在第三节中,讲到了列表项的访问控制,指出了SharePoint 2010 默认提供的设置项及其不足。现将其整理如下:
一、未开启“内容审核(Content Approval)”时
| 应用 | SharePoint 2010 设置 |
| 仅作者自己可见 | Item-Level Permissions—> Read Access: Read items when created by the user Create & Edit Access: Create items and edit items that were created by the user |
| 仅作者和有审核权限的用户可见 | 无法实现 |
| 所有人都可见 | Item-Level Permissions—> Read Access: Read all items Create & Edit Access: Create items and edit items that were created by the user |
二、开启“内容审核(Content Approval)”时
| 应用 | SharePoint 2010 设置 |
| 仅作者自己可见 | 没必要(否则自己发布自己审核,没意思) |
| 仅作者和有审核权限的用户可见(审核通过前) | Item-Level Permissions—> Read Access: Read all items Create & Edit Access: Create items and edit items that were created by the user Draft Item Security: Only users who can approve items (and the author of the item) |
| 所有人都可见(审核通过后) | Item-Level Permissions—> Read Access: Read all items Create & Edit Access: Create items and edit items that were created by the user |
三、缺失的应用环节
上面的表格仍然漏掉了一个应用环节:仅作者和有审核权限的用户可见(审核通过后)。
要做内容审核,就必须开启 Read all items;而“仅作者和有审核权限的用户可见”只对处于草稿状态的列不项有效,一旦审核通过,则默认的SharePoint 2010 审核工作流就会将列表项的状态设为“审核通过”,那么所有人就都可以看到了。
解决方案是(可选):
1、断开审核工作流与列表项审核状态的关联,使得即使工作流审核通过,列表项仍然处于Pending的状态;
2、对敏感的列表项(不能对所有人可见)单独建立一个列表,仅加入授权用户;
3、开发代码,对流程审核通过的列表项,自动处理其可见用户范围,或者,将其拷贝到特定用户才能访问的存档列表中。