Imagine you have a site that has managed navigation. Most of the pages in the site can be seen by all the users, but there is one page that has unique permissions. This page, for example, is named "
Secret headquarters" and should only be visible to the members of the group "
Secret service". All other users shouldn't even see the link to that page in the navigation, so basically nobody else but the members of the group should know there is such a page.
So, how do we hide a link to a page with custom permissions? And how exactly can we find out in which groups the user is in, and if the user is a member of the group "Secret service"?
Let me explain that to you.
Preparing a page for unique permissions
First of all, you need to create a group that will hold all the users that will have access to the "secret" page. I named my group "Secret service" and added some users. The group has read and edit permissions.
Then, you will need to create the page (if not already) that will be made hidden to all users except those who are a member of the group "Secret service". When you made the page, do the following:
- In your subsite, click on the "Settings" button on the top right corner
- Click on "Site content"
- Click on the name of the "Pages" library (or the "Subsites" library, depending on where you store your pages)
- Find the page you want to make secret, and click on the "..." on the right side of its name
- In the small modal dialog, click on "..." again and select "Shared with", then click on "Advanced"
- In the ribbon, top left icon, click on "Remove Unique Permissions", click "OK"
- Select the remaining groups and then click on "Remove User Permissions", click "OK"
- Click on "Grant Permissions", type in the name of the group that will have access to the page (in my case, that will be "Secret service")
- Click on "Show options" at the bottom of the dialog and untick "Send an email invitation"
- Select "Edit" permissions, press "OK"
- repeat steps 8 and 9, now select "Read" permissions, press "OK"
At this point, users who are not a member of the group "Secret service" will still see a link to the page in the navigation, but when they click on it, they will get a "Access denied" message.
Testing the permissions of the page
This will be quick and easy to test if you have a dummy account. If not, then I hope you have a colleague willing to spend 10 minutes of his/her time testing your environment. But let's just continue with the idea of having a dummy account.
First, let's add the dummy to the group and see if the dummy can access the page:
- With your administrator account, add the dummy account to the group "Secret service"
- Log in with the dummy account, navigate to the page "Secret headquarters"
- If you can see the page with the dummy, then you did well!
- If you can't see the page with the dummy, you probably didn't add the dummy user to the group "Secret service".
- Still on the dummy account, check if the dummy can see other pages in the same subsite
- If you can still see all other pages with the dummy, then you did well!
- If you can't see other pages with the dummy, then you probably set the unique permissions for the whole subsite instead of just the one page
Now we just need to check if the dummy will get an "Access denied" when the dummy tries to access the page without being a member of the group:
- With your administrator account, remove the dummy account from the group "Secret service"
- Log in with the dummy account, navigate to the page "Secret headquarters"
- If you can't see the page with the dummy, you did well!
- If you can see the page with the dummy, then you probably didn't remove the dummy from the group "Secret service".
If you passed these small tests, then we are ready to go to the next step!
Writing the code to hide the page from the navigation
Let's first write down what we want to achieve:
- Loop through all links in the navigation on the left side of the subsite
- When we encounter a list item in which the href attribute ends with "Secret-headquarters.aspx", we want to check the permissions of that page
- If we encounter such an element, we will run a function that will fetch all the groups in which the current user is in
- If the current user is a member of the group "Secret service", we will take no action and leave the navigation as is.
- If the current user is not a member of the group "Secret service", then we will select that list item holding the link to "Secret-headquarters.aspx" and set it hidden.
I included some comments, be sure to read those too!
// The following three lines are required, don't forget to find a copy
//of "jquery.SPServices-2013.01.min.js" and add a reference to it here.
SP.SOD.executeFunc("sp.runtime.js");
SP.SOD.executeFunc("SP.js", "SP.ClientContext");
SP.SOD.executeOrDelayUntilScriptLoaded("SP.UserProfiles.js",
"~sitecollection/Style Library/Scripts/jquery.SPServices-2013.01.min.js");
var siteUrl = "";
var element = "";
$(document).ready(function() {
// We only want to loop through the navigation on the left side of the
// subsite;
if($("#NavRootAspMenu") != null) {
// If present, remove the last list item. This sometimes appears and
// causes problems since it doesn't have a href attribute.
$("ul[id*='RootAspMenu'] li.ms-navedit-editArea:last-child").remove();
}
});
runMe();
function runMe() {
var $this = $("#NavRootAspMenu");
if($this != null) {
$this.find("li").each(function(i){
// For each list item that has a "a" element, fetch the "href"
// attribute and write it to siteUrl.
siteUrl = $this.find("a.static")[i].href;
// When the siteUrl ends with "Secret-headquarters.aspx", save the
// current element to "element" and run a function.
if (siteUrl.indexOf("Secret-headquarters.aspx") > -1) {
element = $this.find("a.static")[i];
sharePointReady(siteUrl, element);
}
});
}
}
function sharePointReady(siteUrl, element) {
// Create an array that will hold a list of all the groups where the
// current user is a member of.
var userGroupArray = new Array();
var group;
// The line below is handy in case you have multiple pages you want to
// hide, but need to be accessed by different groups.
if(siteUrl.indexOf("Secret-headquarters.aspx") >- 1) {
group = "Secret service";
}
// Get all groups where the current user is a member of.
var userGroup = $().SPServices({
operation: "GetGroupCollectionFromUser",
userLoginName: $().SPServices.SPGetCurrentUser(),
async: false,
completefunc: function(xData, Status) {
$(xData.responseXML).find("Group").each(function() {
// Push the name of the group to the array.
userGroupArray.push($(this).attr("Name"));
});
}
});
// This useful little function is to check if an element is contained in
// your array.
function include(arr, obj) {
for (var i = 0; i < arr.length; i++) {
if (arr[i] == obj) return true;
}
}
// If the array contains the group "Secret service", then do nothing.
if(include(userGroupArray,group)) {
//console.log("You can edit this!");
}
// If the array does not contain the group "Secret service", then hide
// the element from the current user so that he/she cannot navigate to
// the page.
else {
//console.log("You can't edit this!");
element.style.display="none";
}
}
That's it! We're ready with the script. Now it's time to test it out and see if it works.
Adding a reference to the master page
If we want to apply this code on multiple subsites, then it is best that we add a reference to our script in the master page. I just added the code to an existing script that was already loaded on the master page (I use a HTML master page), but if you want to add it as a separate script, this is how it might look like:
<!--SPM:<SharePoint:ScriptLink language="javascript" ID="scriptLink1"
runat="server" name="~sitecollection/Style Library/Scripts/scripts.js"
OnDemand="false" Localizable="false"/>-->
Do note that the ID might be different. You must make sure that you do not already have a scriptlink with the same ID, so change the number of the ID and make it unique.
Check in your master page and your script, and go take a look at the page.
You can re-do the steps mentioned in "
Testing the permissions of the page", and this time you will immediately see if the list item for the page "Secret headquarters" is present in the list or not.
It should now be hidden from users who are not a member of the group "Secret service", and it will remain visible to those who are a member of that group.
Enjoy!
If you have any questions, please do not hesitate to ask!
Special thanks go to
Ali Sharepoint from Stack Exchange, who helped me with the code.
The code for "
JavaScript Array Contains" was found on
www.css-tricks.com.