ViewFormPagesLockDown 并排除特定列表/页面
我正在开发一个面向公众的 MOSS 2007 站点,该站点使用 ViewFormPagesLockDown 功能来阻止匿名用户访问标准列表表单。我不想失去此功能提供的额外安全性,但有一些列表可供匿名用户访问表单。
我可以在列表设置、列表模板或功能代码中执行任何操作来阻止特定列表或表单需要 SPBasePermissions.ViewFormPages?
I am working on a public facing MOSS 2007 site that uses the ViewFormPagesLockDown feature to stop anonymous users from accessing the standard list forms. I don't want to lose the additional security this feature provides, but there are a few lists where anonymous users should have access to the forms.
Is there anything I can do in the list settings, list template, or in feature code that will stop a specific list or form from requiring SPBasePermissions.ViewFormPages?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我无法找到解决方法。对 LockDown 功能的支持似乎已融入表单类中。相反,我们所做的是创建一个带有自己的 ListFormWebPart。以下内容改编自我们内部博客的条目,其中我概述了允许匿名用户向列表添加新项目的步骤:
在“列表设置”中,转到“高级设置”。确保读取访问权限设置为所有项目。返回列表设置并选择此列表的权限。通过选择“操作”>“中断从站点的继承”编辑权限。注意:如果您看到名称左侧有一个复选框,则表明此步骤已完成。设置自定义权限后,选择“设置”>“匿名访问。选中“添加项目”,然后单击“确定”。要完成匿名访问,请返回“设置”>“ “高级设置”,然后重置为“读取访问权限”和“编辑访问权限”都选择“仅限自己的”,然后单击“确定”。
使用“网站操作”> 创建新页面创建页面。打开网站 SharePoint Designer。右键单击新创建的页面,然后选择“从页面布局分离”。将光标置于 Web 部件区域内并选择“插入”>“Web 部件区域”。 SharePoint 控件 >自定义列表表格。选择适当的列表和新项目表单,然后单击“确定”。在“代码”窗格中,将新创建的 DataFormWebPart 中的 DataSourceMode 从 ListItem 更改为 Webs。如果保留 ListItem 的默认设置,匿名用户会收到“访问被拒绝。您无权执行此操作或访问此资源”错误。保存并在浏览器中查看页面。
为了获得最佳结果,请仅在开发服务器上使用 SharePoint Designer。要将 WebPart 迁移到生产环境,请在浏览器中打开开发服务器上的页面,然后从 WebPart 菜单中选择“导出”。保存 Web 部件文件。在浏览器中打开生产服务器上的页面,然后从“站点操作”中选择“编辑页面”。从页面工具栏上的菜单中,选择页面 >添加 Web 部件 >进口。输入从开发服务器保存的 WebPart 文件的位置,然后单击“上传”。接下来,将导入的 WebPart 从右侧的工具窗格拖动到所需的 WebPart 区域。要保存页面,请单击“发布”。
I wasn't able to find a way around it. Support for the LockDown feature seems to be baked into the form class. Instead, what we did was create a separate page with its own ListFormWebPart. The following is an adaptation of an entry from our internal blog where I outlined the steps to allow an anonymous user to add new items to a list:
In the List Settings, go to Advanced Settings. Make sure Read Access is set to All items. Return to List Settings and select Permissions for this list. Break inheritance from the site by selecting Actions > Edit Permissions. Note: If you see a checkbox to the left of the names this step has already been done. Once custom permissions have been set, select Settings > Anonymous Access. Check Add Items and then click OK. To complete Anonymous Access return to Settings > Advanced Settings, and reset to select Only their own for both Read access and Edit access, then click OK.
Create a new page using Site Actions > Create Page. Open the site SharePoint Designer. Right click on the newly created page and select Detach from Page Layout. Position the cursor within a Web Part Zone and select Insert > SharePoint Controls > Custom List Form. Select the appropriate list and New item form, then click OK. In the Code pane, change DataSourceMode in the newly created DataFormWebPart from ListItem to Webs. Leaving the default setting of ListItem, anonymous users get an "Access denied. You do not have permission to perform this action or access this resource" error. Save and view the page in the browser.
For best results, only use SharePoint Designer on a development server. To migrate the WebPart to the production, open the page on the Development server in the browser and select Export from the WebPart menu. Save the WebPart file. Open the page on the Production server in the browser and select Edit Page from Site Actions. From the menu on the Page Toolbar, select Page > Add Web Parts > Import. Enter the location of the WebPart file saved from the Development server and click Upload. Next, drag the imported WebPart from the Tool Pane on the right into the desired WebPart Zone. To save the page, click Publish.
这是一个较旧的问题,但我想我会添加另一个可以用来执行此操作的选项。
解决方案:
正如 Rich 提到的,打破权限继承就行了。
关闭 ViewFormPagesLockDown 功能。
设置匿名用户有权访问该列表。
打开 ViewFormPagesLockDown 功能。
匿名用户现在应该只能访问该列表的应用程序页面。
原因:
ViewFormPagesLockDown 功能从“受限访问”权限角色中删除“查看应用程序页面”和“使用远程接口”权限。但是,在切换匿名访问选项之前,匿名用户不会接受对该角色的更改。这适用于站点或列表级别。
因此,如果您希望特定的网站或列表对应用程序页面具有不同的匿名访问权限,您可以使用上述解决方案来更改它。
An older question but I thought I would add another option that you can use to do this.
Solution:
As Rich mentioned break permission inheritance on the list.
Toggle the ViewFormPagesLockDown feature off.
Set anonymous users to have access to the list.
Toggle the ViewFormPagesLockDown feature on.
Anonymous users should now be able to access application pages for the list only.
The Why:
The ViewFormPagesLockDown feature removes the "View Application Pages", and "Use Remote Interfaces" permissions from the "Limited Access" permission role. However, the anonymous users doesn't pick up the changes to that roles until to toggle the anonymous access option. This works either at a site or list level.
So if you want a particular web or list to have different anonymous access to application pages you can use the above solution to change that.