[转]SharePoint 2010/2013 使用Javascript来判断权限的三种方法

本文讲述SharePoint 2010/2013 使用Javascript来判断权限的三种方法的实现方式及其优缺点。

1. 根据用户所在的SharePoint组(比如用户在Leader 组才可以使用审批按钮)

    a. 优点，简单明了，容易理解，要获得这个权限只有一个入口，就是将用户加入到SharePoint组

    b. 缺点， 不能兼容AD group套SharePoint组的情况，只能将用户直接加入到SharePoint组的情况下起作用

   c. 实现代码如下：

function IsCurrentUserMemberOfGroup(strGroupName, functionComplete) {

        //Setup Vars
        currentContext  = null;
        currentWeb  = null;
        allGroups   = null;
        leaderGroup     = null;
        currentUser     = null;
        groupUsers  = null;

        //Get an instance of the Client Content.
        currentContext = new SP.ClientContext.get_current();

        //Grab the client web object.
        currentWeb = currentContext.get_web();

        //Get the current user object
        currentUser = currentContext.get_web().get_currentUser();
        currentContext.load(currentUser);

        //Setup the groupColletion.
        allGroups = currentWeb.get_siteGroups();
        currentContext.load(allGroups);

        //Now populate the objects above.
        currentContext.executeQueryAsync(
            Function.createDelegate(this, GetAllGroupsExecuteOnSuccess),
            Function.createDelegate(this, ExecuteOnFailure)
        );

        // GroupCollection - Load - SUCCESS
        function GetAllGroupsExecuteOnSuccess(sender, args) {

            // CHECK THE GROUPS
            // Time to Enumerate through the group collection that was returned.
            var groupEnumerator = allGroups.getEnumerator();

            // Loop for the collection.
            while (groupEnumerator.moveNext()) {

                //Grab the Group Item.
                var group = groupEnumerator.get_current();
                if (group.get_title().indexOf(strGroupName) > -1) {

                    // Now that we have the group let's grab the list of users.
                    groupUsers = group.get_users();
                    currentContext.load(groupUsers);
                    currentContext.executeQueryAsync(
                        Function.createDelegate(this, SingleGroupExecuteOnSuccess),
                        Function.createDelegate(this, ExecuteOnFailure)
                    );
                }
            }
        }

        // Single Group - Load - SUCCESS
        function SingleGroupExecuteOnSuccess(sender, args) {

            // Time to setup the Enumerator
            var groupUserEnumerator = groupUsers.getEnumerator();

            // This is the flag to set to true if the user is in the group.
            var boolUserInGroup = false;

            // and start looping.
            while (groupUserEnumerator.moveNext()) {

                //Grab the User Item.
                var groupUser = groupUserEnumerator.get_current();

                // and finally. If a Group User ID Matches the current user ID then they are in the group!
                if (groupUser.get_id() == currentUser.get_id()) {
                    boolUserInGroup = true;
                }
            }

            //Run the delegate function with the bool;
            functionComplete(boolUserInGroup);
        }

        // GroupCollection or Single Group - Load - FAILURE
        function ExecuteOnFailure(sender, args) {
            //Run the delegate function and return false because there was no match.
            functionComplete(false);
        }
    }


IsCurrentUserMemberOfGroup("Lead", function (isCurrentUserInGroup) {
    if(isCurrentUserInGroup)
    {
        // Do something for the user in the correct SP group
    }
});

function IsCurrentUserMemberOfGroup(strGroupName, functionComplete) {
 
        //Setup Vars
        currentContext  = null;
        currentWeb  = null;
        allGroups   = null;
        leaderGroup     = null;
        currentUser     = null;
        groupUsers  = null;
 
        //Get an instance of the Client Content.
        currentContext = new SP.ClientContext.get_current();
 
        //Grab the client web object.
        currentWeb = currentContext.get_web();
 
        //Get the current user object
        currentUser = currentContext.get_web().get_currentUser();
        currentContext.load(currentUser);
 
        //Setup the groupColletion.
        allGroups = currentWeb.get_siteGroups();
        currentContext.load(allGroups);
 
        //Now populate the objects above.
        currentContext.executeQueryAsync(
            Function.createDelegate(this, GetAllGroupsExecuteOnSuccess),
            Function.createDelegate(this, ExecuteOnFailure)
        );
 
        // GroupCollection - Load - SUCCESS
        function GetAllGroupsExecuteOnSuccess(sender, args) {
 
            // CHECK THE GROUPS
            // Time to Enumerate through the group collection that was returned.
            var groupEnumerator = allGroups.getEnumerator();
 
