Microsoft Graph API 和 SharePoint 文件权限

为了添加权限，您必须向以下端点发出

POST

https://graph.microsoft.com/v1.0/sites/{site-id}/drive/items/{folder-id}/invite

正文包含有关邀请请求的所有信息，如下例所示：

{
  "requireSignIn": false,
  "sendInvitation": false,
  "roles": [ "read | write"],
  "recipients": [
    {
        "email": "{email of the user}"
    }
 ],
  "message": "string"
}

如果您的请求成功，您将收到以下格式的回复：

Status: 200

{
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#Collection(permission)",
    "value": [
        {
            "@odata.type": "#microsoft.graph.permission",
            "id": "<some id>",
            "roles": [
                "write"
            ],
            "grantedTo": {
                "user": {
                    "email": "<user>@<tenant>.onmicrosoft.com",
                    "id": "<some id>",
                    "displayName": "<user's display name>"
                }
            }
        }
    ]

}

下面我将与您分享创建成功请求后从 Graph Explorer 获取的代码片段：

GraphServiceClient graphClient = new GraphServiceClient( authProvider );

var recipients = new List<DriveRecipient>()
{
    new DriveRecipient
    {
        Email =  "<user>@<tenant>.onmicrosoft.com"
    }
};

var message = "Here's the file that we're collaborating on.";

var requireSignIn = true;

var sendInvitation = true;

var roles = new List<String>()
{
    "write"
};

await graphClient.Sites["root"].Drive.Items["<folder-id>"]
    .Invite(recipients,requireSignIn,roles,sendInvitation,message,null,null,null)
    .Request()
    .PostAsync();

注释

1. 您可以在此处找到有关端点的文档。
2. 如果您尝试向从文档库继承其权限模型的文件夹添加权限，则应小心，因为在某些情况下，如果用户不是网站组的成员，MS Graph 可能会调用该文件夹的唯一权限。

我们也为此苦苦挣扎。感谢 @jimas13 的回答，我们找到了正确的 PowerShell 等效代码来使用 GraphAPI 设置 SharePoint 文档库的权限：

模块“Microsoft.Graph.Files”

$params = @{
    recipients     = @(
        @{
            email = '[email protected]'
        }
    )
    message        = "Here's the file that we're collaborating on."
    requireSignIn  = $true
    sendInvitation = $false
    roles          = @('read')
}
Invoke-MgInviteDriveItem -DriveId $drive.Id -DriveItemId $folder.id -BodyParameter $params

没有 json 的模块“Microsoft.Graph.Authentication”

$params = @{
    Uri         = "v1.0/sites/$($site.Id)/drive/items/$($folder.id)/invite"
    # Uri         = "v1.0//drives/$($drive.Id)/items/$($folder.id)/invite"
    Body        = @{
            requireSignIn  = $true
            sendInvitation = $false
            roles          = @('read')
            recipients     = @(   
                @{
                    email = '[email protected]'
                }
            )
            message        = 'Granted read permissions on folder'
        }
    Method      = 'POST'
}
Invoke-MgGraphRequest @params

带有 json 的模块“Microsoft.Graph.Authentication”

$params = @{
    Uri         = "v1.0/sites/$($site.Id)/drive/items/$($folder.id)/invite"
    # Uri         = "v1.0//drives/$($drive.Id)/items/$($folder.id)/invite"
    Body        = (@{
            requireSignIn  = $true
            sendInvitation = $false
            roles          = @('read')
            recipients     = @(   
                @{
                    email = '[email protected]'
                }
            )
            message        = 'Granted read permissions on folder'
        } | ConvertTo-Json)
    Method      = 'POST'
    ContentType = 'application/json'
}
Invoke-MgGraphRequest @params

这 3 个示例是使用 PowerShell 版本

7.4

2.16.0