0

Wondering if anyone can help me please, I have some REST code getting all the webs for a site collection, this looks like below:

   url = _spPageContextInfo.webAbsoluteUrl + "/_api/web/webs?$select=Title,ServerRelativeUrl,Description&sort=Title";

$.ajax({
   url: url,
   method: "GET",
   headers: {
      "accept": "application/json;odata=nometadata",
   },
   success: function (data) {
      if (data) {
         $.each(data.value, function (i) {
            var Desc = data.value[i].Description;
            var Title = data.value[i].Title;
            var Url = data.value[i].ServerRelativeUrl;

            $('.container').html(Desc + " " + Title + " " + Url);
         });
      }
   },
   error: function (data) {
      $('.container').html(JSON.stringify(data));
   }
});

When I run this or any other users run this as a site collection administrator it will return a list of all webs however, I am finding if a user runs this with read access, contribute or even full control then we get the following error:

{"readyState":4,"responseText":"{\"odata.error\":{\"code\":\"-2147024891, System.UnauthorizedAccessException\",\"message\":{\"lang\":\"en-US\",\"value\":\"Access denied. You do not have permission to perform this action or access this resource.\"}}}","responseJSON":{"odata.error":{"code":"-2147024891, System.UnauthorizedAccessException","message":{"lang":"en-US","value":"Access denied. You do not have permission to perform this action or access this resource."}}},"status":403,"statusText":"error"}

Just wondering if anyone knows why this is happening or can give any advice on how to overcome the issue.

Improve this question

1 Answer 1

Reset to default
2

This is a known issue with this endpoint. It works only if you are site admin or owner.

Instead of /_api/web/webs endpoint, you need to use /_api/web/getsubwebsfilteredforcurrentuser endpoint. It will give you a security trimmed list of sub sites.

Modify your code as below:

url = _spPageContextInfo.webAbsoluteUrl + "/_api/web/getsubwebsfilteredforcurrentuser(nwebtemplatefilter=-1,nconfigurationfilter=0)?$select=Title,ServerRelativeUrl,Description&sort=Title"

$.ajax({
   url: url,
   method: "GET",
   headers: {
      "accept": "application/json;odata=nometadata",
   },
   success: function (data) {
      if (data) {
         $.each(data.value, function (i) {
            var Desc = data.value[i].Description;
            var Title = data.value[i].Title;
            var Url = data.value[i].ServerRelativeUrl;

            $('.container').html(Desc + " " + Title + " " + Url);
         });
      }
   },
   error: function (data) {
      $('.container').html(JSON.stringify(data));
   }
});
Improve this answer

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.