How to: Add dynamic server-side generated values to a masterpage

sharepoint.stackexchange https://sharepoint.stackexchange.com/questions/242020

  •  16-01-2021
  •  | 
  •  

Domanda

SP 2013 On premise. Publishing enabled. We use AD Groups to organize our users. These AD groups are then added to 1 or more SP groups for the purpose of audience targeting. I now have the need to hide certain page elements (a page that I do not own and cannot put into edit mode and there are) via JavaScript. I have been able to do this successfully by adding JS on the master page however now the requirement is to show/hide elements based on an AD group membership which cannot be accomplished with JavaScript/CSOM/REST.

My thought is to pull this information and save it to a session variable and persist it from there to a field on the master page. Then it could be read by JavaScript. This could potentially be used on any page but not necessarily on every page. I am unable to edit the pages that we need it on currently as they are part of a third party solution.

Admittedly, I am looking for a quick and dirty solution as this is a last minute requirement. Just wondering what would be the best way of approaching it form a performance standpoint.

Thanks!

È stato utile?

Soluzione

A few ideas...

1 - As it appears you can add server side code (session vars, etc.), consider creating an ASP.NET or WEB API web service to the SharePoint web servers that you call with the user ID and AD group that just returns True or False if the user is in the group. Then call this from your JavaScript.

2- Use a web part. (maybe) Web parts can be Audience trimmed. Add an extra web part zone to the master page. In this zone, hard code a Content Editor web part that links to your custom JavaScript and is configured as Audience trimmed. Your JavaScript will then run for just those users.

3- If your AD users are granted a unique SharePoint permission (ManageLists, etc.) you could then use the SecurityTrimmedControl in the master page. Here's an example that runs code based on having the "ManageWeb" permission:

<script type="text/javascript">
  var UserHasManageWebPermissions=false;
</script>

<SharePoint:SPSecurityTrimmedControl runat="server" PermissionsString="ManageWeb">
  <script type="text/javascript">
    UserHasManageWebPermissions=true;
  </script>
</SharePoint:SPSecurityTrimmedControl>

<script type="text/javascript">
// do something based on permissions
if ( UserHasManageWebPermissions )
{
  // add your code here
  alert("ALERT from SecurityTrimmedControl (you have the manage web permission!)");
}
</script>

Altri suggerimenti

How I finally accomplished this was to create a delegate control and deploy it as a full trust feature. It writes a CSV string to a session variable and persists that to a JavaScript variable on the master page. If the session doesn't exist an AD lookup is done and the CSV string created. This works well for us since some pages are not accessible and can only be modified in the master pages and our clients are many and their needs are varied as far as allowing different elements to be seen. Breaking inheritance is something we want to avoid as much as possible so this works well for us. Also, if a user's AD groups change they need only start a new browser session to have the changes show up.

Autorizzato sotto: CC-BY-SA insieme a attribuzione
Non affiliato a sharepoint.stackexchange
scroll top