博客地址:http://blog.csdn.net/FoxDave
SharePoint网站、列表和列表项都属于SecurableObject类型。默认情况下,一个安全对象继承父级的权限。对一个对象设置自定义权限,你需要打破它从父级的继承,通过增删role assignments来自定义权限。
本篇同样会以代码示例来说明如何在列表上设置自定义权限,然后再更改一个组的权限。该示例使用REST服务来:
>获取目标组的ID。该示例通过目标组的ID来获取当前列表上的组所具有的角色绑定,并向列表添加新的角色。
>获取为组定义的新的权限的角色定义的ID,该ID用来向列表添加新的角色。该示例使用已存在的角色定义来定义新的角色,当然你也可以选择创建一个新的角色定义。
>使用BreakRoleInheritance方法打破列表上的权限继承。该示例打破了列表的权限继承并保留当前的权限设置。(在打破权限继承的时候,也可以选择不保留当前的设置而只把当前用户添加到管理权限级别。)
>通过发送DELETE方法请求到role assignment端点来移除列表上的组当前的role assignment。(如果你在打破权限继承的时候没有保留现有设置,可以忽略此步。)
>使用AddRoleAssignment方法向组添加一个role assignment到目标列表,该操作会将组绑定到一个角色定义并将该角色添加到列表上。
前置条件
>SharePoint开发环境
>带有Office Developer Tools的Visual Studio 2013或更高版本
此外还需要设置Add-in在网站范围内的完全控制权限,只有具有足够权限来更改列表权限的用户(如网站所有者)可以执行这个add-in。
示例:使用REST接口在列表上自定义权限
下面的示例展示了一个SharePoint承载的Add-in中的App.js文件的内容。第一个示例使用JavaScript跨域库来构建和发送HTTP请求,第二个示例使用jQuery AJAX请求。在你执行代码之前,需要把占位符的值替换成真实的值。
示例一:跨域库请求
'use strict'; // Change placeholder values before you run this code. var listTitle = 'List 1'; var groupName = 'Group A'; var targetRoleDefinitionName = 'Contribute'; var appweburl; var hostweburl; var executor; var groupId; var targetRoleDefinitionId; $(document).ready( function() { //Get the URI decoded URLs. hostweburl = decodeURIComponent(getQueryStringParameter("SPHostUrl")); appweburl = decodeURIComponent(getQueryStringParameter("SPAppWebUrl")); // Load the cross-domain library file and continue to the custom code. var scriptbase = hostweburl + "/_layouts/15/"; $.getScript(scriptbase + "SP.RequestExecutor.js", getTargetGroupId); }); // Get the ID of the target group. function getTargetGroupId() { executor = new SP.RequestExecutor(appweburl); var endpointUri = appweburl + "/_api/SP.AppContextSite(@target)/web/sitegroups/getbyname('"; endpointUri += groupName + "')/id" + "?@target='" + hostweburl + "'"; executor.executeAsync({ url: endpointUri, method: 'GET', headers: { 'accept':'application/json;odata=verbose' }, success: function(responseData) { var jsonObject = JSON.parse(responseData.body); groupId = jsonObject.d.Id; getTargetRoleDefinitionId(); }, error: errorHandler }); } // Get the ID of the role definition that defines the permissions // you want to assign to the group. function getTargetRoleDefinitionId() { var endpointUri = appweburl + "/_api/SP.AppContextSite(@target)/web/roledefinitions/getbyname('"; endpointUri += targetRoleDefinitionName + "')/id" + "?@target='" + hostweburl + "'"; executor.executeAsync({ url: endpointUri, method: 'GET', headers: { 'accept':'application/json;odata=verbose' }, success: function(responseData) { var jsonObject = JSON.parse(responseData.body) targetRoleDefinitionId = jsonObject.d.Id; breakRoleInheritanceOfList(); }, error: errorHandler }); } // Break role inheritance on the list. function breakRoleInheritanceOfList() { var endpointUri = appweburl + "/_api/SP.AppContextSite(@target)/web/lists/getbytitle('"; endpointUri += listTitle + "')/breakroleinheritance(true)?@target='" + hostweburl + "'"; executor.executeAsync({ url: endpointUri, method: 'POST', headers: { 'X-RequestDigest':$('#__REQUESTDIGEST').val() }, success: deleteCurrentRoleForGroup, error: errorHandler }); } // Remove the current role assignment for the group on the list. function deleteCurrentRoleForGroup() { var endpointUri = appweburl + "/_api/SP.AppContextSite(@target)/web/lists/getbytitle('"; endpointUri += listTitle + "')/roleassignments/getbyprincipalid('" + groupId + "')?