Friday, 17 October 2014

SharePoint Hosted Apps vs Embedded JS

Overview: The use of Apps (specifically SPHA) in SharePoint seems to be misunderstood, developers and architects often want to use the App model for functionality that folks have built using previous versions of SharePoint.  Apps are reusable pieces of custom logic akin to a specialised document library.

The app needs to be deployed to the catalogue store and permissions granted to leverage SP functionality.

SharePoint Hosted Apps (SPHA) are the internal sub web created with SharePoint, that can use JavaScript to perform customisation.

For example I want to read values from a term set, you can simply embed JavaScript and using the current users context get the term set data you want.

Permissions in SPHA run in the context of the current user as opposed to Provider Hosted Apps that can run in either: current user context, app context or app and current user context.

Deployed JavaScript will perform exactly the same when called from a page or from a SharePoint page or from within the SPHA (app web).  JavaScript runs in the context of the current user for both approaches.

The following embedded JavaScript works both in a web part page or in a page inside a SPHA (app web):

<script type="text/javascript">
var termSetName = //document.getElementById('termsetID').value;
var locale = 1033; // your locale. Here is English
var context  = SP.ClientContext.get_current();  //User the current users context.
var taxonomySession = SP.Taxonomy.TaxonomySession.getTaxonomySession(context);
var termStore = taxonomySession.getDefaultSiteCollectionTermStore();
var termSets = termStore.getTermSetsByName(termSetName, locale);
var termSet = termSets.getByName(termSetName);
var terms = termSet.getAllTerms();
context.executeQueryAsync(function onSucess(){
  var termEnumerator = terms.getEnumerator();
  var termList = "Terms: <br/>";
var currentTerm = termEnumerator.get_current();
termList += currentTerm.get_name() + "<br/>";
Windows.alert(termList);// Output to the screen                                 
                },function onFailure(args){
                    // Notify user of error

The user only needs to be a visitor to have read access to the term store.  JS works in the same way whether inside an SPHA or within a page on a SharePoint site.

“Apps that do not make OAuth authenticated calls (for example, apps that are only JavaScript running in the app web) cannot use the app-only policy. They can request the permission, but they will not be able to take advantage of it because doing so requires passing an app-only OAuth token. Only apps with web applications running outside of SharePoint can create and pass app-only tokens.”  MSDN article

JavaScript inside a SPHA can only run within the context of the current user.
Provider-Hosted Apps (PHA) can use either:
  • context token (user context)
  • user+app access token
  • app-only access
This was spoon fed to me from some good folks I'm working with Nick, Sachin & Peter- thank-you.

Thursday, 16 October 2014

Cross Cutting Concerns for SharePoint 2013

Overview:  Last week I was speaking to a smart chap and he dropped the term Cross Cutting Concern as we were discussing SharePoint Host Apps (SPHA) and JavaScript.

Problem:  When creating apps for SharePoint 2013 multiple solutions need to address cross cutting concerns.  In the past I deployed a SharePoint library with caching, logging, lazy loading and various other "Cross Cutting Concerns", now for Provider Host Apps (PHA), SPHA and JS embedded within pages and Single Page Apps (SPA) we need frameworks for clients to address common components.

Caching for Client Side Code: In JavaScript you can either cache using the client cookie which is small or in HTML 5 based browsers use the JavaScript local store. 
Caching on the Server: All the normal Caching of C# or Azure are available.  Also look at Redis.

Update 27/01/2015: