Tip del día: Aplique permisos a los elementos que despliega una página maestra en SharePoint

Esta es una requerimiento común que encontrado en los administradores de portales. Necesitan que no muestra ciertos elementos a usuarios visitantes o de lectura como por ejemplo los Sitios de Mapa, la opción de Ver todo el contenido del sitio, etc. La pregunta es cómo hacerlo?.

La buena notica es que dentro de el modelo de objetos de SharePoint hay una clase que nos permite hacer esto llamada SPSecurityTrimmedControl. Esta clase condiciona el contenido que mostrará en el navegador basado en el permiso mínimo definido y comparado contra los permisos del usuario actual .

La sintaxis de esta clase es la siguiente:

<SharePoint:SPSecurityTrimmedControl PermissionsString="AddAndCustomizePages, ManageLists" runat="server">
<%--content %>
</SharePoint:SPSecurityTrimmedControl>

Los posibles valores de PermissionsString puede encontrarlos en el Windows SharePoint Services 3.0 SDK en SPBasePermissions Enumeration . pero para los que quieren ahorrar tiempo abajo les imprimo toda la tabla.

Donde podemos aplicarla? En cualquier lugar de la página maestra siempre y cuando respetemos las etiquetas que estamos encerrando. Ese es le cuidado que debemos de tener.

Ejemplos donde podemos aplicarlo:

Este segmento de código solo muestra la barra horizontal que aparece hasta arriba en SharePoint que muestra el mapa del sitio solo para los usuarios que tiene el permiso Administrar un Web Site.

<!-- Top Site Map -->
<asp:ContentPlaceHolder ID="PlaceHolderGlobalNavigationSiteMap" runat="server">
<sharepoint:spsecuritytrimmedcontrol runat="server" permissionsstring="ManageWeb">

<asp:SiteMapPath SiteMapProvider="SPSiteMapProvider" id="GlobalNavigationSiteMap" RenderCurrentNodeAsLink="true" SkipLinkText="" NodeStyle-CssClass="ms-sitemapdirectional" runat="server"/>
</sharepoint:spsecuritytrimmedcontrol>
</asp:ContentPlaceHolder>

Otra lugar útil donde podemos aplicar este control es en un sitio publico en el internet de limitado acceso no deseamos que el usuario visitante tenga la barra de búsqueda y el logo del encabezado que se encuentra en la página maestra. Tendríamos que aplicarla de esta forma:

