Hii ni baada ya mwingine katika wangu inayoendelea mfululizo ya jinsi ya kutumia jQuery na SharePoint.
Kama unataka kujifunza zaidi kuhusu jQuery, Mimi sana kupendekeza: jQuery katika Action na kubeba Bibeault na Yehuda Katz.
Moja ya mambo ya kwanza nilidhani, mara moja Nilianza kucheza karibu na jQuery, was whether we could use it to secure a SharePoint view. The answer is “no” (au angalau, Mimi si wakidai inawezekana). Hata hivyo, it is certainly possible to make it difficult for people to see a particular view.
I started with my sandbox environment when working on this. I wrote about that environment here: Haraka na Easy: Kujenga jQuery yako mwenyewe Sandbox kwa SharePoint.
Na "kupata" maoni, kufuata hatua hizi:
- Create a view you want to secure. I did that and called it “Secured View”.
Hii ni nini inaonekana kama wakati ni si "kuulinda":
- Kuongeza mhariri maudhui ya mtandao sehemu ya ukurasa mtazamo wa kutumia hila ilivyoelezwa katika makala Sandbox (i.e. kuongeza "PageView = Shared&ToolPaneView = 2 "ya URL).
- Figure out your SharePoint _spUserId by following these crazy steps, amini au si:
- Kuongeza javascript zifuatazo CEWP yako katika mtazamo wa kanuni:
Nimekuwa pamoja na kwamba tahadhari(_spUserId) mstari katika huko kuonyesha jinsi hii si kweli "kupata" maoni, but simply making it more difficult to see. More on that in a moment.
Kimsingi, jQuery is looking for an iFrame on the page who has an attribute that contains “Secured View” in its value. Once it finds it, we check to see if the current user is “13”. If it is, sisi kutembea hadi DOM kwa <TR> tag (ambayo mimi figured nje na kuangalia chanzo na hazieleweki ni) na kisha kuchukua nafasi ya kwamba tag TR na ujumbe wangu. Mimi kwa kweli hawajui jinsi hii ni imara (Mimi nina mashaka sana, kwa kweli), but it worked in my sandbox. If I find a better way, Mimi itabidi blog juu yake. Hii ni matokeo:
Mimi bonyeza kifungo OK na data ni kubadilishwa na ujumbe kubwa nyekundu:
Kama unaweza kuwaambia, the way I’ve implement this “security” solution is to allow the web part to render itself. After it finishes, Mimi overwrite maudhui yake kwa mtazamo wangu "Hapana kwa wewe!"Ujumbe.
Pamoja na ukweli kwamba siyo kweli "kuulinda '" mtazamo, ni muhimu na uwezekano wa baadhi ya kazi na wajanja, it may eventually be securable in a more formal sense. The fundamental issue is that the client is getting all the data and then, tu baada ya anapata data, it wipes it out. If the client is getting the data, mtumiaji wajanja wanaweza kuzuia jQuery kutoka mbio wakati wote na kuona nini yeye / yeye anataka kuona.
There are other drawbacks. This “security” approach is based off a _spUserId. We’d want to really secure based on the full SharePoint security model, or at least by user name. That becomes progressively harder, lakini mimi kuona baadhi ya mambo mema imeandikwa juu ya somo hili, hivyo mimi nina matumaini kuna jibu nzuri na tatizo kwamba.
orodha ya maoni wenyewe lazima yachujwe, kama inawezekana. I haven’t tried to figure that out. I assume it’s possible, lakini si kweli kutatua kimsingi suala la usalama kwa sababu mtu bado anaweza tu aina URL ya maoni wanataka (kama walijua ni). Hata hivyo, trimming makes sense. It’s a good usability feature and it helps to obfuscate things. If an end user doesn’t know that the view event exists, they probably won’t try to use it. Wakati mwingine, kwamba nzuri ya kutosha.
Kwa bahati, Mimi itabidi zaidi ya kuandika juu ya mada hii baada ya muda.
</mwisho>
Kufuata yangu juu ya Twitter kwa http://www.twitter.com/pagalvin