使用MS Graph REST API,我可以检索与我共享的driveItem。这些“远程” driveItem的权限包括一个将我标识为用户的权限。但是,该Permission对象中没有“ Roles”(具体地说,“角色”列表中有零个条目)。
我尝试查看RemoteItem属性,但是这些属性不包含任何安全信息。
确定该特定DriveItem的用户权限是什么的正确方法是什么?
到目前为止,我已经使用C#MSGraph SDK进行了测试,发现与我共享的所有项目的角色列表都为空。
我还使用了在线Graph Explorer,并确定它是正确的。
当我使用Graph Explorer检索实际项目时,请在MSFT的此示例代码段中注意以下内容:
{
"id": "aTowIy5mfG1lbWJlcnNoaXB8YWxleHdAbTM2NXgyMTQzNTUub25taWNyb3NvZnQuY29t",
"roles": [],
"grantedTo": {
"user": {
"email": "AlexW@M365x214355.onmicrosoft.com",
"id": "4782e723-f4f4-4af3-a76e-25e3bab0d896",
"displayName": "Alex Wilber"
}
}
},
(没有列出用户的角色?)
由于我的用户已在检索到的实际DriveItem的许可之一中明确列出,因此我希望角色也可以指定我的访问/实际许可。
答案 0 :(得分:0)
以下端点:
GET /drives/{remoteItem-driveId}/items/{remoteItem-id}/permissions
在permissions上返回共享DriveItem resource
结果
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#drives('b%21IZJbPb0BjUKDAjMnMOSRf44bwdRO75NGunQibG16o65AcVUi0kiOSZ9k4-NxVd6C')/items('01H24BBVK3QUEPTCR2MNB3HMLTNUZINN54')/permissions",
"value": [
{
"id": "c0594808-fbbb-4c56-9b62-bc37307a2424",
"roles": [
"write"
],
"link": {
"scope": "anonymous",
"type": "edit",
"webUrl": "https://contoso-my.sharepoint.com/:w:/g/personal/jdoe_contoso_onmicrosoft_com/EVuFCPmKOmNDs7FzbTKGt7wBxdHHpbjDMOzy3_ng2KHCAQ"
}
},
{
"id": "8a03ff0b-5196-4585-b8a9-4d95115e10c2",
"roles": [
"read"
],
"link": {
"scope": "anonymous",
"type": "view",
"webUrl": "https://contoso-my.sharepoint.com/:w:/g/personal/jdoe_contoso_onmicrosoft_com/EVuFCPmKOmNDs7FzbTKGt7wB8wPZsfAqSd-IQYE337GDjg"
}
},
{
"id": "aTowIy5mfG1lbWJlcnNoaXB8dmdyZW1AbWVkaWFkZXY4OC5vbm1pY3Jvc29mdC5jb20",
"roles": [
"owner"
],
"grantedTo": {
"user": {
"email": "jdoe@contoso.onmicrosoft.com",
"id": "1ee49b6f-4632-4806-a4dd-e065844f9cd1",
"displayName": "Jon Doe"
}
}
}
]
}
下面的示例演示如何通过Permissions resource打印msgraph-sdk-dotnet Roles属性:
var item = await graphClient.Drives[driveId].Items[itemId].Request().Expand("Permissions").GetAsync();
foreach (var permission in item.Permissions)
{
var roleNames = String.Join(", ", permission.Roles.ToArray());
Console.WriteLine(roleNames);
}