Tuesday, November 5, 2013

How to Check User permission for the web, list or SharePoint Item in SharePoint JavaScript Object Model

Normally we need to perform tasks such as

  • Does current user is admin on the site
  • Does current user has list edit permissions
  • etc

SharePoint provides a method called doesUserHavePermissions to perform that. First of all we need to know how SharePoint defines User roles by assigning permission levels  such as Full Control, Contributor , design and etc.

For an example site admin is assigned by Full Control which is a composite of few permission items we called as permission kind.

Full Control - http://office.microsoft.com/en-001/windows-sharepoint-services-help/permission-levels-and-permissions-HA010100149.aspx

You can get all permission kind by http://msdn.microsoft.com/en-us/library/ee556747(v=office.14).aspx

Example One

Assume that we want to check whether current user is a admin of the site. For that we need to check user has  manageWeb permission kind. (actually we need to check other permission kinds assign to full control as well but if user has manage web it is more likely user can perform admin tasks, in my other example i will show how to check multiple permission kinds)

var ctx = new SP.ClientContext.get_current();
var web = context.get_web();
 
var ob = new SP.BasePermissions();
ob.set(SP.PermissionKind.manageWeb)
 
var per = web.doesUserHavePermissions(ob)
ctx.executeQueryAsync(
     function(){ 
          alert(per.get_value()); // If this is true user has permision if not no 
        },
     function(a,b){
         alert ("Something wrong");
 }
);
 

Example Two – Check multiple permission kinds


In here I'm going to check manageweb and managePermissions.



var ctx = new SP.ClientContext.get_current();
var web = context.get_web();
 
var ob = new SP.BasePermissions();
ob.set(SP.PermissionKind.manageWeb)
ob.set(SP.PermissionKind.managePermissions)
 
var per = web.doesUserHavePermissions(ob)
ctx.executeQueryAsync(
     function(){ 
          alert(per.get_value()); // If this is true user has permision if not no 
        },
     function(a,b){
         alert ("Something wrong");
 }
);

You can find REST interface here. http://msdn.microsoft.com/EN-US/library/office/jj245877.aspx

Post a Comment