
function successHandler() {
alert('Request succeeded.');
}
function errorHandler(xhr, ajaxOptions, thrownError) {
alert('Request failed: ' + xhr.status + '\n' + thrownError + '\n' + xhr.responseText);
}
示例二:jQuery AJAX請求// Change placeholder values before you run this code.
var siteUrl = 'http://server/site';
var listTitle = 'List 1';
var groupName = 'Group A';
var targetRoleDefinitionName = 'Contribute';
var groupId;
var targetRoleDefinitionId;
$(document).ready( function() {
getTargetGroupId();
});
// Get the ID of the target group.
function getTargetGroupId() {
$.ajax({
url: siteUrl + '/_api/web/sitegroups/getbyname(\'' + groupName + '\')/id',
type: 'GET',
headers: { 'accept':'application/json;odata=verbose' },
success: function(responseData) {
groupId = responseData.d.Id;
getTargetRoleDefinitionId();
},
error: errorHandler
});
}
// Get the ID of the role definition that defines the permissions
// you want to assign to the group.
function getTargetRoleDefinitionId() {
$.ajax({
url: siteUrl + '/_api/web/roledefinitions/getbyname(\''
+ targetRoleDefinitionName + '\')/id',
type: 'GET',
headers: { 'accept':'application/json;odata=verbose' },
success: function(responseData) {
targetRoleDefinitionId = responseData.d.Id;
breakRoleInheritanceOfList();
},
error: errorHandler
});
}
// Break role inheritance on the list.
function breakRoleInheritanceOfList() {
$.ajax({
url: siteUrl + '/_api/web/lists/getbytitle(\'' + listTitle
+ '\')/breakroleinheritance(true)',
type: 'POST',
headers: { 'X-RequestDigest':$('#__REQUESTDIGEST').val() },
success: deleteCurrentRoleForGroup,
error: errorHandler
});
}
// Remove the current role assignment for the group on the list.
function deleteCurrentRoleForGroup() {
$.ajax({
url: siteUrl + '/_api/web/lists/getbytitle(\'' + listTitle
+ '\')/roleassignments/getbyprincipalid(' + groupId + ')',
type: 'POST',
headers: {
'X-RequestDigest':$('#__REQUESTDIGEST').val(),
'X-HTTP-Method':'DELETE'
},
success: setNewPermissionsForGroup,
error: errorHandler
});
}
// Add the new role assignment for the group on the list.
function setNewPermissionsForGroup() {
$.ajax({
url: siteUrl + '/_api/web/lists/getbytitle(\'' + listTitle
+ '\')/roleassignments/addroleassignment(principalid='
+ groupId + ',roledefid=' + targetRoleDefinitionId + ')',
type: 'POST',
headers: { 'X-RequestDigest':$('#__REQUESTDIGEST').val() },
success: successHandler,
error: errorHandler
});
}
function successHandler() {
alert('Request succeeded.');
}
function errorHandler(xhr, ajaxOptions, thrownError) {
alert('Request failed: ' + xhr.status + '\n' + thrownError + '\n' + xhr.responseText);
}
本篇就介紹到這裡。相關文章
- SharePoint REST API - 列表和列表項RESTAPI
- Django REST framework API 指南(14):許可權DjangoRESTFrameworkAPI
- SharePoint REST API - 確定REST端點URLRESTAPI
- SharePoint REST API - 同步SharePoint列表項RESTAPI
- SharePoint REST API - 概述RESTAPI
- SharePoint REST API - 使用REST API和jQuery上傳一個檔案RESTAPIjQuery
- linq and rest api in sharepointRESTAPI
- SharePoint REST API - 基本操作(二)RESTAPI
- SharePoint REST API - 基本操作(一)RESTAPI
- Vue設定許可權列表目錄Vue
- 自定義許可權物件物件
- Django REST framework中認證和許可權的使用方法DjangoRESTFramework
- SharePoint REST API - OData查詢操作RESTAPI
- SharePoint REST API - REST請求導航的資料結構RESTAPI求導資料結構
- Django-Rest-Framework 許可權管理原始碼淺析DjangoRESTFramework原始碼
- 對定義者許可權和呼叫者許可權的理解
- hadoop自定義許可權Hadoop
- SAP自定義許可權物件物件
- rest apiRESTAPI
- android動態許可權到自定義許可權框架Android框架
- SharePoint REST API - 一個請求批量操作RESTAPI
- SharePoint REST API - 資料夾和檔案RESTAPI
- Paypal Rest Api自定義物流地址(跳過填寫物流地址)RESTAPI
- App跳轉到許可權設定介面APP
- DRF內建許可權元件之自定義許可權管理類元件
- Django(63)drf許可權原始碼分析與自定義許可權Django原始碼
- elasticsearch常用請求介面Rest API示例ElasticsearchRESTAPI
- django-rest-framework 基礎三 認證、許可權和頻率DjangoRESTFramework
- 如何設定許可權?
- 使用AOP+自定義註解完成spring boot的介面許可權校驗Spring Boot
- GraphQL API vs REST APIAPIREST
- Django 中 REST API 的設計DjangoRESTAPI
- .Net Core JWT 動態設定介面與許可權JWT
- wp rest api 授權方法步驟(使用JWT Authentication外掛)RESTAPIJWT
- SharePoint Online 站點模板中許可權的設定
- android自定義訪問許可權permissionAndroid訪問許可權
- android framework中新增自定義許可權AndroidFramework
- Elasticsearch(二)——Rest APIElasticsearchRESTAPI