            // Loop for the collection.
            while (groupEnumerator.moveNext()) {
 
                //Grab the Group Item.
                var group = groupEnumerator.get_current();
                if (group.get_title().indexOf(strGroupName) > -1) {
 
                    // Now that we have the group let's grab the list of users.
                    groupUsers = group.get_users();
                    currentContext.load(groupUsers);
                    currentContext.executeQueryAsync(
                        Function.createDelegate(this, SingleGroupExecuteOnSuccess),
                        Function.createDelegate(this, ExecuteOnFailure)
                    );
                }
            }
        }
 
        // Single Group - Load - SUCCESS
        function SingleGroupExecuteOnSuccess(sender, args) {
 
            // Time to setup the Enumerator
            var groupUserEnumerator = groupUsers.getEnumerator();
 
            // This is the flag to set to true if the user is in the group.
            var boolUserInGroup = false;
 
            // and start looping.
            while (groupUserEnumerator.moveNext()) {
 
                //Grab the User Item.
                var groupUser = groupUserEnumerator.get_current();
 
                // and finally. If a Group User ID Matches the current user ID then they are in the group!
                if (groupUser.get_id() == currentUser.get_id()) {
                    boolUserInGroup = true;
                }
            }
 
            //Run the delegate function with the bool;
            functionComplete(boolUserInGroup);
        }
 
        // GroupCollection or Single Group - Load - FAILURE
        function ExecuteOnFailure(sender, args) {
            //Run the delegate function and return false because there was no match.
            functionComplete(false);
        }
    }
IsCurrentUserMemberOfGroup("Lead", function (isCurrentUserInGroup) {
    if(isCurrentUserInGroup)
    {
        // Do something for the user in the correct SP group
    }
});

2. 使用User 类的isSiteAdmin属性

a. 优点：需要写代码少，效率高

b. 缺点：只能判断用户是否为当前站点集管理员，适用场景很少

c. 代码实现如下：

var currentUser;
  SP.SOD.executeFunc('sp.js', 'SP.ClientContext', GetCurrentUser);
function GetCurrentUser() {
    var clientContext = new SP.ClientContext.get_current();
    var oWeb = clientContext.get_web();
    currentUser = oWeb.get_currentUser();
    clientContext.load(currentUser);
    clientContext.executeQueryAsync(Onsuccess, OnFailed);
   }

function Onsuccess()
{
     if(currentUser.get_isSiteAdmin())
        {
            // Do something for the user who is the current site collection admin
       }
}

function OnFailed(request, message)
{
     alert('error'  + message);
}

var currentUser;
SP.SOD.executeFunc('sp.js', 'SP.ClientContext', GetCurrentUser);
function GetCurrentUser() {
var clientContext = new SP.ClientContext.get_current();
var oWeb = clientContext.get_web();
currentUser = oWeb.get_currentUser();
clientContext.load(currentUser);
clientContext.executeQueryAsync(Onsuccess, OnFailed);
}
function Onsuccess()
{
if(currentUser.get_isSiteAdmin())
{
// Do something for the user who is the current site collection admin
}
}
function OnFailed(request, message)
{
alert('error'  + message);
}

3. 使用 EffectiveBasePermissions，这个也是微软推荐的做法

a. 优点：功能上基本没有限制，可以检查所有SharePoint的权限级别： http://msdn.microsoft.com/en-us/library/ee556747(v=office.14).aspx

b. 缺点：获得权限的入口不是唯一的，可以单独给用户权限，也可以由用户加入到某个组来获取权限

c. 代码实现如下：

<script type="text/javascript">
    SP.SOD.executeFunc('sp.js', 'SP.ClientContext', CheckPermissionOnWeb);

    function CheckPermissionOnWeb() {
        context = new SP.ClientContext.get_current();

        web = context.get_web();

        this._currentUser = web.get_currentUser();

        context.load(this._currentUser);

        context.load(web, 'EffectiveBasePermissions');

        context.executeQueryAsync(Function.createDelegate(this, this.onSuccessMethod), Function.createDelegate(this, this.onFailureMethod));
    }

    function onSuccessMethod(sender, args) {
        if (web.get_effectiveBasePermissions().has(SP.PermissionKind.manageWeb)) {
            // User Has permission to manage web
           //  Do something you want to do for the user who can manage the web
        }
    }

Function onFailureMethod(sender, args)
{
      alert('error'  +args.message);
}
</script>

原文地址：http://blog.csdn.net/abrahamcheng/article/details/17447479