none
Using get_currentuser fails when user doesn't have permissions. RRS feed

  • Question

  • Hi,

    I have some javascript in Sharepoint 2013 to get the current user:

    var clientContext = SP.ClientContext(siteUrl);
    var web = clientContext.get_web();
    var user = web.get_currentUser()

    This works fine if the user is an owner of the root site however for normal Read Only users we get the error:

    Access denied. You do not have permission to perform this action or access this resource.

    How can i run this script to work under a user with minimal access.

    Regards

    Sunday, December 18, 2016 9:49 PM

All replies

  • Hi Simon,

    Since the JavaScript in a page will run under the current user’s context, if the current user has no proper permissions, then there will be an “Access Denied”.

    A workaround is, create a farm solution(Visual Web Part) which can be set to run with elevated privilege, then users with Read Only permissions can be able to perform actions which requires higher privilege.

    Best regards,

    Patrick Liang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, December 19, 2016 2:45 AM
    Moderator
  • Hi Simon,

    Since the JavaScript in a page will run under the current user’s context, if the current user has no proper permissions, then there will be an “Access Denied”.

    A workaround is, create a farm solution(Visual Web Part) which can be set to run with elevated privilege, then users with Read Only permissions can be able to perform actions which requires higher privilege.

    Best regards,

    Patrick Liang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Hi,

    I am not a sharepoint developer so i'm unsure how to make a Visual Web Part.

    I am a little surprised that such a powerful function as get_currentuser only works if you have full privileges. Doesn't that defeat the purpose of it? Is there another way i can get the current user without needing elevated privileges.

    Regards.

    Monday, December 19, 2016 3:54 AM
  • Well, try to use SharePoint Add-In.

    You can give permission to App at site and list level.

    Check the below detail article.

    http://sharepointpromag.com/office-365/2-basics-know-about-sharepoint-online-app-permissions

    App can run on all environment i.e. on premises and o365.

    Check this as well.

    https://msdn.microsoft.com/en-us/pnp_articles/app-only-elevated-privileges-sharepoint-add-in


    http://www.abdulazizfarooqi.wordpress.com Abdul Aziz Farooqi [BizTalk & SharePoint Consultant] MCPD Web & MCPD SharePoint 2010

    Monday, December 19, 2016 4:41 AM
  • Hi Simon,

    Any update about AbdulAzizFarooqi's reply? The SharePoint add-in way should also be able to achieve what you want.

    Best regards,

    Patrick


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, December 26, 2016 1:47 AM
    Moderator
  • Hi,

    I asked our developer to have a look and he used the webapi to achieve what we wanted.

    In essence the call was similar to this to return the data then we processed:

          var userid= _spPageContextInfo.userId;
          var requestUri = _spPageContextInfo.webAbsoluteUrl + "/_api/web/getuserbyid(" + userid + ")";

    Regards.

    Monday, January 9, 2017 8:31 AM
  • Hi Simon,

    If you simply want to get something like the “Login name” of the current user, for a user with “View Only” permission on the site, the code below working with JavaScript Client Object Model should also work:

    <script type="text/javascript">
    ExecuteOrDelayUntilScriptLoaded(init,'sp.js');
    
    var currentUser;
    function init(){
        this.clientContext = new SP.ClientContext.get_current();
        this.oWeb = clientContext.get_web();
        currentUser = this.oWeb.get_currentUser();
        this.clientContext.load(currentUser);
        this.clientContext.executeQueryAsync(Function.createDelegate(this,this.onQuerySucceeded), Function.createDelegate(this,this.onQueryFailed));
    }
    
    function onQuerySucceeded() {
        
        console.log(currentUser.get_loginName());
    }
    
    function onQueryFailed(sender, args) {
        console.log('Request failed. \nError: ' + args.get_message() + '\nStackTrace: ' + args.get_stackTrace());
    }
    </script>

    Best regards,

    Patrick Liang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Tuesday, January 10, 2017 5:00 AM
    Moderator