<!-- Encabezado logo y search -->
<sharepoint:spsecuritytrimmedcontrol runat="server" permissionsstring="ManageWeb">
<tr>
<td class="ms-globalTitleArea">
<table width="100%" cellpadding="0" cellspacing="0" border="0">
<tr>
<td id="GlobalTitleAreaImage" class="ms-titleimagearea">
<sharepoint:sitelogoimage id="onetidHeadbnnr0" logoimageurl="/_layouts/images/titlegraphic.gif"
runat="server" />
</td>
<td class="ms-sitetitle" width="100%">
<asp:ContentPlaceHolder ID="PlaceHolderSiteName" runat="server">
<h1 class="ms-sitetitle">
<sharepoint:splinkbutton runat="server" navigateurl="~site/" id="onetidProjectPropertyTitle">
<SharePoint:ProjectProperty Property="Title" runat="server" />
</sharepoint:splinkbutton>
</h1>
</asp:ContentPlaceHolder>
</td>
<td style="padding-top: 8px;" valign="top">
<asp:ContentPlaceHolder ID="PlaceHolderSearchArea" runat="server">
<sharepoint:delegatecontrol runat="server" controlid="SmallSearchInputBox" />
</asp:ContentPlaceHolder>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td id="onetIdTopNavBarContainer" width="100%" class="ms-bannerContainer">
<asp:ContentPlaceHolder ID="PlaceHolderTopNavBar" runat="server">
<table class="ms-bannerframe" border="0" cellspacing="0" cellpadding="0" width="100%">
<tr>
<td nowrap valign="middle">
</td>
<td class="ms-banner" width="99%" nowrap id="HBN100">
<asp:ContentPlaceHolder ID="PlaceHolderHorizontalNav" runat="server">
<sharepoint:aspmenu id="TopNavigationMenu" runat="server" datasourceid="topSiteMap"
enableviewstate="false" accesskey="<%$Resources:wss,navigation_accesskey%>" orientation="Horizontal"
staticdisplaylevels="2" maximumdynamicdisplaylevels="1" dynamichorizontaloffset="0"
staticpopoutimageurl="/_layouts/images/menudark.gif" staticpopoutimagetextformatstring=""
dynamichoverstyle-backcolor="#CBE3F0" skiplinktext="" staticsubmenuindent="0"
cssclass="ms-topNavContainer">
<StaticMenuStyle/>
<StaticMenuItemStyle CssClass="ms-topnav" ItemSpacing="0px"/>
<StaticSelectedStyle CssClass="ms-topnavselected" />
<StaticHoverStyle CssClass="ms-topNavHover" />
<DynamicMenuStyle BackColor="#F2F3F4" BorderColor="#A7B4CE" BorderWidth="1px"/>
<DynamicMenuItemStyle CssClass="ms-topNavFlyOuts"/>
<DynamicHoverStyle CssClass="ms-topNavFlyOutsHover"/>
<DynamicSelectedStyle CssClass="ms-topNavFlyOutsSelected"/>
</sharepoint:aspmenu>
<sharepoint:delegatecontrol runat="server" controlid="TopNavigationDataSource">
<Template_Controls>
<asp:SiteMapDataSource
ShowStartingNode="False"
SiteMapProvider="SPNavigationProvider"
id="topSiteMap"
runat="server"
StartingNodeUrl="sid:1002"/>
</Template_Controls>
</sharepoint:delegatecontrol>
</asp:ContentPlaceHolder>
</td>
<td class="ms-banner">
&nbsp;&nbsp;
</td>
<td valign="bottom" align="right" style="position: relative; bottom: 0; left: 0;">
<table cellpadding="0" cellspacing="0" border="0">
<tr>
<td>
<table height="100%" class="ms-siteaction" cellpadding="0" cellspacing="0">
<tr>
<td class="ms-siteactionsmenu" id="siteactiontd">
<sharepoint:siteactions runat="server" accesskey="<%$Resources:wss,tb_SiteActions_AK%>"
id="SiteActionsMenuMain" prefixhtml="&lt;div&gt;&lt;div&gt;" suffixhtml="&lt;/div&gt;&lt;/div&gt;"
menunotvisiblehtml="&amp;nbsp;">
<CustomTemplate>
<SharePoint:FeatureMenuTemplate runat="server"
FeatureScope="Site"
Location="Microsoft.SharePoint.StandardMenu"
GroupId="SiteActions"
UseShortId="true"
>
<SharePoint:MenuItemTemplate runat="server" id="MenuItem_Create"
Text="<%$Resources:wss,viewlsts_pagetitle_create%>"
Description="<%$Resources:wss,siteactions_createdescription%>"
ImageUrl="/_layouts/images/Actionscreate.gif"
MenuGroupId="100"
Sequence="100"
UseShortId="true"
ClientOnClickNavigateUrl="~site/_layouts/create.aspx"
PermissionsString="ManageLists, ManageSubwebs"
PermissionMode="Any" />
<SharePoint:MenuItemTemplate runat="server" id="MenuItem_EditPage"
Text="<%$Resources:wss,siteactions_editpage%>"
Description="<%$Resources:wss,siteactions_editpagedescription%>"
ImageUrl="/_layouts/images/ActionsEditPage.gif"
MenuGroupId="100"
Sequence="200"
ClientOnClickNavigateUrl="javascript:MSOLayout_ChangeLayoutMode(false);"
/>
<SharePoint:MenuItemTemplate runat="server" id="MenuItem_Settings"
Text="<%$Resources:wss,settings_pagetitle%>"
Description="<%$Resources:wss,siteactions_sitesettingsdescription%>"
ImageUrl="/_layouts/images/ActionsSettings.gif"
MenuGroupId="100"
Sequence="300"
UseShortId="true"
ClientOnClickNavigateUrl="~site/_layouts/settings.aspx"
PermissionsString="EnumeratePermissions,ManageWeb,ManageSubwebs,AddAndCustomizePages,ApplyThemeAndBorder,ManageAlerts,ManageLists,ViewUsageData"
PermissionMode="Any" />
</SharePoint:FeatureMenuTemplate>
</CustomTemplate>
</sharepoint:siteactions>
</td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
</table>
</asp:ContentPlaceHolder>
</td>
</tr>
</sharepoint:spsecuritytrimmedcontrol>
<!-- Fin de Encabezado logo y search –>

Otro caso en el Mapa del sitio de la posición actual nos da la posibilidad de navegar hacia atrás de los sitios, algo no deseable cuando deseamos restringir la navegación al usuario con permisos bajos de autorización.

