Showing posts with label app model. Show all posts
Showing posts with label app model. Show all posts

Friday 17 October 2014

SharePoint Hosted Apps vs Embedded JS


Overview: The use of Apps (specifically SPHA) in SharePoint seems to be misunderstood, developers and architects often want to use the App model for functionality that folks have built using previous versions of SharePoint.  Apps are reusable pieces of custom logic akin to a specialised document library.

The app needs to be deployed to the catalogue store and permissions granted to leverage SP functionality.

SharePoint Hosted Apps (SPHA) are the internal sub web created with SharePoint, that can use JavaScript to perform customisation.

For example I want to read values from a term set, you can simply embed JavaScript and using the current users context get the term set data you want.

Permissions in SPHA run in the context of the current user as opposed to Provider Hosted Apps that can run in either: current user context, app context or app and current user context.

Deployed JavaScript will perform exactly the same when called from a page or from a SharePoint page or from within the SPHA (app web).  JavaScript runs in the context of the current user for both approaches.

The following embedded JavaScript works both in a web part page or in a page inside a SPHA (app web):

<script type="text/javascript">
var termSetName = //document.getElementById('termsetID').value;
var locale = 1033; // your locale. Here is English
var context  = SP.ClientContext.get_current();  //User the current users context.
var taxonomySession = SP.Taxonomy.TaxonomySession.getTaxonomySession(context);
var termStore = taxonomySession.getDefaultSiteCollectionTermStore();
var termSets = termStore.getTermSetsByName(termSetName, locale);
var termSet = termSets.getByName(termSetName);
var terms = termSet.getAllTerms();
context.load(taxonomySession);
context.load(termStore);
context.load(termSet);
context.load(terms);
context.executeQueryAsync(function onSucess(){
  var termEnumerator = terms.getEnumerator();
  var termList = "Terms: <br/>";
while(termEnumerator.moveNext()){
var currentTerm = termEnumerator.get_current();
termList += currentTerm.get_name() + "<br/>";
}
Windows.alert(termList);// Output to the screen                                 
                },function onFailure(args){
                    // Notify user of error
                });         
}

The user only needs to be a visitor to have read access to the term store.  JS works in the same way whether inside an SPHA or within a page on a SharePoint site.

“Apps that do not make OAuth authenticated calls (for example, apps that are only JavaScript running in the app web) cannot use the app-only policy. They can request the permission, but they will not be able to take advantage of it because doing so requires passing an app-only OAuth token. Only apps with web applications running outside of SharePoint can create and pass app-only tokens.”  MSDN article

JavaScript inside a SPHA can only run within the context of the current user.
Provider-Hosted Apps (PHA) can use either:
  • context token (user context)
  • user+app access token
  • app-only access
This was spoon fed to me from some good folks I'm working with Nick, Sachin & Peter- thank-you.

Friday 1 November 2013

Where is MS taking SharePoint Development

The communities reaction to the app model for SharePoint 2013 has been interesting over the past year.  Please post your thoughts!

I got this email recently:
"I've been doing some 2013 development using the traditional farm solution approach.  using c# code behind. I think that this is the way most SP2013 projects will be developed. Why? because 99.9% of SharePoint developers know how to do it this way and that's everyone's skill set. I think Apps will be used when the clients requirements need functionality that needs to be isolated. You can't communicate cleanly between apps. I also think that using an Agile approach to development that is app based solution is dangerous in that the client nearly always changes the requirements. That could mean a complete rewrite of the App or change approach. Not good for consultancies who never give you enough time anyway."

My reply:
Using the SharePoint App model for development has no integration or ALM capabilities so it is fine for building little bits of functionality or for companies providing generic apps for say a generic intratent.  The 3 models have difference strengths, the best generally is the provider hosted and I feel this is not SharePoint but external development that I merely surface in SP.

Building complex system in SharePoint has been hugely successful and has great folks that can bend SharePoint, the app model has it's place but I don't see it replacing proper business solutions delivered thru SP.

Another person was complaining to me recently along the lines of "even if you know JS and the provider models it takes 5 times as long to develop functionality that using the solution approach."

Bill Ayers Provided a nice session on The Good the bad and the Ugly of the App Model for SharePoint.  He has a video that is hillarious.

 

Saturday 29 June 2013

SharePoint Host Apps - User Permissions

Problem:  How do I give users or groups permissions in a SP Host App?  This post is not looking at giving the App Web permissions against the SharePoint Site.  It merely looks at giving users rights to work within the app.

Initial Hypothesis:
SharePoint has a structure Object hierarchy that developers can secure users against namely: SPSite (Site Collection), SPWeb (Sitess/Webs), SPList (Lists/Document Libraries) and SPItem (Rows).  Based on the hierarchy I initially assumed SP Apps would maintain their own security.  Well this would get rather confusing as you would need to maintain the host web and the app web user permissions.

There is no UI in the App web to be setting security but on the UI you can get to the lists permission page.  In the SP Hosted App, navigate to the list, in my case the url is: http://dev-d8f436fea0378f.apps.dev.local/SPHostedApp/Lists/Comment/AllItems.aspx this takes me to the "Comments" list.  I click the "List" tab on the ribbon.  Click the "Shared With" button and Choose "Advanced".


Here we can stop inheriting the security permissions for the list.
I thought I could set the App webs permissions by selecting the "Web" link.  You receive an error.

Resolution:  You need to stop inheriting permissions on the Host App (parent) and then the App web inherits theses permissions.

How if works: