2

I'm trying to retrieve the current user's permissions for a list but I keep getting an emptyMask result, even when my current user account is a Site Collection Admin.

function getListUserEffectivePermissions (){
    var account = 'domain\\myaccount';
    var endpointUrl = _spPageContextInfo.webServerRelativeUrl + "/_api/web/lists/getbytitle('My Library')/getusereffectivepermissions(@u)?@u='"+account+"'";
    return $.ajax({
        url         : endpointUrl,
        dataType    : 'json',
        headers     : { 'accept': 'application/json;odata=verbose' }
    });
}

function parseBasePermissions (value){
    var permissions = new SP.BasePermissions();
    permissions.initPropertiesFromJson(value);
    var permLevels = [];
    for(var permLevelName in SP.PermissionKind.prototype) {
        if (SP.PermissionKind.hasOwnProperty(permLevelName)) {
            var permLevel = SP.PermissionKind.parse(permLevelName);
            if(permissions.has(permLevel)){
                  permLevels.push(permLevelName);
            }
        }     
    }
    return permLevels;   
}

getListUserEffectivePermissions().done(function(data){
    var roles = parseBasePermissions(data);
    console.log(roles); 
});

A quick explanation of the code:

  • Retrieving information for library "My Library"
  • Retrieving permissions for user: "account"
  • When completed, it compares the results to the SP.PermissionKind object
  • prints results

I'm pretty sure that the values being passed in for "My Library" and account are correct. If I change the account to a user name not present in my SharePoint instance I get

{"error":{"code":"-2130575276, Microsoft.SharePoint.SPException","message":{"lang":"en-US","value":"The user does not exist or is not unique."}}}

When I use my own account name I just get:

["emptyMask"]

And the responseText I get is:

{"d":{
    "GetUserEffectivePermissions":{
        "__metadata":{
            "type":"SP.BasePermissions"
        },
        "High":"0",
        "Low":"0"
     }
}}

Can anyone tell me what I'm doing wrong?

jasonscript
  • 325
  • 2
  • 4
  • 17

2 Answers2

3

I had two problems.

  • The first was my username
  • The second was trying to parse the result into a Permissions object

I was using my login name in the form of domain\user but we're using claims authentication so my user name needed to be i:0#.w|domain\user

For example: i:0#.w|stackoverflow\jasonscript

Once I corrected the issue with my username, I started getting more relevant results

{"d":{"
    GetUserEffectivePermissions":{
       "__metadata":{"type":"SP.BasePermissions"},
       "High":"432",
       "Low":"1011028583"
    }
}}

However, I still couldn't parse this into usable permissions.

I ended up scrapping the REST approach and reverting back to JSOM. This seemed to have the benefit of automatically parsing the results so that I could check which permissions were in place using the has method:

checkListPermissions(myUserName).done(function(userPermissionResults){
    console.log('has addListItems? : ' + userPermissionResults.has(SP.PermissionKind.addListItems));
    console.log('has editListItems? : ' + userPermissionResults.has(SP.PermissionKind.editListItems));
    console.log('has deleteListItems? : ' + userPermissionResults.has(SP.PermissionKind.deleteListItems));
});

function checkListPermissions(userAccount) {
    var deferred = $.Deferred();

    var clientContext = SP.ClientContext.get_current();
    var spList = clientContext.get_web().get_lists().getByTitle('Draft Documents');
    var userPermissions = spList.getUserEffectivePermissions(userAccount);

    clientContext.executeQueryAsync(
        Function.createDelegate(this, function (){ deferred.resolve(userPermissions); }), 
        Function.createDelegate(this, function (sender, args){ deferred.reject(sender, args); })
    );

    return deferred.promise();
}
jasonscript
  • 325
  • 2
  • 4
  • 17
2

Regarding REST approach:

Since you are getting the proper result from GetUserEffectivePermissions endpoint, below is demonstrated how to parse SP.BasePermissions value: 

var data = {
    "d": {
        "GetUserEffectivePermissions": {
            "__metadata": { "type": "SP.BasePermissions" },
            "High": "432",
            "Low": "1011028583"
        }
    }
};

where

function parseBasePermissions (value){
    var permissions = new SP.BasePermissions();
    permissions.initPropertiesFromJson(value);
    var permLevels = [];
    for(var permLevelName in SP.PermissionKind.prototype) {
        if (SP.PermissionKind.hasOwnProperty(permLevelName)) {
            var permLevel = SP.PermissionKind.parse(permLevelName);
            if(permissions.has(permLevel)){
                  permLevels.push(permLevelName);
            }
        }     
    }
    return permLevels;   
}

Usage

var roles = parseBasePermissions(data.d.GetUserEffectivePermissions);
console.log(roles);

Result

["emptyMask", "viewListItems", "addListItems", "editListItems", "openItems", "viewVersions", "managePersonalViews", "viewFormPages", "open", "viewPages", "createSSCSite", "browseDirectories", "browseUserInfo", "addDelPrivateWebParts", "updatePersonalWebParts", "useClientIntegration", "useRemoteAPIs", "createAlerts", "editMyUserInfo"]
Vadim Gremyachev
  • 42,498
  • 3
  • 86
  • 167
  • 1
    Turns out it was a simple mistake. The line I had wrong was parseBasePermissions(data.d.GetUserEffectivePermissions);. I was only passing data instead of data.d.GetUserEffectivePermissions. My original code is working now – jasonscript Jul 30 '15 at 01:42
  • 1
    @Vadim Gremyachev is there way to parse it without js libraries? https://stackoverflow.com/questions/51897160/how-to-parse-getusereffectivepermissions-sharepoint-response-in-java – gstackoverflow Aug 17 '18 at 14:09
  • @gstackoverflow, definitely! Indeed, in the provided example there is a dependency to SharePoint JSOM API capabilities to parse it, will get back some later today with "independent" version – Vadim Gremyachev Aug 17 '18 at 14:28