Skip to content

Latest commit

 

History

History
176 lines (106 loc) · 8.67 KB

README.md

File metadata and controls

176 lines (106 loc) · 8.67 KB

Governor Sharing

Summary

SPFx WebPart shows documents which have been (explicitly) shared within a SharePoint site or Team.

It does this by using the following steps:

  • Issueing a Search Query (KQL) against the Graph API to retrieve documents where the managed property SharedWithUsersOWSUSER contains a value
  • Iterate through the result of the search query to get the permissions (e.g. sharing information) per file (/permissions endpoint of driveItems on GraphAPI)
  • Show the results in a ShimmeredDetailsList and the Pagination control for paging the results
  • By selecting a document and clicking on the Sharing Settings button will open the Manage Access pane for further review of the sharing

Here is an example with a list of shared documents, with a clear distinction when they are shared with external users (notice the tooltip & icon in front of the document) Example Image

When you want to know more about the sharing settings of a particlar document, you can select the document and then click on the Sharing Settings button, this will open up the Manage Access page for the selected document which tells you that a sharing link was created for the external user. Example Image

Used SharePoint Framework Version

version

Applies to

Get your own free development tenant by subscribing to Microsoft 365 developer program

Minimal Path to Awesome

  • Clone this repository
  • Move to right solution folder
  • in the command line run:
    • npm install
    • gulp serve

Solution

Solution Author(s)
Governor Sharing Robin Meure MSFT

Version history

Version Date Comments
1.0 October 27, 2023 Initial release

Deployment Overview

SharePoint App Deployment

Prerequisites

  • A copy of the solution .sppkg package.
  • The user deploying an app must be a SharePoint Administrator or Global Administrator in Microsoft 365.
  • The same user needs to approve and provide consent for the API permissions (this to call the Graph Search endpoint).

Step 1 - Add the app to the SharePoint App catalog

Follow the steps below to add the app to the SharePoint App catalog:

  • Go to More features in the SharePoint admin center, and sign in with an account that has the SharePoint Administrator or Global Administrator for your organization.
  • Under Apps, select Open. If you didn’t have an app catalog before, it might take a few minutes to load.

  • On the Manage apps page, click Upload, and browse to location fo the app package. The package file should have .sppkg extension.
  • Select Enable this app and add it to all sites. This will automatically add the app to the sites, so that site owners will not need to do it themselves. Unchecked the box Add to Teams. If you want to add the App to Teams you need to follow these instructions. Click Enable app at the bottom of the side panel.

Step 2 - Provide API consent

After the API is Enable you will need to provide consent. For this step you need the Global Administrator role. You will provide delegated permissions that will allow the application to act on a user's behalf. The application will never be able to access anything the signed in user themselves couldn't access. To learn more about delegated permissions see: https://learn.microsoft.com/en-us/entra/identity-platform/permissions-consent-overview#types-of-permissions

  • Click on Go to the API access page.

  • Click Approve to provide consent.

Step 3 - Adding the app to a SharePoint site

  • On the site where you want to use the app go to a page and open it for editing or create a new page for this purpose.
  • Click on the “+” to add a new web part and search for “Governor sharing”. Click on it to add it to the page.

  • The webpart should now be added to your page.

  • Save or Republish the page to see the changes applied.

Teams App Deployment

For the Teams App deployment, the app needs to be deployed to the SharePoint App Catalog first (Step 1 and Step 2).

Prerequisites

  • A copy of the Teams Apps solution package
  • The user deploying the app must be a Teams Administrator or Global Administrator in Microsoft 365.

Step 1 - Add the app to Teams App Catalog

  • Browse to the Manage Apps page in the Teams Admin Center: https://admin.teams.microsoft.com/policies/manage-apps
  • Click Upload new App, Click Upload and browse to the teams app package location. The package file should have .zip extension. After selecting the package click Open. The app will be uploaded.

Step 2 - Add the app to a Teams a tab

  • Go to MS Teams and click on the Apps on the left bar to open the App store of Teams.
  • On the left menu choose Built for your Org option to prefilter the apps and select “Governor sharing”. Click Add.

  • Click on Add to a team, choose a team and a channel where you want the app to be added and click Set up a tab on the bottom right of the pop-up window.

  • Click on Save

  • The app has been added to a Team. The settings panel on the right side can be closed.

Troubleshooting

If you face any other errors, you can enable the debugging mode from the configuration pane. When this is enabled, there is a lot more details being outputted to the written to the console.

  • In green you see the search (KQL) query what is used to retrieve documents
  • In yellow, you see the search results
  • In blue, you see the transformation of combining the searchresults and the permission calls

Known errors

Issue: We can't upload the app because there's already an app in the catalog with the same app ID. To upload a new app, change the app ID and try again. To update an existing app, go to the app details page.

Solution: Detele the app in the Teams Apps overview and re-add the package.

More information about deleting apps in Teams can found here: https://learn.microsoft.com/en-us/microsoftteams/teams-custom-app-policies-and-settings#delete-custom-apps-from-your-organizations-catalog

Disclaimer

THIS CODE IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING ANY IMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR NON-INFRINGEMENT.