SharePoint SPFx: Why you shouldn't use FullMask-Check (yet)

Update: With the SPFx Version 1.14 the bug was marked as fixed

It's been over a year since I reported the bug on GitHub, but it still exists. If you want to use the method this.context.pageContext.web.permissions.hasPermission in a SPFx component to check if the currently logged in user has full permission => this.context.pageContext.web.permissions.hasPermission(SPPermission.fullMask), you always get FALSE as return value, even if you are administrator. This is due to the bitwise validation in the Microsoft code.

The definition of this function looks like this:

SPPermission.prototype.hasPermission = function (requestedPerm) { 
return requestedPerm && ((requestedPerm.value.Low & this.value.Low) === requestedPerm.value.Low) && ((requestedPerm.value.High & this.value.High) === requestedPerm.value.High); 

This condition returns true:

(requestedPerm.value.High & value.High) === requestedPerm.value.High

But this one returns false:

(requestedPerm.value.Low & value.Low) === requestedPerm.value.Low

The reason is, that the bitwise AND returns -1 and not 4294967295

And this happens because JavaScript can only check bitwise in the range of -2147483648 to 2147483647 (see here)


If you still want to check if a user has full access, you can use the following method instead. It checks if a user is siteadmin, or has full access:

public userHasFullMask(): boolean {
        let isSiteAdmin: any = this.context.pageContext.legacyPageContext["isSiteAdmin"];

        if(isSiteAdmin) {
            return true;

        let permission: SPPermission = this.context.pageContext.web.permissions;
        let fullMaskPermission: SPPermission = SPPermission.fullMask;

        return permission.value.High == fullMaskPermission.value.High && 
        permission.value.Low == fullMaskPermission.value.Low;