stackoom
  简体   繁体   中英

Confusing PermMask values in SharePoint Online

 原文  2018-03-06 11:13:39       sharepoint/ sharepoint-online/ jslink

Question

I came across the PermMask values while using JSLink in SharePoint Online for checking permissions of user from the ctx.CurrentItem.PermMask

The values for different permissions aren't matching with the Microsoft's documentation, any idea what these values represent? or they have to be converted into some other format? I haven't come across these values expect for the Admin permission whose value is 0x7fffffffffffffff

0x1b03c431aef - Edit

0xb008431041 - View Only

0x1b03c4312ef - Contribute

0x1b03c5f1bff - Design

0x7fffffffffffffff - Admin

2 answers

solution1
 1  2018-12-02 10:35:35

webPermMasks are TWO 32-bit integers indicating which permissions a user has.

Each bit represents a permission. 

(_spPageContextInfo.webPermMasks.High).toString(2)
(_spPageContextInfo.webPermMasks.Low).toString(2)

Displays the bits

High & Low

In the good old days computer worked with 8 bits, which someone named a Byte.
With 8 bits (8 permissions) you can only count from 0 to 255

So to store a larger number of 16 bits (0- 32768) on an 8-bit CPU you need 2 Bytes.

We called these the High-Byte and the Low-Byte

SharePoint has 37 types of permissions

Present computers have evolved from CPUs that can handle 8-bits to 16-bits to 32-bits

Currently SharePoint has 37 different Security permissions.. which do not fit in those 32 bits

Like so many moons ago you need TWO 32-bit values to encode Permissions
Which some Microsoft engineer with common sense named the High and Low value

The SP.js library (available standard on most pages) has the information on which Permission is which bit number

Run this in the developer console: 

for (var permLevelName in SP.PermissionKind.prototype) {
    if (SP.PermissionKind.hasOwnProperty(permLevelName)) {
        var permLevel = SP.PermissionKind.parse(permLevelName);
           console.info(permLevelName,permLevel);
        }
    }
}

Note permLevel is not the value , it is the bit-number

SP.PermissionKind.openItems is bit-number 6 and thus value 2^6

If you add up all the values you get the High order and Low order integer values for Permissions.

Note permLevel for SP.PermissionKind.manageAlerts is the 39th bit

This is in the High order integer, so the value is 2^(39-31)

webPermMasks 

   _spPageContextInfo.webPermMasks.Low
   _spPageContextInfo.webPermMasks.High

Gives you 64 bits in TWO 32 bit Integers (with 37 permissions only a few are used in the High order)

indicating what Permissions the Current User has on the Current Page

All PermissionKinds (SP.PermissionsKnd.[name])

Note: This is the bit-number , not the value!

To check if someone has permissions, You have to calculate the (summed) value then binary check against the High and Low order integers. 

    viewListItems: 1
    addListItems: 2
    editListItems: 3
    deleteListItems: 4
    approveItems: 5
    openItems: 6
    viewVersions: 7
    deleteVersions: 8
    cancelCheckout: 9
    managePersonalViews: 10
    manageLists: 12
    viewFormPages: 13
    anonymousSearchAccessList: 14
    open: 17
    viewPages: 18
    addAndCustomizePages: 19
    applyThemeAndBorder: 20
    applyStyleSheets: 21
    viewUsageData: 22
    createSSCSite: 23
    manageSubwebs: 24
    createGroups: 25
    managePermissions: 26
    browseDirectories: 27
    browseUserInfo: 28
    addDelPrivateWebParts: 29
    updatePersonalWebParts: 30
    manageWeb: 31
    anonymousSearchAccessWebLists: 32
    useClientIntegration: 37
    useRemoteAPIs: 38
    manageAlerts: 39
    createAlerts: 40
    editMyUserInfo: 41
    enumeratePermissions: 63

Use in script

The SP library supplies a function to check for individual levels: 

  SP.PageContextInfo.get_webPermMasks().has( [bitnumber] );

  SP.PageContextInfo.get_webPermMasks().has( SP.PermissionKind.enumeratePermissions );

Using unused space (tales of the past)

Only a handfull of bits in the High Order integer are used by SharePoint.

Yet the database stores all 32 bits...

When we still built SharePoint Back End stuff we would use those unused bits for our own Permission scheme.

The free trials we let everyone install was actually the full blown product.
And when they bought the Licensed Product.. all it did was flip one bit in the database.

J1 iSPT

solution2
 0 ACCPTED  2018-03-07 04:17:41

It's sum of Permissions.

For example:

View Only includes below permissions. 

ViewListItems = 1
ViewVersions = 64
CreateAlerts = 549755813888
ViewFormPages = 4096
CreateSSCSite = 4194304
ViewPages = 131072
BrowseUserInfo = 134217728
UseRemoteAPIs = 137438953472
UseClientIntegration = 68719476736
Open = 65536

The sum is 756052856897=0xb008431041

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question SharePoint online Cross site lookup values Import Values in lookup Columns in Sharepoint Online using CSOM powershell Finding all of the values in a lookup field in SharePoint Online with PowerShell Saving webpart in SharePoint online SharePoint Online authentication failure WebRequest is forbidden on Sharepoint Online Sharepoint online Site Permission sharepoint online - Powerapp integration Save sharepoint online credentials? Azure Paas + SharePoint Online
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM