ディスプレイテンプレートにセキュリティトリミングリンクをどのようにレンダリングしますか?[解決しよう]
https://sharepoint.stackexchange.com//questions/74595
-
10-12-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian質問
古いListView / Dataform XSLベースのWebPartでは、表示ユーザーが十分な特権がある場合は、リンクをレンダリングするXSLTを表示することができます。
<xsl:choose>
<xsl:when test="ddwrt:IfHasRights(16)">
<div>
<div style="float:right;">
<a href="{$RootSiteUrl}/{$dvt_adminurl}" class="ms-rteElement-arrowLink">Manage</a>
</div>
<span class="clear"></span>
</div>
</xsl:when>
</xsl:choose>
私の質問は、新しいディスプレイテンプレート環境でセキュリティトリミングリンクをどのようにレンダリングするのか?
解決
So what I ended up doing is creating a user control that is referenced in my master page; this control throws down some hidden fields that render out what access the current user has. I can then use those hidden flags in my display template to show/hide conditional content. A key point is to use ClientIDMode="Static" since you can't guarantee that jQuery is loaded when your display template renders.
Asp Code:
<span id="uinfo" style="display:none;">
<asp:HiddenField ID="HdnIsAnonymous" runat="server" Value="1" ClientIDMode="Static" />
<asp:HiddenField ID="HdnIsSteAdm" runat="server" Value="-1" ClientIDMode="Static" />
<asp:HiddenField ID="HdnMgCurWeb" runat="server" Value="-1" ClientIDMode="Static" />
<asp:HiddenField ID="HdnContrCurWeb" runat="server" Value="-1" ClientIDMode="Static" />
</span>
Code behind:
string siteUrl = SPContext.Current.Site.Url;
string webUrl = SPContext.Current.Web.Url;
bool isAnonymous = SPContext.Current.Web.CurrentUser == null;
if (!isAnonymous && !SharePointHelper.IsCurrentPageInEditMode)
{
SPSecurity.RunWithElevatedPrivileges(delegate()
{
using (SPSite elevatedSite = new SPSite(webUrl))
{
// Check the current web and verify if the current user can manage the web and or contribute pages.
using (SPWeb elevatedCurrentWeb = elevatedSite.OpenWeb())
{
HdnMgCurWeb.Value = elevatedCurrentWeb.DoesUserHavePermissions(SPBasePermissions.ManageWeb) ? "1" : "0";
SPList pagesList = elevatedCurrentWeb.Lists.TryGetList("Pages");
if (pagesList != null)
{
HdnContrCurWeb.Value = pagesList.DoesUserHavePermissions(SPBasePermissions.EditListItems) ? "1" : "0";
}
}
}
}
HdnIsSteAdm.Value = (SPContext.Current.Web.CurrentUser.IsSiteAdmin ? "1" : "0");
}
HdnIsAnonymous.Value = (isAnonymous ? "1" : "0");
Display Template Code:
<!--#_
var canEdit = false;
var canEditFlagElem = $get("HdnContrCurWeb");
if (canEditFlagElem)
{
canEdit = canEditFlagElem.value == "1";
}
_#-->
...
<!--#_ if(canEdit) { _#-->
<div style="text-align:right;margin-right:12px;">
<span class="link-item"><a>Security trimmed link</a>
</div>
<!--#_ } _#-->
Granted, a malicious user could find the link location in the display template code and load it up, but it's really not a problem because SharePoint security will take over from there.
This is superior to issuing JSOM SP.js calls IMHO, which require a minimum of two callbacks after the page loads to check permissions, this data that is rendered via the control is also generic information that can be used by all display templates on the page, and is the best option in terms of performance and decreased requests.
