1. 获取当前用户信息(current user):
var currentUserInfo = "{0}/_api/Web/CurrentUser"; // {0} -> web Absolute Url
返回的数据:
2. 获取站点权限信息(site permission):
var sitePermissionsInfo = "{0}/_api/Web/roleassignments?$expand=RoleDefinitionBindings,Member&$select=Member/Title,Member/Id,Member/IsHiddenInUI,Member/PrincipalType,RoleDefinitionBindings/Name,RoleDefinitionBindings/Order,Member/Users,Member/Groups&$filter=Member/IsHiddenInUI eq false&$orderby=Member/Title"; // {0} -> web Absolute Url
返回的数据与在站点 Site Permissions 页面看到的信息一样,此处有以下两点信息需要注意:
(1) user类型的 PrinciplalType 值为1,user group类型的 PrincipalType 值为8,domain group类型的 PrincipalType值为4;
(2) RoleDefinitionBindings中的 Order属性标识了该权限在站点集的 Permission Levels 中的位置顺序,Order值 从1 开始,详情可参考此页;默认情况下,站点自有权限级别Full Control 的 Order 为1;自定义的权限级别Order值都非常大,可通过 /_api/web/RoleDefinitions 来查看站点的权限级别,示例数据可参考下图;
3. 获取站点所有用户(site users):
var siteUsersInfo = "{0}/_api/Web/siteusers?$filter=IsHiddenInUI eq false and PrincipalType eq 1&$orderby=Title"; // {0} -> web Absolute Url
返回的数据与 /_layouts/15/people.aspx?MembershipGroupId=0 中的数据类似,此时不仅可以获取用户的 Title, Email, LoginName 及 Id,还可以通过 IsSiteAdmin 来得知该用户是否是 site collection administrator,也可以通过 IsHiddenInUI 来得知该用户是否是隐藏用户,而且,此处需要注意的是,返回的数据不仅包含当前站点的所有用户,还包括子站点的用户,甚至包含域用户(比如:sharepointsystem, NT AUTHORITYLOCAL SERVICE等):
4. 获取站点所有用户组(site groups):
var siteGroupsInfo = "{0}/_api/web/roleassignments/groups?$filter=IsHiddenInUI eq false and PrincipalType eq 8&$orderby=Title desc"; // {0} -> web Absolute Url
返回的数据如下,注意,此处返回的user groups指的是当前站点(web)下的用户组,并不包含子站点(sub site)的用户组;
5. 获取 列表/文档库 权限信息(list or library permission):
var listPermissionURI = "{0}/_api/Web/Lists(guid'{1}')?$expand=RoleAssignments/Member,RoleAssignments/RoleDefinitionBindings&$select=Title,Id,RoleAssignments/Member/Title,RoleAssignments/Member/Id,RoleAssignments/Member/IsHiddenInUI,RoleAssignments/Member/PrincipalType,RoleAssignments/RoleDefinitionBindings/Name,RoleAssignments/RoleDefinitionBindings/Order,RoleAssignments/Member/Users,RoleAssignments/Member/Groups,HasUniqueRoleAssignments&$filter=RoleAssignments/Member/IsHiddenInUI eq false&$orderby=RoleAssignments/Member/Title desc"; // {0} -> web Absolute Url, {1} -> GUID of list/library, ------------------ $filter doesn't work, $orderby doesn't work
返回的数据如图,和site permission的数据结构类似,内容就是在 List Permission或Library Permission页面看到的内容;(我的代码中,$filter和$orderby不起作用,可能是由于层级太多导致的,比如 RoleAssignments/Title就可以起作用,但达到三个层级 RoleAssignments/Member/Title时就不再起作用了)
6. 获取文件夹权限信息(folder permission):
var folderPermissionInfo = "{0}/_api/Web/GetFolderByServerRelativeUrl('{1}')/ListItemAllFields?$expand=RoleAssignments/Member,RoleAssignments/RoleDefinitionBindings&$select=RoleAssignments/Member/Title,RoleAssignments/Member/Id,RoleAssignments/Member/PrincipalType,RoleAssignments/RoleDefinitionBindings/Name,RoleAssignments/RoleDefinitionBindings/Order,HasUniqueRoleAssignments"; //{0} -> web Absolute Url, {1} -> server-relative url of folder
返回的数据如下,与列表权限的数据结构几乎一致;但是,此种方法不能用作获取Library权限信息;
7. 获取文件权限信息(file permission):
var filePermissionInfo = "{0}/_api/Web/GetFileByServerRelativeUrl('{1}')/ListItemAllFields?$expand=RoleAssignments/Member,RoleAssignments/RoleDefinitionBindings&$select=RoleAssignments/Member/Title,RoleAssignments/Member/Id,RoleAssignments/Member/PrincipalType,RoleAssignments/RoleDefinitionBindings/Name,RoleAssignments/RoleDefinitionBindings/Order,HasUniqueRoleAssignments"; //{0} -> web Absolute Url, {1} -> server-relative url of file
返回的数据如下,与文件夹权限的数据结构一致;
8. 获取用户组中的用户信息(users in a group):
var usersInGroupInfo = "{0}/_api/Web/SiteGroups/GetById({1})/Users?$orderby=Title"; //{0} -> web Absolute Url, {1} -> group ID
返回的数据如下,
9. 检查 站点、列表、文档库、文件夹或文件是否有独立权限:
var uniquePermissionOfSite = "{0}/_api/Web/HasUniqueRoleAssignments"; //{0} -> web Absolute Url var uniquePermissionOfList = "{0}/_api/Web/Lists(guid'{1}')/HasUniqueRoleAssignments"; // {0} -> web Absolute Url, {1} -> guid of list/library var uniquePermissionOfFolder = "{0}/_api/Web/GetFolderByServerRelativeUrl('{1}')/ListItemAllFields/HasUniqueRoleAssignments"; //{0} -> web Absolute Url, {1} -> server-relative url of folder var uniquePermissionOfFile = "{0}/_api/Web/GetFileByServerRelativeUrl('{1}')/ListItemAllFields/HasUniqueRoleAssignments"; //{0} -> web Absolute Url, {1} -> server-relative url of file
10. 根据 Id 获取 用户、用户组,根据Id获取用户所处用户组,以及根据Id获取用户组中的用户;
//get user by id, {0} is web absolute url, {1} is user id {0}/gb0acb/_api/Web/GetUserById({1}) //get groups of a user, {0} is web absolute url, {1} is user id {0}/_api/Web/GetUserById({1})/groups //get group by id, {0} is web absolute url, {1} is group id {0}/_api/Web/sitegroups({1}) //get users in a group, {0} is web absolute url, {1} is group id {0}/_api/Web/SiteGroups/GetById({1})/Users
11.