Tuesday, December 28, 2021

Get User Permissions From SharePoint Group In PowerApps: Part 4

Hello Friends.

Welcome back in the User Permissions series. In previous post, we had added HTTP request for fetching list permissions and then parsed the output in JSON. Links of past 3 posts are-

  1. Get User Permissions From SharePoint Group In PowerApps: Part 1
  2. Get User Permissions From SharePoint Group In PowerApps: Part 2
  3. Get User Permissions From SharePoint Group In PowerApps: Part 3
In this post, we will process the output we had received to-
  1. Capture the PrincipalId (MembershipGroupId)
  2. Get Member for this PrincipalId (to get the Group Name)
  3. Get RoleDefinitionBinding for this PrincipalId to get the Group Permissions
  4. Get Users assigned to this PrincipalId (SharePoint group)
  5. Parse these Users output
Continuing from last post-
  1. Add new step "Set variable" and rename it "Set intPrincipalId". Here set the value of intPrincipalId variable with PrincipalId from JSON  (Parse JSON Role Assignments).
  2. The moment you add it, Power Automate will cover it under "Apply to each" process because, the JSON we received may have more than 1 result set.
  3. Rename the title to "For Each Role Assignment". I am renaming every step to make it more readable. It is nothing else to do with except when we will use any output from it using Dynamic Expression window, we would be able to find out easily.
  4. Now we will use another HTTP request to get the name of this SharePoint group. However, it is not much more required. We are just using it to get the SharePoint group name to which user belongs to. For this, add another "Send an HTTP request to SharePoint" action and rename it as "HTTP SharePoint Group". Input-
  5. Site Address: select the site url
  6. Method: GET
  7. Uri: _api/Web/Lists/GetByTitle('@{outputs('Compose_ListName')}')/RoleAssignments/GetByPrincipalId(@{variables('intPrincipalId')})/Member
  8. Add another action "Set variable". Rename it to "Set strSharePointGroupName" and set the strSharePointGrounName variable to-
  9. body('HTTP_SharePoint_Group')?['d']?['Title']
    
  10. You will get this value directly as we are not parsing the output of HTTP SharePoint Group. For this you need to add this as expression-
  11. Save the flow.
  12. Now, we will fetch the permissions assigned to this group. For this, again use another "Send an HTTP request to SharePoint" and rename it to "HTTP RoleDefinitionBindings".
  13. Site Address: select the site url
  14. Method: GET
  15. Uri: _api/Web/Lists/GetByTitle('@{outputs('Compose_ListName')}')/RoleAssignments/GetByPrincipalId(@{variables('intPrincipalId')})/RoleDefinitionBindings
  16. Save the flow and execute it to get the output of this request so that we can parse it.
  17. This time, I had clicked on Automatically instead of Manually as we had already provided the input earlier, therefore, we will use the last triggered data. So, click on Test, then choose Automatically, then ""With a recently used trigger". It show us last triggers. Choose the first one or the second one as per your wish. No difference.
  18.  
  19. Now click on Test.
  20. Wow! It executed successfully. Now expand the "For Each Role Assignment" action as well as the "HTTP Role DefinitionBindings" action. Traverse the clicking on Next link to check it any definition has multiple permissions-
  21.  
  22. Copy the results section as highlighted below-
  23. "body": {
            "d": {
                "results": [
                    {
                        "__metadata": {
                            "id": "https://XXXX.sharepoint.com/sites/YYYY/_api/Web/RoleDefinitions(1073741829)",
                            "uri": "https://XXXX.sharepoint.com/sites/YYYY/_api/Web/RoleDefinitions(1073741829)",
                            "type": "SP.RoleDefinition"
                        },
                        "BasePermissions": {
                            "__metadata": {
                                "type": "SP.BasePermissions"
                            },
                            "High": "2147483647",
                            "Low": "4294967295"
                        },
                        "Description": "Has full control.",
                        "Hidden": false,
                        "Id": 1073741829,
                        "Name": "Full Control",
                        "Order": 1,
                        "RoleTypeKind": 5
                    },
                    {
                        "__metadata": {
                            "id": "https://XXXX.sharepoint.com/sites/YYYY/_api/Web/RoleDefinitions(1073741830)",
                            "uri": "https://XXXX.sharepoint.com/sites/YYYY/_api/Web/RoleDefinitions(1073741830)",
                            "type": "SP.RoleDefinition"
                        },
                        "BasePermissions": {
                            "__metadata": {
                                "type": "SP.BasePermissions"
                            },
                            "High": "432",
                            "Low": "1011030767"
                        },
                        "Description": "Can add, edit and delete lists; can view, add, update and delete list items and documents.",
                        "Hidden": false,
                        "Id": 1073741830,
                        "Name": "Edit",
                        "Order": 48,
                        "RoleTypeKind": 6
                    },
                    {
                        "__metadata": {
                            "id": "https://XXXX.sharepoint.com/sites/YYYY/_api/Web/RoleDefinitions(1073741827)",
                            "uri": "https://XXXX.sharepoint.com/sites/YYYY/_api/Web/RoleDefinitions(1073741827)",
                            "type": "SP.RoleDefinition"
                        },
                        "BasePermissions": {
                            "__metadata": {
                                "type": "SP.BasePermissions"
                            },
                            "High": "432",
                            "Low": "1011028719"
                        },
                        "Description": "Can view, add, update, and delete list items and documents.",
                        "Hidden": false,
                        "Id": 1073741827,
                        "Name": "Contribute",
                        "Order": 64,
                        "RoleTypeKind": 3
                    }
                ]
            }
        }
    
  24. Don't worry, if no group has multiple permissions. If it has single permission, then just copy paste the "{...}" section just before the closing square bracket "]" by adding a comma to the closing curly bracket "}".
  25. Now add Parse JSON action and rename it to Parse RoleDefinitionBindings. Add the body of previous HTTP request in Content section and use the above highlighted content to create the schema using Generate from sample.
  26. This way, we have parsed SharePoint Group permissions. Now the last information we want to fetch is the list of users belongs to this group. Again use HTTP request and Parse JSON. I am just giving screenshots below by expecting that you are now aware how to use this actions.
  27. HTTP Action: HTTP Users
  28. Site: select the site url
  29. Method: GET
  30. Uri: _api/Web/SiteGroups/GetById(@{variables('intPrincipalId')})/Users
  31.  
  32. Save and execute to get the output.
  33. Edit and add Parse JSON action. Rename it to Parse Users.
  34. This way we have completed Part 4. In last part Part 5, we will apply for each loop on this Parse Users output to check if the requested user belongs to it, we will save the permissions and other information in variable.
With this, I am concluding this post.
Happy Coding !!!
Will see you again with some new topics.

Stay Safe !
Stay Healthy !

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.