4

I have an app that creates a list. I'd like the app to also set the list permissions to only allow admins to make changes to the list. I know how to hide the list, but I understand that this will not prevent clever users from typing in the URL of the list and modifying it anyway.

I don't see a way of changing list permissions with JavaScript. The functions available to me for lists don't seem to allow for modification of permissions, but it's possible I overlooked the correct one(s).

Any pointers on what functions I should be looking at?

Ectropy
  • 1,533
  • 4
  • 20
  • 37
  • Is CSOM a requirement or can you use the JavaScript Object Model (JSOM) or SharePoint Web Services? – Justin Russell Jul 22 '14 at 21:31
  • JavaScript Object model is fine. Honestly I'm not entirely sure what the difference is between the two, because I've heard JSOM referred to as CSOM and vice versa. It gets confusing. Either way, anything that can be done in a SharePoint-hosted app works for me. – Ectropy Jul 23 '14 at 02:07

1 Answers1

8

How to enable unique permissions for a List object via JSOM

Use SP.SecurableObject.hasUniqueRoleAssignments property to determine whether the role assignments are uniquely defined for a List or inherited from a parent securable object.

Use SP.SecurableObject.breakRoleInheritance(copyRoleAssignments, clearSubscopes) Method to set unique role assignments for the List object.

Example

var listTitle = 'Documents';
var context = SP.ClientContext.get_current();
var list = context.get_web().get_lists().getByTitle(listTitle);   

context.load(list,'HasUniqueRoleAssignments'); 
context.executeQueryAsync(
   function(){
      var hasUniqueAssgns = list.get_hasUniqueRoleAssignments();
      if(!hasUniqueAssgns) {
         list.breakRoleInheritance(false, true);
         context.executeQueryAsync(
            function(){
                console.log('Success');
            }, 
            function(sender,args){
               console.log(args.get_message());    
            }
         );
      }
   }, 
   function(sender,args){
      console.log(args.get_message());    
   }
);

How to grant custom permissions for a List object via JSOM

The following example demonstrates how to break role inheritance for a List object and grant Full Control permissions for a current user

Example

var listTitle = 'Documents';
var context = SP.ClientContext.get_current();
var list = context.get_web().get_lists().getByTitle(listTitle);   
var currentUser = context.get_web().get_currentUser();

list.breakRoleInheritance(false, true); // break role inheritance first!

var roleDefBindingColl = SP.RoleDefinitionBindingCollection.newObject(context);
roleDefBindingColl.add(context.get_web().get_roleDefinitions().getByType(SP.RoleType.administrator));
list.get_roleAssignments().add(currentUser, roleDefBindingColl);

context.executeQueryAsync(
   function(){
      console.log('Success');
   }, 
   function(sender,args){
      console.log(args.get_message());    
   }
);
Vadim Gremyachev
  • 57,952
  • 20
  • 129
  • 193
  • Should this work on a list in the hostweb of an app? It gives me an access denied error when I try a modified version of the second code that refers to an list in the hostweb. – Ectropy Jul 23 '14 at 14:36
  • Ok. This _does_ work in an app, but _only if_ you're willing to give the app Full Control permissions. Otherwise the app will get an access denied error message. Unfortunately Microsoft won't allow apps with Full Control permissions in their marketplace, so if you're planning on submitting your app to the marketplace, you can't have it change permissions on a list in the hostweb. – Ectropy Jul 23 '14 at 15:36
  • 1
    Expanding upon what I said in my previous comment--I expect that Vadim's examples will work fine if you're modifying a list in the same web as the app. – Ectropy Jul 23 '14 at 15:46