This Post is about SharePoint JSOM and RESt and how SharePoint deals with FullMask Permission in Client Side Object Mode and what means High and Low Properties in BasePermission Object on SharePoint Object Model.
This topic was first talked and promissed in the following post:
How to Convert REST Call to SharePoint JSOM Object (ECMAScript)when we configure permission of user permission it is possible to define some type of permissions templates to users or some Web Object like "UserCustomActions", the same way we do with declarative XML.
But when i was making and my SharePoint App "SharePoint App Processlynx Custom Action and Ribbon Manager Launch" and was validating the permission field found out that FullMask is not really FullMask.... here are my findings.
Here are the results about the “BasePermissions” Issue in SharePoint Client Object Model (SP.BasePermissions) and REST:
This are the values of all possible “PermissionKinds” im SCOM (split in two parts – the low and high “PermissionKinds”) :
For the low “PermissionKinds” from 1 to 32:
01: 0000000001: 000000000000000000000000000000
02: 0000000002: 000000000000000000000000000001
03: 0000000004: 000000000000000000000000000010
04: 0000000008: 000000000000000000000000000100
05: 0000000016: 000000000000000000000000001000
06: 0000000032: 000000000000000000000000010000
07: 0000000064: 000000000000000000000000100000
08: 0000000128: 000000000000000000000001000000
09: 0000000256: 000000000000000000000010000000
10: 0000000512: 000000000000000000000100000000
12: 0000002048: 000000000000000000010000000000
13: 0000004096: 000000000000000000100000000000
17: 0000065536: 000000000000001000000000000000
18: 0000131072: 000000000000010000000000000000
19: 0000262144: 000000000000100000000000000000
20: 0000524288: 000000000001000000000000000000
21: 0001048576: 000000000010000000000000000000
22: 0002097152: 000000000100000000000000000000
23: 0004194304: 000000001000000000000000000000
24: 0008388608: 000000010000000000000000000000
25: 0016777216: 000000100000000000000000000000
26: 0033554432: 000001000000000000000000000000
27: 0067108864: 000010000000000000000000000000
28: 0134217728: 000100000000000000000000000000
29: 0268435456: 001000000000000000000000000000
30: 0536870912: 010000000000000000000000000000
31: 1073741824: 100000000000000000000000000000
65: 0000065535: 000000000000000111111111111111
And for the high “PermissionKinds” from 33 to 64:
37: 0000000016: 000000000000000000000000001000
38: 0000000032: 000000000000000000000000010000
39: 0000000064: 000000000000000000000000100000
40: 0000000128: 000000000000000000000001000000
41: 0000000256: 000000000000000000000010000000
63: 1073741824: 100000000000000000000000000000
65: 0000032767: 000000000000000011111111111111
As you can see the “FullMask” don’t cover all permissions. In the low “PermissionKinds”, the permissions from “Open” to “ManageWeb” and in the high PermissionKinds, the permission “EnumeratePermissions”, are not included.
The “FullMask” should be like this to cover all “PermissionKinds”:
65: 2147483647: 111111111111111111111111111111
To only cover all now available permissions, the “FullMask” could be also like this:
For the low “PermissionKinds”:
65: 2147425279: 111111111111111000110111111111
And for the high “PermissionKinds”:
65: 1073742320: 100000000000000000000011111000
In the (Server) SharePoint Object Model (Not Client) everything is correct:
0000000000000000001: 000000000000000000000000000000
0000000000000000002: 000000000000000000000000000000
0000000000000000004: 000000000000000000000000000000
0000000000000000008: 000000000000000000000000000000
0000000000000000016: 000000000000000000000000000000
0000000000000000032: 000000000000000000000000000000
0000000000000000064: 000000000000000000000000000000
0000000000000000128: 000000000000000000000000000000
0000000000000000256: 000000000000000000000000000000
0000000000000000512: 000000000000000000000000000000
0000000000000002048: 000000000000000000000000000000
0000000000000004096: 000000000000000000000000000000
0000000000000008192: 000000000000000000000000000000
0000000000000065536: 000000000000000000000000000000
0000000000000131072: 000000000000000000000000000000
0000000000000262144: 000000000000000000000000000000
0000000000000524288: 000000000000000000000000000000
0000000000001048576: 000000000000000000000000000000
0000000000002097152: 000000000000000000000000000000
0000000000004194304: 000000000000000000000000000000
0000000000008388608: 000000000000000000000000000000
0000000000016777216: 000000000000000000000000000000
0000000000033554432: 000000000000000000000000000000
0000000000067108864: 000000000000000000000000000000
0000000000134217728: 000000000000000000000000000000
0000000000268435456: 000000000000000000000000000000
0000000000536870912: 000000000000000000000000000000
0000000001073741824: 000000000000000000000000000000
0000000002147483648: 000000000000000000000000000000
0000000068719476736: 000000000000000000000000001000
0000000137438953472: 000000000000000000000000010000
0000000274877906944: 000000000000000000000000100000
0000000549755813888: 000000000000000000000001000000
0000001099511627776: 000000000000000000000010000000
4611686018427387904: 100000000000000000000000000000
9223372036854775807: 111111111111111111111111111111
In the “Microsoft.SharePoint.Client.
In the function “Set”:
In the function “Set”:
And in the function “Has”:
So the possible value of “FullMask” must be increased for the high values from 32767 to 2147483647 and for the low values also from 65535 to 2147483647 to cover all permissions or for the high values from 32767 to 1073742320 and for the low values also from 65535 to 2147425279 to cover only the now available permissions.
Only then the “PemisionKind FullMask” will really cover all available permissions.
But maybe Microsoft for security reasons limited this values....
Thanks to my colleague “Selim Gezgin” for collecting all this info about this topic.
Kind regards,
Andre Lage
But maybe Microsoft for security reasons limited this values....
Thanks to my colleague “Selim Gezgin” for collecting all this info about this topic.
Kind regards,
Andre Lage
No comments:
Post a Comment