在SharePoint中创建自定义文档库

时间:2021-11-19 19:25:29

I have a document library in my SharePoint page and there are 10 documents in it.

我的SharePoint页面中有一个文档库,其中有10个文档。

If User A is logged in I want him to only see 5 of those documents in that document library.

如果用户A已登录,我希望他只能看到该文档库中的5个文档。

How can I create some custom document library for this to work?

如何为此创建一些自定义文档库?

I have MOSS installed.

我安装了MOSS。

Thanks in advance!

提前致谢!

3 个解决方案

#1

You could configure different permissions on each document in the document library. Just select the "Manage Permissions" option on each item and break the permission inheritance from the document library level. Just note that having too many documents with item level permissions can create a maintenance nightmare for you. Another option could be to create two document libraries with different permissions.

您可以为文档库中的每个文档配置不同的权限。只需在每个项目上选择“管理权限”选项,并从文档库级别中断权限继承。请注意,拥有太多具有项目级别权限的文档可能会为您创建维护噩梦。另一种选择可能是创建具有不同权限的两个文档库。

#2

Write an ItemEventReceiver that breaks the permissions based on a field in the library, i.e. a column that holds the different roles .

编写一个ItemEventReceiver,它根据库中的字段(即包含不同角色的列)中断权限。

We have done this by creating a list that holds all roles coupled to sharepoint groups.

我们通过创建一个包含与sharepoint组相关的所有角色的列表来完成此操作。

i.e.

Administrator -> Owners of website (SPGroup), Company Administrators (SPGroup)

管理员 - >网站所有者(SPGroup),公司管理员(SPGroup)

Managers -> Managers (SPGroup)

经理 - >经理(SPGroup)

then in our content type we have a lookup column to this list.

然后在我们的内容类型中,我们有一个列表的查阅列。

Here's the code for the ItemEventReceiver:

这是ItemEventReceiver的代码:

public override void ItemUpdated(SPItemEventProperties properties)
{
lock (_lock)
{
try
{
    using (SPSite site = new SPSite(properties.SiteId,
            properties.ListItem.ParentList.ParentWeb.Site.SystemAccount.UserToken))
    using (SPWeb web = site.OpenWeb(properties.RelativeWebUrl))
    {
        web.AllowUnsafeUpdates = true;
        var item = web.Lists[properties.ListId].GetItemById(properties.ListItemId);

        var roles = item["Roles"] as SPFieldLookupValueCollection;
        var rolesList = web.Site.RootWeb.Lists["Company Roles"];
        var groupsToAdd = new List<SPFieldUserValue>();

        if (item.HasUniqueRoleAssignments)
        {
            item.ResetRoleInheritance();
            item = item.ParentList.GetItemById(item.ID);
        }

        if (roles != null && roles.Count > 0)
        {
            // Iterate over the roles and see if there is a group associated
            foreach (var role in roles)
            {
                var roleItem = rolesList.GetItemById(rol.LookupId);
                if (roleItem != null)
                {
                    // This is the SPgroup field in the rolesList
                    var groups = roleItem["Groups"] as SPFieldUserValueCollection;
                    if (groups != null)
                    {
                        groupsToAdd.AddRange(from g in groups
                                             where g.User == null
                                             select g);
                    }
                }
            }
            if (groupsToAdd.Count > 0)
            {
                item.BreakRoleInheritance(false);
                foreach (var value in groupsToAdd)
                {
                    var group = web.Groups[value.LookupValue];
                    var assignment = web.RoleAssignments.GetAssignmentByPrincipal(group);
                    item.RoleAssignments.Add(assignment);
                }
            }
        }

        DisableEventFiring();
        item.SystemUpdate(false);
        EnableEventFiring();
    }
}
catch (Exception ex)
{
    //LOG ERROR
}
}
}

#3

If the coding doesn't work for you, and you'd rather not set permissions on each file, then there is a third option. We use folders with permissions set on them.

如果编码不适合您,并且您不想在每个文件上设置权限,那么还有第三个选项。我们使用具有权限的文件夹。

e.g.

Create a folder called "Managers", break permissions, and set rights to only the managers. Create another folder called "Employee 1", break permissions, and set Contribute rights to the Employee and the Employe's manager.

创建一个名为“Managers”的文件夹,中断权限,并仅为管理员设置权限。创建另一个名为“Employee 1”的文件夹,中断权限,并为Employee和Employe的经理设置Contribute权限。

Place the files in the appropriate folders and it will inherit rights from the folder.

将文件放在适当的文件夹中,它将从该文件夹继承权限。

This way, managers can see the manager files, and all files of their employees. Users can only see their own files.

通过这种方式,经理可以查看经理文件以及其员工的所有文件。用户只能看到自己的文件。

Similar logic can be done for Headquarters, Region 1, Region 2, etc ... and creating different Groups for each region and then assigning the group to the folder's permissions.

可以为总部,区域1,区域2等执行类似的逻辑...并为每个区域创建不同的组,然后将组分配给文件夹的权限。

Note, there's always concern in using this design on maintaining all the permissions and on performance, but we've been doing similar things for 750+ user populations and thousand of docs and it's been working fine for us so far.

请注意,使用此设计始终关注维护所有权限和性能,但我们一直在为750多个用户群和数千个文档做类似的事情,到目前为止它一直在为我们工作。

#1

You could configure different permissions on each document in the document library. Just select the "Manage Permissions" option on each item and break the permission inheritance from the document library level. Just note that having too many documents with item level permissions can create a maintenance nightmare for you. Another option could be to create two document libraries with different permissions.

您可以为文档库中的每个文档配置不同的权限。只需在每个项目上选择“管理权限”选项,并从文档库级别中断权限继承。请注意,拥有太多具有项目级别权限的文档可能会为您创建维护噩梦。另一种选择可能是创建具有不同权限的两个文档库。

#2

Write an ItemEventReceiver that breaks the permissions based on a field in the library, i.e. a column that holds the different roles .

编写一个ItemEventReceiver,它根据库中的字段(即包含不同角色的列)中断权限。

We have done this by creating a list that holds all roles coupled to sharepoint groups.

我们通过创建一个包含与sharepoint组相关的所有角色的列表来完成此操作。

i.e.

Administrator -> Owners of website (SPGroup), Company Administrators (SPGroup)

管理员 - >网站所有者(SPGroup),公司管理员(SPGroup)

Managers -> Managers (SPGroup)

经理 - >经理(SPGroup)

then in our content type we have a lookup column to this list.

然后在我们的内容类型中,我们有一个列表的查阅列。

Here's the code for the ItemEventReceiver:

这是ItemEventReceiver的代码:

public override void ItemUpdated(SPItemEventProperties properties)
{
lock (_lock)
{
try
{
    using (SPSite site = new SPSite(properties.SiteId,
            properties.ListItem.ParentList.ParentWeb.Site.SystemAccount.UserToken))
    using (SPWeb web = site.OpenWeb(properties.RelativeWebUrl))
    {
        web.AllowUnsafeUpdates = true;
        var item = web.Lists[properties.ListId].GetItemById(properties.ListItemId);

        var roles = item["Roles"] as SPFieldLookupValueCollection;
        var rolesList = web.Site.RootWeb.Lists["Company Roles"];
        var groupsToAdd = new List<SPFieldUserValue>();

        if (item.HasUniqueRoleAssignments)
        {
            item.ResetRoleInheritance();
            item = item.ParentList.GetItemById(item.ID);
        }

        if (roles != null && roles.Count > 0)
        {
            // Iterate over the roles and see if there is a group associated
            foreach (var role in roles)
            {
                var roleItem = rolesList.GetItemById(rol.LookupId);
                if (roleItem != null)
                {
                    // This is the SPgroup field in the rolesList
                    var groups = roleItem["Groups"] as SPFieldUserValueCollection;
                    if (groups != null)
                    {
                        groupsToAdd.AddRange(from g in groups
                                             where g.User == null
                                             select g);
                    }
                }
            }
            if (groupsToAdd.Count > 0)
            {
                item.BreakRoleInheritance(false);
                foreach (var value in groupsToAdd)
                {
                    var group = web.Groups[value.LookupValue];
                    var assignment = web.RoleAssignments.GetAssignmentByPrincipal(group);
                    item.RoleAssignments.Add(assignment);
                }
            }
        }

        DisableEventFiring();
        item.SystemUpdate(false);
        EnableEventFiring();
    }
}
catch (Exception ex)
{
    //LOG ERROR
}
}
}

#3

If the coding doesn't work for you, and you'd rather not set permissions on each file, then there is a third option. We use folders with permissions set on them.

如果编码不适合您,并且您不想在每个文件上设置权限,那么还有第三个选项。我们使用具有权限的文件夹。

e.g.

Create a folder called "Managers", break permissions, and set rights to only the managers. Create another folder called "Employee 1", break permissions, and set Contribute rights to the Employee and the Employe's manager.

创建一个名为“Managers”的文件夹,中断权限,并仅为管理员设置权限。创建另一个名为“Employee 1”的文件夹,中断权限,并为Employee和Employe的经理设置Contribute权限。

Place the files in the appropriate folders and it will inherit rights from the folder.

将文件放在适当的文件夹中,它将从该文件夹继承权限。

This way, managers can see the manager files, and all files of their employees. Users can only see their own files.

通过这种方式,经理可以查看经理文件以及其员工的所有文件。用户只能看到自己的文件。

Similar logic can be done for Headquarters, Region 1, Region 2, etc ... and creating different Groups for each region and then assigning the group to the folder's permissions.

可以为总部,区域1,区域2等执行类似的逻辑...并为每个区域创建不同的组,然后将组分配给文件夹的权限。

Note, there's always concern in using this design on maintaining all the permissions and on performance, but we've been doing similar things for 750+ user populations and thousand of docs and it's been working fine for us so far.

请注意,使用此设计始终关注维护所有权限和性能,但我们一直在为750多个用户群和数千个文档做类似的事情,到目前为止它一直在为我们工作。

标签:

相关文章