[英]How to secure your spfx designed SharePoint Online form and workflow - the best security for an spfx project
I am developing (with help from SO members) an SPFX webpart(s) which comprises of a form and eventually a workflow that is essentially a glorified approval process with a UI connected to several lists and libraries.我正在开发(在 SO 成员的帮助下)一个 SPFX webpart(s),它由一个表单和最终的工作流组成,该工作流本质上是一个美化的批准过程,其 UI 连接到多个列表和库。 After discussing the pros and cons of developing webparts for SP-Online, a developer said a weakness in security was the ability for the end user to simply bypass the web part and go straight to the list or library (if there are no permissions set on that list/library).
在讨论了为 SP-Online 开发 Web 部件的利弊之后,一位开发人员表示,安全性的弱点是最终用户能够简单地绕过 web 部件和 go 直接进入列表或库(如果没有设置权限)该列表/库)。 To seal off the list/lib I am planning on using SharePoint Designer workflows that run on item creation.
为了封闭列表/库,我计划使用在项目创建时运行的 SharePoint 设计器工作流。 This workflow will set access to only the creator and any people picker fields in the UI form.
此工作流将仅设置对 UI 表单中的创建者和任何人员选取器字段的访问权限。
My question is - are there are tips out there or sure fire processes that I can follow that can protect a project such as this from nosey folk?我的问题是 - 是否有一些提示或我可以遵循的确定的消防流程可以保护这样的项目免受爱管闲事的人的影响?
Apologies to mod's if this isn't in the right place?如果这不是在正确的地方,请向 mod 道歉? Can you redirect me if so?
如果是这样,你能重定向我吗?
You could use SecurityTrimmedControl to show or hide components based on the user permissions.您可以使用SecurityTrimmedControl根据用户权限显示或隐藏组件。
Or custom logic similar as the demo .或与演示类似的自定义逻辑。
Update:更新:
SPFx use current user context(permission) to access SharePoint, so if user could access(CRUD) list data form SPFx, they can get data either by rest api or excel etc.,if you limit user permission for target items, you need other design to bypass this issue( check this thread ). SPFx use current user context(permission) to access SharePoint, so if user could access(CRUD) list data form SPFx, they can get data either by rest api or excel etc.,if you limit user permission for target items, you need other设计绕过这个问题( 检查这个线程)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.