SPFx WebPart shows documents which have been explicitly shared within a SharePoint site or Team.
It does this by using the following steps:
- Issue a Search Query (KQL) against the Graph API to retrieve documents where the managed property
SharedWithUsersOWSUSERcontains a value. - Iterate through the results of the search query to get the permissions (e.g., sharing information) for each file using the
/permissionsendpoint ofdriveItemson GraphAPI. - Display the results in a
ShimmeredDetailsListand use thePaginationcontrol for paging through the results. - By selecting a document and clicking on the Sharing Settings button, the Manage Access pane will open for further review of the sharing settings.
- The panel includes a Manage Access pivot and an Activity pivot.
- Enable debug mode as a webpart property to see the query that the Graph Search API is triggering or by adding query string
debug=true.
Here is an example with a list of shared documents, with a clear distinction when they are shared with external users (notice the tooltip & icon in front of the document):
When you want to know more about the sharing settings of a particular document, you can click on the view icon of the document. This will open up the Side Panel which has the Manage Access component rendered through an iFrame, indicating that a sharing link was created for the external user.
Get your own free development tenant by subscribing to the Microsoft 365 developer program
- Clone this repository
- Move to the right solution folder
- In the command line run:
npm installgulp serveornpm run serve
| Solution | Author(s) |
|---|---|
| Governor Sharing | Robin Meure MSFT |
| Governor Sharing | Ahamed Fazil Buhari |
| Version | Date | Comments |
|---|---|---|
| 1.0 | October 27, 2023 | Initial release |
| 2.0 | November 11, 2024 | SPFx 1.20 upgraded, React hooks, Server filter & Search |
- Ensure you have a copy of the solution package file with a
.sppkgextension. - The user deploying the app must have SharePoint Administrator or Global Administrator permissions in Microsoft 365.
- The same user must approve and provide consent for the required API permissions to call the Graph Search endpoint.
Follow the steps below to add the app to the SharePoint App catalog:
- Go to More features in the SharePoint admin center, and sign in with an account that has the SharePoint Administrator or Global Administrator role for your organization.
- Under Apps, select Open. If you didn’t have an app catalog before, it might take a few minutes to load.
- On the Manage apps page, click Upload, and browse to the location of the app package. The package file should have a
.sppkgextension. - Select Enable this app and add it to all sites. This will automatically add the app to the sites, so that site owners will not need to do it themselves. Uncheck the box Add to Teams. If you want to add the App to Teams, you need to follow these instructions. Click Enable app at the bottom of the side panel.
After the API is enabled, you will need to provide consent. For this step, you need the Global Administrator role. You will provide delegated permissions that will allow the application to act on a user's behalf. The application will never be able to access anything the signed-in user themselves couldn't access. To learn more about delegated permissions, see: Types of permissions.
- Click on Go to the API access page.
- Click Approve to provide consent.
- On the site where you want to use the app, go to a page and open it for editing or create a new page for this purpose.
- Click on the “+” to add a new web part and search for “Governor sharing”. Click on it to add it to the page.
- The web part should now be added to your page.
- Save or Republish the page to see the changes applied.
For the Teams App deployment, the app needs to be deployed to the SharePoint App Catalog first (Step 1 and Step 2).
- A copy of the Teams Apps solution package
- The user deploying the app must be a Teams Administrator or Global Administrator in Microsoft 365.
- Browse to the Manage Apps page in the Teams Admin Center: Manage Apps
- Click Upload new App, Click Upload and browse to the Teams app package location. The package file should have a
.zipextension. After selecting the package, click Open. The app will be uploaded.
- You may need to adjust your Teams App policies to make the app available for your organization. For more information, see Teams App Permission Policies.
- Go to MS Teams and click on the Apps on the left bar to open the App store of Teams.
- On the left menu, choose Built for your Org option to prefilter the apps and select “Governor sharing”. Click Add.
- Click on Add to a team, choose a team and a channel where you want the app to be added and click Set up a tab on the bottom right of the pop-up window.
- Click on Save
- The app has been added to a Team. The settings panel on the right side can be closed.
If you face any other errors, you can enable the debugging mode from the configuration pane. When this is enabled, there is a lot more details being outputted to the console.
- In green, you see the search (KQL) query that is used to retrieve documents.
- In yellow, you see the search results.
- In blue, you see the transformation of combining the search results and the permission calls.
Issue: We can't upload the app because there's already an app in the catalog with the same app ID. To upload a new app, change the app ID and try again. To update an existing app, go to the app details page.
Solution: Delete the app in the Teams Apps overview and re-add the package.
More information about deleting apps in Teams can be found here: Delete custom apps from your organization's catalog.
THIS CODE IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING ANY IMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR NON-INFRINGEMENT.