Search code examples
c#sharepointmicrosoft-graph-api

Sharepoint Permissions Limit

There is a limit of 50,000 unique permissions per Document Library in Sharepoint. What I'm trying to do is count the number of unique permissions and if it goes over a certain number then create a new document library automatically

I have this code but I'm not sure if I'm counting the write things. My document library has 3 shares but its returning 22 which I thought was permissions being propogated down the list.

My question is this the most efficient way to count the unique permissions and do I have the correct algorithm

    private static async Task<int> GetPermissionsCountForItem(GraphServiceClient graphClient, string driveId, string itemId)
    {
        int permissionsCount = 0;

        // Get permissions for the current item
        var permissions = await graphClient.Drives[driveId].Items[itemId].Permissions.Request().GetAsync();
        permissionsCount += permissions.Count(x => x.InheritedFrom == null); ;

        // Get children of the current item
        var children = await graphClient.Drives[driveId].Items[itemId].Children.Request().GetAsync();

        if (children != null)
        {
            // Recursively get permissions for each child item
            foreach (var child in children)
            {
                permissionsCount += await GetPermissionsCountForItem(graphClient, driveId, child.Id);
            }
        }

        return permissionsCount;
    }
Solution

  • Each permission has an unique id.

    If a permission is propagated to the children, the id remains the same. Probably store permissions ids in some hash set and then count them.

    private static async Task GetPermissionsCountForItem(GraphServiceClient graphClient, string driveId, string itemId, HashSet<string> permissionsIds)
{
    // Get permissions for the current item
    var permissions = await graphClient.Drives[driveId].Items[itemId].Permissions.Request().GetAsync();
    foreach(var perm in permissions.Value.Where(x => x.InheritedFrom == null))
    {
        if(!permissionsIds.Contains(perm.Id))
        {
            permissionsIds.Add(perm.Id);
        }
    }

    // Get children of the current item
    var children = await graphClient.Drives[driveId].Items[itemId].Children.Request().GetAsync();

    if (children != null)
    {
        // Recursively get permissions for each child item
        foreach (var child in children.Value)
        {
            await GetPermissionsCountForItem(graphClient, driveId, child.Id, permissionsIds);
        }
    }
}

var permissionsIds = new HashSet<string>();
await GetPermissionsCountForItem(graphClient, "{driveId}", "{driveItemId}", permissionsIds);
var count = permissionsIds.Count;