@target='" + hostweburl + "'"; executor.executeAsync({ url: endpointUri, method: 'POST', headers: { 'X-RequestDigest':$('#__REQUESTDIGEST').val(), 'X-HTTP-Method':'DELETE' }, success: setNewPermissionsForGroup, error: errorHandler }); } // Add the new role assignment for the group on the list. function setNewPermissionsForGroup() { var endpointUri = appweburl + "/_api/SP.AppContextSite(@target)/web/lists/getbytitle('"; endpointUri += listTitle + "')/roleassignments/addroleassignment(principalid=" + groupId; endpointUri += ",roledefid=" + targetRoleDefinitionId + ")?@target='" + hostweburl + "'"; executor.executeAsync({ url: endpointUri, method: 'POST', headers: { 'X-RequestDigest':$('#__REQUESTDIGEST').val() }, success: successHandler, error: errorHandler }); } // Get parameters from the query string. // For production purposes you may want to use a library to handle the query string. function getQueryStringParameter(paramToRetrieve) { var params = document.URL.split("?")[1].split("&"); for (var i = 0; i < params.length; i = i + 1) { var singleParam = params[i].split("="); if (singleParam[0] == paramToRetrieve) return singleParam[1]; } } function successHandler() { alert('Request succeeded.'); } function errorHandler(xhr, ajaxOptions, thrownError) { alert('Request failed: ' + xhr.status + '\n' + thrownError + '\n' + xhr.responseText); }示例二:jQuery AJAX请求
// Change placeholder values before you run this code. var siteUrl = 'http://server/site'; var listTitle = 'List 1'; var groupName = 'Group A'; var targetRoleDefinitionName = 'Contribute'; var groupId; var targetRoleDefinitionId; $(document).ready( function() { getTargetGroupId(); }); // Get the ID of the target group. function getTargetGroupId() { $.ajax({ url: siteUrl + '/_api/web/sitegroups/getbyname(\'' + groupName + '\')/id', type: 'GET', headers: { 'accept':'application/json;odata=verbose' }, success: function(responseData) { groupId = responseData.d.Id; getTargetRoleDefinitionId(); }, error: errorHandler }); } // Get the ID of the role definition that defines the permissions // you want to assign to the group. function getTargetRoleDefinitionId() { $.ajax({ url: siteUrl + '/_api/web/roledefinitions/getbyname(\'' + targetRoleDefinitionName + '\')/id', type: 'GET', headers: { 'accept':'application/json;odata=verbose' }, success: function(responseData) { targetRoleDefinitionId = responseData.d.Id; breakRoleInheritanceOfList(); }, error: errorHandler }); } // Break role inheritance on the list. function breakRoleInheritanceOfList() { $.ajax({ url: siteUrl + '/_api/web/lists/getbytitle(\'' + listTitle + '\')/breakroleinheritance(true)', type: 'POST', headers: { 'X-RequestDigest':$('#__REQUESTDIGEST').val() }, success: deleteCurrentRoleForGroup, error: errorHandler }); } // Remove the current role assignment for the group on the list. function deleteCurrentRoleForGroup() { $.ajax({ url: siteUrl + '/_api/web/lists/getbytitle(\'' + listTitle + '\')/roleassignments/getbyprincipalid(' + groupId + ')', type: 'POST', headers: { 'X-RequestDigest':$('#__REQUESTDIGEST').val(), 'X-HTTP-Method':'DELETE' }, success: setNewPermissionsForGroup, error: errorHandler }); } // Add the new role assignment for the group on the list. function setNewPermissionsForGroup() { $.ajax({ url: siteUrl + '/_api/web/lists/getbytitle(\'' + listTitle + '\')/roleassignments/addroleassignment(principalid=' + groupId + ',roledefid=' + targetRoleDefinitionId + ')', type: 'POST', headers: { 'X-RequestDigest':$('#__REQUESTDIGEST').val() }, success: successHandler, error: errorHandler }); } function successHandler() { alert('Request succeeded.'); } function errorHandler(xhr, ajaxOptions, thrownError) { alert('Request failed: ' + xhr.status + '\n' + thrownError + '\n' + xhr.responseText); }本篇就介绍到这里。