<!-- SiteMap de en medio de la página-->
<sharepoint:spsecuritytrimmedcontrol runat="server" permissionsstring="ManageWeb">
<tr>
<td valign="top" class="ms-titlearea">
<asp:ContentPlaceHolder ID="PlaceHolderTitleBreadcrumb" runat="server">
<asp:SiteMapPath SiteMapProvider="SPContentMapProvider" ID="ContentMap" SkipLinkText=""
NodeStyle-CssClass="ms-sitemapdirectional" runat="server" />
&nbsp;
</asp:ContentPlaceHolder>
</td>
</tr>
</sharepoint:spsecuritytrimmedcontrol>
<!-- End SiteMap de en medio de la página—>

Y finalmente lo que la mayoría de administradores de sitios les parece que no debería estar permitido que usuarios tengan acceso a la opción de Ver todo el contenido del sitio. Aquí abajo los dejo con el segmento de código:

<!-- View All Site Content -->
<sharepoint:spsecuritytrimmedcontrol runat="server" permissionsstring="ManageWeb">
<div class="ms-quicklaunchheader">

<SharePoint:SPLinkButton id="idNavLinkViewAll" runat="server" NavigateUrl="~site/_layouts/viewlsts.aspx" Text="<%$Resources:wss,quiklnch_allcontent%>" AccessKey="<%$Resources:wss,quiklnch_allcontent_AK%>"/>

</div>
</sharepoint:spsecuritytrimmedcontrol>

En estos ejemplos son de casos reales y puede aplicarse diferentes niveles de permisos o combinados. Todo lo que agregues en permissionsstrings el usuario debe de cumplirlo.

Los dejo con la tabla de permisos, hasta la próxima,

Manolo Herrera

SPBasePermissions Enumeration Table

Member name	Description
AddAndCustomizePages	Add, change, or delete HTML pages or Web Part Pages, and edit the Web site using a Windows SharePoint Services–compatible editor.
AddDelPrivateWebParts	Add or remove personal Web Parts on a Web Part Page.
AddListItems	Add items to lists, add documents to document libraries, and add Web discussion comments.
ApplyStyleSheets	Apply a style sheet (.css file) to the Web site.
ApplyThemeAndBorder	Apply a theme or borders to the entire Web site.
ApproveItems	Approve a minor version of a list item or document.
BrowseDirectories	Enumerate files and folders in a Web site using Microsoft Office SharePoint Designer 2007 and WebDAV interfaces.
BrowseUserInfo	View information about users of the Web site.
CancelCheckout	Discard or check in a document which is checked out to another user.
CreateAlerts	Create e-mail alerts.
CreateGroups	Create a group of users that can be used anywhere within the site collection.
CreateSSCSite	Create a Web site using Self-Service Site Creation.
DeleteListItems	Delete items from a list, documents from a document library, and Web discussion comments in documents.
DeleteVersions	Delete past versions of a list item or document.
EditListItems	Edit items in lists, edit documents in document libraries, edit Web discussion comments in documents, and customize Web Part Pages in document libraries.
EditMyUserInfo	Allows a user to change his or her user information, such as adding a picture.
EmptyMask	Has no permissions on the Web site. Not available through the user interface.
EnumeratePermissions	Enumerate permissions on the Web site, list, folder, document, or list item.
FullMask	Has all permissions on the Web site. Not available through the user interface.
ManageAlerts	Manage alerts for all users of the Web site.
ManageLists	Create and delete lists, add or remove columns in a list, and add or remove public views of a list.
ManagePermissions	Create and change permission levels on the Web site and assign permissions to users and groups.
ManagePersonalViews	Create, change, and delete personal views of lists.
ManageSubwebs	Create subsites such as team sites, Meeting Workspace sites, and Document Workspace sites.
ManageWeb	Grant the ability to perform all administration tasks for the Web site as well as manage content. Activate, deactivate, or edit properties of Web site scoped Features through the object model or through the user interface (UI). When granted on the root Web site of a site collection, activate, deactivate, or edit properties of site collection scoped Features through the object model. To browse to the Site Collection Features page and activate or deactivate site collection scoped Features through the UI, you must be a site collection administrator.
Open	Allow users to open a Web site, list, or folder to access items inside that container.
OpenItems	View the source of documents with server-side file handlers.
UpdatePersonalWebParts	Update Web Parts to display personalized information.
UseClientIntegration	Use features that launch client applications; otherwise, users must work on documents locally and upload changes.
UseRemoteAPIs	Use SOAP, WebDAV, or Microsoft Office SharePoint Designer 2007 interfaces to access the Web site.
ViewFormPages	View forms, views, and application pages, and enumerate lists.
ViewListItems	View items in lists, documents in document libraries, and view Web discussion comments.
ViewPages	View pages in a Web site.
ViewUsageData	View reports on Web site usage.
ViewVersions	View past versions of a list item or document.