SharePoint REST API - 使用REST接口對列表設置自定義權限
博客地址:http://blog.csdn.net/FoxDavejavascript
SharePoint網站、列表和列表項都屬於SecurableObject類型。默認狀況下,一個安全對象繼承父級的權限。對一個對象設置自定義權限,你須要打破它從父級的繼承,經過增刪role assignments來自定義權限。css
本篇一樣會以代碼示例來講明如何在列表上設置自定義權限,而後再更改一個組的權限。該示例使用REST服務來:java
>獲取目標組的ID。該示例經過目標組的ID來獲取當前列表上的組所具備的角色綁定,並向列表添加新的角色。web
>獲取爲組定義的新的權限的角色定義的ID,該ID用來向列表添加新的角色。該示例使用已存在的角色定義來定義新的角色,固然你也能夠選擇建立一個新的角色定義。ajax
>使用BreakRoleInheritance方法打破列表上的權限繼承。該示例打破了列表的權限繼承並保留當前的權限設置。(在打破權限繼承的時候,也能夠選擇不保留當前的設置而只把當前用戶添加到管理權限級別。)json
>經過發送DELETE方法請求到role assignment端點來移除列表上的組當前的role assignment。(若是你在打破權限繼承的時候沒有保留現有設置,能夠忽略此步。)api
>使用AddRoleAssignment方法向組添加一個role assignment到目標列表,該操做會將組綁定到一個角色定義並將該角色添加到列表上。跨域
前置條件安全
>SharePoint開發環境markdown
>帶有Office Developer Tools的Visual Studio 2013或更高版本
此外還須要設置Add-in在網站範圍內的徹底控制權限,只有具備足夠權限來更改列表權限的用戶(如網站全部者)能夠執行這個add-in。
示例:使用REST接口在列表上自定義權限
下面的示例展現了一個SharePoint承載的Add-in中的App.js文件的內容。第一個示例使用JavaScript跨域庫來構建和發送HTTP請求,第二個示例使用jQuery AJAX請求。在你執行代碼以前,須要把佔位符的值替換成真實的值。
示例一:跨域庫請求
'use strict';
// Change placeholder values before you run this code.
var listTitle = 'List 1';
var groupName = 'Group A';
var targetRoleDefinitionName = 'Contribute';
var appweburl;
var hostweburl;
var executor;
var groupId;
var targetRoleDefinitionId;
$(document).ready( function() {
//Get the URI decoded URLs.
hostweburl = decodeURIComponent(getQueryStringParameter("SPHostUrl"));
appweburl = decodeURIComponent(getQueryStringParameter("SPAppWebUrl"));
// Load the cross-domain library file and continue to the custom code.
var scriptbase = hostweburl + "/_layouts/15/";
$.getScript(scriptbase + "SP.RequestExecutor.js", getTargetGroupId);
});
// Get the ID of the target group.
function getTargetGroupId() {
executor = new SP.RequestExecutor(appweburl);
var endpointUri = appweburl + "/_api/SP.AppContextSite(@target)/web/sitegroups/getbyname('";
endpointUri += groupName + "')/id" + "?@target='" + hostweburl + "'";
executor.executeAsync({
url: endpointUri,
method: 'GET',
headers: { 'accept':'application/json;odata=verbose' },
success: function(responseData) {
var jsonObject = JSON.parse(responseData.body);
groupId = jsonObject.d.Id;
getTargetRoleDefinitionId();
},
error: errorHandler
});
}
// Get the ID of the role definition that defines the permissions
// you want to assign to the group.
function getTargetRoleDefinitionId() {
var endpointUri = appweburl + "/_api/SP.AppContextSite(@target)/web/roledefinitions/getbyname('";
endpointUri += targetRoleDefinitionName + "')/id" + "?@target='" + hostweburl + "'";
executor.executeAsync({
url: endpointUri,
method: 'GET',
headers: { 'accept':'application/json;odata=verbose' },
success: function(responseData) {
var jsonObject = JSON.parse(responseData.body)
targetRoleDefinitionId = jsonObject.d.Id;
breakRoleInheritanceOfList();
},
error: errorHandler
});
}
// Break role inheritance on the list.
function breakRoleInheritanceOfList() {
var endpointUri = appweburl + "/_api/SP.AppContextSite(@target)/web/lists/getbytitle('";
endpointUri += listTitle + "')/breakroleinheritance(true)?@target='" + hostweburl + "'";
executor.executeAsync({
url: endpointUri,
method: 'POST',
headers: { 'X-RequestDigest':$('#__REQUESTDIGEST').val() },
success: deleteCurrentRoleForGroup,
error: errorHandler
});
}
// Remove the current role assignment for the group on the list.
function deleteCurrentRoleForGroup() {
var endpointUri = appweburl + "/_api/SP.AppContextSite(@target)/web/lists/getbytitle('";
endpointUri += listTitle + "')/roleassignments/getbyprincipalid('" + groupId + "')?@target='" + hostweburl + "'";
executor.executeAsync({
url: endpointUri,
method: 'POST',
headers: {
'X-RequestDigest':$('#__REQUESTDIGEST').val(),
'X-HTTP-Method':'DELETE'
},
success: setNewPermissionsForGroup,
error: errorHandler
});
}
// Add the new role assignment for the group on the list.
