I need users of an SPFX webpart to be able to make permission changes on a site collection on SPO. Elevated permissions etc.
a way to enable SPFX client side webparts to run with elevated permissions?
@cardinalpipkin this "create an item which calls a workflow/flow" is actually an example =)
Well ok, let me elaborate:
- There is a list Customers which is read-only for a user
- As an elevation scenario a user should update Customer's status
- There is another Actions list where a user can add items into it
- In an app, for changing a status a user creates a "signal" item in Actions
- On item creation in Actions list, a Flow/WF/Webhook* is triggered
- What is triggered checks is an author has "rights" to update a status and if so, updates Customer's item using permissions elevation step/etc.
Is it possible to get user photos from the graph without having my SPFX web part needing to be authorised by admin? I guess I need clarification on this:
By default, the service principal has no explicit permissions granted to access the Microsoft Graph. However, if you request an access token for the Microsoft Graph, you get a token with the user_impersonation permission scope that can be used for reading information about the users (that is, User.Read.All).
Source: https://docs.microsoft.com/en-us/sharepoint/dev/spfx/use-msgraph#available-permission-scopes
The problem I have is that I'm working with an NHS (Health Service) client in the UK - they use the government's Hybrid 365 offering, which melds NHS Mail with Office 365. The central administration / azure stuff is all handled by Accenture, so I don't have easy access to any of that. Its possible to apply via their desk to have something approved but its such a pain and if there's a way to avoid it I'm all ears...
All I want are profile photos. I am finding /_layouts/15/userphoto.aspx?size=L&username=workemailhere a bit unreliable. https://outlook.office365.com/owa/service.svc/s/GetPersonaPhoto?email=workemailhere works - but I'm finding that if users haven't opened Outlook OWA in addition to SharePoint - the images don't necessarily load. Same thing with Delve.
Any help most appreciated!
Hi Team. I'm having a problem when trying to retrieve information from a list on sharepoint. The following code was working correctly before, and works on my colleague's machine.
async function getUserIDs (sprequest,spInfo) {
const credentialOptions = {
username: spInfo.sp_user,
password: spInfo.sp_password
}
const spr = sprequest.create(credentialOptions)
const tableInfo = 'GetByTitle(\'delimitados_qas\')//items?'
const selectParams = `U_ID,Title,Subinfotipo`
return await spr.get(spInfo.sp_url + tableInfo + selectParams)
}I'm using the correct credentials, but i'm receiving this error:
Error: <s:Fault>
<s:Code>
<s:Value>s:Sender</s:Value>
<s:Subcode>
<s:Value xmlns:a="http://docs.oasis-open.org/ws-sx/ws-trust/200512">a:FailedAuthentication</s:Value>
</s:Subcode>
</s:Code>
<s:Reason>
<s:Text xml:lang="en-US">MSIS7068: Access denied.</s:Text>
</s:Reason>
<s:Detail>
<IssuanceAuthorizationFault xmlns="http://schemas.microsoft.com/ws/2009/12/identityserver/" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"/>
</s:Detail>
</s:Fault>
at c:\Users\flor_active_msg\node_modules\node-sp-auth\lib\src\utils\AdfsHelper.js:32:23
This is the code I used:
const { SPPull } = require('sppull');
const context = {
siteUrl: "http://contoso.sharepoint.com/subsite",
creds: {
username: "user@contoso.com",
password: "Password",
online: true
}
};
const options = {
spRootFolder: "Shared%20Documents/Contracts",
dlRootFolder: "./Downloads/Contracts"
};
/*
- All files will be downloaded from http://contoso.sharepoint.com/subsite/Shared%20Documents/Contracts folder
- to __dirname + /Downloads/Contracts folder.
- Folders structure will remain original as it is in SharePoint's target folder.
*/
SPPull.download(context, options)
.then((downloadResults) => {
console.log("Files are downloaded");
console.log("For more, please check the results", JSON.stringify(downloadResults));
})
.catch((err) => {
console.log("Core error has happened", err);
});
Hi @Burnfireblaze,
Thanks for the interest in the libraries.
This is the error^
This looks as if you were provided a wrong creds or a wrong strategy.
Is it SharePoint Online or Onprem?
sp-download examples
https://github.com/koltyakov/sp-download#minimal-setup-typescript
It's just it. There could be no other examples. sp-download is a bare minimal one use case lib and cli.
In tests, there is a bit more, https://github.com/koltyakov/sp-download/blob/master/test/integration/tests.spec.ts, yet in terms of examples it's the same exactly pattern.
sppull
The different examples can be checked in the manual tests https://github.com/koltyakov/sppull/tree/master/test/manual
Or in integration tests.
While you're experiencing the issues with a straightforward scenario which just works for others, my guess you're providing a wrong path to site or folder or file, or wrong creds or strategy.
Please check this wiki for the auth strategies https://github.com/s-KaiNet/node-sp-auth/wiki
I'd suggest separating a possible issues by checking auth first - https://github.com/koltyakov/node-sp-auth-troubleshoot - this project setup allows quickly check if auth works. Don't try populating config manually, but use the wizard and then check what the private.json ended up with.
node-sp-auth package and I am hoping to get some help here hopefully.The issue is that when calling the
getAuth() with client_id and client_secret only, everything seems to be working ok (in that I don't get any errors back), but when the promise resolves, the access token comes back as undefined, so the "headers" object looks like this: {'Authorization': 'Bearer undefined'}.Do you have any idea as to why this could be happening? Also worth mentioning that I have been observing this behavior only since yesterday, and that my integration was working fine before.
