Click here to Skip to main content
Click here to Skip to main content
Go to top

User Permissions in SharePoint-hosted App

, 8 May 2013
Rate this:
Please Sign up or sign in to vote.
This tip demonstrates user permissions in SharePoint-hosted apps in SharePoint 2013 with attention to a multiple user scenario.

Introduction

This tip demonstrates user permissions in SharePoint-hosted apps in SharePoint 2013 with attention to a multiple user scenario. It also tries to populate selective items from a SharePoint site to a SharePoint-hosted app.

Background

While I was teaching SharePoint 2013, I noticed that participants were always intrigued by how apps would react to a multiple-user scenario and what the user permissions would be like. So I have tried to put together this scenario in this document with three dummy users. The names used in this article are imaginary and resemblance to any personalities is purely coincidental.

Using the Code

The Dummy Users

I have a team-site called Office Services whose primary administrator is a user called administrator. There are two dummy users that we would be referring to in this tip:

  1. Anne Wallace
  2. Alan Steiner

The SharePoint Lists Permissions

The names of the lists might sound little strange but I have used those names in order to keep the permissions story simple. The list name basically shows the user associated. So I have created two custom lists in my team site:

  1. Anne List

    This list will display currencies. The administrator and the group called Anne have permissions on this list. For this, a new group called Anne was created and only Anne Wallace was added to this particular group. No permissions are granted to Alan for this list.

  2. Alan List

    This list will display countries. The administrator and a group called Alan have permissions on this list. For this, a new group called Alan was created and only Alan Steiner was added to this particular group. No permissions are granted to Anne for this list.

SharePoint-hosted App Magic

Now let’s take a look at how an app would treat this if we login as some other user (other than administrator who is the super user). So we build a SharePoint hosted app – I have called it SharePointApp_MultiUser. You will see this name on the screen where you have all the apps listed. So let’s talk about what our app does and how we have tried to achieve this. The app simply displays the titles of elements in both these SharePoint lists in the app itself. So basically what we are trying to do is retrieve the data from these SharePoint lists and display in our app. We will make REST call for this and since it is a SharePoint-hosted app, everything will be client side scripting. No server side code can be used here. The default.aspx page has been kept simple with an area to display Anne List and Alan list – as shown in the code snippet below:

<asp:Content ContentPlaceHolderID="PlaceHolderMain" runat="server">

    <div>
        <p id="countriesDiv">
            <!-- The following content will hold the 
            countries names when you run the app - see App.js -->
            Countries from Alan's List
        </p>
        <p id="currenciesDiv">
            <!-- The following content will hold the 
            currencies names when you run the app - see App.js -->
            Currencies from Anne's List
        </p>
    </div>

</asp:Content> 

We have to also include a reference to App.js. All our client-side code will reside in App.js file. In the JavaScript file, we have two objects called Countries and Currencies for my lists. The implementation of both the objects is exactly the same, so I’ll explain one of those.

JavaScript Object - Countries

The Countries object has two properties:

  • Element - This is the HTML element on the page where our data will be displayed. It is initialized in the Init method.
  • url – This is the URL which specifies the data that you are getting from the SharePoint site. So in our case, we want to get the titles of Alan List. Hence we specify the name of the list in the URL and the title also in the query string:
"Countries.url = _spPageContextInfo.webAbsoluteUrl + 
"/_api/site/rootweb/lists/getByTitle('Alan%20List')/items?$select=Title";"

It has four methods:

  • Init – Initializes the values of element and URL
  • Load – Specifies the call to the SharePoint site. This is where the GET method and the headers are specified. It also mentions the success and failure attributes
  • onSuccess – If the method is successful, the data retrieved is displayed in an HTML table
  • onError – If the method fails, it displays the message – You do not have permissions to view this list

AppManifest.xml

The next most important thing that we do before deploying our app is to set the required permissions in the appManifest.xml. AppManifest is a very important entity with respect to the app model in SharePoint. This is the place where all the information about the app resides. So whenever the app tries to access the parent site or any other resource, it has to be specified in the appManifest.xml. If the required permissions are not specified in the appManifest file, your app will not behave in the desired manner and throw an exception. This is actually quite similar to the AppManifest file story in Windows 8 apps or Windows Phone 8 apps for that matter; if you have done any kind of app programming there.

<AppPrincipal>
    <Internal />
  </AppPrincipal>
  <AppPermissionRequests>
    <AppPermissionRequest Scope="http://sharepoint/content/sitecollection" Right="Write" />
  </AppPermissionRequests>
</App>"

So we are done with our coding and now let’s deploy and test our code. The app is successfully deployed using Visual Studio.

  1. Open Internet Explorer as a different user. Enter the credentials for administrator who is the primary owner of the team site. Enter the URL of the team site Office Services and launch the Multi user app. You get to see both the lists on the screen.
  2. Open Internet Explorer as a different user. Enter the credentials for Alan Steiner who has permissions on Alan’s list but does not have any permission on Anne’s list. Enter the URL of the team site Office Services and launch the Multi user app. You get to see only the countries which are coming from Alan’s list. You also see an error message which states – “You do not have permissions to view this list”. This second error message is for Anne’s list.
  3. Open Internet Explorer as a different user. Enter the credentials for Anne Wallace who has permissions on Anne list but has no permission on Alan list. Enter the URL of the team site Office Services and launch the multi user app. You get to see only the currencies which are coming from Anne list. You also see an error message which states – “You do not have permissions to view this list”. This error message is for Alan list.

History

  • 6th May, 2013: Initial version

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Share

About the Author

neham_2000

India India
No Biography provided

Comments and Discussions

 
GeneralMy vote of 4 PinmemberAnupama_Agarwal15-Jun-13 8:14 
GeneralRe: My vote of 4 Pinmemberneham_20009-Jul-13 12:51 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Mobile
Web04 | 2.8.140922.1 | Last Updated 8 May 2013
Article Copyright 2013 by neham_2000
Everything else Copyright © CodeProject, 1999-2014
Terms of Service
Layout: fixed | fluid