本文介绍了用户是嵌套在 SharePoint 组中的 AD 组的一部分如何将广告用户与 SharePoint 组相关联的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我们已将 AD 组添加到 SharePoint 用户组.现在,当我们使用用户登录时,我们要检查登录 AD 用户的权限.

We have added a AD group to SharePoint users group. Now when we login with user, we want to check permission for the logged in AD user.

  1. 我在 SharePoint 中添加了广告组(示例)管理器.
  2. 现在我只想显示一些指向组(经理)的 URL 链接.
  3. 用户登录后,如何查看用户是否为管理员?(使用CSOM 或 JSOM)

推荐答案

不幸的是,SPGroup.ContainsCurrentUser 您将在服务器端代码中使用的属性无法通过 JavaScript 客户端访问对象模型(至少在 SP2010 和 2013 中没有).

Unfortunately, the SPGroup.ContainsCurrentUser property that you would use for this in server-side code is not accessible through the JavaScript client object model (at least not in SP2010 and 2013).

一种潜在的解决方法是利用您可以通过 JavaScript 客户端对象模型在组上访问的两个属性的组合:OnlyAllowMembersViewMemberhipCanCurrentUserViewMembership.

One potential workaround is to exploit a combination of two properties that you can access on groups via the JavaScript client object model: OnlyAllowMembersViewMemberhip and CanCurrentUserViewMembership.

如果当前用户可以查看某个群组的群组成员资格,而该群组仅设置为允许群组成员这样做,则我们可以假设该用户是群组成员.

If the current user can view group membership for a group that is only set to allow group members to do so, we can assume the user is a group member.

var clientContext = new SP.ClientContext();
var groupId = 5; // the group membership ID for the group you want to check
var group = clientContext.get_web().get_siteGroups().getById(groupId);
clientContext.load(group,"CanCurrentUserViewMembership");
clientContext.load(group,"OnlyAllowMembersViewMembership");
clientContext.executeQueryAsync(
    function(sender,args){
        var isMemberOfGroup = group.get_canCurrentUserViewMembership() && group.get_onlyAllowMembersViewMembership();
        if(isMemberOfGroup){
            doSomething();
        }
    },
    function(sender,args){alert("Whoops! "+args.get_message());}
);

此方法仅在您将群组设置为仅对成员可见时才有效,并且如果您具有提升的访问权限(例如,如果您是网站集管理员或群组),它将始终返回误报所有者.

This approach will only work if you've set the groups to only be visible to members, and it'll always return a false positive if you have elevated access, such as if you're a site collection administrator or the group owner.

如果您想应用上述逻辑来检查当前用户在网站上所有群组中的成员资格(而不是通过其 ID 指定群组),您可以使用下面修改后的 JavaScript 代码.

If you want to apply the above logic to check the current user's membership in all groups on the site (instead of specifying a group by its ID), you can use the modified JavaScript code below.

var clientContext = new SP.ClientContext();
var groups = clientContext.get_web().get_siteGroups()
clientContext.load(groups,"Include(CanCurrentUserViewMembership,OnlyAllowMembersViewMembership,Title)");
clientContext.executeQueryAsync(
function(sender,args){
    var groupIterator = groups.getEnumerator();
    var myGroups = [];
    while(groupIterator.moveNext()){
        var current = groupIterator.get_current();
        var isMemberOfGroup = current.get_canCurrentUserViewMembership() && current.get_onlyAllowMembersViewMembership();
        if(isMemberOfGroup){
            myGroups.push(current.get_title()); // this example adds group titles to an array
        }
    }
    alert(myGroups); // show the array
},function(sender,args){"Whoops! "+alert(args.get_message());});

选项 2:使用受众群体定位作为解决方法

根据您的要求,您甚至可能不需要以编程方式访问群组成员资格.您可以只在您希望仅对某些组可见的 Web 部件上设置受众定位;受众定位应尊重 AD 组成员资格.

Option 2: Use Audience Targeting as a workaround

For your requirements you may not even need programmatic access to the group membership. You could just set audience targeting on the web parts that you want to be visible only to certain groups; audience targeting should respect AD group membership.

这篇关于用户是嵌套在 SharePoint 组中的 AD 组的一部分如何将广告用户与 SharePoint 组相关联的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

10-30 15:56