Hi there,
I am trying to perform a term update (specifically setting a custom property value, though - the nature of the update seems to be irrelevant).
When using the app context (app only situation) I receive a 403 when I call ExecuteQuery()
My code appears to be sound, if I set specific user credentials (non app model) it runs fine. I can see in Fiddler that the bearer token is being sent as you would expect, I can also confirm that the bearer token works fine for me to request and write information from the site collection itself (on list items).
My app permission XML is as follows:
<AppPermissionRequests AllowAppOnlyPolicy="true" >
<AppPermissionRequest Scope="http://sharepoint/content/sitecollection" Right="FullControl" />
<AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl" />
<AppPermissionRequest Scope="http://sharepoint/taxonomy" Right="Write" />
<AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web" Right="FullControl" />
</AppPermissionRequests>
Which as far as I can tell should give me the access required to perform a term update/create.
That being said, having decompiled the Microsoft.SharePoint.Taxonomy DLL I can see the following code in the Microsoft.SharePoint.Taxonomy.Internal.Security class:
TaxonomySession session = termStore.Session;
if (SPAppRequestContext.Current != null)
{
if (!session.AppPermission.CanAccessTermStore)
{
return false;
}
if ((permissions & (TaxonomyRights.EditTerm | TaxonomyRights.EditTermSet | TaxonomyRights.EditGroup | TaxonomyRights.AddTermSetEditPermissions)) != TaxonomyRights.None && !session.AppPermission.CanModifyTermStore)
{
return false;
}
}
Which seems to indicate that it would correctly return out if you didn't have the required permission, but wouldn't return out if you did potentially.
Should I be able to perform this update? Or will this only work in the context of a user?
Any help greatly appreciated!
Thanks,
Mike