function setNewPermissionsForGroup() {
var endpointUri = appweburl + "/_api/SP.AppContextSite(@target)/web/lists/getbytitle('";
endpointUri += listTitle + "')/roleassignments/addroleassignment(principalid=" + groupId;
endpointUri += ",roledefid=" + targetRoleDefinitionId + ")?@target='" + hostweburl + "'";
executor.executeAsync({
url: endpointUri,
method: 'POST',
headers: { 'X-RequestDigest':$('#__REQUESTDIGEST').val() },
success: successHandler,
error: errorHandler
});
}
// Get parameters from the query string.
// For production purposes you may want to use a library to handle the query string.
function getQueryStringParameter(paramToRetrieve) {
var params = document.URL.split("?")[1].split("&");
for (var i = 0; i < params.length; i = i + 1) {
var singleParam = params[i].split("=");
if (singleParam[0] == paramToRetrieve) return singleParam[1];
}
}
function successHandler() {
alert('Request succeeded.');
}
function errorHandler(xhr, ajaxOptions, thrownError) {
alert('Request failed: ' + xhr.status + '\n' + thrownError + '\n' + xhr.responseText);
}示例二:jQuery AJAX請求
// Change placeholder values before you run this code.
var siteUrl = 'http://server/site';
var listTitle = 'List 1';
var groupName = 'Group A';
var targetRoleDefinitionName = 'Contribute';
var groupId;
var targetRoleDefinitionId;
$(document).ready( function() {
getTargetGroupId();
});
// Get the ID of the target group.
function getTargetGroupId() {
$.ajax({
url: siteUrl + '/_api/web/sitegroups/getbyname(\'' + groupName + '\')/id',
type: 'GET',
headers: { 'accept':'application/json;odata=verbose' },
success: function(responseData) {
groupId = responseData.d.Id;
getTargetRoleDefinitionId();
},
error: errorHandler
});
}
// Get the ID of the role definition that defines the permissions
// you want to assign to the group.
function getTargetRoleDefinitionId() {
$.ajax({
url: siteUrl + '/_api/web/roledefinitions/getbyname(\''
+ targetRoleDefinitionName + '\')/id',
type: 'GET',
headers: { 'accept':'application/json;odata=verbose' },
success: function(responseData) {
targetRoleDefinitionId = responseData.d.Id;
breakRoleInheritanceOfList();
},
error: errorHandler
});
}
// Break role inheritance on the list.
function breakRoleInheritanceOfList() {
$.ajax({
url: siteUrl + '/_api/web/lists/getbytitle(\'' + listTitle
+ '\')/breakroleinheritance(true)',
type: 'POST',
headers: { 'X-RequestDigest':$('#__REQUESTDIGEST').val() },
success: deleteCurrentRoleForGroup,
error: errorHandler
});
}
// Remove the current role assignment for the group on the list.
function deleteCurrentRoleForGroup() {
$.ajax({
url: siteUrl + '/_api/web/lists/getbytitle(\'' + listTitle
+ '\')/roleassignments/getbyprincipalid(' + groupId + ')',
type: 'POST',
headers: {
'X-RequestDigest':$('#__REQUESTDIGEST').val(),
'X-HTTP-Method':'DELETE'
},
success: setNewPermissionsForGroup,
error: errorHandler
});
}
// Add the new role assignment for the group on the list.
function setNewPermissionsForGroup() {
$.ajax({
url: siteUrl + '/_api/web/lists/getbytitle(\'' + listTitle
+ '\')/roleassignments/addroleassignment(principalid='
+ groupId + ',roledefid=' + targetRoleDefinitionId + ')',
type: 'POST',
headers: { 'X-RequestDigest':$('#__REQUESTDIGEST').val() },
success: successHandler,
error: errorHandler
});
}
function successHandler() {
alert('Request succeeded.');
}
function errorHandler(xhr, ajaxOptions, thrownError) {
alert('Request failed: ' + xhr.status + '\n' + thrownError + '\n' + xhr.responseText);
}
本篇就介紹到這裏。
相關文章
- 1. SharePoint Project Server List 列表CURD操做使用rest api接口
- 2. SharePoint REST API - 列表和列表項
- 3. 對Rest api權限設計的理解
- 4. SharePoint REST api
- 5. API接口設計,rest,soap
- 6. SharePoint REST API 設置SummaryLength屬性
- 7. REST API權限集成設計
- 8. 使用REST-Assured對API接口進行自動化測試
- 9. SharePoint 2013 Search REST API 使用示例
- 10. Neo4j的Rest接口使用
- 更多相關文章...
- • 自定義TypeHandler - MyBatis教程
- • XSD 限定 / Facets - XML Schema 教程
- • RxJava操作符(十)自定義操作符
- • IntelliJ IDEA代碼格式化設置
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
歡迎關注本站公眾號,獲取更多信息
相關文章