Wait, is a workflow an app? Well, as they keep trying to tell us, everything is an app. No, an Add-in.
Before we can even think about writing the workflow (which on some levels turned out to be the easy part of all of this), I had to figure out the authorization side of things. It wasn’t enough to get the digest token from the server – there’s a more heavy duty permissions set up required even to make the REST calls into other Webs (sites to normal people).
Luckily I have good friends in the community. Matt Bramer (@ionline247) was the first person who replied to one of my tweets, and he gave me some good tips. Through him I found that Fabian Williams (@fabianwilliams) had written several blog posts about the trials and tribulations he went through so that I wouldn’t have to. But it’s still confusing, so here are the high level steps I went through.
Enable the “Workflows can use app permissions” Feature in your Site
This is documented fairly well at Create a workflow with elevated permissions by using the SharePoint 2013 Workflow platform, but here’s my version.
Step 1 – Allow the workflow to use app permissions
Go to Site Settings in the site where you want to run the workflow and turn on the Workflows can use app permissions feature.
Step 2 – Grant full control permission to a workflow
This is the step that gets pretty weird. We have to give this workflow the permission to run as if it’s an app add-in (though one might say that it’s an app add-in already – everything is an app add-in, right?).
Navigate to Site Settings and then under Users and Permissions, to Site app permissions. If things have gone according to plan, you should see Workflow as one of the two or more items listed here.
What you want to grab is the yellow text below. It follows a bar character – “|” – and precedes an “@” character.
Now you have to navigate to a hidden, super secret page at:
http://yourtenant/sites/yoursitecollection/_layouts/15/appinv.aspx
In the example on MSDN, they send you off to the /sites/AppCatalog Site Collection for this. That’s only because they are showing an example interacting with a list there. You should go to the secret page where you want the workflow to run. (Yes, I was down a rat hole on this for a while. Maybe I was just being stupid. It seemed like they were telling me I need to give permissions on the App Catalog site for this to work.)
So go to the super secret page in your Site Collection, paste in the yellow stuff from above, and click the Lookup button. The next three fields will be filled in. You shouldn’t need to change anything in those fields.
Next you need to paste this XML into the last field called Permission Request XML. Don’t try to get all smart about it like I did: paste in EXACTLY this XML – don’t make any changes.
You have two options here:
<AppPermissionRequests> <AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web" Right="FullControl" /> </AppPermissionRequests>
or…
<AppPermissionRequests> <AppPermissionRequest Scope="http://sharepoint/content/sitecollection" Right="FullControl" /> </AppPermissionRequests>
In this case, I went with the latter; I want my workflow to have permissions on the entire Site Collection. The former would give my workflow permissions only in the subsites of the Site Collection; I need permission on the root of the Site Collection because I want to iterate through the subwebs (subsites) from there.
Click on the Create button.
Next you’ll be asked if you trust the workflow. One would think this would be a given, but click the Trust It button.
At this point, you have the permissions set up which give you the possibility of looping through the subsites off the root, even though you haven’t created an actual workflow yet. (Or, if you’re like me, you beat your head against the workflow first and then realized you had to figure this part out.)
References for this step
- Gotcha on SharePoint Designer Workflows in App Step by Fabian Williams
- ACTUALLY RESOLVED: Unable to Create List using SharePoint 2013 REST API in SPD2013 by Fabian Williams
- Create a workflow with elevated permissions by using the SharePoint 2013 Workflow platform
by Marc D Anderson via Marc D Anderson's Blog
No comments:
Post a Comment