Skip to main content

How to check User permission using REST

Though SharePoint handles security trimming throughout the site, sometimes when you need to create custom pages and controls, you would need to check the permissions of the logged in user to allow/block certain actions. For example, only if a user has permission  to edit list items, show Edit button. So how do you check if the logged-in user has the required permission or not?

SharePoint provides a REST endpoint "effectiveBasePermissions". Using this endpoint, you can check if the user has required permission or not.

THE URL syntax is: [Domain]/[Site]/_api/web/lists/getByTitle('ListName')/effectiveBasePermissions.

Interestingly, this endpoint returns data as JavaScript Object Model (JSOM) object. So to use this data, you would need to load two libraries sp.runtime.debug.js and sp.debug.js. These libraries are available at 15 hive folder.

Let me show you the complete code (jQuery should be loaded for this code). This code is tested in SharePoint Online and it should work in on-premises as well.

$(document).ready(function(){ 

 $.ajax({

   type: "GET", url: _spPageContextInfo.webAbsoluteUrl + "/_api/web/lists/getByTitle('CustomList')/effectiveBasePermissions",

   headers: {"accept": "application/json; odata=verbose"},

   success: function(data){ 

     var perm = new SP.BasePermissions();

     perm.fromJson(data.d.EffectiveBasePermissions);

     var hasPermission = perm.has(SP.PermissionKind.editListItems);

     if(hasPermission) {
         alert("User has permission to Edit the List"); 
     }
     else {
         alert("User has no permission to Edit the List");
     }

   },

   error: function(error){
       alert("Error");
       console.log(error); 
   }

 })

});

EffectiveBasePermissions will have the High and Low values (related to Permission) which is difficult to make anything out of it. So we load these two numbers to a BasePermissions object and use "has" method to check the permission. Do note the parameter passed to this method. It is an enumeration of SP.PermissionKind. This method returns boolean value. In this case we are checking if the user has permission to edit List items (editListItems). To get the list of Enumeration values, check this MSDN article.

If you observe the example above, we are checking the user permission for a specific List. Similarly, you can check the user permission at site level or item level.

Comments

Popular posts from this blog

How to update Person field with multiple values using REST API

Person or Group field in SharePoint is similar to a Lookup field. When you are updating this field using REST API, you need to append "Id" to the name of the column in the body construct. For example, the body construct looks like this: data: { "__metadata": { "type": "SP.Data. ListName ListItem" }, "Title": "First Item", " PeopleField Id": "4" }; The highlighted portions should be replaced by the actual List Name and Column Name. In the above example, the REST call is updating a List item with Title and People columns. How to get the value for user ID ("4" in the above example) needs a separate explanation and that will be my next post! The above example works fine if Person field is configured to accept only one value. If we change the Person field to accept multiple values, how do we pass more than one value in the REST call? Since we normally separate user names with semicolon in peop

All about SharePoint List View Styles

Sometimes, there are out of the box features which we tend to ignore and later when we do apply, we are more than happy about the feature which is readily available in SharePoint. One such feature is List View Style. I never thought I would write a post on this. However, whenever I spoke about this with users, people were excited to see the result. That prompted me to write this post. Instead of getting into only theory part, I will basically take use cases where these styles can be applied and also touch up on on some minor limitations with certain style. When you are creating/modifying a List view, you will get an option to select View Style. As shown below, there are 8 options available and Default is always set if you ignore this style. List of View Styles I will take typical Contact List and Announcement List to explian about these styles. Let us go one by one. Default: This view, as name suggest, is the default style in a view. This is one of the widely seen style

How to get Search Refiners using REST API

As Title says this blog is about getting SharePoint Search Refiners using REST API. I could not find examples in internet for getting refiners and how to read refiner JSON data. So I did kind of research and trials and finally I was able to get the refiners using REST API. I assume that you are already familiar with fetching search results using REST API. If not, I suggest to read this fantastic post by Chris O'Brien . I have extended the example given in this blog to refiners. Let us first understand how to frame REST query to get refiners. The syntax of the URL is http://[your site]/_api/search/query?querytext='SharePoint'&refiners='[refiner]' To get refiners, refiners keyword should be passed as a parameter along with the actual refiner that we need. Before I show an example, let us first check how XML response would look like if you don't add this keyword. Without Refiner As marked in Red, if we don't pass refiner as parameter, Refinemene