2

How to get the current user permission role of a folder (or file) with MS Graph Api ?

I try : https://graph.microsoft.com/[v1.0 or beta]/drives/[driveId]/items/[itemId]/permissions

but the role array is empty for all but the owner one...

I would like to show the user a specific icon if it can read or write in a folder.

Thx

--Edit 1--

the user didn't have direct permission to the folder but he is in a security group who have the read role.

the user can read (open) any information from that folder, i just need something to know if he can read AND write (or not) in the folder.

When i try to write without the good permission i got an 403 error, i whould like to know "before" that error that the user couldn't write on that folder..

--Edit 2---

I try all that the doc say : https://learn.microsoft.com/en-us/graph/api/permission-get?view=graph-rest-1.0&tabs=http

GET /drives/{drive-id}/items/{item-id}/permissions/{perm-id} => Roles empty

GET /groups/{group-id}/drive/items/{item-id}/permissions/{perm-id} => Security groups didn't have any drive

GET /me/drive/items/{item-id}/permissions/{perm-id} => Item (folder) is not in the user drive

GET /sites/{site-id}/drive/items/{item-id}/permissions/{perm-id} => it's not a sharepoint site

GET /users/{user-id}/drive/items/{item-id}/permissions/{perm-id} => Roles empty

What i don't understand is that i can read, list, add and remove file (if i have the write role) without any problem, but i can't see the roles list..

-- Edit 3 --

If you want to reproduce the pb foolow this :

  • Create a user in Azure Active Directory (AAD), add to it a Microsoft Office 365 licence (in my case business) named "User1"

  • Create a folder in it Onedrive for Business named "Shared"

  • Create in AAD a Security group's (let named it "Readers")

  • Share the previous folder with the "Readers" group and make it read only (in my case I use the onedrive online site to do that)

  • Create in AAD an other User (with or without a licence) named "User2"

  • Add it to the "Readers" group

Now, Go to Graph Explorer and type in this url in the input textbox :

https://graph.microsoft.com/v1.0/drives/[driveId of User1]/items/[itemId of "Shared" folder]/Permissions

you should get this result :

{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#drives('...')/items('...')/permissions",
"value": [        
    {
        "id": "...",
        "roles": [], 
        "grantedTo": {
            "user": {
                "displayName": "Readers"
            }
        }
    },
    {
        "id": "...",
        "roles": [
            "owner"
        ],
        "grantedTo": {
            "user": {
                "email": "user1@mydomain.com",
                "id": "...",
                "displayName": "User1"
            }
        }
    }
]

}

Has you can see, the first roles array is empty, but the owner roles array is not..

Dadv
  • 324
  • 2
  • 17
  • If the roles array is empty that means there is no permission assigned to other users other than owner. Please try [adding permission](https://learn.microsoft.com/en-us/graph/api/driveitem-invite?view=graph-rest-1.0&tabs=http#http-request-1) for a user/users and then try to get the permission. – Shiva Keshav Varma Nov 01 '20 at 07:46
  • thx for your answer, that true, the "user" didn't have any permission for is account, but he is inside a security group that have read permission on this folder. it why i can have the other informations (like the name of the user and group that can read or write in this folder) but the only think that is missing is the "rorle" array who is empty... – Dadv Nov 01 '20 at 10:48
  • Have you tried with group id checking for permissions, I mean getting permissions for group id? – Shiva Keshav Varma Nov 03 '20 at 10:10
  • Yes and security groups didn't have any drive, the drive belong to an other user that have make some permissions on it for security groups. Show my Edit 2 – Dadv Nov 03 '20 at 13:28
  • Could you please let us know which scenario are you using, either Delegated or Application permissions and are you using any MSA account or Work/school account? – Shiva Keshav Varma Nov 05 '20 at 15:34
  • I'll try to give you a context, look at my Edit 3 – Dadv Nov 06 '20 at 18:33

0 Answers0