Managing Role Assignments/Permissions with SharePoint REST Part2

In my last post I described many of the REST endpoints available in SharePoint to manage role assignments. In this post, I will provide a concrete example of using these endpoints in a provisioning-like scenario. I say provision-like because real provisioning scenarios tend to be very specific and one-offs (i.e. I need 7 sites, each with 5 lists and 3 groups, based on a naming convention by organization, and these permissions, and blah and blah and blah). Such specific requirements can’t be written into a one size fits all solution, so I’m just going to mimic them by creating a whole bunch of role assignments, and then deal with some of the issues of initiating a bunch of ajax calls in a short period of time.

Continue reading “Managing Role Assignments/Permissions with SharePoint REST Part2”

Managing Role Assignments/Permissions with SharePoint REST

To assign permissions in SharePoint, you make one or more role assignments, which requires three things:

 
  • Some kind of handle for a securable object. That’s basically a site, list, library, folder, document, or item.
  • The principal id for something to which roles can be assigned. That’s either an Active Directory user or security group, or a SharePoint group.
  • The id of a role definition. Like ‘Full Control’ or ‘Edit’ or ‘Contribute’. This is basically a named collection of granular permissions that are defined at the site collection root and can be assigned to a securable object in that site collection.
In this post, I’m going to explain the REST service calls required in order to make role assignments to SharePoint securable objects. I will show the calls using jQuery’s ajax (because I’m working through them in the console and the console won’t resolve promises). I’ll follow up with a post with some demo code pulling it all together and probably using fetch.

Continue reading “Managing Role Assignments/Permissions with SharePoint REST”

A Fetch-based CORS Wrapper for SharePoint REST

In this post, I’m going to create a better CORS Wrapper for SharePoint REST operations, and demonstrate using it for CRUD operations on a Picture library. First, I want to remove the dependency of jQuery, using fetch instead. As I covered in a previous post, Ugly SPA Revisited using Fetch and REST, fetch is new enough and implementations are spotty enough, even in evergreen browsers, that I will need to polyfill fetch and ES6 promise in order to support a reasonable cross-section of browsers.
 
By implementing the full range of CRUD operations on document libraries, we’ll have an opportunity to see if there are other issues that need to be addressed in our wrapper. My last post really only did one simple REST operation across CORS boundaries.

Continue reading “A Fetch-based CORS Wrapper for SharePoint REST”

An Accordion View, Custom List View Display Templates (CSR)

Implementing CSR display templates as a custom list view is one of my favorite things about Client-side Rendering in SharePoint. The reasons are twofold:
 
  1. First, we take full control of the view. We’re not just rendering some little piece (i.e. one field) of a form about which we’re not supposed to know anything.
  2. Even better, the deployment for this is very simple, in fact, it can be done entirely through the OOB SharePoint user interface…sort of!
The devil’s in the details and every SharePoint developer-related topic seems to include a “sort of”, but still custom list view display templates in SharePoint are pretty cool.

Continue reading “An Accordion View, Custom List View Display Templates (CSR)”

Tabbed Forms with Client-side Rendering (CSR)

In this post, we’re going to look at how to implement tabbed forms using CSR. Unlike our previous examples of field rendering, which generally depend on only one field, tabbed forms are going to depend on all fields in the form. For this reason, it makes sense that we’re going to inject our JavaScript by setting the JSLink property of a content type. Content types are, after all, basically just a collection of fields. There are some gotchas’, or at least things you should be aware of when setting the JSLink on a content type, which I’ll cover as I get to them.
 
Giving credit where it’s due, the code for this rendering template is an adaption of a tabbed forms rendering template that is available in the Office Developer Center samples for Client-side Rendering. I’ve included a link to that article in the references below. Like most tutorials, deployment is left up to you in that article, and it’s assumed you’ll just add content editors to your forms to get the script loaded. I’ll include a utility for setting the JSLink property on a content type, which is a much better solution with some caveats.

