Jan 25 2023 01:48 PM
Hi, I am new to SharePoint Online world and wanted to know if it was anyway possible to update the self generated document URL that SharePoint creates when uploading the document that I can use to redirect the users to some other app/page for run time validation.
Story time, I have a requirement where I need to check at run time, if the user has permission to view the document, the permissions are evaluated at run time and can change on any predefined condition. Eg, User A might have permission to view the document from 10 am to 2 PM but not from 2 PM - 10 AM, these permission are not predefined so can change based on some external evaluator. So what I need is when a user tries to open the document, on 'BeforeLoad' event or via replaced URL reach out to the engine and see if the user A at the time satisfy all the run time permission, if yes, the user should be able to open the document, if Not, they we should cancel the request.
I think in old days with OnPrem servers, this was possible as we controlled the server side events, but not sure how to approach this problem in SharePoint Online. I would really appreciate any kind of help to nudge me in the right direction.
Jan 25 2023 11:03 PM
Hi @testpoudyal ,
no, i don't think that that is possible on SharePoint Online.
I would create a new app where the users must login using azure ad.
The app will serve the documents to the users.
It itself accesses SharePoint using an app principal and the app is doing your permissions checks.
I would either create an azure web app or perhaps a PowerApp (If accessing SharePoint using an app principal is no to complicated)
Best Regards,
Sven
Jan 27 2023 07:46 AM
Jan 28 2023 02:42 AM
Hi @testpoudyal,
you could redirect your users to the new Azure app.
But if you want to keep your users in SharePoint, then your app can just expose a webservice.
Then you write an SPFX webpart for your users to interact with that webservice.
But you should protect your webservice using Azure AD.
Take a look at this tutorial on how to do that with an Azure Function.
https://learn.microsoft.com/en-us/sharepoint/dev/spfx/use-aadhttpclient-enterpriseapi
Best Regards,
Sven