Pnpjs: Getting "Access Denied" error for UserHasPermissions query in PnP SP

403 errors are permissions errors, meaning you do not have the right permissions for the operation you are doing. Where is this code running? If it is inside spfx did you call the setup function? Is it possible that either different people are trying this with different permissions, or are the permissions being updated while testing creating different results?

Yes, my code is running inside spfx and I called the setup function. Also different people with different permissions (Full Control, Edit and Read) are trying to access the web part.
Some times the web part works fine but after refreshing the page multiple times it is throwing "Access Denied" error and then after some time it works fine.

Hi @AnjaniChallamcherla - if folks without the necessary permissions try and execute a request the will get access denied. I don't see this as a problem with the library, but if you can provide a repository we can clone that reproduces the behavior consistently _with_ a user that has the correct permissions we can take a look.

Hi @patrick-rodgers, Thank you for your quick response.
One quick question, does "userHasPermissions" function work fine for users who have Edit/Read access to the site.
I uploaded my solution in below link:
https://github.com/AnjaniChallamcherla/Links/blob/master/Links.zip
As mentioned earlier, user is not getting the error initially but after refreshing the page multiple times he is getting "Access Denied" error. Also I observed this error is happening only for user who have "Edit/Read" access to site.
Also I tested with user who is "Site Collection Administrator" of the site but I never got "Access Denied" error even after refreshing the page multiple times.

The error is happening for Edit/Read access users after multiple refreshes for below codes(ManageWeb, ManageLists):
await sp.web.userHasPermissions("i:0#.f|membership|" + this.props.currentUserEmail, PermissionKind.ManageWeb).then(perms => {
console.log("User:"+this.props.currentUserEmail+" Perms: "+perms);
});
await sp.web.userHasPermissions("i:0#.f|membership|" + this.props.currentUserEmail, PermissionKind.ManageLists).then(perms => {
console.log("User:"+this.props.currentUserEmail+" Perms: "+perms);
});

Is there any duration for ManageWeb/ManageLists to work fine?
Does ManageWeb/ManageLists work fine for users with Edit/Read access?

Please help

Hi @patrick-rodgers,
I created a spfx web part which queries userHasPermissions only. Below is the link of the web part:
https://github.com/AnjaniChallamcherla/checkPermissions

I published the web part and tested with a user who is in Site Members group (Edit access). Initially it worked fine but after refreshing the page multiple times it got Access Denied error.

Please help

Hi @AnjaniChallamcherla,

Please treat sp.web.userHasPermissions as an admin endpoint, as users with lack of permissions should not have permissions to check other persons rights.

Luckily, there should be an alternative for current user option. Let me suggest a possible solution:

import { sp, PermissionKind } from '@pnp/sp';

sp.web.select('EffectiveBasePermissions').get()
    .then(({ EffectiveBasePermissions }) => {
        return sp.web.hasPermissions(EffectiveBasePermissions, PermissionKind.ManageLists);
    })
    .then(hasPermissions => {
        console.log(hasPermissions ? 'Good to go...' : 'No way buddy!');
    })
    .catch(console.warn);

This should work for ordinary users as well.

Hi @koltyakov,
Thank you so much for your response.
The code you provided working perfectly well.
I think it will be great if you add that sp.web.userHasPermissions is for admins in https://github.com/SharePoint/PnP-JS-Core/wiki/Working-With:-Permissions

Thank you once again, Appreciate your valuable responses.