Get Item Level Security using SharePoint WebServices - sharepoint

I am able to get the Permissions associated with a List or a Site using Permissions.GetPermissionCollection (ObjectName, ObjectType). The ObjectType parameter will accept either a Site or a List. Is there any way with the out-of-the-box webservices to get the Permissions associated with a ListItem?
I mean if I have NOT inherited the List permissions and have specified a set of specific permissions to a List Item or a document in a document Library then how can I get the permissions specified?

The answer is the same as for documents. See the question Permission for a SharePoint document using MOSS web services.
You cannot with the out-of-the-box web services but there is a custom web service available for free download and source code.

Related

Security Query for the Users ina SharePoint Site

I am updating a SharePoint 2007 solution to SharePoint 2013. The solution creates a list of permissions for each site in a site collection. In SharePoint 2007 I used SOAP to query the ROLE object and got back the Groups and Users security objects for a site. In SharePoint 2013 ROLE and SOAP is deprecated. I am trying to use the REST API to recreate the solution. I am able to get the groups object for each site, but I am unable to find the way to get the Users security object for the sites. I can get Site Users for the site collection and get the Users in a SharePoint Group, but I find no way to get the Users Security Object for a site. Has anyone been able to accomplish get the Users for a site?
Sample REST api to check user permission for site.
You need encode the URL from(suppose your use default NTLM authentication)
/_api/web/getusereffectivepermissions(#user)?#user='i:0#.w|contoso\userb'
TO
/_api/web/getusereffectivepermissions(#user)?#user='i%3A0%23.w%7Ccontoso%5Cuserb'
About the return value, check below thread.
http://www.lifeonplanetgroove.com/checking-user-permissions-from-the-sharepoint-2013-rest-api/?doing_wp_cron=1449727796.2080190181732177734375

Retrieving SharePoint site author and permissions through Graph API

I would like to retrieve Sharepoint subsites authors & permissions (public or private, and if private : allowed groups/members), preferably using Graph API.
For Outlook Groups and Teams sites, I can use endpoints /groups/<groupID>, /groups/<groupID>/owners and /groups/<groupID>/members to achieve that, but it seems that there is no equivalent for sites created through the following process:
Load "root site" https://<yourdomain>.sharepoint.com
Click on "Site contents" > "New" > "Subsite"
The only "interesting" Graph API endpoint I found yet, is /sites/root/sites/<siteID>/lists, returning some site metadata (collections of data like "master pages", "designs"...), along with a createdBy structure (containing a user.id property) for each of those collections.
However, using it would look hacky, a "direct" property/structure author or owners would be preferable. Moreover, the /sites/.../lists endpoint is only available in beta version of the API (has somebody any info on its release date ?), and still, that does not tells me which users are allowed to view the site.
Attempts with other APIs like this one did not provide any closer info to what I need.
Thanks for any piece of advice.
SharePoint has site collections > sites > lists > folders > items. By default each object inherits permissions from its parent, but you can break inheritance at any level. So in order to get a complete picture of the permissions a subsite has, you will need to enumerate every object inside that subsite (lists, folder, items) and check if it inherits permissions from its parent or not. As far as I know Microsoft Graph doesn't expose an API that lets you do this, but you can instead use SharePoint CSOM (client side object model) or SharePoint REST APIs.

How to retrieve data from SharePoint?

I have a web application. When the user clicks on a button in my web application, I'd like to retrieve data from SharePoint on behalf of the user. I have read quite a few articles on SharePoint but I'm still not sure how to proceed. Should I create a provider hosted SharePoint App and use the SharePointREST API? Thank you in advance for your help.
You don't need to create a Provider to use the SharePoint Rest Services.
Quoting http://msdn.microsoft.com/en-us/library/office/jj164022(v=office.15).aspx :
One advantage of using REST is that you don’t have to add references to any SharePoint 2013 libraries or client assemblies. Instead, you make HTTP requests to the appropriate endpoints to retrieve or update SharePoint entities, such as webs, lists, and list items. See Get started with the SharePoint 2013 REST service for a thorough introduction to the SharePoint 2013 REST interface and its architecture.
Inside the page you will find videos and code examples that will help you to connect and execute operations.
It's Correct. Data in SharePoint is Stored in Lists or Libraries (to files).
You can use the Client Object Model, to get data remotely from a SharePoint Server (on-premise or Online). The Client Object Model can be used through Assemblies (DLL files) or REST services provided by SharePoint. Generally you should know the location of the data you are going to get, that is, as I initially mentioned, the data in SharePoint are stored in Lists or Libraries, therefore you must know the name of the List or Library Additional Site or Sub-site of the List or Library is.
If the name of the list where the information is stored is "employees" and the HR website, the URL could be formed as follows:
http://spserver.company.com/HR/Employees
For REST services, simply complete URL of the list you want to see, so that you retrieve the information from the list. If you want to apply filters, sorting, to retrieve specific columns, you must do it through CAML queries which the add on REST service call.

Create AND add user to sharepoint site via code

I'm curious about the best/most efficient way to do this.
I've already set up my sharepoint 2010 site, and it is configured to use FBA. What i'd like to do is allow users to create their own accounts by filling out a form (the form will sit on a public sharepoint site, and filling it out creates a user in the membership database which is used for validation to enter the FBA sharepoint site).
I'm familiar with using the asp CreateWizard tool to build user accounts as part of a .Net web application, but I'm not sure on how to develop this as a webpart for use in a sharepoint site, as a webpart doesn't have the config file to store connection string and membership/role provider info.
Can this user creation form be put in a webpart and deployed to other sites, or is there another/better way to add this functionality to sharepoint (allowing users to register/create their own FBA accounts for access)?
There's nothing not much difference between SharePoint and regular ASP.Net for this.
The membership provider will need to be configured in the SharePoint web.config, including connection strings. However, it does not actually need to be used for login, so you can still create users in that membership provide from a different site.
I use a slightly different approach though - set up an anonymously accessible page in your site (in layouts is probably easiest, though a page within a site may be better for branding) and put controls on that page to create (and log in) a new user. You will need to call EnsureUser and possibly CreateUserProfile to give the new user access to anything, but aside from that it's all standard .net.

Program custom permission level

Can i program custom base permission level? There are many available in SPBasePermissions like
UseRemoteAPIs Use SOAP, WebDAV, or Microsoft Office SharePoint Designer 2007 interfaces to access the Web site.
ViewFormPages View forms, views, and application pages, and enumerate lists.
ViewListItems View items in lists, documents in document libraries, and view Web discussion comments.
However i want to make a custom one, something like:
EditItemsAssignedToMe + ViewItemsAssignedToMe + view/edit items i created.
Still finding my way out to allow users view and edit items created by them or assigned to them.
OOTB you don't have the fine-grained control and can only assign a certain set of permissions as defined on technet and this blog article.
However programmatically you can create a new SPRoleDefinition and assign it the appropriate permissions based on the SPBasePermissions enumeration as per this blog article. You might also want to read this short guide on the basics of SPBasePermissions.
If you want to go even further though and emulate the OOTB behaviour with your own custom permission set try Implementing Custom Security Rights in SharePoint.

Resources