Continue reading “Tabbed Forms with Client-side Rendering (CSR)”

Determining the Permissions of the Current User with REST

In this post I’m going to show how to determine the current user’s permissions using the SharePoint REST API. This is going to be a little different because I’m just going to run some commands in the JavaScript console, so this is mostly going to be a bunch of screenshots. But since you can’t very well copy and paste from my screenshots, I’ve also included all of the commands I’m going to run in a code block at the bottom of this post.

Continue reading “Determining the Permissions of the Current User with REST”

Ugly SPA Revisited using Fetch and REST

In my last post I talked about the REST service calls of what I said at the time was possibly the ugliest SPA of all time. I wanted to do it with no dependencies, which means interacting with XMLHttpRequest directly, and that isn’t anybody’s idea of pretty. No dependencies also means no promises, and once you’ve programmed with promises for a while, working without them on networking code feels like a step backwards. In this post I’m going to rewrite the ugly SPA with the following changes:
 
  • I’m going to use fetch for all REST calls. fetch is the future, or so they tell me. And it gives me a comfortable promises-based API.
  • I’m also going to use “odata=nometadata” for all of my REST calls. As I mentioned in my last post, this may not work in a SharePoint 2013 environment unless Service Pack 1 has been installed and changes have been made to the SharePoint web.config to support JSON light. So if you’re on 2013 and it doesn’t support JSON light, you need to use “odata=verbose” as shown in my previous post.
As I work through the code, I’ll point out differences between “odata=nometadata” and “odata=verbose”. There really aren’t that many differences.

Continue reading “Ugly SPA Revisited using Fetch and REST”

CRUD Operations for SharePoint Docs Using REST

In this post, I’m going to show how to do basic CRUD (Create, Read, Update, and Delete) operations with documents and SharePoint RESTful web services. Along the way, I’m going to flesh out possibly the world’s ugliest SPA (single page application). I’m only going to talk about the parts of the code that deal with Ajax and the RESTful web services, but I’ll attach the complete source. It’s a wiki page, so you can just drop it in a document library and open it to see how it works (it does try to work with a picture library with a title of Pictures in the current site, if you don’t have one, you can either create one or change the listTitle variable to be the title of another picture library in your site).

Continue reading “CRUD Operations for SharePoint Docs Using REST”

A Full-Fledged Client-side Rendering (CSR) Template, a Rating Field

In this post I’m going to write a more full-fledged CSR implementation, in that I’ll do the rendering and override template behaviors to deal with that rendering. It will be a simple rating field that let’s the user rate an item with a value from one to ten. I’m also going to override most of what you might want to override when implementing a display template to modify a form field, as in the NewForm, EditForm, DisplayForm, View, and OnPreRender callbacks plus Validation.
 
So far, all of the CSR display templates I’ve shown for modifying form fields have been fairly evil. At least from Microsoft’s point of view. The reason is that I haven’t actually rendered anything, I’ve let SharePoint do the rendering and then manipulated the DOM afterward. In general, Microsoft would say, if you didn’t render it, don’t touch it. I can see their point, but then again if SharePoint gets me 80% of my customers requirements and I have to hack it a bit to get the other 20%, I’m not too proud.

Continue reading “A Full-Fledged Client-side Rendering (CSR) Template, a Rating Field”

Dynamic CSR (Client-side Rendering) Templates

As in, write the template once, drop it on the site, and then allow administrators to apply it to appropriate fields based on SPFieldType, in the browser, without ever having to edit a JavaScript file. So when I first started learning CSR, I was looking for it to be a replacement for custom field types from SharePoint 2010. But it isn’t really that. If I created an Autocomplete custom field type and deployed it, an administrator could then go through the browser and create as many instances of that field type as they wanted. But with CSR, the fields to which it applies are hard-coded in the JavaScript, which means if an administrator wants to apply a template to another field, she has to open the JavaScript and modify it. That’s not really comparable to custom fields. In this post, I’m going to show a utility page which implements what I’m calling Dynamic CSR, whereby an administrator can apply a template to a site column through the browser without even having to know that it’s implemented in a JavaScript file.

Continue reading “Dynamic CSR (Client-side Rendering) Templates”

Posts navigation

1 2
Scroll to top