Share via


SharePoint 2013: How to Check User Permission with REST API

Introduction:

In this article, we explore how to check whether the login user has full permission or not using the SharePoint 2013 REST API.

We wanted to avoid using JSOM and do everything with REST. Fortunately, we understand that you must rely on JSOM for certain things. In this case, JSOM has the SP.BasePermissions type with methods for combining sets of permissions. This type is defined in SP.js. JSOM also exposes the types of permissions as a basic integer enumeration as SP.PermissionKind. This enumeration is defined in SP.Runtime.js. We still could not figure out how to get the high and low values for the permission. We knew what the values were supposed to be for the EditLisitItems permission. Looking at the permission in debug view we noticed the values were exposed by the typical nonsensical property names $4_1 and $5_1. Whenever you set the permission with a permission kind the JSOM function will bit-shift the values and re-calculate the high and low values.

Normally we need to perform tasks such as:

SharePoint provides a method called doesUserHavePermissions to do that. First of all, we need to understand how SharePoint defines user roles by assigning permission levels such as Full Control, Contributor, design and so on.

For example, a site admin is assigned by Full Control that is a composite of a few permission items we call the permission kind.

Full ControlPermission levels and permissions

Example:

Assume that we want to check whether the current user is an admin of the site. For that, we need to check that the user has the manageWeb permission kind. (Actually we need to check whether other permission kinds are assigned full control as well but if the user has to manage web permission then it is more likely the user can perform admin tasks. In the other example we will show how to check the full permission kinds).

 

function getUserWebPermissionREST() { 
  
 //Permission for admin to show or hide the entries on memory board using ShowOnHomePage Field 
 var perm = new SP.BasePermissions(); 
 perm.set(SP.PermissionKind.manageWeb); 
 $.ajax({ 
 url: _spPageContextInfo.webAbsoluteUrl + "/_api/web/doesuserhavepermissions(@v)?@v={'High':'" + perm.$4_1.toString() + "', 'Low':'" + perm.$5_1.toString() + "'}", 
 type: "GET",  
 headers: { "accept":  "application/json;odata=verbose"  }, 
 success: function  (data) { 
 var d = data.d.DoesUserHavePermissions; 
  
 if (d === true) { 
 //Show Check Box if Full Control 
 } 
 else { 
 //hide Check Box 
 } 
  
 }, 
 error: function  (err) { 
 alert(JSON.stringify(err)); 
 } 
  
 }); 
}